ScoutSuite — CySA+ Tools — Thiago Teixeira

ScoutSuite

NCC Group

Multi-cloud security auditing tool that produces an offline HTML report.

Identity, Cloud & Access Free & Open Source CLI Learning Cross-platform

Cyber Kill Chain & Defender Lifecycle

Attacker — Kill Chain

1 Reconnaissance

2 Weaponization

3 Delivery

4 Exploitation

5 Installation

6 Command & Control

7 Actions on Objectives

Defender — IR Lifecycle

8 Detection / Monitoring

9 Containment & Eradication

10 Post-incident Forensics

Description

ScoutSuite (NCC Group) is a Python-based multi-cloud security auditing tool. It collects configuration data through the cloud provider's APIs and renders a self-contained HTML report with findings organised by service and severity — no agent, no cloud account writes.

Supported providers: AWS, Azure, GCP, Alibaba Cloud, Oracle Cloud.

Where Prowler emphasises compliance frameworks and Security Hub integration, ScoutSuite emphasises a portable visual report that is easy to deliver to a client at the end of an assessment — a common workflow for consultancies.

Use cases

One-shot cloud security assessment deliverable
Pre-audit gap analysis before a SOC 2 engagement
Quick visual review of a newly inherited cloud account

Example

scout aws --profile my-prod --report-dir ./scout-report