Scouter

This repository maintains some of the scripts made by Ebryx DevSecOps team ¯\(ツ)/¯

Requirements

• Credentials Report (from here)
• Python (2.7.*)
• Python pip
• Python module awscli
• Python module pygments

Install modules

pip install -r requirements.txt

Tested on

• Kali linux (subsystem)
• Ubuntu (subsystem)

Download / Clone Repository

You can download the latest version by cloning this GitHub repository.

git clone https://github.com/Ebryx/Scouter

Usage

• Please run aws configure before running the scripts
• Each script is labelled with check name and needs to be executed manually
• Place credentials report as creds.csv in the same directory of script while performing IAM checks

IAM

• Orphan Users
• Users with both Console && CLI access
• Users without any IAM Group

S3

• ServerSide Encryption
• MFA deletion protection

EC2

• Outdated AMIs
• Unused KeyPairs
• Unused EIPs
• Instances without termination protection
• Instances with(out) Detailed Monitoring Enabled
• Instances with(out) tags

VPC

• VPCs with(out) Flow Logs

RDS

• Instances publicly exposed

Redshift

• Clusters publicly exposed

Cloudformation

• Stack Termination Protection

Cloudtrail

• Trail buckets without MFA Deletion Protection
• Trail buckets without Access Logging Enabled

ElasticBeanStalk

• ElasticBeanStalk Outdated Custom AMIs

KMS

• Disabled KMS Keys
• Exposed KMS Keys

SNS

• Topics with HTTP protcol
• Publicly Exposed Topics

Lambda

• Lambda Artifacts Collector

Note

• Scripts will only run against resources specified by the region in `aws configure` (~/.aws/config)
• For Dependencies Issues -> Solution