v5.14.0

ScoutSuite v5.14.0

Changes:

• Core
  • Refactored Docker images to split them by major cloud provider (AWS, Azure, GCP)
• AWS
  • Updated Route53 transfer lock checks to add/remove TLDs
  • Multiple finding template improvements
  • Improved logic check for EBS encryption findings
  • Improved logic check for IAM policy conditions
• Azure
  • Fixed false negatives on edge cases of Key Vault RBAC settings
  • Fixed 'Blob Containers Allowing Public Access' template
  • Fixed flase positives on 'Access Keys Not Rotated' check for Storage Accounts
• Digital Ocean
  • Added support for scanning Digital Ocean environments, including a handful of new rules and checks. Special thanks to @asifwani and @ltoroncc

Thanks to all contributors in this release:

@x4v13r64
@ltoroncc
@asifwani
@rossja
@launchdaemon
@rdegraaf-ncc3
@rieck-srlabs

v5.13.0

ScoutSuite v5.13.0

Changes:

• Core
  • Added support for Python versions >= 3.9; versions 3.8 and older are no longer recommended and support will not be provided for issues with these versions
  • Secret redaction logic improvements
  • Multiple error handling improvements
• AWS
  • Multiple bugfixes for checks
  • Multiple minor corrections for finding templates
• Azure
  • Multiple bugfixes for checks
  • Multiple minor corrections for finding templates
  • Updated azure-mgmt-authorization module to v3.0.0
  • Added new rules for several Azure CIS Benchmark checks
• GCP
  • Multiple bugfixes for checks
  • Multiple minor corrections for finding templates

Thanks to all contributors in this release:

@FlorinAsavoaie
@yaleman
@tkmru
@elimisteve
@rbailey-godaddy
@rscottbailey
@x4v13r64
@twilson-bf
@x64-latacora
@zachfey
@wrightmalone
@fl0mb
@ncc-akis
@saez0pub
@HIKster
@cckev

5.13.0RC2

5.13.0RC2

Release 5.13.0RC1

5.13.0-rc1

Update __init__.py

Release 5.12.0

ScoutSuite 5.12.0

Changes:

• Core
  • Updated dependencies
  • Updated cli parser
• AWS
  • Multiple bug fixes and minor improvements
  • Updated IP ranges
  • Updated rules for CloudFront
  • Updated rules for EC2
  • Updated rules for ELB
  • Updated rules for IAM
  • Updated rule for S3
  • Updated rule for SQS
  • Updated error logging and exception handling
  • Improved secrets detection rules
  • Added a new command flag that allows to run Scout on CN regions
• Azure
  • Upgraded authentication strategies to use latest Azure SDK packages
  • Multiple bug fixes and minor improvements
  • Added new rules for Azure AD
  • Added and updated rules for Azure Storage Account
  • Added and updated rules for Networking
  • Updated rule for Virtual Machines
  • Added new rules for RBAC
  • Added and updated rules for Azure SQL Databases, MySQL and PostgreSQL
  • Added new rules for Logging and Monitoring
  • Added and updated rules for Azure Security Center (now Defender for Cloud)
  • Added and updated rules for AppService
  • Added new rule for KeyVault
  • Updated multiple finding templates
• GCP
  • Multiple bug fixes and minor improvements
  • Added new rules for GKE
  • Added and updated rules for CloudSQL
  • Added new rules for BigQuery
  • Added new rules for Functions
  • Added new rule for CloudStorage
  • Updated rule for MemoryStore
  • Updated multiple finding templates
  • Updated UI
• Docker
  • Fixed error in docker_compose.yaml

Thanks to all contributors in this release:

@xnkevinnguyen
@x4v13r64
@SophieDorval
@rscottbailey
@yash-seclogic
@charlietran
@tkmru
@Anthirian

5.12.0-rc1

Changes:

• Upgrade third-party dependencies
• New templates, rulesets
• Authentication MSAL
• Refactorization and improvement of the components for AWS, GCP and Azure

Thanks to all contributors in this release:

5.11.0

Changes:

• Core
  • Fixed the --update functionality
  • Added epilog to the help menu
  • Improved unit test coverage
  • Updated dependencies for Azure and GCP
• AWS
  • Added ARNs for a all resources
  • Added support for CloudFront distribution lists, as well as 3 new findings
  • Added support for CodeBuild
  • Added a finding for SQS queue encryption
  • Added a finding for IAM Lightspin vulnerability
  • Added a finding for RDS instance public access
  • Improved fetching and report for AWS resources
  • Bug fixes
  • Update botocore version
  • Fixed XSS issue in report (Thanks to Liyun Li for reporting it!)
• Azure
  • Added 3 findings for VM disks
  • Improved report and findings' guidance for Azure resources
  • Bug fixes
• GCP
  • Created a ruleset for GCP CIS version 1.1 (https://www.cisecurity.org/benchmark/google_cloud_computing_platform/)
  • Can be run with the --ruleset cis-1.1.0.json parameter
  • Added support for a number of resources
  • Included the addition of 46 new rules, most of which were added to the default ruleset
    • Cloud SQL: 11 new findings
    • Cloud Storage: 1 new finding
    • Compute Engine: 11 new findings
    • Cloud DNS: 3 new findings
    • IAM: 2 new findings
    • KMS: 2 new findings
    • Cloud Logging: 8 new findings
    • Cloud Monitoring: 8 new findings
  • Added support for Cloud Memorystore, as well as 2 new findings
  • Added 1 finding for VPC flow logs
  • Improved fetching, report and findings' guidance for GCP resources
  • Bug fixes
• Docker
  • Updated tooling to current versions
  • Pulling in the current version of ScoutSuite

Thanks to all contributors in this release:

• x4v13r64
• liyun-li
• timretout
• yangsec888
• ericrichtert
• 4ndygu
• rossja
• lowSoA
• bigdavros
• json-ncc
• chris-codaio
• SophieDorval
• xnkevinnguyen
• rogeriobastos
• lm-t
• sushantmimani
• rgpncc
• cr-latacora

5.10.2

Changes:

• AWS
  • Improvements to the report
  • Bug fixes
• Azure
  • Bug fixes
• GCP
  • Bug fixes

5.10.1

Changes:

• Fix report CSV exports
• Fix evaluation of AWS CloudWatch filters
• Fix an AWS IAM rule which included FPs
• Fix issues with docker support
• Fix typos in rules
• Improved default region selection for AWS S3, handling regions disallowed via SCP/IAM policies automatically
• Improved support for AWS CloudTrail
• Improved GCP error handling
• Remove an outdated and unused version of jQuery

5.10.0

Changes:

• Core
  • Moved unit tests from nose to pytest & improved unit test coverage
  • Migrated formatting from the 2.7+ versions to more native 3.x styles
  • Bug fixes and improved error handling
• AWS
  • Created a ruleset for AWS CIS version 1.2 (https://www.cisecurity.org/benchmark/amazon_web_services/)
    • Can be run with the --ruleset cis-1.2.0.json parameter
    • This included the addition of 23 new rules, most of which where added to the default ruleset
  • Added support for
    • CloudWatch Metric Filters
    • DynamoDB
    • VPC Peering Connections & Flow Logs (Subnet & VPC)
  • Improved the report and processing for AWS resources
• Azure
  • Improved support for App Services web apps, including 5 new rules
  • Improved NSG implementation, decreasing the report size by multiple orders of magnitude
  • Added Azure Tags and Resource Groups to all resources
• GCP
  • Added support for GKE, including 19 new rules
  • Improved reporting for Compute Engine instances, networks, subnetworks and firewall rules
  • Implemented exponential backoff to handle API quotas

Breaking change: support for Python 3.5 has been removed.