Open source multi-cloud security auditing tool for point-in-time posture assessment and offline review
- Stars7.7k
- Forks1.2k
- Open Issues291
GPL-2.0
- Python
- HTML
- JavaScript
About ScoutSuite
ScoutSuite is a multi-cloud security auditing tool that assesses the posture of cloud environments. Using the APIs exposed by cloud providers, it gathers configuration data and highlights risk areas, presenting a clear view of your attack surface instead of making you page through dozens of web console screens.
You run it from the command line, and it generates an HTML report with findings and the collected account configuration. It provides a point-in-time, security-oriented view of the account it ran in, and once the data has been gathered all review can be done offline.
Supported providers include Amazon Web Services, Microsoft Azure, Google Cloud Platform, Alibaba Cloud, Oracle Cloud Infrastructure, Kubernetes clusters on a cloud provider, and DigitalOcean. Designed by security consultants and auditors, it runs locally against your own cloud accounts.
Key features
- Collects cloud configuration data through provider APIs
- Generates an HTML report with findings and account configuration
- Supports AWS, Azure, and Google Cloud Platform
- Offline review after data collection
- CLI-based workflow
Details
- First released
- 2018
- Self-hosting
- Runs locally against cloud APIs
- Platforms
- CLI
- Deployment
- offline-first
- Report
- HTML with findings and config
- Cloud providers
- AWS · Azure · GCP · Alibaba · OCI