Release/v6 Beta

[loic294]

v6 Beta Release!

During the last 4 months, we have been working on a new version of Scout Suite.

Scout Suite v6 includes:

• A completely new frontend
• A local backend server
• Better coverage of GCP and Azure

New frontend

The frontend was completely re-written in React to make it easier to maintain and easier for new contributors to add new partials or fix issues. We also worked a lot on upgrading the general UI and UX to make it faster to find the information you are searching for.

The findings are now presented in a table with pagination and search making it easier to the exact issue you are looking for. The default ordering also allows to quickly view the most critical issues. Oh, and no more guessing that clicking on a name brings you to the details page!

The finding detail pages and resources pages saw the most drastic UI and UX changes. The list of resources is now displayed in a table at the top of the page and support search, pagination and filtering. You can also easily export the data in CSV or JSON.

The details of a resource now show in the bottom part of the screen allowing to quickly go through different resources without having to scroll, open modals or load a new page. The tab, inspired by the AWS Console, allows quick access to the content you are searching for. Not sure where the issue is located? The tab changes it's highlight color to indicated where the issue is located.

Other improvements include:

• New framework: we now use the most popular framework, React!
• Better routing and navigation: No more modals and multi-level menus. A breadcrumb helps always knowing where we are in the report.
• Fast performances! Using tables and only displaying what is currently needed allows to browse through thousands of resources with no performance hits. We also use a local temporary cache to only load a resource once per cache making the UI super snappy when reloading previous accessed data.
• All downloads now allow to download the data in JSON or CSV.

New local server

A big focus of this new version was to make sure that it would support large deployments. The old versions were limited by the size of a file that a browser could load (about 400 MB). Moving to a using a local server to parse the report and serve only the data that is needed by the frontend, we saw a huge improuvent in performances.

The local server is completely integrated in the CLI. You can simply run python scout.py PROVIDER to generate a report and start the local server or use python scout.py PROVIDER --server-only PATH_TO_JSON_REPORT_FILE.json to load an existing report and start the server.

It is also possible to generate a report without starting a local server by using the python scout.py PROVIDER --report-only command.

CIS

Many missing benchmarks from Azure CIS 1.2.0 and GCP CIS 1.1.0 were added.

Learn more

Consult the wiki for more information on this new release: https://github.com/nccgroup/ScoutSuite/wiki/Using-the-new-V6-alpha-version

[codecov]

Codecov Report

Merging #1290 (fbf1bdf) into develop (573a3ea) will decrease coverage by 2.52%.
The diff coverage is 12.82%.

@@             Coverage Diff             @@
##           develop    #1290      +/-   ##
===========================================
- Coverage    23.74%   21.21%   -2.53%     
===========================================
  Files          325      359      +34     
  Lines        10972    12021    +1049     
===========================================
- Hits          2605     2550      -55     
- Misses        8367     9471    +1104     

Impacted Files	Coverage Δ
ScoutSuite/core/server.py	5.93% <5.93%> (-25.72%)	⬇️
ScoutSuite/__main__.py	14.89% <6.25%> (-0.39%)	⬇️
ScoutSuite/core/cli_parser.py	84.21% <88.57%> (-0.14%)	⬇️
ScoutSuite/output/utils.py	65.90% <0.00%> (-8.56%)	⬇️
ScoutSuite/output/html.py	43.24% <0.00%> (-4.68%)	⬇️
...ite/providers/aws/resources/elasticache/cluster.py	33.33% <0.00%> (-3.51%)	⬇️
...roviders/aws/resources/cloudfront/distributions.py	16.12% <0.00%> (-3.23%)	⬇️
ScoutSuite/core/rule_definition.py	67.64% <0.00%> (-2.95%)	⬇️
...e/providers/aws/resources/ec2/networkinterfaces.py	33.33% <0.00%> (-1.67%)	⬇️
...utSuite/providers/aws/resources/efs/filesystems.py	31.81% <0.00%> (-1.52%)	⬇️
... and 100 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 573a3ea...fbf1bdf. Read the comment docs.

[kedbirhan]

(venv) ➜ ScoutSuite git:(v6-alpha) ✗ python scout.py aws --server-only /Users/kbirhan/git/open-source/ScoutSuite/scoutsuite-report/scoutsuite-results/scoutsuite_results_aws-kb-dev-audit-user1.json
2022-02-11 19:22:23 Kedirs-MBP scout[1152] INFO Launching Scout
2022-02-11 19:22:23 Kedirs-MBP scout[1152] INFO Starting local server for web interface
server gets stuck with the above message. The package(msgraphcore==0.0.2) is not resolvable as well, maybe its deprecated.

[loic294]

@kedbirhan that package is not supported anymore, it's probably now out of beta. @xnkevinnguyen @SophieDorval can probably guide you on how to update it.

[kedbirhan]

@xnkevinnguyen and @SophieDorval tried upgrading to msgraph-core but some of the code is broken specifically in ScoutSuite/providers/azure/facade/aad.py

[yellow-starburst]

Whatever happened to this?
Tag - @x4v13r64

[liyun-li]

Whatever happened to this? Tag - @x4v13r64

Stay tuned!