Saltar a la navegación Saltar al contenido principal Ir al pie de página

Tool Release – ScoutSuite 5.10

01 octubre 2020

By Xavier Garceau-Aranda

We’re proud to announce the release of a new version of our open-source, multi-cloud auditing tool ScoutSuite (on Github)!

Notable improvements and features include:

  • Core
    • Breaking change: support for Python 3.5 has been deprecated
    • Moved unit tests from nose to pytest improved coverage
    • Bug fixes and improved error handling
  • AWS
    • Created a ruleset for the AWS CIS Benchmark version 1.2
      • Can be run with the --ruleset cis-1.2.0.json parameter
      • This included the addition of 23 new rules, most of which where also added to the default ruleset
    • Added support for
      • DynamoDB
      • VPC Peering Connections Flow Logs (Subnet VPC)
      • CloudWatch Metric Filters
    • Improved the report and processing for AWS resources
  • Azure
    • Improved support for App Services web apps, including 5 new rules
    • Improved the NSG implementation, decreasing the report size by orders of magnitude
    • Added Azure Tags and Resource Groups to all resources
  • GCP
    • Added support for Google Kubernetes Engine, including 19 new rules
    • Improved reporting for Compute Engine instances, networks, subnetworks and firewall rules
    • Implemented exponential backoff to handle API quotas

Check out the Github page for additional information, as well as the wiki documentation!

For those wanting a Software-as-a-Service version, we also offer NCC Scout. This service includes persistent monitoring, as well as coverage of additional services across the three major public cloud platforms. If you would like to hear more, reach out to scout@nccgroup.com or visit our cyberstore

Xavier Garceau-Aranda

Xavier Garceau-Aranda

Xavier is a managing consultant at NCC Group, with experience in both academia and the private sector. He has worked as a developer, security researcher and consultant. Xavier currently spends most of his time focusing on application and cloud security, as well as driving the development of Scout Suite (https://github.com/nccgroup/ScoutSuite/), an open source multi-cloud security-auditing tool.