ScoutMerge is an extension for the cloud auditing tool ScoutSuite. When working with large cloud environments containing hundreds or even thousands of projects (GCP) or accounts (AWS), tools like ScoutSuite can struggle or break due to the overwhelming amount of data. ScoutMerge addresses this by allowing you to run the scout command on each project or account individually, then aggregates the results into a single text file that lists each affected project or account for each ScoutSuite finding, if any.
- AWS
- GCP
Requirements: See ScoutSuite wiki
- Authenticate and run ScoutSuite for each AWS account in scope. Save all output in one main directory
- Run the
aws.pyscript with the the-dflag pointing to the main directory with the scoutsuite output. It is assumed that your directory structure is as follows:
> tree -L 1
scoutsuite_output_directory
├── fsociety-eu-pre
├── fsociety-us-prod
├── steel-mountain-us-pre
├── steel-mountain-us-prod
├── allsafe-us-pre
├── allsafe-eu-prod
├── dark-army-us-pre
├── dark-army-us-prod
├── ecorp-dev
└── ecorp-us-prod
For GCP, the script takes a Folder ID as input, finds all projects in specified folder as well as subfolders, runs the scout command on each project found, then proceeds to aggregate the results into one text file.
- Authenticate with
gcloud - Do not set default project
- Run
gcp.pywith the-fflag for the Folder ID housing the projects in scope
☑ GCP
☑ AWS
☐ Azure