This chapter introduces another automated tool, known as Scout Suite, which performs an audit on the attack surface within an AWS infrastructure, and reports a list of findings that can be viewed on a web browser. Scout2 is very useful to a penetration tester during a white-box engagement as it allows for a quick assessment of the various security configuration issues within various AWS services and reports them on an easy-to-read dashboard. This helps to identify several low-hanging fruits that might otherwise take longer to detect.

The following topics will be covered in this chapter:

• Setting up a vulnerable AWS infrastructure
• Configuring and running Scout Suite
• Parsing the results of a Scout Suite scan
• Using Scout Suite's rules