ScoutSuite

Features

Cloud Auditing Tools - Provides a multi-cloud auditing tool to assess infrastructure configurations against security best practices.
Cloud Compliance Auditors - Automates the evaluation of cloud infrastructure against industry-standard regulatory frameworks and security benchmarks.
Configuration Logic Evaluators - Evaluates resource configurations using nested logical operators and dynamic macros to detect security risks.
Offline Configuration Analysis - Evaluates cloud resource settings offline using cached data to test security rules without repeated API calls.
Control Plane Auditing - Scans Kubernetes control planes and master nodes across cloud providers to identify posture risks.
GCP Configuration Audits - Analyzes Google Cloud configurations across organizations and projects to identify security risks.
Cloud Provider Abstraction Layers - Employs unified interfaces to standardize the fetching of configuration data across multiple cloud service providers.
Cloud Security Posture Management - Gathers cloud configuration data to track and visualize the security posture of cloud accounts.
JSON-Based Rule Engines - Uses a JSON-based rule engine to evaluate cloud resource configurations against security benchmarks.
DigitalOcean Configuration Audits - Gathers configuration data from DigitalOcean APIs to perform security posture assessments.
AWS - Gathers security posture data from AWS APIs to identify risk areas.
Kubernetes Posture Scanning - Scans Kubernetes clusters and control planes across multiple cloud providers to identify security risks.
Security Rule Development - Allows the creation of tailored security checks to identify environment-specific risks.
HTML Analysis Reports - Generates structured HTML reports for visual inspection of cloud security posture and analysis results.
Local State Caches - Persists downloaded cloud configurations locally to allow iterative rule testing without repeating API calls.
Rule Parameterization - Supports using arguments within rule definitions to reuse a single security check across different values.
Cloud Provider Integrations - Enables the implementation of custom authentication strategies and data facades to integrate additional cloud platforms.
Multi-Account Scanning - Allows scanning a specific list of cloud subscriptions or all accessible accounts in one run.
Cloud Credential Management - Supports authenticating to cloud APIs using environment variables or credential files.
Custom Compliance Rulesets - Executes specific security findings based on industry-standard benchmarks using custom rulesets.
Temporary Security Tokens - Manages temporary security token exchanges and role assumptions to access multiple cloud accounts.
Identity Authentication - Provides support for connecting to cloud environments via CLI sessions, managed identities, and browser-based MFA.
AWS Role Assumption - Allows requesting temporary security credentials using role identifiers to perform audits in specific security contexts.
Security Finding Management - Allows marking specific resources as exceptions to security rules to suppress them from reports.
Security Report Generation - Generates security scan findings as structured HTML reports and JSON exports for stakeholders.
Offline Configuration Analysis - Performs security audits against downloaded configuration data to test rule changes without live API calls.
Collection and Analysis Decoupling - Implements a decoupled architecture that separates cloud data collection from security analysis to enable offline auditing.
Rule Evaluators - Allows passing external arguments and resolving resource IDs at runtime for flexible rule evaluation across environments.
Cloud Platform Security - Multi-cloud security auditing for posture assessment.
Cloud Security - Multi-cloud security scanning tool.
Cloud Infrastructure Security - Multi-cloud security auditing tool for infrastructure assessment.
Security Assessment Tools - Multi-cloud security auditing tool for infrastructure assessment.

Open-source alternatives to ScoutSuite

Similar open-source projects, ranked by how many features they share with ScoutSuite.

toniblyx/prowler
toniblyx/prowler
14,005View on GitHub
Prowler is a multi-cloud security scanner and security posture management tool. It automates security and compliance assessments across multiple cloud environments to identify misconfigurations and vulnerabilities. The project provides a multi-cloud security analysis engine that operates as an automated auditor, evaluating infrastructure against industry-standard regulatory frameworks and security benchmarks. It features a cloud security visualization dashboard that uses a graph database to map cloud inventory and visualize potential attack paths. Capabilities include automated cloud infrast
Python
View on GitHub14,005
aquasecurity/cloudsploit
aquasecurity/cloudsploit
3,705View on GitHub
Cloudsploit is a cloud security posture management tool and multi-cloud security auditor. It audits cloud infrastructure for misconfigurations and compliance risks across multiple providers, specifically AWS and Azure, by evaluating resource configurations against a set of security plugins. The project functions as a cloud compliance scanner that maps infrastructure scan results to regulatory frameworks and security policy standards. It also serves as an automated cloud remediation tool, executing corrective actions to fix detected misconfigurations via SDK calls. The system covers resource
JavaScriptalibabaaquaaws
View on GitHub3,705
aquasecurity/tfsec
aquasecurity/tfsec
7,013View on GitHub
tfsec is a static analysis tool and infrastructure as code linter designed to detect security misconfigurations and compliance violations in Terraform infrastructure code. It functions as a cloud security posture tool and policy enforcement engine that evaluates configurations against established security benchmarks. The tool provides multi-cloud security auditing for providers including AWS, Azure, Google Cloud, and Kubernetes, as well as specialized scanning for DigitalOcean, OpenStack, CloudStack, and GitHub configurations. It identifies insecure settings such as public access or unencrypt
Go
View on GitHub7,013
pulumi/pulumi
pulumi/pulumi
24,797View on GitHub
Pulumi is an infrastructure-as-code framework that enables the definition, deployment, and management of cloud resources using general-purpose programming languages. It functions as a cloud resource orchestrator that coordinates the lifecycle of heterogeneous infrastructure by executing code to construct dependency graphs and reconciling the desired state against actual cloud environments. The platform distinguishes itself through a language-host runtime bridge that allows developers to use standard programming languages to define infrastructure, rather than relying solely on domain-specific
Goawsazurecloud
View on GitHub24,797

See all 30 alternatives to ScoutSuite

nccgroupScoutSuite

Features

Open-source alternatives to ScoutSuite

toniblyx/prowler

aquasecurity/cloudsploit

aquasecurity/tfsec

pulumi/pulumi

Star history

Open-source alternatives to ScoutSuite

toniblyx/prowler

aquasecurity/cloudsploit

aquasecurity/tfsec

pulumi/pulumi