This blip is not on the current edition of the Radar. If it was on one of the last few editions it is likely that it is still relevant. If the blip is older it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the RadarUnderstand more
Published: May 15, 2018
Last Updated: May 19, 2020
May 2020

ScoutSuite is an expanded and updated tool based on Scout2 (featured in the Radar in 2018) that provides security posture assessment across AWS, Azure, GCP and other cloud providers. It works by automatically aggregating configuration data for an environment and applying rules to audit the environment. We've found this very useful across projects for doing point-in-time security assessments.

May 2018

Scout2 is a security auditing tool for AWS environments. Instead of manually navigating through web pages, you can rely on Scout2 to fetch all the configuration data of an AWS environment for you; it even generates an attack surface report. Scout2 ships with preconfigured rules and can be easily extended to support more services and test cases. Since Scout2 only performs AWS API calls to fetch configuration data and identify security gaps, it is not necessary to complete and submit the AWS Vulnerability / Penetration Testing Request Form.