ScoutSuite

ScoutSuite v5.13.0

Changes:

• Core
  • Added support for Python versions >= 3.9; versions 3.8 and older are no longer recommended and support will not be provided for issues with these versions
  • Secret redaction logic improvements
  • Multiple error handling improvements
• AWS
  • Multiple bugfixes for checks
  • Multiple minor corrections for finding templates
• Azure
  • Multiple bugfixes for checks
  • Multiple minor corrections for finding templates
  • Updated azure-mgmt-authorization module to v3.0.0
  • Added new rules for several Azure CIS Benchmark checks
• GCP
  • Multiple bugfixes for checks
  • Multiple minor corrections for finding templates

Thanks to all contributors in this release:

@FlorinAsavoaie
@yaleman
@tkmru
@elimisteve
@rbailey-godaddy
@rscottbailey
@x4v13r64
@twilson-bf
@x64-latacora
@zachfey
@wrightmalone
@fl0mb
@ncc-akis
@saez0pub
@HIKster
@cckev

5.13.0RC2

ScoutSuite 5.12.0

Changes:

• Core
  • Updated dependencies
  • Updated cli parser
• AWS
  • Multiple bug fixes and minor improvements
  • Updated IP ranges
  • Updated rules for CloudFront
  • Updated rules for EC2
  • Updated rules for ELB
  • Updated rules for IAM
  • Updated rule for S3
  • Updated rule for SQS
  • Updated error logging and exception handling
  • Improved secrets detection rules
  • Added a new command flag that allows to run Scout on CN regions
• Azure
  • Upgraded authentication strategies to use latest Azure SDK packages
  • Multiple bug fixes and minor improvements
  • Added new rules for Azure AD
  • Added and updated rules for Azure Storage Account
  • Added and updated rules for Networking
  • Updated rule for Virtual Machines
  • Added new rules for RBAC
  • Added and updated rules for Azure SQL Databases, MySQL and PostgreSQL
  • Added new rules for Logging and Monitoring
  • Added and updated rules for Azure Security Center (now Defender for Cloud)
  • Added and updated rules for AppService
  • Added new rule for KeyVault
  • Updated multiple finding templates
• GCP
  • Multiple bug fixes and minor improvements
  • Added new rules for GKE
  • Added and updated rules for CloudSQL
  • Added new rules for BigQuery
  • Added new rules for Functions
  • Added new rule for CloudStorage
  • Updated rule for MemoryStore
  • Updated multiple finding templates
  • Updated UI
• Docker
  • Fixed error in docker_compose.yaml

Thanks to all contributors in this release:

@xnkevinnguyen
@x4v13r64
@SophieDorval
@rscottbailey
@yash-seclogic
@charlietran
@tkmru
@Anthirian

Changes:

• Upgrade third-party dependencies
• New templates, rulesets
• Authentication MSAL
• Refactorization and improvement of the components for AWS, GCP and Azure

Thanks to all contributors in this release:

Changes:

• Core
  • Fixed the --update functionality
  • Added epilog to the help menu
  • Improved unit test coverage
  • Updated dependencies for Azure and GCP
• AWS
  • Added ARNs for a all resources
  • Added support for CloudFront distribution lists, as well as 3 new findings
  • Added support for CodeBuild
  • Added a finding for SQS queue encryption
  • Added a finding for IAM Lightspin vulnerability
  • Added a finding for RDS instance public access
  • Improved fetching and report for AWS resources
  • Bug fixes
  • Update botocore version
  • Fixed XSS issue in report (Thanks to Liyun Li for reporting it!)
• Azure
  • Added 3 findings for VM disks
  • Improved report and findings' guidance for Azure resources
  • Bug fixes
• GCP
  • Created a ruleset for GCP CIS version 1.1 (https://www.cisecurity.org/benchmark/google_cloud_computing_platform/)
  • Can be run with the --ruleset cis-1.1.0.json parameter
  • Added support for a number of resources
  • Included the addition of 46 new rules, most of which were added to the default ruleset
    • Cloud SQL: 11 new findings
    • Cloud Storage: 1 new finding
    • Compute Engine: 11 new findings
    • Cloud DNS: 3 new findings
    • IAM: 2 new findings
    • KMS: 2 new findings
    • Cloud Logging: 8 new findings
    • Cloud Monitoring: 8 new findings
  • Added support for Cloud Memorystore, as well as 2 new findings
  • Added 1 finding for VPC flow logs
  • Improved fetching, report and findings' guidance for GCP resources
  • Bug fixes
• Docker
  • Updated tooling to current versions
  • Pulling in the current version of ScoutSuite

Thanks to all contributors in this release:

• x4v13r64
• liyun-li
• timretout
• yangsec888
• ericrichtert
• 4ndygu
• rossja
• lowSoA
• bigdavros
• json-ncc
• chris-codaio
• SophieDorval
• xnkevinnguyen
• rogeriobastos
• lm-t
• sushantmimani
• rgpncc
• cr-latacora

Changes:

• AWS
  • Improvements to the report
  • Bug fixes
• Azure
  • Bug fixes
• GCP
  • Bug fixes

Changes:

• Fix report CSV exports
• Fix evaluation of AWS CloudWatch filters
• Fix an AWS IAM rule which included FPs
• Fix issues with docker support
• Fix typos in rules
• Improved default region selection for AWS S3, handling regions disallowed via SCP/IAM policies automatically
• Improved support for AWS CloudTrail
• Improved GCP error handling
• Remove an outdated and unused version of jQuery

Changes:

• Core
  • Moved unit tests from nose to pytest & improved unit test coverage
  • Migrated formatting from the 2.7+ versions to more native 3.x styles
  • Bug fixes and improved error handling
• AWS
  • Created a ruleset for AWS CIS version 1.2 (https://www.cisecurity.org/benchmark/amazon_web_services/)
    • Can be run with the --ruleset cis-1.2.0.json parameter
    • This included the addition of 23 new rules, most of which where added to the default ruleset
  • Added support for
    • CloudWatch Metric Filters
    • DynamoDB
    • VPC Peering Connections & Flow Logs (Subnet & VPC)
  • Improved the report and processing for AWS resources
• Azure
  • Improved support for App Services web apps, including 5 new rules
  • Improved NSG implementation, decreasing the report size by multiple orders of magnitude
  • Added Azure Tags and Resource Groups to all resources
• GCP
  • Added support for GKE, including 19 new rules
  • Improved reporting for Compute Engine instances, networks, subnetworks and firewall rules
  • Implemented exponential backoff to handle API quotas

Breaking change: support for Python 3.5 has been removed.

This release is a hotfix for https://github.com/nccgroup/ScoutSuite/issues/821.

In addition, it improves exception handling for the main _run function, as well as for the Azure provider.

The new error codes can be found under https://github.com/nccgroup/ScoutSuite/wiki/Error-Codes.

Changes:

• Improved provider support:
  • AWS
    • Added 4 new ELB & ELBv2 findings (thanks to @goelaarushi04)
    • Added support for the "Amazon S3 Block Public Access" feature
    • Improved Lambda partial
    • Added support for RDS Aurora instances
  • Azure
    • Improved the authentication flow, and handling of subscriptions
  • GCP
    • Added support for Stackdriver Monitoring
    • Improved report content
    • Merged IAM & Resource Manager services
    • Added logic that validates if an API is enabled for a service & project prior to making additional API calls
• Updated the rule format, to allow remediation & compliance information, as well as external references
  • Added rationales for most rules
  • Improved rules' content, adding remediation and references for a number of rules
  • Added the class_suffix field to highlight multiple elements
  • Additional information in https://github.com/nccgroup/ScoutSuite/wiki/HowTo:-Create-a-new-rule
• Added an option in the report (top-right menu) to export a high level finding summary
• Added a tool/util to upload findings to AWS Security Hub (see https://github.com/nccgroup/ScoutSuite/tree/develop/tools#aws_security_hub_exportpy)
• Improved open source project public content
• Bug fixes

Addresses https://github.com/nccgroup/ScoutSuite/issues/695.

Changes:

• Improved support for AWS
  • Added support for KMS
  • Added basic support for Secrets Manager
  • Simplified evaluation of IAM policies in multiple rules
• Improved support for Azure
  • Added support for App Service Web Apps
  • Added support for Security Center Compliance Results
  • Added support for Security Center Regulatory Compliance Results
• Improved support for GCP
  • Improved partials and finding rationales
  • Scans should complete much faster
• Improved support for OCI
  • Improved error handing
  • Support for scanning arbitrary compartments
• Improved Open Source project's processes
  • Issue and PR templates
  • CI/CD deployment, with the addition of autopep8
• Added a --list-services option to list available services to scan
• A bunch of bug fixes

Changes:

• Azure
  • Adds support for scanning multiple subscriptions or a whole tenant in one go (see https://github.com/nccgroup/ScoutSuite/wiki/Azure#subscriptions)
  • Adds a new authentication method (--user-account-browser), which allows authenticating with a user with MFA enabled, without the need for azure-cli (see https://github.com/nccgroup/ScoutSuite/wiki/Azure#user-credentials-via-browser)
• AWS
  • Tweak support for executing in Lambda
  • Adds tags for RDS resources
• Core
  • Improves test coverage

Warning this implements backward-incompatible changes to:

• Azure CLI options
• Azure partials

Changes:

• Adds support for AWS ACM
• Improved UI
• Improved code quality
• Bug fixes

Changes:

• Improvements to the AWS & Azure reports
• Improvements to Azure Networks and Virtual Machines services' support
• Improvements to GCP Cloud Storage support
• Improved Azure rules
• New rules for AWS & Azure
• Added support for Aliyun OSS
• Improved test coverage
• Bug fixes

Changes:

• Improvement of Azure support
• Bug fixes

Minor fixes

Front-end fix

Minor fixes