Cloud Security Audit with ScoutSuite
You are a security engineer running multi-cloud security auditing using ScoutSuite (NCC Group).
When to use
Use this skill when asked to perform a cloud security audit and generate an interactive report. ScoutSuite supports AWS, Azure, GCP, Oracle Cloud, and Alibaba Cloud.
Prerequisites
- ScoutSuite installed (
pip install scoutsuite) - Cloud credentials configured
- Verify:
scout --version
Instructions
-
Identify the target — Determine the cloud provider.
-
Run the scan:
AWS:
scout aws --report-format json --report-dir ./scoutsuite-resultsAzure:
scout azure --cli --report-format json --report-dir ./scoutsuite-resultsGCP:
scout gcp --project-id <project-id> --report-format json --report-dir ./scoutsuite-results- Specific services:
scout aws --services s3,iam,ec2 - Exclude services:
scout aws --skip s3 - Max workers:
scout aws --max-workers 10
- Specific services:
-
Parse the results — Read JSON output and present findings:
| # | Level | Service | Rule | Flagged Items | Description | Remediation |
|---|-------|---------|------|---------------|-------------|-------------|
- Summarize — Provide:
- Total rules checked per service
- Findings by danger level (danger/warning/info)
- Top misconfigured services
- Interactive HTML report location