From 0a2d7a5d47b38af0d1506c9995252a7a41fc0b39 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 21 Jun 2019 19:00:47 +0200
Subject: [PATCH 001/145] Add field for default / non default user-managed SAs

---
 .../gcp/services.iam.projects.id.service_accounts.html    | 1 +
 .../providers/gcp/resources/iam/service_accounts.py       | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.service_accounts.html b/ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.service_accounts.html
index f24f17021..14a94c55a 100644
--- a/ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.service_accounts.html
+++ b/ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.service_accounts.html
@@ -10,6 +10,7 @@ <h4 class="list-group-item-heading">Information</h4>
         <div class="list-group-item-text item-margin">ID: <span id="iam.projects.{{@../key}}.service_accounts.{{@key}}.id">{{id}}</span></div>
         <div class="list-group-item-text item-margin">email: <span id="iam.projects.{{@../key}}.service_accounts.{{@key}}.email">{{email}}</span></div>
         <div class="list-group-item-text item-margin">Display Name: <span id="iam.projects.{{@../key}}.service_accounts.{{@key}}.display_name">{{display_name}}</span></div>
+        <div class="list-group-item-text item-margin">Default Service Account: <span id="iam.projects.{{@../key}}.service_accounts.{{@key}}.default_service_account">{{default_service_account}}</span></div>
     </div>
     <div class="list-group-item">
         <h4 class="list-group-item-heading"><span id="iam.projects.{{@../key}}.service_accounts.{{@key}}.keys">Keys:</span></h5>
diff --git a/ScoutSuite/providers/gcp/resources/iam/service_accounts.py b/ScoutSuite/providers/gcp/resources/iam/service_accounts.py
index c78f80a8b..a76bf75d3 100644
--- a/ScoutSuite/providers/gcp/resources/iam/service_accounts.py
+++ b/ScoutSuite/providers/gcp/resources/iam/service_accounts.py
@@ -2,6 +2,7 @@
 from ScoutSuite.providers.gcp.resources.base import GCPCompositeResources
 from ScoutSuite.providers.gcp.resources.iam.bindings import Bindings
 from ScoutSuite.providers.gcp.resources.iam.keys import Keys
+import re
 
 
 class ServiceAccounts(GCPCompositeResources):
@@ -32,4 +33,11 @@ def _parse_service_account(self, raw_service_account):
         service_account_dict['name'] = raw_service_account['email']
         service_account_dict['email'] = raw_service_account['email']
         service_account_dict['project_id'] = raw_service_account['projectId']
+
+        pattern = re.compile('.+@{}\.iam\.gserviceaccount\.com'.format(service_account_dict['project_id']))
+        if pattern.match(service_account_dict['email']):
+            service_account_dict['default_service_account'] = False
+        else:
+            service_account_dict['default_service_account'] = True
+
         return service_account_dict['id'], service_account_dict

From 545d87072ee84480b7f4f6fa8c41d15cd97cb61a Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Tue, 12 Nov 2019 12:57:29 +0100
Subject: [PATCH 002/145] Fix minor bug

---
 .../partials/gcp/services.cloudstorage.projects.id.buckets.html | 2 +-
 ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html b/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
index 6484528b8..0e6999f53 100644
--- a/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
+++ b/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
@@ -11,7 +11,7 @@ <h4 class="list-group-item-heading">Information</h4>
         <div class="list-group-item-text item-margin">Location: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.location">{{location}}</span></div>
         <div class="list-group-item-text item-margin">Storage Class: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.storage_class">{{storage_class}}</span></div>
         <div class="list-group-item-text item-margin">Logging: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.logging_enabled">{{convert_bool_to_enabled logging_enabled}}</span></div>
-        <div class="list-group-item-text item-margin">Versioning: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.versioning">{{convert_bool_to_enabled versioning_status}}</span></div>
+        <div class="list-group-item-text item-margin">Versioning: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.versioning">{{convert_bool_to_enabled versioning_status_enabled}}</span></div>
         <div class="list-group-item-text item-margin">Uniform Bucket-Level Access: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.uniform_bucket_level_access">{{convert_bool_to_enabled uniform_bucket_level_access}}</span></div>
     </div>
     <div class="list-group-item">
diff --git a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
index 79b772735..be96a44a6 100644
--- a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
+++ b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
@@ -23,8 +23,8 @@ def _parse_bucket(self, raw_bucket):
         bucket_dict['creation_date'] = raw_bucket.time_created
         bucket_dict['location'] = raw_bucket.location
         bucket_dict['storage_class'] = raw_bucket.storage_class.lower()
-        bucket_dict['versioning_status_enabled'] = raw_bucket.versioning_enabled
         bucket_dict['uniform_bucket_level_access'] = raw_bucket.iam_configuration['bucketPolicyOnly']['enabled']
+        bucket_dict['versioning_status_enabled'] = raw_bucket.versioning_enabled
         bucket_dict['logging_enabled'] = raw_bucket.logging is not None
         bucket_dict['acls'] = list(raw_bucket.acl)
         bucket_dict['acl_configuration'] = self._get_cloudstorage_bucket_acl(raw_bucket)  # FIXME this should be "IAM"

From 2d90e0c33c12cab4ad5b4208cbd597e1ac0879de Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Tue, 12 Nov 2019 18:17:07 +0100
Subject: [PATCH 003/145] Fix edge case

---
 ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
index be96a44a6..931832c77 100644
--- a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
+++ b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
@@ -26,7 +26,7 @@ def _parse_bucket(self, raw_bucket):
         bucket_dict['uniform_bucket_level_access'] = raw_bucket.iam_configuration['bucketPolicyOnly']['enabled']
         bucket_dict['versioning_status_enabled'] = raw_bucket.versioning_enabled
         bucket_dict['logging_enabled'] = raw_bucket.logging is not None
-        bucket_dict['acls'] = list(raw_bucket.acl)
+        bucket_dict['acls'] = list(raw_bucket.acl) if not bucket_dict['uniform_bucket_level_access'] else []
         bucket_dict['acl_configuration'] = self._get_cloudstorage_bucket_acl(raw_bucket)  # FIXME this should be "IAM"
         return bucket_dict['id'], bucket_dict
 

From 822deeeded023f4747326917a7f2f4536a5c7ed9 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 13 Nov 2019 13:45:17 +0100
Subject: [PATCH 004/145] Improve partial

---
 .../gcp/services.cloudstorage.projects.id.buckets.html    | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html b/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
index 0e6999f53..b5e2eeae2 100644
--- a/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
+++ b/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
@@ -6,10 +6,10 @@ <h4 class="list-group-item-heading">{{name}}</h4>
     </div>
     <div class="list-group-item">
         <h4 class="list-group-item-heading">Information</h4>
-        <div class="list-group-item-text item-margin">Project ID: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.project_id">{{project_id}}</span></div>
-        <div class="list-group-item-text item-margin">Creation Date: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.creation_date">{{creation_date}}</span></div>
-        <div class="list-group-item-text item-margin">Location: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.location">{{location}}</span></div>
-        <div class="list-group-item-text item-margin">Storage Class: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.storage_class">{{storage_class}}</span></div>
+        <div class="list-group-item-text item-margin">Project ID: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.project_id"><samp>{{project_id}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Creation Date: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.creation_date">{{format_date creation_date}}</span></div>
+        <div class="list-group-item-text item-margin">Location: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.location"><samp>{{location}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Storage Class: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.storage_class"><samp>{{storage_class}}</samp></span></div>
         <div class="list-group-item-text item-margin">Logging: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.logging_enabled">{{convert_bool_to_enabled logging_enabled}}</span></div>
         <div class="list-group-item-text item-margin">Versioning: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.versioning">{{convert_bool_to_enabled versioning_status_enabled}}</span></div>
         <div class="list-group-item-text item-margin">Uniform Bucket-Level Access: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.uniform_bucket_level_access">{{convert_bool_to_enabled uniform_bucket_level_access}}</span></div>

From 36dd0cd22d61bceed904a38edc02a288202b3118 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 13 Nov 2019 15:12:53 +0100
Subject: [PATCH 005/145] Exclude ACLs with uniform buckets

---
 .../partials/gcp/services.cloudstorage.projects.id.buckets.html | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html b/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
index b5e2eeae2..99643d9a2 100644
--- a/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
+++ b/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
@@ -31,6 +31,7 @@ <h4 class="list-group-item-heading"><span id="cloudstorage.projects.{{@../key}}.
             </ul>
         </div>
     </div>
+    {{#unless uniform_bucket_level_access}}
     <div class="list-group-item">
         <h4 class="list-group-item-heading"><span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.acls">ACL Permissions</span></h4>
         <div class="accordion-inner">
@@ -46,6 +47,7 @@ <h4 class="list-group-item-heading"><span id="cloudstorage.projects.{{@../key}}.
             </ul>
         </div>
     </div>
+    {{/unless}}
 </script>
 
 <script>

From acfe4866f7af59b9bd5f06a4435417f1545f24a0 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 13 Nov 2019 15:44:36 +0100
Subject: [PATCH 006/145] Fix rule to include ACLs

---
 .../gcp/rules/findings/cloudstorage-bucket-member.json       | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-member.json b/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-member.json
index a4e707c5b..596fedba9 100644
--- a/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-member.json
+++ b/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-member.json
@@ -6,8 +6,9 @@
   "dashboard_name": "Buckets",
   "display_path": "cloudstorage.projects.id.buckets.id",
   "path": "cloudstorage.projects.id.buckets.id",
-  "conditions": [ "and",
-    [ "cloudstorage.projects.id.buckets.id.acl_configuration", "withKey", "_ARG_0_"]
+  "conditions": [ "or",
+    [ "cloudstorage.projects.id.buckets.id.acl_configuration", "withKey", "_ARG_0_"],
+    [ "cloudstorage.projects.id.buckets.id.acls", "containString", "_ARG_0_"]
   ],
   "id_suffix": "_ARG_0_"
 }

From b5146a8e9e25881c4277bb41e4dd015587f04cba Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 13 Nov 2019 15:44:46 +0100
Subject: [PATCH 007/145] Add appropriate suffixes

---
 .../partials/gcp/services.cloudstorage.projects.id.buckets.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html b/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
index 99643d9a2..7a23cdf58 100644
--- a/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
+++ b/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
@@ -37,7 +37,7 @@ <h4 class="list-group-item-heading"><span id="cloudstorage.projects.{{@../key}}.
         <div class="accordion-inner">
             <ul>
                 {{#each acls}}
-                <li><samp>{{entity}}</samp></span></li>
+                <li><span id="cloudstorage.projects.{{@../../key}}.buckets.{{@../key}}.{{entity}}"><samp>{{entity}}</samp></span></li>
                 <ul>
                     <li><samp>{{role}}</samp></li>
                 </ul>

From 0a0569cc4f98b697a2e840d424a99c15d466d778 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 13 Nov 2019 16:14:44 +0100
Subject: [PATCH 008/145] Improvements to partial

---
 ...ervices.cloudresourcemanager.projects.id.bindings.html | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/ScoutSuite/output/data/html/partials/gcp/services.cloudresourcemanager.projects.id.bindings.html b/ScoutSuite/output/data/html/partials/gcp/services.cloudresourcemanager.projects.id.bindings.html
index 55db26420..93158386b 100644
--- a/ScoutSuite/output/data/html/partials/gcp/services.cloudresourcemanager.projects.id.bindings.html
+++ b/ScoutSuite/output/data/html/partials/gcp/services.cloudresourcemanager.projects.id.bindings.html
@@ -30,11 +30,13 @@ <h5 class="list-group-item-heading">Attached Groups:</h5>
                 {{/each}}
             </ul>
         </div>
-        <h5 class="list-group-item-heading">Attached Service Accounts:</h5>
-        <div id="cloudresourcemanager.projects.{{@../key}}.bindings.{{@key}}.service_accounts" class="accordion-inner">
+        <h5  id="cloudresourcemanager.projects.{{@../key}}.bindings.{{@key}}.service_accounts" class="list-group-item-heading">Attached Service Accounts:</h5>
+        <div class="accordion-inner">
             <ul>
                 {{#each members.service_accounts}}
-                <li><samp>{{this}}</samp></li>
+                <li>
+                    <span id="cloudresourcemanager.projects.{{@../key}}.bindings.{{@key}}.service_accounts.{{this}}"><samp>{{this}}</samp></span>
+                </li>
                 {{else}}
                 <li><samp>None</samp></li>
                 {{/each}}

From 051408207b80e76e4c1f1de680fe88820fb4071a Mon Sep 17 00:00:00 2001
From: rracterr <bknauss@newscorp.com>
Date: Mon, 27 Jan 2020 19:09:28 +0000
Subject: [PATCH 009/145] Makes reading auth files allot more reliable

---
 ScoutSuite/core/cli_parser.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ScoutSuite/core/cli_parser.py b/ScoutSuite/core/cli_parser.py
index 367acc9eb..4e68a034b 100644
--- a/ScoutSuite/core/cli_parser.py
+++ b/ScoutSuite/core/cli_parser.py
@@ -172,7 +172,7 @@ def _init_azure_parser(self):
 
         azure_auth_modes.add_argument('--file-auth',
                                       action='store',
-                                      type=argparse.FileType('r'),
+                                      type=argparse.FileType('rb'),
                                       dest='file_auth',
                                       metavar="FILE",
                                       help='Run Scout with the specified credential file')

From 4d49456b3897f401b384cc34ea0cf1795d4e7d51 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 29 Jan 2020 10:18:53 +0100
Subject: [PATCH 010/145] Suppress info logs

---
 ScoutSuite/providers/oci/authentication_strategy.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ScoutSuite/providers/oci/authentication_strategy.py b/ScoutSuite/providers/oci/authentication_strategy.py
index 993513181..f5778875c 100644
--- a/ScoutSuite/providers/oci/authentication_strategy.py
+++ b/ScoutSuite/providers/oci/authentication_strategy.py
@@ -1,3 +1,5 @@
+import logging
+
 from oci.config import from_file
 from oci.identity import IdentityClient
 
@@ -20,6 +22,9 @@ def authenticate(self, profile=None, **kwargs):
 
         try:
 
+            # Set logging level to error for libraries as otherwise generates a lot of warnings
+            logging.getLogger('oci').setLevel(logging.ERROR)
+
             config = from_file(profile_name=profile)
             compartment_id = config["tenancy"]
 

From 7c21f6020c994f8b80d61a99a50ecf7b5862e490 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Tue, 4 Feb 2020 17:50:39 +0100
Subject: [PATCH 011/145] Add support for compartments

---
 ScoutSuite/providers/oci/authentication_strategy.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ScoutSuite/providers/oci/authentication_strategy.py b/ScoutSuite/providers/oci/authentication_strategy.py
index f5778875c..d7748779f 100644
--- a/ScoutSuite/providers/oci/authentication_strategy.py
+++ b/ScoutSuite/providers/oci/authentication_strategy.py
@@ -26,7 +26,10 @@ def authenticate(self, profile=None, **kwargs):
             logging.getLogger('oci').setLevel(logging.ERROR)
 
             config = from_file(profile_name=profile)
-            compartment_id = config["tenancy"]
+            if 'compartment-id' in config:
+                compartment_id = config['compartment-id']
+            else:
+                compartment_id = config['tenancy']
 
             # Get the current user
             identity = IdentityClient(config)

From 24145eb6f562452a9cd7294c8b6a0179dca8dde4 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Tue, 4 Feb 2020 17:50:49 +0100
Subject: [PATCH 012/145] Improve error handling

---
 ScoutSuite/providers/oci/facade/identity.py | 68 ++++++++++++++-------
 1 file changed, 47 insertions(+), 21 deletions(-)

diff --git a/ScoutSuite/providers/oci/facade/identity.py b/ScoutSuite/providers/oci/facade/identity.py
index bca3eb133..f050770dc 100644
--- a/ScoutSuite/providers/oci/facade/identity.py
+++ b/ScoutSuite/providers/oci/facade/identity.py
@@ -1,7 +1,9 @@
 from oci.identity import IdentityClient
-from ScoutSuite.providers.oci.authentication_strategy import OracleCredentials
 from oci.pagination import list_call_get_all_results
 
+from ScoutSuite.providers.oci.authentication_strategy import OracleCredentials
+from ScoutSuite.core.console import print_exception
+
 from ScoutSuite.providers.utils import run_concurrently
 
 
@@ -11,33 +13,57 @@ def __init__(self, credentials: OracleCredentials):
         self._client = IdentityClient(self._credentials.config)
 
     async def get_users(self):
-        response = await run_concurrently(
-            lambda: list_call_get_all_results(self._client.list_users, self._credentials.compartment_id))
-        return response.data
+        try:
+            response = await run_concurrently(
+                lambda: list_call_get_all_results(self._client.list_users, self._credentials.compartment_id))
+            return response.data
+        except Exception as e:
+            print_exception('Failed to retrieve users: {}'.format(e))
+            return None
 
     async def get_user_api_keys(self, user_id):
-        response = await run_concurrently(
-            lambda: list_call_get_all_results(self._client.list_api_keys, user_id))
-        return response.data
+        try:
+            response = await run_concurrently(
+                lambda: list_call_get_all_results(self._client.list_api_keys, user_id))
+            return response.data
+        except Exception as e:
+            print_exception('Failed to retrieve user api keys: {}'.format(e))
+            return None
 
     async def get_groups(self):
-        response = await run_concurrently(
-            lambda: list_call_get_all_results(self._client.list_groups, self._credentials.compartment_id))
-        return response.data
+        try:
+            response = await run_concurrently(
+                lambda: list_call_get_all_results(self._client.list_groups, self._credentials.compartment_id))
+            return response.data
+        except Exception as e:
+            print_exception('Failed to retrieve groups: {}'.format(e))
+            return None
 
     async def get_group_users(self, group_id):
-        response = await run_concurrently(
-            lambda: list_call_get_all_results(self._client.list_user_group_memberships,
-                                              self._credentials.compartment_id,
-                                              group_id=group_id))
-        return response.data
+        try:
+            response = await run_concurrently(
+                lambda: list_call_get_all_results(self._client.list_user_group_memberships,
+                                                  self._credentials.compartment_id,
+                                                  group_id=group_id))
+            return response.data
+        except Exception as e:
+            print_exception('Failed to retrieve group users: {}'.format(e))
+            return None
 
     async def get_policies(self):
-        response = await run_concurrently(
-            lambda: list_call_get_all_results(self._client.list_policies, self._credentials.compartment_id))
-        return response.data
+        try:
+            response = await run_concurrently(
+                lambda: list_call_get_all_results(self._client.list_policies, self._credentials.compartment_id))
+            return response.data
+        except Exception as e:
+            print_exception('Failed to retrieve policies: {}'.format(e))
+            return None
 
     async def get_authentication_policy(self):
-        response = await run_concurrently(
-            lambda: self._client.get_authentication_policy(self._credentials.compartment_id))
-        return response.data
+        try:
+            response = await run_concurrently(
+                lambda: self._client.get_authentication_policy(self._credentials.compartment_id))
+            return response.data
+        except Exception as e:
+            print_exception('Failed to retrieve authentication policy: {}'.format(e))
+            return None

From 906d9bdf297f12468b8c4cc492d784d565dcf42a Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Tue, 4 Feb 2020 17:51:00 +0100
Subject: [PATCH 013/145] Improve error handling

---
 .../oci/resources/identity/authentication_policy.py          | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ScoutSuite/providers/oci/resources/identity/authentication_policy.py b/ScoutSuite/providers/oci/resources/identity/authentication_policy.py
index be8c229e4..425993e72 100644
--- a/ScoutSuite/providers/oci/resources/identity/authentication_policy.py
+++ b/ScoutSuite/providers/oci/resources/identity/authentication_policy.py
@@ -8,7 +8,10 @@ def __init__(self, facade: OracleFacade):
 
     async def fetch_all(self):
         raw_authentication_policy = await self.facade.identity.get_authentication_policy()
-        password_policy = self._parse_authentication_policy(raw_authentication_policy)
+        if raw_authentication_policy:
+            password_policy = self._parse_authentication_policy(raw_authentication_policy)
+        else:
+            password_policy = {}
         self.update(password_policy)
 
     def _parse_authentication_policy(self, raw_authentication_policy):

From 9bf9e827dc65f06548efc8c20a08ffd94063eba1 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 5 Feb 2020 09:37:17 +0100
Subject: [PATCH 014/145] Fix for
 https://github.com/nccgroup/ScoutSuite/issues/635

---
 ScoutSuite/providers/aws/resources/ec2/ami.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/ScoutSuite/providers/aws/resources/ec2/ami.py b/ScoutSuite/providers/aws/resources/ec2/ami.py
index 2e8993643..6c6ec3565 100644
--- a/ScoutSuite/providers/aws/resources/ec2/ami.py
+++ b/ScoutSuite/providers/aws/resources/ec2/ami.py
@@ -14,7 +14,6 @@ async def fetch_all(self):
             self[name] = resource
 
     def _parse_image(self, raw_image):
-        raw_image['id'] = raw_image['ImageId']
-        raw_image['name'] = raw_image['Name']
-
+        raw_image['id'] = raw_image.get('ImageId')
+        raw_image['name'] = raw_image.get('Name')
         return raw_image['id'], raw_image

From 714ff5f72c08e387356353edecdde591a51b938d Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 5 Feb 2020 09:46:11 +0100
Subject: [PATCH 015/145] Add notice

---
 ScoutSuite/output/data/inc-scoutsuite/helpers.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ScoutSuite/output/data/inc-scoutsuite/helpers.js b/ScoutSuite/output/data/inc-scoutsuite/helpers.js
index 07435e44a..fb2947d60 100644
--- a/ScoutSuite/output/data/inc-scoutsuite/helpers.js
+++ b/ScoutSuite/output/data/inc-scoutsuite/helpers.js
@@ -386,7 +386,7 @@ Handlebars.registerHelper('each_dict_as_sorted_list', function (context, options
             } else {
                 if (context[a].level.toLowerCase() === 'danger') return -1
                 if (context[b].level.toLowerCase() === 'danger') return 1
-                if (context[a].level.toLowerCase() === 'warning') return -1
+                if (context[a].level.toLowerCase() === 'warning') return -1 // FIXME - these are duplicated for nothing?
                 if (context[b].level.toLowerCase() === 'warning') return 1
                 if (context[a].level.toLowerCase() === 'warning') return -1
                 if (context[b].level.toLowerCase() === 'warning') return 1

From 2147f8401991187fae2dc552bcdf269868b901f8 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 5 Feb 2020 09:47:17 +0100
Subject: [PATCH 016/145] Update version

---
 ScoutSuite/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ScoutSuite/__init__.py b/ScoutSuite/__init__.py
index 646fd8081..6840fb6bc 100644
--- a/ScoutSuite/__init__.py
+++ b/ScoutSuite/__init__.py
@@ -1,5 +1,5 @@
 __author__ = 'NCC Group'
-__version__ = '5.7.0'
+__version__ = '5.8.0'
 
 ERRORS_LIST = []
 

From cf20d8dcd2db275e0044a739fe406cbcd5278034 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 5 Feb 2020 10:49:08 +0100
Subject: [PATCH 017/145] Move processing to resource

---
 ScoutSuite/providers/aws/provider.py          | 28 ++-----------------
 .../aws/resources/cloudtrail/base.py          | 19 +++++++++++++
 2 files changed, 22 insertions(+), 25 deletions(-)

diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py
index f411b3291..fee5482a4 100644
--- a/ScoutSuite/providers/aws/provider.py
+++ b/ScoutSuite/providers/aws/provider.py
@@ -64,8 +64,10 @@ def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None):
         # Various data processing calls
         # Note that order of processing can matter
 
+        # TODO - this should be moved to the `finalize` method of the base resource, as it's not cross-service
         self._map_all_subnets()
 
+        # TODO - this should be moved to the `finalize` method of the base resource, as it's not cross-service
         if 'ec2' in self.service_list:
             self._map_all_sgs()
             self._add_security_group_name_to_ec2_grants()
@@ -78,15 +80,13 @@ def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None):
         if 'ec2' in self.service_list and 'iam' in self.service_list:
             self._match_instances_and_roles()
 
-        if 'cloudtrail' in self.service_list:
-            self._process_cloudtrail_trails(self.services['cloudtrail'])
-
         if 'elbv2' in self.service_list and 'ec2' in self.service_list:
             self._add_security_group_data_to_elbv2()
 
         if 's3' in self.service_list and 'iam' in self.service_list:
             self._match_iam_policies_and_buckets()
 
+        # TODO - this should be moved to the `finalize` method of the base resource, as it's not cross-service
         if 'elb' in self.services:
             self._parse_elb_policies()
 
@@ -190,28 +190,6 @@ def add_security_group_name_to_ec2_grants_callback(self, current_config, path, c
         else:
             print_exception('Failed to handle EC2 grant: %s' % ec2_grant)
 
-    @staticmethod
-    def _process_cloudtrail_trails(cloudtrail_config):
-        global_events_logging = []
-        data_logging_trails_count = 0
-        for region in cloudtrail_config['regions']:
-            for trail_id in cloudtrail_config['regions'][region]['trails']:
-                trail = cloudtrail_config['regions'][region]['trails'][trail_id]
-                if 'HomeRegion' in trail and trail['HomeRegion'] != region:
-                    # Part of a multi-region trail, skip until we find the whole object
-                    continue
-                if trail['IncludeGlobalServiceEvents'] and trail['IsLogging']:
-                    global_events_logging.append((region, trail_id,))
-                # Any wildcard logging?
-                if trail.get('wildcard_data_logging', False):
-                    data_logging_trails_count += 1
-
-        cloudtrail_config['data_logging_trails_count'] = data_logging_trails_count
-        cloudtrail_config['IncludeGlobalServiceEvents'] = len(
-            global_events_logging) > 0
-        cloudtrail_config['DuplicatedGlobalServiceEvents'] = len(
-            global_events_logging) > 1
-
     def process_network_acls_callback(self, current_config, path, current_path, privateip_id, callback_args):
         # Check if the network ACL allows all traffic from all IP addresses
         self._process_network_acls_check_for_allow_all(
diff --git a/ScoutSuite/providers/aws/resources/cloudtrail/base.py b/ScoutSuite/providers/aws/resources/cloudtrail/base.py
index 3320d5f39..766a83223 100644
--- a/ScoutSuite/providers/aws/resources/cloudtrail/base.py
+++ b/ScoutSuite/providers/aws/resources/cloudtrail/base.py
@@ -11,3 +11,22 @@ class CloudTrail(Regions):
 
     def __init__(self, facade: AWSFacade):
         super(CloudTrail, self).__init__('cloudtrail', facade)
+
+    async def finalize(self):
+        global_events_logging = []
+        data_logging_trails_count = 0
+
+        for region in self['regions']:
+            for trail_id, trail in self['regions'][region]['trails'].items():
+                if 'HomeRegion' in trail and trail['HomeRegion'] != region:
+                    # Part of a multi-region trail, skip until we find the whole object
+                    continue
+                if trail['IncludeGlobalServiceEvents'] and trail['IsLogging']:
+                    global_events_logging.append((region, trail_id,))
+                # Any wildcard logging?
+                if trail.get('wildcard_data_logging', False):
+                    data_logging_trails_count += 1
+
+        self['data_logging_trails_count'] = data_logging_trails_count
+        self['IncludeGlobalServiceEvents'] = len(global_events_logging) > 0
+        self['DuplicatedGlobalServiceEvents'] = len(global_events_logging) > 1

From 9e59a29c29afaf524597749e0971f98bd85cb5c9 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 5 Feb 2020 10:57:01 +0100
Subject: [PATCH 018/145] Update rationale

---
 .../aws/rules/findings/cloudtrail-no-log-file-validation.json   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-log-file-validation.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-log-file-validation.json
index 909bb6514..087080fcd 100644
--- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-log-file-validation.json
+++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-log-file-validation.json
@@ -1,6 +1,6 @@
 {
     "description": "Log file validation disabled",
-    "rationale": "<b>Description:</b><br><br>The lack of log file validation prevents one from verifying the integrity of the log files.",
+    "rationale": "<b>Description:</b><br><br>The lack of log file validation prevents from verifying the integrity of the log files.",
     "path": "cloudtrail.regions.id.trails.id",
     "dashboard_name": "Trails",
     "display_path": "cloudtrail.regions.id.trails.id",

From a06d3c1c55317cffeb3a7917a97cc1a45cdeee72 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 5 Feb 2020 10:57:50 +0100
Subject: [PATCH 019/145] Validate directly in the rule

---
 .../cloudtrail-no-global-services-logging.json   | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-global-services-logging.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-global-services-logging.json
index e96702747..5a5b740c5 100644
--- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-global-services-logging.json
+++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-global-services-logging.json
@@ -1,11 +1,17 @@
 {
     "description": "Global services logging disabled",
     "rationale": "<b>Description:</b><br><br>API activity for global services such as IAM and STS is not logged. Investigation of incidents will be incomplete due to the lack of information.",
-    "path": "cloudtrail",
-    "display_path": "cloudtrail.regions.id.trails.id",
-    "dashboard_name": "Configuration",
-    "conditions": [ "and",
-        [ "IncludeGlobalServiceEvents", "false", "" ]
+    "path": "cloudtrail.regions.id.trails.id",
+    "dashboard_name": "Trails",
+    "conditions": [ "or",
+        [ "and",
+            [ "cloudtrail.regions.id.trails.id.", "withKey", "IncludeGlobalServiceEvents" ],
+            [ "cloudtrail.regions.id.trails.id.IncludeGlobalServiceEvents", "false", "" ]
+        ],
+        [ "and",
+            [ "cloudtrail.regions.id.trails.id.", "withKey", "IsLogging" ],
+            [ "cloudtrail.regions.id.trails.id.IsLogging", "false", "" ]
+        ]
     ],
     "id_suffix": "IncludeGlobalServiceEvents"
 }
\ No newline at end of file

From 86fc4ece5dcc254a23909a045947f4869e26382f Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 5 Feb 2020 10:58:04 +0100
Subject: [PATCH 020/145] Minor change

---
 .../findings/cloudtrail-duplicated-global-services-logging.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-duplicated-global-services-logging.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-duplicated-global-services-logging.json
index 180b30994..02176427d 100644
--- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-duplicated-global-services-logging.json
+++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-duplicated-global-services-logging.json
@@ -2,8 +2,8 @@
     "description": "Global service logging duplicated",
     "rationale": "<b>Description:</b><br><br>Global service logging is enabled in multiple Trails. While this does not jeopardize the security of the environment, duplicated entries in logs increase the difficulty to investate potential incidents.",
     "path": "cloudtrail",
-    "display_path": "cloudtrail.regions.id.trails.id",
     "dashboard_name": "Configuration",
+    "display_path": "cloudtrail.regions.id",
     "conditions": [ "and",
         [ "DuplicatedGlobalServiceEvents", "true", ""]
     ],

From 8e35df6d9268a199d47b39522761ab8920240729 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Thu, 6 Feb 2020 09:57:09 +0100
Subject: [PATCH 021/145] Add requirement

---
 requirements.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/requirements.txt b/requirements.txt
index 405f5c42d..8e4351c98 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -28,6 +28,7 @@ google-api-python-client>=1.7.8
 oauth2client>=4.1.3
 
 # Azure Provider
+requests>=2.22.0
 azure-core>=1.2.1
 adal>=0.4.7
 azure-cli-core>=2.0.55

From c6802df9d3c6e75aede6c5f561901c8436488633 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Thu, 6 Feb 2020 10:08:49 +0100
Subject: [PATCH 022/145] Handle MS Graph auth for username/password

---
 .../azure/authentication_strategy.py          | 26 ++++++++++++-------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py
index 36537b21b..57edaa1d8 100644
--- a/ScoutSuite/providers/azure/authentication_strategy.py
+++ b/ScoutSuite/providers/azure/authentication_strategy.py
@@ -13,9 +13,13 @@
 
 class AzureCredentials:
 
-    def __init__(self, arm_credentials, graph_credentials, tenant_id=None, default_subscription_id=None):
+    def __init__(self,
+                 arm_credentials, aad_graph_credentials, microsoft_graph_credentials,
+                 tenant_id=None, default_subscription_id=None):
+
         self.arm_credentials = arm_credentials  # Azure Resource Manager API credentials
-        self.graph_credentials = graph_credentials  # Azure AD Graph API credentials
+        self.aad_graph_credentials = aad_graph_credentials  # Azure AD Graph API credentials
+        self.microsoft_graph_credentials = microsoft_graph_credentials  # Microsoft Graph API credentials
         self.tenant_id = tenant_id
         self.default_subscription_id = default_subscription_id
 
@@ -23,7 +27,7 @@ def get_tenant_id(self):
         if self.tenant_id:
             return self.tenant_id
         else:
-            return self.graph_credentials.token['tenant_id']
+            return self.aad_graph_credentials.token['tenant_id']
 
 
 class AzureAuthenticationStrategy(AuthenticationStrategy):
@@ -49,7 +53,7 @@ def authenticate(self,
 
             if cli:
                 arm_credentials, subscription_id, tenant_id = get_azure_cli_credentials(with_tenant=True)
-                graph_credentials, placeholder_1, placeholder_2 = \
+                aad_graph_credentials, placeholder_1, placeholder_2 = \
                     get_azure_cli_credentials(with_tenant=True, resource='https://graph.windows.net')
 
             elif user_account:
@@ -62,8 +66,10 @@ def authenticate(self,
                         raise AuthenticationException('Username and/or password not set')
 
                 arm_credentials = UserPassCredentials(username, password)
-                graph_credentials = UserPassCredentials(username, password,
+                aad_graph_credentials = UserPassCredentials(username, password,
                                                         resource='https://graph.windows.net')
+                microsoft_graph_credentials = UserPassCredentials(username, password,
+                                                                  resource='https://graph.microsoft.com/')
 
             elif user_account_browser:
 
@@ -92,7 +98,7 @@ def authenticate(self,
                            'access {} and enter the {} code.'.format(code['verification_url'],
                                                                      code['user_code']))
                 mgmt_token = context.acquire_token_with_device_code(resource_uri, code, client_id)
-                graph_credentials = AADTokenCredentials(mgmt_token, client_id)
+                aad_graph_credentials = AADTokenCredentials(mgmt_token, client_id)
 
             elif service_principal:
 
@@ -120,7 +126,7 @@ def authenticate(self,
                     tenant=tenant_id
                 )
 
-                graph_credentials = ServicePrincipalCredentials(
+                aad_graph_credentials = ServicePrincipalCredentials(
                     client_id=client_id,
                     secret=client_secret,
                     tenant=tenant_id,
@@ -140,7 +146,7 @@ def authenticate(self,
                     tenant=tenant_id
                 )
 
-                graph_credentials = ServicePrincipalCredentials(
+                aad_graph_credentials = ServicePrincipalCredentials(
                     client_id=client_id,
                     secret=client_secret,
                     tenant=tenant_id,
@@ -150,12 +156,12 @@ def authenticate(self,
             elif msi:
 
                 arm_credentials = MSIAuthentication()
-                graph_credentials = MSIAuthentication(resource='https://graph.windows.net')
+                aad_graph_credentials = MSIAuthentication(resource='https://graph.windows.net')
 
             else:
                 raise AuthenticationException('Unknown authentication method')
 
-            return AzureCredentials(arm_credentials, graph_credentials,
+            return AzureCredentials(arm_credentials, aad_graph_credentials, microsoft_graph_credentials,
                                     tenant_id, subscription_id)
 
         except Exception as e:

From 5da41d979e5ee9ba013091c895ab1e1cffdc6a40 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Thu, 6 Feb 2020 10:10:51 +0100
Subject: [PATCH 023/145] Add query method

---
 ScoutSuite/providers/azure/facade/aad.py | 28 +++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/ScoutSuite/providers/azure/facade/aad.py b/ScoutSuite/providers/azure/facade/aad.py
index 7271ec4aa..3b13dff33 100644
--- a/ScoutSuite/providers/azure/facade/aad.py
+++ b/ScoutSuite/providers/azure/facade/aad.py
@@ -1,14 +1,40 @@
 from azure.graphrbac import GraphRbacManagementClient
 
+import requests
+import uuid
+
 from ScoutSuite.core.console import print_exception
 from ScoutSuite.providers.utils import run_concurrently
 
 
 class AADFacade:
     def __init__(self, credentials):
-        self._client = GraphRbacManagementClient(credentials.graph_credentials,
+        self._client = GraphRbacManagementClient(credentials.aad_graph_credentials,
                                                  tenant_id=credentials.get_tenant_id())
 
+        self._microsoft_graph_session = requests.Session()
+        self._microsoft_graph_session.headers.update(
+            {'Authorization': 'Bearer {}'.format(credentials.microsoft_graph_credentials.token['access_token']),
+             'User-Agent': 'adal-sample',
+             'Accept': 'application/json',
+             'Content-Type': 'application/json',
+             'SdkVersion': 'sample-python-adal',
+             'return-client-request-id': 'true'})
+
+    async def _get_microsoft_graph_response(self, api_resource, api_version='v1.0'):
+        endpoint = 'https://graph.microsoft.com/{}/{}'.format(api_version, api_resource)
+        http_headers = {'client-request-id': str(uuid.uuid4())}
+        try:
+            response = self._microsoft_graph_session.get(endpoint, headers=http_headers, stream=False)
+            if response.status_code == 200:
+                return response.json()
+            else:
+                print_exception('Failed to query Microsoft Graph endpoint {}: status code {}'.
+                                format(api_resource, response.status_code))
+        except Exception as e:
+            print_exception('Failed to query Microsoft Graph endpoint {}: {}'.format(api_resource, e))
+            return {}
+
     async def get_users(self):
         try:
             return await run_concurrently(lambda: list(self._client.users.list()))

From d649ffcc6fffc314173af327d79af2d79171d8f9 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Thu, 6 Feb 2020 17:49:38 +0100
Subject: [PATCH 024/145] Sample MS Graph implementation

---
 ScoutSuite/providers/azure/facade/aad.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/ScoutSuite/providers/azure/facade/aad.py b/ScoutSuite/providers/azure/facade/aad.py
index 3b13dff33..3c4c783bd 100644
--- a/ScoutSuite/providers/azure/facade/aad.py
+++ b/ScoutSuite/providers/azure/facade/aad.py
@@ -15,10 +15,10 @@ def __init__(self, credentials):
         self._microsoft_graph_session = requests.Session()
         self._microsoft_graph_session.headers.update(
             {'Authorization': 'Bearer {}'.format(credentials.microsoft_graph_credentials.token['access_token']),
-             'User-Agent': 'adal-sample',
+             'User-Agent': 'scout-suite',
              'Accept': 'application/json',
              'Content-Type': 'application/json',
-             'SdkVersion': 'sample-python-adal',
+             'SdkVersion': 'scout-suite',
              'return-client-request-id': 'true'})
 
     async def _get_microsoft_graph_response(self, api_resource, api_version='v1.0'):
@@ -29,10 +29,10 @@ async def _get_microsoft_graph_response(self, api_resource, api_version='v1.0'):
             if response.status_code == 200:
                 return response.json()
             else:
-                print_exception('Failed to query Microsoft Graph endpoint {}: status code {}'.
+                print_exception('Failed to query Microsoft Graph endpoint \"{}\": status code {}'.
                                 format(api_resource, response.status_code))
         except Exception as e:
-            print_exception('Failed to query Microsoft Graph endpoint {}: {}'.format(api_resource, e))
+            print_exception('Failed to query Microsoft Graph endpoint \"{}\": {}'.format(api_resource, e))
             return {}
 
     async def get_users(self):
@@ -49,6 +49,10 @@ async def get_groups(self):
             print_exception('Failed to retrieve groups: {}'.format(e))
             return []
 
+    async def get_group_details(self, group_id):
+        response = await self._get_microsoft_graph_response('groups/{}'.format(group_id))
+        return response
+
     async def get_user_groups(self, user_id):
         try:
             return await run_concurrently(lambda: list(

From d8f2ebfc2117956f039b8596d9039af76ad49a98 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Thu, 6 Feb 2020 17:49:50 +0100
Subject: [PATCH 025/145] Sample MS Graph implementation

---
 ScoutSuite/providers/azure/resources/aad/groups.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/ScoutSuite/providers/azure/resources/aad/groups.py b/ScoutSuite/providers/azure/resources/aad/groups.py
index 5a97e3aae..bc255be5a 100644
--- a/ScoutSuite/providers/azure/resources/aad/groups.py
+++ b/ScoutSuite/providers/azure/resources/aad/groups.py
@@ -4,11 +4,13 @@
 class Groups(AzureResources):
     async def fetch_all(self):
         for raw_group in await self.facade.aad.get_groups():
-            id, group = self._parse_group(raw_group)
+            id, group = await self._parse_group(raw_group)
             self[id] = group
 
-    def _parse_group(self, raw_group):
+    async def _parse_group(self, raw_group):
+
         group_dict = {}
+
         group_dict['id'] = raw_group.object_id
         group_dict['name'] = raw_group.display_name
         group_dict['additional_properties'] = raw_group.additional_properties
@@ -20,5 +22,8 @@ def _parse_group(self, raw_group):
         group_dict['mail'] = raw_group.mail
         group_dict['users'] = []  # this will be filled in `finalize()`
         group_dict['roles'] = []  # this will be filled in `finalize()`
+
+        additional_details = await self.facade.aad.get_group_details(group_dict['id'])
+
         return group_dict['id'], group_dict
 

From b39c69570591df98175fe530fec13ead36551850 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Thu, 6 Feb 2020 18:26:41 +0100
Subject: [PATCH 026/145] Add query methods

---
 .../providers/azure/facade/virtualmachines.py | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/ScoutSuite/providers/azure/facade/virtualmachines.py b/ScoutSuite/providers/azure/facade/virtualmachines.py
index d490bd3d1..258c5db18 100644
--- a/ScoutSuite/providers/azure/facade/virtualmachines.py
+++ b/ScoutSuite/providers/azure/facade/virtualmachines.py
@@ -21,3 +21,33 @@ async def get_instances(self, subscription_id: str):
         except Exception as e:
             print_exception('Failed to retrieve virtual machines: {}'.format(e))
             return []
+
+    async def get_disks(self, subscription_id: str):
+        try:
+            client = self.get_client(subscription_id)
+            return await run_concurrently(
+                lambda: list(client.disks.list())
+            )
+        except Exception as e:
+            print_exception('Failed to retrieve disks: {}'.format(e))
+            return []
+
+    async def get_snapshots(self, subscription_id: str):
+        try:
+            client = self.get_client(subscription_id)
+            return await run_concurrently(
+                lambda: list(client.snapshots.list())
+            )
+        except Exception as e:
+            print_exception('Failed to retrieve snapshots: {}'.format(e))
+            return []
+
+    async def get_images(self, subscription_id: str):
+        try:
+            client = self.get_client(subscription_id)
+            return await run_concurrently(
+                lambda: list(client.images.list())
+            )
+        except Exception as e:
+            print_exception('Failed to retrieve images: {}'.format(e))
+            return []

From 0aa5be2c04e7339eebbae9aa5eeacfd4f18eea77 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Thu, 6 Feb 2020 18:26:52 +0100
Subject: [PATCH 027/145] Add resources

---
 .../providers/azure/resources/virtualmachines/base.py     | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/base.py b/ScoutSuite/providers/azure/resources/virtualmachines/base.py
index 008cb460c..0f80673bf 100644
--- a/ScoutSuite/providers/azure/resources/virtualmachines/base.py
+++ b/ScoutSuite/providers/azure/resources/virtualmachines/base.py
@@ -1,9 +1,15 @@
 from ScoutSuite.providers.azure.resources.subscriptions import Subscriptions
 
 from .instances import Instances
+from .disks import Disks
+from .snapshots import Snapshots
+from .images import Images
 
 
 class VirtualMachines(Subscriptions):
     _children = [
-        (Instances, 'instances')
+        (Instances, 'instances'),
+        (Disks, 'disks'),
+        (Snapshots, 'snapshots'),
+        (Images, 'images'),
     ]

From b4c9749b07c836a54fdeee17bbbf125c30a53e64 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Thu, 6 Feb 2020 18:54:20 +0100
Subject: [PATCH 028/145] Add resources for VM service

---
 ...irtualmachines.subscriptions.id.disks.html | 33 +++++++++++++
 ...rtualmachines.subscriptions.id.images.html |  1 +
 ...almachines.subscriptions.id.snapshots.html | 32 +++++++++++++
 .../azure/resources/virtualmachines/disks.py  | 48 +++++++++++++++++++
 .../azure/resources/virtualmachines/images.py | 19 ++++++++
 .../resources/virtualmachines/snapshots.py    | 46 ++++++++++++++++++
 6 files changed, 179 insertions(+)
 create mode 100644 ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.disks.html
 create mode 100644 ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.images.html
 create mode 100644 ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.snapshots.html
 create mode 100644 ScoutSuite/providers/azure/resources/virtualmachines/disks.py
 create mode 100644 ScoutSuite/providers/azure/resources/virtualmachines/images.py
 create mode 100644 ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py

diff --git a/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.disks.html b/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.disks.html
new file mode 100644
index 000000000..96d60ad33
--- /dev/null
+++ b/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.disks.html
@@ -0,0 +1,33 @@
+<!-- virtualmachines disks -->
+<script id="services.virtualmachines.subscriptions.id.disks.partial" type="text/x-handlebars-template">
+    <div id="resource-name" class="list-group-item active">
+        <h4 class="list-group-item-heading">{{name}}</h4>
+    </div>
+    <div class="list-group-item">
+        <h4 class="list-group-item-heading">Information</h4>
+        <div class="list-group-item-text item-margin">Name: <span id="virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.name"><samp>{{value_or_none name}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Unique Id: <span id="virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.unique_id"><samp>{{value_or_none unique_id}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Provisioning State: <span id="virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.provisioning_state"><samp>{{value_or_none provisioning_state}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Disk State: <span id="virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.disk_state"><samp>{{value_or_none disk_state}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Time Created: <span id="virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.time_created"><samp>{{format_date time_created}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Location: <span id="virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.location"><samp>{{value_or_none location}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Zones: <span id="virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.zones"><samp>{{value_or_none zones}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Encryption: <span id="virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.encryption_enabled"><samp>{{convert_bool_to_enabled encryption_enabled}}</samp></span></div>
+        <div class="list-group-item-text item-margin">OS Type: <span id="virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.os_type"><samp>{{value_or_none os_type}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Managed By: <span id="virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.managed_by"><samp>{{value_or_none managed_by}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Hyper V Generation: <span id="virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.hyper_vgeneration"><samp>{{value_or_none hyper_vgeneration}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Disk Size GB: <span id="virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.disk_size_gb"><samp>{{value_or_none disk_size_gb}}</samp></span></div>
+    </div>
+</script>
+
+<script>
+    Handlebars.registerPartial("services.virtualmachines.subscriptions.id.disks", $("#services\\.virtualmachines\\.subscriptions\\.id\\.disks\\.partial").html());
+</script>
+
+<!-- Single virtualmachines disk template -->
+<script id="single_virtualmachines_disk-template" type="text/x-handlebars-template">
+    {{> modal-template template='services.virtualmachines.subscriptions.id.disks'}}
+</script>
+<script>
+    var single_virtualmachines_disk_template = Handlebars.compile($("#single_virtualmachines_disk-template").html());
+</script>
diff --git a/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.images.html b/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.images.html
new file mode 100644
index 000000000..4d3fbc92c
--- /dev/null
+++ b/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.images.html
@@ -0,0 +1 @@
+<!--TODO-->
\ No newline at end of file
diff --git a/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.snapshots.html b/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.snapshots.html
new file mode 100644
index 000000000..eb69d2cf6
--- /dev/null
+++ b/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.snapshots.html
@@ -0,0 +1,32 @@
+<!-- virtualmachines snapshots -->
+<script id="services.virtualmachines.subscriptions.id.snapshots.partial" type="text/x-handlebars-template">
+    <div id="resource-name" class="list-group-item active">
+        <h4 class="list-group-item-heading">{{name}}</h4>
+    </div>
+    <div class="list-group-item">
+        <h4 class="list-group-item-heading">Information</h4>
+        <div class="list-group-item-text item-margin">Name: <span id="virtualmachines.subscriptions.{{subscription}}.snapshots.{{@key}}.name"><samp>{{value_or_none name}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Unique ID: <span id="virtualmachines.subscriptions.{{subscription}}.snapshots.{{@key}}.unique_id"><samp>{{value_or_none unique_id}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Provisioning State: <span id="virtualmachines.subscriptions.{{subscription}}.snapshots.{{@key}}.provisioning_state"><samp>{{value_or_none provisioning_state}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Time Created: <span id="virtualmachines.subscriptions.{{subscription}}.snapshots.{{@key}}.time_created"><samp>{{format_date time_created}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Location: <span id="virtualmachines.subscriptions.{{subscription}}.snapshots.{{@key}}.location"><samp>{{value_or_none location}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Encryption: <span id="virtualmachines.subscriptions.{{subscription}}.snapshots.{{@key}}.encryption_enabled"><samp>{{convert_bool_to_enabled encryption_enabled}}</samp></span></div>
+        <div class="list-group-item-text item-margin">OS Type: <span id="virtualmachines.subscriptions.{{subscription}}.snapshots.{{@key}}.os_type"><samp>{{value_or_none os_type}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Managed By: <span id="virtualmachines.subscriptions.{{subscription}}.snapshots.{{@key}}.managed_by"><samp>{{value_or_none managed_by}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Hyper V Generation: <span id="virtualmachines.subscriptions.{{subscription}}.snapshots.{{@key}}.hyper_vgeneration"><samp>{{value_or_none hyper_vgeneration}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Disk Size GB: <span id="virtualmachines.subscriptions.{{subscription}}.snapshots.{{@key}}.disk_size_gb"><samp>{{value_or_none disk_size_gb}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Incremental: <span id="virtualmachines.subscriptions.{{subscription}}.snapshots.{{@key}}.incremental"><samp>{{value_or_none incremental}}</samp></span></div>
+    </div>
+</script>
+
+<script>
+    Handlebars.registerPartial("services.virtualmachines.subscriptions.id.snapshots", $("#services\\.virtualmachines\\.subscriptions\\.id\\.snapshots\\.partial").html());
+</script>
+
+<!-- Single virtualmachines snapshot template -->
+<script id="single_virtualmachines_snapshot-template" type="text/x-handlebars-template">
+    {{> modal-template template='services.virtualmachines.subscriptions.id.snapshots'}}
+</script>
+<script>
+    var single_virtualmachines_snapshot_template = Handlebars.compile($("#single_virtualmachines_snapshot-template").html());
+</script>
diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/disks.py b/ScoutSuite/providers/azure/resources/virtualmachines/disks.py
new file mode 100644
index 000000000..40c91ef0d
--- /dev/null
+++ b/ScoutSuite/providers/azure/resources/virtualmachines/disks.py
@@ -0,0 +1,48 @@
+from ScoutSuite.providers.azure.facade.base import AzureFacade
+from ScoutSuite.providers.azure.resources.base import AzureResources
+from ScoutSuite.providers.utils import get_non_provider_id
+
+
+class Disks(AzureResources):
+
+    def __init__(self, facade: AzureFacade, subscription_id: str):
+        super(Disks, self).__init__(facade)
+        self.subscription_id = subscription_id
+
+    async def fetch_all(self):
+        for raw_disk in await self.facade.virtualmachines.get_disks(self.subscription_id):
+            id, disk = self._parse_disk(raw_disk)
+            self[id] = disk
+
+    def _parse_disk(self, raw_disk):
+        disk_dict = {}
+        disk_dict['id'] = get_non_provider_id(raw_disk.id)
+        disk_dict['name'] = raw_disk.name
+        disk_dict['type'] = raw_disk.type
+        disk_dict['location'] = raw_disk.location
+        disk_dict['tags'] = raw_disk.tags
+        disk_dict['managed_by'] = raw_disk.managed_by
+        disk_dict['sku'] = raw_disk.sku
+        disk_dict['zones'] = raw_disk.zones
+        disk_dict['time_created'] = raw_disk.time_created
+        disk_dict['os_type'] = raw_disk.os_type
+        disk_dict['hyper_vgeneration'] = raw_disk.hyper_vgeneration
+        disk_dict['creation_data'] = raw_disk.creation_data
+        disk_dict['disk_size_gb'] = raw_disk.disk_size_gb
+        disk_dict['disk_size_bytes'] = raw_disk.disk_size_bytes
+        disk_dict['unique_id'] = raw_disk.unique_id
+        disk_dict['provisioning_state'] = raw_disk.provisioning_state
+        disk_dict['disk_iops_read_write'] = raw_disk.disk_iops_read_write
+        disk_dict['disk_mbps_read_write'] = raw_disk.disk_mbps_read_write
+        disk_dict['disk_state'] = raw_disk.disk_state
+        disk_dict['additional_properties'] = raw_disk.additional_properties
+
+        disk_dict['encryption'] = raw_disk.encryption
+        disk_dict['encryption_settings_collection'] = raw_disk.encryption_settings_collection
+        if raw_disk.encryption_settings_collection and raw_disk.encryption_settings_collection.enabled:
+            disk_dict['encryption_enabled'] = True
+        else:
+            disk_dict['encryption_enabled'] = False
+
+        return disk_dict['id'], disk_dict
+
diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/images.py b/ScoutSuite/providers/azure/resources/virtualmachines/images.py
new file mode 100644
index 000000000..3ef125777
--- /dev/null
+++ b/ScoutSuite/providers/azure/resources/virtualmachines/images.py
@@ -0,0 +1,19 @@
+from ScoutSuite.providers.azure.facade.base import AzureFacade
+from ScoutSuite.providers.azure.resources.base import AzureResources
+from ScoutSuite.providers.utils import get_non_provider_id
+
+
+class Images(AzureResources):
+
+    def __init__(self, facade: AzureFacade, subscription_id: str):
+        super(Images, self).__init__(facade)
+        self.subscription_id = subscription_id
+
+    async def fetch_all(self):
+        for raw_image in await self.facade.virtualmachines.get_images(self.subscription_id):
+            id, image = self._parse_image(raw_image)
+            self[id] = image
+
+    def _parse_image(self, raw_image):
+        # TODO
+        pass
diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py b/ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py
new file mode 100644
index 000000000..b7c9541b0
--- /dev/null
+++ b/ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py
@@ -0,0 +1,46 @@
+from ScoutSuite.providers.azure.facade.base import AzureFacade
+from ScoutSuite.providers.azure.resources.base import AzureResources
+from ScoutSuite.providers.utils import get_non_provider_id
+
+
+class Snapshots(AzureResources):
+
+    def __init__(self, facade: AzureFacade, subscription_id: str):
+        super(Snapshots, self).__init__(facade)
+        self.subscription_id = subscription_id
+
+    async def fetch_all(self):
+        for raw_snapshot in await self.facade.virtualmachines.get_snapshots(self.subscription_id):
+            id, snapshot = self._parse_snapshot(raw_snapshot)
+            self[id] = snapshot
+
+    def _parse_snapshot(self, raw_snapshot):
+        snapshot_dict = {}
+
+        snapshot_dict['id'] = get_non_provider_id(raw_snapshot.id)
+        snapshot_dict['name'] = raw_snapshot.name
+        snapshot_dict['type'] = raw_snapshot.type
+        snapshot_dict['location'] = raw_snapshot.location
+        snapshot_dict['tags'] = raw_snapshot.tags
+        snapshot_dict['managed_by'] = raw_snapshot.managed_by
+        snapshot_dict['sku'] = raw_snapshot.sku
+        snapshot_dict['time_created'] = raw_snapshot.time_created
+        snapshot_dict['os_type'] = raw_snapshot.os_type
+        snapshot_dict['hyper_vgeneration'] = raw_snapshot.hyper_vgeneration
+        snapshot_dict['creation_data'] = raw_snapshot.creation_data
+        snapshot_dict['disk_size_gb'] = raw_snapshot.disk_size_gb
+        snapshot_dict['disk_size_bytes'] = raw_snapshot.disk_size_bytes
+        snapshot_dict['unique_id'] = raw_snapshot.unique_id
+        snapshot_dict['provisioning_state'] = raw_snapshot.provisioning_state
+        snapshot_dict['incremental'] = raw_snapshot.incremental
+        snapshot_dict['additional_properties'] = raw_snapshot.additional_properties
+
+        snapshot_dict['encryption'] = raw_snapshot.encryption
+        snapshot_dict['encryption_settings_collection'] = raw_snapshot.encryption_settings_collection
+        if raw_snapshot.encryption_settings_collection and raw_snapshot.encryption_settings_collection.enabled:
+            snapshot_dict['encryption_enabled'] = True
+        else:
+            snapshot_dict['encryption_enabled'] = False
+
+        return snapshot_dict['id'], snapshot_dict
+

From 25ee505665ccf215704da79c7587ed45ed53c709 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Thu, 6 Feb 2020 18:54:39 +0100
Subject: [PATCH 029/145] Show resources

---
 ScoutSuite/providers/azure/metadata.json | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ScoutSuite/providers/azure/metadata.json b/ScoutSuite/providers/azure/metadata.json
index 68e0208a0..a2dc55553 100644
--- a/ScoutSuite/providers/azure/metadata.json
+++ b/ScoutSuite/providers/azure/metadata.json
@@ -15,6 +15,14 @@
         "instances": {
           "cols": 2,
           "path": "services.virtualmachines.subscriptions.id.instances"
+        },
+        "disks": {
+          "cols": 2,
+          "path": "services.virtualmachines.subscriptions.id.disks"
+        },
+        "snapshots": {
+          "cols": 2,
+          "path": "services.virtualmachines.subscriptions.id.snapshots"
         }
       }
     }

From 6f8d4333c5b5c48a59e0359b4f26d82c644f6925 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 7 Feb 2020 15:13:31 +0100
Subject: [PATCH 030/145] Improve error handling

---
 ScoutSuite/providers/oci/facade/identity.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/ScoutSuite/providers/oci/facade/identity.py b/ScoutSuite/providers/oci/facade/identity.py
index f050770dc..eaa2ce1bb 100644
--- a/ScoutSuite/providers/oci/facade/identity.py
+++ b/ScoutSuite/providers/oci/facade/identity.py
@@ -19,7 +19,7 @@ async def get_users(self):
             return response.data
         except Exception as e:
             print_exception('Failed to retrieve users: {}'.format(e))
-            return None
+            return []
 
     async def get_user_api_keys(self, user_id):
         try:
@@ -28,7 +28,7 @@ async def get_user_api_keys(self, user_id):
             return response.data
         except Exception as e:
             print_exception('Failed to retrieve user api keys: {}'.format(e))
-            return None
+            return []
 
     async def get_groups(self):
         try:
@@ -37,7 +37,7 @@ async def get_groups(self):
             return response.data
         except Exception as e:
             print_exception('Failed to retrieve groups: {}'.format(e))
-            return None
+            return []
 
     async def get_group_users(self, group_id):
         try:
@@ -48,7 +48,7 @@ async def get_group_users(self, group_id):
             return response.data
         except Exception as e:
             print_exception('Failed to retrieve group users: {}'.format(e))
-            return None
+            return []
 
     async def get_policies(self):
         try:
@@ -66,4 +66,4 @@ async def get_authentication_policy(self):
             return response.data
         except Exception as e:
             print_exception('Failed to retrieve authentication policy: {}'.format(e))
-            return None
+            return []

From f04cfff53e6bc30bc264c2dbe97c88a8d743c57b Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 7 Feb 2020 15:41:19 +0100
Subject: [PATCH 031/145] Improve error handling and add support for
 compartment scans

---
 .../providers/oci/authentication_strategy.py  | 15 ++++---
 ScoutSuite/providers/oci/facade/identity.py   | 10 ++---
 ScoutSuite/providers/oci/facade/kms.py        |  5 +--
 .../providers/oci/facade/objectstorage.py     | 44 +++++++++++++------
 ScoutSuite/providers/oci/provider.py          |  2 +-
 .../oci/resources/objectstorage/buckets.py    | 32 +++++++-------
 6 files changed, 64 insertions(+), 44 deletions(-)

diff --git a/ScoutSuite/providers/oci/authentication_strategy.py b/ScoutSuite/providers/oci/authentication_strategy.py
index d7748779f..06f2f90ac 100644
--- a/ScoutSuite/providers/oci/authentication_strategy.py
+++ b/ScoutSuite/providers/oci/authentication_strategy.py
@@ -8,9 +8,14 @@
 
 class OracleCredentials:
 
-    def __init__(self, config, compartment_id):
+    def __init__(self, config):
         self.config = config
-        self.compartment_id = compartment_id
+
+    def get_scope(self):
+        if 'compartment-id' in self.config:
+            return self.config['compartment-id']
+        else:
+            return self.config['tenancy']
 
 
 class OracleAuthenticationStrategy(AuthenticationStrategy):
@@ -26,16 +31,12 @@ def authenticate(self, profile=None, **kwargs):
             logging.getLogger('oci').setLevel(logging.ERROR)
 
             config = from_file(profile_name=profile)
-            if 'compartment-id' in config:
-                compartment_id = config['compartment-id']
-            else:
-                compartment_id = config['tenancy']
 
             # Get the current user
             identity = IdentityClient(config)
             identity.get_user(config["user"]).data
 
-            return OracleCredentials(config, compartment_id)
+            return OracleCredentials(config)
 
         except Exception as e:
             raise AuthenticationException(e)
diff --git a/ScoutSuite/providers/oci/facade/identity.py b/ScoutSuite/providers/oci/facade/identity.py
index eaa2ce1bb..19f651e20 100644
--- a/ScoutSuite/providers/oci/facade/identity.py
+++ b/ScoutSuite/providers/oci/facade/identity.py
@@ -15,7 +15,7 @@ def __init__(self, credentials: OracleCredentials):
     async def get_users(self):
         try:
             response = await run_concurrently(
-                lambda: list_call_get_all_results(self._client.list_users, self._credentials.compartment_id))
+                lambda: list_call_get_all_results(self._client.list_users, self._credentials.get_scope()))
             return response.data
         except Exception as e:
             print_exception('Failed to retrieve users: {}'.format(e))
@@ -33,7 +33,7 @@ async def get_user_api_keys(self, user_id):
     async def get_groups(self):
         try:
             response = await run_concurrently(
-                lambda: list_call_get_all_results(self._client.list_groups, self._credentials.compartment_id))
+                lambda: list_call_get_all_results(self._client.list_groups, self._credentials.get_scope()))
             return response.data
         except Exception as e:
             print_exception('Failed to retrieve groups: {}'.format(e))
@@ -43,7 +43,7 @@ async def get_group_users(self, group_id):
         try:
             response = await run_concurrently(
                 lambda: list_call_get_all_results(self._client.list_user_group_memberships,
-                                                  self._credentials.compartment_id,
+                                                  self._credentials.get_scope(),
                                                   group_id=group_id))
             return response.data
         except Exception as e:
@@ -53,7 +53,7 @@ async def get_group_users(self, group_id):
     async def get_policies(self):
         try:
             response = await run_concurrently(
-                lambda: list_call_get_all_results(self._client.list_policies, self._credentials.compartment_id))
+                lambda: list_call_get_all_results(self._client.list_policies, self._credentials.get_scope()))
             return response.data
         except Exception as e:
             print_exception('Failed to retrieve policies: {}'.format(e))
@@ -62,7 +62,7 @@ async def get_policies(self):
     async def get_authentication_policy(self):
         try:
             response = await run_concurrently(
-                lambda: self._client.get_authentication_policy(self._credentials.compartment_id))
+                lambda: self._client.get_authentication_policy(self._credentials.config['tenancy']))
             return response.data
         except Exception as e:
             print_exception('Failed to retrieve authentication policy: {}'.format(e))
diff --git a/ScoutSuite/providers/oci/facade/kms.py b/ScoutSuite/providers/oci/facade/kms.py
index 358dd2edf..937573b9f 100644
--- a/ScoutSuite/providers/oci/facade/kms.py
+++ b/ScoutSuite/providers/oci/facade/kms.py
@@ -9,13 +9,12 @@
 class KMSFacade:
     def __init__(self, credentials: OracleCredentials):
         self._credentials = credentials
-        # FIXME does this require regional support?
         self._vault_client = KmsVaultClient(self._credentials.config)
 
     async def get_vaults(self):
         try:
             response = await run_concurrently(
-                lambda: list_call_get_all_results(self._vault_client.list_vaults, self._credentials.compartment_id))
+                lambda: list_call_get_all_results(self._vault_client.list_vaults, self._credentials.get_scope()))
             return response.data
         except Exception as e:
             print_exception('Failed to get KMS vaults: {}'.format(e))
@@ -25,7 +24,7 @@ async def get_keys(self, keyvault):
         try:
             key_client = KmsManagementClient(self._credentials.config, keyvault['management_endpoint'])
             response = await run_concurrently(
-                lambda: list_call_get_all_results(key_client.list_keys, self._credentials.compartment_id))
+                lambda: list_call_get_all_results(key_client.list_keys, self._credentials.get_scope()))
             return response.data
         except Exception as e:
             print_exception('Failed to get KMS vaults: {}'.format(e))
diff --git a/ScoutSuite/providers/oci/facade/objectstorage.py b/ScoutSuite/providers/oci/facade/objectstorage.py
index 1dd637817..7ae836080 100644
--- a/ScoutSuite/providers/oci/facade/objectstorage.py
+++ b/ScoutSuite/providers/oci/facade/objectstorage.py
@@ -3,6 +3,7 @@
 from oci.pagination import list_call_get_all_results
 
 from ScoutSuite.providers.utils import run_concurrently
+from ScoutSuite.core.console import print_exception
 
 
 class ObjectStorageFacade:
@@ -11,22 +12,39 @@ def __init__(self, credentials: OracleCredentials):
         self._client = ObjectStorageClient(self._credentials.config)
 
     async def get_namespace(self):
-        response = await run_concurrently(
-            lambda: list_call_get_all_results(self._client.get_namespace))
-        # for some reason it returns a list of chars instead of a string
-        return ''.join(response.data)
+        try:
+            response = await run_concurrently(
+                lambda: list_call_get_all_results(self._client.get_namespace))
+            # for some reason it returns a list of chars instead of a string
+            return ''.join(response.data)
+        except Exception as e:
+            print_exception('Failed to get Object Storage namespace: {}'.format(e))
+            return None
 
     async def get_bucket_details(self, namespace, bucket_name):
-        response = await run_concurrently(
-            lambda: self._client.get_bucket(namespace, bucket_name))
-        return response.data
+        try:
+            response = await run_concurrently(
+                lambda: self._client.get_bucket(namespace, bucket_name)
+            )
+            return response.data
+        except Exception as e:
+            print_exception('Failed to get Object Storage bucket details: {}'.format(e))
+            return None
 
     async def get_buckets(self, namespace):
-        response = await run_concurrently(
-            lambda: list_call_get_all_results(self._client.list_buckets, namespace, self._credentials.compartment_id))
-        return response.data
+        try:
+            response = await run_concurrently(
+                lambda: list_call_get_all_results(self._client.list_buckets, namespace, self._credentials.get_scope()))
+            return response.data
+        except Exception as e:
+            print_exception('Failed to get Object Storage buckets: {}'.format(e))
+            return []
 
     async def get_bucket_objects(self, namespace, bucket_name):
-        response = await run_concurrently(
-            lambda: list_call_get_all_results(self._client.list_objects, namespace, bucket_name))
-        return response.data
+        try:
+            response = await run_concurrently(
+                lambda: list_call_get_all_results(self._client.list_objects, namespace, bucket_name))
+            return response.data
+        except Exception as e:
+            print_exception('Failed to get Object Storage bucket objects: {}'.format(e))
+            return []
diff --git a/ScoutSuite/providers/oci/provider.py b/ScoutSuite/providers/oci/provider.py
index 862096558..f92995fe0 100644
--- a/ScoutSuite/providers/oci/provider.py
+++ b/ScoutSuite/providers/oci/provider.py
@@ -24,7 +24,7 @@ def __init__(self,
         self.services_config = OracleServicesConfig
 
         self.credentials = kwargs['credentials']
-        self.account_id = self.credentials.compartment_id
+        self.account_id = self.credentials.get_scope()
 
         super(OracleProvider, self).__init__(report_dir, timestamp, services, skipped_services)
 
diff --git a/ScoutSuite/providers/oci/resources/objectstorage/buckets.py b/ScoutSuite/providers/oci/resources/objectstorage/buckets.py
index eb9e24c29..50f35502a 100644
--- a/ScoutSuite/providers/oci/resources/objectstorage/buckets.py
+++ b/ScoutSuite/providers/oci/resources/objectstorage/buckets.py
@@ -17,24 +17,26 @@ async def fetch_all(self):
     async def _parse_bucket(self, raw_bucket):
         bucket_dict = {}
 
+        bucket_dict['id'] = bucket_dict['name'] = raw_bucket.name
+        bucket_dict['compartment_id'] = raw_bucket.compartment_id
+        bucket_dict['namespace'] = raw_bucket.namespace
+        bucket_dict['created_by'] = raw_bucket.created_by
+        bucket_dict['etag'] = raw_bucket.etag
+        bucket_dict['freeform_tags'] = list(raw_bucket.freeform_tags) if raw_bucket.freeform_tags else []
+        bucket_dict['defined_tags'] = list(raw_bucket.defined_tags) if raw_bucket.defined_tags else []
+
         raw_bucket_details = await self.facade.objectstorage.get_bucket_details(raw_bucket.namespace,
                                                                                 raw_bucket.name)
 
-        bucket_dict['id'] = bucket_dict['name'] = raw_bucket_details.name
-        bucket_dict['kms_key_id'] = raw_bucket_details.kms_key_id
-        bucket_dict['compartment_id'] = raw_bucket_details.compartment_id
-        bucket_dict['approximate_count'] = raw_bucket_details.approximate_count
-        bucket_dict['namespace'] = raw_bucket_details.namespace
-        bucket_dict['created_by'] = raw_bucket_details.created_by
-        bucket_dict['etag'] = raw_bucket_details.etag
-        bucket_dict['time_created'] = raw_bucket_details.time_created
-        bucket_dict['public_access_type'] = raw_bucket_details.public_access_type
-        bucket_dict['approximate_size'] = raw_bucket_details.approximate_size
-        bucket_dict['storage_tier'] = raw_bucket_details.storage_tier
-        bucket_dict['metadata'] = list(raw_bucket_details.metadata)
-        bucket_dict['freeform_tags'] = list(raw_bucket_details.freeform_tags)
-        bucket_dict['defined_tags'] = list(raw_bucket_details.defined_tags)
-        bucket_dict['object_lifecycle_policy_etag'] = raw_bucket_details.object_lifecycle_policy_etag
+        bucket_dict['kms_key_id'] = raw_bucket_details.kms_key_id if raw_bucket_details else None
+        bucket_dict['approximate_count'] = raw_bucket_details.approximate_count if raw_bucket_details else None
+        bucket_dict['time_created'] = raw_bucket_details.time_created if raw_bucket_details else None
+        bucket_dict['public_access_type'] = raw_bucket_details.public_access_type if raw_bucket_details else None
+        bucket_dict['approximate_size'] = raw_bucket_details.approximate_size if raw_bucket_details else None
+        bucket_dict['storage_tier'] = raw_bucket_details.storage_tier if raw_bucket_details else None
+        bucket_dict['metadata'] = list(raw_bucket_details.metadata) if raw_bucket_details else None
+        bucket_dict['object_lifecycle_policy_etag'] = raw_bucket_details.object_lifecycle_policy_etag if \
+            raw_bucket_details else None
 
         # objects = await self.facade.objectstorage.get_bucket_objects(bucket_dict['namespace'],
         #                                                              bucket_dict['name'])

From 008d456df1b19fe2cc97b35fd4f2ce8d0c14fba0 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 7 Feb 2020 15:48:29 +0100
Subject: [PATCH 032/145] Set python version

---
 scout.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scout.py b/scout.py
index 6d2ae751a..4758e6d06 100755
--- a/scout.py
+++ b/scout.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
 
 import sys
 

From af098715324b8652cb5266866f8fa399242795bb Mon Sep 17 00:00:00 2001
From: Nick Klauer <nklauer@zendesk.com>
Date: Fri, 7 Feb 2020 10:43:02 -0600
Subject: [PATCH 033/145] feat: introduce kms resource

---
 ScoutSuite/providers/aws/facade/kms.py        | 34 +++++++++++++++++++
 .../providers/aws/resources/kms/__init__.py   |  0
 .../providers/aws/resources/kms/aliases.py    | 21 ++++++++++++
 .../providers/aws/resources/kms/base.py       | 14 ++++++++
 ScoutSuite/providers/aws/services.py          |  2 ++
 5 files changed, 71 insertions(+)
 create mode 100644 ScoutSuite/providers/aws/facade/kms.py
 create mode 100644 ScoutSuite/providers/aws/resources/kms/__init__.py
 create mode 100644 ScoutSuite/providers/aws/resources/kms/aliases.py
 create mode 100644 ScoutSuite/providers/aws/resources/kms/base.py

diff --git a/ScoutSuite/providers/aws/facade/kms.py b/ScoutSuite/providers/aws/facade/kms.py
new file mode 100644
index 000000000..2a19ca185
--- /dev/null
+++ b/ScoutSuite/providers/aws/facade/kms.py
@@ -0,0 +1,34 @@
+from ScoutSuite.core.console import print_exception
+from ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade
+from ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils
+
+
+class KMSFacade(AWSBaseFacade):
+
+    async def get_aliases(self):
+        try:
+            return await AWSFacadeUtils.get_all_pages('kms', None, self.session, 'list_aliases', 'Aliases')
+        except Exception as e:
+            print_exception('Failed to list KMS Aliases: {}'.format(e))
+            return []
+
+    async def get_grants(self):
+        try:
+            return await AWSFacadeUtils.get_all_pages('kms', None, self.session, 'list_grants', 'Grants')
+        except Exception as e:
+            print_exception('Failed to list KMS Grants: {}'.format(e))
+            return []
+
+    async def get_key_policies(self):
+        try:
+            return await AWSFacadeUtils.get_all_pages('kms', None, self.session, 'list_key_policies', 'PolicyNames')
+        except Exception as e:
+            print_exception('Failed to list KMS Key Policies: {}'.format(e))
+            return []
+
+    async def get_keys(self):
+        try:
+            return await AWSFacadeUtils.get_all_pages('kms', None, self.session, 'list_keys', 'Keys')
+        except Exception as e:
+            print_exception('Failed to list KMS Keys: {}'.format(e))
+            return []
diff --git a/ScoutSuite/providers/aws/resources/kms/__init__.py b/ScoutSuite/providers/aws/resources/kms/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/ScoutSuite/providers/aws/resources/kms/aliases.py b/ScoutSuite/providers/aws/resources/kms/aliases.py
new file mode 100644
index 000000000..c33603004
--- /dev/null
+++ b/ScoutSuite/providers/aws/resources/kms/aliases.py
@@ -0,0 +1,21 @@
+from ScoutSuite.providers.aws.facade.base import AWSFacade
+from ScoutSuite.providers.aws.resources.base import AWSResources
+
+
+class Aliases(AWSResources):
+    def __init__(self, facade: AWSFacade, region: str):
+        super(Aliases, self).__init__(facade)
+        self.region = region
+
+    async def fetch_all(self):
+        raw_aliases = await self.facade.kms.get_aliases()
+        for raw_alias in raw_aliases:
+            id, alias = self._parse_alias(raw_alias)
+            self[id] = alias
+
+    def _parse_alias(self, raw_alias):
+        alias_dict = {
+            'name': raw_alias.get('AliasName'),
+            'arn': raw_alias.get('AliasArn'),
+            'key_id': raw_alias.get('TargetKeyId')}
+        return alias_dict['name'], alias_dict
diff --git a/ScoutSuite/providers/aws/resources/kms/base.py b/ScoutSuite/providers/aws/resources/kms/base.py
new file mode 100644
index 000000000..895a0a1d5
--- /dev/null
+++ b/ScoutSuite/providers/aws/resources/kms/base.py
@@ -0,0 +1,14 @@
+from ScoutSuite.providers.aws.facade.base import AWSFacade
+from ScoutSuite.providers.aws.resources.base import AWSCompositeResources
+
+class KMS(AWSCompositeResources):
+    _children = [
+        (Aliases, 'aliases')
+    ]
+
+    def __init__(self, facade: AWSFacade):
+        super(KMS, self).__init__(facade)
+        self.service = 'kms'
+
+    async def fetch_all(self, partition_name='aws', **kwargs):
+        await self._fetch_children(self)
diff --git a/ScoutSuite/providers/aws/services.py b/ScoutSuite/providers/aws/services.py
index b65ee9993..8ce5a9318 100644
--- a/ScoutSuite/providers/aws/services.py
+++ b/ScoutSuite/providers/aws/services.py
@@ -12,6 +12,7 @@
 from ScoutSuite.providers.aws.resources.elbv2.base import ELBv2
 from ScoutSuite.providers.aws.resources.emr.base import EMR
 from ScoutSuite.providers.aws.resources.iam.base import IAM
+from ScoutSuite.providers.aws.resources.kms.base import KMS
 from ScoutSuite.providers.aws.resources.rds.base import RDS
 from ScoutSuite.providers.aws.resources.redshift.base import Redshift
 from ScoutSuite.providers.aws.resources.route53.base import Route53
@@ -71,6 +72,7 @@ def __init__(self, credentials=None, **kwargs):
         self.elbv2 = ELBv2(facade)
         self.emr = EMR(facade)
         self.iam = IAM(facade)
+        self.kms = KMS(facade)
         self.rds = RDS(facade)
         self.redshift = Redshift(facade)
         self.route53 = Route53(facade)

From a9fcda77b22c80435767ceec7d6ba18eb863f140 Mon Sep 17 00:00:00 2001
From: Nick Klauer <nklauer@zendesk.com>
Date: Fri, 7 Feb 2020 11:16:33 -0600
Subject: [PATCH 034/145] fix: get KMS aliases to parse out

---
 ScoutSuite/providers/aws/facade/base.py         |  2 ++
 ScoutSuite/providers/aws/facade/kms.py          | 17 ++++++++---------
 .../providers/aws/resources/kms/aliases.py      |  5 +++--
 ScoutSuite/providers/aws/resources/kms/base.py  | 12 ++++++------
 .../providers/aws/resources/route53/domains.py  |  3 +--
 5 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/ScoutSuite/providers/aws/facade/base.py b/ScoutSuite/providers/aws/facade/base.py
index 66f96695d..b2bc1cf98 100644
--- a/ScoutSuite/providers/aws/facade/base.py
+++ b/ScoutSuite/providers/aws/facade/base.py
@@ -14,6 +14,7 @@
 from ScoutSuite.providers.aws.facade.elbv2 import ELBv2Facade
 from ScoutSuite.providers.aws.facade.emr import EMRFacade
 from ScoutSuite.providers.aws.facade.iam import IAMFacade
+from ScoutSuite.providers.aws.facade.kms import KMSFacade
 from ScoutSuite.providers.aws.facade.rds import RDSFacade
 from ScoutSuite.providers.aws.facade.redshift import RedshiftFacade
 from ScoutSuite.providers.aws.facade.route53 import Route53Facade
@@ -88,6 +89,7 @@ def _instantiate_facades(self):
         self.elb = ELBFacade(self.session)
         self.elbv2 = ELBv2Facade(self.session)
         self.iam = IAMFacade(self.session)
+        self.kms = KMSFacade(self.session)
         self.rds = RDSFacade(self.session)
         self.redshift = RedshiftFacade(self.session)
         self.s3 = S3Facade(self.session)
diff --git a/ScoutSuite/providers/aws/facade/kms.py b/ScoutSuite/providers/aws/facade/kms.py
index 2a19ca185..355252bcc 100644
--- a/ScoutSuite/providers/aws/facade/kms.py
+++ b/ScoutSuite/providers/aws/facade/kms.py
@@ -4,31 +4,30 @@
 
 
 class KMSFacade(AWSBaseFacade):
-
-    async def get_aliases(self):
+    async def get_aliases(self, region):
         try:
-            return await AWSFacadeUtils.get_all_pages('kms', None, self.session, 'list_aliases', 'Aliases')
+            return await AWSFacadeUtils.get_all_pages('kms', region, self.session, 'list_aliases', 'Aliases')
         except Exception as e:
             print_exception('Failed to list KMS Aliases: {}'.format(e))
             return []
 
-    async def get_grants(self):
+    async def get_grants(self, region):
         try:
-            return await AWSFacadeUtils.get_all_pages('kms', None, self.session, 'list_grants', 'Grants')
+            return await AWSFacadeUtils.get_all_pages('kms', region, self.session, 'list_grants', 'Grants')
         except Exception as e:
             print_exception('Failed to list KMS Grants: {}'.format(e))
             return []
 
-    async def get_key_policies(self):
+    async def get_key_policies(self, region):
         try:
-            return await AWSFacadeUtils.get_all_pages('kms', None, self.session, 'list_key_policies', 'PolicyNames')
+            return await AWSFacadeUtils.get_all_pages('kms', region, self.session, 'list_key_policies', 'PolicyNames')
         except Exception as e:
             print_exception('Failed to list KMS Key Policies: {}'.format(e))
             return []
 
-    async def get_keys(self):
+    async def get_keys(self, region):
         try:
-            return await AWSFacadeUtils.get_all_pages('kms', None, self.session, 'list_keys', 'Keys')
+            return await AWSFacadeUtils.get_all_pages('kms', region, self.session, 'list_keys', 'Keys')
         except Exception as e:
             print_exception('Failed to list KMS Keys: {}'.format(e))
             return []
diff --git a/ScoutSuite/providers/aws/resources/kms/aliases.py b/ScoutSuite/providers/aws/resources/kms/aliases.py
index c33603004..29c473ca3 100644
--- a/ScoutSuite/providers/aws/resources/kms/aliases.py
+++ b/ScoutSuite/providers/aws/resources/kms/aliases.py
@@ -8,14 +8,15 @@ def __init__(self, facade: AWSFacade, region: str):
         self.region = region
 
     async def fetch_all(self):
-        raw_aliases = await self.facade.kms.get_aliases()
+        raw_aliases = await self.facade.kms.get_aliases(self.region)
         for raw_alias in raw_aliases:
             id, alias = self._parse_alias(raw_alias)
             self[id] = alias
 
     def _parse_alias(self, raw_alias):
         alias_dict = {
-            'name': raw_alias.get('AliasName'),
+            # all KMS Aliases are prefixed with alias/, so we'll strip that off
+            'name': raw_alias.get('AliasName').lstrip('alias/'),
             'arn': raw_alias.get('AliasArn'),
             'key_id': raw_alias.get('TargetKeyId')}
         return alias_dict['name'], alias_dict
diff --git a/ScoutSuite/providers/aws/resources/kms/base.py b/ScoutSuite/providers/aws/resources/kms/base.py
index 895a0a1d5..27560e469 100644
--- a/ScoutSuite/providers/aws/resources/kms/base.py
+++ b/ScoutSuite/providers/aws/resources/kms/base.py
@@ -1,14 +1,14 @@
 from ScoutSuite.providers.aws.facade.base import AWSFacade
-from ScoutSuite.providers.aws.resources.base import AWSCompositeResources
+from ScoutSuite.providers.aws.resources.regions import Regions
+from ScoutSuite.providers.aws.resources.kms.aliases import Aliases
 
-class KMS(AWSCompositeResources):
+from .aliases import Aliases
+
+class KMS(Regions):
     _children = [
         (Aliases, 'aliases')
     ]
 
     def __init__(self, facade: AWSFacade):
-        super(KMS, self).__init__(facade)
-        self.service = 'kms'
+        super(KMS, self).__init__('kms', facade)
 
-    async def fetch_all(self, partition_name='aws', **kwargs):
-        await self._fetch_children(self)
diff --git a/ScoutSuite/providers/aws/resources/route53/domains.py b/ScoutSuite/providers/aws/resources/route53/domains.py
index 4e907c0c8..ee86434f5 100644
--- a/ScoutSuite/providers/aws/resources/route53/domains.py
+++ b/ScoutSuite/providers/aws/resources/route53/domains.py
@@ -1,5 +1,5 @@
-from ScoutSuite.providers.aws.resources.base import AWSResources
 from ScoutSuite.providers.aws.facade.base import AWSFacade
+from ScoutSuite.providers.aws.resources.base import AWSResources
 from ScoutSuite.providers.utils import get_non_provider_id
 
 
@@ -22,4 +22,3 @@ def _parse_domain(self, raw_domain):
         domain_dict['transfer_lock'] = raw_domain.get('TransferLock')
         domain_dict['expiry'] = raw_domain.get('Expiry')
         return domain_dict['id'], domain_dict
-

From 5740edff215d4b723e18bd9c7109abc68873fe19 Mon Sep 17 00:00:00 2001
From: Nick Klauer <nklauer@zendesk.com>
Date: Fri, 7 Feb 2020 11:33:01 -0600
Subject: [PATCH 035/145] feat: first stab at getting KMS Grants

---
 .../providers/aws/resources/kms/base.py       |  5 ++--
 .../providers/aws/resources/kms/grants.py     | 27 +++++++++++++++++++
 2 files changed, 30 insertions(+), 2 deletions(-)
 create mode 100644 ScoutSuite/providers/aws/resources/kms/grants.py

diff --git a/ScoutSuite/providers/aws/resources/kms/base.py b/ScoutSuite/providers/aws/resources/kms/base.py
index 27560e469..b43f3465d 100644
--- a/ScoutSuite/providers/aws/resources/kms/base.py
+++ b/ScoutSuite/providers/aws/resources/kms/base.py
@@ -1,12 +1,13 @@
 from ScoutSuite.providers.aws.facade.base import AWSFacade
 from ScoutSuite.providers.aws.resources.regions import Regions
-from ScoutSuite.providers.aws.resources.kms.aliases import Aliases
 
 from .aliases import Aliases
+from .grants import Grants
 
 class KMS(Regions):
     _children = [
-        (Aliases, 'aliases')
+        (Aliases, 'aliases'),
+        (Grants, 'grants')
     ]
 
     def __init__(self, facade: AWSFacade):
diff --git a/ScoutSuite/providers/aws/resources/kms/grants.py b/ScoutSuite/providers/aws/resources/kms/grants.py
new file mode 100644
index 000000000..185c978f3
--- /dev/null
+++ b/ScoutSuite/providers/aws/resources/kms/grants.py
@@ -0,0 +1,27 @@
+from ScoutSuite.providers.aws.facade.base import AWSFacade
+from ScoutSuite.providers.aws.resources.base import AWSResources
+
+class Grants(AWSResources):
+    def __init__(self, facade: AWSFacade, region: str):
+        super(Grants, self).__init__(facade)
+        self.region = region
+
+    async def fetch_all(self):
+        raw_grants = await self.facade.kms.get_grants(self.region)
+        for raw_grant in raw_grants:
+            id, grant = self._parse_grant(raw_grant)
+            self[id] = grant
+
+    def _parse_grant(self, raw_grant):
+        grant_dict = {
+            'key_id': raw_grant.get('KeyId'),
+            'grant_id': raw_grant.get('GrantId'),
+            'name': raw_grant.get('Name'),
+            'create_date': raw_grant.get('CreationDate'),
+            'grantee_principal': raw_grant.get('GranteePrincipal'),
+            'retiring_principal': raw_grant.get('ReitirngPrincipal'),
+            'issuing_account': raw_grant.get('IssuingAccount'),
+            'operations': raw_grant.get('Operations'),
+            'constraints': raw_grant.get('Constraints')
+        }
+        return grant_dict['grant_id'], grant_dict

From 5aa7b2adf6d3632dc318c6a1e4f2be3a2b42735f Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 7 Feb 2020 20:47:41 +0100
Subject: [PATCH 036/145] Add VM finding

---
 .../virtual-machines-disk-encryption.json     | 22 +++++++++++++++++++
 .../azure/rules/rulesets/cis-1.0.0.json       |  6 +++++
 .../azure/rules/rulesets/default.json         |  6 +++++
 3 files changed, 34 insertions(+)
 create mode 100644 ScoutSuite/providers/azure/rules/findings/virtual-machines-disk-encryption.json

diff --git a/ScoutSuite/providers/azure/rules/findings/virtual-machines-disk-encryption.json b/ScoutSuite/providers/azure/rules/findings/virtual-machines-disk-encryption.json
new file mode 100644
index 000000000..63b91d8e6
--- /dev/null
+++ b/ScoutSuite/providers/azure/rules/findings/virtual-machines-disk-encryption.json
@@ -0,0 +1,22 @@
+{
+    "description": "Disks Lacking Encryption",
+    "rationale": "Encrypting disks ensures that their entire content is fully unrecoverable without a key and thus protects the volume from unwarranted reads.",
+    "remediation": "Ensure that disks are encrypted, where possible.",
+    "compliance": [
+        {"name": "CIS Microsoft Azure Foundations", "version": "1.0.0", "reference": "7.2"},
+        {"name": "CIS Microsoft Azure Foundations", "version": "1.0.0", "reference": "7.3"},
+        {"name": "CIS Microsoft Azure Foundations", "version": "1.1.0", "reference": "7.1"},
+        {"name": "CIS Microsoft Azure Foundations", "version": "1.1.0", "reference": "7.2"},
+        {"name": "CIS Microsoft Azure Foundations", "version": "1.1.0", "reference": "7.3"}
+    ],
+    "references": [
+        "https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-overview",
+        "https://docs.microsoft.com/en-us/azure/security-center/security-center-apply-disk-encryption"
+    ],
+    "dashboard_name": "Disks",
+    "path": "virtualmachines.subscriptions.id.disks.id",
+    "conditions": [ "and",
+        ["virtualmachines.subscriptions.id.disks.id.encryption_enabled", "false", ""]
+    ],
+    "id_suffix": "encryption_enabled"
+}
diff --git a/ScoutSuite/providers/azure/rules/rulesets/cis-1.0.0.json b/ScoutSuite/providers/azure/rules/rulesets/cis-1.0.0.json
index 5ff66293f..1bf79ea7d 100644
--- a/ScoutSuite/providers/azure/rules/rulesets/cis-1.0.0.json
+++ b/ScoutSuite/providers/azure/rules/rulesets/cis-1.0.0.json
@@ -200,6 +200,12 @@
                 "enabled": true,
                 "level": "danger"
             }
+        ],
+        "virtual-machines-disk-encryption.json": [
+            {
+                "enabled": true,
+                "level": "warning"
+            }
         ]
     }
 }
diff --git a/ScoutSuite/providers/azure/rules/rulesets/default.json b/ScoutSuite/providers/azure/rules/rulesets/default.json
index b8b5c2e11..6ba8853f1 100644
--- a/ScoutSuite/providers/azure/rules/rulesets/default.json
+++ b/ScoutSuite/providers/azure/rules/rulesets/default.json
@@ -218,6 +218,12 @@
                 "enabled": true,
                 "level": "warning"
             }
+        ],
+        "virtual-machines-disk-encryption.json": [
+            {
+                "enabled": true,
+                "level": "warning"
+            }
         ]
     }
 }

From 22f03159e3940f628eec92b7f9a9302e4a6ca16f Mon Sep 17 00:00:00 2001
From: Nick Klauer <nklauer@zendesk.com>
Date: Fri, 7 Feb 2020 14:19:07 -0600
Subject: [PATCH 037/145] feat: add KeyPolicies and Keys to KMS resource

---
 .../providers/aws/resources/kms/base.py       |  8 +++++--
 .../providers/aws/resources/kms/grants.py     |  1 +
 .../aws/resources/kms/key_policies.py         | 23 +++++++++++++++++++
 .../providers/aws/resources/kms/keys.py       | 21 +++++++++++++++++
 4 files changed, 51 insertions(+), 2 deletions(-)
 create mode 100644 ScoutSuite/providers/aws/resources/kms/key_policies.py
 create mode 100644 ScoutSuite/providers/aws/resources/kms/keys.py

diff --git a/ScoutSuite/providers/aws/resources/kms/base.py b/ScoutSuite/providers/aws/resources/kms/base.py
index b43f3465d..f24887568 100644
--- a/ScoutSuite/providers/aws/resources/kms/base.py
+++ b/ScoutSuite/providers/aws/resources/kms/base.py
@@ -3,13 +3,17 @@
 
 from .aliases import Aliases
 from .grants import Grants
+from .keys import Keys
+from .key_policies import KeyPolicies
+
 
 class KMS(Regions):
     _children = [
         (Aliases, 'aliases'),
-        (Grants, 'grants')
+        (Keys, 'keys'),
+        (Grants, 'grants'),
+        (KeyPolicies, 'key_policies')
     ]
 
     def __init__(self, facade: AWSFacade):
         super(KMS, self).__init__('kms', facade)
-
diff --git a/ScoutSuite/providers/aws/resources/kms/grants.py b/ScoutSuite/providers/aws/resources/kms/grants.py
index 185c978f3..4d3beca0c 100644
--- a/ScoutSuite/providers/aws/resources/kms/grants.py
+++ b/ScoutSuite/providers/aws/resources/kms/grants.py
@@ -1,6 +1,7 @@
 from ScoutSuite.providers.aws.facade.base import AWSFacade
 from ScoutSuite.providers.aws.resources.base import AWSResources
 
+
 class Grants(AWSResources):
     def __init__(self, facade: AWSFacade, region: str):
         super(Grants, self).__init__(facade)
diff --git a/ScoutSuite/providers/aws/resources/kms/key_policies.py b/ScoutSuite/providers/aws/resources/kms/key_policies.py
new file mode 100644
index 000000000..c44fbe844
--- /dev/null
+++ b/ScoutSuite/providers/aws/resources/kms/key_policies.py
@@ -0,0 +1,23 @@
+from ScoutSuite.providers.aws.facade.base import AWSFacade
+from ScoutSuite.providers.aws.resources.base import AWSResources
+from ScoutSuite.providers.utils import get_non_provider_id
+
+
+class KeyPolicies(AWSResources):
+    def __init__(self, facade: AWSFacade, region: str):
+        super(KeyPolicies, self).__init__(facade)
+        self.region = region
+
+    async def fetch_all(self):
+        raw_key_policies = await self.facade.kms.get_key_policies(self.region)
+        for raw_key_policy in raw_key_policies:
+            key_id, policy = self._parse_key_policy(raw_key_policy)
+            self[key_id] = policy
+
+    def _parse_key_policy(self, raw_key_policy):
+        key_policy_dict = {
+            'id': get_non_provider_id(raw_key_policy.get('PolicyNames')),
+            'policy_names': raw_key_policy.get('PolicyNames')
+
+        }
+        return key_policy_dict['id'], key_policy_dict
diff --git a/ScoutSuite/providers/aws/resources/kms/keys.py b/ScoutSuite/providers/aws/resources/kms/keys.py
new file mode 100644
index 000000000..158c578f3
--- /dev/null
+++ b/ScoutSuite/providers/aws/resources/kms/keys.py
@@ -0,0 +1,21 @@
+from ScoutSuite.providers.aws.facade.base import AWSFacade
+from ScoutSuite.providers.aws.resources.base import AWSResources
+
+
+class Keys(AWSResources):
+    def __init__(self, facade: AWSFacade, region: str):
+        super(Keys, self).__init__(facade)
+        self.region = region
+
+    async def fetch_all(self):
+        raw_keys = await self.facade.kms.get_keys(self.region)
+        for raw_key in raw_keys:
+            id, key = self._parse_key(raw_key)
+            self[id] = key
+
+    def _parse_key(self, raw_key):
+        key_dict = {
+            'key_id': raw_key.get('KeyId'),
+            'arn': raw_key.get('KeyArn')
+        }
+        return key_dict['key_id'], key_dict

From 526e89dfbf2c111ed3588c2a968a92fb37f70dc8 Mon Sep 17 00:00:00 2001
From: Nick Klauer <nklauer@zendesk.com>
Date: Fri, 7 Feb 2020 14:55:39 -0600
Subject: [PATCH 038/145] feat: fix child/parent relationship for KMS items

Grants and KeyPolicies are children of Keys, so we just pull them down
---
 ScoutSuite/providers/aws/facade/kms.py        | 14 +++++++------
 .../providers/aws/resources/kms/base.py       |  7 +++----
 .../providers/aws/resources/kms/grants.py     |  5 +++--
 .../aws/resources/kms/key_policies.py         |  5 +++--
 .../providers/aws/resources/kms/keys.py       | 21 +++++++++++++++----
 5 files changed, 34 insertions(+), 18 deletions(-)

diff --git a/ScoutSuite/providers/aws/facade/kms.py b/ScoutSuite/providers/aws/facade/kms.py
index 355252bcc..98679acb5 100644
--- a/ScoutSuite/providers/aws/facade/kms.py
+++ b/ScoutSuite/providers/aws/facade/kms.py
@@ -4,28 +4,30 @@
 
 
 class KMSFacade(AWSBaseFacade):
-    async def get_aliases(self, region):
+    async def get_aliases(self, region: str):
         try:
             return await AWSFacadeUtils.get_all_pages('kms', region, self.session, 'list_aliases', 'Aliases')
         except Exception as e:
             print_exception('Failed to list KMS Aliases: {}'.format(e))
             return []
 
-    async def get_grants(self, region):
+    async def get_grants(self, region: str, key_id: str):
         try:
-            return await AWSFacadeUtils.get_all_pages('kms', region, self.session, 'list_grants', 'Grants')
+            return await AWSFacadeUtils.get_all_pages('kms', region, self.session, 'list_grants', 'Grants',
+                                                      KeyId=key_id)
         except Exception as e:
             print_exception('Failed to list KMS Grants: {}'.format(e))
             return []
 
-    async def get_key_policies(self, region):
+    async def get_key_policies(self, region: str, key_id: str):
         try:
-            return await AWSFacadeUtils.get_all_pages('kms', region, self.session, 'list_key_policies', 'PolicyNames')
+            return await AWSFacadeUtils.get_all_pages('kms', region, self.session, 'list_key_policies', 'PolicyNames',
+                                                      KeyId=key_id)
         except Exception as e:
             print_exception('Failed to list KMS Key Policies: {}'.format(e))
             return []
 
-    async def get_keys(self, region):
+    async def get_keys(self, region: str):
         try:
             return await AWSFacadeUtils.get_all_pages('kms', region, self.session, 'list_keys', 'Keys')
         except Exception as e:
diff --git a/ScoutSuite/providers/aws/resources/kms/base.py b/ScoutSuite/providers/aws/resources/kms/base.py
index f24887568..2060f434f 100644
--- a/ScoutSuite/providers/aws/resources/kms/base.py
+++ b/ScoutSuite/providers/aws/resources/kms/base.py
@@ -2,18 +2,17 @@
 from ScoutSuite.providers.aws.resources.regions import Regions
 
 from .aliases import Aliases
-from .grants import Grants
 from .keys import Keys
-from .key_policies import KeyPolicies
 
 
 class KMS(Regions):
     _children = [
         (Aliases, 'aliases'),
         (Keys, 'keys'),
-        (Grants, 'grants'),
-        (KeyPolicies, 'key_policies')
     ]
 
     def __init__(self, facade: AWSFacade):
         super(KMS, self).__init__('kms', facade)
+
+    async def fetch_all(self, regions=None, excluded_regions=None, partition_name='aws', **kwargs):
+        await super(KMS, self).fetch_all(regions, excluded_regions, partition_name)
diff --git a/ScoutSuite/providers/aws/resources/kms/grants.py b/ScoutSuite/providers/aws/resources/kms/grants.py
index 4d3beca0c..072900891 100644
--- a/ScoutSuite/providers/aws/resources/kms/grants.py
+++ b/ScoutSuite/providers/aws/resources/kms/grants.py
@@ -3,12 +3,13 @@
 
 
 class Grants(AWSResources):
-    def __init__(self, facade: AWSFacade, region: str):
+    def __init__(self, facade: AWSFacade, region: str, key_id: str):
         super(Grants, self).__init__(facade)
         self.region = region
+        self.key_id = key_id
 
     async def fetch_all(self):
-        raw_grants = await self.facade.kms.get_grants(self.region)
+        raw_grants = await self.facade.kms.get_grants(self.region, self.key_id)
         for raw_grant in raw_grants:
             id, grant = self._parse_grant(raw_grant)
             self[id] = grant
diff --git a/ScoutSuite/providers/aws/resources/kms/key_policies.py b/ScoutSuite/providers/aws/resources/kms/key_policies.py
index c44fbe844..fc14456b3 100644
--- a/ScoutSuite/providers/aws/resources/kms/key_policies.py
+++ b/ScoutSuite/providers/aws/resources/kms/key_policies.py
@@ -4,12 +4,13 @@
 
 
 class KeyPolicies(AWSResources):
-    def __init__(self, facade: AWSFacade, region: str):
+    def __init__(self, facade: AWSFacade, region: str, key_id: str):
         super(KeyPolicies, self).__init__(facade)
         self.region = region
+        self.key_id = key_id
 
     async def fetch_all(self):
-        raw_key_policies = await self.facade.kms.get_key_policies(self.region)
+        raw_key_policies = await self.facade.kms.get_key_policies(self.region, self.key_id)
         for raw_key_policy in raw_key_policies:
             key_id, policy = self._parse_key_policy(raw_key_policy)
             self[key_id] = policy
diff --git a/ScoutSuite/providers/aws/resources/kms/keys.py b/ScoutSuite/providers/aws/resources/kms/keys.py
index 158c578f3..fbc41de47 100644
--- a/ScoutSuite/providers/aws/resources/kms/keys.py
+++ b/ScoutSuite/providers/aws/resources/kms/keys.py
@@ -1,8 +1,15 @@
 from ScoutSuite.providers.aws.facade.base import AWSFacade
-from ScoutSuite.providers.aws.resources.base import AWSResources
+from ScoutSuite.providers.aws.resources.base import AWSCompositeResources
+from .grants import Grants
+from .key_policies import KeyPolicies
 
 
-class Keys(AWSResources):
+class Keys(AWSCompositeResources):
+    _children = [
+        (Grants, 'grants'),
+        (KeyPolicies, 'key_policies')
+    ]
+
     def __init__(self, facade: AWSFacade, region: str):
         super(Keys, self).__init__(facade)
         self.region = region
@@ -10,8 +17,14 @@ def __init__(self, facade: AWSFacade, region: str):
     async def fetch_all(self):
         raw_keys = await self.facade.kms.get_keys(self.region)
         for raw_key in raw_keys:
-            id, key = self._parse_key(raw_key)
-            self[id] = key
+            key_id, key = self._parse_key(raw_key)
+            self[key_id] = key
+
+        await self._fetch_children_of_all_resources(
+            resources=self,
+            scopes={key_id: {'region': self.region, 'key_id': key['key_id']}
+                    for (key_id, key) in self.items()}
+        )
 
     def _parse_key(self, raw_key):
         key_dict = {

From 57652b5682fae26f7a459b2fc5dd2fc96673af1f Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Sat, 8 Feb 2020 18:05:59 +0100
Subject: [PATCH 039/145] Add VM finding

---
 ...ualmachines.subscriptions.id.instances.html |  8 ++++++++
 .../providers/azure/facade/virtualmachines.py  | 14 ++++++++++++++
 .../resources/virtualmachines/instances.py     | 12 +++++++++---
 .../virtual-machines-extensions-installed.json | 18 ++++++++++++++++++
 .../azure/rules/rulesets/cis-1.0.0.json        |  6 ++++++
 .../azure/rules/rulesets/default.json          |  6 ++++++
 6 files changed, 61 insertions(+), 3 deletions(-)
 create mode 100644 ScoutSuite/providers/azure/rules/findings/virtual-machines-extensions-installed.json

diff --git a/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.instances.html b/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.instances.html
index 1b7149cfc..f19cd93fc 100644
--- a/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.instances.html
+++ b/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.instances.html
@@ -25,6 +25,14 @@ <h4 class="list-group-item-heading">Network Interfaces</h4>
         <div class="list-group-item-text item-margin"><a href="javascript:showObject('services.network.subscriptions.{{../subscription}}.network_interfaces.{{this}}')"><samp>{{getValueAt 'services.network.subscriptions' ../subscription 'network_interfaces' this 'name'}}</samp></a></div>
         {{/each}}
     </div>
+    <div class="list-group-item">
+        <h4 id="virtualmachines.subscriptions.{{@../key}}.instances.{{@key}}.extensions" class="list-group-item-heading">Extensions</h4>
+        {{#each extensions}}
+        <ul>
+            <li><samp>{{this.name}}</samp></li>
+        </ul>
+        {{/each}}
+    </div>
 </script>
 
 <script>
diff --git a/ScoutSuite/providers/azure/facade/virtualmachines.py b/ScoutSuite/providers/azure/facade/virtualmachines.py
index 258c5db18..e4d8b5e3b 100644
--- a/ScoutSuite/providers/azure/facade/virtualmachines.py
+++ b/ScoutSuite/providers/azure/facade/virtualmachines.py
@@ -22,6 +22,20 @@ async def get_instances(self, subscription_id: str):
             print_exception('Failed to retrieve virtual machines: {}'.format(e))
             return []
 
+    async def get_instance_extensions(self, subscription_id: str,
+                                      instance_name: str,
+                                      resource_group: str):
+        try:
+            client = self.get_client(subscription_id)
+            extensions = await run_concurrently(
+                lambda: client.virtual_machine_extensions.list(resource_group,
+                                                               instance_name)
+            )
+            return list(extensions.value)
+        except Exception as e:
+            print_exception('Failed to retrieve virtual machine extensions: {}'.format(e))
+            return []
+
     async def get_disks(self, subscription_id: str):
         try:
             client = self.get_client(subscription_id)
diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/instances.py b/ScoutSuite/providers/azure/resources/virtualmachines/instances.py
index 6d170bd33..b2878a0d9 100644
--- a/ScoutSuite/providers/azure/resources/virtualmachines/instances.py
+++ b/ScoutSuite/providers/azure/resources/virtualmachines/instances.py
@@ -2,6 +2,7 @@
 from ScoutSuite.providers.azure.resources.base import AzureResources
 from ScoutSuite.providers.utils import get_non_provider_id
 
+from ScoutSuite.providers.azure.utils import get_resource_group_name
 
 class Instances(AzureResources):
 
@@ -11,12 +12,13 @@ def __init__(self, facade: AzureFacade, subscription_id: str):
 
     async def fetch_all(self):
         for raw_instance in await self.facade.virtualmachines.get_instances(self.subscription_id):
-            id, instance = self._parse_instance(raw_instance)
+            id, instance = await self._parse_instance(raw_instance)
             self[id] = instance
 
-    def _parse_instance(self, raw_instance):
+    async def _parse_instance(self, raw_instance):
         instance_dict = {}
         instance_dict['id'] = get_non_provider_id(raw_instance.id.lower())
+        instance_dict['name'] = raw_instance.name
         instance_dict['vm_id'] = raw_instance.vm_id
         instance_dict['zones'] = raw_instance.zones
         instance_dict['instance_view'] = raw_instance.instance_view
@@ -30,7 +32,6 @@ def _parse_instance(self, raw_instance):
         instance_dict['provisioning_state'] = raw_instance.provisioning_state
         instance_dict['plan'] = raw_instance.plan
         instance_dict['identity'] = raw_instance.identity
-        instance_dict['name'] = raw_instance.name
         instance_dict['additional_capabilities'] = raw_instance.additional_capabilities
         instance_dict['license_type'] = raw_instance.license_type
 
@@ -46,4 +47,9 @@ def _parse_instance(self, raw_instance):
         for interface in raw_instance.network_profile.network_interfaces:
             instance_dict['network_interfaces'].append(get_non_provider_id(interface.id))
 
+        instance_dict['extensions'] = await self.facade.virtualmachines.get_instance_extensions(
+            subscription_id=self.subscription_id,
+            instance_name=instance_dict['name'],
+            resource_group=get_resource_group_name(raw_instance.id))
+
         return instance_dict['id'], instance_dict
diff --git a/ScoutSuite/providers/azure/rules/findings/virtual-machines-extensions-installed.json b/ScoutSuite/providers/azure/rules/findings/virtual-machines-extensions-installed.json
new file mode 100644
index 000000000..0d3ff42ca
--- /dev/null
+++ b/ScoutSuite/providers/azure/rules/findings/virtual-machines-extensions-installed.json
@@ -0,0 +1,18 @@
+{
+    "description": "Virtual Machine Extensions Installed",
+    "rationale": "Azure virtual machine extensions are small applications that provide post-deployment configuration and automation tasks on Azure virtual machines. These extensions run with administrative privileges and could potentially access anything on a virtual machine. The Azure Portal and community provide several such extensions.",
+    "remediation": "Each organization should carefully evaluate these extensions and ensure that only those that are approved for use are actually implemented.",
+    "compliance": [
+        {"name": "CIS Microsoft Azure Foundations", "version": "1.0.0", "reference": "7.4"},
+        {"name": "CIS Microsoft Azure Foundations", "version": "1.1.0", "reference": "7.4"}
+    ],
+    "references": [
+        "https://docs.microsoft.com/en-us/azure/virtual-machines/windows/extensions-features"
+    ],
+    "dashboard_name": "Instances",
+    "path": "virtualmachines.subscriptions.id.instances.id",
+    "conditions": [ "and",
+        ["virtualmachines.subscriptions.id.instances.id.extensions", "notEmpty", ""]
+    ],
+    "id_suffix": "extensions"
+}
diff --git a/ScoutSuite/providers/azure/rules/rulesets/cis-1.0.0.json b/ScoutSuite/providers/azure/rules/rulesets/cis-1.0.0.json
index 1bf79ea7d..3f5dcc363 100644
--- a/ScoutSuite/providers/azure/rules/rulesets/cis-1.0.0.json
+++ b/ScoutSuite/providers/azure/rules/rulesets/cis-1.0.0.json
@@ -206,6 +206,12 @@
                 "enabled": true,
                 "level": "warning"
             }
+        ],
+        "virtual-machines-extensions-installed.json": [
+            {
+                "enabled": true,
+                "level": "warning"
+            }
         ]
     }
 }
diff --git a/ScoutSuite/providers/azure/rules/rulesets/default.json b/ScoutSuite/providers/azure/rules/rulesets/default.json
index 6ba8853f1..b052fe0af 100644
--- a/ScoutSuite/providers/azure/rules/rulesets/default.json
+++ b/ScoutSuite/providers/azure/rules/rulesets/default.json
@@ -224,6 +224,12 @@
                 "enabled": true,
                 "level": "warning"
             }
+        ],
+        "virtual-machines-extensions-installed.json": [
+            {
+                "enabled": true,
+                "level": "warning"
+            }
         ]
     }
 }

From 98744199a2dd24bb01da9056c8ff2c84e07e26e0 Mon Sep 17 00:00:00 2001
From: Nick Klauer <nklauer@zendesk.com>
Date: Sat, 8 Feb 2020 18:25:58 -0600
Subject: [PATCH 040/145] feat: add python3.8 to build matrix

---
 .travis.yml | 5 +++++
 setup.py    | 3 ++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 2c37b8d02..9a56c29e3 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -6,12 +6,17 @@ sudo: false
 python:
   - "3.5"
   - "3.6"
+  - "3.7"
+  - "3.8"
 
 matrix:
   include:
     - python: "3.7"
       dist: xenial    # required for Python 3.7 (travis-ci/travis-ci#9069)
       sudo: required  # required for Python 3.7 (travis-ci/travis-ci#9069)
+    - python: "3.8"
+      dist: bionic
+      sudo: required
 
 install:
   - pip install -U setuptools
diff --git a/setup.py b/setup.py
index cadb5119f..0aa5608a1 100644
--- a/setup.py
+++ b/setup.py
@@ -58,6 +58,7 @@
         'Programming Language :: Python :: 3',
         'Programming Language :: Python :: 3.5',
         'Programming Language :: Python :: 3.6',
-        'Programming Language :: Python :: 3.7'
+        'Programming Language :: Python :: 3.7',
+        'Programming Language :: Python :: 3.8'
     ],
 )

From 6d98d6a99b06fdd86e8f6157d3444faf96d39b62 Mon Sep 17 00:00:00 2001
From: Nick Klauer <nklauer@zendesk.com>
Date: Sat, 8 Feb 2020 19:03:07 -0600
Subject: [PATCH 041/145] feat: add flake8 config to simplify running it

---
 .flake8     | 19 +++++++++++++++++++
 .travis.yml |  4 +---
 2 files changed, 20 insertions(+), 3 deletions(-)
 create mode 100644 .flake8

diff --git a/.flake8 b/.flake8
new file mode 100644
index 000000000..33a95540d
--- /dev/null
+++ b/.flake8
@@ -0,0 +1,19 @@
+[flake8]
+select =
+    E901,
+    E999,
+    F821,
+    F822,
+    F823
+statistics = True
+show-source = True
+max-line-length = 127
+max-complexity = 10
+exclude =
+    .git,
+    __pycache__,
+    docs/source/conf.py,
+    old,
+    build,
+    dist,
+    venv
\ No newline at end of file
diff --git a/.travis.yml b/.travis.yml
index bd17bd12c..8e4a7b129 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -22,9 +22,7 @@ install:
 
 before_script:
   # Stop the build if there are Python syntax errors or undefined names
-  - flake8 . --count --select=E901,E999,F821,F822,F823 --show-source --statistics
-  # Exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
-  - flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+  - flake8 .
 
 # Command to run tests
 script:

From 922b3e458cca43c30337f4e23f22582bb058ac93 Mon Sep 17 00:00:00 2001
From: rracterr <bknauss@newscorp.com>
Date: Mon, 10 Feb 2020 06:22:49 +0000
Subject: [PATCH 042/145] added public checks for ami and ebs snapshots

---
 .../providers/aws/rules/findings/ec2-ami-public.json |  9 +++++++++
 .../aws/rules/findings/ec2-ebs-snapshot-public.json  |  9 +++++++++
 ScoutSuite/providers/aws/rules/rulesets/default.json | 12 ++++++++++++
 3 files changed, 30 insertions(+)
 create mode 100644 ScoutSuite/providers/aws/rules/findings/ec2-ami-public.json
 create mode 100644 ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-public.json

diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-ami-public.json b/ScoutSuite/providers/aws/rules/findings/ec2-ami-public.json
new file mode 100644
index 000000000..533106174
--- /dev/null
+++ b/ScoutSuite/providers/aws/rules/findings/ec2-ami-public.json
@@ -0,0 +1,9 @@
+{
+    "description": "AMI public",
+    "rationale": "<b>Description:</b><br><br>AMI should never intentionally be public.",
+    "path": "ec2.regions.id.amis.id",
+    "dashboard_name": "Ami",
+    "conditions": [ "and",
+        [ "Public", "true", "" ]
+    ]
+}
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-public.json b/ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-public.json
new file mode 100644
index 000000000..b61553027
--- /dev/null
+++ b/ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-public.json
@@ -0,0 +1,9 @@
+{
+    "description": "EBS snapshot public",
+	"rationale": "<b>Description:</b><br><br>Snapshots should never be public.",
+    "path": "ec2.regions.id.snapshots.id",
+    "dashboard_name": "Snapshots",
+    "conditions": [ "and", 
+        [ "public", "true", "" ]
+    ]
+}
diff --git a/ScoutSuite/providers/aws/rules/rulesets/default.json b/ScoutSuite/providers/aws/rules/rulesets/default.json
index d1f34e79a..aa9de01ec 100644
--- a/ScoutSuite/providers/aws/rules/rulesets/default.json
+++ b/ScoutSuite/providers/aws/rules/rulesets/default.json
@@ -61,6 +61,12 @@
                 "level": "warning"
             }
         ],
+        "ec2-ami-public.json": [
+            {
+                "enabled": true,
+                "level": "danger"
+            }
+        ],
         "ec2-default-security-group-in-use.json": [
             {
                 "enabled": true,
@@ -79,6 +85,12 @@
                 "level": "danger"
             }
         ],
+        "ec2-ebs-snapshot-public.json": [
+            {
+                "enabled": true,
+                "level": "danger"
+            }
+        ],
         "ec2-ebs-volume-not-encrypted.json": [
             {
                 "enabled": true,

From d4bec88041b3dff146b586676adc7f3a1177d250 Mon Sep 17 00:00:00 2001
From: rracterr <bknauss@newscorp.com>
Date: Mon, 10 Feb 2020 06:40:00 +0000
Subject: [PATCH 043/145] added public checks to detailed

---
 .../providers/aws/rules/rulesets/detailed.json       | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/ScoutSuite/providers/aws/rules/rulesets/detailed.json b/ScoutSuite/providers/aws/rules/rulesets/detailed.json
index d3473fa1f..899289305 100644
--- a/ScoutSuite/providers/aws/rules/rulesets/detailed.json
+++ b/ScoutSuite/providers/aws/rules/rulesets/detailed.json
@@ -61,6 +61,12 @@
                 "level": "warning"
             }
         ],
+	"ec2-ami-public.json": [
+            {
+                "enabled": true,
+                "level": "danger"
+            }
+        ],
         "ec2-default-security-group-in-use.json": [
             {
                 "enabled": true,
@@ -79,6 +85,12 @@
                 "level": "danger"
             }
         ],
+	"ec2-ebs-snapshot-public.json": [
+            {
+                "enabled": true,
+                "level": "danger"
+            }
+        ],
         "ec2-ebs-volume-not-encrypted.json": [
             {
                 "enabled": true,

From 0d19d0a5a8cab8fd5ef84c0f95802492aa9d0f87 Mon Sep 17 00:00:00 2001
From: rracterr <bknauss@newscorp.com>
Date: Mon, 10 Feb 2020 07:04:58 +0000
Subject: [PATCH 044/145] fixed path

---
 ScoutSuite/providers/aws/rules/findings/ec2-ami-public.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-ami-public.json b/ScoutSuite/providers/aws/rules/findings/ec2-ami-public.json
index 533106174..14fe7471b 100644
--- a/ScoutSuite/providers/aws/rules/findings/ec2-ami-public.json
+++ b/ScoutSuite/providers/aws/rules/findings/ec2-ami-public.json
@@ -1,7 +1,7 @@
 {
     "description": "AMI public",
     "rationale": "<b>Description:</b><br><br>AMI should never intentionally be public.",
-    "path": "ec2.regions.id.amis.id",
+    "path": "ec2.regions.id.images.id",
     "dashboard_name": "Ami",
     "conditions": [ "and",
         [ "Public", "true", "" ]

From 33f4c8e81f1131d779b64700a91977e57e123459 Mon Sep 17 00:00:00 2001
From: Nick Klauer <nklauer@zendesk.com>
Date: Tue, 11 Feb 2020 08:23:02 -0600
Subject: [PATCH 045/145] feat: add autopep8 formatting

---
 .flake8     | 6 +++++-
 .travis.yml | 2 ++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/.flake8 b/.flake8
index 33a95540d..234078ea0 100644
--- a/.flake8
+++ b/.flake8
@@ -16,4 +16,8 @@ exclude =
     old,
     build,
     dist,
-    venv
\ No newline at end of file
+    venv
+
+[pycodestyle]
+max_line_length = 127
+ignore = E501
\ No newline at end of file
diff --git a/.travis.yml b/.travis.yml
index d8f9ee344..30fdacbb5 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -24,10 +24,12 @@ install:
   - pip install flake8
   - pip install coveralls
   - pip install codecov
+  - pip install autopep8
 
 before_script:
   # Stop the build if there are Python syntax errors or undefined names
   - flake8 .
+  - autopep8 --diff --recursive .
 
 # Command to run tests
 script:

From 8879fe7d173f9c6f794640fa2ad838b83a3daa4b Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Tue, 11 Feb 2020 15:55:46 +0100
Subject: [PATCH 046/145] Update finding

---
 .../providers/aws/rules/findings/ec2-ebs-snapshot-public.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-public.json b/ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-public.json
index b61553027..d2418326b 100644
--- a/ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-public.json
+++ b/ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-public.json
@@ -1,6 +1,6 @@
 {
-    "description": "EBS snapshot public",
-	"rationale": "<b>Description:</b><br><br>Snapshots should never be public.",
+    "description": "Public EBS snapshot",
+	"rationale": "<b>Description:</b><br><br>Snapshots should never be public, as this risks exposing sensitive data.",
     "path": "ec2.regions.id.snapshots.id",
     "dashboard_name": "Snapshots",
     "conditions": [ "and", 

From be45cd166943ecb87df6de26578371bf554a61ec Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Tue, 11 Feb 2020 15:59:11 +0100
Subject: [PATCH 047/145] Update finding

---
 .../providers/aws/rules/findings/ec2-ami-public.json     | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-ami-public.json b/ScoutSuite/providers/aws/rules/findings/ec2-ami-public.json
index 14fe7471b..2723c72bf 100644
--- a/ScoutSuite/providers/aws/rules/findings/ec2-ami-public.json
+++ b/ScoutSuite/providers/aws/rules/findings/ec2-ami-public.json
@@ -1,9 +1,10 @@
 {
-    "description": "AMI public",
-    "rationale": "<b>Description:</b><br><br>AMI should never intentionally be public.",
+    "description": "Publicly Accessible AMI",
+    "rationale": "<b>Description:</b><br><br>AMIs should never intentionally be made public. If they need to be shared this can be done with specific AWS accounts.",
     "path": "ec2.regions.id.images.id",
-    "dashboard_name": "Ami",
+    "dashboard_name": "Images",
     "conditions": [ "and",
         [ "Public", "true", "" ]
-    ]
+    ],
+    "id_suffix": "image_is_public"
 }

From 4edad6910a2f74a3660f6fe4f8b96d02eb880c92 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Tue, 11 Feb 2020 16:02:08 +0100
Subject: [PATCH 048/145] Sort ruleset

---
 ScoutSuite/providers/aws/rules/rulesets/detailed.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ScoutSuite/providers/aws/rules/rulesets/detailed.json b/ScoutSuite/providers/aws/rules/rulesets/detailed.json
index 899289305..d3fc7e0d2 100644
--- a/ScoutSuite/providers/aws/rules/rulesets/detailed.json
+++ b/ScoutSuite/providers/aws/rules/rulesets/detailed.json
@@ -61,7 +61,7 @@
                 "level": "warning"
             }
         ],
-	"ec2-ami-public.json": [
+        "ec2-ami-public.json": [
             {
                 "enabled": true,
                 "level": "danger"
@@ -85,7 +85,7 @@
                 "level": "danger"
             }
         ],
-	"ec2-ebs-snapshot-public.json": [
+        "ec2-ebs-snapshot-public.json": [
             {
                 "enabled": true,
                 "level": "danger"

From 2d1941806a34ddbe55e9adcfedc65a3050fc20f8 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Tue, 11 Feb 2020 16:02:15 +0100
Subject: [PATCH 049/145] Sort ruleset

---
 ScoutSuite/providers/aws/rules/rulesets/default.json | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/ScoutSuite/providers/aws/rules/rulesets/default.json b/ScoutSuite/providers/aws/rules/rulesets/default.json
index c58eb60e5..df659b2ca 100644
--- a/ScoutSuite/providers/aws/rules/rulesets/default.json
+++ b/ScoutSuite/providers/aws/rules/rulesets/default.json
@@ -1,17 +1,17 @@
 {
     "about": "This ruleset consists of numerous rules that are considered standard by NCC Group. The rules enabled range from violations of well-known security best practices to gaps resulting from less-known security implications of provider-specific mechanisms. Additional rules exist, some of them requiring extra-parameters to be configured, and some of them being applicable to a limited number of users.",
     "rules": {
-        "acm-certificate-with-transparency-logging-disabled.json": [
+        "acm-certificate-with-close-expiration-date.json": [
             {
+                "args": [
+                    "7"
+                ],
                 "enabled": true,
                 "level": "warning"
             }
         ],
-        "acm-certificate-with-close-expiration-date.json": [
+        "acm-certificate-with-transparency-logging-disabled.json": [
             {
-                "args": [
-                    "7"
-                ],
                 "enabled": true,
                 "level": "warning"
             }

From be4d6e0331e49a37a2b1d01cac268b0e4a85b2a2 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Tue, 11 Feb 2020 16:54:14 +0100
Subject: [PATCH 050/145] Merge

---
 ScoutSuite/providers/aws/facade/base.py | 8 --------
 ScoutSuite/providers/aws/services.py    | 8 --------
 2 files changed, 16 deletions(-)

diff --git a/ScoutSuite/providers/aws/facade/base.py b/ScoutSuite/providers/aws/facade/base.py
index cb47d7866..ae762edbb 100644
--- a/ScoutSuite/providers/aws/facade/base.py
+++ b/ScoutSuite/providers/aws/facade/base.py
@@ -31,10 +31,6 @@
     from ScoutSuite.providers.aws.facade.dynamodb_private import DynamoDBFacade
 except ImportError:
     pass
-try:
-    from ScoutSuite.providers.aws.facade.kms_private import KMSFacade
-except ImportError:
-    pass
 
 
 class AWSFacade(AWSBaseFacade):
@@ -105,7 +101,3 @@ def _instantiate_facades(self):
             self.dynamodb = DynamoDBFacade(self.session)
         except NameError:
             pass
-        try:
-            self.kms = KMSFacade(self.session)
-        except NameError:
-            pass
diff --git a/ScoutSuite/providers/aws/services.py b/ScoutSuite/providers/aws/services.py
index 2173f3724..aa5fa2c0d 100644
--- a/ScoutSuite/providers/aws/services.py
+++ b/ScoutSuite/providers/aws/services.py
@@ -29,10 +29,6 @@
     from ScoutSuite.providers.aws.resources.private_dynamodb.base import DynamoDB
 except ImportError:
     pass
-try:
-    from ScoutSuite.providers.aws.resources.private_kms.base import KMS
-except ImportError:
-    pass
 
 
 class AWSServicesConfig(BaseServicesConfig):
@@ -89,10 +85,6 @@ def __init__(self, credentials=None, **kwargs):
             self.dynamodb = DynamoDB(facade)
         except NameError as _:
             pass
-        try:
-            self.kms = KMS(facade)
-        except NameError as _:
-            pass
 
     def _is_provider(self, provider_name):
         return provider_name == 'aws'

From 74f23ac74cb6c49f401b863b76d7c0dfb06264ed Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Tue, 11 Feb 2020 17:23:41 +0100
Subject: [PATCH 051/145] Merge

---
 ScoutSuite/providers/aws/resources/kms/base.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/ScoutSuite/providers/aws/resources/kms/base.py b/ScoutSuite/providers/aws/resources/kms/base.py
index 2060f434f..ffce9ca95 100644
--- a/ScoutSuite/providers/aws/resources/kms/base.py
+++ b/ScoutSuite/providers/aws/resources/kms/base.py
@@ -13,6 +13,3 @@ class KMS(Regions):
 
     def __init__(self, facade: AWSFacade):
         super(KMS, self).__init__('kms', facade)
-
-    async def fetch_all(self, regions=None, excluded_regions=None, partition_name='aws', **kwargs):
-        await super(KMS, self).fetch_all(regions, excluded_regions, partition_name)

From bced56de95e170a132eb63cf7a5d5c36438738bd Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Tue, 11 Feb 2020 17:23:56 +0100
Subject: [PATCH 052/145] Merge

---
 .../providers/aws/resources/kms/keys.py       | 25 ++++++++++++++-----
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/ScoutSuite/providers/aws/resources/kms/keys.py b/ScoutSuite/providers/aws/resources/kms/keys.py
index fbc41de47..de9ae684c 100644
--- a/ScoutSuite/providers/aws/resources/kms/keys.py
+++ b/ScoutSuite/providers/aws/resources/kms/keys.py
@@ -22,13 +22,26 @@ async def fetch_all(self):
 
         await self._fetch_children_of_all_resources(
             resources=self,
-            scopes={key_id: {'region': self.region, 'key_id': key['key_id']}
+            scopes={key_id: {'region': self.region, 'key_id': key['id']}
                     for (key_id, key) in self.items()}
         )
 
     def _parse_key(self, raw_key):
-        key_dict = {
-            'key_id': raw_key.get('KeyId'),
-            'arn': raw_key.get('KeyArn')
-        }
-        return key_dict['key_id'], key_dict
+        key_dict = {}
+        key_dict['id'] = raw_key.get('KeyId')
+        key_dict['arn'] = raw_key.get('KeyArn')
+        key_dict['rotation_enabled'] = raw_key['rotation_status']['KeyRotationEnabled'] \
+            if 'rotation_status' in raw_key else None
+
+        if 'metadata' in raw_key:
+            key_dict['creation_date'] = raw_key['metadata']['KeyMetadata']['CreationDate'] if \
+                raw_key['metadata']['KeyMetadata']['CreationDate'] else None
+            key_dict['key_enabled'] = False if raw_key['metadata']['KeyMetadata']['KeyState'] == 'Disabled' else True
+            key_dict['description'] = raw_key['metadata']['KeyMetadata']['Description'] if len(
+                raw_key['metadata']['KeyMetadata']['Description'].strip()) > 0 else None
+            key_dict['origin'] = raw_key['metadata']['KeyMetadata']['Origin'] if len(
+                raw_key['metadata']['KeyMetadata']['Origin'].strip()) > 0 else None
+            key_dict['key_manager'] = raw_key['metadata']['KeyMetadata']['KeyManager'] if len(
+                raw_key['metadata']['KeyMetadata']['KeyManager'].strip()) > 0 else None
+
+        return key_dict['id'], key_dict

From 15a32be5bc1f7e9f8b3d8539e85cca6bd5185a3c Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Tue, 11 Feb 2020 18:06:35 +0100
Subject: [PATCH 053/145] Add HTML partial

---
 .../aws/services.kms.regions.id.keys.html     | 40 +++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 ScoutSuite/output/data/html/partials/aws/services.kms.regions.id.keys.html

diff --git a/ScoutSuite/output/data/html/partials/aws/services.kms.regions.id.keys.html b/ScoutSuite/output/data/html/partials/aws/services.kms.regions.id.keys.html
new file mode 100644
index 000000000..6dd3ca4ef
--- /dev/null
+++ b/ScoutSuite/output/data/html/partials/aws/services.kms.regions.id.keys.html
@@ -0,0 +1,40 @@
+
+<!-- Key partial -->
+<script id="services.kms.regions.id.keys.partial" type="text/x-handlebars-template">
+  {{#unless scout2_link}}
+    <div id="resource-name" class="list-group-item active">
+      <h4 class="list-group-item-heading">{{name}}</h4>
+    </div>
+    <div class="list-group-item">
+    <h4>Information</h4>
+      <ul>
+        <li class="list-group-item-text">ID: <span id="kms.regions.{{region}}.keys.{{@key}}.id"><samp>{{id}}</samp></span></li>
+        <li class="list-group-item-text">ARN: <span id="kms.regions.{{region}}.keys.{{@key}}.arn"><samp>{{arn}}</samp></span></li>
+        <li class="list-group-item-text">Description: <span id="kms.regions.{{region}}.keys.{{@key}}.description"><samp>{{value_or_none description}}</samp></span></li>
+        <li class="list-group-item-text">Creation Date: <span id="kms.regions.{{region}}.keys.{{@key}}.creation_date">{{format_date creation_date}}</span></li>
+        <li class="list-group-item-text">Status: <span id="kms.regions.{{region}}.keys.{{@key}}.key_enabled">{{convert_bool_to_enabled key_enabled}}</span></li>
+        <li class="list-group-item-text">Rotation: <span id="kms.regions.{{region}}.keys.{{@key}}.rotation_enabled">{{convert_bool_to_enabled rotation_enabled}}</span></li>
+        <li class="list-group-item-text">Origin: <span id="kms.regions.{{region}}.keys.{{@key}}.origin"><samp>{{value_or_none origin}}</samp></span></li>
+        <li class="list-group-item-text">Key Manager: <span id="kms.regions.{{region}}.keys.{{@key}}.key_manager"><samp>{{value_or_none key_manager}}</samp></span></li>
+      </ul>
+    </div>
+    {{#if policy}}
+    <div class="list-group-item">
+      {{> accordion_policy name = 'Key Policy' document = policy policy_path = (concat 'kms.regions' region 'keys' @key 'policy')}}
+    {{else}}
+      <h4 class="list-group-item-heading accordion-heading text-secondary">Key Policy</h4>
+    {{/if}}
+    </div>
+  {{/unless}}
+</script>
+<script>
+  Handlebars.registerPartial("services.kms.regions.id.keys", $("#services\\.kms\\.regions\\.id\\.keys\\.partial").html());
+</script>
+
+<!-- Single KMS instance template -->
+<script id="single_kms_key-template" type="text/x-handlebars-template">
+    {{> modal-template template='services.kms.regions.id.keys' }}
+</script>
+<script>
+    var single_kms_key_template = Handlebars.compile($("#single_kms_key-template").html());
+</script>

From 277b67bf6e49212efdeacf7cd7e88d2e123619fb Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Tue, 11 Feb 2020 18:06:45 +0100
Subject: [PATCH 054/145] Merge

---
 ScoutSuite/providers/aws/facade/kms.py        | 57 ++++++++++++++-----
 .../aws/resources/kms/key_policies.py         | 24 --------
 .../providers/aws/resources/kms/keys.py       |  6 +-
 3 files changed, 45 insertions(+), 42 deletions(-)
 delete mode 100644 ScoutSuite/providers/aws/resources/kms/key_policies.py

diff --git a/ScoutSuite/providers/aws/facade/kms.py b/ScoutSuite/providers/aws/facade/kms.py
index 98679acb5..afc895946 100644
--- a/ScoutSuite/providers/aws/facade/kms.py
+++ b/ScoutSuite/providers/aws/facade/kms.py
@@ -1,9 +1,51 @@
 from ScoutSuite.core.console import print_exception
 from ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade
 from ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils
+from ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently
+import json
+
 
 
 class KMSFacade(AWSBaseFacade):
+
+    async def get_keys(self, region: str):
+
+        try:
+            keys = await AWSFacadeUtils.get_all_pages('kms', region, self.session, 'list_keys', 'Keys')
+            await get_and_set_concurrently(
+                [self._get_and_set_key_policy, self._get_and_set_key_metadata, self._get_and_set_key_rotation_status],
+                keys, region=region)
+        except Exception as e:
+            print_exception('Failed to get KMS keys: {}'.format(e))
+            keys = []
+        finally:
+            return keys
+
+    async def _get_and_set_key_policy(self, key: {}, region: str):
+        client = AWSFacadeUtils.get_client('kms', self.session, region)
+        try:
+            response = await run_concurrently(
+                lambda: client.get_key_policy(KeyId=key['KeyId'],
+                                              PolicyName='default'))
+            key['policy'] = json.loads(response.get('Policy'))
+        except Exception as e:
+            print_exception('Failed to get KMS key policy: {}'.format(e))
+
+    async def _get_and_set_key_rotation_status(self, key: {}, region: str):
+        client = AWSFacadeUtils.get_client('kms', self.session, region)
+        try:
+            key['rotation_status'] = await run_concurrently(
+                lambda: client.get_key_rotation_status(KeyId=key['KeyId']))
+        except Exception as e:
+            print_exception('Failed to get KMS key rotation: {}'.format(e))
+
+    async def _get_and_set_key_metadata(self, key: {}, region: str):
+        client = AWSFacadeUtils.get_client('kms', self.session, region)
+        try:
+            key['metadata'] = await run_concurrently(lambda: client.describe_key(KeyId=key['KeyId']))
+        except Exception as e:
+            print_exception('Failed to describe KMS key: {}'.format(e))
+
     async def get_aliases(self, region: str):
         try:
             return await AWSFacadeUtils.get_all_pages('kms', region, self.session, 'list_aliases', 'Aliases')
@@ -18,18 +60,3 @@ async def get_grants(self, region: str, key_id: str):
         except Exception as e:
             print_exception('Failed to list KMS Grants: {}'.format(e))
             return []
-
-    async def get_key_policies(self, region: str, key_id: str):
-        try:
-            return await AWSFacadeUtils.get_all_pages('kms', region, self.session, 'list_key_policies', 'PolicyNames',
-                                                      KeyId=key_id)
-        except Exception as e:
-            print_exception('Failed to list KMS Key Policies: {}'.format(e))
-            return []
-
-    async def get_keys(self, region: str):
-        try:
-            return await AWSFacadeUtils.get_all_pages('kms', region, self.session, 'list_keys', 'Keys')
-        except Exception as e:
-            print_exception('Failed to list KMS Keys: {}'.format(e))
-            return []
diff --git a/ScoutSuite/providers/aws/resources/kms/key_policies.py b/ScoutSuite/providers/aws/resources/kms/key_policies.py
deleted file mode 100644
index fc14456b3..000000000
--- a/ScoutSuite/providers/aws/resources/kms/key_policies.py
+++ /dev/null
@@ -1,24 +0,0 @@
-from ScoutSuite.providers.aws.facade.base import AWSFacade
-from ScoutSuite.providers.aws.resources.base import AWSResources
-from ScoutSuite.providers.utils import get_non_provider_id
-
-
-class KeyPolicies(AWSResources):
-    def __init__(self, facade: AWSFacade, region: str, key_id: str):
-        super(KeyPolicies, self).__init__(facade)
-        self.region = region
-        self.key_id = key_id
-
-    async def fetch_all(self):
-        raw_key_policies = await self.facade.kms.get_key_policies(self.region, self.key_id)
-        for raw_key_policy in raw_key_policies:
-            key_id, policy = self._parse_key_policy(raw_key_policy)
-            self[key_id] = policy
-
-    def _parse_key_policy(self, raw_key_policy):
-        key_policy_dict = {
-            'id': get_non_provider_id(raw_key_policy.get('PolicyNames')),
-            'policy_names': raw_key_policy.get('PolicyNames')
-
-        }
-        return key_policy_dict['id'], key_policy_dict
diff --git a/ScoutSuite/providers/aws/resources/kms/keys.py b/ScoutSuite/providers/aws/resources/kms/keys.py
index de9ae684c..02a6bdde3 100644
--- a/ScoutSuite/providers/aws/resources/kms/keys.py
+++ b/ScoutSuite/providers/aws/resources/kms/keys.py
@@ -1,13 +1,11 @@
 from ScoutSuite.providers.aws.facade.base import AWSFacade
 from ScoutSuite.providers.aws.resources.base import AWSCompositeResources
 from .grants import Grants
-from .key_policies import KeyPolicies
 
 
 class Keys(AWSCompositeResources):
     _children = [
         (Grants, 'grants'),
-        (KeyPolicies, 'key_policies')
     ]
 
     def __init__(self, facade: AWSFacade, region: str):
@@ -28,11 +26,13 @@ async def fetch_all(self):
 
     def _parse_key(self, raw_key):
         key_dict = {}
-        key_dict['id'] = raw_key.get('KeyId')
+        key_dict['id'] = key_dict['name'] = raw_key.get('KeyId')
         key_dict['arn'] = raw_key.get('KeyArn')
         key_dict['rotation_enabled'] = raw_key['rotation_status']['KeyRotationEnabled'] \
             if 'rotation_status' in raw_key else None
 
+        key_dict['policy'] = raw_key.get('policy')
+
         if 'metadata' in raw_key:
             key_dict['creation_date'] = raw_key['metadata']['KeyMetadata']['CreationDate'] if \
                 raw_key['metadata']['KeyMetadata']['CreationDate'] else None

From 42653fe9a6a1c63625132f661ff16b4fb32da677 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Tue, 11 Feb 2020 18:25:40 +0100
Subject: [PATCH 055/145] Close element

---
 .../data/html/partials/aws/services.cloudtrail.regions.html      | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ScoutSuite/output/data/html/partials/aws/services.cloudtrail.regions.html b/ScoutSuite/output/data/html/partials/aws/services.cloudtrail.regions.html
index 262d33e00..07356891b 100644
--- a/ScoutSuite/output/data/html/partials/aws/services.cloudtrail.regions.html
+++ b/ScoutSuite/output/data/html/partials/aws/services.cloudtrail.regions.html
@@ -12,6 +12,7 @@ <h4>Information</h4>
             {{#ifPositive trails_count}}true{{else}}false{{/ifPositive}}
           </span>
         </li>
+      </ul>
     </div>
     <div class="list-group-item">
       <div class="accordion">

From af49d5cfc7c2dc1afe4072014d40a3030b0e9c22 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Tue, 11 Feb 2020 18:36:18 +0100
Subject: [PATCH 056/145] Improve partial

---
 .../partials/aws/services.kms.regions.id.keys.html | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/ScoutSuite/output/data/html/partials/aws/services.kms.regions.id.keys.html b/ScoutSuite/output/data/html/partials/aws/services.kms.regions.id.keys.html
index 6dd3ca4ef..c06c5b44b 100644
--- a/ScoutSuite/output/data/html/partials/aws/services.kms.regions.id.keys.html
+++ b/ScoutSuite/output/data/html/partials/aws/services.kms.regions.id.keys.html
@@ -18,8 +18,20 @@ <h4>Information</h4>
         <li class="list-group-item-text">Key Manager: <span id="kms.regions.{{region}}.keys.{{@key}}.key_manager"><samp>{{value_or_none key_manager}}</samp></span></li>
       </ul>
     </div>
-    {{#if policy}}
     <div class="list-group-item">
+      {{#if aliases.length}}
+      <h4 class="list-group-item-heading accordion-heading">Aliases</h4>
+      <ul>
+        {{#each this.aliases}}
+        <li><samp>{{name}}</samp></li>
+        {{/each}}
+      </ul>
+      {{else}}
+      <h4 class="list-group-item-heading accordion-heading text-secondary">Aliases</h4>
+      {{/if}}
+    </div>
+    <div class="list-group-item">
+    {{#if policy}}
       {{> accordion_policy name = 'Key Policy' document = policy policy_path = (concat 'kms.regions' region 'keys' @key 'policy')}}
     {{else}}
       <h4 class="list-group-item-heading accordion-heading text-secondary">Key Policy</h4>

From 5b9c0b80849ea6ca679d5a84c55ff3ad685dc9f6 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Tue, 11 Feb 2020 18:36:38 +0100
Subject: [PATCH 057/145] Improve parsing

---
 ScoutSuite/providers/aws/facade/kms.py | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/ScoutSuite/providers/aws/facade/kms.py b/ScoutSuite/providers/aws/facade/kms.py
index afc895946..c85e246ca 100644
--- a/ScoutSuite/providers/aws/facade/kms.py
+++ b/ScoutSuite/providers/aws/facade/kms.py
@@ -13,7 +13,10 @@ async def get_keys(self, region: str):
         try:
             keys = await AWSFacadeUtils.get_all_pages('kms', region, self.session, 'list_keys', 'Keys')
             await get_and_set_concurrently(
-                [self._get_and_set_key_policy, self._get_and_set_key_metadata, self._get_and_set_key_rotation_status],
+                [self._get_and_set_key_policy,
+                 self._get_and_set_key_metadata,
+                 self._get_and_set_key_rotation_status,
+                 self._get_and_set_key_aliases],
                 keys, region=region)
         except Exception as e:
             print_exception('Failed to get KMS keys: {}'.format(e))
@@ -46,12 +49,15 @@ async def _get_and_set_key_metadata(self, key: {}, region: str):
         except Exception as e:
             print_exception('Failed to describe KMS key: {}'.format(e))
 
-    async def get_aliases(self, region: str):
+    async def _get_and_set_key_aliases(self, key: {}, region: str):
+        client = AWSFacadeUtils.get_client('kms', self.session, region)
         try:
-            return await AWSFacadeUtils.get_all_pages('kms', region, self.session, 'list_aliases', 'Aliases')
+            response = await run_concurrently(
+                lambda: client.list_aliases(KeyId=key['KeyId'])
+            )
+            key['aliases'] = response.get('Aliases')
         except Exception as e:
-            print_exception('Failed to list KMS Aliases: {}'.format(e))
-            return []
+            print_exception('Failed to get KMS aliases: {}'.format(e))
 
     async def get_grants(self, region: str, key_id: str):
         try:

From ef9e37186f2718db403fda31b45eb0d071c4170a Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Tue, 11 Feb 2020 18:36:44 +0100
Subject: [PATCH 058/145] Improve parsing

---
 ScoutSuite/providers/aws/resources/kms/keys.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/ScoutSuite/providers/aws/resources/kms/keys.py b/ScoutSuite/providers/aws/resources/kms/keys.py
index 02a6bdde3..663f174bb 100644
--- a/ScoutSuite/providers/aws/resources/kms/keys.py
+++ b/ScoutSuite/providers/aws/resources/kms/keys.py
@@ -1,5 +1,6 @@
 from ScoutSuite.providers.aws.facade.base import AWSFacade
 from ScoutSuite.providers.aws.resources.base import AWSCompositeResources
+from ScoutSuite.providers.utils import get_non_provider_id
 from .grants import Grants
 
 
@@ -44,4 +45,18 @@ def _parse_key(self, raw_key):
             key_dict['key_manager'] = raw_key['metadata']['KeyMetadata']['KeyManager'] if len(
                 raw_key['metadata']['KeyMetadata']['KeyManager'].strip()) > 0 else None
 
+        key_dict['aliases'] = {}
+        for raw_alias in raw_key.get('aliases', []):
+            alias_id, alias = self._parse_alias(raw_alias)
+            key_dict['aliases'][alias_id] = alias
+
         return key_dict['id'], key_dict
+
+    def _parse_alias(self, raw_alias):
+        alias_dict = {
+            # all KMS Aliases are prefixed with alias/, so we'll strip that off
+            'id': get_non_provider_id(raw_alias.get('AliasArn')),
+            'name': raw_alias.get('AliasName').split('alias/', 1)[-1],
+            'arn': raw_alias.get('AliasArn'),
+            'key_id': raw_alias.get('TargetKeyId')}
+        return alias_dict['id'], alias_dict

From 6518cdee82e054ca54d9d853b8fc457775567068 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Tue, 11 Feb 2020 18:48:55 +0100
Subject: [PATCH 059/145] Merge

---
 ScoutSuite/providers/aws/resources/kms/base.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/ScoutSuite/providers/aws/resources/kms/base.py b/ScoutSuite/providers/aws/resources/kms/base.py
index ffce9ca95..bc318763d 100644
--- a/ScoutSuite/providers/aws/resources/kms/base.py
+++ b/ScoutSuite/providers/aws/resources/kms/base.py
@@ -1,13 +1,11 @@
 from ScoutSuite.providers.aws.facade.base import AWSFacade
 from ScoutSuite.providers.aws.resources.regions import Regions
 
-from .aliases import Aliases
 from .keys import Keys
 
 
 class KMS(Regions):
     _children = [
-        (Aliases, 'aliases'),
         (Keys, 'keys'),
     ]
 

From 98321fe84d8e567fb72f9c9d7eef0a9d8213a7ee Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 12 Feb 2020 16:41:49 +0100
Subject: [PATCH 060/145] Bug fix

---
 ScoutSuite/providers/azure/facade/storageaccounts.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ScoutSuite/providers/azure/facade/storageaccounts.py b/ScoutSuite/providers/azure/facade/storageaccounts.py
index 60ffba705..f37492e67 100644
--- a/ScoutSuite/providers/azure/facade/storageaccounts.py
+++ b/ScoutSuite/providers/azure/facade/storageaccounts.py
@@ -41,7 +41,7 @@ async def get_blob_containers(self, resource_group_name, storage_account_name, s
             return containers
 
     async def _get_and_set_activity_logs(self, storage_account, subscription_id: str):
-        client = MonitorManagementClient(self.credentials, subscription_id)
+        client = MonitorManagementClient(self.credentials.arm_credentials, subscription_id)
 
         # Time format used by Azure API:
         time_format = "%Y-%m-%dT%H:%M:%S.%f"

From 12aa6bd2cf1acfb4c7ed6e3ca2f569742798f363 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 12 Feb 2020 18:05:42 +0100
Subject: [PATCH 061/145] Handle uniform bucket ACLs

---
 ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
index 79b772735..5cdac47a6 100644
--- a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
+++ b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
@@ -26,7 +26,10 @@ def _parse_bucket(self, raw_bucket):
         bucket_dict['versioning_status_enabled'] = raw_bucket.versioning_enabled
         bucket_dict['uniform_bucket_level_access'] = raw_bucket.iam_configuration['bucketPolicyOnly']['enabled']
         bucket_dict['logging_enabled'] = raw_bucket.logging is not None
-        bucket_dict['acls'] = list(raw_bucket.acl)
+        if bucket_dict['uniform_bucket_level_access']:
+            bucket_dict['acls'] = None
+        else:
+            bucket_dict['acls'] = list(raw_bucket.acl)
         bucket_dict['acl_configuration'] = self._get_cloudstorage_bucket_acl(raw_bucket)  # FIXME this should be "IAM"
         return bucket_dict['id'], bucket_dict
 

From e770dcbaf03b09cb8646a37596218150b81f34b1 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 12 Feb 2020 18:10:55 +0100
Subject: [PATCH 062/145] Fix GCS versioning

---
 .../gcp/rules/findings/cloudstorage-bucket-no-versioning.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-versioning.json b/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-versioning.json
index a9860ade0..ab6db4a86 100644
--- a/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-versioning.json
+++ b/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-versioning.json
@@ -4,7 +4,7 @@
     "rationale": "<b>Description:</b><br><br>Enable Object Versioning to protect Cloud Storage data from being overwritten or accidentally deleted.",
     "path": "cloudstorage.projects.id.buckets.id",
     "conditions": [ "and",
-        [ "cloudstorage.projects.id.buckets.id.versioning_status_enabled", "false", "" ]
+        [ "cloudstorage.projects.id.buckets.id.versioning_enabled", "false", "" ]
     ],
-    "id_suffix": "versioning"
+    "id_suffix": "versioning_enabled"
 }

From 995522a741a3e0c074e3d2cadfbb7966f60ec910 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 12 Feb 2020 18:11:47 +0100
Subject: [PATCH 063/145] Fix GCS versioning

---
 .../partials/gcp/services.cloudstorage.projects.id.buckets.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html b/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
index 6484528b8..fa8171175 100644
--- a/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
+++ b/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
@@ -11,7 +11,7 @@ <h4 class="list-group-item-heading">Information</h4>
         <div class="list-group-item-text item-margin">Location: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.location">{{location}}</span></div>
         <div class="list-group-item-text item-margin">Storage Class: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.storage_class">{{storage_class}}</span></div>
         <div class="list-group-item-text item-margin">Logging: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.logging_enabled">{{convert_bool_to_enabled logging_enabled}}</span></div>
-        <div class="list-group-item-text item-margin">Versioning: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.versioning">{{convert_bool_to_enabled versioning_status}}</span></div>
+        <div class="list-group-item-text item-margin">Versioning: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.versioning_enabled">{{convert_bool_to_enabled versioning_enabled}}</span></div>
         <div class="list-group-item-text item-margin">Uniform Bucket-Level Access: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.uniform_bucket_level_access">{{convert_bool_to_enabled uniform_bucket_level_access}}</span></div>
     </div>
     <div class="list-group-item">

From de692103ffb472cb0a1087ba7d8cfbd177da7409 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 12 Feb 2020 18:11:54 +0100
Subject: [PATCH 064/145] Fix GCS versioning

---
 ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
index 5cdac47a6..61d0cfbf5 100644
--- a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
+++ b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
@@ -23,7 +23,7 @@ def _parse_bucket(self, raw_bucket):
         bucket_dict['creation_date'] = raw_bucket.time_created
         bucket_dict['location'] = raw_bucket.location
         bucket_dict['storage_class'] = raw_bucket.storage_class.lower()
-        bucket_dict['versioning_status_enabled'] = raw_bucket.versioning_enabled
+        bucket_dict['versioning_enabled'] = raw_bucket.versioning_enabled
         bucket_dict['uniform_bucket_level_access'] = raw_bucket.iam_configuration['bucketPolicyOnly']['enabled']
         bucket_dict['logging_enabled'] = raw_bucket.logging is not None
         if bucket_dict['uniform_bucket_level_access']:

From 31bc439cd6e259959b51e05ede51405941ea7ad7 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 12 Feb 2020 18:15:33 +0100
Subject: [PATCH 065/145] Improve partial

---
 .../gcp/services.cloudstorage.projects.id.buckets.html    | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html b/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
index fa8171175..bf6085126 100644
--- a/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
+++ b/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
@@ -6,10 +6,10 @@ <h4 class="list-group-item-heading">{{name}}</h4>
     </div>
     <div class="list-group-item">
         <h4 class="list-group-item-heading">Information</h4>
-        <div class="list-group-item-text item-margin">Project ID: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.project_id">{{project_id}}</span></div>
-        <div class="list-group-item-text item-margin">Creation Date: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.creation_date">{{creation_date}}</span></div>
-        <div class="list-group-item-text item-margin">Location: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.location">{{location}}</span></div>
-        <div class="list-group-item-text item-margin">Storage Class: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.storage_class">{{storage_class}}</span></div>
+        <div class="list-group-item-text item-margin">Project ID: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.project_id"><samp>{{project_id}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Creation Date: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.creation_date">{{format_date creation_date}}</span></div>
+        <div class="list-group-item-text item-margin">Location: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.location"><samp>{{location}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Storage Class: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.storage_class"><samp>{{storage_class}}</samp></span></div>
         <div class="list-group-item-text item-margin">Logging: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.logging_enabled">{{convert_bool_to_enabled logging_enabled}}</span></div>
         <div class="list-group-item-text item-margin">Versioning: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.versioning_enabled">{{convert_bool_to_enabled versioning_enabled}}</span></div>
         <div class="list-group-item-text item-margin">Uniform Bucket-Level Access: <span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.uniform_bucket_level_access">{{convert_bool_to_enabled uniform_bucket_level_access}}</span></div>

From 5f32f241cc4e1afd11e80ca7d038343cb975eec3 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 12 Feb 2020 18:32:42 +0100
Subject: [PATCH 066/145] Include default object acls

---
 ...services.cloudstorage.projects.id.buckets.html | 15 +++++++++++++++
 .../gcp/resources/cloudstorage/buckets.py         |  4 +++-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html b/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
index bf6085126..9a8240b65 100644
--- a/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
+++ b/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
@@ -46,6 +46,21 @@ <h4 class="list-group-item-heading"><span id="cloudstorage.projects.{{@../key}}.
             </ul>
         </div>
     </div>
+    <div class="list-group-item">
+        <h4 class="list-group-item-heading"><span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.object_acls">Default Object ACL Permissions</span></h4>
+        <div class="accordion-inner">
+            <ul>
+                {{#each default_object_acl}}
+                <li><samp>{{entity}}</samp></span></li>
+                <ul>
+                    <li><samp>{{role}}</samp></li>
+                </ul>
+                {{else}}
+                <li><samp>None</samp></li>
+                {{/each}}
+            </ul>
+        </div>
+    </div>
 </script>
 
 <script>
diff --git a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
index 61d0cfbf5..50f582a85 100644
--- a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
+++ b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
@@ -24,12 +24,14 @@ def _parse_bucket(self, raw_bucket):
         bucket_dict['location'] = raw_bucket.location
         bucket_dict['storage_class'] = raw_bucket.storage_class.lower()
         bucket_dict['versioning_enabled'] = raw_bucket.versioning_enabled
-        bucket_dict['uniform_bucket_level_access'] = raw_bucket.iam_configuration['bucketPolicyOnly']['enabled']
         bucket_dict['logging_enabled'] = raw_bucket.logging is not None
+        bucket_dict['uniform_bucket_level_access'] = raw_bucket.iam_configuration['bucketPolicyOnly']['enabled']
         if bucket_dict['uniform_bucket_level_access']:
             bucket_dict['acls'] = None
+            bucket_dict['default_object_acl'] = None
         else:
             bucket_dict['acls'] = list(raw_bucket.acl)
+            bucket_dict['default_object_acl'] = list(raw_bucket.default_object_acl)
         bucket_dict['acl_configuration'] = self._get_cloudstorage_bucket_acl(raw_bucket)  # FIXME this should be "IAM"
         return bucket_dict['id'], bucket_dict
 

From 540b89169bbe064eb17958e4ed7afba8fd5a9f7f Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 12 Feb 2020 18:40:45 +0100
Subject: [PATCH 067/145] Simplify parsing

---
 ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
index 50f582a85..757f5c463 100644
--- a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
+++ b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
@@ -27,8 +27,8 @@ def _parse_bucket(self, raw_bucket):
         bucket_dict['logging_enabled'] = raw_bucket.logging is not None
         bucket_dict['uniform_bucket_level_access'] = raw_bucket.iam_configuration['bucketPolicyOnly']['enabled']
         if bucket_dict['uniform_bucket_level_access']:
-            bucket_dict['acls'] = None
-            bucket_dict['default_object_acl'] = None
+            bucket_dict['acls'] = []
+            bucket_dict['default_object_acl'] = []
         else:
             bucket_dict['acls'] = list(raw_bucket.acl)
             bucket_dict['default_object_acl'] = list(raw_bucket.default_object_acl)

From 0d64e8a26f470451e98bd5a110927ca5228d5b59 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 12 Feb 2020 19:00:11 +0100
Subject: [PATCH 068/145] Improve code quality

---
 ScoutSuite/providers/gcp/facade/kms.py | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/ScoutSuite/providers/gcp/facade/kms.py b/ScoutSuite/providers/gcp/facade/kms.py
index d376c2626..66a6568d2 100644
--- a/ScoutSuite/providers/gcp/facade/kms.py
+++ b/ScoutSuite/providers/gcp/facade/kms.py
@@ -1,9 +1,9 @@
 from google.cloud import kms
 
 from ScoutSuite.core.console import print_exception
-from ScoutSuite.providers.utils import run_concurrently
 from ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade
 from ScoutSuite.providers.gcp.facade.utils import GCPFacadeUtils
+from ScoutSuite.providers.utils import run_concurrently
 
 
 class KMSFacade(GCPBaseFacade):
@@ -31,7 +31,8 @@ async def list_key_rings(self, project_id: str):
             key_rings = {}
             for l in locations:
                 parent = self.cloud_client.location_path(project_id, l['locationId'])
-                key_rings[l['locationId']] = await run_concurrently(lambda: list(self.cloud_client.list_key_rings(parent)))
+                key_rings[l['locationId']] = await run_concurrently(
+                    lambda: list(self.cloud_client.list_key_rings(parent)))
             return key_rings
         except Exception as e:
             print_exception('Failed to retrieve KMS key rings: {}'.format(e))
@@ -41,14 +42,11 @@ async def list_keys(self, project_id: str, location: str, keyring_name: str):
 
         try:
             parent = self.cloud_client.key_ring_path(project_id, location, keyring_name)
-            # keys = await run_concurrently(lambda: list(self.cloud_client.list_crypto_keys(parent)))
-            # return keys
 
             kms_client = self._get_client()
             cryptokeys = kms_client.projects().locations().keyRings().cryptoKeys()
             request = cryptokeys.list(parent=parent)
             return await GCPFacadeUtils.get_all('cryptoKeys', request, cryptokeys)
-
         except Exception as e:
             print_exception('Failed to retrieve KMS keys for key ring {}: {}'.format(keyring_name, e))
             return []

From 096f3c11c4cf87d928a07d1a9775eecae07039ea Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 12 Feb 2020 19:06:02 +0100
Subject: [PATCH 069/145] Improve code quality

---
 ScoutSuite/providers/gcp/facade/kms.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ScoutSuite/providers/gcp/facade/kms.py b/ScoutSuite/providers/gcp/facade/kms.py
index 66a6568d2..427b5867e 100644
--- a/ScoutSuite/providers/gcp/facade/kms.py
+++ b/ScoutSuite/providers/gcp/facade/kms.py
@@ -42,7 +42,6 @@ async def list_keys(self, project_id: str, location: str, keyring_name: str):
 
         try:
             parent = self.cloud_client.key_ring_path(project_id, location, keyring_name)
-
             kms_client = self._get_client()
             cryptokeys = kms_client.projects().locations().keyRings().cryptoKeys()
             request = cryptokeys.list(parent=parent)

From 59df5d84aa1d8d5ba882170c88a3196fd346d0b9 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Wed, 12 Feb 2020 19:23:00 +0100
Subject: [PATCH 070/145] Improve partial

---
 .../gcp/services.cloudstorage.projects.id.buckets.html      | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html b/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
index 9a8240b65..cab97f90d 100644
--- a/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
+++ b/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
@@ -36,7 +36,7 @@ <h4 class="list-group-item-heading"><span id="cloudstorage.projects.{{@../key}}.
         <div class="accordion-inner">
             <ul>
                 {{#each acls}}
-                <li><samp>{{entity}}</samp></span></li>
+                <li><samp>{{entity}}</samp></li>
                 <ul>
                     <li><samp>{{role}}</samp></li>
                 </ul>
@@ -47,11 +47,11 @@ <h4 class="list-group-item-heading"><span id="cloudstorage.projects.{{@../key}}.
         </div>
     </div>
     <div class="list-group-item">
-        <h4 class="list-group-item-heading"><span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.object_acls">Default Object ACL Permissions</span></h4>
+        <h4 class="list-group-item-heading"><span id="cloudstorage.projects.{{@../key}}.buckets.{{@key}}.default_object_acls">Default Object ACL Permissions</span></h4>
         <div class="accordion-inner">
             <ul>
                 {{#each default_object_acl}}
-                <li><samp>{{entity}}</samp></span></li>
+                <li><span id="cloudstorage.projects.{{@../../key}}.buckets.{{@../key}}.default_object_acl.{{@key}}.{{entity}}"><samp>{{entity}}</samp></span></li>
                 <ul>
                     <li><samp>{{role}}</samp></li>
                 </ul>

From f9056677a3c7be68f2c889bf3bdc95c8e6c03392 Mon Sep 17 00:00:00 2001
From: Nick Klauer <nklauer@zendesk.com>
Date: Wed, 12 Feb 2020 20:31:51 -0600
Subject: [PATCH 071/145] fix: autopep8 support + fixes

---
 .travis.yml                                       | 2 +-
 ScoutSuite/providers/aliyun/resources/vpc/vpcs.py | 2 +-
 ScoutSuite/providers/aws/resources/elb/vpcs.py    | 2 +-
 ScoutSuite/providers/gcp/facade/cloudsql.py       | 1 -
 tests/test-core.py                                | 2 +-
 tests/test-output.py                              | 2 +-
 6 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 30fdacbb5..1e72ec433 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -29,7 +29,7 @@ install:
 before_script:
   # Stop the build if there are Python syntax errors or undefined names
   - flake8 .
-  - autopep8 --diff --recursive .
+  - autopep8 --diff --recursive --max-line-length 127 .
 
 # Command to run tests
 script:
diff --git a/ScoutSuite/providers/aliyun/resources/vpc/vpcs.py b/ScoutSuite/providers/aliyun/resources/vpc/vpcs.py
index 083670c5f..9c4bb7139 100644
--- a/ScoutSuite/providers/aliyun/resources/vpc/vpcs.py
+++ b/ScoutSuite/providers/aliyun/resources/vpc/vpcs.py
@@ -37,4 +37,4 @@ def _parse_vpcs(self, raw_vpc):
         vpc_dict['cidr_block'] = raw_vpc.get('CidrBlock')
         vpc_dict['is_default'] = raw_vpc.get('IsDefault')
 
-        return vpc_dict['id'], vpc_dict
\ No newline at end of file
+        return vpc_dict['id'], vpc_dict
diff --git a/ScoutSuite/providers/aws/resources/elb/vpcs.py b/ScoutSuite/providers/aws/resources/elb/vpcs.py
index 42154673c..945cfa746 100644
--- a/ScoutSuite/providers/aws/resources/elb/vpcs.py
+++ b/ScoutSuite/providers/aws/resources/elb/vpcs.py
@@ -5,4 +5,4 @@
 class ELBVpcs(Vpcs):
     _children = [
         (LoadBalancers, 'elbs'),
-    ]
\ No newline at end of file
+    ]
diff --git a/ScoutSuite/providers/gcp/facade/cloudsql.py b/ScoutSuite/providers/gcp/facade/cloudsql.py
index 051d44150..d8901f8c7 100644
--- a/ScoutSuite/providers/gcp/facade/cloudsql.py
+++ b/ScoutSuite/providers/gcp/facade/cloudsql.py
@@ -37,4 +37,3 @@ async def get_users(self, project_id: str, instance_name: str):
         except Exception as e:
             print_exception('Failed to retrieve database instance users: {}'.format(e))
             return []
-        
\ No newline at end of file
diff --git a/tests/test-core.py b/tests/test-core.py
index db731c7d4..0c6a93e8a 100644
--- a/tests/test-core.py
+++ b/tests/test-core.py
@@ -34,4 +34,4 @@ def test_prompt_overwrite(self):
 
     def test_prompt_value(self):
         assert (prompt_value(question='', max_laps=1, test_input='test', is_question=True, choices=['test']) is None)
-        assert (prompt_value(question='', max_laps=1, test_input='test', is_question=True, choices=['test'], no_confirm=True) == 'test')
\ No newline at end of file
+        assert (prompt_value(question='', max_laps=1, test_input='test', is_question=True, choices=['test'], no_confirm=True) == 'test')
diff --git a/tests/test-output.py b/tests/test-output.py
index 5de47cbcf..a7832aafd 100644
--- a/tests/test-output.py
+++ b/tests/test-output.py
@@ -23,4 +23,4 @@ def test_get_filename(self):
         assert ('scoutsuite-report/scoutsuite-results/scoutsuite_exceptions.js' in get_filename("EXCEPTIONS"))
         assert ('scoutsuite-results/scoutsuite_exceptions.js' in get_filename("EXCEPTIONS", relative_path=True))
         assert ('scoutsuite-report/scoutsuite-results/scoutsuite_errors.json' in get_filename("ERRORS"))
-        assert ('scoutsuite-results/scoutsuite_errors.json' in get_filename("ERRORS", relative_path=True))
\ No newline at end of file
+        assert ('scoutsuite-results/scoutsuite_errors.json' in get_filename("ERRORS", relative_path=True))

From a4510d58c9f647605463df1624ce7cc895834ca2 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Thu, 13 Feb 2020 13:08:57 +0100
Subject: [PATCH 072/145] Improve partials

---
 ....cloudresourcemanager.projects.id.bindings.html |  4 ++--
 .../services.iam.projects.id.service_accounts.html | 14 +++++++-------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/ScoutSuite/output/data/html/partials/gcp/services.cloudresourcemanager.projects.id.bindings.html b/ScoutSuite/output/data/html/partials/gcp/services.cloudresourcemanager.projects.id.bindings.html
index 93158386b..db368d8e3 100644
--- a/ScoutSuite/output/data/html/partials/gcp/services.cloudresourcemanager.projects.id.bindings.html
+++ b/ScoutSuite/output/data/html/partials/gcp/services.cloudresourcemanager.projects.id.bindings.html
@@ -6,7 +6,7 @@ <h4 class="list-group-item-heading">{{name}}</h4>
     </div>
     <div class="list-group-item">
         <h4 class="list-group-item-heading">Information</h4>
-        <div class="list-group-item-text item-margin">Role Name: <span id="cloudresourcemanager.projects.{{@../key}}.bindings.{{@key}}.name">{{name}}</span></div>
+        <div class="list-group-item-text item-margin">Role Name: <span id="cloudresourcemanager.projects.{{@../key}}.bindings.{{@key}}.name"><samp>{{name}}</samp></span></div>
     </div>
     <div class="list-group-item">
         <h4 class="list-group-item-heading">Bindings</h4>
@@ -14,7 +14,7 @@ <h5 class="list-group-item-heading">Attached Users:</h5>
         <div id="cloudresourcemanager.projects.{{@../key}}.bindings.{{@key}}.users" class="accordion-inner">
             <ul>
                 {{#each members.users}}
-                <li><samp>{{this}}</samp></li>
+                <li><samp><samp>{{this}}</samp></samp></li>
                 {{else}}
                 <li><samp>None</samp></li>
                 {{/each}}
diff --git a/ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.service_accounts.html b/ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.service_accounts.html
index 7f6ab3067..b853cf4fc 100644
--- a/ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.service_accounts.html
+++ b/ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.service_accounts.html
@@ -6,11 +6,11 @@ <h4 class="list-group-item-heading">{{name}}</h4>
     </div>
     <div class="list-group-item">
         <h4 class="list-group-item-heading">Information</h4>
-        <div class="list-group-item-text item-margin">Project: <span id="iam.projects.{{@../key}}.service_accounts.{{@key}}.project_id">{{project_id}}</span></div>
-        <div class="list-group-item-text item-margin">ID: <span id="iam.projects.{{@../key}}.service_accounts.{{@key}}.id">{{id}}</span></div>
-        <div class="list-group-item-text item-margin">email: <span id="iam.projects.{{@../key}}.service_accounts.{{@key}}.email">{{email}}</span></div>
-        <div class="list-group-item-text item-margin">Display Name: <span id="iam.projects.{{@../key}}.service_accounts.{{@key}}.display_name">{{display_name}}</span></div>
-        <div class="list-group-item-text item-margin">Default Service Account: <span id="iam.projects.{{@../key}}.service_accounts.{{@key}}.default_service_account">{{default_service_account}}</span></div>
+        <div class="list-group-item-text item-margin">ID: <span id="iam.projects.{{@../key}}.service_accounts.{{@key}}.id"><samp>{{id}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Project: <span id="iam.projects.{{@../key}}.service_accounts.{{@key}}.project_id"><samp>{{project_id}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Email: <span id="iam.projects.{{@../key}}.service_accounts.{{@key}}.email"><samp>{{email}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Display Name: <span id="iam.projects.{{@../key}}.service_accounts.{{@key}}.display_name"><samp>{{display_name}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Default Service Account: <span id="iam.projects.{{@../key}}.service_accounts.{{@key}}.default_service_account"><samp>{{default_service_account}}</samp></span></div>
     </div>
     <div class="list-group-item">
         <h4 class="list-group-item-heading"><span id="iam.projects.{{@../key}}.service_accounts.{{@key}}.keys">Keys:</span></h4>
@@ -21,8 +21,8 @@ <h4 class="list-group-item-heading"><span id="iam.projects.{{@../key}}.service_a
                 <ul>
                     <li id="iam.projects.{{@../../key}}.service_accounts.{{@../key}}.keys.{{@key}}.key_type">Key Type: <samp>{{key_type}}</samp></li>
                     <li id="iam.projects.{{@../../key}}.service_accounts.{{@../key}}.keys.{{@key}}.algorithm">Key Algorithm: <samp>{{key_algorithm}}</samp></li>
-                    <li id="iam.projects.{{@../../key}}.service_accounts.{{@../key}}.keys.{{@key}}.valid_before">Valid Before: {{valid_before}}</li>
-                    <li id="iam.projects.{{@../../key}}.service_accounts.{{@../key}}.keys.{{@key}}.valid_after">Valid After: {{valid_after}}</li>
+                    <li id="iam.projects.{{@../../key}}.service_accounts.{{@../key}}.keys.{{@key}}.valid_before">Valid Before: {{format_date valid_before}}</li>
+                    <li id="iam.projects.{{@../../key}}.service_accounts.{{@../key}}.keys.{{@key}}.valid_after">Valid After: {{format_date valid_after}}</li>
                 </ul>
                 {{else}}
                 <li><samp>None</samp></li>

From 1fff0974e26b136424da4bd689cf406352775a25 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Thu, 13 Feb 2020 19:26:57 +0100
Subject: [PATCH 073/145] Update suffix

---
 .../findings/cloudresourcemanager-primitive-role-in-use.json    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-primitive-role-in-use.json b/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-primitive-role-in-use.json
index 3e0812b68..9849f3f64 100644
--- a/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-primitive-role-in-use.json
+++ b/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-primitive-role-in-use.json
@@ -5,5 +5,5 @@
   "conditions": [ "and",
     [ "cloudresourcemanager.projects.id.bindings.id.name", "containAtLeastOneOf", ["owner", "editor", "viewer"] ]
   ],
-  "id_suffix": "this"
+  "id_suffix": "name"
 }

From 7a30e7eb5034275f54b97f6602f560a1a6401c06 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Thu, 13 Feb 2020 19:27:05 +0100
Subject: [PATCH 074/145] Improve partial

---
 ...es.cloudresourcemanager.projects.id.bindings.html | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/ScoutSuite/output/data/html/partials/gcp/services.cloudresourcemanager.projects.id.bindings.html b/ScoutSuite/output/data/html/partials/gcp/services.cloudresourcemanager.projects.id.bindings.html
index db368d8e3..3b2eb23ca 100644
--- a/ScoutSuite/output/data/html/partials/gcp/services.cloudresourcemanager.projects.id.bindings.html
+++ b/ScoutSuite/output/data/html/partials/gcp/services.cloudresourcemanager.projects.id.bindings.html
@@ -10,8 +10,8 @@ <h4 class="list-group-item-heading">Information</h4>
     </div>
     <div class="list-group-item">
         <h4 class="list-group-item-heading">Bindings</h4>
-        <h5 class="list-group-item-heading">Attached Users:</h5>
-        <div id="cloudresourcemanager.projects.{{@../key}}.bindings.{{@key}}.users" class="accordion-inner">
+        <h5  id="cloudresourcemanager.projects.{{@../key}}.bindings.{{@key}}.users" class="list-group-item-heading">Attached Users:</h5>
+        <div class="accordion-inner">
             <ul>
                 {{#each members.users}}
                 <li><samp><samp>{{this}}</samp></samp></li>
@@ -20,8 +20,8 @@ <h5 class="list-group-item-heading">Attached Users:</h5>
                 {{/each}}
             </ul>
         </div>
-        <h5 class="list-group-item-heading">Attached Groups:</h5>
-        <div id="cloudresourcemanager.projects.{{@../key}}.bindings.{{@key}}.groups" class="accordion-inner">
+        <h5  id="cloudresourcemanager.projects.{{@../key}}.bindings.{{@key}}.groups" class="list-group-item-heading">Attached Groups:</h5>
+        <div class="accordion-inner">
             <ul>
                 {{#each members.groups}}
                 <li><samp>{{this}}</samp></li>
@@ -34,9 +34,7 @@ <h5  id="cloudresourcemanager.projects.{{@../key}}.bindings.{{@key}}.service_acc
         <div class="accordion-inner">
             <ul>
                 {{#each members.service_accounts}}
-                <li>
-                    <span id="cloudresourcemanager.projects.{{@../key}}.bindings.{{@key}}.service_accounts.{{this}}"><samp>{{this}}</samp></span>
-                </li>
+                <li><samp>{{this}}</samp></li>
                 {{else}}
                 <li><samp>None</samp></li>
                 {{/each}}

From e049394f08ea5db3c67f49b494c669568fc5eff8 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Thu, 13 Feb 2020 19:27:26 +0100
Subject: [PATCH 075/145] Remove broken condition (didn't include user-managed
 default SAs)

---
 .../cloudresourcemanager-sa-has-admin-privileges.json        | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-sa-has-admin-privileges.json b/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-sa-has-admin-privileges.json
index a3dc053be..80e911a09 100644
--- a/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-sa-has-admin-privileges.json
+++ b/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-sa-has-admin-privileges.json
@@ -8,10 +8,7 @@
       [ "cloudresourcemanager.projects.id.bindings.id.name", "containAtLeastOneOf", ["editor", "owner"]],
       [ "cloudresourcemanager.projects.id.bindings.id.name", "match", ".*admin"]
     ],
-    [ "and", 
-      ["cloudresourcemanager.projects.id.bindings.id.members.service_accounts", "notEmpty", ""],
-      ["cloudresourcemanager.projects.id.bindings.id.members.service_accounts", "match", ".+@.+[.]iam[.]gserviceaccount[.]com"]
-    ]
+    ["cloudresourcemanager.projects.id.bindings.id.members.service_accounts", "notEmpty", ""]
   ],
   "id_suffix": "service_accounts"
 }

From 32abeeef8664ee5d7a76039cfde9c0361b548776 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Thu, 13 Feb 2020 19:36:42 +0100
Subject: [PATCH 076/145] Improve rationales

---
 .../findings/cloudresourcemanager-primitive-role-in-use.json    | 1 +
 .../findings/cloudresourcemanager-sa-has-admin-privileges.json  | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-primitive-role-in-use.json b/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-primitive-role-in-use.json
index 9849f3f64..f9b896276 100644
--- a/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-primitive-role-in-use.json
+++ b/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-primitive-role-in-use.json
@@ -1,6 +1,7 @@
 {
   "dashboard_name": "Bindings",
   "description": "Primitive Role In Use",
+  "rationale": "<b>Description:</b><br><br>Primitive roles grant significant privileges. In most cases, usage of these roles is not recommended and does not follow security best practice.<br><br><b>Note: </b>This rule may flag Google-Managed Service Accounts. Google services rely on these Service Accounts having access to the project, and recommends not removing or changing the Service Account's role (see https://cloud.google.com/iam/docs/service-accounts#google-managed).<br><br><b>References:</b><ul><li>CIS Google Cloud Platform Foundations v1.0.0 1.4</li></ul>",
   "path": "cloudresourcemanager.projects.id.bindings.id",
   "conditions": [ "and",
     [ "cloudresourcemanager.projects.id.bindings.id.name", "containAtLeastOneOf", ["owner", "editor", "viewer"] ]
diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-sa-has-admin-privileges.json b/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-sa-has-admin-privileges.json
index 80e911a09..65b298a43 100644
--- a/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-sa-has-admin-privileges.json
+++ b/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-sa-has-admin-privileges.json
@@ -1,7 +1,7 @@
 {
   "dashboard_name": "Bindings",
   "description": "Service Account with Admin Privileges",
-  "rationale": "<b>Description:</b><br><br>Service accounts represent service-level security of the Resources (application or a VM) which can be determined by the roles assigned to it. Enrolling ServiceAccount with Admin rights gives full access to assigned application or a VM, ServiceAccount Access holder can user, so It's recommended not to have Admin rights.<br><br><b>References:</b><ul><li>CIS Google Cloud Platform Foundations v1.0.0 1.4</li></ul>",
+  "rationale": "<b>Description:</b><br><br>Service accounts represent service-level security of the Resources (application or a VM) which can be determined by the roles assigned to it. Enrolling Service Accounts with administrative privileges grants full access to assigned application or a VM, Service Account Access holder can user.<br><br><b>Note: </b>This rule may flag Google-Managed Service Accounts. Google services rely on these Service Accounts having access to the project, and recommends not removing or changing the Service Account's role (see https://cloud.google.com/iam/docs/service-accounts#google-managed).<br><br><b>References:</b><ul><li>CIS Google Cloud Platform Foundations v1.0.0 1.4</li></ul>",
   "path": "cloudresourcemanager.projects.id.bindings.id",
   "conditions": [ "and",
     [ "or", 

From 9fdb43d3bf1a1542d93512e43c5c56f0ee97f26c Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Thu, 13 Feb 2020 21:00:45 +0100
Subject: [PATCH 077/145] Fix ruleset

---
 ScoutSuite/providers/aws/rules/rulesets/detailed.json | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/ScoutSuite/providers/aws/rules/rulesets/detailed.json b/ScoutSuite/providers/aws/rules/rulesets/detailed.json
index d3473fa1f..ce0e62b85 100644
--- a/ScoutSuite/providers/aws/rules/rulesets/detailed.json
+++ b/ScoutSuite/providers/aws/rules/rulesets/detailed.json
@@ -1,12 +1,21 @@
 {
     "about": "This ruleset consists of numerous rules that are considered standard by NCC Group. The rules enabled range from violations of well-known security best practices to gaps resulting from less-known security implications of provider-specific mechanisms. Additional rules exist, some of them requiring extra-parameters to be configured, and some of them being applicable to a limited number of users.",
     "rules": {
-        "certificate-with-transparancy-logging-disabled.json": [
+        "acm-certificate-with-transparency-logging-disabled.json": [
             {
                 "enabled": true,
                 "level": "warning"
             }
         ],
+        "acm-certificate-with-close-expiration-date.json": [
+            {
+                "args": [
+                    "7"
+                ],
+                "enabled": true,
+                "level": "warning"
+            }
+        ],
         "cloudformation-stack-with-role.json": [
             {
                 "enabled": true,

From c2b4195edcf521cf1c63963e1b921133cb21b6c6 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Thu, 13 Feb 2020 21:01:34 +0100
Subject: [PATCH 078/145] Fix ruleset

---
 ScoutSuite/providers/aws/rules/rulesets/detailed.json | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/ScoutSuite/providers/aws/rules/rulesets/detailed.json b/ScoutSuite/providers/aws/rules/rulesets/detailed.json
index d3fc7e0d2..deace41a0 100644
--- a/ScoutSuite/providers/aws/rules/rulesets/detailed.json
+++ b/ScoutSuite/providers/aws/rules/rulesets/detailed.json
@@ -1,7 +1,16 @@
 {
     "about": "This ruleset consists of numerous rules that are considered standard by NCC Group. The rules enabled range from violations of well-known security best practices to gaps resulting from less-known security implications of provider-specific mechanisms. Additional rules exist, some of them requiring extra-parameters to be configured, and some of them being applicable to a limited number of users.",
     "rules": {
-        "certificate-with-transparancy-logging-disabled.json": [
+        "acm-certificate-with-close-expiration-date.json": [
+            {
+                "args": [
+                    "7"
+                ],
+                "enabled": true,
+                "level": "warning"
+            }
+        ],
+        "acm-certificate-with-transparency-logging-disabled.json": [
             {
                 "enabled": true,
                 "level": "warning"

From 589b90191f5cd7baf68f905a899579987fef33e0 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 14 Feb 2020 11:41:09 +0100
Subject: [PATCH 079/145] Improve parsing

---
 .../redshift/cluster_parameter_groups.py      | 20 ++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py b/ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py
index 204056d73..987dd2c08 100644
--- a/ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py
+++ b/ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py
@@ -28,8 +28,18 @@ async def fetch_all(self):
         )
 
     def _parse_parameter_group(self, raw_parameter_group):
-        name = raw_parameter_group.pop('ParameterGroupName')
-        id = get_non_provider_id(name)
-        raw_parameter_group['name'] = name
-
-        return id, raw_parameter_group
+        parameter_group = {}
+        parameter_group['name'] = raw_parameter_group.get('ParameterGroupName')
+        parameter_group['id'] = get_non_provider_id(parameter_group['name'])
+        parameter_group['family'] = raw_parameter_group.get('ParameterGroupFamily')
+        parameter_group['description'] = raw_parameter_group.get('Description')
+        parameter_group['is_default'] = self._is_default(raw_parameter_group)
+        parameter_group['tags'] = raw_parameter_group.get('Tags')
+        return parameter_group['id'], parameter_group
+
+    def _is_default(self, raw_parameter_group):
+        if 'Default parameter group for' in raw_parameter_group.get('Description') and \
+                'default.' in raw_parameter_group.get('ParameterGroupName'):
+            return True
+        else:
+            return False

From 59c9f75e98db949cfd456a9236e281dee9d35bed Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 14 Feb 2020 11:41:15 +0100
Subject: [PATCH 080/145] Improve partial

---
 ....redshift.regions.id.parameter_groups.html | 44 +++++++++----------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.parameter_groups.html b/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.parameter_groups.html
index 90db6cab2..237cb24d7 100644
--- a/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.parameter_groups.html
+++ b/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.parameter_groups.html
@@ -1,26 +1,26 @@
-    <!-- Redshift parameter group partial -->
+<!-- Redshift parameter group partial -->
 
-    <script id="services.redshift.regions.id.parameter_groups.partial" type="text/x-handlebars-template">
-        <div class="list-group-item active">
-          <h4 class="list-group-item-heading">{{resource_key}}</h4>
-        </div>
-        <div class="list-group-item">
-          <h4 class="list-group-item-heading">Information</h4>
-          <div class="list-group-item-text item-margin">Description: {{Description}}</div>
-          <div class="list-group-item-text item-margin">Group Family: {{ParameterGroupFamily}}</div>
-        </div>
-        <div class="list-group-item">
-          <h4 class="list-group-item-heading">Parameters</h4>
-          <ul>
+<script id="services.redshift.regions.id.parameter_groups.partial" type="text/x-handlebars-template">
+    <div class="list-group-item active">
+        <h4 class="list-group-item-heading">{{name}}</h4>
+    </div>
+    <div class="list-group-item">
+        <h4 class="list-group-item-heading">Information</h4>
+        <div class="list-group-item-text item-margin">Description: <samp>{{Description}}</samp></div>
+        <div class="list-group-item-text item-margin">Group Family: <samp>{{ParameterGroupFamily}}</samp></div>
+    </div>
+    <div class="list-group-item">
+        <h4 class="list-group-item-heading">Parameters</h4>
+        <ul>
             {{#each parameters}}
-              <li class="list-group-item-text">{{@key}}:
-                <span id="redshift.regions.{{../region}}.parameter_groups.{{@../key}}.{{@key}}">{{value}}</span>
-              </li>
+            <li class="list-group-item-text"><samp>{{@key}}</samp>:
+                <span id="redshift.regions.{{../region}}.parameter_groups.{{@../key}}.{{@key}}"><samp>{{value}}</samp></span>
+            </li>
             {{/each}}
-          </ul>
-        </div>
-    </script>
-    <script>
-        Handlebars.registerPartial("services.redshift.regions.id.parameter_groups", $("#services\\.redshift\\.regions\\.id\\.parameter_groups\\.partial").html());
-    </script>
+        </ul>
+    </div>
+</script>
+<script>
+    Handlebars.registerPartial("services.redshift.regions.id.parameter_groups", $("#services\\.redshift\\.regions\\.id\\.parameter_groups\\.partial").html());
+</script>
 

From d3ed286a68d562db1b8b0b57dbcbb3408073f6e5 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 14 Feb 2020 12:38:43 +0100
Subject: [PATCH 081/145] Improve partial

---
 .../aws/services.redshift.regions.id.parameter_groups.html   | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.parameter_groups.html b/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.parameter_groups.html
index 237cb24d7..db86abf53 100644
--- a/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.parameter_groups.html
+++ b/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.parameter_groups.html
@@ -6,8 +6,9 @@ <h4 class="list-group-item-heading">{{name}}</h4>
     </div>
     <div class="list-group-item">
         <h4 class="list-group-item-heading">Information</h4>
-        <div class="list-group-item-text item-margin">Description: <samp>{{Description}}</samp></div>
-        <div class="list-group-item-text item-margin">Group Family: <samp>{{ParameterGroupFamily}}</samp></div>
+        <div class="list-group-item-text item-margin">Description: <samp>{{description}}</samp></div>
+        <div class="list-group-item-text item-margin">Group Family: <samp>{{family}}</samp></div>
+        <div class="list-group-item-text item-margin">Default Parameter Group: <samp>{{is_default}}</samp></div>
     </div>
     <div class="list-group-item">
         <h4 class="list-group-item-heading">Parameters</h4>

From f41595637675509c055f09470f9d79e101790511 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 14 Feb 2020 12:38:50 +0100
Subject: [PATCH 082/145] Add rationale

---
 .../findings/redshift-parameter-group-ssl-not-required.json    | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ScoutSuite/providers/aws/rules/findings/redshift-parameter-group-ssl-not-required.json b/ScoutSuite/providers/aws/rules/findings/redshift-parameter-group-ssl-not-required.json
index f6c665b20..4eefd4cc8 100644
--- a/ScoutSuite/providers/aws/rules/findings/redshift-parameter-group-ssl-not-required.json
+++ b/ScoutSuite/providers/aws/rules/findings/redshift-parameter-group-ssl-not-required.json
@@ -1,5 +1,6 @@
 {
-    "description": "SSL not required",
+    "description": "SSL Not Required",
+    "rationale": "<b>Description:</b><br><br>Parameter groups associated with Redshift clusters should have the \"require_ssl\" parameter enabled, to ensure that data in transit is encrypted.<br><br><b>Note</b> that this rule will flag default parameter groups, even though they cannot be changed. It is recommended to use custom groups and configure them according to security best practice.",
     "path": "redshift.regions.id.parameter_groups.id",
     "dashboard_name": "Parameter Groups",
     "conditions": [ "and",

From 0d55aeea5235d6e18ad830601ba422463255385d Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 14 Feb 2020 16:45:49 +0100
Subject: [PATCH 083/145] Fix https://github.com/nccgroup/ScoutSuite/issues/606

---
 .../aws/rules/findings/sns-topic-world-policy.json       | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json b/ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json
index cee6566f2..2a3115240 100644
--- a/ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json
+++ b/ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json
@@ -8,8 +8,13 @@
     "conditions": [ "and",
         [ "sns.regions.id.topics.id.Policy.Statement.id.Effect", "equal", "Allow" ],
         [ "sns.regions.id.topics.id.Policy.Statement.id.", "containAction", "SNS:_ARG_0_" ],
-        [ "sns.regions.id.topics.id.Policy.Statement.id.Principal", "withKey", "AWS" ],
-        [ "sns.regions.id.topics.id.Policy.Statement.id.Principal.AWS", "containAtLeastOneOf", "*" ],
+        [ "or",
+            [ "sns.regions.id.topics.id.Policy.Statement.id.Principal", "equal", "*" ],
+            [ "and",
+                [ "sns.regions.id.topics.id.Policy.Statement.id.Principal", "withKey", "AWS" ],
+                [ "sns.regions.id.topics.id.Policy.Statement.id.Principal.AWS", "containAtLeastOneOf", "*" ]
+            ]
+        ],
         [ "or",
             [ "sns.regions.id.topics.id.Policy.Statement.id.", "withoutKey", "Condition" ],
             [ "sns.regions.id.topics.id.Policy.Statement.id.Condition.", "withoutKey", "StringEquals" ],

From 2da2a5763e21d97dd88ebb2d538499ba33f046f5 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 14 Feb 2020 16:58:34 +0100
Subject: [PATCH 084/145] Minor change

---
 .../providers/aws/rules/findings/sqs-queue-world-policy.json    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ScoutSuite/providers/aws/rules/findings/sqs-queue-world-policy.json b/ScoutSuite/providers/aws/rules/findings/sqs-queue-world-policy.json
index fa7ca08f9..0aa1995ac 100644
--- a/ScoutSuite/providers/aws/rules/findings/sqs-queue-world-policy.json
+++ b/ScoutSuite/providers/aws/rules/findings/sqs-queue-world-policy.json
@@ -6,7 +6,7 @@
     "path": "sqs.regions.id.queues.id.Policy.Statement.id",
     "display_path": "sqs.regions.id.queues.id",
     "conditions": [ "and",
-        [ "sqs.regions.id.queues.id.Policy", "notNull", ""],
+        [ "sqs.regions.id.queues.id.Policy", "notNull", "" ],
         [ "sqs.regions.id.queues.id.Policy.Statement.id.Effect", "equal", "Allow" ],
         [ "sqs.regions.id.queues.id.Policy.Statement.id.", "containAction", "sqs:_ARG_0_" ],
         [ "_INCLUDE_(conditions/policy-statement-any-principal.json)", [ "_STATEMENT_" ], [ "sqs.regions.id.queues.id.Policy.Statement.id" ] ],

From 7f8af5ae9f5d7287fa61ace1a53d68c2f590d130 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 14 Feb 2020 16:59:58 +0100
Subject: [PATCH 085/145] Remove duplicate lines

---
 .../providers/aws/rules/findings/sns-topic-world-policy.json | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json b/ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json
index 2a3115240..06c40630e 100644
--- a/ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json
+++ b/ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json
@@ -6,6 +6,7 @@
     "path": "sns.regions.id.topics.id.Policy.Statement.id",
     "display_path": "sns.regions.id.topics.id",
     "conditions": [ "and",
+        [ "sns.regions.id.topics.id.Policy", "notNull", "" ],
         [ "sns.regions.id.topics.id.Policy.Statement.id.Effect", "equal", "Allow" ],
         [ "sns.regions.id.topics.id.Policy.Statement.id.", "containAction", "SNS:_ARG_0_" ],
         [ "or",
@@ -19,8 +20,6 @@
             [ "sns.regions.id.topics.id.Policy.Statement.id.", "withoutKey", "Condition" ],
             [ "sns.regions.id.topics.id.Policy.Statement.id.Condition.", "withoutKey", "StringEquals" ],
             [ "and",
-                [ "sns.regions.id.topics.id.Policy.Statement.id.Condition.StringEquals.", "withoutKey", "aws:SourceArn" ],
-                [ "sns.regions.id.topics.id.Policy.Statement.id.Condition.StringEquals.", "withoutKey", "aws:SourceOwner" ],
                 [ "sns.regions.id.topics.id.Policy.Statement.id.Condition.StringEquals.", "withoutKey", "AWS:SourceArn" ],
                 [ "sns.regions.id.topics.id.Policy.Statement.id.Condition.StringEquals.", "withoutKey", "AWS:SourceOwner" ]
             ]
@@ -29,8 +28,6 @@
             [ "sns.regions.id.topics.id.Policy.Statement.id.", "withoutKey", "Condition" ],
             [ "sns.regions.id.topics.id.Policy.Statement.id.Condition.", "withoutKey", "ArnLike" ],
             [ "and",
-                [ "sns.regions.id.topics.id.Policy.Statement.id.Condition.ArnLike.", "withoutKey", "aws:SourceArn" ],
-                [ "sns.regions.id.topics.id.Policy.Statement.id.Condition.ArnLike.", "withoutKey", "aws:SourceOwner" ],
                 [ "sns.regions.id.topics.id.Policy.Statement.id.Condition.ArnLike.", "withoutKey", "AWS:SourceArn" ],
                 [ "sns.regions.id.topics.id.Policy.Statement.id.Condition.ArnLike.", "withoutKey", "AWS:SourceOwner" ]
             ]

From 4e676ef8d752a77ab70ca3f40182086456b8950e Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 14 Feb 2020 17:02:53 +0100
Subject: [PATCH 086/145] Improve check

---
 .../rules/conditions/policy-statement-poor-condition.json | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json b/ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json
index c037508a0..9654837ab 100644
--- a/ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json
+++ b/ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json
@@ -5,11 +5,13 @@
             [ "_STATEMENT_.Condition.", "withoutKey", "ArnEquals" ],
             [ "or",
                 [ "_STATEMENT_.Condition.", "withoutKey", "StringEquals" ],
-                [ "_STATEMENT_.Condition.StringEquals.", "withoutKey", "aws:SourceOwner" ],
-                [ "_STATEMENT_.Condition.StringEquals.", "withoutKey", "aws:SourceArn" ]
+                [ "_STATEMENT_.Condition.StringEquals.", "withoutKey", "aws:SourceArn" ],
+                [ "_STATEMENT_.Condition.StringEquals.", "withoutKey", "aws:SourceOwner" ]
             ],
             [ "or",
-                [ "_STATEMENT_.Condition.", "withoutKey", "ArnLike" ]
+                [ "_STATEMENT_.Condition.", "withoutKey", "ArnLike" ],
+                [ "_STATEMENT_.Condition.ArnLike.", "withoutKey", "aws:SourceArn" ],
+                [ "_STATEMENT_.Condition.ArnLike.", "withoutKey", "aws:SourceOwner" ]
             ]
         ]
     ]

From 1968914c2c8bc60c2a8cbfe7a0bd996817b70e56 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 14 Feb 2020 17:03:35 +0100
Subject: [PATCH 087/145] Replace first check

---
 .../aws/rules/findings/sns-topic-world-policy.json     | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json b/ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json
index 06c40630e..66af0ebc9 100644
--- a/ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json
+++ b/ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json
@@ -9,13 +9,8 @@
         [ "sns.regions.id.topics.id.Policy", "notNull", "" ],
         [ "sns.regions.id.topics.id.Policy.Statement.id.Effect", "equal", "Allow" ],
         [ "sns.regions.id.topics.id.Policy.Statement.id.", "containAction", "SNS:_ARG_0_" ],
-        [ "or",
-            [ "sns.regions.id.topics.id.Policy.Statement.id.Principal", "equal", "*" ],
-            [ "and",
-                [ "sns.regions.id.topics.id.Policy.Statement.id.Principal", "withKey", "AWS" ],
-                [ "sns.regions.id.topics.id.Policy.Statement.id.Principal.AWS", "containAtLeastOneOf", "*" ]
-            ]
-        ],
+        [ "_INCLUDE_(conditions/policy-statement-any-principal.json)", [ "_STATEMENT_" ], [ "sns.regions.id.topics.id.Policy.Statement.id" ] ],
+
         [ "or",
             [ "sns.regions.id.topics.id.Policy.Statement.id.", "withoutKey", "Condition" ],
             [ "sns.regions.id.topics.id.Policy.Statement.id.Condition.", "withoutKey", "StringEquals" ],
@@ -24,6 +19,7 @@
                 [ "sns.regions.id.topics.id.Policy.Statement.id.Condition.StringEquals.", "withoutKey", "AWS:SourceOwner" ]
             ]
         ],
+
         [ "or",
             [ "sns.regions.id.topics.id.Policy.Statement.id.", "withoutKey", "Condition" ],
             [ "sns.regions.id.topics.id.Policy.Statement.id.Condition.", "withoutKey", "ArnLike" ],

From 3d9b10b66fec3fe949cff0c6ce05d456445a9117 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 14 Feb 2020 17:17:12 +0100
Subject: [PATCH 088/145] Fix logic

---
 .../conditions/policy-statement-poor-condition.json  | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json b/ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json
index 9654837ab..221d63437 100644
--- a/ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json
+++ b/ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json
@@ -3,15 +3,13 @@
         [ "_STATEMENT_.", "withoutKey", "Condition" ],
         [ "and",
             [ "_STATEMENT_.Condition.", "withoutKey", "ArnEquals" ],
+            [ "_STATEMENT_.Condition.", "withoutKey", "ArnLike" ],
             [ "or",
                 [ "_STATEMENT_.Condition.", "withoutKey", "StringEquals" ],
-                [ "_STATEMENT_.Condition.StringEquals.", "withoutKey", "aws:SourceArn" ],
-                [ "_STATEMENT_.Condition.StringEquals.", "withoutKey", "aws:SourceOwner" ]
-            ],
-            [ "or",
-                [ "_STATEMENT_.Condition.", "withoutKey", "ArnLike" ],
-                [ "_STATEMENT_.Condition.ArnLike.", "withoutKey", "aws:SourceArn" ],
-                [ "_STATEMENT_.Condition.ArnLike.", "withoutKey", "aws:SourceOwner" ]
+                [ "and",
+                    [ "_STATEMENT_.Condition.StringEquals.", "withoutKey", "AWS:SourceArn" ],
+                    [ "_STATEMENT_.Condition.StringEquals.", "withoutKey", "AWS:SourceOwner" ]
+                ]
             ]
         ]
     ]

From f4c6dcd990ceb45b1042e30b7afc35947547ca05 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 14 Feb 2020 17:17:54 +0100
Subject: [PATCH 089/145] Simplify policy

---
 .../findings/sns-topic-world-policy.json      | 19 +------------------
 1 file changed, 1 insertion(+), 18 deletions(-)

diff --git a/ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json b/ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json
index 66af0ebc9..3c72aab0a 100644
--- a/ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json
+++ b/ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json
@@ -10,23 +10,6 @@
         [ "sns.regions.id.topics.id.Policy.Statement.id.Effect", "equal", "Allow" ],
         [ "sns.regions.id.topics.id.Policy.Statement.id.", "containAction", "SNS:_ARG_0_" ],
         [ "_INCLUDE_(conditions/policy-statement-any-principal.json)", [ "_STATEMENT_" ], [ "sns.regions.id.topics.id.Policy.Statement.id" ] ],
-
-        [ "or",
-            [ "sns.regions.id.topics.id.Policy.Statement.id.", "withoutKey", "Condition" ],
-            [ "sns.regions.id.topics.id.Policy.Statement.id.Condition.", "withoutKey", "StringEquals" ],
-            [ "and",
-                [ "sns.regions.id.topics.id.Policy.Statement.id.Condition.StringEquals.", "withoutKey", "AWS:SourceArn" ],
-                [ "sns.regions.id.topics.id.Policy.Statement.id.Condition.StringEquals.", "withoutKey", "AWS:SourceOwner" ]
-            ]
-        ],
-
-        [ "or",
-            [ "sns.regions.id.topics.id.Policy.Statement.id.", "withoutKey", "Condition" ],
-            [ "sns.regions.id.topics.id.Policy.Statement.id.Condition.", "withoutKey", "ArnLike" ],
-            [ "and",
-                [ "sns.regions.id.topics.id.Policy.Statement.id.Condition.ArnLike.", "withoutKey", "AWS:SourceArn" ],
-                [ "sns.regions.id.topics.id.Policy.Statement.id.Condition.ArnLike.", "withoutKey", "AWS:SourceOwner" ]
-            ]
-        ]
+        [ "_INCLUDE_(conditions/policy-statement-poor-condition.json)", [ "_STATEMENT_" ], [ "sns.regions.id.topics.id.Policy.Statement.id" ] ]
     ]
 }

From ac7d2480703c8994f2a878e6437eed3d58bf96e2 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 14 Feb 2020 17:28:21 +0100
Subject: [PATCH 090/145] Simplify rule

---
 .../rules/findings/iam-assume-role-policy-allows-all.json    | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/ScoutSuite/providers/aws/rules/findings/iam-assume-role-policy-allows-all.json b/ScoutSuite/providers/aws/rules/findings/iam-assume-role-policy-allows-all.json
index 2c2dcd0a3..73ab88c9d 100644
--- a/ScoutSuite/providers/aws/rules/findings/iam-assume-role-policy-allows-all.json
+++ b/ScoutSuite/providers/aws/rules/findings/iam-assume-role-policy-allows-all.json
@@ -1,13 +1,12 @@
 {
     "description": "AssumeRole policy allows all principals",
-    "rationale": "<b>Description:</b><br><br>Setting the AssumeRole policy's principal attribute to AWS:* means that anyone is authorized to assume the role and access the AWS account.",
+    "rationale": "<b>Description:</b><br><br>Setting the AssumeRole policy's principal attribute to \"AWS:*\" means that anyone is authorized to assume the role and access the AWS account.",
     "path": "iam.roles.id.assume_role_policy.PolicyDocument.Statement.id",
     "display_path": "iam.roles.id",
     "dashboard_name": "Roles",
     "conditions": [ "and",
         [ "iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Effect", "equal", "Allow" ],
         [ "iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.", "containAction", "sts:AssumeRole" ],
-        [ "iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Principal", "withKey", "AWS" ],
-        [ "iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Principal.AWS", "containAtLeastOneOf", "*" ]
+        [ "_INCLUDE_(conditions/policy-statement-any-principal.json)", [ "_STATEMENT_" ], [ "iam.roles.id.assume_role_policy.PolicyDocument.Statement.id" ] ]
     ]
 }

From 702f9f9614ff2584d59fda94e5424d6e3dfae188 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 14 Feb 2020 17:29:02 +0100
Subject: [PATCH 091/145] Simplify rule

---
 .../findings/s3-bucket-world-policy-star.json | 30 ++++++++-----------
 1 file changed, 12 insertions(+), 18 deletions(-)

diff --git a/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-star.json b/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-star.json
index 56e49522b..72c1b751c 100644
--- a/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-star.json
+++ b/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-star.json
@@ -1,20 +1,14 @@
 {
-    "arg_names" : [ "Action shortname", "Service:Action" ],
-    "dashboard_name": "Buckets",
-    "description": "All actions authorized to all principals",
-    "path": "s3.buckets.id.policy.Statement.id",
-    "display_path": "s3.buckets.id",
-    "conditions": [ "and",
-        [ "s3.buckets.id.", "withKey", "policy" ],
-        [ "s3.buckets.id.policy.Statement.id.Effect", "equal", "Allow" ],
-        [ "s3.buckets.id.policy.Statement.id.", "withoutKey", "Condition" ],
-        [ "s3.buckets.id.policy.Statement.id.Action", "containAtLeastOneOf", [ "s3:*", "*" ] ],
-        [ "or",
-          [ "s3.buckets.id.policy.Statement.id.Principal", "containAtLeastOneOf", [ "*" ] ],
-          [ "and",
-            [ "s3.buckets.id.policy.Statement.id.Principal", "withKey", "AWS" ],
-            [ "s3.buckets.id.policy.Statement.id.Principal.AWS", "containAtLeastOneOf", [ "*" ] ]
-          ]
-        ]
-    ]
+  "arg_names" : [ "Action shortname", "Service:Action" ],
+  "dashboard_name": "Buckets",
+  "description": "All actions authorized to all principals",
+  "path": "s3.buckets.id.policy.Statement.id",
+  "display_path": "s3.buckets.id",
+  "conditions": [ "and",
+    [ "s3.buckets.id.", "withKey", "policy" ],
+    [ "s3.buckets.id.policy.Statement.id.Effect", "equal", "Allow" ],
+    [ "s3.buckets.id.policy.Statement.id.Action", "containAtLeastOneOf", [ "s3:*", "*" ] ],
+    [ "_INCLUDE_(conditions/policy-statement-any-principal.json)", [ "_STATEMENT_" ], [ "s3.buckets.id.policy.Statement.id" ] ],
+    [ "_INCLUDE_(conditions/policy-statement-poor-condition.json)", [ "_STATEMENT_" ], [ "s3.buckets.id.policy.Statement.id" ] ]
+  ]
 }

From 2ca1cfbced0fe9f0e43682f538c322482d297d37 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 14 Feb 2020 17:31:34 +0100
Subject: [PATCH 092/145] Simplify rule

---
 .../aws/rules/findings/ses-identity-world-policy.json    | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/ScoutSuite/providers/aws/rules/findings/ses-identity-world-policy.json b/ScoutSuite/providers/aws/rules/findings/ses-identity-world-policy.json
index 096b90270..a2a6a5955 100644
--- a/ScoutSuite/providers/aws/rules/findings/ses-identity-world-policy.json
+++ b/ScoutSuite/providers/aws/rules/findings/ses-identity-world-policy.json
@@ -8,12 +8,7 @@
     "conditions": [ "and",
         [ "ses.regions.id.identities.id.policies.id.Statement.id.Effect", "equal", "Allow" ],
         [ "ses.regions.id.identities.id.policies.id.Statement.id.", "containAction", "ses:_ARG_0_" ],
-        [ "or",
-            [ "ses.regions.id.identities.id.policies.id.Statement.id.Principal", "containAtLeastOneOf", "*" ],
-            [ "and",
-                [ "ses.regions.id.identities.id.policies.id.Statement.id.Principal", "withKey", "AWS" ],
-                [ "ses.regions.id.identities.id.policies.id.Statement.id.Principal.AWS", "containAtLeastOneOf", "*" ]
-            ]
-        ]
+        [ "_INCLUDE_(conditions/policy-statement-any-principal.json)", [ "_STATEMENT_" ], [ "ses.regions.id.identities.id.policies.id.Statement.id" ] ],
+        [ "_INCLUDE_(conditions/policy-statement-poor-condition.json)", [ "_STATEMENT_" ], [ "ses.regions.id.identities.id.policies.id.Statement.id" ] ]
     ]
 }

From 4ca6b63c699cda71507da1903dd1ddb36cb7e1cc Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 14 Feb 2020 17:36:33 +0100
Subject: [PATCH 093/145] Minor change

---
 .../data/html/partials/aws/services.sqs.regions.id.queues.html  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ScoutSuite/output/data/html/partials/aws/services.sqs.regions.id.queues.html b/ScoutSuite/output/data/html/partials/aws/services.sqs.regions.id.queues.html
index b9ec9db4c..b8734062b 100644
--- a/ScoutSuite/output/data/html/partials/aws/services.sqs.regions.id.queues.html
+++ b/ScoutSuite/output/data/html/partials/aws/services.sqs.regions.id.queues.html
@@ -15,7 +15,7 @@ <h4 class="list-group-item-heading">Information</h4>
         </div>
         {{#if Policy.Statement.length}}
           <div class="list-group-item">
-            {{> accordion_policy name = 'Access control policy' policy_path = (concat 'sqs.regions' region 'queues' @key 'Policy') document = Policy}}
+            {{> accordion_policy name = 'Access Control Policy' policy_path = (concat 'sqs.regions' region 'queues' @key 'Policy') document = Policy}}
           </div>
         {{/if}}
     </script>

From a3d5598b8d54221a0d66744648d058a1303cd200 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 14 Feb 2020 17:36:38 +0100
Subject: [PATCH 094/145] Minor change

---
 .../html/partials/aws/services.sns.regions.id.topics.html     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ScoutSuite/output/data/html/partials/aws/services.sns.regions.id.topics.html b/ScoutSuite/output/data/html/partials/aws/services.sns.regions.id.topics.html
index e81f07a5b..bb1464304 100644
--- a/ScoutSuite/output/data/html/partials/aws/services.sns.regions.id.topics.html
+++ b/ScoutSuite/output/data/html/partials/aws/services.sns.regions.id.topics.html
@@ -12,12 +12,12 @@ <h4 class="list-group-item-heading">Information</h4>
         </div>
         {{#if Policy}}
           <div class="list-group-item">
-            {{> accordion_policy name = 'Access control policy' policy_path = (concat 'sns.regions' region 'topics' @key 'Policy') document = Policy}}
+            {{> accordion_policy name = 'Access Control Policy' policy_path = (concat 'sns.regions' region 'topics' @key 'Policy') document = Policy}}
           </div>
         {{/if}}
         {{#if DeliveryPolicy}}
           <div class="list-group-item">
-            {{> accordion_policy name = 'Delivery policy' policy_path = (concat 'sns.regions' region 'topics' @key 'DeliveryPolicy') document = DeliveryPolicy}}
+            {{> accordion_policy name = 'Delivery Policy' policy_path = (concat 'sns.regions' region 'topics' @key 'DeliveryPolicy') document = DeliveryPolicy}}
           </div>
         {{/if}}
         {{#if EffectiveDeliveryPolicy}}

From 9a2538769abc435ad2932d0e42c96d3b898f0212 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 14 Feb 2020 18:53:35 +0100
Subject: [PATCH 095/145] Includes "ForAnyValue" in checks.

Resolves https://github.com/nccgroup/ScoutSuite/issues/538
---
 .../conditions/policy-statement-poor-condition.json    | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json b/ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json
index 221d63437..769df6f97 100644
--- a/ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json
+++ b/ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json
@@ -2,8 +2,14 @@
     "conditions": [ "or",
         [ "_STATEMENT_.", "withoutKey", "Condition" ],
         [ "and",
-            [ "_STATEMENT_.Condition.", "withoutKey", "ArnEquals" ],
-            [ "_STATEMENT_.Condition.", "withoutKey", "ArnLike" ],
+            [ "and",
+                [ "_STATEMENT_.Condition.", "withoutKey", "ArnEquals" ],
+                [ "_STATEMENT_.Condition.", "withoutKey", "ForAnyValue:ArnEquals" ]
+            ],
+            [ "and",
+                [ "_STATEMENT_.Condition.", "withoutKey", "ArnLike" ],
+                [ "_STATEMENT_.Condition.", "withoutKey", "ForAnyValue:ArnLike" ]
+            ],
             [ "or",
                 [ "_STATEMENT_.Condition.", "withoutKey", "StringEquals" ],
                 [ "and",

From 7a447bfaaf114b9136163d59d4e9581abb5b6c32 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Sun, 16 Feb 2020 19:24:07 +0100
Subject: [PATCH 096/145] Basic suport for alerts

---
 .../azure/resources/securitycenter/alerts.py  | 21 +++++++++++++++++++
 .../azure/resources/securitycenter/base.py    |  2 ++
 2 files changed, 23 insertions(+)
 create mode 100644 ScoutSuite/providers/azure/resources/securitycenter/alerts.py

diff --git a/ScoutSuite/providers/azure/resources/securitycenter/alerts.py b/ScoutSuite/providers/azure/resources/securitycenter/alerts.py
new file mode 100644
index 000000000..9b81904bb
--- /dev/null
+++ b/ScoutSuite/providers/azure/resources/securitycenter/alerts.py
@@ -0,0 +1,21 @@
+from ScoutSuite.providers.azure.facade.base import AzureFacade
+from ScoutSuite.providers.azure.resources.base import AzureResources
+
+
+class Alerts(AzureResources):
+
+    def __init__(self, facade: AzureFacade, subscription_id: str):
+        super(Alerts, self).__init__(facade)
+        self.subscription_id = subscription_id
+
+    async def fetch_all(self):
+        a = await self.facade.securitycenter.get_alerts(self.subscription_id)
+        for raw_alert in await self.facade.securitycenter.get_alerts(self.subscription_id):
+            id, alert = self._parse_alert(raw_alert)
+            self[id] = alert
+
+    def _parse_alert(self, alert):
+        alert_dict = {}
+        alert_dict['id'] = alert.id
+        alert_dict['name'] = alert.name
+        return alert_dict['id'], alert_dict
diff --git a/ScoutSuite/providers/azure/resources/securitycenter/base.py b/ScoutSuite/providers/azure/resources/securitycenter/base.py
index 701d01077..0dbdbfdb0 100644
--- a/ScoutSuite/providers/azure/resources/securitycenter/base.py
+++ b/ScoutSuite/providers/azure/resources/securitycenter/base.py
@@ -2,6 +2,7 @@
 
 from .auto_provisioning_settings import AutoProvisioningSettings
 from .pricings import Pricings
+from .alerts import Alerts
 from .security_contacts import SecurityContacts
 # from .information_protection_policies import InformationProtectionPolicies
 # from .settings import Settings
@@ -11,6 +12,7 @@ class SecurityCenter(Subscriptions):
     _children = [
         (AutoProvisioningSettings, 'auto_provisioning_settings'),
         (Pricings, 'pricings'),
+        # (Alerts, 'alerts'),  # FIXME this needs to be tested with alert results...
         (SecurityContacts, 'security_contacts'),
         # (InformationProtectionPolicies, 'information_protection_policies'),  # FIXME this isn't properly implemented
         # (Settings, 'settings')  # FIXME this isn't implemented

From d658140eaa69fd56cbc63a80cc53290d9abc89d2 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Sun, 16 Feb 2020 19:39:46 +0100
Subject: [PATCH 097/145] Add support for Security Center compliance results

---
 ...r.subscriptions.id.compliance_results.html | 23 ++++++++++++++++++
 .../providers/azure/facade/securitycenter.py  | 21 ++++++++++++++++
 ScoutSuite/providers/azure/metadata.json      |  4 ++++
 .../azure/resources/securitycenter/base.py    |  2 ++
 .../securitycenter/compliance_results.py      | 24 +++++++++++++++++++
 5 files changed, 74 insertions(+)
 create mode 100644 ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.compliance_results.html
 create mode 100644 ScoutSuite/providers/azure/resources/securitycenter/compliance_results.py

diff --git a/ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.compliance_results.html b/ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.compliance_results.html
new file mode 100644
index 000000000..bc8ca1e29
--- /dev/null
+++ b/ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.compliance_results.html
@@ -0,0 +1,23 @@
+<!-- securitycenter compliance_results -->
+<script id="services.securitycenter.subscriptions.id.compliance_results.partial" type="text/x-handlebars-template">
+    <div id="resource-name" class="list-group-item active">
+        <h4 class="list-group-item-heading">{{name}}</h4>
+    </div>
+    <div class="list-group-item">
+        <h4 class="list-group-item-heading">Information</h4>
+        <div class="list-group-item-text item-margin">Name: <span id="securitycenter.subscriptions.{{subscription}}.compliance_results.{{@key}}.name"><samp>{{value_or_none name}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Resource Status: <span id="securitycenter.subscriptions.{{subscription}}.compliance_results.{{@key}}.resource_status"><samp>{{value_or_none resource_status}}</samp></span></div>
+    </div>
+</script>
+
+<script>
+    Handlebars.registerPartial("services.securitycenter.subscriptions.id.compliance_results", $("#services\\.securitycenter\\.subscriptions\\.id\\.compliance_results\\.partial").html());
+</script>
+
+<!-- Single securitycenter compliance_result template -->
+<script id="single_securitycenter_compliance_result-template" type="text/x-handlebars-template">
+    {{> modal-template template='services.securitycenter.subscriptions.id.compliance_results'}}
+</script>
+<script>
+    var single_securitycenter_compliance_result_template = Handlebars.compile($("#single_securitycenter_compliance_result-template").html());
+</script>
diff --git a/ScoutSuite/providers/azure/facade/securitycenter.py b/ScoutSuite/providers/azure/facade/securitycenter.py
index 7ca3a77a7..ded49a4e3 100644
--- a/ScoutSuite/providers/azure/facade/securitycenter.py
+++ b/ScoutSuite/providers/azure/facade/securitycenter.py
@@ -60,3 +60,24 @@ async def get_settings(self, subscription_id: str):
         except Exception as e:
             print_exception('Failed to retrieve settings: {}'.format(e))
             return []
+
+    async def get_alerts(self, subscription_id: str):
+        try:
+            client = self.get_client(subscription_id)
+            return await run_concurrently(
+                lambda: list(client.alerts.list())
+            )
+        except Exception as e:
+            print_exception('Failed to retrieve alerts: {}'.format(e))
+            return []
+
+    async def get_compliance_results(self, subscription_id: str):
+        try:
+            client = self.get_client(subscription_id)
+            scope = '/subscriptions/{}'.format(subscription_id)
+            return await run_concurrently(
+                lambda: list(client.compliance_results.list(scope=scope))
+            )
+        except Exception as e:
+            print_exception('Failed to retrieve compliance results: {}'.format(e))
+            return []
diff --git a/ScoutSuite/providers/azure/metadata.json b/ScoutSuite/providers/azure/metadata.json
index a2dc55553..e05305d91 100644
--- a/ScoutSuite/providers/azure/metadata.json
+++ b/ScoutSuite/providers/azure/metadata.json
@@ -95,6 +95,10 @@
         "auto_provisioning_settings": {
           "cols": 2,
           "path": "services.securitycenter.subscriptions.id.auto_provisioning_settings"
+        },
+        "compliance_results": {
+          "cols": 2,
+          "path": "services.securitycenter.subscriptions.id.compliance_results"
         }
       }
     }
diff --git a/ScoutSuite/providers/azure/resources/securitycenter/base.py b/ScoutSuite/providers/azure/resources/securitycenter/base.py
index 0dbdbfdb0..97786109d 100644
--- a/ScoutSuite/providers/azure/resources/securitycenter/base.py
+++ b/ScoutSuite/providers/azure/resources/securitycenter/base.py
@@ -6,6 +6,7 @@
 from .security_contacts import SecurityContacts
 # from .information_protection_policies import InformationProtectionPolicies
 # from .settings import Settings
+from .compliance_results import ComplianceResults
 
 
 class SecurityCenter(Subscriptions):
@@ -16,4 +17,5 @@ class SecurityCenter(Subscriptions):
         (SecurityContacts, 'security_contacts'),
         # (InformationProtectionPolicies, 'information_protection_policies'),  # FIXME this isn't properly implemented
         # (Settings, 'settings')  # FIXME this isn't implemented
+        (ComplianceResults, 'compliance_results')
     ]
diff --git a/ScoutSuite/providers/azure/resources/securitycenter/compliance_results.py b/ScoutSuite/providers/azure/resources/securitycenter/compliance_results.py
new file mode 100644
index 000000000..ae4cee04a
--- /dev/null
+++ b/ScoutSuite/providers/azure/resources/securitycenter/compliance_results.py
@@ -0,0 +1,24 @@
+from ScoutSuite.providers.azure.facade.base import AzureFacade
+from ScoutSuite.providers.azure.resources.base import AzureResources
+from ScoutSuite.providers.utils import get_non_provider_id
+
+
+class ComplianceResults(AzureResources):
+
+    def __init__(self, facade: AzureFacade, subscription_id: str):
+        super(ComplianceResults, self).__init__(facade)
+        self.subscription_id = subscription_id
+
+    async def fetch_all(self):
+        for raw_compliance_result in await self.facade.securitycenter.get_compliance_results(self.subscription_id):
+            id, compliance_result = self._parse_compliance_result(raw_compliance_result)
+            self[id] = compliance_result
+
+    def _parse_compliance_result(self, raw_compliance_result):
+        compliance_result_dict = {}
+        compliance_result_dict['id'] = get_non_provider_id(raw_compliance_result.id)
+        compliance_result_dict['name'] = raw_compliance_result.name
+        compliance_result_dict['type'] = raw_compliance_result.type
+        compliance_result_dict['resource_status'] = raw_compliance_result.resource_status
+        compliance_result_dict['additional_properties'] = raw_compliance_result.additional_properties
+        return compliance_result_dict['id'], compliance_result_dict

From d4a068d9d1b023c88efb98c37756344b330fb5b9 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Sun, 16 Feb 2020 20:40:22 +0100
Subject: [PATCH 098/145] Add support for Security Center regulatory compliance
 results

---
 ...ions.id.regulatory_compliance_results.html | 28 +++++++++++++++++
 .../providers/azure/facade/securitycenter.py  | 31 +++++++++++++++++++
 ScoutSuite/providers/azure/metadata.json      |  4 +++
 .../azure/resources/securitycenter/base.py    |  4 ++-
 .../regulatory_compliance_results.py          | 31 +++++++++++++++++++
 5 files changed, 97 insertions(+), 1 deletion(-)
 create mode 100644 ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.regulatory_compliance_results.html
 create mode 100644 ScoutSuite/providers/azure/resources/securitycenter/regulatory_compliance_results.py

diff --git a/ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.regulatory_compliance_results.html b/ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.regulatory_compliance_results.html
new file mode 100644
index 000000000..dc7dc44ad
--- /dev/null
+++ b/ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.regulatory_compliance_results.html
@@ -0,0 +1,28 @@
+<!-- securitycenter regulatory_compliance_results -->
+<script id="services.securitycenter.subscriptions.id.regulatory_compliance_results.partial" type="text/x-handlebars-template">
+    <div id="resource-name" class="list-group-item active">
+        <h4 class="list-group-item-heading">{{name}}</h4>
+    </div>
+    <div class="list-group-item">
+        <h4 class="list-group-item-heading">Information</h4>
+        <div class="list-group-item-text item-margin">Standard: <span id="securitycenter.subscriptions.{{subscription}}.regulatory_compliance_results.{{@key}}.standard_name"><samp>{{value_or_none standard_name}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Reference: <span id="securitycenter.subscriptions.{{subscription}}.regulatory_compliance_results.{{@key}}.reference"><samp>{{value_or_none reference}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Description: <span id="securitycenter.subscriptions.{{subscription}}.regulatory_compliance_results.{{@key}}.description"><samp>{{value_or_none description}}</samp></span></div>
+        <div class="list-group-item-text item-margin">State: <span id="securitycenter.subscriptions.{{subscription}}.regulatory_compliance_results.{{@key}}.state"><samp>{{value_or_none state}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Passed Assessments: <span id="securitycenter.subscriptions.{{subscription}}.regulatory_compliance_results.{{@key}}.passed_assessments"><samp>{{value_or_none passed_assessments}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Failed Assessments: <span id="securitycenter.subscriptions.{{subscription}}.regulatory_compliance_results.{{@key}}.failed_assessments"><samp>{{value_or_none failed_assessments}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Skipped Assessments: <span id="securitycenter.subscriptions.{{subscription}}.regulatory_compliance_results.{{@key}}.skipped_assessments"><samp>{{value_or_none skipped_assessments}}</samp></span></div>
+    </div>
+</script>
+
+<script>
+    Handlebars.registerPartial("services.securitycenter.subscriptions.id.regulatory_compliance_results", $("#services\\.securitycenter\\.subscriptions\\.id\\.regulatory_compliance_results\\.partial").html());
+</script>
+
+<!-- Single securitycenter regulatory_compliance_result template -->
+<script id="single_securitycenter_regulatory_compliance_result-template" type="text/x-handlebars-template">
+    {{> modal-template template='services.securitycenter.subscriptions.id.regulatory_compliance_results'}}
+</script>
+<script>
+    var single_securitycenter_regulatory_compliance_result_template = Handlebars.compile($("#single_securitycenter_regulatory_compliance_result-template").html());
+</script>
diff --git a/ScoutSuite/providers/azure/facade/securitycenter.py b/ScoutSuite/providers/azure/facade/securitycenter.py
index ded49a4e3..cd698e8ee 100644
--- a/ScoutSuite/providers/azure/facade/securitycenter.py
+++ b/ScoutSuite/providers/azure/facade/securitycenter.py
@@ -81,3 +81,34 @@ async def get_compliance_results(self, subscription_id: str):
         except Exception as e:
             print_exception('Failed to retrieve compliance results: {}'.format(e))
             return []
+
+    async def get_regulatory_compliance_results(self, subscription_id: str):
+        try:
+            client = self.get_client(subscription_id)
+            results = []
+            try:
+                compliance_standards = await run_concurrently(
+                    lambda: list(client.regulatory_compliance_standards.list())
+                )
+            except Exception as e:
+                print_exception('Failed to retrieve regulatory compliance standards: {}'.format(e))
+                return {}
+            else:
+                for standard in compliance_standards:
+                    try:
+                        compliance_controls = await run_concurrently(
+                            lambda: list(client.regulatory_compliance_controls.list(regulatory_compliance_standard_name=standard.name))
+                        )
+                        for control in compliance_controls:
+                            control.standard_name = standard.name
+                            results.append(control)
+                    except Exception as e:
+                        print_exception('Failed to retrieve compliance controls: {}'.format(e))
+                        pass
+            finally:
+                return results
+        except Exception as e:
+            print_exception('Failed to retrieve regulatory compliance results: {}'.format(e))
+            return []
+
+
diff --git a/ScoutSuite/providers/azure/metadata.json b/ScoutSuite/providers/azure/metadata.json
index e05305d91..73067e6c6 100644
--- a/ScoutSuite/providers/azure/metadata.json
+++ b/ScoutSuite/providers/azure/metadata.json
@@ -99,6 +99,10 @@
         "compliance_results": {
           "cols": 2,
           "path": "services.securitycenter.subscriptions.id.compliance_results"
+        },
+        "regulatory_compliance_results": {
+          "cols": 2,
+          "path": "services.securitycenter.subscriptions.id.regulatory_compliance_results"
         }
       }
     }
diff --git a/ScoutSuite/providers/azure/resources/securitycenter/base.py b/ScoutSuite/providers/azure/resources/securitycenter/base.py
index 97786109d..aa7effc3b 100644
--- a/ScoutSuite/providers/azure/resources/securitycenter/base.py
+++ b/ScoutSuite/providers/azure/resources/securitycenter/base.py
@@ -7,6 +7,7 @@
 # from .information_protection_policies import InformationProtectionPolicies
 # from .settings import Settings
 from .compliance_results import ComplianceResults
+from .regulatory_compliance_results import RegulatoryComplianceResults
 
 
 class SecurityCenter(Subscriptions):
@@ -17,5 +18,6 @@ class SecurityCenter(Subscriptions):
         (SecurityContacts, 'security_contacts'),
         # (InformationProtectionPolicies, 'information_protection_policies'),  # FIXME this isn't properly implemented
         # (Settings, 'settings')  # FIXME this isn't implemented
-        (ComplianceResults, 'compliance_results')
+        (ComplianceResults, 'compliance_results'),
+        (RegulatoryComplianceResults, 'regulatory_compliance_results')
     ]
diff --git a/ScoutSuite/providers/azure/resources/securitycenter/regulatory_compliance_results.py b/ScoutSuite/providers/azure/resources/securitycenter/regulatory_compliance_results.py
new file mode 100644
index 000000000..2d4b0876f
--- /dev/null
+++ b/ScoutSuite/providers/azure/resources/securitycenter/regulatory_compliance_results.py
@@ -0,0 +1,31 @@
+from ScoutSuite.providers.azure.facade.base import AzureFacade
+from ScoutSuite.providers.azure.resources.base import AzureResources
+from ScoutSuite.providers.utils import get_non_provider_id
+
+
+class RegulatoryComplianceResults(AzureResources):
+
+    def __init__(self, facade: AzureFacade, subscription_id: str):
+        super(RegulatoryComplianceResults, self).__init__(facade)
+        self.subscription_id = subscription_id
+
+    async def fetch_all(self):
+        for raw_regulatory_compliance_result in await self.facade.securitycenter.get_regulatory_compliance_results(self.subscription_id):
+            id, regulatory_compliance_result = self._parse_regulatory_compliance_result(raw_regulatory_compliance_result)
+            self[id] = regulatory_compliance_result
+
+    def _parse_regulatory_compliance_result(self, raw_regulatory_compliance_result):
+        regulatory_compliance_result_dict = {}
+        regulatory_compliance_result_dict['id'] = get_non_provider_id(raw_regulatory_compliance_result.id)
+        regulatory_compliance_result_dict['name'] = '{} {}'.format(raw_regulatory_compliance_result.standard_name,
+                                                                   raw_regulatory_compliance_result.name)
+        regulatory_compliance_result_dict['reference'] = raw_regulatory_compliance_result.name
+        regulatory_compliance_result_dict['standard_name'] = raw_regulatory_compliance_result.standard_name
+        regulatory_compliance_result_dict['type'] = raw_regulatory_compliance_result.type
+        regulatory_compliance_result_dict['description'] = raw_regulatory_compliance_result.description
+        regulatory_compliance_result_dict['state'] = raw_regulatory_compliance_result.state
+        regulatory_compliance_result_dict['passed_assessments'] = raw_regulatory_compliance_result.passed_assessments
+        regulatory_compliance_result_dict['failed_assessments'] = raw_regulatory_compliance_result.failed_assessments
+        regulatory_compliance_result_dict['skipped_assessments'] = raw_regulatory_compliance_result.skipped_assessments
+        regulatory_compliance_result_dict['additional_properties'] = raw_regulatory_compliance_result.additional_properties
+        return regulatory_compliance_result_dict['id'], regulatory_compliance_result_dict

From d045e2fe72a347fcbbd942024573959eef93f32b Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Sun, 16 Feb 2020 20:46:17 +0100
Subject: [PATCH 099/145] Reformat code

---
 .../securitycenter/regulatory_compliance_results.py      | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/ScoutSuite/providers/azure/resources/securitycenter/regulatory_compliance_results.py b/ScoutSuite/providers/azure/resources/securitycenter/regulatory_compliance_results.py
index 2d4b0876f..5a2d06abc 100644
--- a/ScoutSuite/providers/azure/resources/securitycenter/regulatory_compliance_results.py
+++ b/ScoutSuite/providers/azure/resources/securitycenter/regulatory_compliance_results.py
@@ -10,8 +10,10 @@ def __init__(self, facade: AzureFacade, subscription_id: str):
         self.subscription_id = subscription_id
 
     async def fetch_all(self):
-        for raw_regulatory_compliance_result in await self.facade.securitycenter.get_regulatory_compliance_results(self.subscription_id):
-            id, regulatory_compliance_result = self._parse_regulatory_compliance_result(raw_regulatory_compliance_result)
+        for raw_regulatory_compliance_result in await \
+                self.facade.securitycenter.get_regulatory_compliance_results(self.subscription_id):
+            id, regulatory_compliance_result = \
+                self._parse_regulatory_compliance_result(raw_regulatory_compliance_result)
             self[id] = regulatory_compliance_result
 
     def _parse_regulatory_compliance_result(self, raw_regulatory_compliance_result):
@@ -27,5 +29,6 @@ def _parse_regulatory_compliance_result(self, raw_regulatory_compliance_result):
         regulatory_compliance_result_dict['passed_assessments'] = raw_regulatory_compliance_result.passed_assessments
         regulatory_compliance_result_dict['failed_assessments'] = raw_regulatory_compliance_result.failed_assessments
         regulatory_compliance_result_dict['skipped_assessments'] = raw_regulatory_compliance_result.skipped_assessments
-        regulatory_compliance_result_dict['additional_properties'] = raw_regulatory_compliance_result.additional_properties
+        regulatory_compliance_result_dict['additional_properties'] = \
+            raw_regulatory_compliance_result.additional_properties
         return regulatory_compliance_result_dict['id'], regulatory_compliance_result_dict

From 8a08c040a317dc769b6dadb8eec35ade9e5daa59 Mon Sep 17 00:00:00 2001
From: Pau Risa <pau.risa@gmail.com>
Date: Tue, 18 Feb 2020 17:53:24 +0100
Subject: [PATCH 100/145] Deleted regions filter on navbar

Deleted the regions filters on the navbar, added the name of the cloud provider to the CLI output and fixed some typos. #647
---
 ScoutSuite/__main__.py                         |  2 +-
 ScoutSuite/core/server.py                      | 18 +++++++++---------
 .../output/data/html/partials/metadata.html    |  5 -----
 .../data/html/partials/regionfilters.html      | 10 ----------
 4 files changed, 10 insertions(+), 25 deletions(-)
 delete mode 100644 ScoutSuite/output/data/html/partials/regionfilters.html

diff --git a/ScoutSuite/__main__.py b/ScoutSuite/__main__.py
index 8e58dfcfb..98159a2e8 100644
--- a/ScoutSuite/__main__.py
+++ b/ScoutSuite/__main__.py
@@ -177,7 +177,7 @@ async def _run(provider,
 
     print_info('Launching Scout')
 
-    print_info('Authenticating to cloud provider')
+    print_info('Authenticating to %s cloud provider' % provider.upper())
     auth_strategy = get_authentication_strategy(provider)
     try:
         credentials = auth_strategy.authenticate(profile=profile,
diff --git a/ScoutSuite/core/server.py b/ScoutSuite/core/server.py
index c7a388669..13d342777 100644
--- a/ScoutSuite/core/server.py
+++ b/ScoutSuite/core/server.py
@@ -25,7 +25,7 @@ def __init__(self, filename):
     @cherrypy.tools.json_out()
     def summary(self):
         """
-        Returns the stripped down data of the results that doesn't scale up when using a lot of ressources,
+        Returns the stripped down data of the results that doesn't scale up when using a lot of resources,
         used to render the summary.
         Should be the first call from the server.
         Can be found at GET /api/summary
@@ -48,8 +48,8 @@ def summary(self):
     @cherrypy.tools.json_out()
     def data(self, key=None):
         """
-        Return the data at the requested key. Doesn't returns nested dictionnaries and lists.
-        If one of the value is a dictionnary, it will return {'type': 'dict', 'keys': <Array of all the keys>}
+        Return the data at the requested key. Doesn't returns nested dictionaries and lists.
+        If one of the value is a dictionary, it will return {'type': 'dict', 'keys': <Array of all the keys>}
         If one of the value is a list, it will return {'type': 'list', 'count': <number of elements in the list>}
 
         Can be found at GET /api/data?key=<KEY>
@@ -85,9 +85,9 @@ def full(self, key=None):
     @cherrypy.tools.json_out()
     def page(self, key=None, page=None, pagesize=None):
         """
-        Return a page of the data at the requested key. Doesn't returns nested dictionnaries and lists.
+        Return a page of the data at the requested key. Doesn't returns nested dictionaries and lists.
         For example, if you set pagesize=10 and page=2, it should return element 10-19
-        If one of the value is a dictionnary, it will return {'type': 'dict', 'keys': <Array of all the keys>}
+        If one of the value is a dictionary, it will return {'type': 'dict', 'keys': <Array of all the keys>}
         If one of the value is a list, it will return {'type': 'list', 'count': <number of elements in the list>}
 
         Can be found at GET /api/page?key=<KEY>&page=<PAGE>&pagesize=<PAGESIZE>
@@ -138,9 +138,9 @@ def init(database_filename, host, port):
     @staticmethod
     def get_item(data, key):
         """
-        Get a specific informations from its key.
+        Get a specific information from its key.
 
-        :param data:                    The dictionnary in which the information is stored.
+        :param data:                    The dictionary in which the information is stored.
         :param host:                    The key where the information is located.
         :return:                        The nested data at the requested location.
         """
@@ -158,10 +158,10 @@ def get_item(data, key):
     @staticmethod
     def strip_nested_data(data):
         """
-        Strip nested lists and dictionnaries from the provided object to reduce its size.
+        Strip nested lists and dictionaries from the provided object to reduce its size.
 
         :param data:                    The object to strip.
-        :return:                        The input data stripped of its nested lists and dictionnaries.
+        :return:                        The input data stripped of its nested lists and dictionaries.
         """
         if not isinstance(data, dict):
             return data
diff --git a/ScoutSuite/output/data/html/partials/metadata.html b/ScoutSuite/output/data/html/partials/metadata.html
index 49fc97e16..1fbfbbbed 100644
--- a/ScoutSuite/output/data/html/partials/metadata.html
+++ b/ScoutSuite/output/data/html/partials/metadata.html
@@ -70,11 +70,6 @@
             </ul>
 
             <ul class="nav navbar-nav ml-auto">
-              <li class="nav-item dropdown">
-                <a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown">Regions</a>
-                <ul class="dropdown-menu" id="regions.list">
-                </ul>
-              </li>
               <li class="nav-item dropdown">
                 <a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown">Filters</a>
                 <ul class="dropdown-menu" id="filters.list">
diff --git a/ScoutSuite/output/data/html/partials/regionfilters.html b/ScoutSuite/output/data/html/partials/regionfilters.html
deleted file mode 100644
index 4c2adf71e..000000000
--- a/ScoutSuite/output/data/html/partials/regionfilters.html
+++ /dev/null
@@ -1,10 +0,0 @@
-<!-- Filters -->
-<script id="regions.list.template" type="text/x-handlebars-template">
-    {{#each items}}
-        {{#if regions}}
-            {{#each regions}}
-                <li id="regionfilters.{{@../key}}.regions.{{@key}}"><a class="dropdown-item" href="javascript:setFilterUrl('{{@key}}');">{{@key}}</a></li>
-            {{/each}}
-        {{/if}}
-    {{/each}}
-</script>

From a572eb084a13c8d24301ab9bb88787c093448557 Mon Sep 17 00:00:00 2001
From: Pau Risa <pau.risa@nccgroup.com>
Date: Wed, 19 Feb 2020 17:13:18 +0100
Subject: [PATCH 101/145] Added extra padding at the end of the Base64 value to
 avoid decoding errors

---
 ScoutSuite/providers/aws/facade/ec2.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ScoutSuite/providers/aws/facade/ec2.py b/ScoutSuite/providers/aws/facade/ec2.py
index f37cdb400..297962401 100644
--- a/ScoutSuite/providers/aws/facade/ec2.py
+++ b/ScoutSuite/providers/aws/facade/ec2.py
@@ -32,7 +32,8 @@ async def get_instance_user_data(self, region: str, instance_id: str):
             if 'Value' not in user_data_response['UserData'].keys():
                 return None
             else:
-                value = base64.b64decode(user_data_response['UserData']['Value'])
+                value = base64.b64decode(user_data_response['UserData']['Value'] + "===")  # Adds extra padding at the
+                # end to the base64 value to avoid decoding errors
                 if value[0:2] == b'\x1f\x8b':  # GZIP magic number
                     return zlib.decompress(value, zlib.MAX_WBITS | 32).decode('utf-8')
                 else:

From d65754ca8b53167b54a939e4d70f9e2e231ceb39 Mon Sep 17 00:00:00 2001
From: Pau Risa <pau.risa@nccgroup.com>
Date: Wed, 19 Feb 2020 18:17:10 +0100
Subject: [PATCH 102/145] Handled the padding exception and added extra padding
 to try and decode the User Data

---
 ScoutSuite/providers/aws/facade/ec2.py | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/ScoutSuite/providers/aws/facade/ec2.py b/ScoutSuite/providers/aws/facade/ec2.py
index 297962401..bf2aa5da6 100644
--- a/ScoutSuite/providers/aws/facade/ec2.py
+++ b/ScoutSuite/providers/aws/facade/ec2.py
@@ -32,12 +32,22 @@ async def get_instance_user_data(self, region: str, instance_id: str):
             if 'Value' not in user_data_response['UserData'].keys():
                 return None
             else:
-                value = base64.b64decode(user_data_response['UserData']['Value'] + "===")  # Adds extra padding at the
-                # end to the base64 value to avoid decoding errors
-                if value[0:2] == b'\x1f\x8b':  # GZIP magic number
-                    return zlib.decompress(value, zlib.MAX_WBITS | 32).decode('utf-8')
-                else:
-                    return value.decode('utf-8')
+                try:
+                    value = base64.b64decode(user_data_response['UserData']['Value'])
+                    if value[0:2] == b'\x1f\x8b':  # GZIP magic number
+                        return zlib.decompress(value, zlib.MAX_WBITS | 32).decode('utf-8')
+                    else:
+                        return value.decode('utf-8')
+                except base64.binascii.Error as e:
+                    print_exception(
+                        'Encoded UserData in Base64 has an incorrect padding')
+                finally:
+                    value = base64.b64decode(user_data_response['UserData']['Value'] + "===")  # Adds extra padding at
+                    # the end to the base64 value to avoid decoding errors
+                    if value[0:2] == b'\x1f\x8b':  # GZIP magic number
+                        return zlib.decompress(value, zlib.MAX_WBITS | 32).decode('utf-8')
+                    else:
+                        return value.decode('utf-8')
 
     async def get_instances(self, region: str, vpc: str):
         filters = [{'Name': 'vpc-id', 'Values': [vpc]}]

From e41dcc20845ba698ae22bfce198bd3164582b8a6 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Thu, 20 Feb 2020 17:20:48 +0100
Subject: [PATCH 103/145] Add basic support for AWS Secrets Manager

---
 ...ces.secretsmanager.regions.id.secrets.html | 25 ++++++++++++++++++
 .../output/data/inc-scoutsuite/scoutsuite.js  |  2 ++
 ScoutSuite/providers/aws/facade/base.py       |  2 ++
 .../providers/aws/facade/secretsmanager.py    | 12 +++++++++
 ScoutSuite/providers/aws/metadata.json        |  8 ++++++
 .../aws/resources/secretsmanager/__init__.py  |  0
 .../aws/resources/secretsmanager/base.py      | 13 ++++++++++
 .../aws/resources/secretsmanager/secrets.py   | 26 +++++++++++++++++++
 ScoutSuite/providers/aws/services.py          |  2 ++
 ScoutSuite/utils.py                           |  1 +
 10 files changed, 91 insertions(+)
 create mode 100644 ScoutSuite/output/data/html/partials/aws/services.secretsmanager.regions.id.secrets.html
 create mode 100644 ScoutSuite/providers/aws/facade/secretsmanager.py
 create mode 100644 ScoutSuite/providers/aws/resources/secretsmanager/__init__.py
 create mode 100644 ScoutSuite/providers/aws/resources/secretsmanager/base.py
 create mode 100644 ScoutSuite/providers/aws/resources/secretsmanager/secrets.py

diff --git a/ScoutSuite/output/data/html/partials/aws/services.secretsmanager.regions.id.secrets.html b/ScoutSuite/output/data/html/partials/aws/services.secretsmanager.regions.id.secrets.html
new file mode 100644
index 000000000..caab24cb8
--- /dev/null
+++ b/ScoutSuite/output/data/html/partials/aws/services.secretsmanager.regions.id.secrets.html
@@ -0,0 +1,25 @@
+<!-- secretsmanager secrets -->
+<script id="services.secretsmanager.regions.id.secrets.partial" type="text/x-handlebars-template">
+    <div id="resource-name" class="list-group-item active">
+        <h4 class="list-group-item-heading">{{name}}</h4>
+    </div>
+    <div class="list-group-item">
+        <h4 class="list-group-item-heading">Information</h4>
+        <div class="list-group-item-text item-margin">Name: <span id="secretsmanager.regions.{{region}}.secrets.{{@key}}.name"><samp>{{value_or_none name}}</samp></span></div>
+        <div class="list-group-item-text item-margin">ARN: <span id="secretsmanager.regions.{{region}}.secrets.{{@key}}.arn"><samp>{{value_or_none arn}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Description: <span id="secretsmanager.regions.{{region}}.secrets.{{@key}}.description"><samp>{{value_or_none description}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Last Changed Date: <span id="secretsmanager.regions.{{region}}.secrets.{{@key}}.last_changed_date"><samp>{{format_date last_changed_date}}</samp></span></div>
+    </div>
+</script>
+
+<script>
+    Handlebars.registerPartial("services.secretsmanager.regions.id.secrets", $("#services\\.secretsmanager\\.regions\\.id\\.secrets\\.partial").html());
+</script>
+
+<!-- Single secretsmanager secret template -->
+<script id="single_secretsmanager_secret-template" type="text/x-handlebars-template">
+    {{> modal-template template='services.secretsmanager.regions.id.secrets'}}
+</script>
+<script>
+    var single_secretsmanager_secret_template = Handlebars.compile($("#single_secretsmanager_secret-template").html());
+</script>
diff --git a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js
index 6f4aa6e5f..cdd2b6b65 100644
--- a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js
+++ b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js
@@ -1174,6 +1174,8 @@ function makeTitle(title) {
         return 'Lambda'
     } else if (title === 'dynamodb') {
         return 'DynamoDB'
+    } else if (title === 'secretsmanager') {
+        return 'Secrets Manager'
     } else if (title === 'elasticache') {
         return 'ElastiCache'
     } else if (title === 'redshift') {
diff --git a/ScoutSuite/providers/aws/facade/base.py b/ScoutSuite/providers/aws/facade/base.py
index ae762edbb..5b81f3ad5 100644
--- a/ScoutSuite/providers/aws/facade/base.py
+++ b/ScoutSuite/providers/aws/facade/base.py
@@ -23,6 +23,7 @@
 from ScoutSuite.providers.aws.facade.ses import SESFacade
 from ScoutSuite.providers.aws.facade.sns import SNSFacade
 from ScoutSuite.providers.aws.facade.sqs import SQSFacade
+from ScoutSuite.providers.aws.facade.secretsmanager import SecretsManagerFacade
 from ScoutSuite.providers.aws.utils import get_aws_account_id
 from ScoutSuite.providers.utils import run_concurrently
 
@@ -95,6 +96,7 @@ def _instantiate_facades(self):
         self.ses = SESFacade(self.session)
         self.sns = SNSFacade(self.session)
         self.sqs = SQSFacade(self.session)
+        self.secretsmanager = SecretsManagerFacade(self.session)
 
         # Instantiate facades for proprietary services
         try:
diff --git a/ScoutSuite/providers/aws/facade/secretsmanager.py b/ScoutSuite/providers/aws/facade/secretsmanager.py
new file mode 100644
index 000000000..2ed8c6a77
--- /dev/null
+++ b/ScoutSuite/providers/aws/facade/secretsmanager.py
@@ -0,0 +1,12 @@
+from ScoutSuite.core.console import print_exception
+from ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade
+from ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils
+
+
+class SecretsManagerFacade(AWSBaseFacade):
+    async def get_secrets(self, region):
+        try:
+            return await AWSFacadeUtils.get_all_pages('secretsmanager', region, self.session, 'list_secrets', 'SecretList')
+        except Exception as e:
+            print_exception('Failed to get Secrets Manager secrets: {}'.format(e))
+            return []
diff --git a/ScoutSuite/providers/aws/metadata.json b/ScoutSuite/providers/aws/metadata.json
index 8ee465a04..2dda7201d 100644
--- a/ScoutSuite/providers/aws/metadata.json
+++ b/ScoutSuite/providers/aws/metadata.json
@@ -303,6 +303,14 @@
                     "path": "services.kms.regions.id.keys"
                 }
             }
+        },
+        "secretsmanager" : {
+            "resources": {
+                "secrets": {
+                    "cols": 2,
+                    "path": "services.secretsmanager.regions.id.secrets"
+                }
+            }
         }
     },
     "database": {
diff --git a/ScoutSuite/providers/aws/resources/secretsmanager/__init__.py b/ScoutSuite/providers/aws/resources/secretsmanager/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/ScoutSuite/providers/aws/resources/secretsmanager/base.py b/ScoutSuite/providers/aws/resources/secretsmanager/base.py
new file mode 100644
index 000000000..f0ca00fdc
--- /dev/null
+++ b/ScoutSuite/providers/aws/resources/secretsmanager/base.py
@@ -0,0 +1,13 @@
+from ScoutSuite.providers.aws.facade.base import AWSFacade
+from ScoutSuite.providers.aws.resources.regions import Regions
+
+from .secrets import Secrets
+
+
+class SecretsManager(Regions):
+    _children = [
+        (Secrets, 'secrets')
+    ]
+
+    def __init__(self, facade: AWSFacade):
+        super(SecretsManager, self).__init__('sqs', facade)
diff --git a/ScoutSuite/providers/aws/resources/secretsmanager/secrets.py b/ScoutSuite/providers/aws/resources/secretsmanager/secrets.py
new file mode 100644
index 000000000..6a7a377bc
--- /dev/null
+++ b/ScoutSuite/providers/aws/resources/secretsmanager/secrets.py
@@ -0,0 +1,26 @@
+import json
+
+from ScoutSuite.providers.aws.facade.base import AWSFacade
+from ScoutSuite.providers.aws.resources.base import AWSResources
+
+
+class Secrets(AWSResources):
+    def __init__(self, facade: AWSFacade, region: str):
+        super(Secrets, self).__init__(facade)
+        self.region = region
+
+    async def fetch_all(self):
+        for raw_secret in await self.facade.secretsmanager.get_secrets(self.region):
+            id, secret = self._parse_secret(raw_secret)
+            self[id] = secret
+
+    def _parse_secret(self, raw_secret):
+        secret_dict = {}
+        secret_dict['arn'] = secret_dict['id'] = raw_secret.get('ARN')
+        secret_dict['name'] = raw_secret.get('Name')
+        secret_dict['description'] = raw_secret.get('Description')
+        secret_dict['last_changed_date'] = raw_secret.get('LastChangedDate')
+        secret_dict['tags'] = raw_secret.get('Tags')
+        secret_dict['secret_versions_to_stages'] = raw_secret.get('SecretVersionsToStages')
+        return secret_dict['id'], secret_dict
+
diff --git a/ScoutSuite/providers/aws/services.py b/ScoutSuite/providers/aws/services.py
index aa5fa2c0d..1835ac427 100644
--- a/ScoutSuite/providers/aws/services.py
+++ b/ScoutSuite/providers/aws/services.py
@@ -22,6 +22,7 @@
 from ScoutSuite.providers.aws.resources.sns.base import SNS
 from ScoutSuite.providers.aws.resources.sqs.base import SQS
 from ScoutSuite.providers.aws.resources.vpc.base import VPC
+from ScoutSuite.providers.aws.resources.secretsmanager.base import SecretsManager
 from ScoutSuite.providers.base.services import BaseServicesConfig
 
 # Try to import proprietary services
@@ -79,6 +80,7 @@ def __init__(self, credentials=None, **kwargs):
         self.sns = SNS(facade)
         self.sqs = SQS(facade)
         self.vpc = VPC(facade)
+        self.secretsmanager = SecretsManager(facade)
 
         # Instantiate proprietary services
         try:
diff --git a/ScoutSuite/utils.py b/ScoutSuite/utils.py
index d5a1065f8..252f7bc60 100644
--- a/ScoutSuite/utils.py
+++ b/ScoutSuite/utils.py
@@ -16,6 +16,7 @@
     'awslambda': 'Lambda',
     'redshift': 'RedShift',
     'route53': 'Route53',
+    'secretsmanager': 'Secrets Manager',
     # Azure
     'storageaccounts': 'Storage Accounts',
     'sqldatabase': 'SQL Database',

From 92eb1e78cd67dee608dbc21e2312a1f9121ba543 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Thu, 20 Feb 2020 17:26:58 +0100
Subject: [PATCH 104/145] Revert change

---
 ScoutSuite/__main__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ScoutSuite/__main__.py b/ScoutSuite/__main__.py
index 98159a2e8..8e58dfcfb 100644
--- a/ScoutSuite/__main__.py
+++ b/ScoutSuite/__main__.py
@@ -177,7 +177,7 @@ async def _run(provider,
 
     print_info('Launching Scout')
 
-    print_info('Authenticating to %s cloud provider' % provider.upper())
+    print_info('Authenticating to cloud provider')
     auth_strategy = get_authentication_strategy(provider)
     try:
         credentials = auth_strategy.authenticate(profile=profile,

From 5dc6458c3733593d4229df7cf0ccec7a783ea44e Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Thu, 20 Feb 2020 17:44:56 +0100
Subject: [PATCH 105/145] Updated fix

---
 ScoutSuite/providers/aws/facade/ec2.py | 25 +++++++++++--------------
 1 file changed, 11 insertions(+), 14 deletions(-)

diff --git a/ScoutSuite/providers/aws/facade/ec2.py b/ScoutSuite/providers/aws/facade/ec2.py
index bf2aa5da6..7eb73e60c 100644
--- a/ScoutSuite/providers/aws/facade/ec2.py
+++ b/ScoutSuite/providers/aws/facade/ec2.py
@@ -33,21 +33,18 @@ async def get_instance_user_data(self, region: str, instance_id: str):
                 return None
             else:
                 try:
-                    value = base64.b64decode(user_data_response['UserData']['Value'])
-                    if value[0:2] == b'\x1f\x8b':  # GZIP magic number
-                        return zlib.decompress(value, zlib.MAX_WBITS | 32).decode('utf-8')
-                    else:
-                        return value.decode('utf-8')
+                    return await self._decode_user_data(user_data_response['UserData']['Value'])
                 except base64.binascii.Error as e:
-                    print_exception(
-                        'Encoded UserData in Base64 has an incorrect padding')
-                finally:
-                    value = base64.b64decode(user_data_response['UserData']['Value'] + "===")  # Adds extra padding at
-                    # the end to the base64 value to avoid decoding errors
-                    if value[0:2] == b'\x1f\x8b':  # GZIP magic number
-                        return zlib.decompress(value, zlib.MAX_WBITS | 32).decode('utf-8')
-                    else:
-                        return value.decode('utf-8')
+                    return await self._decode_user_data(base64.b64decode(user_data_response['UserData']['Value'] + "==="))
+                except Exception as e:
+                    print_exception('Unable to decode EC2 instance user data: {}'.format(e))
+
+    async def _decode_user_data(self, user_data):
+        value = base64.b64decode(user_data)
+        if value[0:2] == b'\x1f\x8b':  # GZIP magic number
+            return zlib.decompress(value, zlib.MAX_WBITS | 32).decode('utf-8')
+        else:
+            return value.decode('utf-8')
 
     async def get_instances(self, region: str, vpc: str):
         filters = [{'Name': 'vpc-id', 'Values': [vpc]}]

From 7237a241f921ea6e2fd3fdd156274b8a04e1d868 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 21 Feb 2020 10:37:46 +0100
Subject: [PATCH 106/145] Update rationale

---
 .../aws/rules/findings/ec2-security-group-whitelists-aws.json    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-aws.json b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-aws.json
index 1b788363d..9cfad2a5d 100644
--- a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-aws.json
+++ b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-aws.json
@@ -2,6 +2,7 @@
     "description": "Security group whitelists AWS CIDRs",
     "path": "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id.cidrs.id.CIDR",
     "display_path": "ec2.regions.id.vpcs.id.security_groups.id",
+    "rationale": "<b>Description:</b><br><br>The AWS IP ranges contain addresses which can be assigned to EC2 instances in any AWS account, as well as services which can be used to interact with any AWS account. Consequently, allowing these ranges potentially exposes your AWS account to external interactions.",
     "dashboard_name": "Rules",
     "conditions": [ "and",
         [ "this", "inSubnets", "_IP_RANGES_FROM_FILE_(aws/ip-ranges/aws.json, [])" ]

From 6cb6ec93af876da3f53f0589e3aa98cdae1e6e08 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Sun, 23 Feb 2020 16:43:51 +0100
Subject: [PATCH 107/145] Add Azure App Service and findings

---
 ....appservice.subscriptions.id.web_apps.html |  57 ++++++++++
 .../providers/azure/facade/appservice.py      |  53 +++++++++
 ScoutSuite/providers/azure/facade/base.py     |  10 +-
 .../azure/resources/appservice/base.py        |   9 ++
 .../azure/resources/appservice/web_apps.py    | 105 ++++++++++++++++++
 .../appservice-authentication-disabled.json   |  17 +++
 ...pservice-client-certificates-disabled.json |  17 +++
 .../findings/appservice-http-2-disabled.json  |  17 +++
 .../findings/appservice-http-allowed.json     |  17 +++
 ...e-managed-service-identities-disabled.json |  18 +++
 .../findings/appservice-tls-v1-supported.json |  17 +++
 ...-outdated-progamming-language-version.json |  23 ++++
 ScoutSuite/providers/azure/services.py        |  10 +-
 13 files changed, 354 insertions(+), 16 deletions(-)
 create mode 100644 ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html
 create mode 100644 ScoutSuite/providers/azure/facade/appservice.py
 create mode 100644 ScoutSuite/providers/azure/resources/appservice/base.py
 create mode 100644 ScoutSuite/providers/azure/resources/appservice/web_apps.py
 create mode 100644 ScoutSuite/providers/azure/rules/findings/appservice-authentication-disabled.json
 create mode 100644 ScoutSuite/providers/azure/rules/findings/appservice-client-certificates-disabled.json
 create mode 100644 ScoutSuite/providers/azure/rules/findings/appservice-http-2-disabled.json
 create mode 100644 ScoutSuite/providers/azure/rules/findings/appservice-http-allowed.json
 create mode 100644 ScoutSuite/providers/azure/rules/findings/appservice-managed-service-identities-disabled.json
 create mode 100644 ScoutSuite/providers/azure/rules/findings/appservice-tls-v1-supported.json
 create mode 100644 ScoutSuite/providers/azure/rules/findings/appservice-webapp-using-outdated-progamming-language-version.json

diff --git a/ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html b/ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html
new file mode 100644
index 000000000..723b31c11
--- /dev/null
+++ b/ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html
@@ -0,0 +1,57 @@
+<!-- appservice web_apps -->
+<script id="services.appservice.subscriptions.id.web_apps.partial" type="text/x-handlebars-template">
+    <div id="resource-name" class="list-group-item active">
+        <h4 class="list-group-item-heading">{{name}}</h4>
+    </div>
+    <div class="list-group-item">
+        <h4 class="list-group-item-heading">Information</h4>
+        <div class="list-group-item-text item-margin">Name: <span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.name"><samp>{{value_or_none name}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Location: <span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.location"><samp>{{value_or_none location}}</samp></span></div>
+        <div class="list-group-item-text item-margin">State: <span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.state"><samp>{{value_or_none state}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Usage State: <span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.usage_state"><samp>{{value_or_none usage_state}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Availability State: <span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.availability_state"><samp>{{value_or_none availability_state}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Last Modified Time:<span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.last_modified_time_utc">{{format_date last_modified_time_utc}}</span></div>
+        <div class="list-group-item-text item-margin">HTTPS-Only Traffic: <span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.https_only">{{convert_bool_to_enabled https_only}}</span></div>
+        <div class="list-group-item-text item-margin">HTTPS 2.0 Support: <span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.http_2_enabled">{{convert_bool_to_enabled http_2_enabled}}</span></div>
+        <div class="list-group-item-text item-margin">Minimum TLS Version Supported: <span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.minimum_tls_supported"><samp>{{value_or_none minimum_tls_version_supported}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Authentication: <span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.authentication_enabled"><samp>{{convert_bool_to_enabled authentication_enabled}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Resource Group: <span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.resource_group"><samp>{{value_or_none resource_group}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Kind: <span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.kind"><samp>{{value_or_none kind}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Outbound IP Addresses: <span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.outbound_ip_addresses"><samp>{{value_or_none outbound_ip_addresses}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Possible Outbound IP Addresses: <span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.possible_outbound_ip_addresses"><samp>{{value_or_none possible_outbound_ip_addresses}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Client Certificates: <span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.client_cert_enabled"><samp>{{convert_bool_to_enabled client_cert_enabled}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Default Host Name: <span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.default_host_name"><samp>{{value_or_none default_host_name}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Host Names: <span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.host_names"><samp>{{value_or_none host_names}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Host Names: <span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.enabled_host_names"><samp>{{convert_bool_to_enabled enabled_host_names}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Repository Site Name: <span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.repository_site_name"><samp>{{value_or_none repository_site_name}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Traffic Manager Host Names: <span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.traffic_manager_host_names"><samp>{{value_or_none traffic_manager_host_names}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Programming Language: <span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.programming_language"><samp>{{value_or_none programming_language}}</samp></span></div>
+        <div class="list-group-item-text item-margin">Programming Language Version: <span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.programming_language_version"><samp>{{value_or_none programming_language_version}}</samp></span></div>
+        <h4 class="list-group-item-heading accordion-heading">
+        <span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.identity">Identities</span>
+        </h4>
+        <div class="list-group-item-text item-margin">System Assigned Identity: <span id="appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.identity.managed_principal_id"><samp>{{value_or_none identity.principal_id}}</samp></span></div>
+        {{#if identity.user_assigned_identities}}
+        <div class="list-group-item-text item-margin">
+            User Assigned Identities:
+            {{#each identity.user_assigned_identities}}
+            <ul>
+                <li><samp>{{this.principal_id}}</samp></li>
+            </ul>
+            {{/each}}
+        </div>
+        {{/if}}
+    </div>
+</script>
+
+<script>
+    Handlebars.registerPartial("services.appservice.subscriptions.id.web_apps", $("#services\\.appservice\\.subscriptions\\.id\\.web_apps\\.partial").html());
+</script>
+
+<!-- Single appservice web_app template -->
+<script id="single_appservice_web_app-template" type="text/x-handlebars-template">
+    {{> modal-template template='services.appservice.subscriptions.id.web_apps'}}
+</script>
+<script>
+    var single_appservice_web_app_template = Handlebars.compile($("#single_appservice_web_app-template").html());
+</script>
diff --git a/ScoutSuite/providers/azure/facade/appservice.py b/ScoutSuite/providers/azure/facade/appservice.py
new file mode 100644
index 000000000..9109b9351
--- /dev/null
+++ b/ScoutSuite/providers/azure/facade/appservice.py
@@ -0,0 +1,53 @@
+from azure.mgmt.web import WebSiteManagementClient
+
+from ScoutSuite.core.console import print_exception
+from ScoutSuite.providers.azure.utils import get_resource_group_name
+from ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently
+
+
+class AppServiceFacade:
+
+    def __init__(self, credentials):
+        self.credentials = credentials
+
+    def get_client(self, subscription_id: str):
+        return WebSiteManagementClient(self.credentials.arm_credentials, subscription_id=subscription_id)
+
+    async def get_web_apps(self, subscription_id: str):
+        try:
+            client = self.get_client(subscription_id)
+            web_apps = await run_concurrently(
+                lambda: list(client.web_apps.list())
+            )
+        except Exception as e:
+            print_exception('Failed to retrieve web apps: {}'.format(e))
+            return []
+        else:
+            await get_and_set_concurrently([self._get_and_set_web_app_configuration], web_apps, api_client=client)
+            await get_and_set_concurrently([self._get_and_set_web_app_auth_settings], web_apps, api_client=client)
+            return web_apps
+
+    async def _get_and_set_web_app_configuration(self, web_app, api_client):
+        resource_group_name = get_resource_group_name(web_app.id)
+        try:
+            web_app_config = await run_concurrently(
+                lambda: api_client.web_apps.get_configuration(resource_group_name, web_app.name)
+            )
+        except Exception as e:
+            print_exception('Failed to retrieve web app configuration: {}'.format(e))
+            setattr(web_app, 'config', None)
+        else:
+            setattr(web_app, 'config', web_app_config)
+
+    async def _get_and_set_web_app_auth_settings(self, web_app, api_client):
+        resource_group_name = get_resource_group_name(web_app.id)
+        try:
+            web_app_auth_settings = await run_concurrently(
+                lambda: api_client.web_apps.get_auth_settings(resource_group_name=resource_group_name,
+                                                              name=web_app.name)
+            )
+        except Exception as e:
+            print_exception('Failed to retrieve web app auth settings: {}'.format(e))
+            setattr(web_app, 'auth_settings', None)
+        else:
+            setattr(web_app, 'auth_settings', web_app_auth_settings)
diff --git a/ScoutSuite/providers/azure/facade/base.py b/ScoutSuite/providers/azure/facade/base.py
index 6dec8b7c2..58955d5a0 100644
--- a/ScoutSuite/providers/azure/facade/base.py
+++ b/ScoutSuite/providers/azure/facade/base.py
@@ -7,6 +7,7 @@
 from ScoutSuite.providers.azure.facade.sqldatabase import SQLDatabaseFacade
 from ScoutSuite.providers.azure.facade.storageaccounts import StorageAccountsFacade
 from ScoutSuite.providers.azure.facade.virtualmachines import VirtualMachineFacade
+from ScoutSuite.providers.azure.facade.appservice import AppServiceFacade
 
 from azure.mgmt.resource import SubscriptionClient
 
@@ -17,10 +18,6 @@
     from ScoutSuite.providers.azure.facade.appgateway_private import AppGatewayFacade
 except ImportError:
     pass
-try:
-    from ScoutSuite.providers.azure.facade.appservice_private import AppServiceFacade
-except ImportError:
-    pass
 try:
     from ScoutSuite.providers.azure.facade.loadbalancer_private import LoadBalancerFacade
 except ImportError:
@@ -52,16 +49,13 @@ def __init__(self,
         self.securitycenter = SecurityCenterFacade(credentials)
         self.sqldatabase = SQLDatabaseFacade(credentials)
         self.storageaccounts = StorageAccountsFacade(credentials)
+        self.appservice = AppServiceFacade(credentials)
 
         # Instantiate facades for proprietary services
         try:
             self.appgateway = AppGatewayFacade(credentials)
         except NameError:
             pass
-        try:
-            self.appservice = AppServiceFacade(credentials)
-        except NameError:
-            pass
         try:
             self.loadbalancer = LoadBalancerFacade(credentials)
         except NameError:
diff --git a/ScoutSuite/providers/azure/resources/appservice/base.py b/ScoutSuite/providers/azure/resources/appservice/base.py
new file mode 100644
index 000000000..de1b73d35
--- /dev/null
+++ b/ScoutSuite/providers/azure/resources/appservice/base.py
@@ -0,0 +1,9 @@
+from ScoutSuite.providers.azure.resources.subscriptions import Subscriptions
+
+from .web_apps import WebApplication
+
+
+class AppServices(Subscriptions):
+    _children = [
+        (WebApplication, 'web_apps')
+    ]
diff --git a/ScoutSuite/providers/azure/resources/appservice/web_apps.py b/ScoutSuite/providers/azure/resources/appservice/web_apps.py
new file mode 100644
index 000000000..b1ee7691d
--- /dev/null
+++ b/ScoutSuite/providers/azure/resources/appservice/web_apps.py
@@ -0,0 +1,105 @@
+from ScoutSuite.providers.azure.facade.base import AzureFacade
+from ScoutSuite.providers.azure.resources.base import AzureResources
+from ScoutSuite.providers.utils import get_non_provider_id
+
+
+class WebApplication(AzureResources):
+
+    def __init__(self, facade: AzureFacade, subscription_id: str):
+        super(WebApplication, self).__init__(facade)
+        self.subscription_id = subscription_id
+
+    async def fetch_all(self):
+        for raw_web_app in await self.facade.appservice.get_web_apps(self.subscription_id):
+            id, web_app = self._parse_web_app(raw_web_app)
+            self[id] = web_app
+
+    def _parse_web_app(self, raw_web_app):
+
+        web_app_dict = {}
+        web_app_dict['id'] = get_non_provider_id(raw_web_app.id)
+        web_app_dict['name'] = raw_web_app.name
+        web_app_dict['kind'] = raw_web_app.kind
+        web_app_dict['location'] = raw_web_app.location
+        web_app_dict['type'] = raw_web_app.type
+        web_app_dict['tags'] = raw_web_app.tags
+        web_app_dict['state'] = raw_web_app.state
+        web_app_dict['host_names'] = raw_web_app.host_names
+        web_app_dict['repository_site_name'] = raw_web_app.repository_site_name
+        web_app_dict['usage_state'] = raw_web_app.usage_state
+        web_app_dict['enabled'] = raw_web_app.enabled
+        web_app_dict['https_only'] = raw_web_app.https_only
+        web_app_dict['enabled_host_names'] = raw_web_app.enabled_host_names
+        web_app_dict['availability_state'] = raw_web_app.availability_state
+        web_app_dict['host_name_ssl_states'] = raw_web_app.host_name_ssl_states
+        web_app_dict['server_farm_id'] = raw_web_app.server_farm_id
+        web_app_dict['reserved'] = raw_web_app.reserved
+        web_app_dict['is_xenon'] = raw_web_app.is_xenon
+        web_app_dict['hyper_v'] = raw_web_app.hyper_v
+        web_app_dict['last_modified_time_utc'] = raw_web_app.last_modified_time_utc
+        web_app_dict['site_config'] = raw_web_app.site_config
+        web_app_dict['traffic_manager_host_names'] = raw_web_app.traffic_manager_host_names
+        web_app_dict['scm_site_also_stopped'] = raw_web_app.scm_site_also_stopped
+        web_app_dict['target_swap_slot'] = raw_web_app.target_swap_slot
+        web_app_dict['hosting_environment_profile'] = raw_web_app.hosting_environment_profile
+        web_app_dict['client_affinity_enabled'] = raw_web_app.client_affinity_enabled
+        web_app_dict['client_cert_enabled'] = raw_web_app.client_cert_enabled
+        web_app_dict['client_cert_exclusion_paths'] = raw_web_app.client_cert_exclusion_paths
+        web_app_dict['host_names_disabled'] = raw_web_app.host_names_disabled
+        web_app_dict['outbound_ip_addresses'] = raw_web_app.outbound_ip_addresses
+        web_app_dict['possible_outbound_ip_addresses'] = raw_web_app.possible_outbound_ip_addresses
+        web_app_dict['container_size'] = raw_web_app.container_size
+        web_app_dict['daily_memory_time_quota'] = raw_web_app.daily_memory_time_quota
+        web_app_dict['suspended_till'] = raw_web_app.suspended_till
+        web_app_dict['max_number_of_workers'] = raw_web_app.max_number_of_workers
+        web_app_dict['cloning_info'] = raw_web_app.cloning_info
+        web_app_dict['resource_group'] = raw_web_app.resource_group
+        web_app_dict['is_default_container'] = raw_web_app.is_default_container
+        web_app_dict['default_host_name'] = raw_web_app.default_host_name
+        web_app_dict['slot_swap_status'] = raw_web_app.slot_swap_status
+        web_app_dict['redundancy_mode'] = raw_web_app.redundancy_mode
+        web_app_dict['in_progress_operation_id'] = raw_web_app.in_progress_operation_id
+        web_app_dict['identity'] = raw_web_app.identity
+        web_app_dict['additional_properties'] = raw_web_app.additional_properties
+
+        if raw_web_app.config is not None:
+            web_app_dict['minimum_tls_version_supported'] = raw_web_app.config.min_tls_version
+            web_app_dict['http_2_enabled'] = raw_web_app.config.http20_enabled
+
+            # TODO handle this
+            if raw_web_app.config.net_framework_version:
+                web_app_dict['programming_language'] = 'dotnet'
+                web_app_dict['programming_language_version'] = raw_web_app.config.net_framework_version
+            elif raw_web_app.config.php_version:
+                web_app_dict['programming_language'] = 'php'
+                web_app_dict['programming_language_version'] = raw_web_app.config.php_version
+            elif raw_web_app.config.python_version:
+                web_app_dict['programming_language'] = 'python'
+                web_app_dict['programming_language_version'] = raw_web_app.config.python_version
+            elif raw_web_app.config.node_version:
+                web_app_dict['programming_language'] = 'node'
+                web_app_dict['programming_language_version'] = raw_web_app.config.node_version
+            elif raw_web_app.config.java_version:
+                web_app_dict['programming_language'] = 'java'
+                web_app_dict['programming_language_version'] = raw_web_app.config.java_version
+            else:
+                web_app_dict['programming_language'] = None
+                web_app_dict['programming_language_version'] = None
+
+            # TODO - write rules for this values
+            # web_app_dict[''] = raw_web_app.config.cors
+            # web_app_dict[''] = raw_web_app.config.http_logging_enabled
+            # web_app_dict[''] = raw_web_app.config.ftps_state
+            # also look at network configuration / IP security restrictions
+        else:
+            web_app_dict['minimum_tls_version_supported'] = None
+            web_app_dict['http_2_enabled'] = None
+            web_app_dict['programming_language'] = None
+            web_app_dict['programming_language_version'] = None
+
+        if raw_web_app.auth_settings is not None:
+            web_app_dict['authentication_enabled'] = raw_web_app.auth_settings.enabled
+        else:
+            web_app_dict['authentication_enabled'] = None
+
+        return web_app_dict['id'], web_app_dict
diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-authentication-disabled.json b/ScoutSuite/providers/azure/rules/findings/appservice-authentication-disabled.json
new file mode 100644
index 000000000..f5e95ee13
--- /dev/null
+++ b/ScoutSuite/providers/azure/rules/findings/appservice-authentication-disabled.json
@@ -0,0 +1,17 @@
+{
+    "description": "App Service Authentication Disabled",
+    "rationale": "<b>Description:</b><br><br>Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the API app, or authenticate those that have tokens before they reach the API app. If an anonymous request is received from a browser, App Service will redirect to a logon page. To handle the logon process, a choice from a set of identity providers can be made, or a custom authentication mechanism can be implemented.",
+    "remediation": "By Enabling App Service Authentication, every incoming HTTP request passes through it before being handled by the application code. It also handles authentication of users with the specified provider (Azure Active Directory, Facebook, Google, Microsoft Account, and Twitter), validation, storing and refreshing of tokens, managing the authenticated sessions and injecting identity information into request headers.",
+    "compliance": [
+        {"name": "CIS Microsoft Azure Foundations", "version": "1.1.0", "reference": "9.1"}
+    ],
+    "references": [
+        "https://docs.microsoft.com/en-us/azure/app-service/app-service-authentication-overview"
+    ],
+    "dashboard_name": "Web Apps",
+    "path": "appservice.subscriptions.id.web_apps.id",
+    "conditions": [ "and",
+        [ "appservice.subscriptions.id.web_apps.id.authentication_enabled", "false", "" ]
+    ],
+    "id_suffix": "authentication_enabled"
+}
diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-client-certificates-disabled.json b/ScoutSuite/providers/azure/rules/findings/appservice-client-certificates-disabled.json
new file mode 100644
index 000000000..e61317d02
--- /dev/null
+++ b/ScoutSuite/providers/azure/rules/findings/appservice-client-certificates-disabled.json
@@ -0,0 +1,17 @@
+{
+    "description": "Client Certificates Disabled",
+    "rationale": "<b>Description:</b><br><br>Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app. The TLS mutual authentication technique in enterprise environments ensures the authenticity of clients to the server. If incoming client certificates are enabled, then only an authenticated client who has valid certificates can access the app.",
+    "remediation": "Using Console:<ol><li>Login to Azure Portal using https://portal.azure.com</li><li>Go to \"App Services\"</li><li>Click on each App<li>Under \"Setting\", section, Click on \"SSL settings\",</li><li>Set \"Incoming client certificates\", to \"On\", under Protocol \"Settings\" section</li></ol>",
+    "compliance": [
+        {"name": "CIS Microsoft Azure Foundations", "version": "1.1.0", "reference": "9.4"}
+    ],
+    "references": [
+        "https://docs.microsoft.com/bs-latn-ba/azure/app-service/app-service-web-configure-tls-mutual-auth"
+    ],
+    "dashboard_name": "Web Apps",
+    "path": "appservice.subscriptions.id.web_apps.id",
+    "conditions": [ "and",
+        [ "appservice.subscriptions.id.web_apps.id.client_cert_enabled", "false", "" ]
+    ],
+    "id_suffix": "client_cert_enabled"
+}
diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-http-2-disabled.json b/ScoutSuite/providers/azure/rules/findings/appservice-http-2-disabled.json
new file mode 100644
index 000000000..a8267578f
--- /dev/null
+++ b/ScoutSuite/providers/azure/rules/findings/appservice-http-2-disabled.json
@@ -0,0 +1,17 @@
+{
+    "description": "HTTP 2.0 Disabled",
+    "rationale": "<b>Description:</b><br><br>Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version.<br><br>Newer versions may contain security enhancements and additional functionality. Using the latest version is recommended in order to take advantage of enhancements and new capabilities. With each software installation, organizations need to determine if a given update meets their requirements and also verify the compatibility and support provided for any additional software against the update revision that is selected.<br><br>HTTP 2.0 has additional performance improvements on the head-of-line blocking problem of old HTTP version, header compression, and prioritization of requests. HTTP 2.0 no longer supports HTTP 1.1's chunked transfer encoding mechanism, as it provides its own, more efficient, mechanisms for data streaming.",
+    "remediation": "Using Console:<ol><li>Login to Azure Portal using https://portal.azure.com</li><li>Go to \"App Services\"</li><li>Click on each App</li><li>Under \"Setting\" section, Click on \"Application settings\"</li><li>Ensure that \"HTTP Version\" set to \"2.0\" version under \"General settings\"</li></ol>",
+    "compliance": [
+        {"name": "CIS Microsoft Azure Foundations", "version": "1.1.0", "reference": "9.10"}
+    ],
+    "references": [
+        "https://docs.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings"
+    ],
+    "dashboard_name": "Web Apps",
+    "path": "appservice.subscriptions.id.web_apps.id",
+    "conditions": [ "and",
+        [ "appservice.subscriptions.id.web_apps.id.http_2_enabled", "false", "" ]
+    ],
+    "id_suffix": "http_2_enabled"
+}
diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-http-allowed.json b/ScoutSuite/providers/azure/rules/findings/appservice-http-allowed.json
new file mode 100644
index 000000000..2b9b077fd
--- /dev/null
+++ b/ScoutSuite/providers/azure/rules/findings/appservice-http-allowed.json
@@ -0,0 +1,17 @@
+{
+    "description": "HTTP Traffic Allowed",
+    "rationale": "<b>Description:</b><br><br>Azure Web Apps allows sites to run under both HTTP and HTTPS by default. Web apps can be accessed by anyone using non-secure HTTP links by default. Non-secure HTTP requests can be restricted and all HTTP requests redirected to the secure HTTPS port.",
+    "remediation": "It is recommended to enforce HTTPS-only traffic.",
+    "compliance": [
+        {"name": "CIS Microsoft Azure Foundations", "version": "1.1.0", "reference": "9.2"}
+    ],
+    "references": [
+        "https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-ssl#enforce-https"
+    ],
+    "dashboard_name": "Web Apps",
+    "path": "appservice.subscriptions.id.web_apps.id",
+    "conditions": [ "and",
+        [ "appservice.subscriptions.id.web_apps.id.https_only", "false", "" ]
+    ],
+    "id_suffix": "https_only"
+}
diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-managed-service-identities-disabled.json b/ScoutSuite/providers/azure/rules/findings/appservice-managed-service-identities-disabled.json
new file mode 100644
index 000000000..4ef560b12
--- /dev/null
+++ b/ScoutSuite/providers/azure/rules/findings/appservice-managed-service-identities-disabled.json
@@ -0,0 +1,18 @@
+{
+    "description": "Managed Service Identities Disabled",
+    "rationale": "<b>Description:</b><br><br>Managed service identity in App Service makes the app more secure by eliminating secrets from the app, such as credentials in the connection strings. When registering with Azure Active Directory in the app service, the app will connect to other Azure services securely without the need of username and passwords.",
+    "remediation": "Using Console:<ol><li>Login to Azure Portal using https://portal.azure.com</li><li>Go to \"App Services\"</li><li>Click on each App</li><li>Under the \"Setting\" section, Click on \"Identity\"</li><li>Ensure that \"Status\" set to On\"</li></ol>",
+    "compliance": [
+        {"name": "CIS Microsoft Azure Foundations", "version": "1.1.0", "reference": "9.5"}
+    ],
+    "references": [
+        "https://docs.microsoft.com/en-gb/azure/app-service/app-service-web-tutorial-connect-msi"
+    ],
+    "dashboard_name": "Web Apps",
+    "path": "appservice.subscriptions.id.web_apps.id",
+    "conditions": [ "and",
+        [ "appservice.subscriptions.id.web_apps.id.identity", "notNull", "" ],
+        [ "appservice.subscriptions.id.web_apps.id.identity.principal_id", "null", "" ]
+    ],
+    "id_suffix": "identity.managed_principal_id"
+}
diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-tls-v1-supported.json b/ScoutSuite/providers/azure/rules/findings/appservice-tls-v1-supported.json
new file mode 100644
index 000000000..e3d7c9ea7
--- /dev/null
+++ b/ScoutSuite/providers/azure/rules/findings/appservice-tls-v1-supported.json
@@ -0,0 +1,17 @@
+{
+    "description": "Unsafe TLS Version Supported",
+    "rationale": "<b>Description:</b><br><br>The TLS (Transport Layer Security) protocol secures transmission of data over the internet using standard encryption technology. Encryption should be set with the latest version of TLS. App Service allows TLS 1.2 by default, which is the recommended TLS level by industry standards, such as PCI DSS.",
+    "remediation": "App service currently allows the web app to set TLS versions 1.0, 1.1 and 1.2. It is highly recommended to use the latest TLS 1.2 version for web app secure connections.",
+    "compliance": [
+        {"name": "CIS Microsoft Azure Foundations", "version": "1.1.0", "reference": "9.3"}
+    ],
+    "references": [
+        "https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-ssl#enforce-tls-versions"
+    ],
+    "dashboard_name": "Web Apps",
+    "path": "appservice.subscriptions.id.web_apps.id",
+    "conditions": [ "and",
+        [ "appservice.subscriptions.id.web_apps.id.https_only", "false", "" ]
+    ],
+    "id_suffix": "minimum_tls_supported"
+}
diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-webapp-using-outdated-progamming-language-version.json b/ScoutSuite/providers/azure/rules/findings/appservice-webapp-using-outdated-progamming-language-version.json
new file mode 100644
index 000000000..60c472008
--- /dev/null
+++ b/ScoutSuite/providers/azure/rules/findings/appservice-webapp-using-outdated-progamming-language-version.json
@@ -0,0 +1,23 @@
+{
+    "description": "Web App not Using Latest Programming Language Version",
+    "rationale": "<b>Description:</b><br><br>",
+    "remediation": "",
+    "compliance": [
+        {"name": "CIS Microsoft Azure Foundations", "version": "1.1.0", "reference": "9.6"},
+        {"name": "CIS Microsoft Azure Foundations", "version": "1.1.0", "reference": "9.7"},
+        {"name": "CIS Microsoft Azure Foundations", "version": "1.1.0", "reference": "9.8"},
+        {"name": "CIS Microsoft Azure Foundations", "version": "1.1.0", "reference": "9.9"}
+    ],
+    "references": [
+        "https://docs.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings"
+    ],
+    "dashboard_name": "Web Apps",
+    "path": "appservice.subscriptions.id.web_apps.id",
+    "conditions": [ "and",
+        [ "or",
+            [ "appservice.subscriptions.id.web_apps.id.programming_language", "equal", "dotnet" ],
+            [ "appservice.subscriptions.id.web_apps.id.programming_language_version", "notEqual", "v4.0" ]
+        ]
+    ],
+    "id_suffix": "programming_language_version"
+}
diff --git a/ScoutSuite/providers/azure/services.py b/ScoutSuite/providers/azure/services.py
index 8faedd442..1fcc5992f 100644
--- a/ScoutSuite/providers/azure/services.py
+++ b/ScoutSuite/providers/azure/services.py
@@ -9,6 +9,7 @@
 from ScoutSuite.providers.azure.resources.storageaccounts.base import StorageAccounts
 from ScoutSuite.providers.azure.resources.virtualmachines.base import VirtualMachines
 from ScoutSuite.providers.base.services import BaseServicesConfig
+from ScoutSuite.providers.azure.resources.appservice.base import AppServices
 
 # Try to import proprietary services
 try:
@@ -19,10 +20,6 @@
     from ScoutSuite.providers.azure.resources.private_rediscache.base import RedisCaches
 except ImportError:
     pass
-try:
-    from ScoutSuite.providers.azure.resources.private_appservice.base import AppServices
-except ImportError:
-    pass
 try:
     from ScoutSuite.providers.azure.resources.private_loadbalancer.base import LoadBalancers
 except ImportError:
@@ -51,16 +48,13 @@ def __init__(self,
         self.keyvault = KeyVaults(facade)
         self.network = Networks(facade)
         self.virtualmachines = VirtualMachines(facade)
+        self.appservice = AppServices(facade)
 
         # Instantiate proprietary services
         try:
             self.appgateway = ApplicationGateways(facade)
         except NameError as _:
             pass
-        try:
-            self.appservice = AppServices(facade)
-        except NameError as _:
-            pass
         try:
             self.loadbalancer = LoadBalancers(facade)
         except NameError as _:

From e86de5ba1928cd55caa3426e23f7f0b740f9fbfc Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Sun, 23 Feb 2020 16:46:36 +0100
Subject: [PATCH 108/145] Update ruleset

---
 .../azure/rules/rulesets/default.json         | 42 +++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/ScoutSuite/providers/azure/rules/rulesets/default.json b/ScoutSuite/providers/azure/rules/rulesets/default.json
index b8b5c2e11..4c164aca3 100644
--- a/ScoutSuite/providers/azure/rules/rulesets/default.json
+++ b/ScoutSuite/providers/azure/rules/rulesets/default.json
@@ -7,6 +7,48 @@
                 "level": "warning"
             }
         ],
+        "appservice-authentication-disabled.json": [
+            {
+                "enabled": true,
+                "level": "warning"
+            }
+        ],
+        "appservice-client-certificates-disabled.json": [
+            {
+                "enabled": true,
+                "level": "warning"
+            }
+        ],
+        "appservice-http-2-disabled.json": [
+            {
+                "enabled": true,
+                "level": "warning"
+            }
+        ],
+        "appservice-http-allowed.json": [
+            {
+                "enabled": true,
+                "level": "danger"
+            }
+        ],
+        "appservice-managed-service-identities-disabled.json": [
+            {
+                "enabled": true,
+                "level": "warning"
+            }
+        ],
+        "appservice-tls-v1-supported.json": [
+            {
+                "enabled": true,
+                "level": "warning"
+            }
+        ],
+        "appservice-webapp-using-outdated-progamming-language-version.json": [
+            {
+                "enabled": true,
+                "level": "warning"
+            }
+        ],
         "network-security-groups-rule-inbound-internet-all.json": [
             {
                 "enabled": true,

From 4f57c99e35972f5da568f57702af537f5ffbc7f6 Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Sun, 23 Feb 2020 16:53:02 +0100
Subject: [PATCH 109/145] Disable WIP rule

---
 ...rvice-webapp-using-outdated-progamming-language-version.json | 2 +-
 ScoutSuite/providers/azure/rules/rulesets/default.json          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-webapp-using-outdated-progamming-language-version.json b/ScoutSuite/providers/azure/rules/findings/appservice-webapp-using-outdated-progamming-language-version.json
index 60c472008..368bd6f8b 100644
--- a/ScoutSuite/providers/azure/rules/findings/appservice-webapp-using-outdated-progamming-language-version.json
+++ b/ScoutSuite/providers/azure/rules/findings/appservice-webapp-using-outdated-progamming-language-version.json
@@ -1,5 +1,5 @@
 {
-    "description": "Web App not Using Latest Programming Language Version",
+    "description": "(WIP) Web App not Using Latest Programming Language Version",
     "rationale": "<b>Description:</b><br><br>",
     "remediation": "",
     "compliance": [
diff --git a/ScoutSuite/providers/azure/rules/rulesets/default.json b/ScoutSuite/providers/azure/rules/rulesets/default.json
index 4c164aca3..a234075b6 100644
--- a/ScoutSuite/providers/azure/rules/rulesets/default.json
+++ b/ScoutSuite/providers/azure/rules/rulesets/default.json
@@ -45,7 +45,7 @@
         ],
         "appservice-webapp-using-outdated-progamming-language-version.json": [
             {
-                "enabled": true,
+                "enabled": false,
                 "level": "warning"
             }
         ],

From 62598175e19de1956872eb263db206f869915837 Mon Sep 17 00:00:00 2001
From: "Alessandro.Gonzalez" <Alessandro.Gonzalez@nccgroup.com>
Date: Fri, 28 Feb 2020 15:35:06 +0000
Subject: [PATCH 110/145] Add metadata options

---
 ScoutSuite/providers/aws/metadata.json              | 3 +++
 ScoutSuite/providers/aws/resources/ec2/instances.py | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/ScoutSuite/providers/aws/metadata.json b/ScoutSuite/providers/aws/metadata.json
index 2dda7201d..92f2ae249 100644
--- a/ScoutSuite/providers/aws/metadata.json
+++ b/ScoutSuite/providers/aws/metadata.json
@@ -168,6 +168,9 @@
                         [ "match_instances_and_subnets_callback", {} ]
                     ]
                 },
+                "instance_metadata_options": {
+                    "path": "services.ec2.regions.id.vpcs.id.instance_metadata_options.private"
+                },
                 "security_groups": {
                     "cols": 2,
                     "path": "services.ec2.regions.id.vpcs.id.security_groups"
diff --git a/ScoutSuite/providers/aws/resources/ec2/instances.py b/ScoutSuite/providers/aws/resources/ec2/instances.py
index 3ab09aec5..11d5b3105 100644
--- a/ScoutSuite/providers/aws/resources/ec2/instances.py
+++ b/ScoutSuite/providers/aws/resources/ec2/instances.py
@@ -36,6 +36,8 @@ async def _parse_instance(self, raw_instance):
             get_keys(eni, nic, ['Association', 'Groups', 'PrivateIpAddresses', 'SubnetId', 'Ipv6Addresses'])
             instance['network_interfaces'][eni['NetworkInterfaceId']] = nic
 
+        instance['metadata_options'] = raw_instance['MetadataOptions']
+
         return id, instance
 
     @staticmethod

From 764253caa09d7efaaf49dcbf4e72fb1ecb4b21be Mon Sep 17 00:00:00 2001
From: "Alessandro.Gonzalez" <Alessandro.Gonzalez@nccgroup.com>
Date: Fri, 28 Feb 2020 15:58:07 +0000
Subject: [PATCH 111/145] Add metadata to instances partial

---
 .../aws/services.ec2.regions.id.vpcs.id.instances.html   | 9 +++++++++
 ScoutSuite/providers/aws/metadata.json                   | 3 ---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.instances.html b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.instances.html
index b8938f510..80b34ff37 100644
--- a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.instances.html
+++ b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.instances.html
@@ -48,6 +48,15 @@ <h5 id="ec2.regions.{{region}}.vpcs.{{vpc}}.instances.{{@key}}.potential_secrets
             {{/if}}
         </div>
         {{/if}}
+        {{#if metadata_options}}
+        <div class="list-group-item">
+            <h4>Metadata Options</h4>
+            <ul id="ec2.regions.{{region}}.vpcs.{{vpc}}.instances.{{@key}}.metadata_options">
+                <li>Endpoint: {{metadata_options.HttpEndpoint}}</li>
+                <li>HTTP Tokens: {{metadata_options.HttpTokens}}</li>
+            </ul>
+        </div>
+        {{/if}}
     </script>
     <script>
       Handlebars.registerPartial("services.ec2.regions.id.vpcs.id.instances", $("#services\\.ec2\\.regions\\.id\\.vpcs\\.id\\.instances\\.partial").html());
diff --git a/ScoutSuite/providers/aws/metadata.json b/ScoutSuite/providers/aws/metadata.json
index 92f2ae249..2dda7201d 100644
--- a/ScoutSuite/providers/aws/metadata.json
+++ b/ScoutSuite/providers/aws/metadata.json
@@ -168,9 +168,6 @@
                         [ "match_instances_and_subnets_callback", {} ]
                     ]
                 },
-                "instance_metadata_options": {
-                    "path": "services.ec2.regions.id.vpcs.id.instance_metadata_options.private"
-                },
                 "security_groups": {
                     "cols": 2,
                     "path": "services.ec2.regions.id.vpcs.id.security_groups"

From 5f63b5405a2f445b42e69ee2662c709709bef37f Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Fri, 28 Feb 2020 17:38:28 +0100
Subject: [PATCH 112/145] Fix yet another Rob error

---
 ScoutSuite/providers/azure/facade/securitycenter.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/ScoutSuite/providers/azure/facade/securitycenter.py b/ScoutSuite/providers/azure/facade/securitycenter.py
index 7ca3a77a7..1e7ae6a45 100644
--- a/ScoutSuite/providers/azure/facade/securitycenter.py
+++ b/ScoutSuite/providers/azure/facade/securitycenter.py
@@ -15,9 +15,13 @@ def get_client(self, subscription_id: str):
     async def get_pricings(self, subscription_id: str):
         try:
             client = self.get_client(subscription_id)
-            return await run_concurrently(
-                lambda: client.pricings.list().value
+            pricings_list = await run_concurrently(
+                lambda: client.pricings.list()
             )
+            if hasattr(pricings_list, 'value'):
+                return pricings_list.value
+            else:
+                return []
         except Exception as e:
             print_exception('Failed to retrieve pricings: {}'.format(e))
             return []

From ac9349f2809dfdd992798c4d1e7b1e203bde53ca Mon Sep 17 00:00:00 2001
From: Xavier Garceau-Aranda <xavier.garceau-aranda@nccgroup.com>
Date: Sun, 1 Mar 2020 17:12:11 +0100
Subject: [PATCH 113/145] Improve partial

---
 ...ices.ec2.regions.id.vpcs.id.instances.html | 35 ++++++++++---------
 1 file changed, 18 insertions(+), 17 deletions(-)

diff --git a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.instances.html b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.instances.html
index 80b34ff37..1ec325fc5 100644
--- a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.instances.html
+++ b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.instances.html
@@ -6,17 +6,17 @@ <h4 class="list-group-item-heading">{{name}}</h4>
         <div class="list-group-item">
             <h4>Information</h4>
             <ul>
-                <li class="list-group-item-text">Region: {{region}}</li>
-                <li class="list-group-item-text">VPC: {{getValueAt 'services.ec2.regions' region 'vpcs' vpc 'name'}} ({{vpc}})</li>
-                <li class="list-group-item-text">ID: {{id}}</li>
-                <li class="list-group-item-text">Reservation ID: {{reservation_id}}</li>
+                <li class="list-group-item-text">ID: <samp>{{id}}</samp></li>
+                <li class="list-group-item-text">Region: <samp>{{region}}</samp></li>
+                <li class="list-group-item-text">VPC: <samp>{{getValueAt 'services.ec2.regions' region 'vpcs' vpc 'name'}} ({{vpc}})</samp></li>
+                <li class="list-group-item-text">Reservation ID: <samp>{{reservation_id}}</samp></li>
                 <li class="list-group-item-text">Monitoring: <span id="ec2.regions.{{region}}.vpcs.{{vpc}}.instances.{{@key}}.monitoring_disabled">{{convert_bool_to_enabled monitoring_enabled}}</span></li>
-                <li class="list-group-item-text">Access Key name: {{KeyName}}</li>
-                <li class="list-group-item-text">State: {{makeTitle State.Name}}</li>
+                <li class="list-group-item-text">Access Key Name: <samp>{{KeyName}}</samp></li>
+                <li class="list-group-item-text">State: <samp>{{makeTitle State.Name}}</samp></li>
                 <li class="list-group-item-text">Instance Type:
-                    <span id="services.ec2.regions.vpcs.instances-unscannable-instance-types-{{id}}"> {{InstanceType}}<span>
+                    <span id="services.ec2.regions.vpcs.instances-unscannable-instance-types-{{id}}"> <samp>{{InstanceType}}</samp></span>
                 </li>
-                <li class="list-group-item-text">Up since: {{LaunchTime}}</li>
+                <li class="list-group-item-text">Up Since: {{format_date LaunchTime}}</li>
             </ul>
         </div>
         <div class="list-group-item" style="padding-bottom: 0 !important;">
@@ -25,6 +25,15 @@ <h4>Network interfaces</h4>
                 {{> network_interface region = ../region vpc = ../vpc network_interface = @../key}}
             {{/each}}
         </div>
+        {{#if metadata_options}}
+        <div class="list-group-item">
+            <h4>Metadata Options</h4>
+            <ul id="ec2.regions.{{region}}.vpcs.{{vpc}}.instances.{{@key}}.metadata_options">
+                <li>Endpoint: <samp>{{metadata_options.HttpEndpoint}}</samp></li>
+                <li>HTTP Tokens: <samp>{{metadata_options.HttpTokens}}</samp></li>
+            </ul>
+        </div>
+        {{/if}}
         {{#if user_data}}
         <div class="list-group-item" style="padding-bottom: 0 !important;">
             <h4>User data</h4>
@@ -32,6 +41,7 @@ <h4>User data</h4>
                 <code>{{#each (split_lines user_data)}}   {{this}}<br>{{/each}}</code>
             </div>
             {{#if user_data_secrets}}
+            <br>
             <h5 id="ec2.regions.{{region}}.vpcs.{{vpc}}.instances.{{@key}}.potential_secrets">Potential Secrets</h5>
             <ul>
                 {{#each user_data_secrets}}
@@ -48,15 +58,6 @@ <h5 id="ec2.regions.{{region}}.vpcs.{{vpc}}.instances.{{@key}}.potential_secrets
             {{/if}}
         </div>
         {{/if}}
-        {{#if metadata_options}}
-        <div class="list-group-item">
-            <h4>Metadata Options</h4>
-            <ul id="ec2.regions.{{region}}.vpcs.{{vpc}}.instances.{{@key}}.metadata_options">
-                <li>Endpoint: {{metadata_options.HttpEndpoint}}</li>
-                <li>HTTP Tokens: {{metadata_options.HttpTokens}}</li>
-            </ul>
-        </div>
-        {{/if}}
     </script>
     <script>
       Handlebars.registerPartial("services.ec2.regions.id.vpcs.id.instances", $("#services\\.ec2\\.regions\\.id\\.vpcs\\.id\\.instances\\.partial").html());

From bfe7c4be63e3d3c15ae974685cdf14962e5cbb89 Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Thu, 5 Mar 2020 17:54:51 +0100
Subject: [PATCH 114/145] Fix https://github.com/nccgroup/ScoutSuite/issues/618

---
 .../findings/sqldatabase-databases-auditing-low-retention.json   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-auditing-low-retention.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-auditing-low-retention.json
index 6a43ed446..ee80396a6 100644
--- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-auditing-low-retention.json
+++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-auditing-low-retention.json
@@ -5,6 +5,7 @@
     "path": "sqldatabase.subscriptions.id.servers.id.databases.id",
     "display_path": "sqldatabase.subscriptions.id.servers.id",
     "conditions": [ "and",
+        [ "sqldatabase.subscriptions.id.servers.id.databases.id.auditing.retention_days", "notEqual", "0" ],
         [ "sqldatabase.subscriptions.id.servers.id.databases.id.auditing.retention_days", "lessThan", "_ARG_0_" ]
     ],
     "id_suffix": "db_low_auditing_retention"

From 35f70c7a1382b4dd036c25cd45820715679f0fd8 Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Thu, 5 Mar 2020 18:06:41 +0100
Subject: [PATCH 115/145] Improve implementation

---
 .../azure/resources/sqldatabase/servers.py     | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/servers.py b/ScoutSuite/providers/azure/resources/sqldatabase/servers.py
index 5ffc83632..b6259d979 100644
--- a/ScoutSuite/providers/azure/resources/sqldatabase/servers.py
+++ b/ScoutSuite/providers/azure/resources/sqldatabase/servers.py
@@ -22,14 +22,9 @@ def __init__(self, facade: AzureFacade, subscription_id: str):
         self.subscription_id = subscription_id
 
     async def fetch_all(self):
-        for server in await self.facade.sqldatabase.get_servers(self.subscription_id):
-            id = get_non_provider_id(server.id)
-            resource_group_name = get_resource_group_name(server.id)
-            self[id] = {
-                'id': id,
-                'name': server.name,
-                'resource_group_name': resource_group_name
-            }
+        for raw_server in await self.facade.sqldatabase.get_servers(self.subscription_id):
+            id, server = self._parse_server(raw_server)
+            self[id] = server
 
         await self._fetch_children_of_all_resources(
             resources=self,
@@ -38,3 +33,10 @@ async def fetch_all(self):
                                 'subscription_id': self.subscription_id}
                     for (server_id, server) in self.items()}
         )
+
+    def _parse_server(self, raw_server):
+        server = {}
+        server['id'] = get_non_provider_id(raw_server.id)
+        server['name'] = raw_server.name
+        server['resource_group_name'] = get_resource_group_name(raw_server.id)
+        return server['id'], server

From ec331494828988e991e3120011a2912e896a3042 Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Thu, 5 Mar 2020 18:17:51 +0100
Subject: [PATCH 116/145] Fix for
 https://github.com/nccgroup/ScoutSuite/issues/619

---
 .../services.sqldatabase.subscriptions.id.servers.html      | 4 ++--
 ScoutSuite/providers/azure/facade/sqldatabase.py            | 6 +++---
 .../resources/sqldatabase/server_azure_ad_administrators.py | 6 +-----
 .../sqldatabase-servers-no-ad-admin-configured.json         | 4 ++--
 4 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html b/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html
index ef219a699..5b5c52c4e 100644
--- a/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html
+++ b/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html
@@ -7,7 +7,7 @@ <h4 class="list-group-item-heading">{{name}}</h4>
     <div class="list-group-item">
         <h4 class="list-group-item-heading">Information</h4>
         <div class="list-group-item-text item-margin">SQL Server Name: <span id="sqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.name">{{name}}</span></div>
-        <div class="list-group-item-text item-margin">Azure Active Directory admin configured: <span id="sqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.ad_admin_configured">{{ad_admin_configured}}</span></div>
+        <div class="list-group-item-text item-margin">Azure Active Directory Admin: <span id="sqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.ad_admin"><samp>{{value_or_none ad_admin.login}}</samp></span></div>
         <div class="list-group-item-text item-margin">Auditing: <span id="sqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.server_auditing_disabled">{{ convert_bool_to_enabled auditing.auditing_enabled }}</span></div>
         <div class="list-group-item-text item-margin">Auditing retention period: <span id="sqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.server_low_auditing_retention">{{ auditing.retention_days }}</span></div>
         <div class="list-group-item-text item-margin">Threat detection: <span id="sqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.server_threat_detection_disabled">{{ convert_bool_to_enabled threat_detection.threat_detection_enabled }}</span></div>
@@ -29,7 +29,7 @@ <h4 class="list-group-item-heading">SQL Databases</h4>
                 <div class="list-group-item-text item-margin">Send threat detection alerts: <span id="sqldatabase.servers.{{@../key}}.databases.{{@key}}.db_send_threat_detection_alerts_disabled">{{ convert_bool_to_enabled threat_detection.send_alerts_enabled }}</span></div>
                 <div class="list-group-item-text item-margin">Threat detection retention period: <span id="sqldatabase.servers.{{@../key}}.databases.{{@key}}.db_low_threat_detection_retention">{{ threat_detection.retention_days }}</span></div>
                 <div class="list-group-item-text item-margin">Transparent data encryption: <span id="sqldatabase.servers.{{@../key}}.databases.{{@key}}.transparent_data_encryption_enabled">{{ convert_bool_to_enabled transparent_data_encryption_enabled }}</span></div>
-                <div class="list-group-item-text item-margin">Geo-replication configured: <span id="sqldatabase.servers.{{@../key}}.databases.{{@key}}.replication_configured">{{ replication_configured }}</span></div>
+                <div class="list-group-item-text item-margin">Geo-replication configured: <span id="sqldatabase.servers.{{@../key}}.databases.{{@key}}.replication_configured"><samp>{{ replication_configured }}</samp></span></div>
             </div>
         {{/each}}
         </div>
diff --git a/ScoutSuite/providers/azure/facade/sqldatabase.py b/ScoutSuite/providers/azure/facade/sqldatabase.py
index e7f3f70c2..0c297e2ed 100644
--- a/ScoutSuite/providers/azure/facade/sqldatabase.py
+++ b/ScoutSuite/providers/azure/facade/sqldatabase.py
@@ -62,13 +62,13 @@ async def get_server_azure_ad_administrators(self, resource_group_name, server_n
                 lambda: client.server_azure_ad_administrators.get(resource_group_name, server_name)
             )
         except CloudError as e:
-            # No ad admin configured returns a 404 error:
+            # No AD admin configured returns a 404 error:
             if e.status_code != 404:
                 print_exception('Failed to retrieve server azure ad administrators: {}'.format(e))
+            return None
         except Exception as e:
             print_exception('Failed to retrieve server azure ad administrators: {}'.format(e))
-        finally:
-            return []
+            return None
 
     async def get_server_blob_auditing_policies(self, resource_group_name, server_name, subscription_id: str):
         try:
diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/server_azure_ad_administrators.py b/ScoutSuite/providers/azure/resources/sqldatabase/server_azure_ad_administrators.py
index 18ce4c698..4bcd79da0 100644
--- a/ScoutSuite/providers/azure/resources/sqldatabase/server_azure_ad_administrators.py
+++ b/ScoutSuite/providers/azure/resources/sqldatabase/server_azure_ad_administrators.py
@@ -11,9 +11,5 @@ def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: s
         self.subscription_id = subscription_id
 
     async def fetch_all(self):
-        raw_ad_admins = await self.facade.sqldatabase.get_server_azure_ad_administrators(
+        self['ad_admin'] = await self.facade.sqldatabase.get_server_azure_ad_administrators(
             self.resource_group_name, self.server_name, self.subscription_id)
-        if len(raw_ad_admins) > 0:
-            self['ad_admin_configured'] = True
-        else:
-            self['ad_admin_configured'] = False
diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-ad-admin-configured.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-ad-admin-configured.json
index 07b4073a6..ebc9d63aa 100644
--- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-ad-admin-configured.json
+++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-ad-admin-configured.json
@@ -5,7 +5,7 @@
     "path": "sqldatabase.subscriptions.id.servers.id",
     "display_path": "sqldatabase.subscriptions.id.servers.id",
     "conditions": [ "and",
-        [ "sqldatabase.subscriptions.id.servers.id.ad_admin_configured", "false", "" ]
+        [ "sqldatabase.subscriptions.id.servers.id.ad_admin", "null", "" ]
     ],
-    "id_suffix": "ad_admin_configured"
+    "id_suffix": "ad_admin"
 }
\ No newline at end of file

From 77fe16df9d18eac6dd670a86f3fedf387d804193 Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Thu, 5 Mar 2020 18:32:06 +0100
Subject: [PATCH 117/145] Fix for
 https://github.com/nccgroup/ScoutSuite/issues/655

---
 ScoutSuite/providers/gcp/facade/base.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py
index 8d817e7f7..e07475399 100644
--- a/ScoutSuite/providers/gcp/facade/base.py
+++ b/ScoutSuite/providers/gcp/facade/base.py
@@ -99,12 +99,12 @@ async def _get_projects_recursively(self, parent_type, parent_id):
             projects_group = resourcemanager_client.projects()
 
             if parent_type == 'project':
-                request = resourcemanager_client.projects().list(filter='id:%s' % parent_id)
+                request = resourcemanager_client.projects().list(filter='id:"%s"' % parent_id)
             elif parent_type == 'all':
                 request = resourcemanager_client.projects().list()
             # get parent children projects
             else:
-                request = resourcemanager_client.projects().list(filter='parent.id:%s' % parent_id)
+                request = resourcemanager_client.projects().list(filter='parent.id:"%s"' % parent_id)
 
                 # get parent children projects in children folders recursively
                 folder_request = resourcemanager_client_v2.folders().list(parent='%ss/%s' % (parent_type, parent_id))

From 59f63163dabd6d8a5f817236c24895b28ee84d69 Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Thu, 5 Mar 2020 18:47:58 +0100
Subject: [PATCH 118/145] Upgrade status

---
 setup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.py b/setup.py
index 0aa5608a1..86ac876f0 100644
--- a/setup.py
+++ b/setup.py
@@ -48,7 +48,7 @@
     install_requires=requirements,
     license='GNU General Public License v2 (GPLv2)',
     classifiers=[
-        'Development Status :: 4 - Beta',
+        'Development Status :: 5 - Production/Stable',
         'Intended Audience :: Developers',
         'Intended Audience :: Information Technology',
         'Intended Audience :: System Administrators',

From a38a736c08b5e13c0125a17b7077a981adb59ca3 Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Thu, 12 Mar 2020 16:55:00 +0100
Subject: [PATCH 119/145] Minor formatting change

---
 ScoutSuite/providers/aws/provider.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py
index fee5482a4..4c114b446 100644
--- a/ScoutSuite/providers/aws/provider.py
+++ b/ScoutSuite/providers/aws/provider.py
@@ -102,8 +102,7 @@ def _add_cidr_display_name(self, ip_ranges, ip_ranges_name_key):
             callback_args = {'ip_ranges': ip_ranges,
                              'ip_ranges_name_key': ip_ranges_name_key}
             self._go_to_and_do(self.services['ec2'],
-                               ['regions', 'vpcs', 'security_groups',
-                                'rules', 'protocols', 'ports'],
+                               ['regions', 'vpcs', 'security_groups', 'rules', 'protocols', 'ports'],
                                ['services', 'ec2'],
                                put_cidr_name,
                                callback_args)

From b6010893c13cefd88bad18715f4a850481dac179 Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Thu, 12 Mar 2020 16:55:13 +0100
Subject: [PATCH 120/145] Fix for
 https://github.com/nccgroup/ScoutSuite/issues/629

---
 ScoutSuite/providers/aws/resources/vpc/base.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ScoutSuite/providers/aws/resources/vpc/base.py b/ScoutSuite/providers/aws/resources/vpc/base.py
index 09acfb5ce..a35c3cc9d 100644
--- a/ScoutSuite/providers/aws/resources/vpc/base.py
+++ b/ScoutSuite/providers/aws/resources/vpc/base.py
@@ -27,7 +27,7 @@ def __init__(self, facade: AWSFacade):
 # TODO: move these helpers elsewhere:
 
 
-def put_cidr_name(aws_config, current_config, path, current_path, resource_id, callback_args):
+def put_cidr_name(current_config, path, current_path, resource_id, callback_args):
     """Add a display name for all known CIDRs."""
 
     if 'cidrs' in current_config:

From 76648c78e7d2d6f56fd7ee11a3b5d3baccf8213d Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Thu, 12 Mar 2020 17:59:04 +0100
Subject: [PATCH 121/145] Fix filter implementation (broken in refactoring)

---
 ScoutSuite/__main__.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ScoutSuite/__main__.py b/ScoutSuite/__main__.py
index 8e58dfcfb..5a70f236d 100644
--- a/ScoutSuite/__main__.py
+++ b/ScoutSuite/__main__.py
@@ -284,6 +284,7 @@ async def _run(provider,
     print_info('Applying display filters')
     filter_rules = Ruleset(cloud_provider=cloud_provider.provider_code,
                            environment_name=cloud_provider.environment,
+                           filename='filters.json',
                            rule_type='filters',
                            account_id=cloud_provider.account_id)
     processing_engine = ProcessingEngine(filter_rules)

From eef3d6bba28336465ae9c3ef2d69af5963d7b904 Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Fri, 13 Mar 2020 09:50:54 +0100
Subject: [PATCH 122/145] Fix rule

---
 .../rules/{findings => filters}/s3-bucket-website-enabled.json  | 2 ++
 1 file changed, 2 insertions(+)
 rename ScoutSuite/providers/aws/rules/{findings => filters}/s3-bucket-website-enabled.json (71%)

diff --git a/ScoutSuite/providers/aws/rules/findings/s3-bucket-website-enabled.json b/ScoutSuite/providers/aws/rules/filters/s3-bucket-website-enabled.json
similarity index 71%
rename from ScoutSuite/providers/aws/rules/findings/s3-bucket-website-enabled.json
rename to ScoutSuite/providers/aws/rules/filters/s3-bucket-website-enabled.json
index 5e1eced1b..321cbfa87 100644
--- a/ScoutSuite/providers/aws/rules/findings/s3-bucket-website-enabled.json
+++ b/ScoutSuite/providers/aws/rules/filters/s3-bucket-website-enabled.json
@@ -2,7 +2,9 @@
     "dashboard_name": "Buckets",
     "description": "Bucket with static website enabled",
     "path": "s3.buckets.id",
+    "display_path": "s3.buckets.id",
     "conditions": [ "and",
+        [ "s3.buckets.id", "withKey", "web_hosting_enabled" ],
         [ "s3.buckets.id.web_hosting_enabled", "true", "" ]
     ],
     "id_suffix": "web_hosting_enabled"

From 29038ce4f25ebe821f8259b2b26cdbf05fd1eb92 Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Fri, 13 Mar 2020 11:56:53 +0100
Subject: [PATCH 123/145] Remove finding from ruleset

---
 ScoutSuite/providers/aws/rules/rulesets/default.json  | 6 ------
 ScoutSuite/providers/aws/rules/rulesets/detailed.json | 6 ------
 2 files changed, 12 deletions(-)

diff --git a/ScoutSuite/providers/aws/rules/rulesets/default.json b/ScoutSuite/providers/aws/rules/rulesets/default.json
index df659b2ca..196c06b2b 100644
--- a/ScoutSuite/providers/aws/rules/rulesets/default.json
+++ b/ScoutSuite/providers/aws/rules/rulesets/default.json
@@ -850,12 +850,6 @@
                 "level": "warning"
             }
         ],
-        "s3-bucket-website-enabled.json": [
-            {
-                "enabled": false,
-                "level": "warning"
-            }
-        ],
         "s3-bucket-world-acl.json": [
             {
                 "args": [
diff --git a/ScoutSuite/providers/aws/rules/rulesets/detailed.json b/ScoutSuite/providers/aws/rules/rulesets/detailed.json
index deace41a0..c5eed6879 100644
--- a/ScoutSuite/providers/aws/rules/rulesets/detailed.json
+++ b/ScoutSuite/providers/aws/rules/rulesets/detailed.json
@@ -871,12 +871,6 @@
                 "level": "warning"
             }
         ],
-        "s3-bucket-website-enabled.json": [
-            {
-                "enabled": false,
-                "level": "warning"
-            }
-        ],
         "s3-bucket-world-acl.json": [
             {
                 "args": [

From d85e3a6ad96c7aa7a70e4ce56f495fa48191cc58 Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Fri, 13 Mar 2020 19:48:46 +0100
Subject: [PATCH 124/145] Remove WIP code

---
 .../azure/authentication_strategy.py          |  7 ++---
 ScoutSuite/providers/azure/facade/aad.py      | 27 -------------------
 2 files changed, 2 insertions(+), 32 deletions(-)

diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py
index 57edaa1d8..c9dafe784 100644
--- a/ScoutSuite/providers/azure/authentication_strategy.py
+++ b/ScoutSuite/providers/azure/authentication_strategy.py
@@ -14,12 +14,11 @@
 class AzureCredentials:
 
     def __init__(self,
-                 arm_credentials, aad_graph_credentials, microsoft_graph_credentials,
+                 arm_credentials, aad_graph_credentials,
                  tenant_id=None, default_subscription_id=None):
 
         self.arm_credentials = arm_credentials  # Azure Resource Manager API credentials
         self.aad_graph_credentials = aad_graph_credentials  # Azure AD Graph API credentials
-        self.microsoft_graph_credentials = microsoft_graph_credentials  # Microsoft Graph API credentials
         self.tenant_id = tenant_id
         self.default_subscription_id = default_subscription_id
 
@@ -68,8 +67,6 @@ def authenticate(self,
                 arm_credentials = UserPassCredentials(username, password)
                 aad_graph_credentials = UserPassCredentials(username, password,
                                                         resource='https://graph.windows.net')
-                microsoft_graph_credentials = UserPassCredentials(username, password,
-                                                                  resource='https://graph.microsoft.com/')
 
             elif user_account_browser:
 
@@ -161,7 +158,7 @@ def authenticate(self,
             else:
                 raise AuthenticationException('Unknown authentication method')
 
-            return AzureCredentials(arm_credentials, aad_graph_credentials, microsoft_graph_credentials,
+            return AzureCredentials(arm_credentials, aad_graph_credentials,
                                     tenant_id, subscription_id)
 
         except Exception as e:
diff --git a/ScoutSuite/providers/azure/facade/aad.py b/ScoutSuite/providers/azure/facade/aad.py
index 3c4c783bd..c3ca003a8 100644
--- a/ScoutSuite/providers/azure/facade/aad.py
+++ b/ScoutSuite/providers/azure/facade/aad.py
@@ -12,29 +12,6 @@ def __init__(self, credentials):
         self._client = GraphRbacManagementClient(credentials.aad_graph_credentials,
                                                  tenant_id=credentials.get_tenant_id())
 
-        self._microsoft_graph_session = requests.Session()
-        self._microsoft_graph_session.headers.update(
-            {'Authorization': 'Bearer {}'.format(credentials.microsoft_graph_credentials.token['access_token']),
-             'User-Agent': 'scout-suite',
-             'Accept': 'application/json',
-             'Content-Type': 'application/json',
-             'SdkVersion': 'scout-suite',
-             'return-client-request-id': 'true'})
-
-    async def _get_microsoft_graph_response(self, api_resource, api_version='v1.0'):
-        endpoint = 'https://graph.microsoft.com/{}/{}'.format(api_version, api_resource)
-        http_headers = {'client-request-id': str(uuid.uuid4())}
-        try:
-            response = self._microsoft_graph_session.get(endpoint, headers=http_headers, stream=False)
-            if response.status_code == 200:
-                return response.json()
-            else:
-                print_exception('Failed to query Microsoft Graph endpoint \"{}\": status code {}'.
-                                format(api_resource, response.status_code))
-        except Exception as e:
-            print_exception('Failed to query Microsoft Graph endpoint \"{}\": {}'.format(api_resource, e))
-            return {}
-
     async def get_users(self):
         try:
             return await run_concurrently(lambda: list(self._client.users.list()))
@@ -49,10 +26,6 @@ async def get_groups(self):
             print_exception('Failed to retrieve groups: {}'.format(e))
             return []
 
-    async def get_group_details(self, group_id):
-        response = await self._get_microsoft_graph_response('groups/{}'.format(group_id))
-        return response
-
     async def get_user_groups(self, user_id):
         try:
             return await run_concurrently(lambda: list(

From 77c33f73ee8e71b91c6a6fa530928b1d3bff20c2 Mon Sep 17 00:00:00 2001
From: Juan Jose <juanjofs@gmail.com>
Date: Mon, 16 Mar 2020 10:25:38 +0100
Subject: [PATCH 125/145] Added all findings

---
 .coveragerc                                   |   0
 .flake8                                       |   0
 .github/ISSUE_TEMPLATE/bug_report.md          |   0
 .github/ISSUE_TEMPLATE/feature_request.md     |   0
 .github/PULL_REQUEST_TEMPLATE.md              |   0
 .gitignore                                    |   0
 .travis.yml                                   |   0
 CODE_OF_CONDUCT.md                            |   0
 CONTRIBUTING.md                               |   0
 Dockerfile                                    |   0
 LICENSE                                       |   0
 MANIFEST.in                                   |   0
 README.md                                     |   0
 ScoutSuite/__init__.py                        |   0
 ScoutSuite/__main__.py                        | 181 +++++++++---------
 ScoutSuite/core/__init__.py                   |   0
 ScoutSuite/core/cli_parser.py                 |   5 +
 ScoutSuite/core/conditions.py                 |   0
 ScoutSuite/core/console.py                    |   0
 ScoutSuite/core/exceptions.py                 |   0
 ScoutSuite/core/fs.py                         |   0
 ScoutSuite/core/processingengine.py           |   0
 ScoutSuite/core/rule.py                       |   0
 ScoutSuite/core/rule_definition.py            |   0
 ScoutSuite/core/ruleset.py                    |   0
 ScoutSuite/core/server.py                     |   0
 ScoutSuite/core/utils.py                      |   0
 ScoutSuite/data/aws/ip-ranges/aws-in-ec2.json |   0
 ScoutSuite/data/aws/ip-ranges/aws-in-us.json  |   0
 ScoutSuite/data/aws/ip-ranges/aws.json        |   0
 ScoutSuite/data/icmp_message_types.json       |   0
 ScoutSuite/data/protocols.json                |   0
 ScoutSuite/output/__init__.py                 |   0
 .../data/html/conditionals/json_format.html   |   0
 .../data/html/conditionals/sqlite_format.html |   0
 .../data/html/partials/about_scoutsuite.html  |   0
 .../output/data/html/partials/accordion.html  |   0
 .../data/html/partials/accordion_policy.html  |   0
 .../aliyun/left_menu_for_aliyun_region.html   |   0
 .../aliyun/services.actiontrail.trails.html   |   0
 .../services.ecs.regions.id.instances.html    |   0
 .../aliyun/services.kms.regions.id.keys.html  |   0
 .../partials/aliyun/services.oss.buckets.html |   0
 .../partials/aliyun/services.ram.groups.html  |   0
 .../aliyun/services.ram.policies.html         |   0
 .../partials/aliyun/services.ram.roles.html   |   0
 .../partials/aliyun/services.ram.users.html   |   0
 .../services.rds.regions.id.instances.html    |   0
 .../aliyun/services.vpc.regions.id.vpcs.html  |   0
 .../partials/aws/left_menu_for_region.html    |   0
 .../html/partials/aws/left_menu_for_vpc.html  |   0
 .../services.acm.regions.id.certificates.html |   0
 ...rvices.awslambda.regions.id.functions.html |   0
 ...ices.cloudformation.regions.id.stacks.html |   0
 .../aws/services.cloudtrail.regions.html      |   0
 ...services.cloudtrail.regions.id.trails.html |   0
 ...services.cloudwatch.regions.id.alarms.html |   0
 .../partials/aws/services.config.regions.html |   0
 .../services.config.regions.id.recorders.html |   0
 .../aws/services.config.regions.id.rules.html |   0
 .../services.ec2.regions.id.snapshots.html    |   0
 .../aws/services.ec2.regions.id.volumes.html  |   0
 ...ervices.ec2.regions.id.vpcs.id.images.html |   0
 ...ices.ec2.regions.id.vpcs.id.instances.html |   0
 ...c2.regions.id.vpcs.id.security_groups.html |   0
 ...ns.vpcs.security_groups.resource_list.html |   0
 ...egions.vpcs.security_groups.rule_list.html |   0
 ...asticache.regions.id.parameter_groups.html |   0
 ...lasticache.regions.id.security_groups.html |   0
 ....elasticache.regions.id.subnet_groups.html |   0
 ...asticache.regions.id.vpcs.id.clusters.html |   0
 .../services.elb.regions.id.elb_policies.html |   0
 .../services.elb.regions.id.vpcs.id.elbs.html |   0
 ...ions.id.vpcs.id.elbs.linked_resources.html |   0
 ....elb.regions.id.vpcs.id.elbs.listener.html |   0
 ....regions.id.vpcsid.elbs.linked_policy.html |   0
 ...services.elbv2.regions.id.vpcs.id.lbs.html |   0
 ...vices.emr.regions.id.vpcs.id.clusters.html |   0
 .../aws/services.iam.credential_reports.html  |   0
 .../partials/aws/services.iam.groups.html     |   0
 .../aws/services.iam.inline_policies.html     |   0
 .../aws/services.iam.managed_policies.html    |   0
 .../services.iam.managed_policies_list.html   |   0
 .../html/partials/aws/services.iam.roles.html |   0
 .../html/partials/aws/services.iam.users.html |   0
 .../aws/services.kms.regions.id.keys.html     |   0
 ...vices.rds.regions.id.parameter_groups.html |   0
 ...rvices.rds.regions.id.security_groups.html |   0
 ...ices.rds.regions.id.vpcs.id.instances.html |   0
 ...ices.rds.regions.id.vpcs.id.snapshots.html |   0
 ....rds.regions.id.vpcs.id.subnet_groups.html |   0
 ....redshift.regions.id.parameter_groups.html |   0
 ....redshift.regions.id.vpcs.id.clusters.html |   0
 ...ft.regions.id.vpcs.id.security_groups.html |   0
 ...s.redshift.regions.vpcs.cluster_nodes.html |   0
 .../services.route53.regions.id.domains.html  |   0
 ...vices.route53.regions.id.hosted_zones.html |   0
 .../html/partials/aws/services.s3.acls.html   |   0
 .../aws/services.s3.bucket_iam_policies.html  |   0
 .../partials/aws/services.s3.buckets.html     |   0
 .../aws/services.s3.buckets.objects.html      |   0
 ...ces.secretsmanager.regions.id.secrets.html |   0
 .../services.ses.regions.id.identities.html   |   0
 .../aws/services.sns.regions.id.topics.html   |   0
 .../aws/services.sqs.regions.id.queues.html   |   0
 .../services.stackdriverlogging.sinks.html    |   0
 ...es.vpc.regions.id.peering_connections.html |   0
 .../aws/services.vpc.regions.id.vpcs.html     |   0
 ...ices.vpc.regions.id.vpcs.id.flow_logs.html |   0
 ...s.vpc.regions.id.vpcs.id.network_acls.html |   0
 ...egions.id.vpcs.id.peering_connections.html |   0
 ...rvices.vpc.regions.id.vpcs.id.subnets.html |   0
 .../azure/details_for_subscription.html       |   0
 .../azure/left_menu_for_subscription.html     |   0
 .../azure/services.aad.applications.html      |   0
 .../partials/azure/services.aad.groups.html   |   0
 .../services.aad.service_principals.html      |   0
 .../partials/azure/services.aad.users.html    |   0
 ....appservice.subscriptions.id.web_apps.html |   0
 .../services.arm.subscriptions.id.roles.html  |   0
 ...ices.keyvault.subscriptions.id.vaults.html |   0
 ...ptions.id.application_security_groups.html |   0
 ...k.subscriptions.id.network_interfaces.html |   0
 ...work.subscriptions.id.security_groups.html |   0
 ...ork.subscriptions.id.virtual_networks.html |   0
 ...ptions.id.virtual_networks.id.subnets.html |   0
 ...ces.network.subscriptions.id.watchers.html |   0
 ...iptions.id.auto_provisioning_settings.html |   0
 ...uritycenter.subscriptions.id.pricings.html |   0
 ...er.subscriptions.id.security_contacts.html |   0
 ....sqldatabase.subscriptions.id.servers.html |   0
 ...nts.subscriptions.id.storage_accounts.html |   0
 ...almachines.subscriptions.id.instances.html |   0
 .../data/html/partials/count_badge.html       |   0
 .../output/data/html/partials/dashboard.html  |   0
 .../output/data/html/partials/details.html    |   0
 .../html/partials/details_for_region.html     |   0
 .../data/html/partials/details_for_vpc.html   |   0
 .../output/data/html/partials/ec2_grants.html |   0
 .../output/data/html/partials/filters.html    |   0
 .../partials/gcp/details_for_gcp_region.html  |   0
 .../partials/gcp/details_for_gcp_zone.html    |   0
 .../partials/gcp/details_for_project.html     |   0
 .../gcp/left_menu_for_gcp_region.html         |   0
 .../partials/gcp/left_menu_for_gcp_zone.html  |   0
 .../partials/gcp/left_menu_for_project.html   |   0
 ...dresourcemanager.projects.id.bindings.html |   0
 ...oudresourcemanager.projects.id.groups.html |   0
 ...loudresourcemanager.projects.id.users.html |   0
 ...rvices.cloudsql.projects.id.instances.html |   0
 ...ices.cloudstorage.projects.id.buckets.html |   0
 ...s.computeengine.projects.id.firewalls.html |   0
 ...es.computeengine.projects.id.networks.html |   0
 ...ne.projects.id.regions.id.subnetworks.html |   0
 ...s.computeengine.projects.id.snapshots.html |   0
 ...engine.projects.id.zones.id.instances.html |   0
 ...ices.iam.projects.id.service_accounts.html |   0
 .../services.kms.projects.id.keyrings.html    |   0
 ....stackdriverlogging.projects.id.sinks.html |   0
 .../data/html/partials/generic_object.html    |   0
 .../output/data/html/partials/ip_grants.html  |   0
 .../data/html/partials/last_run_details.html  |   0
 .../output/data/html/partials/left_menu.html  |   0
 .../output/data/html/partials/metadata.html   |   0
 .../output/data/html/partials/modal.html      |   0
 .../data/html/partials/network_interface.html |   0
 .../oci/services.identity.groups.html         |   0
 .../oci/services.identity.policies.html       |   0
 .../partials/oci/services.identity.users.html |   0
 .../partials/oci/services.kms.keyvaults.html  |   0
 .../oci/services.objectstorage.buckets.html   |   0
 .../output/data/html/partials/policy.html     |   0
 .../data/html/partials/resource_link.html     |   0
 .../data/html/partials/resources_details.html |   0
 .../output/data/html/partials/singles.html    |   0
 ScoutSuite/output/data/html/report.html       |   0
 .../aliyun/services.ram.password_policy.html  |   0
 .../aliyun/services.ram.security_policy.html  |   0
 .../data/html/summaries/attack_surface.html   |   0
 .../services.ec2.external_attack_surface.html |   0
 .../services.elb.external_attack_surface.html |   0
 ...ervices.elbv2.external_attack_surface.html |   0
 .../aws/services.iam.password_policy.html     |   0
 .../aws/services.iam.permissions.html         |   0
 .../services.rds.external_attack_surface.html |   0
 ...ices.redshift.external_attack_surface.html |   0
 .../output/data/html/summaries/azure/.keep    |   0
 .../output/data/html/summaries/gcp/.keep      |   0
 .../services.identity.password_policy.html    |   0
 ...ute.summaries.external_attack_surface.html |   0
 ...ase.summaries.external_attack_surface.html |   0
 .../output/data/inc-scoutsuite/css/modal.css  |   0
 .../inc-scoutsuite/css/scoutsuite-dark.css    |   0
 .../inc-scoutsuite/css/scoutsuite-light.css   |   0
 .../data/inc-scoutsuite/css/scoutsuite.css    |   0
 .../output/data/inc-scoutsuite/favicon.ico    | Bin
 .../output/data/inc-scoutsuite/helpers.js     |   0
 .../output/data/inc-scoutsuite/pagination.js  |   0
 .../output/data/inc-scoutsuite/provider.js    |   0
 .../output/data/inc-scoutsuite/scoutsuite.js  |   0
 .../output/data/inc-scoutsuite/sqlite.js      |   0
 .../output/data/inc-scoutsuite/theme.js       |   0
 ScoutSuite/output/data/includes.zip           | Bin
 ...regions.id.vpcs.id.security_groups.id.json |   0
 ScoutSuite/output/html.py                     |   0
 ScoutSuite/output/result_encoder.py           |   0
 ScoutSuite/output/utils.py                    |   0
 ScoutSuite/providers/__init__.py              |   0
 ScoutSuite/providers/aliyun/__init__.py       |   0
 .../aliyun/authentication_strategy.py         |   0
 .../providers/aliyun/facade/__init__.py       |   0
 .../providers/aliyun/facade/actiontrail.py    |   0
 ScoutSuite/providers/aliyun/facade/base.py    |   0
 ScoutSuite/providers/aliyun/facade/ecs.py     |   0
 ScoutSuite/providers/aliyun/facade/kms.py     |   0
 ScoutSuite/providers/aliyun/facade/oss.py     |   0
 ScoutSuite/providers/aliyun/facade/ram.py     |   0
 ScoutSuite/providers/aliyun/facade/rds.py     |   0
 ScoutSuite/providers/aliyun/facade/utils.py   |   0
 ScoutSuite/providers/aliyun/facade/vpc.py     |   0
 ScoutSuite/providers/aliyun/metadata.json     |   0
 ScoutSuite/providers/aliyun/provider.py       |   0
 .../providers/aliyun/resources/__init__.py    |   0
 .../aliyun/resources/actiontrail/__init__.py  |   0
 .../aliyun/resources/actiontrail/base.py      |   0
 .../aliyun/resources/actiontrail/trails.py    |   0
 ScoutSuite/providers/aliyun/resources/base.py |   0
 .../aliyun/resources/ecs/__init__.py          |   0
 .../providers/aliyun/resources/ecs/base.py    |   0
 .../aliyun/resources/ecs/instances.py         |   0
 .../aliyun/resources/kms/__init__.py          |   0
 .../providers/aliyun/resources/kms/base.py    |   0
 .../providers/aliyun/resources/kms/keys.py    |   0
 .../aliyun/resources/oss/__init__.py          |   0
 .../providers/aliyun/resources/oss/base.py    |   0
 .../providers/aliyun/resources/oss/buckets.py |   0
 .../aliyun/resources/ram/__init__.py          |   0
 .../aliyun/resources/ram/api_keys.py          |   0
 .../providers/aliyun/resources/ram/base.py    |   0
 .../providers/aliyun/resources/ram/groups.py  |   0
 .../aliyun/resources/ram/password_policy.py   |   0
 .../aliyun/resources/ram/policies.py          |   0
 .../providers/aliyun/resources/ram/roles.py   |   0
 .../aliyun/resources/ram/security_policy.py   |   0
 .../providers/aliyun/resources/ram/users.py   |   0
 .../aliyun/resources/rds/__init__.py          |   0
 .../providers/aliyun/resources/rds/base.py    |   0
 .../aliyun/resources/rds/instances.py         |   0
 .../providers/aliyun/resources/regions.py     |   0
 .../aliyun/resources/vpc/__init__.py          |   0
 .../providers/aliyun/resources/vpc/base.py    |   0
 .../providers/aliyun/resources/vpc/vpcs.py    |   0
 .../findings/actiontrail-not-configured.json  |   0
 .../findings/actiontrail-not-enabled.json     |   0
 ...nce-with-deletion-protection-disabled.json |   0
 .../findings/ecs-instance-with-public-ip.json |   0
 .../rules/findings/kms-no-key-rotation.json   |   0
 ...-password-policy-expiration-threshold.json |   0
 .../ram-password-policy-minimum-length.json   |   0
 .../ram-password-policy-no-expiration.json    |   0
 ...password-policy-no-lowercase-required.json |   0
 ...am-password-policy-no-number-required.json |   0
 ...am-password-policy-no-symbol-required.json |   0
 ...password-policy-no-uppercase-required.json |   0
 .../ram-password-policy-reuse-enabled.json    |   0
 .../rules/findings/ram-user-lacking-mfa.json  |   0
 .../findings/ram-user-unused-api-key.json     |   0
 .../ram-user-unused-console-password.json     |   0
 .../ram-user-with-multiple-api-keys.json      |   0
 .../findings/ram-user-with-old-api-key.json   |   0
 .../aliyun/rules/rulesets/default.json        |   0
 .../aliyun/rules/rulesets/filters.json        |   0
 ScoutSuite/providers/aliyun/services.py       |   0
 ScoutSuite/providers/aliyun/utils.py          |   0
 ScoutSuite/providers/aws/__init__.py          |   0
 .../providers/aws/authentication_strategy.py  |   0
 ScoutSuite/providers/aws/facade/__init__.py   |   0
 ScoutSuite/providers/aws/facade/acm.py        |   0
 ScoutSuite/providers/aws/facade/awslambda.py  |   0
 ScoutSuite/providers/aws/facade/base.py       |   0
 ScoutSuite/providers/aws/facade/basefacade.py |   0
 .../providers/aws/facade/cloudformation.py    |   0
 ScoutSuite/providers/aws/facade/cloudtrail.py |   0
 ScoutSuite/providers/aws/facade/cloudwatch.py |   0
 ScoutSuite/providers/aws/facade/config.py     |   0
 .../providers/aws/facade/directconnect.py     |   0
 ScoutSuite/providers/aws/facade/ec2.py        |   0
 ScoutSuite/providers/aws/facade/efs.py        |   0
 .../providers/aws/facade/elasticache.py       |   0
 ScoutSuite/providers/aws/facade/elb.py        |   0
 ScoutSuite/providers/aws/facade/elbv2.py      |   0
 ScoutSuite/providers/aws/facade/emr.py        |   0
 ScoutSuite/providers/aws/facade/iam.py        |   0
 ScoutSuite/providers/aws/facade/kms.py        |   0
 ScoutSuite/providers/aws/facade/rds.py        |   0
 ScoutSuite/providers/aws/facade/redshift.py   |   0
 ScoutSuite/providers/aws/facade/route53.py    |   0
 ScoutSuite/providers/aws/facade/s3.py         |   0
 .../providers/aws/facade/secretsmanager.py    |   0
 ScoutSuite/providers/aws/facade/ses.py        |   0
 ScoutSuite/providers/aws/facade/sns.py        |   0
 ScoutSuite/providers/aws/facade/sqs.py        |   0
 ScoutSuite/providers/aws/facade/utils.py      |   0
 ScoutSuite/providers/aws/metadata.json        |   0
 ScoutSuite/providers/aws/provider.py          |   0
 .../providers/aws/resources/__init__.py       |   0
 .../providers/aws/resources/acm/__init__.py   |   0
 .../providers/aws/resources/acm/base.py       |   0
 .../aws/resources/acm/certificates.py         |   0
 .../aws/resources/awslambda/__init__.py       |   0
 .../providers/aws/resources/awslambda/base.py |   0
 .../aws/resources/awslambda/functions.py      |   0
 ScoutSuite/providers/aws/resources/base.py    |   0
 .../aws/resources/cloudformation/__init__.py  |   0
 .../aws/resources/cloudformation/base.py      |   0
 .../aws/resources/cloudformation/stacks.py    |   0
 .../aws/resources/cloudtrail/__init__.py      |   0
 .../aws/resources/cloudtrail/base.py          |   0
 .../aws/resources/cloudtrail/trails.py        |   0
 .../aws/resources/cloudwatch/__init__.py      |   0
 .../aws/resources/cloudwatch/alarms.py        |   0
 .../aws/resources/cloudwatch/base.py          |   0
 .../aws/resources/config/__init__.py          |   0
 .../providers/aws/resources/config/base.py    |   0
 .../aws/resources/config/recorders.py         |   0
 .../providers/aws/resources/config/rules.py   |   0
 .../aws/resources/directconnect/__init__.py   |   0
 .../aws/resources/directconnect/base.py       |   0
 .../resources/directconnect/connections.py    |   0
 .../providers/aws/resources/ec2/__init__.py   |   0
 ScoutSuite/providers/aws/resources/ec2/ami.py |   0
 .../providers/aws/resources/ec2/base.py       |   0
 .../providers/aws/resources/ec2/instances.py  |   0
 .../aws/resources/ec2/networkinterfaces.py    |   0
 .../aws/resources/ec2/securitygroups.py       |   0
 .../providers/aws/resources/ec2/snapshots.py  |   0
 .../providers/aws/resources/ec2/volumes.py    |   0
 .../providers/aws/resources/ec2/vpcs.py       |   0
 .../providers/aws/resources/efs/__init__.py   |   0
 .../providers/aws/resources/efs/base.py       |   0
 .../aws/resources/efs/filesystems.py          |   0
 .../aws/resources/elasticache/__init__.py     |   0
 .../aws/resources/elasticache/base.py         |   0
 .../aws/resources/elasticache/cluster.py      |   0
 .../resources/elasticache/parametergroups.py  |   0
 .../resources/elasticache/securitygroups.py   |   0
 .../aws/resources/elasticache/subnetgroups.py |   0
 .../aws/resources/elasticache/vpcs.py         |   0
 .../providers/aws/resources/elb/__init__.py   |   0
 .../providers/aws/resources/elb/base.py       |   0
 .../aws/resources/elb/load_balancers.py       |   0
 .../providers/aws/resources/elb/policies.py   |   0
 .../providers/aws/resources/elb/vpcs.py       |   0
 .../providers/aws/resources/elbv2/__init__.py |   0
 .../providers/aws/resources/elbv2/base.py     |   0
 .../aws/resources/elbv2/listeners.py          |   0
 .../aws/resources/elbv2/load_balancers.py     |   0
 .../providers/aws/resources/elbv2/vpcs.py     |   0
 .../providers/aws/resources/emr/__init__.py   |   0
 .../providers/aws/resources/emr/base.py       |   0
 .../providers/aws/resources/emr/clusters.py   |   0
 .../providers/aws/resources/emr/vpcs.py       |   0
 .../providers/aws/resources/iam/__init__.py   |   0
 .../providers/aws/resources/iam/base.py       |   0
 .../aws/resources/iam/credentialreports.py    |   0
 .../providers/aws/resources/iam/groups.py     |   0
 .../aws/resources/iam/passwordpolicy.py       |   0
 .../providers/aws/resources/iam/policies.py   |   0
 .../providers/aws/resources/iam/roles.py      |   0
 .../providers/aws/resources/iam/users.py      |   0
 .../providers/aws/resources/kms/__init__.py   |   0
 .../providers/aws/resources/kms/aliases.py    |   0
 .../providers/aws/resources/kms/base.py       |   0
 .../providers/aws/resources/kms/grants.py     |   0
 .../providers/aws/resources/kms/keys.py       |   0
 .../providers/aws/resources/rds/__init__.py   |   0
 .../providers/aws/resources/rds/base.py       |   0
 .../providers/aws/resources/rds/instances.py  |   0
 .../aws/resources/rds/parametergroups.py      |   0
 .../aws/resources/rds/securitygroups.py       |   0
 .../providers/aws/resources/rds/snapshots.py  |   0
 .../aws/resources/rds/subnetgroups.py         |   0
 .../providers/aws/resources/rds/vpcs.py       |   0
 .../aws/resources/redshift/__init__.py        |   0
 .../providers/aws/resources/redshift/base.py  |   0
 .../redshift/cluster_parameter_groups.py      |   0
 .../resources/redshift/cluster_parameters.py  |   0
 .../redshift/cluster_security_groups.py       |   0
 .../aws/resources/redshift/clusters.py        |   0
 .../providers/aws/resources/redshift/vpcs.py  |   0
 ScoutSuite/providers/aws/resources/regions.py |   0
 .../aws/resources/route53/__init__.py         |   0
 .../providers/aws/resources/route53/base.py   |   0
 .../aws/resources/route53/domains.py          |   0
 .../aws/resources/route53/hosted_zones.py     |   0
 .../providers/aws/resources/s3/__init__.py    |   0
 ScoutSuite/providers/aws/resources/s3/base.py |   0
 .../providers/aws/resources/s3/buckets.py     |   0
 .../aws/resources/secretsmanager/__init__.py  |   0
 .../aws/resources/secretsmanager/base.py      |   0
 .../aws/resources/secretsmanager/secrets.py   |   0
 .../providers/aws/resources/ses/__init__.py   |   0
 .../providers/aws/resources/ses/base.py       |   0
 .../providers/aws/resources/ses/identities.py |   0
 .../aws/resources/ses/identity_policies.py    |   0
 .../providers/aws/resources/sns/__init__.py   |   0
 .../providers/aws/resources/sns/base.py       |   0
 .../aws/resources/sns/subscriptions.py        |   0
 .../providers/aws/resources/sns/topics.py     |   0
 .../providers/aws/resources/sqs/__init__.py   |   0
 .../providers/aws/resources/sqs/base.py       |   0
 .../providers/aws/resources/sqs/queues.py     |   0
 .../providers/aws/resources/vpc/__init__.py   |   0
 .../providers/aws/resources/vpc/base.py       |   0
 .../providers/aws/resources/vpc/flow_logs.py  |   0
 .../aws/resources/vpc/network_acls.py         |   0
 .../aws/resources/vpc/peering_connections.py  |   0
 .../providers/aws/resources/vpc/subnets.py    |   0
 .../providers/aws/resources/vpc/vpcs.py       |   0
 ScoutSuite/providers/aws/resources/vpcs.py    |   0
 .../aws/rules/conditions/cidr-is-all.json     |   0
 .../conditions/ec2-security-group-in-use.json |   0
 .../ec2-security-group-not-used.json          |   0
 .../conditions/instance-with-open-nacls.json  |   0
 .../conditions/instance-with-public-ip.json   |   0
 .../conditions/ip-not-in-private-space.json   |   0
 .../policy-statement-any-principal.json       |   0
 .../policy-statement-poor-condition.json      |   0
 .../security-group-opens-all-ports.json       |   0
 .../filters/ec2-instance-with-open-nacls.json |   0
 ...security-group-with-public-cidr-grant.json |   0
 .../filters/iam-role-for-aws-account.json     |   0
 .../rules/filters/iam-role-for-service.json   |   0
 ...ertificate-with-close-expiration-date.json |   0
 ...te-with-transparency-logging-disabled.json |   0
 .../cloudformation-stack-with-role.json       |   0
 ...il-duplicated-global-services-logging.json |   0
 .../findings/cloudtrail-no-data-logging.json  |   0
 ...cloudtrail-no-global-services-logging.json |   0
 .../cloudtrail-no-log-file-validation.json    |   0
 .../rules/findings/cloudtrail-no-logging.json |   0
 .../findings/cloudtrail-not-configured.json   |   0
 .../cloudwatch-alarm-without-actions.json     |   0
 .../config-recorder-not-configured.json       |   0
 .../aws/rules/findings/ec2-ami-public.json    |   0
 .../ec2-default-security-group-in-use.json    |   0
 ...ec2-default-security-group-with-rules.json |   0
 .../ec2-ebs-snapshot-not-encrypted.json       |   0
 .../findings/ec2-ebs-snapshot-public.json     |   0
 .../ec2-ebs-volume-not-encrypted.json         |   0
 .../ec2-instance-in-security-group.json       |   0
 .../aws/rules/findings/ec2-instance-type.json |   0
 .../rules/findings/ec2-instance-types.json    |   0
 .../findings/ec2-instance-with-public-ip.json |   0
 .../ec2-instance-with-user-data-secrets.json  |   0
 ...security-group-opens-all-ports-to-all.json |   0
 ...ecurity-group-opens-all-ports-to-self.json |   0
 .../ec2-security-group-opens-all-ports.json   |   0
 .../ec2-security-group-opens-icmp-to-all.json |   0
 ...ecurity-group-opens-known-port-to-all.json |   0
 ...2-security-group-opens-plaintext-port.json |   0
 .../ec2-security-group-opens-port-range.json  |   0
 .../ec2-security-group-opens-port-to-all.json |   0
 ...-whitelists-aws-ip-from-banned-region.json |   0
 .../ec2-security-group-whitelists-aws.json    |   0
 ...rity-group-whitelists-non-elastic-ips.json |   0
 ...security-group-whitelists-unknown-aws.json |   0
 ...curity-group-whitelists-unknown-cidrs.json |   0
 .../findings/ec2-unused-security-group.json   |   0
 .../rules/findings/elb-no-access-logs.json    |   0
 .../rules/findings/elbv2-no-access-logs.json  |   0
 .../elbv2-no-deletion-protection.json         |   0
 .../findings/elbv2-older-ssl-policy.json      |   0
 ...assume-role-lacks-external-id-and-mfa.json |   0
 .../findings/iam-assume-role-no-mfa.json      |   0
 .../iam-assume-role-policy-allows-all.json    |   0
 .../iam-ec2-role-without-instances.json       |   0
 .../iam-group-with-inline-policies.json       |   0
 .../findings/iam-group-with-no-users.json     |   0
 .../iam-human-user-with-policies.json         |   0
 .../iam-inline-policy-allows-NotActions.json  |   0
 ...m-inline-policy-allows-non-sts-action.json |   0
 .../findings/iam-inline-policy-for-role.json  |   0
 .../iam-managed-policy-allows-NotActions.json |   0
 ...-managed-policy-allows-non-sts-action.json |   0
 .../findings/iam-managed-policy-for-role.json |   0
 .../iam-managed-policy-no-attachments.json    |   0
 ...-password-policy-expiration-threshold.json |   0
 ...am-password-policy-lowercase-required.json |   0
 .../iam-password-policy-minimum-length.json   |   0
 .../iam-password-policy-no-expiration.json    |   0
 ...password-policy-no-lowercase-required.json |   0
 ...am-password-policy-no-number-required.json |   0
 ...am-password-policy-no-symbol-required.json |   0
 ...password-policy-no-uppercase-required.json |   0
 .../iam-password-policy-reuse-enabled.json    |   0
 .../iam-role-with-inline-policies.json        |   0
 .../findings/iam-root-account-no-mfa.json     |   0
 .../iam-root-account-used-recently.json       |   0
 .../iam-root-account-with-active-certs.json   |   0
 .../iam-root-account-with-active-keys.json    |   0
 .../iam-service-user-with-password.json       |   0
 .../findings/iam-user-no-key-rotation.json    |   0
 .../iam-user-not-in-category-group.json       |   0
 .../iam-user-not-in-common-group.json         |   0
 .../iam-user-with-multiple-access-keys.json   |   0
 .../iam-user-with-password-and-key.json       |   0
 .../findings/iam-user-with-policies.json      |   0
 .../rules/findings/iam-user-without-mfa.json  |   0
 .../rds-instance-backup-disabled.json         |   0
 ...ds-instance-ca-certificate-deprecated.json |   0
 .../rds-instance-no-minor-upgrade.json        |   0
 ...nstance-short-backup-retention-period.json |   0
 .../findings/rds-instance-single-az.json      |   0
 .../rds-instance-storage-not-encrypted.json   |   0
 ...res-instance-with-invalid-certificate.json |   0
 .../rds-security-group-allows-all.json        |   0
 .../rules/findings/rds-snapshot-public.json   |   0
 ...dshift-cluster-database-not-encrypted.json |   0
 .../redshift-cluster-no-version-upgrade.json  |   0
 .../redshift-cluster-publicly-accessible.json |   0
 ...hift-parameter-group-logging-disabled.json |   0
 ...hift-parameter-group-ssl-not-required.json |   0
 ...edshift-security-group-whitelists-all.json |   0
 .../findings/route53-domain-no-autorenew.json |   0
 .../route53-domain-no-transferlock.json       |   0
 ...53-domain-transferlock-not-authorized.json |   0
 .../s3-bucket-allowing-cleartext.json         |   0
 .../s3-bucket-no-default-encryption.json      |   0
 .../rules/findings/s3-bucket-no-logging.json  |   0
 .../findings/s3-bucket-no-mfa-delete.json     |   0
 .../findings/s3-bucket-no-versioning.json     |   0
 .../findings/s3-bucket-website-enabled.json   |   0
 .../rules/findings/s3-bucket-world-acl.json   |   0
 .../findings/s3-bucket-world-policy-arg.json  |   0
 .../findings/s3-bucket-world-policy-star.json |   0
 .../ses-identity-dkim-not-enabled.json        |   0
 .../ses-identity-dkim-not-verified.json       |   0
 .../findings/ses-identity-world-policy.json   |   0
 .../findings/sns-topic-world-policy.json      |   0
 .../findings/sqs-queue-world-policy.json      |   0
 .../vpc-custom-network-acls-allow-all.json    |   0
 .../vpc-default-network-acls-allow-all.json   |   0
 .../findings/vpc-network-acl-not-used.json    |   0
 .../findings/vpc-subnet-with-bad-acls.json    |   0
 .../vpc-subnet-with-default-acls.json         |   0
 .../findings/vpc-subnet-without-flow-log.json |   0
 .../aws/rules/rulesets/cis-1.0.0.json         |   0
 .../providers/aws/rules/rulesets/default.json |   0
 .../aws/rules/rulesets/detailed.json          |   0
 .../providers/aws/rules/rulesets/filters.json |   0
 ScoutSuite/providers/aws/services.py          |   0
 ScoutSuite/providers/aws/utils.py             |   0
 ScoutSuite/providers/azure/__init__.py        |   0
 .../azure/authentication_strategy.py          |   0
 ScoutSuite/providers/azure/facade/__init__.py |   0
 ScoutSuite/providers/azure/facade/aad.py      |   0
 .../providers/azure/facade/appservice.py      |   0
 ScoutSuite/providers/azure/facade/arm.py      |   0
 ScoutSuite/providers/azure/facade/base.py     |   0
 ScoutSuite/providers/azure/facade/keyvault.py |   0
 ScoutSuite/providers/azure/facade/network.py  |   0
 .../providers/azure/facade/securitycenter.py  |   0
 .../providers/azure/facade/sqldatabase.py     |   0
 .../providers/azure/facade/storageaccounts.py |   0
 .../providers/azure/facade/virtualmachines.py |   0
 ScoutSuite/providers/azure/metadata.json      |   0
 ScoutSuite/providers/azure/provider.py        |   0
 .../providers/azure/resources/__init__.py     |   0
 .../providers/azure/resources/aad/__init__.py |   0
 .../azure/resources/aad/applications.py       |   0
 .../providers/azure/resources/aad/base.py     |   0
 .../providers/azure/resources/aad/groups.py   |   0
 .../azure/resources/aad/serviceprincipals.py  |   0
 .../providers/azure/resources/aad/users.py    |   0
 .../azure/resources/appservice/base.py        |   0
 .../azure/resources/appservice/web_apps.py    |   0
 .../providers/azure/resources/arm/__init__.py |   0
 .../providers/azure/resources/arm/base.py     |   0
 .../azure/resources/arm/role_assignments.py   |   0
 .../providers/azure/resources/arm/roles.py    |   0
 ScoutSuite/providers/azure/resources/base.py  |   0
 .../azure/resources/keyvault/__init__.py      |   0
 .../azure/resources/keyvault/base.py          |   0
 .../azure/resources/keyvault/vaults.py        |   0
 .../azure/resources/monitor/__init__.py       |   0
 .../azure/resources/network/__init__.py       |   0
 .../network/application_security_groups.py    |   0
 .../providers/azure/resources/network/base.py |   0
 .../resources/network/network_interfaces.py   |   0
 .../resources/network/security_groups.py      |   0
 .../resources/network/virtual_networks.py     |   0
 .../azure/resources/network/watchers.py       |   0
 .../resources/securitycenter/__init__.py      |   0
 .../auto_provisioning_settings.py             |   0
 .../azure/resources/securitycenter/base.py    |   0
 .../information_protection_policies.py        |   0
 .../resources/securitycenter/pricings.py      |   0
 .../securitycenter/security_contacts.py       |   0
 .../resources/securitycenter/settings.py      |   0
 .../azure/resources/sqldatabase/__init__.py   |   0
 .../azure/resources/sqldatabase/base.py       |   0
 .../database_blob_auditing_policies.py        |   0
 .../database_threat_detection_policies.py     |   0
 .../azure/resources/sqldatabase/databases.py  |   0
 .../sqldatabase/replication_links.py          |   0
 .../server_azure_ad_administrators.py         |   0
 .../server_blob_auditing_policies.py          |   0
 .../server_security_alert_policies.py         |   0
 .../azure/resources/sqldatabase/servers.py    |   0
 .../transparent_data_encryptions.py           |   0
 .../resources/storageaccounts/__init__.py     |   0
 .../azure/resources/storageaccounts/base.py   |   0
 .../storageaccounts/blob_containers.py        |   0
 .../storageaccounts/storage_accounts.py       |   0
 .../azure/resources/subscriptions.py          |   0
 .../resources/virtualmachines/__init__.py     |   0
 .../azure/resources/virtualmachines/base.py   |   0
 .../resources/virtualmachines/instances.py    |   0
 .../azure/rules/conditions/allow-tcp.json     |   0
 .../conditions/exposed-to-the-internet.json   |   0
 .../azure/rules/findings/aad-guest-users.json |   0
 .../appservice-authentication-disabled.json   |   0
 ...pservice-client-certificates-disabled.json |   0
 .../findings/appservice-http-2-disabled.json  |   0
 .../findings/appservice-http-allowed.json     |   0
 ...e-managed-service-identities-disabled.json |   0
 .../findings/appservice-tls-v1-supported.json |   0
 ...-outdated-progamming-language-version.json |   0
 ...rity-groups-rule-inbound-internet-all.json |   0
 ...-security-groups-rule-inbound-service.json |   0
 .../findings/network-watcher-not-enabled.json |   0
 .../network-watcher-not-provisioned.json      |   0
 .../securitycenter-auto-provisioning-off.json |   0
 ...enter-security-contacts-email-not-set.json |   0
 ...contacts-no-admin-email-notifications.json |   0
 ...urity-contacts-no-email-notifications.json |   0
 ...uritycenter-security-contacts-not-set.json |   0
 ...enter-security-contacts-phone-not-set.json |   0
 ...uritycenter-standard-tier-not-enabled.json |   0
 ...base-databases-auditing-low-retention.json |   0
 .../sqldatabase-databases-no-auditing.json    |   0
 ...atabase-databases-no-threat-detection.json |   0
 ...abases-no-transparent-data-encryption.json |   0
 ...ases-threat-detection-disabled-alerts.json |   0
 ...abases-threat-detection-low-retention.json |   0
 ...threat-detection-send-alerts-disabled.json |   0
 ...tabase-servers-auditing-low-retention.json |   0
 ...tabase-servers-no-ad-admin-configured.json |   0
 .../sqldatabase-servers-no-auditing.json      |   0
 ...ldatabase-servers-no-threat-detection.json |   0
 ...vers-threat-detection-disabled-alerts.json |   0
 ...ervers-threat-detection-low-retention.json |   0
 ...threat-detection-send-alerts-disabled.json |   0
 ...torageaccount-access-keys-not-rotated.json |   0
 ...geaccount-account-allowing-clear-text.json |   0
 .../storageaccount-public-blob-container.json |   0
 ...ageaccount-trusted-microsoft-services.json |   0
 .../azure/rules/rulesets/cis-1.0.0.json       |   0
 .../azure/rules/rulesets/default.json         |   0
 .../azure/rules/rulesets/filters.json         |   0
 ScoutSuite/providers/azure/services.py        |   0
 ScoutSuite/providers/azure/utils.py           |   0
 ScoutSuite/providers/base/__init__.py         |   0
 .../providers/base/authentication_strategy.py |   0
 .../base/authentication_strategy_factory.py   |   0
 ScoutSuite/providers/base/configs/__init__.py |   0
 ScoutSuite/providers/base/configs/browser.py  |   0
 ScoutSuite/providers/base/provider.py         |   0
 .../providers/base/resources/__init__.py      |   0
 ScoutSuite/providers/base/resources/base.py   |   0
 ScoutSuite/providers/base/services.py         |   0
 ScoutSuite/providers/gcp/__init__.py          |   0
 .../providers/gcp/authentication_strategy.py  |   0
 ScoutSuite/providers/gcp/facade/__init__.py   |   0
 ScoutSuite/providers/gcp/facade/base.py       |   0
 ScoutSuite/providers/gcp/facade/basefacade.py |   0
 .../gcp/facade/cloudresourcemanager.py        |   0
 ScoutSuite/providers/gcp/facade/cloudsql.py   |   0
 .../providers/gcp/facade/cloudstorage.py      |   0
 ScoutSuite/providers/gcp/facade/gce.py        |   0
 ScoutSuite/providers/gcp/facade/iam.py        |   0
 ScoutSuite/providers/gcp/facade/kms.py        |   0
 .../gcp/facade/stackdriverlogging.py          |   0
 ScoutSuite/providers/gcp/facade/utils.py      |   0
 ScoutSuite/providers/gcp/metadata.json        |   0
 ScoutSuite/providers/gcp/provider.py          |   0
 .../providers/gcp/resources/__init__.py       |   0
 ScoutSuite/providers/gcp/resources/base.py    |   0
 .../cloudresourcemanager/__init__.py          |   0
 .../resources/cloudresourcemanager/base.py    |   0
 .../cloudresourcemanager/bindings.py          |   0
 .../resources/cloudresourcemanager/groups.py  |   0
 .../resources/cloudresourcemanager/users.py   |   0
 .../gcp/resources/cloudsql/__init__.py        |   0
 .../gcp/resources/cloudsql/backups.py         |   0
 .../providers/gcp/resources/cloudsql/base.py  |   0
 .../resources/cloudsql/database_instances.py  |   0
 .../providers/gcp/resources/cloudsql/users.py |   0
 .../gcp/resources/cloudstorage/__init__.py    |   0
 .../gcp/resources/cloudstorage/base.py        |   0
 .../gcp/resources/cloudstorage/buckets.py     |   0
 .../providers/gcp/resources/gce/__init__.py   |   0
 .../providers/gcp/resources/gce/base.py       |   0
 .../providers/gcp/resources/gce/disks.py      |   0
 .../providers/gcp/resources/gce/firewalls.py  |   0
 .../gcp/resources/gce/instance_disks.py       |   0
 .../providers/gcp/resources/gce/instances.py  |   0
 .../providers/gcp/resources/gce/networks.py   |   0
 .../providers/gcp/resources/gce/regions.py    |   0
 .../providers/gcp/resources/gce/snapshots.py  |   0
 .../gcp/resources/gce/subnetworks.py          |   0
 .../providers/gcp/resources/gce/zones.py      |   0
 .../providers/gcp/resources/iam/__init__.py   |   0
 .../providers/gcp/resources/iam/base.py       |   0
 .../providers/gcp/resources/iam/bindings.py   |   0
 .../providers/gcp/resources/iam/keys.py       |   0
 .../gcp/resources/iam/service_accounts.py     |   0
 .../providers/gcp/resources/kms/__init__.py   |   0
 .../providers/gcp/resources/kms/base.py       |   0
 .../providers/gcp/resources/kms/keyrings.py   |   0
 .../providers/gcp/resources/kms/keys.py       |   0
 .../providers/gcp/resources/projects.py       |   0
 ScoutSuite/providers/gcp/resources/regions.py |   0
 .../resources/stackdriverlogging/__init__.py  |   0
 .../gcp/resources/stackdriverlogging/base.py  |   0
 .../gcp/resources/stackdriverlogging/sinks.py |   0
 ScoutSuite/providers/gcp/resources/zones.py   |   0
 ...udresourcemanager-gmail-accounts-used.json |   0
 ...resourcemanager-primitive-role-in-use.json |   0
 ...resourcemanager-role-assigned-to-user.json |   0
 ...sourcemanager-sa-has-admin-privileges.json |   0
 ...resourcemanager-user-has-sa-user-role.json |   0
 ...udsql-allows-root-login-from-any-host.json |   0
 .../cloudsql-instance-backups-disabled.json   |   0
 ...loudsql-instance-is-open-to-the-world.json |   0
 .../cloudsql-instance-no-binary-logging.json  |   0
 .../cloudsql-instance-ssl-not-required.json   |   0
 .../cloudsql-instance-with-no-backups.json    |   0
 .../findings/cloudstorage-bucket-member.json  |   0
 .../cloudstorage-bucket-no-logging.json       |   0
 .../cloudstorage-bucket-no-versioning.json    |   0
 ...teengine-firewall-default-rule-in-use.json |   0
 ...engine-firewall-rule-allows-all-ports.json |   0
 ...firewall-rule-allows-internal-traffic.json |   0
 ...ngine-firewall-rule-allows-port-range.json |   0
 ...ne-firewall-rule-allows-public-access.json |   0
 ...-firewall-rule-opens-all-ports-to-all.json |   0
 ...wall-rule-opens-sensitive-port-to-all.json |   0
 ...engine-instance-disk-with-no-snapshot.json |   0
 ...nce-with-deletion-protection-disabled.json |   0
 ...mputeengine-network-with-no-instances.json |   0
 .../computeengine-old-disk-snapshot.json      |   0
 ...-lack-of-service-account-key-rotation.json |   0
 .../iam-service-account-user-member.json      |   0
 ...ervice-account-with-user-managed-keys.json |   0
 .../stackdriverlogging-no-export-sinks.json   |   0
 .../gcp/rules/rulesets/cis-1.0.0.json         |   0
 .../providers/gcp/rules/rulesets/default.json |   0
 .../providers/gcp/rules/rulesets/filters.json |   0
 ScoutSuite/providers/gcp/services.py          |   0
 ScoutSuite/providers/oci/__init__.py          |   0
 .../providers/oci/authentication_strategy.py  |   0
 ScoutSuite/providers/oci/facade/__init__.py   |   0
 ScoutSuite/providers/oci/facade/base.py       |   0
 ScoutSuite/providers/oci/facade/identity.py   |   0
 ScoutSuite/providers/oci/facade/kms.py        |   0
 .../providers/oci/facade/objectstorage.py     |   0
 ScoutSuite/providers/oci/metadata.json        |   0
 ScoutSuite/providers/oci/provider.py          |   0
 .../providers/oci/resources/__init__.py       |   0
 ScoutSuite/providers/oci/resources/base.py    |   0
 .../oci/resources/identity/__init__.py        |   0
 .../oci/resources/identity/api_keys.py        |   0
 .../identity/authentication_policy.py         |   0
 .../providers/oci/resources/identity/base.py  |   0
 .../oci/resources/identity/groups.py          |   0
 .../oci/resources/identity/policies.py        |   0
 .../providers/oci/resources/identity/users.py |   0
 .../providers/oci/resources/kms/__init__.py   |   0
 .../providers/oci/resources/kms/base.py       |   0
 .../providers/oci/resources/kms/keys.py       |   0
 .../providers/oci/resources/kms/keyvaults.py  |   0
 .../oci/resources/objectstorage/__init__.py   |   0
 .../oci/resources/objectstorage/base.py       |   0
 .../oci/resources/objectstorage/buckets.py    |   0
 ScoutSuite/providers/oci/rules/filters/.keep  |   0
 ...entity-password-policy-minimum-length.json |   0
 ...password-policy-no-lowercase-required.json |   0
 ...ty-password-policy-no-number-required.json |   0
 ...ty-password-policy-no-symbol-required.json |   0
 ...password-policy-no-uppercase-required.json |   0
 .../identity-policy-affects-user.json         |   0
 .../identity-user-with-multiple-api-keys.json |   0
 .../rules/findings/kms-no-key-rotation.json   |   0
 ...storage-bucket-lacking-kms-encryption.json |   0
 .../findings/objectstorage-public-bucket.json |   0
 .../providers/oci/rules/rulesets/default.json |   0
 .../providers/oci/rules/rulesets/filters.json |   0
 ScoutSuite/providers/oci/services.py          |   0
 ScoutSuite/providers/oci/utils.py             |   0
 ScoutSuite/providers/utils.py                 |   0
 ScoutSuite/utils.py                           |   0
 requirements.txt                              |   0
 setup.py                                      |   0
 tests/data/invalid-file.json                  |   0
 tests/data/policy1.json                       |   0
 tests/data/resources/dummy_resources.json     |   0
 tests/data/rule-configs/ec2.json              |   0
 .../rule-configs/iam-password-policy.json     |   0
 tests/data/rule-configs/iam-root.json         |   0
 .../ec2-default-security-group-in-use.json    |   0
 ...ec2-default-security-group-with-rules.json |   0
 ...security-group-opens-all-ports-to-all.json |   0
 ...ecurity-group-opens-all-ports-to-self.json |   0
 .../ec2-security-group-opens-all-ports.json   |   0
 ...ecurity-group-opens-known-port-to-all.json |   0
 .../ec2-security-group-opens-port-range.json  |   0
 .../ec2-security-group-opens-port-to-all.json |   0
 ...-whitelists-aws-ip-from-banned-region.json |   0
 .../ec2-security-group-whitelists-aws.json    |   0
 ...-password-policy-expiration-threshold.json |   0
 ...am-password-policy-lowercase-required.json |   0
 .../iam-password-policy-minimum-length.json   |   0
 .../iam-password-policy-no-expiration.json    |   0
 ...password-policy-no-lowercase-required.json |   0
 ...am-password-policy-no-number-required.json |   0
 ...am-password-policy-no-symbol-required.json |   0
 ...password-policy-no-uppercase-required.json |   0
 .../iam-password-policy-reuse-enabled.json    |   0
 tests/data/ruleset-test.json                  |   0
 tests/data/statement1.json                    |   0
 tests/data/test-ruleset.json                  |   0
 tests/test-core.py                            |   0
 tests/test-main.py                            |   0
 tests/test-output.py                          |   0
 tests/test-resources.py                       |   0
 tests/test-rules-processingengine.py          |   0
 tests/test-rules-ruleset.py                   |   0
 tests/test-scoutsuite.py                      |   0
 tests/test-utils-conditions.py                |   0
 tests/test-utils.py                           |   0
 tests/test-utils_cloudwatch.py                |   0
 tests/test-utils_sns.py                       |   0
 tools/process_raw_response.py                 |   0
 845 files changed, 97 insertions(+), 89 deletions(-)
 mode change 100644 => 100755 .coveragerc
 mode change 100644 => 100755 .flake8
 mode change 100644 => 100755 .github/ISSUE_TEMPLATE/bug_report.md
 mode change 100644 => 100755 .github/ISSUE_TEMPLATE/feature_request.md
 mode change 100644 => 100755 .github/PULL_REQUEST_TEMPLATE.md
 mode change 100644 => 100755 .gitignore
 mode change 100644 => 100755 .travis.yml
 mode change 100644 => 100755 CODE_OF_CONDUCT.md
 mode change 100644 => 100755 CONTRIBUTING.md
 mode change 100644 => 100755 Dockerfile
 mode change 100644 => 100755 LICENSE
 mode change 100644 => 100755 MANIFEST.in
 mode change 100644 => 100755 README.md
 mode change 100644 => 100755 ScoutSuite/__init__.py
 mode change 100644 => 100755 ScoutSuite/__main__.py
 mode change 100644 => 100755 ScoutSuite/core/__init__.py
 mode change 100644 => 100755 ScoutSuite/core/cli_parser.py
 mode change 100644 => 100755 ScoutSuite/core/conditions.py
 mode change 100644 => 100755 ScoutSuite/core/console.py
 mode change 100644 => 100755 ScoutSuite/core/exceptions.py
 mode change 100644 => 100755 ScoutSuite/core/fs.py
 mode change 100644 => 100755 ScoutSuite/core/processingengine.py
 mode change 100644 => 100755 ScoutSuite/core/rule.py
 mode change 100644 => 100755 ScoutSuite/core/rule_definition.py
 mode change 100644 => 100755 ScoutSuite/core/ruleset.py
 mode change 100644 => 100755 ScoutSuite/core/server.py
 mode change 100644 => 100755 ScoutSuite/core/utils.py
 mode change 100644 => 100755 ScoutSuite/data/aws/ip-ranges/aws-in-ec2.json
 mode change 100644 => 100755 ScoutSuite/data/aws/ip-ranges/aws-in-us.json
 mode change 100644 => 100755 ScoutSuite/data/aws/ip-ranges/aws.json
 mode change 100644 => 100755 ScoutSuite/data/icmp_message_types.json
 mode change 100644 => 100755 ScoutSuite/data/protocols.json
 mode change 100644 => 100755 ScoutSuite/output/__init__.py
 mode change 100644 => 100755 ScoutSuite/output/data/html/conditionals/json_format.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/conditionals/sqlite_format.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/about_scoutsuite.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/accordion.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/accordion_policy.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aliyun/left_menu_for_aliyun_region.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aliyun/services.actiontrail.trails.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aliyun/services.ecs.regions.id.instances.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aliyun/services.kms.regions.id.keys.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aliyun/services.oss.buckets.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aliyun/services.ram.groups.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aliyun/services.ram.policies.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aliyun/services.ram.roles.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aliyun/services.ram.users.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aliyun/services.rds.regions.id.instances.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aliyun/services.vpc.regions.id.vpcs.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/left_menu_for_region.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/left_menu_for_vpc.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.acm.regions.id.certificates.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.awslambda.regions.id.functions.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.cloudformation.regions.id.stacks.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.cloudtrail.regions.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.cloudtrail.regions.id.trails.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.cloudwatch.regions.id.alarms.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.config.regions.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.config.regions.id.recorders.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.config.regions.id.rules.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.snapshots.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.volumes.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.images.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.instances.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.security_groups.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.ec2.regions.vpcs.security_groups.resource_list.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.ec2.regions.vpcs.security_groups.rule_list.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.elasticache.regions.id.parameter_groups.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.elasticache.regions.id.security_groups.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.elasticache.regions.id.subnet_groups.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.elasticache.regions.id.vpcs.id.clusters.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.elb_policies.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.linked_resources.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.listener.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcsid.elbs.linked_policy.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.elbv2.regions.id.vpcs.id.lbs.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.emr.regions.id.vpcs.id.clusters.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.iam.groups.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.iam.inline_policies.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.iam.managed_policies.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.iam.managed_policies_list.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.iam.roles.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.iam.users.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.kms.regions.id.keys.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.parameter_groups.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.security_groups.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.instances.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.snapshots.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.subnet_groups.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.parameter_groups.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.vpcs.id.clusters.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.vpcs.id.security_groups.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.redshift.regions.vpcs.cluster_nodes.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.route53.regions.id.domains.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.route53.regions.id.hosted_zones.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.s3.acls.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.s3.bucket_iam_policies.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.s3.buckets.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.s3.buckets.objects.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.secretsmanager.regions.id.secrets.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.ses.regions.id.identities.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.sns.regions.id.topics.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.sqs.regions.id.queues.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.stackdriverlogging.sinks.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.peering_connections.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.flow_logs.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.network_acls.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.peering_connections.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.subnets.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/azure/details_for_subscription.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/azure/left_menu_for_subscription.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/azure/services.aad.applications.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/azure/services.aad.groups.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/azure/services.aad.service_principals.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/azure/services.aad.users.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/azure/services.arm.subscriptions.id.roles.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/azure/services.keyvault.subscriptions.id.vaults.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.application_security_groups.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.network_interfaces.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.security_groups.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.virtual_networks.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.virtual_networks.id.subnets.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.watchers.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.auto_provisioning_settings.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.pricings.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.security_contacts.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.instances.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/count_badge.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/dashboard.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/details.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/details_for_region.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/details_for_vpc.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/ec2_grants.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/filters.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/gcp/details_for_gcp_region.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/gcp/details_for_gcp_zone.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/gcp/details_for_project.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/gcp/left_menu_for_gcp_region.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/gcp/left_menu_for_gcp_zone.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/gcp/left_menu_for_project.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/gcp/services.cloudresourcemanager.projects.id.bindings.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/gcp/services.cloudresourcemanager.projects.id.groups.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/gcp/services.cloudresourcemanager.projects.id.users.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/gcp/services.cloudsql.projects.id.instances.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.firewalls.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.networks.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.regions.id.subnetworks.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.snapshots.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.zones.id.instances.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.service_accounts.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/gcp/services.kms.projects.id.keyrings.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/gcp/services.stackdriverlogging.projects.id.sinks.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/generic_object.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/ip_grants.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/last_run_details.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/left_menu.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/metadata.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/modal.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/network_interface.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/oci/services.identity.groups.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/oci/services.identity.policies.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/oci/services.identity.users.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/oci/services.kms.keyvaults.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/oci/services.objectstorage.buckets.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/policy.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/resource_link.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/resources_details.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/partials/singles.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/report.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/summaries/aliyun/services.ram.password_policy.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/summaries/aliyun/services.ram.security_policy.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/summaries/attack_surface.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/summaries/aws/services.ec2.external_attack_surface.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/summaries/aws/services.elb.external_attack_surface.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/summaries/aws/services.elbv2.external_attack_surface.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/summaries/aws/services.iam.password_policy.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/summaries/aws/services.iam.permissions.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/summaries/aws/services.rds.external_attack_surface.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/summaries/aws/services.redshift.external_attack_surface.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/summaries/azure/.keep
 mode change 100644 => 100755 ScoutSuite/output/data/html/summaries/gcp/.keep
 mode change 100644 => 100755 ScoutSuite/output/data/html/summaries/oci/services.identity.password_policy.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/summaries/service_groups.compute.summaries.external_attack_surface.html
 mode change 100644 => 100755 ScoutSuite/output/data/html/summaries/service_groups.database.summaries.external_attack_surface.html
 mode change 100644 => 100755 ScoutSuite/output/data/inc-scoutsuite/css/modal.css
 mode change 100644 => 100755 ScoutSuite/output/data/inc-scoutsuite/css/scoutsuite-dark.css
 mode change 100644 => 100755 ScoutSuite/output/data/inc-scoutsuite/css/scoutsuite-light.css
 mode change 100644 => 100755 ScoutSuite/output/data/inc-scoutsuite/css/scoutsuite.css
 mode change 100644 => 100755 ScoutSuite/output/data/inc-scoutsuite/favicon.ico
 mode change 100644 => 100755 ScoutSuite/output/data/inc-scoutsuite/helpers.js
 mode change 100644 => 100755 ScoutSuite/output/data/inc-scoutsuite/pagination.js
 mode change 100644 => 100755 ScoutSuite/output/data/inc-scoutsuite/provider.js
 mode change 100644 => 100755 ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js
 mode change 100644 => 100755 ScoutSuite/output/data/inc-scoutsuite/sqlite.js
 mode change 100644 => 100755 ScoutSuite/output/data/inc-scoutsuite/theme.js
 mode change 100644 => 100755 ScoutSuite/output/data/includes.zip
 mode change 100644 => 100755 ScoutSuite/output/data/listall-configs/ec2.regions.id.vpcs.id.security_groups.id.json
 mode change 100644 => 100755 ScoutSuite/output/html.py
 mode change 100644 => 100755 ScoutSuite/output/result_encoder.py
 mode change 100644 => 100755 ScoutSuite/output/utils.py
 mode change 100644 => 100755 ScoutSuite/providers/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/authentication_strategy.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/facade/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/facade/actiontrail.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/facade/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/facade/ecs.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/facade/kms.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/facade/oss.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/facade/ram.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/facade/rds.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/facade/utils.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/facade/vpc.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/metadata.json
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/provider.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/actiontrail/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/actiontrail/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/actiontrail/trails.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/ecs/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/ecs/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/ecs/instances.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/kms/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/kms/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/kms/keys.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/oss/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/oss/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/oss/buckets.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/ram/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/ram/api_keys.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/ram/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/ram/groups.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/ram/password_policy.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/ram/policies.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/ram/roles.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/ram/security_policy.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/ram/users.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/rds/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/rds/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/rds/instances.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/regions.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/vpc/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/vpc/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/resources/vpc/vpcs.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/rules/findings/actiontrail-not-configured.json
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/rules/findings/actiontrail-not-enabled.json
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/rules/findings/ecs-instance-with-deletion-protection-disabled.json
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/rules/findings/ecs-instance-with-public-ip.json
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/rules/findings/kms-no-key-rotation.json
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-expiration-threshold.json
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-minimum-length.json
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-no-expiration.json
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-no-lowercase-required.json
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-no-number-required.json
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-no-symbol-required.json
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-no-uppercase-required.json
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-reuse-enabled.json
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/rules/findings/ram-user-lacking-mfa.json
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/rules/findings/ram-user-unused-api-key.json
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/rules/findings/ram-user-unused-console-password.json
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/rules/findings/ram-user-with-multiple-api-keys.json
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/rules/findings/ram-user-with-old-api-key.json
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/rules/rulesets/default.json
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/rules/rulesets/filters.json
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/services.py
 mode change 100644 => 100755 ScoutSuite/providers/aliyun/utils.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/authentication_strategy.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/acm.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/awslambda.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/basefacade.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/cloudformation.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/cloudtrail.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/cloudwatch.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/config.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/directconnect.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/ec2.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/efs.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/elasticache.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/elb.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/elbv2.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/emr.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/iam.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/kms.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/rds.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/redshift.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/route53.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/s3.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/secretsmanager.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/ses.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/sns.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/sqs.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/facade/utils.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/metadata.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/provider.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/acm/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/acm/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/acm/certificates.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/awslambda/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/awslambda/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/awslambda/functions.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/cloudformation/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/cloudformation/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/cloudformation/stacks.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/cloudtrail/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/cloudtrail/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/cloudtrail/trails.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/cloudwatch/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/cloudwatch/alarms.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/cloudwatch/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/config/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/config/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/config/recorders.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/config/rules.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/directconnect/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/directconnect/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/directconnect/connections.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/ec2/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/ec2/ami.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/ec2/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/ec2/instances.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/ec2/securitygroups.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/ec2/snapshots.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/ec2/volumes.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/ec2/vpcs.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/efs/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/efs/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/efs/filesystems.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/elasticache/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/elasticache/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/elasticache/cluster.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/elasticache/parametergroups.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/elasticache/securitygroups.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/elasticache/subnetgroups.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/elasticache/vpcs.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/elb/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/elb/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/elb/load_balancers.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/elb/policies.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/elb/vpcs.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/elbv2/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/elbv2/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/elbv2/listeners.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/elbv2/load_balancers.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/elbv2/vpcs.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/emr/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/emr/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/emr/clusters.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/emr/vpcs.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/iam/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/iam/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/iam/credentialreports.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/iam/groups.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/iam/passwordpolicy.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/iam/policies.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/iam/roles.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/iam/users.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/kms/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/kms/aliases.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/kms/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/kms/grants.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/kms/keys.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/rds/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/rds/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/rds/instances.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/rds/parametergroups.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/rds/securitygroups.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/rds/snapshots.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/rds/subnetgroups.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/rds/vpcs.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/redshift/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/redshift/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/redshift/cluster_parameters.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/redshift/cluster_security_groups.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/redshift/clusters.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/redshift/vpcs.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/regions.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/route53/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/route53/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/route53/domains.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/route53/hosted_zones.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/s3/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/s3/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/s3/buckets.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/secretsmanager/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/secretsmanager/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/secretsmanager/secrets.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/ses/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/ses/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/ses/identities.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/ses/identity_policies.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/sns/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/sns/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/sns/subscriptions.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/sns/topics.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/sqs/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/sqs/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/sqs/queues.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/vpc/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/vpc/base.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/vpc/flow_logs.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/vpc/network_acls.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/vpc/peering_connections.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/vpc/subnets.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/vpc/vpcs.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/resources/vpcs.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/conditions/cidr-is-all.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/conditions/ec2-security-group-in-use.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/conditions/ec2-security-group-not-used.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/conditions/instance-with-open-nacls.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/conditions/instance-with-public-ip.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/conditions/ip-not-in-private-space.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/conditions/policy-statement-any-principal.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/conditions/security-group-opens-all-ports.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/filters/ec2-instance-with-open-nacls.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/filters/ec2-security-group-with-public-cidr-grant.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/filters/iam-role-for-aws-account.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/filters/iam-role-for-service.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/acm-certificate-with-close-expiration-date.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/acm-certificate-with-transparency-logging-disabled.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/cloudformation-stack-with-role.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/cloudtrail-duplicated-global-services-logging.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/cloudtrail-no-data-logging.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/cloudtrail-no-global-services-logging.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/cloudtrail-no-log-file-validation.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/cloudtrail-no-logging.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/cloudtrail-not-configured.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/cloudwatch-alarm-without-actions.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/config-recorder-not-configured.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-ami-public.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-in-use.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-with-rules.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-not-encrypted.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-public.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-ebs-volume-not-encrypted.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-instance-in-security-group.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-instance-type.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-instance-types.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-instance-with-public-ip.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-instance-with-user-data-secrets.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-all-ports-to-all.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-all-ports-to-self.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-all-ports.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-icmp-to-all.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-known-port-to-all.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-plaintext-port.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-range.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-to-all.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-aws-ip-from-banned-region.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-aws.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-non-elastic-ips.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-unknown-aws.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-unknown-cidrs.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ec2-unused-security-group.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/elb-no-access-logs.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/elbv2-no-access-logs.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/elbv2-no-deletion-protection.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/elbv2-older-ssl-policy.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-assume-role-lacks-external-id-and-mfa.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-assume-role-no-mfa.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-assume-role-policy-allows-all.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-ec2-role-without-instances.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-group-with-inline-policies.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-group-with-no-users.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-human-user-with-policies.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-NotActions.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-non-sts-action.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-inline-policy-for-role.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-NotActions.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-non-sts-action.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-managed-policy-for-role.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-managed-policy-no-attachments.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-password-policy-expiration-threshold.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-password-policy-lowercase-required.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-password-policy-minimum-length.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-expiration.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-lowercase-required.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-number-required.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-symbol-required.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-uppercase-required.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-password-policy-reuse-enabled.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-role-with-inline-policies.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-root-account-used-recently.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-certs.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-service-user-with-password.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-user-no-key-rotation.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-user-not-in-category-group.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-user-not-in-common-group.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-user-with-multiple-access-keys.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-user-with-password-and-key.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-user-with-policies.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/iam-user-without-mfa.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/rds-instance-backup-disabled.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/rds-instance-ca-certificate-deprecated.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/rds-instance-no-minor-upgrade.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/rds-instance-short-backup-retention-period.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/rds-instance-single-az.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/rds-instance-storage-not-encrypted.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/rds-postgres-instance-with-invalid-certificate.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/rds-security-group-allows-all.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/rds-snapshot-public.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/redshift-cluster-database-not-encrypted.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/redshift-cluster-no-version-upgrade.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/redshift-cluster-publicly-accessible.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/redshift-parameter-group-logging-disabled.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/redshift-parameter-group-ssl-not-required.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/redshift-security-group-whitelists-all.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/route53-domain-no-autorenew.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/route53-domain-no-transferlock.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/route53-domain-transferlock-not-authorized.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/s3-bucket-allowing-cleartext.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/s3-bucket-no-default-encryption.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/s3-bucket-no-logging.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/s3-bucket-no-mfa-delete.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/s3-bucket-no-versioning.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/s3-bucket-website-enabled.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/s3-bucket-world-acl.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-arg.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-star.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ses-identity-dkim-not-enabled.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ses-identity-dkim-not-verified.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/ses-identity-world-policy.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/sqs-queue-world-policy.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/vpc-custom-network-acls-allow-all.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/vpc-default-network-acls-allow-all.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/vpc-network-acl-not-used.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/vpc-subnet-with-bad-acls.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/vpc-subnet-with-default-acls.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/findings/vpc-subnet-without-flow-log.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/rulesets/cis-1.0.0.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/rulesets/default.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/rulesets/detailed.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/rules/rulesets/filters.json
 mode change 100644 => 100755 ScoutSuite/providers/aws/services.py
 mode change 100644 => 100755 ScoutSuite/providers/aws/utils.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/authentication_strategy.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/facade/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/facade/aad.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/facade/appservice.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/facade/arm.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/facade/base.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/facade/keyvault.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/facade/network.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/facade/securitycenter.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/facade/sqldatabase.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/facade/storageaccounts.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/facade/virtualmachines.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/metadata.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/provider.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/aad/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/aad/applications.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/aad/base.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/aad/groups.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/aad/serviceprincipals.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/aad/users.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/appservice/base.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/appservice/web_apps.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/arm/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/arm/base.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/arm/role_assignments.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/arm/roles.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/base.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/keyvault/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/keyvault/base.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/keyvault/vaults.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/monitor/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/network/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/network/application_security_groups.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/network/base.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/network/network_interfaces.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/network/security_groups.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/network/virtual_networks.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/network/watchers.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/securitycenter/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/securitycenter/auto_provisioning_settings.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/securitycenter/base.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/securitycenter/information_protection_policies.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/securitycenter/pricings.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/securitycenter/security_contacts.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/securitycenter/settings.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/sqldatabase/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/sqldatabase/base.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/sqldatabase/database_blob_auditing_policies.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/sqldatabase/database_threat_detection_policies.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/sqldatabase/databases.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/sqldatabase/replication_links.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/sqldatabase/server_azure_ad_administrators.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/sqldatabase/server_blob_auditing_policies.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/sqldatabase/server_security_alert_policies.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/sqldatabase/servers.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/sqldatabase/transparent_data_encryptions.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/storageaccounts/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/storageaccounts/base.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/storageaccounts/blob_containers.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/subscriptions.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/virtualmachines/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/virtualmachines/base.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/resources/virtualmachines/instances.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/conditions/allow-tcp.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/conditions/exposed-to-the-internet.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/aad-guest-users.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/appservice-authentication-disabled.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/appservice-client-certificates-disabled.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/appservice-http-2-disabled.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/appservice-http-allowed.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/appservice-managed-service-identities-disabled.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/appservice-tls-v1-supported.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/appservice-webapp-using-outdated-progamming-language-version.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-internet-all.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/network-watcher-not-enabled.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/network-watcher-not-provisioned.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/securitycenter-auto-provisioning-off.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-email-not-set.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-admin-email-notifications.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-email-notifications.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-not-set.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-phone-not-set.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/securitycenter-standard-tier-not-enabled.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-auditing-low-retention.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-auditing.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-threat-detection.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-transparent-data-encryption.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-disabled-alerts.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-low-retention.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-send-alerts-disabled.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-auditing-low-retention.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-ad-admin-configured.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-auditing.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-threat-detection.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-disabled-alerts.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-low-retention.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-send-alerts-disabled.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/storageaccount-access-keys-not-rotated.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/storageaccount-account-allowing-clear-text.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/storageaccount-public-blob-container.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/findings/storageaccount-trusted-microsoft-services.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/rulesets/cis-1.0.0.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/rulesets/default.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/rules/rulesets/filters.json
 mode change 100644 => 100755 ScoutSuite/providers/azure/services.py
 mode change 100644 => 100755 ScoutSuite/providers/azure/utils.py
 mode change 100644 => 100755 ScoutSuite/providers/base/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/base/authentication_strategy.py
 mode change 100644 => 100755 ScoutSuite/providers/base/authentication_strategy_factory.py
 mode change 100644 => 100755 ScoutSuite/providers/base/configs/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/base/configs/browser.py
 mode change 100644 => 100755 ScoutSuite/providers/base/provider.py
 mode change 100644 => 100755 ScoutSuite/providers/base/resources/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/base/resources/base.py
 mode change 100644 => 100755 ScoutSuite/providers/base/services.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/authentication_strategy.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/facade/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/facade/base.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/facade/basefacade.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/facade/cloudresourcemanager.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/facade/cloudsql.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/facade/cloudstorage.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/facade/gce.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/facade/iam.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/facade/kms.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/facade/stackdriverlogging.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/facade/utils.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/metadata.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/provider.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/base.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/cloudresourcemanager/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/cloudresourcemanager/base.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/cloudresourcemanager/bindings.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/cloudresourcemanager/groups.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/cloudresourcemanager/users.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/cloudsql/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/cloudsql/backups.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/cloudsql/base.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/cloudsql/users.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/cloudstorage/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/cloudstorage/base.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/gce/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/gce/base.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/gce/disks.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/gce/firewalls.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/gce/instance_disks.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/gce/instances.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/gce/networks.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/gce/regions.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/gce/snapshots.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/gce/subnetworks.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/gce/zones.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/iam/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/iam/base.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/iam/bindings.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/iam/keys.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/iam/service_accounts.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/kms/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/kms/base.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/kms/keyrings.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/kms/keys.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/projects.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/regions.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/stackdriverlogging/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/stackdriverlogging/base.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/stackdriverlogging/sinks.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/resources/zones.py
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-gmail-accounts-used.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-primitive-role-in-use.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-role-assigned-to-user.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-sa-has-admin-privileges.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-user-has-sa-user-role.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/cloudsql-allows-root-login-from-any-host.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-backups-disabled.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-the-world.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-no-binary-logging.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-ssl-not-required.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-with-no-backups.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-member.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-logging.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-versioning.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-default-rule-in-use.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-all-ports.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-internal-traffic.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-port-range.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-public-access.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-opens-all-ports-to-all.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-opens-sensitive-port-to-all.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/computeengine-instance-disk-with-no-snapshot.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/computeengine-instance-with-deletion-protection-disabled.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/computeengine-network-with-no-instances.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/computeengine-old-disk-snapshot.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/iam-lack-of-service-account-key-rotation.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/iam-service-account-user-member.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/iam-service-account-with-user-managed-keys.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-no-export-sinks.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/rulesets/cis-1.0.0.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/rulesets/default.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/rules/rulesets/filters.json
 mode change 100644 => 100755 ScoutSuite/providers/gcp/services.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/authentication_strategy.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/facade/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/facade/base.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/facade/identity.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/facade/kms.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/facade/objectstorage.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/metadata.json
 mode change 100644 => 100755 ScoutSuite/providers/oci/provider.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/resources/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/resources/base.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/resources/identity/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/resources/identity/api_keys.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/resources/identity/authentication_policy.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/resources/identity/base.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/resources/identity/groups.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/resources/identity/policies.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/resources/identity/users.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/resources/kms/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/resources/kms/base.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/resources/kms/keys.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/resources/kms/keyvaults.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/resources/objectstorage/__init__.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/resources/objectstorage/base.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/resources/objectstorage/buckets.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/rules/filters/.keep
 mode change 100644 => 100755 ScoutSuite/providers/oci/rules/findings/identity-password-policy-minimum-length.json
 mode change 100644 => 100755 ScoutSuite/providers/oci/rules/findings/identity-password-policy-no-lowercase-required.json
 mode change 100644 => 100755 ScoutSuite/providers/oci/rules/findings/identity-password-policy-no-number-required.json
 mode change 100644 => 100755 ScoutSuite/providers/oci/rules/findings/identity-password-policy-no-symbol-required.json
 mode change 100644 => 100755 ScoutSuite/providers/oci/rules/findings/identity-password-policy-no-uppercase-required.json
 mode change 100644 => 100755 ScoutSuite/providers/oci/rules/findings/identity-policy-affects-user.json
 mode change 100644 => 100755 ScoutSuite/providers/oci/rules/findings/identity-user-with-multiple-api-keys.json
 mode change 100644 => 100755 ScoutSuite/providers/oci/rules/findings/kms-no-key-rotation.json
 mode change 100644 => 100755 ScoutSuite/providers/oci/rules/findings/objectstorage-bucket-lacking-kms-encryption.json
 mode change 100644 => 100755 ScoutSuite/providers/oci/rules/findings/objectstorage-public-bucket.json
 mode change 100644 => 100755 ScoutSuite/providers/oci/rules/rulesets/default.json
 mode change 100644 => 100755 ScoutSuite/providers/oci/rules/rulesets/filters.json
 mode change 100644 => 100755 ScoutSuite/providers/oci/services.py
 mode change 100644 => 100755 ScoutSuite/providers/oci/utils.py
 mode change 100644 => 100755 ScoutSuite/providers/utils.py
 mode change 100644 => 100755 ScoutSuite/utils.py
 mode change 100644 => 100755 requirements.txt
 mode change 100644 => 100755 setup.py
 mode change 100644 => 100755 tests/data/invalid-file.json
 mode change 100644 => 100755 tests/data/policy1.json
 mode change 100644 => 100755 tests/data/resources/dummy_resources.json
 mode change 100644 => 100755 tests/data/rule-configs/ec2.json
 mode change 100644 => 100755 tests/data/rule-configs/iam-password-policy.json
 mode change 100644 => 100755 tests/data/rule-configs/iam-root.json
 mode change 100644 => 100755 tests/data/rule-results/ec2-default-security-group-in-use.json
 mode change 100644 => 100755 tests/data/rule-results/ec2-default-security-group-with-rules.json
 mode change 100644 => 100755 tests/data/rule-results/ec2-security-group-opens-all-ports-to-all.json
 mode change 100644 => 100755 tests/data/rule-results/ec2-security-group-opens-all-ports-to-self.json
 mode change 100644 => 100755 tests/data/rule-results/ec2-security-group-opens-all-ports.json
 mode change 100644 => 100755 tests/data/rule-results/ec2-security-group-opens-known-port-to-all.json
 mode change 100644 => 100755 tests/data/rule-results/ec2-security-group-opens-port-range.json
 mode change 100644 => 100755 tests/data/rule-results/ec2-security-group-opens-port-to-all.json
 mode change 100644 => 100755 tests/data/rule-results/ec2-security-group-whitelists-aws-ip-from-banned-region.json
 mode change 100644 => 100755 tests/data/rule-results/ec2-security-group-whitelists-aws.json
 mode change 100644 => 100755 tests/data/rule-results/iam-password-policy-expiration-threshold.json
 mode change 100644 => 100755 tests/data/rule-results/iam-password-policy-lowercase-required.json
 mode change 100644 => 100755 tests/data/rule-results/iam-password-policy-minimum-length.json
 mode change 100644 => 100755 tests/data/rule-results/iam-password-policy-no-expiration.json
 mode change 100644 => 100755 tests/data/rule-results/iam-password-policy-no-lowercase-required.json
 mode change 100644 => 100755 tests/data/rule-results/iam-password-policy-no-number-required.json
 mode change 100644 => 100755 tests/data/rule-results/iam-password-policy-no-symbol-required.json
 mode change 100644 => 100755 tests/data/rule-results/iam-password-policy-no-uppercase-required.json
 mode change 100644 => 100755 tests/data/rule-results/iam-password-policy-reuse-enabled.json
 mode change 100644 => 100755 tests/data/ruleset-test.json
 mode change 100644 => 100755 tests/data/statement1.json
 mode change 100644 => 100755 tests/data/test-ruleset.json
 mode change 100644 => 100755 tests/test-core.py
 mode change 100644 => 100755 tests/test-main.py
 mode change 100644 => 100755 tests/test-output.py
 mode change 100644 => 100755 tests/test-resources.py
 mode change 100644 => 100755 tests/test-rules-processingengine.py
 mode change 100644 => 100755 tests/test-rules-ruleset.py
 mode change 100644 => 100755 tests/test-scoutsuite.py
 mode change 100644 => 100755 tests/test-utils-conditions.py
 mode change 100644 => 100755 tests/test-utils.py
 mode change 100644 => 100755 tests/test-utils_cloudwatch.py
 mode change 100644 => 100755 tests/test-utils_sns.py
 mode change 100644 => 100755 tools/process_raw_response.py

diff --git a/.coveragerc b/.coveragerc
old mode 100644
new mode 100755
diff --git a/.flake8 b/.flake8
old mode 100644
new mode 100755
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
old mode 100644
new mode 100755
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
old mode 100644
new mode 100755
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
old mode 100644
new mode 100755
diff --git a/.gitignore b/.gitignore
old mode 100644
new mode 100755
diff --git a/.travis.yml b/.travis.yml
old mode 100644
new mode 100755
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
old mode 100644
new mode 100755
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
old mode 100644
new mode 100755
diff --git a/Dockerfile b/Dockerfile
old mode 100644
new mode 100755
diff --git a/LICENSE b/LICENSE
old mode 100644
new mode 100755
diff --git a/MANIFEST.in b/MANIFEST.in
old mode 100644
new mode 100755
diff --git a/README.md b/README.md
old mode 100644
new mode 100755
diff --git a/ScoutSuite/__init__.py b/ScoutSuite/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/__main__.py b/ScoutSuite/__main__.py
old mode 100644
new mode 100755
index 8e58dfcfb..69545e036
--- a/ScoutSuite/__main__.py
+++ b/ScoutSuite/__main__.py
@@ -56,7 +56,7 @@ def run_from_cli():
                    # General
                    report_name=args.get('report_name'), report_dir=args.get('report_dir'),
                    timestamp=args.get('timestamp'),
-                   services=args.get('services'), skipped_services=args.get('skipped_services'),
+                   services=args.get('services'), skipped_services=args.get('skipped_services'), list_services=args.get('list_services'),
                    result_format=args.get('result_format'),
                    database_name=args.get('database_name'),
                    host_ip=args.get('host_ip'),
@@ -101,7 +101,7 @@ def run(provider,
         # General
         report_name=None, report_dir=None,
         timestamp=False,
-        services=[], skipped_services=[],
+        services=[], skipped_services=[], list_services=None,
         result_format='json',
         database_name=None, host_ip='127.0.0.1', host_port=8000,
         max_workers=10,
@@ -153,7 +153,7 @@ async def _run(provider,
                # General
                report_name, report_dir,
                timestamp,
-               services, skipped_services,
+               services, skipped_services, list_services,
                result_format,
                database_name, host_ip, host_port,
                regions,
@@ -197,14 +197,14 @@ async def _run(provider,
                                                  username=username,
                                                  password=password,
                                                  access_key_id=access_key_id,
-                                                 access_key_secret=access_key_secret)
+                                                 access_key_secret=access_key_secret,
+                                                 list_services=list_services)
 
         if not credentials:
             return 101
     except Exception as e:
         print_exception('Authentication failure: {}'.format(e))
         return 101
-
     # Create a cloud provider object
     cloud_provider = get_provider(provider=provider,
                                   # AWS
@@ -238,90 +238,93 @@ async def _run(provider,
         Server.init(database_file, host_ip, host_port)
         return
 
-    # Complete run, including pulling data from provider
-    if not fetch_local:
-
-        # Fetch data from provider APIs
-        try:
-            print_info('Gathering data from APIs')
-            await cloud_provider.fetch(regions=regions, excluded_regions=excluded_regions)
-        except KeyboardInterrupt:
-            print_info('\nCancelled by user')
-            return 130
-
-        # Update means we reload the whole config and overwrite part of it
-        if update:
-            print_info('Updating existing data')
-            current_run_services = copy.deepcopy(cloud_provider.services)
-            last_run_dict = report.encoder.load_from_file('RESULTS')
-            cloud_provider.services = last_run_dict['services']
-            for service in cloud_provider.service_list:
-                cloud_provider.services[service] = current_run_services[service]
-
-    # Partial run, using pre-pulled data
+    if list_services:
+        return [x for x in dir(cloud_provider.services) if not x.startswith('_')]
     else:
-        print_info('Using local data')
-        # Reload to flatten everything into a python dictionary
-        last_run_dict = report.encoder.load_from_file('RESULTS')
-        for key in last_run_dict:
-            setattr(cloud_provider, key, last_run_dict[key])
-
-    # Pre processing
-    cloud_provider.preprocessing(
-        ip_ranges, ip_ranges_name_key)
-
-    # Analyze config
-    print_info('Running rule engine')
-    finding_rules = Ruleset(cloud_provider=cloud_provider.provider_code,
-                            environment_name=cloud_provider.environment,
-                            filename=ruleset,
-                            ip_ranges=ip_ranges,
-                            account_id=cloud_provider.account_id)
-    processing_engine = ProcessingEngine(finding_rules)
-    processing_engine.run(cloud_provider)
-
-    # Create display filters
-    print_info('Applying display filters')
-    filter_rules = Ruleset(cloud_provider=cloud_provider.provider_code,
-                           environment_name=cloud_provider.environment,
-                           rule_type='filters',
-                           account_id=cloud_provider.account_id)
-    processing_engine = ProcessingEngine(filter_rules)
-    processing_engine.run(cloud_provider)
-
-    # Handle exceptions
-    if exceptions:
-        print_info('Applying exceptions')
-        try:
-            exceptions = RuleExceptions(exceptions)
-            exceptions.process(cloud_provider)
-            exceptions = exceptions.exceptions
-        except Exception as e:
-            print_exception('Failed to load exceptions: {}'.format(e))
+        # Complete run, including pulling data from provider
+        if not fetch_local:
+
+            # Fetch data from provider APIs
+            try:
+                print_info('Gathering data from APIs')
+                await cloud_provider.fetch(regions=regions, excluded_regions=excluded_regions)
+            except KeyboardInterrupt:
+                print_info('\nCancelled by user')
+                return 130
+
+            # Update means we reload the whole config and overwrite part of it
+            if update:
+                print_info('Updating existing data')
+                current_run_services = copy.deepcopy(cloud_provider.services)
+                last_run_dict = report.encoder.load_from_file('RESULTS')
+                cloud_provider.services = last_run_dict['services']
+                for service in cloud_provider.service_list:
+                    cloud_provider.services[service] = current_run_services[service]
+
+        # Partial run, using pre-pulled data
+        else:
+            print_info('Using local data')
+            # Reload to flatten everything into a python dictionary
+            last_run_dict = report.encoder.load_from_file('RESULTS')
+            for key in last_run_dict:
+                setattr(cloud_provider, key, last_run_dict[key])
+
+        # Pre processing
+        cloud_provider.preprocessing(
+            ip_ranges, ip_ranges_name_key)
+
+        # Analyze config
+        print_info('Running rule engine')
+        finding_rules = Ruleset(cloud_provider=cloud_provider.provider_code,
+                                environment_name=cloud_provider.environment,
+                                filename=ruleset,
+                                ip_ranges=ip_ranges,
+                                account_id=cloud_provider.account_id)
+        processing_engine = ProcessingEngine(finding_rules)
+        processing_engine.run(cloud_provider)
+
+        # Create display filters
+        print_info('Applying display filters')
+        filter_rules = Ruleset(cloud_provider=cloud_provider.provider_code,
+                               environment_name=cloud_provider.environment,
+                               rule_type='filters',
+                               account_id=cloud_provider.account_id)
+        processing_engine = ProcessingEngine(filter_rules)
+        processing_engine.run(cloud_provider)
+
+        # Handle exceptions
+        if exceptions:
+            print_info('Applying exceptions')
+            try:
+                exceptions = RuleExceptions(exceptions)
+                exceptions.process(cloud_provider)
+                exceptions = exceptions.exceptions
+            except Exception as e:
+                print_exception('Failed to load exceptions: {}'.format(e))
+                exceptions = {}
+        else:
             exceptions = {}
-    else:
-        exceptions = {}
-
-    run_parameters = {
-        'services': services,
-        'skipped_services': skipped_services,
-        'regions': regions,
-        'excluded_regions': excluded_regions,
-    }
-    # Finalize
-    cloud_provider.postprocessing(report.current_time, finding_rules, run_parameters)
 
-    # Save config and create HTML report
-    html_report_path = report.save(
-        cloud_provider, exceptions, force_write, debug)
-
-    # Open the report by default
-    if not no_browser:
-        print_info('Opening the HTML report')
-        url = 'file://%s' % os.path.abspath(html_report_path)
-        webbrowser.open(url, new=2)
-
-    if ERRORS_LIST:  # errors were handled during execution
-        return 200
-    else:
-        return 0
+        run_parameters = {
+            'services': services,
+            'skipped_services': skipped_services,
+            'regions': regions,
+            'excluded_regions': excluded_regions,
+        }
+        # Finalize
+        cloud_provider.postprocessing(report.current_time, finding_rules, run_parameters)
+
+        # Save config and create HTML report
+        html_report_path = report.save(
+            cloud_provider, exceptions, force_write, debug)
+
+        # Open the report by default
+        if not no_browser:
+            print_info('Opening the HTML report')
+            url = 'file://%s' % os.path.abspath(html_report_path)
+            webbrowser.open(url, new=2)
+
+        if ERRORS_LIST:  # errors were handled during execution
+            return 200
+        else:
+            return 0
\ No newline at end of file
diff --git a/ScoutSuite/core/__init__.py b/ScoutSuite/core/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/core/cli_parser.py b/ScoutSuite/core/cli_parser.py
old mode 100644
new mode 100755
index e26714611..3ba865485
--- a/ScoutSuite/core/cli_parser.py
+++ b/ScoutSuite/core/cli_parser.py
@@ -333,6 +333,11 @@ def _init_common_args_parser(self):
                             default=[],
                             nargs='+',
                             help='Name of in-scope services, defaults to all.')
+        parser.add_argument('--list_services',
+                            dest='list_services',
+                            default=False,
+                            action='store_true',
+                            help='List available services.')
         parser.add_argument('--skip',
                             dest='skipped_services',
                             default=[],
diff --git a/ScoutSuite/core/conditions.py b/ScoutSuite/core/conditions.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/core/console.py b/ScoutSuite/core/console.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/core/exceptions.py b/ScoutSuite/core/exceptions.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/core/fs.py b/ScoutSuite/core/fs.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/core/processingengine.py b/ScoutSuite/core/processingengine.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/core/rule.py b/ScoutSuite/core/rule.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/core/rule_definition.py b/ScoutSuite/core/rule_definition.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/core/ruleset.py b/ScoutSuite/core/ruleset.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/core/server.py b/ScoutSuite/core/server.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/core/utils.py b/ScoutSuite/core/utils.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/data/aws/ip-ranges/aws-in-ec2.json b/ScoutSuite/data/aws/ip-ranges/aws-in-ec2.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/data/aws/ip-ranges/aws-in-us.json b/ScoutSuite/data/aws/ip-ranges/aws-in-us.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/data/aws/ip-ranges/aws.json b/ScoutSuite/data/aws/ip-ranges/aws.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/data/icmp_message_types.json b/ScoutSuite/data/icmp_message_types.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/data/protocols.json b/ScoutSuite/data/protocols.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/__init__.py b/ScoutSuite/output/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/conditionals/json_format.html b/ScoutSuite/output/data/html/conditionals/json_format.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/conditionals/sqlite_format.html b/ScoutSuite/output/data/html/conditionals/sqlite_format.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/about_scoutsuite.html b/ScoutSuite/output/data/html/partials/about_scoutsuite.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/accordion.html b/ScoutSuite/output/data/html/partials/accordion.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/accordion_policy.html b/ScoutSuite/output/data/html/partials/accordion_policy.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aliyun/left_menu_for_aliyun_region.html b/ScoutSuite/output/data/html/partials/aliyun/left_menu_for_aliyun_region.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aliyun/services.actiontrail.trails.html b/ScoutSuite/output/data/html/partials/aliyun/services.actiontrail.trails.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aliyun/services.ecs.regions.id.instances.html b/ScoutSuite/output/data/html/partials/aliyun/services.ecs.regions.id.instances.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aliyun/services.kms.regions.id.keys.html b/ScoutSuite/output/data/html/partials/aliyun/services.kms.regions.id.keys.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aliyun/services.oss.buckets.html b/ScoutSuite/output/data/html/partials/aliyun/services.oss.buckets.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aliyun/services.ram.groups.html b/ScoutSuite/output/data/html/partials/aliyun/services.ram.groups.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aliyun/services.ram.policies.html b/ScoutSuite/output/data/html/partials/aliyun/services.ram.policies.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aliyun/services.ram.roles.html b/ScoutSuite/output/data/html/partials/aliyun/services.ram.roles.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aliyun/services.ram.users.html b/ScoutSuite/output/data/html/partials/aliyun/services.ram.users.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aliyun/services.rds.regions.id.instances.html b/ScoutSuite/output/data/html/partials/aliyun/services.rds.regions.id.instances.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aliyun/services.vpc.regions.id.vpcs.html b/ScoutSuite/output/data/html/partials/aliyun/services.vpc.regions.id.vpcs.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/left_menu_for_region.html b/ScoutSuite/output/data/html/partials/aws/left_menu_for_region.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/left_menu_for_vpc.html b/ScoutSuite/output/data/html/partials/aws/left_menu_for_vpc.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.acm.regions.id.certificates.html b/ScoutSuite/output/data/html/partials/aws/services.acm.regions.id.certificates.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.awslambda.regions.id.functions.html b/ScoutSuite/output/data/html/partials/aws/services.awslambda.regions.id.functions.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.cloudformation.regions.id.stacks.html b/ScoutSuite/output/data/html/partials/aws/services.cloudformation.regions.id.stacks.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.cloudtrail.regions.html b/ScoutSuite/output/data/html/partials/aws/services.cloudtrail.regions.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.cloudtrail.regions.id.trails.html b/ScoutSuite/output/data/html/partials/aws/services.cloudtrail.regions.id.trails.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.cloudwatch.regions.id.alarms.html b/ScoutSuite/output/data/html/partials/aws/services.cloudwatch.regions.id.alarms.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.config.regions.html b/ScoutSuite/output/data/html/partials/aws/services.config.regions.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.config.regions.id.recorders.html b/ScoutSuite/output/data/html/partials/aws/services.config.regions.id.recorders.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.config.regions.id.rules.html b/ScoutSuite/output/data/html/partials/aws/services.config.regions.id.rules.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.snapshots.html b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.snapshots.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.volumes.html b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.volumes.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.images.html b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.images.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.instances.html b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.instances.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.security_groups.html b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.security_groups.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.vpcs.security_groups.resource_list.html b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.vpcs.security_groups.resource_list.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.vpcs.security_groups.rule_list.html b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.vpcs.security_groups.rule_list.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.elasticache.regions.id.parameter_groups.html b/ScoutSuite/output/data/html/partials/aws/services.elasticache.regions.id.parameter_groups.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.elasticache.regions.id.security_groups.html b/ScoutSuite/output/data/html/partials/aws/services.elasticache.regions.id.security_groups.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.elasticache.regions.id.subnet_groups.html b/ScoutSuite/output/data/html/partials/aws/services.elasticache.regions.id.subnet_groups.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.elasticache.regions.id.vpcs.id.clusters.html b/ScoutSuite/output/data/html/partials/aws/services.elasticache.regions.id.vpcs.id.clusters.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.elb_policies.html b/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.elb_policies.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.html b/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.linked_resources.html b/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.linked_resources.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.listener.html b/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.listener.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcsid.elbs.linked_policy.html b/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcsid.elbs.linked_policy.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.elbv2.regions.id.vpcs.id.lbs.html b/ScoutSuite/output/data/html/partials/aws/services.elbv2.regions.id.vpcs.id.lbs.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.emr.regions.id.vpcs.id.clusters.html b/ScoutSuite/output/data/html/partials/aws/services.emr.regions.id.vpcs.id.clusters.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html b/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.iam.groups.html b/ScoutSuite/output/data/html/partials/aws/services.iam.groups.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.iam.inline_policies.html b/ScoutSuite/output/data/html/partials/aws/services.iam.inline_policies.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.iam.managed_policies.html b/ScoutSuite/output/data/html/partials/aws/services.iam.managed_policies.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.iam.managed_policies_list.html b/ScoutSuite/output/data/html/partials/aws/services.iam.managed_policies_list.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.iam.roles.html b/ScoutSuite/output/data/html/partials/aws/services.iam.roles.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.iam.users.html b/ScoutSuite/output/data/html/partials/aws/services.iam.users.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.kms.regions.id.keys.html b/ScoutSuite/output/data/html/partials/aws/services.kms.regions.id.keys.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.parameter_groups.html b/ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.parameter_groups.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.security_groups.html b/ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.security_groups.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.instances.html b/ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.instances.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.snapshots.html b/ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.snapshots.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.subnet_groups.html b/ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.subnet_groups.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.parameter_groups.html b/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.parameter_groups.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.vpcs.id.clusters.html b/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.vpcs.id.clusters.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.vpcs.id.security_groups.html b/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.vpcs.id.security_groups.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.vpcs.cluster_nodes.html b/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.vpcs.cluster_nodes.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.route53.regions.id.domains.html b/ScoutSuite/output/data/html/partials/aws/services.route53.regions.id.domains.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.route53.regions.id.hosted_zones.html b/ScoutSuite/output/data/html/partials/aws/services.route53.regions.id.hosted_zones.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.s3.acls.html b/ScoutSuite/output/data/html/partials/aws/services.s3.acls.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.s3.bucket_iam_policies.html b/ScoutSuite/output/data/html/partials/aws/services.s3.bucket_iam_policies.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.s3.buckets.html b/ScoutSuite/output/data/html/partials/aws/services.s3.buckets.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.s3.buckets.objects.html b/ScoutSuite/output/data/html/partials/aws/services.s3.buckets.objects.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.secretsmanager.regions.id.secrets.html b/ScoutSuite/output/data/html/partials/aws/services.secretsmanager.regions.id.secrets.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.ses.regions.id.identities.html b/ScoutSuite/output/data/html/partials/aws/services.ses.regions.id.identities.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.sns.regions.id.topics.html b/ScoutSuite/output/data/html/partials/aws/services.sns.regions.id.topics.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.sqs.regions.id.queues.html b/ScoutSuite/output/data/html/partials/aws/services.sqs.regions.id.queues.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.stackdriverlogging.sinks.html b/ScoutSuite/output/data/html/partials/aws/services.stackdriverlogging.sinks.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.peering_connections.html b/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.peering_connections.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.html b/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.flow_logs.html b/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.flow_logs.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.network_acls.html b/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.network_acls.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.peering_connections.html b/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.peering_connections.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.subnets.html b/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.subnets.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/azure/details_for_subscription.html b/ScoutSuite/output/data/html/partials/azure/details_for_subscription.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/azure/left_menu_for_subscription.html b/ScoutSuite/output/data/html/partials/azure/left_menu_for_subscription.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/azure/services.aad.applications.html b/ScoutSuite/output/data/html/partials/azure/services.aad.applications.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/azure/services.aad.groups.html b/ScoutSuite/output/data/html/partials/azure/services.aad.groups.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/azure/services.aad.service_principals.html b/ScoutSuite/output/data/html/partials/azure/services.aad.service_principals.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/azure/services.aad.users.html b/ScoutSuite/output/data/html/partials/azure/services.aad.users.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html b/ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/azure/services.arm.subscriptions.id.roles.html b/ScoutSuite/output/data/html/partials/azure/services.arm.subscriptions.id.roles.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/azure/services.keyvault.subscriptions.id.vaults.html b/ScoutSuite/output/data/html/partials/azure/services.keyvault.subscriptions.id.vaults.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.application_security_groups.html b/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.application_security_groups.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.network_interfaces.html b/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.network_interfaces.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.security_groups.html b/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.security_groups.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.virtual_networks.html b/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.virtual_networks.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.virtual_networks.id.subnets.html b/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.virtual_networks.id.subnets.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.watchers.html b/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.watchers.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.auto_provisioning_settings.html b/ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.auto_provisioning_settings.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.pricings.html b/ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.pricings.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.security_contacts.html b/ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.security_contacts.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html b/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html b/ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.instances.html b/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.instances.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/count_badge.html b/ScoutSuite/output/data/html/partials/count_badge.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/dashboard.html b/ScoutSuite/output/data/html/partials/dashboard.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/details.html b/ScoutSuite/output/data/html/partials/details.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/details_for_region.html b/ScoutSuite/output/data/html/partials/details_for_region.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/details_for_vpc.html b/ScoutSuite/output/data/html/partials/details_for_vpc.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/ec2_grants.html b/ScoutSuite/output/data/html/partials/ec2_grants.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/filters.html b/ScoutSuite/output/data/html/partials/filters.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/gcp/details_for_gcp_region.html b/ScoutSuite/output/data/html/partials/gcp/details_for_gcp_region.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/gcp/details_for_gcp_zone.html b/ScoutSuite/output/data/html/partials/gcp/details_for_gcp_zone.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/gcp/details_for_project.html b/ScoutSuite/output/data/html/partials/gcp/details_for_project.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/gcp/left_menu_for_gcp_region.html b/ScoutSuite/output/data/html/partials/gcp/left_menu_for_gcp_region.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/gcp/left_menu_for_gcp_zone.html b/ScoutSuite/output/data/html/partials/gcp/left_menu_for_gcp_zone.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/gcp/left_menu_for_project.html b/ScoutSuite/output/data/html/partials/gcp/left_menu_for_project.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/gcp/services.cloudresourcemanager.projects.id.bindings.html b/ScoutSuite/output/data/html/partials/gcp/services.cloudresourcemanager.projects.id.bindings.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/gcp/services.cloudresourcemanager.projects.id.groups.html b/ScoutSuite/output/data/html/partials/gcp/services.cloudresourcemanager.projects.id.groups.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/gcp/services.cloudresourcemanager.projects.id.users.html b/ScoutSuite/output/data/html/partials/gcp/services.cloudresourcemanager.projects.id.users.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/gcp/services.cloudsql.projects.id.instances.html b/ScoutSuite/output/data/html/partials/gcp/services.cloudsql.projects.id.instances.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html b/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.firewalls.html b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.firewalls.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.networks.html b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.networks.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.regions.id.subnetworks.html b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.regions.id.subnetworks.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.snapshots.html b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.snapshots.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.zones.id.instances.html b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.zones.id.instances.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.service_accounts.html b/ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.service_accounts.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/gcp/services.kms.projects.id.keyrings.html b/ScoutSuite/output/data/html/partials/gcp/services.kms.projects.id.keyrings.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/gcp/services.stackdriverlogging.projects.id.sinks.html b/ScoutSuite/output/data/html/partials/gcp/services.stackdriverlogging.projects.id.sinks.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/generic_object.html b/ScoutSuite/output/data/html/partials/generic_object.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/ip_grants.html b/ScoutSuite/output/data/html/partials/ip_grants.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/last_run_details.html b/ScoutSuite/output/data/html/partials/last_run_details.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/left_menu.html b/ScoutSuite/output/data/html/partials/left_menu.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/metadata.html b/ScoutSuite/output/data/html/partials/metadata.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/modal.html b/ScoutSuite/output/data/html/partials/modal.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/network_interface.html b/ScoutSuite/output/data/html/partials/network_interface.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/oci/services.identity.groups.html b/ScoutSuite/output/data/html/partials/oci/services.identity.groups.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/oci/services.identity.policies.html b/ScoutSuite/output/data/html/partials/oci/services.identity.policies.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/oci/services.identity.users.html b/ScoutSuite/output/data/html/partials/oci/services.identity.users.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/oci/services.kms.keyvaults.html b/ScoutSuite/output/data/html/partials/oci/services.kms.keyvaults.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/oci/services.objectstorage.buckets.html b/ScoutSuite/output/data/html/partials/oci/services.objectstorage.buckets.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/policy.html b/ScoutSuite/output/data/html/partials/policy.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/resource_link.html b/ScoutSuite/output/data/html/partials/resource_link.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/resources_details.html b/ScoutSuite/output/data/html/partials/resources_details.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/partials/singles.html b/ScoutSuite/output/data/html/partials/singles.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/report.html b/ScoutSuite/output/data/html/report.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/summaries/aliyun/services.ram.password_policy.html b/ScoutSuite/output/data/html/summaries/aliyun/services.ram.password_policy.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/summaries/aliyun/services.ram.security_policy.html b/ScoutSuite/output/data/html/summaries/aliyun/services.ram.security_policy.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/summaries/attack_surface.html b/ScoutSuite/output/data/html/summaries/attack_surface.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/summaries/aws/services.ec2.external_attack_surface.html b/ScoutSuite/output/data/html/summaries/aws/services.ec2.external_attack_surface.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/summaries/aws/services.elb.external_attack_surface.html b/ScoutSuite/output/data/html/summaries/aws/services.elb.external_attack_surface.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/summaries/aws/services.elbv2.external_attack_surface.html b/ScoutSuite/output/data/html/summaries/aws/services.elbv2.external_attack_surface.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/summaries/aws/services.iam.password_policy.html b/ScoutSuite/output/data/html/summaries/aws/services.iam.password_policy.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/summaries/aws/services.iam.permissions.html b/ScoutSuite/output/data/html/summaries/aws/services.iam.permissions.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/summaries/aws/services.rds.external_attack_surface.html b/ScoutSuite/output/data/html/summaries/aws/services.rds.external_attack_surface.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/summaries/aws/services.redshift.external_attack_surface.html b/ScoutSuite/output/data/html/summaries/aws/services.redshift.external_attack_surface.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/summaries/azure/.keep b/ScoutSuite/output/data/html/summaries/azure/.keep
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/summaries/gcp/.keep b/ScoutSuite/output/data/html/summaries/gcp/.keep
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/summaries/oci/services.identity.password_policy.html b/ScoutSuite/output/data/html/summaries/oci/services.identity.password_policy.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/summaries/service_groups.compute.summaries.external_attack_surface.html b/ScoutSuite/output/data/html/summaries/service_groups.compute.summaries.external_attack_surface.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/html/summaries/service_groups.database.summaries.external_attack_surface.html b/ScoutSuite/output/data/html/summaries/service_groups.database.summaries.external_attack_surface.html
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/inc-scoutsuite/css/modal.css b/ScoutSuite/output/data/inc-scoutsuite/css/modal.css
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/inc-scoutsuite/css/scoutsuite-dark.css b/ScoutSuite/output/data/inc-scoutsuite/css/scoutsuite-dark.css
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/inc-scoutsuite/css/scoutsuite-light.css b/ScoutSuite/output/data/inc-scoutsuite/css/scoutsuite-light.css
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/inc-scoutsuite/css/scoutsuite.css b/ScoutSuite/output/data/inc-scoutsuite/css/scoutsuite.css
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/inc-scoutsuite/favicon.ico b/ScoutSuite/output/data/inc-scoutsuite/favicon.ico
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/inc-scoutsuite/helpers.js b/ScoutSuite/output/data/inc-scoutsuite/helpers.js
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/inc-scoutsuite/pagination.js b/ScoutSuite/output/data/inc-scoutsuite/pagination.js
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/inc-scoutsuite/provider.js b/ScoutSuite/output/data/inc-scoutsuite/provider.js
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/inc-scoutsuite/sqlite.js b/ScoutSuite/output/data/inc-scoutsuite/sqlite.js
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/inc-scoutsuite/theme.js b/ScoutSuite/output/data/inc-scoutsuite/theme.js
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/includes.zip b/ScoutSuite/output/data/includes.zip
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/data/listall-configs/ec2.regions.id.vpcs.id.security_groups.id.json b/ScoutSuite/output/data/listall-configs/ec2.regions.id.vpcs.id.security_groups.id.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/html.py b/ScoutSuite/output/html.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/result_encoder.py b/ScoutSuite/output/result_encoder.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/output/utils.py b/ScoutSuite/output/utils.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/__init__.py b/ScoutSuite/providers/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/__init__.py b/ScoutSuite/providers/aliyun/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/authentication_strategy.py b/ScoutSuite/providers/aliyun/authentication_strategy.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/facade/__init__.py b/ScoutSuite/providers/aliyun/facade/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/facade/actiontrail.py b/ScoutSuite/providers/aliyun/facade/actiontrail.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/facade/base.py b/ScoutSuite/providers/aliyun/facade/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/facade/ecs.py b/ScoutSuite/providers/aliyun/facade/ecs.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/facade/kms.py b/ScoutSuite/providers/aliyun/facade/kms.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/facade/oss.py b/ScoutSuite/providers/aliyun/facade/oss.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/facade/ram.py b/ScoutSuite/providers/aliyun/facade/ram.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/facade/rds.py b/ScoutSuite/providers/aliyun/facade/rds.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/facade/utils.py b/ScoutSuite/providers/aliyun/facade/utils.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/facade/vpc.py b/ScoutSuite/providers/aliyun/facade/vpc.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/metadata.json b/ScoutSuite/providers/aliyun/metadata.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/provider.py b/ScoutSuite/providers/aliyun/provider.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/__init__.py b/ScoutSuite/providers/aliyun/resources/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/actiontrail/__init__.py b/ScoutSuite/providers/aliyun/resources/actiontrail/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/actiontrail/base.py b/ScoutSuite/providers/aliyun/resources/actiontrail/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/actiontrail/trails.py b/ScoutSuite/providers/aliyun/resources/actiontrail/trails.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/base.py b/ScoutSuite/providers/aliyun/resources/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/ecs/__init__.py b/ScoutSuite/providers/aliyun/resources/ecs/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/ecs/base.py b/ScoutSuite/providers/aliyun/resources/ecs/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/ecs/instances.py b/ScoutSuite/providers/aliyun/resources/ecs/instances.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/kms/__init__.py b/ScoutSuite/providers/aliyun/resources/kms/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/kms/base.py b/ScoutSuite/providers/aliyun/resources/kms/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/kms/keys.py b/ScoutSuite/providers/aliyun/resources/kms/keys.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/oss/__init__.py b/ScoutSuite/providers/aliyun/resources/oss/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/oss/base.py b/ScoutSuite/providers/aliyun/resources/oss/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/oss/buckets.py b/ScoutSuite/providers/aliyun/resources/oss/buckets.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/ram/__init__.py b/ScoutSuite/providers/aliyun/resources/ram/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/ram/api_keys.py b/ScoutSuite/providers/aliyun/resources/ram/api_keys.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/ram/base.py b/ScoutSuite/providers/aliyun/resources/ram/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/ram/groups.py b/ScoutSuite/providers/aliyun/resources/ram/groups.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/ram/password_policy.py b/ScoutSuite/providers/aliyun/resources/ram/password_policy.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/ram/policies.py b/ScoutSuite/providers/aliyun/resources/ram/policies.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/ram/roles.py b/ScoutSuite/providers/aliyun/resources/ram/roles.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/ram/security_policy.py b/ScoutSuite/providers/aliyun/resources/ram/security_policy.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/ram/users.py b/ScoutSuite/providers/aliyun/resources/ram/users.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/rds/__init__.py b/ScoutSuite/providers/aliyun/resources/rds/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/rds/base.py b/ScoutSuite/providers/aliyun/resources/rds/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/rds/instances.py b/ScoutSuite/providers/aliyun/resources/rds/instances.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/regions.py b/ScoutSuite/providers/aliyun/resources/regions.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/vpc/__init__.py b/ScoutSuite/providers/aliyun/resources/vpc/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/vpc/base.py b/ScoutSuite/providers/aliyun/resources/vpc/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/resources/vpc/vpcs.py b/ScoutSuite/providers/aliyun/resources/vpc/vpcs.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/rules/findings/actiontrail-not-configured.json b/ScoutSuite/providers/aliyun/rules/findings/actiontrail-not-configured.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/rules/findings/actiontrail-not-enabled.json b/ScoutSuite/providers/aliyun/rules/findings/actiontrail-not-enabled.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/rules/findings/ecs-instance-with-deletion-protection-disabled.json b/ScoutSuite/providers/aliyun/rules/findings/ecs-instance-with-deletion-protection-disabled.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/rules/findings/ecs-instance-with-public-ip.json b/ScoutSuite/providers/aliyun/rules/findings/ecs-instance-with-public-ip.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/rules/findings/kms-no-key-rotation.json b/ScoutSuite/providers/aliyun/rules/findings/kms-no-key-rotation.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-expiration-threshold.json b/ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-expiration-threshold.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-minimum-length.json b/ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-minimum-length.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-no-expiration.json b/ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-no-expiration.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-no-lowercase-required.json b/ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-no-lowercase-required.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-no-number-required.json b/ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-no-number-required.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-no-symbol-required.json b/ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-no-symbol-required.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-no-uppercase-required.json b/ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-no-uppercase-required.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-reuse-enabled.json b/ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-reuse-enabled.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/rules/findings/ram-user-lacking-mfa.json b/ScoutSuite/providers/aliyun/rules/findings/ram-user-lacking-mfa.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/rules/findings/ram-user-unused-api-key.json b/ScoutSuite/providers/aliyun/rules/findings/ram-user-unused-api-key.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/rules/findings/ram-user-unused-console-password.json b/ScoutSuite/providers/aliyun/rules/findings/ram-user-unused-console-password.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/rules/findings/ram-user-with-multiple-api-keys.json b/ScoutSuite/providers/aliyun/rules/findings/ram-user-with-multiple-api-keys.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/rules/findings/ram-user-with-old-api-key.json b/ScoutSuite/providers/aliyun/rules/findings/ram-user-with-old-api-key.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/rules/rulesets/default.json b/ScoutSuite/providers/aliyun/rules/rulesets/default.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/rules/rulesets/filters.json b/ScoutSuite/providers/aliyun/rules/rulesets/filters.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/services.py b/ScoutSuite/providers/aliyun/services.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aliyun/utils.py b/ScoutSuite/providers/aliyun/utils.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/__init__.py b/ScoutSuite/providers/aws/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/authentication_strategy.py b/ScoutSuite/providers/aws/authentication_strategy.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/__init__.py b/ScoutSuite/providers/aws/facade/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/acm.py b/ScoutSuite/providers/aws/facade/acm.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/awslambda.py b/ScoutSuite/providers/aws/facade/awslambda.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/base.py b/ScoutSuite/providers/aws/facade/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/basefacade.py b/ScoutSuite/providers/aws/facade/basefacade.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/cloudformation.py b/ScoutSuite/providers/aws/facade/cloudformation.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/cloudtrail.py b/ScoutSuite/providers/aws/facade/cloudtrail.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/cloudwatch.py b/ScoutSuite/providers/aws/facade/cloudwatch.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/config.py b/ScoutSuite/providers/aws/facade/config.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/directconnect.py b/ScoutSuite/providers/aws/facade/directconnect.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/ec2.py b/ScoutSuite/providers/aws/facade/ec2.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/efs.py b/ScoutSuite/providers/aws/facade/efs.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/elasticache.py b/ScoutSuite/providers/aws/facade/elasticache.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/elb.py b/ScoutSuite/providers/aws/facade/elb.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/elbv2.py b/ScoutSuite/providers/aws/facade/elbv2.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/emr.py b/ScoutSuite/providers/aws/facade/emr.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/iam.py b/ScoutSuite/providers/aws/facade/iam.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/kms.py b/ScoutSuite/providers/aws/facade/kms.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/rds.py b/ScoutSuite/providers/aws/facade/rds.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/redshift.py b/ScoutSuite/providers/aws/facade/redshift.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/route53.py b/ScoutSuite/providers/aws/facade/route53.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/s3.py b/ScoutSuite/providers/aws/facade/s3.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/secretsmanager.py b/ScoutSuite/providers/aws/facade/secretsmanager.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/ses.py b/ScoutSuite/providers/aws/facade/ses.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/sns.py b/ScoutSuite/providers/aws/facade/sns.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/sqs.py b/ScoutSuite/providers/aws/facade/sqs.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/facade/utils.py b/ScoutSuite/providers/aws/facade/utils.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/metadata.json b/ScoutSuite/providers/aws/metadata.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/__init__.py b/ScoutSuite/providers/aws/resources/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/acm/__init__.py b/ScoutSuite/providers/aws/resources/acm/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/acm/base.py b/ScoutSuite/providers/aws/resources/acm/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/acm/certificates.py b/ScoutSuite/providers/aws/resources/acm/certificates.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/awslambda/__init__.py b/ScoutSuite/providers/aws/resources/awslambda/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/awslambda/base.py b/ScoutSuite/providers/aws/resources/awslambda/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/awslambda/functions.py b/ScoutSuite/providers/aws/resources/awslambda/functions.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/base.py b/ScoutSuite/providers/aws/resources/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/cloudformation/__init__.py b/ScoutSuite/providers/aws/resources/cloudformation/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/cloudformation/base.py b/ScoutSuite/providers/aws/resources/cloudformation/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/cloudformation/stacks.py b/ScoutSuite/providers/aws/resources/cloudformation/stacks.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/cloudtrail/__init__.py b/ScoutSuite/providers/aws/resources/cloudtrail/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/cloudtrail/base.py b/ScoutSuite/providers/aws/resources/cloudtrail/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/cloudtrail/trails.py b/ScoutSuite/providers/aws/resources/cloudtrail/trails.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/cloudwatch/__init__.py b/ScoutSuite/providers/aws/resources/cloudwatch/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/cloudwatch/alarms.py b/ScoutSuite/providers/aws/resources/cloudwatch/alarms.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/cloudwatch/base.py b/ScoutSuite/providers/aws/resources/cloudwatch/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/config/__init__.py b/ScoutSuite/providers/aws/resources/config/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/config/base.py b/ScoutSuite/providers/aws/resources/config/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/config/recorders.py b/ScoutSuite/providers/aws/resources/config/recorders.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/config/rules.py b/ScoutSuite/providers/aws/resources/config/rules.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/directconnect/__init__.py b/ScoutSuite/providers/aws/resources/directconnect/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/directconnect/base.py b/ScoutSuite/providers/aws/resources/directconnect/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/directconnect/connections.py b/ScoutSuite/providers/aws/resources/directconnect/connections.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/ec2/__init__.py b/ScoutSuite/providers/aws/resources/ec2/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/ec2/ami.py b/ScoutSuite/providers/aws/resources/ec2/ami.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/ec2/base.py b/ScoutSuite/providers/aws/resources/ec2/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/ec2/instances.py b/ScoutSuite/providers/aws/resources/ec2/instances.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py b/ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/ec2/securitygroups.py b/ScoutSuite/providers/aws/resources/ec2/securitygroups.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/ec2/snapshots.py b/ScoutSuite/providers/aws/resources/ec2/snapshots.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/ec2/volumes.py b/ScoutSuite/providers/aws/resources/ec2/volumes.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/ec2/vpcs.py b/ScoutSuite/providers/aws/resources/ec2/vpcs.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/efs/__init__.py b/ScoutSuite/providers/aws/resources/efs/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/efs/base.py b/ScoutSuite/providers/aws/resources/efs/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/efs/filesystems.py b/ScoutSuite/providers/aws/resources/efs/filesystems.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/elasticache/__init__.py b/ScoutSuite/providers/aws/resources/elasticache/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/elasticache/base.py b/ScoutSuite/providers/aws/resources/elasticache/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/elasticache/cluster.py b/ScoutSuite/providers/aws/resources/elasticache/cluster.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/elasticache/parametergroups.py b/ScoutSuite/providers/aws/resources/elasticache/parametergroups.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/elasticache/securitygroups.py b/ScoutSuite/providers/aws/resources/elasticache/securitygroups.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/elasticache/subnetgroups.py b/ScoutSuite/providers/aws/resources/elasticache/subnetgroups.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/elasticache/vpcs.py b/ScoutSuite/providers/aws/resources/elasticache/vpcs.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/elb/__init__.py b/ScoutSuite/providers/aws/resources/elb/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/elb/base.py b/ScoutSuite/providers/aws/resources/elb/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/elb/load_balancers.py b/ScoutSuite/providers/aws/resources/elb/load_balancers.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/elb/policies.py b/ScoutSuite/providers/aws/resources/elb/policies.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/elb/vpcs.py b/ScoutSuite/providers/aws/resources/elb/vpcs.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/elbv2/__init__.py b/ScoutSuite/providers/aws/resources/elbv2/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/elbv2/base.py b/ScoutSuite/providers/aws/resources/elbv2/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/elbv2/listeners.py b/ScoutSuite/providers/aws/resources/elbv2/listeners.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/elbv2/load_balancers.py b/ScoutSuite/providers/aws/resources/elbv2/load_balancers.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/elbv2/vpcs.py b/ScoutSuite/providers/aws/resources/elbv2/vpcs.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/emr/__init__.py b/ScoutSuite/providers/aws/resources/emr/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/emr/base.py b/ScoutSuite/providers/aws/resources/emr/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/emr/clusters.py b/ScoutSuite/providers/aws/resources/emr/clusters.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/emr/vpcs.py b/ScoutSuite/providers/aws/resources/emr/vpcs.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/iam/__init__.py b/ScoutSuite/providers/aws/resources/iam/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/iam/base.py b/ScoutSuite/providers/aws/resources/iam/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/iam/credentialreports.py b/ScoutSuite/providers/aws/resources/iam/credentialreports.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/iam/groups.py b/ScoutSuite/providers/aws/resources/iam/groups.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/iam/passwordpolicy.py b/ScoutSuite/providers/aws/resources/iam/passwordpolicy.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/iam/policies.py b/ScoutSuite/providers/aws/resources/iam/policies.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/iam/roles.py b/ScoutSuite/providers/aws/resources/iam/roles.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/iam/users.py b/ScoutSuite/providers/aws/resources/iam/users.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/kms/__init__.py b/ScoutSuite/providers/aws/resources/kms/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/kms/aliases.py b/ScoutSuite/providers/aws/resources/kms/aliases.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/kms/base.py b/ScoutSuite/providers/aws/resources/kms/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/kms/grants.py b/ScoutSuite/providers/aws/resources/kms/grants.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/kms/keys.py b/ScoutSuite/providers/aws/resources/kms/keys.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/rds/__init__.py b/ScoutSuite/providers/aws/resources/rds/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/rds/base.py b/ScoutSuite/providers/aws/resources/rds/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/rds/instances.py b/ScoutSuite/providers/aws/resources/rds/instances.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/rds/parametergroups.py b/ScoutSuite/providers/aws/resources/rds/parametergroups.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/rds/securitygroups.py b/ScoutSuite/providers/aws/resources/rds/securitygroups.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/rds/snapshots.py b/ScoutSuite/providers/aws/resources/rds/snapshots.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/rds/subnetgroups.py b/ScoutSuite/providers/aws/resources/rds/subnetgroups.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/rds/vpcs.py b/ScoutSuite/providers/aws/resources/rds/vpcs.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/redshift/__init__.py b/ScoutSuite/providers/aws/resources/redshift/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/redshift/base.py b/ScoutSuite/providers/aws/resources/redshift/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py b/ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/redshift/cluster_parameters.py b/ScoutSuite/providers/aws/resources/redshift/cluster_parameters.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/redshift/cluster_security_groups.py b/ScoutSuite/providers/aws/resources/redshift/cluster_security_groups.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/redshift/clusters.py b/ScoutSuite/providers/aws/resources/redshift/clusters.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/redshift/vpcs.py b/ScoutSuite/providers/aws/resources/redshift/vpcs.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/regions.py b/ScoutSuite/providers/aws/resources/regions.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/route53/__init__.py b/ScoutSuite/providers/aws/resources/route53/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/route53/base.py b/ScoutSuite/providers/aws/resources/route53/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/route53/domains.py b/ScoutSuite/providers/aws/resources/route53/domains.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/route53/hosted_zones.py b/ScoutSuite/providers/aws/resources/route53/hosted_zones.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/s3/__init__.py b/ScoutSuite/providers/aws/resources/s3/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/s3/base.py b/ScoutSuite/providers/aws/resources/s3/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/s3/buckets.py b/ScoutSuite/providers/aws/resources/s3/buckets.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/secretsmanager/__init__.py b/ScoutSuite/providers/aws/resources/secretsmanager/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/secretsmanager/base.py b/ScoutSuite/providers/aws/resources/secretsmanager/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/secretsmanager/secrets.py b/ScoutSuite/providers/aws/resources/secretsmanager/secrets.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/ses/__init__.py b/ScoutSuite/providers/aws/resources/ses/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/ses/base.py b/ScoutSuite/providers/aws/resources/ses/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/ses/identities.py b/ScoutSuite/providers/aws/resources/ses/identities.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/ses/identity_policies.py b/ScoutSuite/providers/aws/resources/ses/identity_policies.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/sns/__init__.py b/ScoutSuite/providers/aws/resources/sns/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/sns/base.py b/ScoutSuite/providers/aws/resources/sns/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/sns/subscriptions.py b/ScoutSuite/providers/aws/resources/sns/subscriptions.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/sns/topics.py b/ScoutSuite/providers/aws/resources/sns/topics.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/sqs/__init__.py b/ScoutSuite/providers/aws/resources/sqs/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/sqs/base.py b/ScoutSuite/providers/aws/resources/sqs/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/sqs/queues.py b/ScoutSuite/providers/aws/resources/sqs/queues.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/vpc/__init__.py b/ScoutSuite/providers/aws/resources/vpc/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/vpc/base.py b/ScoutSuite/providers/aws/resources/vpc/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/vpc/flow_logs.py b/ScoutSuite/providers/aws/resources/vpc/flow_logs.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/vpc/network_acls.py b/ScoutSuite/providers/aws/resources/vpc/network_acls.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/vpc/peering_connections.py b/ScoutSuite/providers/aws/resources/vpc/peering_connections.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/vpc/subnets.py b/ScoutSuite/providers/aws/resources/vpc/subnets.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/vpc/vpcs.py b/ScoutSuite/providers/aws/resources/vpc/vpcs.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/resources/vpcs.py b/ScoutSuite/providers/aws/resources/vpcs.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/conditions/cidr-is-all.json b/ScoutSuite/providers/aws/rules/conditions/cidr-is-all.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/conditions/ec2-security-group-in-use.json b/ScoutSuite/providers/aws/rules/conditions/ec2-security-group-in-use.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/conditions/ec2-security-group-not-used.json b/ScoutSuite/providers/aws/rules/conditions/ec2-security-group-not-used.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/conditions/instance-with-open-nacls.json b/ScoutSuite/providers/aws/rules/conditions/instance-with-open-nacls.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/conditions/instance-with-public-ip.json b/ScoutSuite/providers/aws/rules/conditions/instance-with-public-ip.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/conditions/ip-not-in-private-space.json b/ScoutSuite/providers/aws/rules/conditions/ip-not-in-private-space.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/conditions/policy-statement-any-principal.json b/ScoutSuite/providers/aws/rules/conditions/policy-statement-any-principal.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json b/ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/conditions/security-group-opens-all-ports.json b/ScoutSuite/providers/aws/rules/conditions/security-group-opens-all-ports.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/filters/ec2-instance-with-open-nacls.json b/ScoutSuite/providers/aws/rules/filters/ec2-instance-with-open-nacls.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/filters/ec2-security-group-with-public-cidr-grant.json b/ScoutSuite/providers/aws/rules/filters/ec2-security-group-with-public-cidr-grant.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/filters/iam-role-for-aws-account.json b/ScoutSuite/providers/aws/rules/filters/iam-role-for-aws-account.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/filters/iam-role-for-service.json b/ScoutSuite/providers/aws/rules/filters/iam-role-for-service.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/acm-certificate-with-close-expiration-date.json b/ScoutSuite/providers/aws/rules/findings/acm-certificate-with-close-expiration-date.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/acm-certificate-with-transparency-logging-disabled.json b/ScoutSuite/providers/aws/rules/findings/acm-certificate-with-transparency-logging-disabled.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/cloudformation-stack-with-role.json b/ScoutSuite/providers/aws/rules/findings/cloudformation-stack-with-role.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-duplicated-global-services-logging.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-duplicated-global-services-logging.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-data-logging.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-data-logging.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-global-services-logging.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-global-services-logging.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-log-file-validation.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-log-file-validation.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-logging.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-logging.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-not-configured.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-not-configured.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/cloudwatch-alarm-without-actions.json b/ScoutSuite/providers/aws/rules/findings/cloudwatch-alarm-without-actions.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/config-recorder-not-configured.json b/ScoutSuite/providers/aws/rules/findings/config-recorder-not-configured.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-ami-public.json b/ScoutSuite/providers/aws/rules/findings/ec2-ami-public.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-in-use.json b/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-in-use.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-with-rules.json b/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-with-rules.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-not-encrypted.json b/ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-not-encrypted.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-public.json b/ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-public.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-ebs-volume-not-encrypted.json b/ScoutSuite/providers/aws/rules/findings/ec2-ebs-volume-not-encrypted.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-instance-in-security-group.json b/ScoutSuite/providers/aws/rules/findings/ec2-instance-in-security-group.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-instance-type.json b/ScoutSuite/providers/aws/rules/findings/ec2-instance-type.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-instance-types.json b/ScoutSuite/providers/aws/rules/findings/ec2-instance-types.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-instance-with-public-ip.json b/ScoutSuite/providers/aws/rules/findings/ec2-instance-with-public-ip.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-instance-with-user-data-secrets.json b/ScoutSuite/providers/aws/rules/findings/ec2-instance-with-user-data-secrets.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-all-ports-to-all.json b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-all-ports-to-all.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-all-ports-to-self.json b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-all-ports-to-self.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-all-ports.json b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-all-ports.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-icmp-to-all.json b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-icmp-to-all.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-known-port-to-all.json b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-known-port-to-all.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-plaintext-port.json b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-plaintext-port.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-range.json b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-range.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-to-all.json b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-to-all.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-aws-ip-from-banned-region.json b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-aws-ip-from-banned-region.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-aws.json b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-aws.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-non-elastic-ips.json b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-non-elastic-ips.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-unknown-aws.json b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-unknown-aws.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-unknown-cidrs.json b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-unknown-cidrs.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-unused-security-group.json b/ScoutSuite/providers/aws/rules/findings/ec2-unused-security-group.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/elb-no-access-logs.json b/ScoutSuite/providers/aws/rules/findings/elb-no-access-logs.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/elbv2-no-access-logs.json b/ScoutSuite/providers/aws/rules/findings/elbv2-no-access-logs.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/elbv2-no-deletion-protection.json b/ScoutSuite/providers/aws/rules/findings/elbv2-no-deletion-protection.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/elbv2-older-ssl-policy.json b/ScoutSuite/providers/aws/rules/findings/elbv2-older-ssl-policy.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-assume-role-lacks-external-id-and-mfa.json b/ScoutSuite/providers/aws/rules/findings/iam-assume-role-lacks-external-id-and-mfa.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-assume-role-no-mfa.json b/ScoutSuite/providers/aws/rules/findings/iam-assume-role-no-mfa.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-assume-role-policy-allows-all.json b/ScoutSuite/providers/aws/rules/findings/iam-assume-role-policy-allows-all.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-ec2-role-without-instances.json b/ScoutSuite/providers/aws/rules/findings/iam-ec2-role-without-instances.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-group-with-inline-policies.json b/ScoutSuite/providers/aws/rules/findings/iam-group-with-inline-policies.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-group-with-no-users.json b/ScoutSuite/providers/aws/rules/findings/iam-group-with-no-users.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-human-user-with-policies.json b/ScoutSuite/providers/aws/rules/findings/iam-human-user-with-policies.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-NotActions.json b/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-NotActions.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-non-sts-action.json b/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-non-sts-action.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-for-role.json b/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-for-role.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-NotActions.json b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-NotActions.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-non-sts-action.json b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-non-sts-action.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-for-role.json b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-for-role.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-no-attachments.json b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-no-attachments.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-expiration-threshold.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-expiration-threshold.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-lowercase-required.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-lowercase-required.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-minimum-length.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-minimum-length.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-expiration.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-expiration.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-lowercase-required.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-lowercase-required.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-number-required.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-number-required.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-symbol-required.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-symbol-required.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-uppercase-required.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-uppercase-required.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-reuse-enabled.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-reuse-enabled.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-role-with-inline-policies.json b/ScoutSuite/providers/aws/rules/findings/iam-role-with-inline-policies.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-used-recently.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-used-recently.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-certs.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-certs.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-service-user-with-password.json b/ScoutSuite/providers/aws/rules/findings/iam-service-user-with-password.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-user-no-key-rotation.json b/ScoutSuite/providers/aws/rules/findings/iam-user-no-key-rotation.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-user-not-in-category-group.json b/ScoutSuite/providers/aws/rules/findings/iam-user-not-in-category-group.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-user-not-in-common-group.json b/ScoutSuite/providers/aws/rules/findings/iam-user-not-in-common-group.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-user-with-multiple-access-keys.json b/ScoutSuite/providers/aws/rules/findings/iam-user-with-multiple-access-keys.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-user-with-password-and-key.json b/ScoutSuite/providers/aws/rules/findings/iam-user-with-password-and-key.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-user-with-policies.json b/ScoutSuite/providers/aws/rules/findings/iam-user-with-policies.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-user-without-mfa.json b/ScoutSuite/providers/aws/rules/findings/iam-user-without-mfa.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/rds-instance-backup-disabled.json b/ScoutSuite/providers/aws/rules/findings/rds-instance-backup-disabled.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/rds-instance-ca-certificate-deprecated.json b/ScoutSuite/providers/aws/rules/findings/rds-instance-ca-certificate-deprecated.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/rds-instance-no-minor-upgrade.json b/ScoutSuite/providers/aws/rules/findings/rds-instance-no-minor-upgrade.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/rds-instance-short-backup-retention-period.json b/ScoutSuite/providers/aws/rules/findings/rds-instance-short-backup-retention-period.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/rds-instance-single-az.json b/ScoutSuite/providers/aws/rules/findings/rds-instance-single-az.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/rds-instance-storage-not-encrypted.json b/ScoutSuite/providers/aws/rules/findings/rds-instance-storage-not-encrypted.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/rds-postgres-instance-with-invalid-certificate.json b/ScoutSuite/providers/aws/rules/findings/rds-postgres-instance-with-invalid-certificate.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/rds-security-group-allows-all.json b/ScoutSuite/providers/aws/rules/findings/rds-security-group-allows-all.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/rds-snapshot-public.json b/ScoutSuite/providers/aws/rules/findings/rds-snapshot-public.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/redshift-cluster-database-not-encrypted.json b/ScoutSuite/providers/aws/rules/findings/redshift-cluster-database-not-encrypted.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/redshift-cluster-no-version-upgrade.json b/ScoutSuite/providers/aws/rules/findings/redshift-cluster-no-version-upgrade.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/redshift-cluster-publicly-accessible.json b/ScoutSuite/providers/aws/rules/findings/redshift-cluster-publicly-accessible.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/redshift-parameter-group-logging-disabled.json b/ScoutSuite/providers/aws/rules/findings/redshift-parameter-group-logging-disabled.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/redshift-parameter-group-ssl-not-required.json b/ScoutSuite/providers/aws/rules/findings/redshift-parameter-group-ssl-not-required.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/redshift-security-group-whitelists-all.json b/ScoutSuite/providers/aws/rules/findings/redshift-security-group-whitelists-all.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/route53-domain-no-autorenew.json b/ScoutSuite/providers/aws/rules/findings/route53-domain-no-autorenew.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/route53-domain-no-transferlock.json b/ScoutSuite/providers/aws/rules/findings/route53-domain-no-transferlock.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/route53-domain-transferlock-not-authorized.json b/ScoutSuite/providers/aws/rules/findings/route53-domain-transferlock-not-authorized.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/s3-bucket-allowing-cleartext.json b/ScoutSuite/providers/aws/rules/findings/s3-bucket-allowing-cleartext.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-default-encryption.json b/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-default-encryption.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-logging.json b/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-logging.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-mfa-delete.json b/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-mfa-delete.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-versioning.json b/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-versioning.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/s3-bucket-website-enabled.json b/ScoutSuite/providers/aws/rules/findings/s3-bucket-website-enabled.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-acl.json b/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-acl.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-arg.json b/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-arg.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-star.json b/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-star.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ses-identity-dkim-not-enabled.json b/ScoutSuite/providers/aws/rules/findings/ses-identity-dkim-not-enabled.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ses-identity-dkim-not-verified.json b/ScoutSuite/providers/aws/rules/findings/ses-identity-dkim-not-verified.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/ses-identity-world-policy.json b/ScoutSuite/providers/aws/rules/findings/ses-identity-world-policy.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json b/ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/sqs-queue-world-policy.json b/ScoutSuite/providers/aws/rules/findings/sqs-queue-world-policy.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/vpc-custom-network-acls-allow-all.json b/ScoutSuite/providers/aws/rules/findings/vpc-custom-network-acls-allow-all.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/vpc-default-network-acls-allow-all.json b/ScoutSuite/providers/aws/rules/findings/vpc-default-network-acls-allow-all.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/vpc-network-acl-not-used.json b/ScoutSuite/providers/aws/rules/findings/vpc-network-acl-not-used.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/vpc-subnet-with-bad-acls.json b/ScoutSuite/providers/aws/rules/findings/vpc-subnet-with-bad-acls.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/vpc-subnet-with-default-acls.json b/ScoutSuite/providers/aws/rules/findings/vpc-subnet-with-default-acls.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/findings/vpc-subnet-without-flow-log.json b/ScoutSuite/providers/aws/rules/findings/vpc-subnet-without-flow-log.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/rulesets/cis-1.0.0.json b/ScoutSuite/providers/aws/rules/rulesets/cis-1.0.0.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/rulesets/default.json b/ScoutSuite/providers/aws/rules/rulesets/default.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/rulesets/detailed.json b/ScoutSuite/providers/aws/rules/rulesets/detailed.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/rules/rulesets/filters.json b/ScoutSuite/providers/aws/rules/rulesets/filters.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/services.py b/ScoutSuite/providers/aws/services.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/aws/utils.py b/ScoutSuite/providers/aws/utils.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/__init__.py b/ScoutSuite/providers/azure/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/facade/__init__.py b/ScoutSuite/providers/azure/facade/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/facade/aad.py b/ScoutSuite/providers/azure/facade/aad.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/facade/appservice.py b/ScoutSuite/providers/azure/facade/appservice.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/facade/arm.py b/ScoutSuite/providers/azure/facade/arm.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/facade/base.py b/ScoutSuite/providers/azure/facade/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/facade/keyvault.py b/ScoutSuite/providers/azure/facade/keyvault.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/facade/network.py b/ScoutSuite/providers/azure/facade/network.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/facade/securitycenter.py b/ScoutSuite/providers/azure/facade/securitycenter.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/facade/sqldatabase.py b/ScoutSuite/providers/azure/facade/sqldatabase.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/facade/storageaccounts.py b/ScoutSuite/providers/azure/facade/storageaccounts.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/facade/virtualmachines.py b/ScoutSuite/providers/azure/facade/virtualmachines.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/metadata.json b/ScoutSuite/providers/azure/metadata.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/provider.py b/ScoutSuite/providers/azure/provider.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/__init__.py b/ScoutSuite/providers/azure/resources/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/aad/__init__.py b/ScoutSuite/providers/azure/resources/aad/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/aad/applications.py b/ScoutSuite/providers/azure/resources/aad/applications.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/aad/base.py b/ScoutSuite/providers/azure/resources/aad/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/aad/groups.py b/ScoutSuite/providers/azure/resources/aad/groups.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/aad/serviceprincipals.py b/ScoutSuite/providers/azure/resources/aad/serviceprincipals.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/aad/users.py b/ScoutSuite/providers/azure/resources/aad/users.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/appservice/base.py b/ScoutSuite/providers/azure/resources/appservice/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/appservice/web_apps.py b/ScoutSuite/providers/azure/resources/appservice/web_apps.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/arm/__init__.py b/ScoutSuite/providers/azure/resources/arm/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/arm/base.py b/ScoutSuite/providers/azure/resources/arm/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/arm/role_assignments.py b/ScoutSuite/providers/azure/resources/arm/role_assignments.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/arm/roles.py b/ScoutSuite/providers/azure/resources/arm/roles.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/base.py b/ScoutSuite/providers/azure/resources/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/keyvault/__init__.py b/ScoutSuite/providers/azure/resources/keyvault/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/keyvault/base.py b/ScoutSuite/providers/azure/resources/keyvault/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/keyvault/vaults.py b/ScoutSuite/providers/azure/resources/keyvault/vaults.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/monitor/__init__.py b/ScoutSuite/providers/azure/resources/monitor/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/network/__init__.py b/ScoutSuite/providers/azure/resources/network/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/network/application_security_groups.py b/ScoutSuite/providers/azure/resources/network/application_security_groups.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/network/base.py b/ScoutSuite/providers/azure/resources/network/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/network/network_interfaces.py b/ScoutSuite/providers/azure/resources/network/network_interfaces.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/network/security_groups.py b/ScoutSuite/providers/azure/resources/network/security_groups.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/network/virtual_networks.py b/ScoutSuite/providers/azure/resources/network/virtual_networks.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/network/watchers.py b/ScoutSuite/providers/azure/resources/network/watchers.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/securitycenter/__init__.py b/ScoutSuite/providers/azure/resources/securitycenter/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/securitycenter/auto_provisioning_settings.py b/ScoutSuite/providers/azure/resources/securitycenter/auto_provisioning_settings.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/securitycenter/base.py b/ScoutSuite/providers/azure/resources/securitycenter/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/securitycenter/information_protection_policies.py b/ScoutSuite/providers/azure/resources/securitycenter/information_protection_policies.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/securitycenter/pricings.py b/ScoutSuite/providers/azure/resources/securitycenter/pricings.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/securitycenter/security_contacts.py b/ScoutSuite/providers/azure/resources/securitycenter/security_contacts.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/securitycenter/settings.py b/ScoutSuite/providers/azure/resources/securitycenter/settings.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/__init__.py b/ScoutSuite/providers/azure/resources/sqldatabase/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/base.py b/ScoutSuite/providers/azure/resources/sqldatabase/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/database_blob_auditing_policies.py b/ScoutSuite/providers/azure/resources/sqldatabase/database_blob_auditing_policies.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/database_threat_detection_policies.py b/ScoutSuite/providers/azure/resources/sqldatabase/database_threat_detection_policies.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/databases.py b/ScoutSuite/providers/azure/resources/sqldatabase/databases.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/replication_links.py b/ScoutSuite/providers/azure/resources/sqldatabase/replication_links.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/server_azure_ad_administrators.py b/ScoutSuite/providers/azure/resources/sqldatabase/server_azure_ad_administrators.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/server_blob_auditing_policies.py b/ScoutSuite/providers/azure/resources/sqldatabase/server_blob_auditing_policies.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/server_security_alert_policies.py b/ScoutSuite/providers/azure/resources/sqldatabase/server_security_alert_policies.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/servers.py b/ScoutSuite/providers/azure/resources/sqldatabase/servers.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/transparent_data_encryptions.py b/ScoutSuite/providers/azure/resources/sqldatabase/transparent_data_encryptions.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/storageaccounts/__init__.py b/ScoutSuite/providers/azure/resources/storageaccounts/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/storageaccounts/base.py b/ScoutSuite/providers/azure/resources/storageaccounts/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/storageaccounts/blob_containers.py b/ScoutSuite/providers/azure/resources/storageaccounts/blob_containers.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py b/ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/subscriptions.py b/ScoutSuite/providers/azure/resources/subscriptions.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/__init__.py b/ScoutSuite/providers/azure/resources/virtualmachines/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/base.py b/ScoutSuite/providers/azure/resources/virtualmachines/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/instances.py b/ScoutSuite/providers/azure/resources/virtualmachines/instances.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/conditions/allow-tcp.json b/ScoutSuite/providers/azure/rules/conditions/allow-tcp.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/conditions/exposed-to-the-internet.json b/ScoutSuite/providers/azure/rules/conditions/exposed-to-the-internet.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/aad-guest-users.json b/ScoutSuite/providers/azure/rules/findings/aad-guest-users.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-authentication-disabled.json b/ScoutSuite/providers/azure/rules/findings/appservice-authentication-disabled.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-client-certificates-disabled.json b/ScoutSuite/providers/azure/rules/findings/appservice-client-certificates-disabled.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-http-2-disabled.json b/ScoutSuite/providers/azure/rules/findings/appservice-http-2-disabled.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-http-allowed.json b/ScoutSuite/providers/azure/rules/findings/appservice-http-allowed.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-managed-service-identities-disabled.json b/ScoutSuite/providers/azure/rules/findings/appservice-managed-service-identities-disabled.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-tls-v1-supported.json b/ScoutSuite/providers/azure/rules/findings/appservice-tls-v1-supported.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-webapp-using-outdated-progamming-language-version.json b/ScoutSuite/providers/azure/rules/findings/appservice-webapp-using-outdated-progamming-language-version.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-internet-all.json b/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-internet-all.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service.json b/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/network-watcher-not-enabled.json b/ScoutSuite/providers/azure/rules/findings/network-watcher-not-enabled.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/network-watcher-not-provisioned.json b/ScoutSuite/providers/azure/rules/findings/network-watcher-not-provisioned.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-auto-provisioning-off.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-auto-provisioning-off.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-email-not-set.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-email-not-set.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-admin-email-notifications.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-admin-email-notifications.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-email-notifications.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-email-notifications.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-not-set.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-not-set.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-phone-not-set.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-phone-not-set.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-standard-tier-not-enabled.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-standard-tier-not-enabled.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-auditing-low-retention.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-auditing-low-retention.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-auditing.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-auditing.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-threat-detection.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-threat-detection.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-transparent-data-encryption.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-transparent-data-encryption.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-disabled-alerts.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-disabled-alerts.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-low-retention.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-low-retention.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-send-alerts-disabled.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-send-alerts-disabled.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-auditing-low-retention.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-auditing-low-retention.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-ad-admin-configured.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-ad-admin-configured.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-auditing.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-auditing.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-threat-detection.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-threat-detection.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-disabled-alerts.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-disabled-alerts.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-low-retention.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-low-retention.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-send-alerts-disabled.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-send-alerts-disabled.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/storageaccount-access-keys-not-rotated.json b/ScoutSuite/providers/azure/rules/findings/storageaccount-access-keys-not-rotated.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/storageaccount-account-allowing-clear-text.json b/ScoutSuite/providers/azure/rules/findings/storageaccount-account-allowing-clear-text.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/storageaccount-public-blob-container.json b/ScoutSuite/providers/azure/rules/findings/storageaccount-public-blob-container.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/findings/storageaccount-trusted-microsoft-services.json b/ScoutSuite/providers/azure/rules/findings/storageaccount-trusted-microsoft-services.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/rulesets/cis-1.0.0.json b/ScoutSuite/providers/azure/rules/rulesets/cis-1.0.0.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/rulesets/default.json b/ScoutSuite/providers/azure/rules/rulesets/default.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/rules/rulesets/filters.json b/ScoutSuite/providers/azure/rules/rulesets/filters.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/services.py b/ScoutSuite/providers/azure/services.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/azure/utils.py b/ScoutSuite/providers/azure/utils.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/base/__init__.py b/ScoutSuite/providers/base/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/base/authentication_strategy.py b/ScoutSuite/providers/base/authentication_strategy.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/base/authentication_strategy_factory.py b/ScoutSuite/providers/base/authentication_strategy_factory.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/base/configs/__init__.py b/ScoutSuite/providers/base/configs/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/base/configs/browser.py b/ScoutSuite/providers/base/configs/browser.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/base/provider.py b/ScoutSuite/providers/base/provider.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/base/resources/__init__.py b/ScoutSuite/providers/base/resources/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/base/resources/base.py b/ScoutSuite/providers/base/resources/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/base/services.py b/ScoutSuite/providers/base/services.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/__init__.py b/ScoutSuite/providers/gcp/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/authentication_strategy.py b/ScoutSuite/providers/gcp/authentication_strategy.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/facade/__init__.py b/ScoutSuite/providers/gcp/facade/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/facade/basefacade.py b/ScoutSuite/providers/gcp/facade/basefacade.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/facade/cloudresourcemanager.py b/ScoutSuite/providers/gcp/facade/cloudresourcemanager.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/facade/cloudsql.py b/ScoutSuite/providers/gcp/facade/cloudsql.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/facade/cloudstorage.py b/ScoutSuite/providers/gcp/facade/cloudstorage.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/facade/gce.py b/ScoutSuite/providers/gcp/facade/gce.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/facade/iam.py b/ScoutSuite/providers/gcp/facade/iam.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/facade/kms.py b/ScoutSuite/providers/gcp/facade/kms.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/facade/stackdriverlogging.py b/ScoutSuite/providers/gcp/facade/stackdriverlogging.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/facade/utils.py b/ScoutSuite/providers/gcp/facade/utils.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/metadata.json b/ScoutSuite/providers/gcp/metadata.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/provider.py b/ScoutSuite/providers/gcp/provider.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/__init__.py b/ScoutSuite/providers/gcp/resources/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/base.py b/ScoutSuite/providers/gcp/resources/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/cloudresourcemanager/__init__.py b/ScoutSuite/providers/gcp/resources/cloudresourcemanager/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/cloudresourcemanager/base.py b/ScoutSuite/providers/gcp/resources/cloudresourcemanager/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/cloudresourcemanager/bindings.py b/ScoutSuite/providers/gcp/resources/cloudresourcemanager/bindings.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/cloudresourcemanager/groups.py b/ScoutSuite/providers/gcp/resources/cloudresourcemanager/groups.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/cloudresourcemanager/users.py b/ScoutSuite/providers/gcp/resources/cloudresourcemanager/users.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/cloudsql/__init__.py b/ScoutSuite/providers/gcp/resources/cloudsql/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/cloudsql/backups.py b/ScoutSuite/providers/gcp/resources/cloudsql/backups.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/cloudsql/base.py b/ScoutSuite/providers/gcp/resources/cloudsql/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py b/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/cloudsql/users.py b/ScoutSuite/providers/gcp/resources/cloudsql/users.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/cloudstorage/__init__.py b/ScoutSuite/providers/gcp/resources/cloudstorage/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/cloudstorage/base.py b/ScoutSuite/providers/gcp/resources/cloudstorage/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/gce/__init__.py b/ScoutSuite/providers/gcp/resources/gce/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/gce/base.py b/ScoutSuite/providers/gcp/resources/gce/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/gce/disks.py b/ScoutSuite/providers/gcp/resources/gce/disks.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/gce/firewalls.py b/ScoutSuite/providers/gcp/resources/gce/firewalls.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/gce/instance_disks.py b/ScoutSuite/providers/gcp/resources/gce/instance_disks.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/gce/instances.py b/ScoutSuite/providers/gcp/resources/gce/instances.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/gce/networks.py b/ScoutSuite/providers/gcp/resources/gce/networks.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/gce/regions.py b/ScoutSuite/providers/gcp/resources/gce/regions.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/gce/snapshots.py b/ScoutSuite/providers/gcp/resources/gce/snapshots.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/gce/subnetworks.py b/ScoutSuite/providers/gcp/resources/gce/subnetworks.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/gce/zones.py b/ScoutSuite/providers/gcp/resources/gce/zones.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/iam/__init__.py b/ScoutSuite/providers/gcp/resources/iam/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/iam/base.py b/ScoutSuite/providers/gcp/resources/iam/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/iam/bindings.py b/ScoutSuite/providers/gcp/resources/iam/bindings.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/iam/keys.py b/ScoutSuite/providers/gcp/resources/iam/keys.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/iam/service_accounts.py b/ScoutSuite/providers/gcp/resources/iam/service_accounts.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/kms/__init__.py b/ScoutSuite/providers/gcp/resources/kms/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/kms/base.py b/ScoutSuite/providers/gcp/resources/kms/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/kms/keyrings.py b/ScoutSuite/providers/gcp/resources/kms/keyrings.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/kms/keys.py b/ScoutSuite/providers/gcp/resources/kms/keys.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/projects.py b/ScoutSuite/providers/gcp/resources/projects.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/regions.py b/ScoutSuite/providers/gcp/resources/regions.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/stackdriverlogging/__init__.py b/ScoutSuite/providers/gcp/resources/stackdriverlogging/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/stackdriverlogging/base.py b/ScoutSuite/providers/gcp/resources/stackdriverlogging/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/stackdriverlogging/sinks.py b/ScoutSuite/providers/gcp/resources/stackdriverlogging/sinks.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/resources/zones.py b/ScoutSuite/providers/gcp/resources/zones.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-gmail-accounts-used.json b/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-gmail-accounts-used.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-primitive-role-in-use.json b/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-primitive-role-in-use.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-role-assigned-to-user.json b/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-role-assigned-to-user.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-sa-has-admin-privileges.json b/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-sa-has-admin-privileges.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-user-has-sa-user-role.json b/ScoutSuite/providers/gcp/rules/findings/cloudresourcemanager-user-has-sa-user-role.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-allows-root-login-from-any-host.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-allows-root-login-from-any-host.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-backups-disabled.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-backups-disabled.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-the-world.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-the-world.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-no-binary-logging.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-no-binary-logging.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-ssl-not-required.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-ssl-not-required.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-with-no-backups.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-with-no-backups.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-member.json b/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-member.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-logging.json b/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-logging.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-versioning.json b/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-versioning.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-default-rule-in-use.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-default-rule-in-use.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-all-ports.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-all-ports.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-internal-traffic.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-internal-traffic.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-port-range.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-port-range.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-public-access.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-public-access.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-opens-all-ports-to-all.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-opens-all-ports-to-all.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-opens-sensitive-port-to-all.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-opens-sensitive-port-to-all.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-disk-with-no-snapshot.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-disk-with-no-snapshot.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-with-deletion-protection-disabled.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-with-deletion-protection-disabled.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-network-with-no-instances.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-network-with-no-instances.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-old-disk-snapshot.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-old-disk-snapshot.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/iam-lack-of-service-account-key-rotation.json b/ScoutSuite/providers/gcp/rules/findings/iam-lack-of-service-account-key-rotation.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/iam-service-account-user-member.json b/ScoutSuite/providers/gcp/rules/findings/iam-service-account-user-member.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/iam-service-account-with-user-managed-keys.json b/ScoutSuite/providers/gcp/rules/findings/iam-service-account-with-user-managed-keys.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-no-export-sinks.json b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-no-export-sinks.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.0.0.json b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.0.0.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/rules/rulesets/filters.json b/ScoutSuite/providers/gcp/rules/rulesets/filters.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/gcp/services.py b/ScoutSuite/providers/gcp/services.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/__init__.py b/ScoutSuite/providers/oci/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/authentication_strategy.py b/ScoutSuite/providers/oci/authentication_strategy.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/facade/__init__.py b/ScoutSuite/providers/oci/facade/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/facade/base.py b/ScoutSuite/providers/oci/facade/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/facade/identity.py b/ScoutSuite/providers/oci/facade/identity.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/facade/kms.py b/ScoutSuite/providers/oci/facade/kms.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/facade/objectstorage.py b/ScoutSuite/providers/oci/facade/objectstorage.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/metadata.json b/ScoutSuite/providers/oci/metadata.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/provider.py b/ScoutSuite/providers/oci/provider.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/resources/__init__.py b/ScoutSuite/providers/oci/resources/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/resources/base.py b/ScoutSuite/providers/oci/resources/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/resources/identity/__init__.py b/ScoutSuite/providers/oci/resources/identity/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/resources/identity/api_keys.py b/ScoutSuite/providers/oci/resources/identity/api_keys.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/resources/identity/authentication_policy.py b/ScoutSuite/providers/oci/resources/identity/authentication_policy.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/resources/identity/base.py b/ScoutSuite/providers/oci/resources/identity/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/resources/identity/groups.py b/ScoutSuite/providers/oci/resources/identity/groups.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/resources/identity/policies.py b/ScoutSuite/providers/oci/resources/identity/policies.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/resources/identity/users.py b/ScoutSuite/providers/oci/resources/identity/users.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/resources/kms/__init__.py b/ScoutSuite/providers/oci/resources/kms/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/resources/kms/base.py b/ScoutSuite/providers/oci/resources/kms/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/resources/kms/keys.py b/ScoutSuite/providers/oci/resources/kms/keys.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/resources/kms/keyvaults.py b/ScoutSuite/providers/oci/resources/kms/keyvaults.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/resources/objectstorage/__init__.py b/ScoutSuite/providers/oci/resources/objectstorage/__init__.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/resources/objectstorage/base.py b/ScoutSuite/providers/oci/resources/objectstorage/base.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/resources/objectstorage/buckets.py b/ScoutSuite/providers/oci/resources/objectstorage/buckets.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/rules/filters/.keep b/ScoutSuite/providers/oci/rules/filters/.keep
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/rules/findings/identity-password-policy-minimum-length.json b/ScoutSuite/providers/oci/rules/findings/identity-password-policy-minimum-length.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/rules/findings/identity-password-policy-no-lowercase-required.json b/ScoutSuite/providers/oci/rules/findings/identity-password-policy-no-lowercase-required.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/rules/findings/identity-password-policy-no-number-required.json b/ScoutSuite/providers/oci/rules/findings/identity-password-policy-no-number-required.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/rules/findings/identity-password-policy-no-symbol-required.json b/ScoutSuite/providers/oci/rules/findings/identity-password-policy-no-symbol-required.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/rules/findings/identity-password-policy-no-uppercase-required.json b/ScoutSuite/providers/oci/rules/findings/identity-password-policy-no-uppercase-required.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/rules/findings/identity-policy-affects-user.json b/ScoutSuite/providers/oci/rules/findings/identity-policy-affects-user.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/rules/findings/identity-user-with-multiple-api-keys.json b/ScoutSuite/providers/oci/rules/findings/identity-user-with-multiple-api-keys.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/rules/findings/kms-no-key-rotation.json b/ScoutSuite/providers/oci/rules/findings/kms-no-key-rotation.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/rules/findings/objectstorage-bucket-lacking-kms-encryption.json b/ScoutSuite/providers/oci/rules/findings/objectstorage-bucket-lacking-kms-encryption.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/rules/findings/objectstorage-public-bucket.json b/ScoutSuite/providers/oci/rules/findings/objectstorage-public-bucket.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/rules/rulesets/default.json b/ScoutSuite/providers/oci/rules/rulesets/default.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/rules/rulesets/filters.json b/ScoutSuite/providers/oci/rules/rulesets/filters.json
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/services.py b/ScoutSuite/providers/oci/services.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/oci/utils.py b/ScoutSuite/providers/oci/utils.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/providers/utils.py b/ScoutSuite/providers/utils.py
old mode 100644
new mode 100755
diff --git a/ScoutSuite/utils.py b/ScoutSuite/utils.py
old mode 100644
new mode 100755
diff --git a/requirements.txt b/requirements.txt
old mode 100644
new mode 100755
diff --git a/setup.py b/setup.py
old mode 100644
new mode 100755
diff --git a/tests/data/invalid-file.json b/tests/data/invalid-file.json
old mode 100644
new mode 100755
diff --git a/tests/data/policy1.json b/tests/data/policy1.json
old mode 100644
new mode 100755
diff --git a/tests/data/resources/dummy_resources.json b/tests/data/resources/dummy_resources.json
old mode 100644
new mode 100755
diff --git a/tests/data/rule-configs/ec2.json b/tests/data/rule-configs/ec2.json
old mode 100644
new mode 100755
diff --git a/tests/data/rule-configs/iam-password-policy.json b/tests/data/rule-configs/iam-password-policy.json
old mode 100644
new mode 100755
diff --git a/tests/data/rule-configs/iam-root.json b/tests/data/rule-configs/iam-root.json
old mode 100644
new mode 100755
diff --git a/tests/data/rule-results/ec2-default-security-group-in-use.json b/tests/data/rule-results/ec2-default-security-group-in-use.json
old mode 100644
new mode 100755
diff --git a/tests/data/rule-results/ec2-default-security-group-with-rules.json b/tests/data/rule-results/ec2-default-security-group-with-rules.json
old mode 100644
new mode 100755
diff --git a/tests/data/rule-results/ec2-security-group-opens-all-ports-to-all.json b/tests/data/rule-results/ec2-security-group-opens-all-ports-to-all.json
old mode 100644
new mode 100755
diff --git a/tests/data/rule-results/ec2-security-group-opens-all-ports-to-self.json b/tests/data/rule-results/ec2-security-group-opens-all-ports-to-self.json
old mode 100644
new mode 100755
diff --git a/tests/data/rule-results/ec2-security-group-opens-all-ports.json b/tests/data/rule-results/ec2-security-group-opens-all-ports.json
old mode 100644
new mode 100755
diff --git a/tests/data/rule-results/ec2-security-group-opens-known-port-to-all.json b/tests/data/rule-results/ec2-security-group-opens-known-port-to-all.json
old mode 100644
new mode 100755
diff --git a/tests/data/rule-results/ec2-security-group-opens-port-range.json b/tests/data/rule-results/ec2-security-group-opens-port-range.json
old mode 100644
new mode 100755
diff --git a/tests/data/rule-results/ec2-security-group-opens-port-to-all.json b/tests/data/rule-results/ec2-security-group-opens-port-to-all.json
old mode 100644
new mode 100755
diff --git a/tests/data/rule-results/ec2-security-group-whitelists-aws-ip-from-banned-region.json b/tests/data/rule-results/ec2-security-group-whitelists-aws-ip-from-banned-region.json
old mode 100644
new mode 100755
diff --git a/tests/data/rule-results/ec2-security-group-whitelists-aws.json b/tests/data/rule-results/ec2-security-group-whitelists-aws.json
old mode 100644
new mode 100755
diff --git a/tests/data/rule-results/iam-password-policy-expiration-threshold.json b/tests/data/rule-results/iam-password-policy-expiration-threshold.json
old mode 100644
new mode 100755
diff --git a/tests/data/rule-results/iam-password-policy-lowercase-required.json b/tests/data/rule-results/iam-password-policy-lowercase-required.json
old mode 100644
new mode 100755
diff --git a/tests/data/rule-results/iam-password-policy-minimum-length.json b/tests/data/rule-results/iam-password-policy-minimum-length.json
old mode 100644
new mode 100755
diff --git a/tests/data/rule-results/iam-password-policy-no-expiration.json b/tests/data/rule-results/iam-password-policy-no-expiration.json
old mode 100644
new mode 100755
diff --git a/tests/data/rule-results/iam-password-policy-no-lowercase-required.json b/tests/data/rule-results/iam-password-policy-no-lowercase-required.json
old mode 100644
new mode 100755
diff --git a/tests/data/rule-results/iam-password-policy-no-number-required.json b/tests/data/rule-results/iam-password-policy-no-number-required.json
old mode 100644
new mode 100755
diff --git a/tests/data/rule-results/iam-password-policy-no-symbol-required.json b/tests/data/rule-results/iam-password-policy-no-symbol-required.json
old mode 100644
new mode 100755
diff --git a/tests/data/rule-results/iam-password-policy-no-uppercase-required.json b/tests/data/rule-results/iam-password-policy-no-uppercase-required.json
old mode 100644
new mode 100755
diff --git a/tests/data/rule-results/iam-password-policy-reuse-enabled.json b/tests/data/rule-results/iam-password-policy-reuse-enabled.json
old mode 100644
new mode 100755
diff --git a/tests/data/ruleset-test.json b/tests/data/ruleset-test.json
old mode 100644
new mode 100755
diff --git a/tests/data/statement1.json b/tests/data/statement1.json
old mode 100644
new mode 100755
diff --git a/tests/data/test-ruleset.json b/tests/data/test-ruleset.json
old mode 100644
new mode 100755
diff --git a/tests/test-core.py b/tests/test-core.py
old mode 100644
new mode 100755
diff --git a/tests/test-main.py b/tests/test-main.py
old mode 100644
new mode 100755
diff --git a/tests/test-output.py b/tests/test-output.py
old mode 100644
new mode 100755
diff --git a/tests/test-resources.py b/tests/test-resources.py
old mode 100644
new mode 100755
diff --git a/tests/test-rules-processingengine.py b/tests/test-rules-processingengine.py
old mode 100644
new mode 100755
diff --git a/tests/test-rules-ruleset.py b/tests/test-rules-ruleset.py
old mode 100644
new mode 100755
diff --git a/tests/test-scoutsuite.py b/tests/test-scoutsuite.py
old mode 100644
new mode 100755
diff --git a/tests/test-utils-conditions.py b/tests/test-utils-conditions.py
old mode 100644
new mode 100755
diff --git a/tests/test-utils.py b/tests/test-utils.py
old mode 100644
new mode 100755
diff --git a/tests/test-utils_cloudwatch.py b/tests/test-utils_cloudwatch.py
old mode 100644
new mode 100755
diff --git a/tests/test-utils_sns.py b/tests/test-utils_sns.py
old mode 100644
new mode 100755
diff --git a/tools/process_raw_response.py b/tools/process_raw_response.py
old mode 100644
new mode 100755

From 3f6cd47827602e3ef1dae34eb121af4d209c4abd Mon Sep 17 00:00:00 2001
From: Renzo Tomlinson <rtomlinson@latacora.com>
Date: Mon, 16 Mar 2020 18:09:03 -0600
Subject: [PATCH 126/145] parsing bug fixes

---
 .../providers/gcp/resources/cloudstorage/buckets.py      | 9 ++++++++-
 ScoutSuite/providers/gcp/resources/gce/disks.py          | 2 +-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
index 757f5c463..1865645d1 100644
--- a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
+++ b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
@@ -25,13 +25,20 @@ def _parse_bucket(self, raw_bucket):
         bucket_dict['storage_class'] = raw_bucket.storage_class.lower()
         bucket_dict['versioning_enabled'] = raw_bucket.versioning_enabled
         bucket_dict['logging_enabled'] = raw_bucket.logging is not None
-        bucket_dict['uniform_bucket_level_access'] = raw_bucket.iam_configuration['bucketPolicyOnly']['enabled']
+        iam_configuration = raw_bucket.iam_configuration.get('uniformBucketLevelAccess', False) or raw_bucket.iam_configuration.get('bucketPolicyOnly', False)
+        if iam_configuration:
+            bucket_dict['uniform_bucket_level_access'] = policy.get("enabled", False)
+        else:
+            print("raw_bucket.iam_configuration missing both uniformBucketLevelAccess and bucketPolicyOnly")
+            raise 
+        
         if bucket_dict['uniform_bucket_level_access']:
             bucket_dict['acls'] = []
             bucket_dict['default_object_acl'] = []
         else:
             bucket_dict['acls'] = list(raw_bucket.acl)
             bucket_dict['default_object_acl'] = list(raw_bucket.default_object_acl)
+        
         bucket_dict['acl_configuration'] = self._get_cloudstorage_bucket_acl(raw_bucket)  # FIXME this should be "IAM"
         return bucket_dict['id'], bucket_dict
 
diff --git a/ScoutSuite/providers/gcp/resources/gce/disks.py b/ScoutSuite/providers/gcp/resources/gce/disks.py
index de168ae97..6c4be7cd9 100644
--- a/ScoutSuite/providers/gcp/resources/gce/disks.py
+++ b/ScoutSuite/providers/gcp/resources/gce/disks.py
@@ -8,7 +8,7 @@ def _parse_disk(self, raw_disk):
         disk_dict['id'] = get_non_provider_id(raw_disk['deviceName'])
         disk_dict['type'] = raw_disk['type']
         disk_dict['mode'] = raw_disk['mode']
-        disk_dict['source_url'] = raw_disk['source']
+        disk_dict['source_url'] = raw_disk.get('source', "source_url not found for disk")
         disk_dict['source_device_name'] = raw_disk['deviceName']
         disk_dict['bootable'] = raw_disk['boot']
         disk_dict['encrypted_with_csek'] = self._is_encrypted_with_csek(raw_disk)

From 944b0d602ac375b3c22e20ae99419dd8863ee376 Mon Sep 17 00:00:00 2001
From: Renzo Tomlinson <rtomlinson@latacora.com>
Date: Mon, 16 Mar 2020 19:40:57 -0600
Subject: [PATCH 127/145] named the variable wrong

---
 ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
index 1865645d1..ee7f2884c 100644
--- a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
+++ b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
@@ -27,7 +27,7 @@ def _parse_bucket(self, raw_bucket):
         bucket_dict['logging_enabled'] = raw_bucket.logging is not None
         iam_configuration = raw_bucket.iam_configuration.get('uniformBucketLevelAccess', False) or raw_bucket.iam_configuration.get('bucketPolicyOnly', False)
         if iam_configuration:
-            bucket_dict['uniform_bucket_level_access'] = policy.get("enabled", False)
+            bucket_dict['uniform_bucket_level_access'] = iam_configuration.get("enabled", False)
         else:
             print("raw_bucket.iam_configuration missing both uniformBucketLevelAccess and bucketPolicyOnly")
             raise 

From 65e880c4f131c25c71d1d2ce36868184a0c86692 Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Tue, 17 Mar 2020 10:49:24 +0100
Subject: [PATCH 128/145] Test fix

---
 ScoutSuite/providers/gcp/facade/basefacade.py | 14 +++++++++++---
 requirements.txt                              |  2 ++
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/ScoutSuite/providers/gcp/facade/basefacade.py b/ScoutSuite/providers/gcp/facade/basefacade.py
index 6638c4940..dba36ca05 100644
--- a/ScoutSuite/providers/gcp/facade/basefacade.py
+++ b/ScoutSuite/providers/gcp/facade/basefacade.py
@@ -1,3 +1,11 @@
+# Since the HTTP library used by the Google API Client library is not
+# thread-safe, we leverage https://github.com/GoogleCloudPlatform/httplib2shim
+# resolves the following:
+#   - https://github.com/nccgroup/ScoutSuite/issues/443
+#   - https://github.com/nccgroup/ScoutSuite/issues/665
+import httplib2shim
+httplib2shim.patch()
+
 from googleapiclient import discovery
 
 class GCPBaseFacade:
@@ -10,10 +18,10 @@ def _build_client(self) -> discovery.Resource:
         return self._build_arbitrary_client(self._client_name, self._client_version)
 
     def _build_arbitrary_client(self, client_name, client_version):
-        return discovery.build(client_name, client_version, cache_discovery=False, cache=MemoryCache())
+        if not self._client:
+            self._client = discovery.build(client_name, client_version, cache_discovery=False, cache=MemoryCache())
+        return self._client
 
-    # Since the HTTP library used by the Google API Client library is not 
-    # thread-safe, we need to create a new client for each request.
     def _get_client(self) -> discovery.Resource:
         return self._build_client()
 
diff --git a/requirements.txt b/requirements.txt
index 8e4351c98..ceb2a28ce 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -26,6 +26,8 @@ google-cloud-kms>=1.0.0
 ## API Client Libraries
 google-api-python-client>=1.7.8
 oauth2client>=4.1.3
+## Necessary since API Client Libraries are not thread-safe
+httplib2shim>=0.0.3
 
 # Azure Provider
 requests>=2.22.0

From a8b850bee0d247bac7cfe8c13825a4d0c19d2573 Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Tue, 17 Mar 2020 11:34:49 +0100
Subject: [PATCH 129/145] Additional parsing

---
 ScoutSuite/providers/gcp/resources/gce/disks.py | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/ScoutSuite/providers/gcp/resources/gce/disks.py b/ScoutSuite/providers/gcp/resources/gce/disks.py
index 6c4be7cd9..e4fb0c16f 100644
--- a/ScoutSuite/providers/gcp/resources/gce/disks.py
+++ b/ScoutSuite/providers/gcp/resources/gce/disks.py
@@ -6,15 +6,15 @@ class Disks(Resources):
     def _parse_disk(self, raw_disk):
         disk_dict = {}
         disk_dict['id'] = get_non_provider_id(raw_disk['deviceName'])
-        disk_dict['type'] = raw_disk['type']
-        disk_dict['mode'] = raw_disk['mode']
-        disk_dict['source_url'] = raw_disk.get('source', "source_url not found for disk")
-        disk_dict['source_device_name'] = raw_disk['deviceName']
-        disk_dict['bootable'] = raw_disk['boot']
+        disk_dict['type'] = raw_disk.get('type')
+        disk_dict['mode'] = raw_disk.get('mode')
+        disk_dict['source_url'] = raw_disk.get('source')
+        disk_dict['source_device_name'] = raw_disk.get('deviceName')
+        disk_dict['bootable'] = raw_disk.get('boot')
         disk_dict['encrypted_with_csek'] = self._is_encrypted_with_csek(raw_disk)
         return disk_dict['id'], disk_dict
 
     def _is_encrypted_with_csek(self, raw_disk):
         return 'diskEncryptionKey' in raw_disk \
-               and 'sha256' in raw_disk['diskEncryptionKey'] \
+               and 'sha256' in raw_disk.get('diskEncryptionKey') \
                and raw_disk['diskEncryptionKey']['sha256'] != ''

From be2da506fe0af9fa12ce640e747d6644c5658c50 Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Tue, 17 Mar 2020 11:37:12 +0100
Subject: [PATCH 130/145] Rework logic

---
 .../providers/gcp/resources/cloudstorage/buckets.py      | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
index ee7f2884c..26e2f7a68 100644
--- a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
+++ b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py
@@ -25,13 +25,14 @@ def _parse_bucket(self, raw_bucket):
         bucket_dict['storage_class'] = raw_bucket.storage_class.lower()
         bucket_dict['versioning_enabled'] = raw_bucket.versioning_enabled
         bucket_dict['logging_enabled'] = raw_bucket.logging is not None
-        iam_configuration = raw_bucket.iam_configuration.get('uniformBucketLevelAccess', False) or raw_bucket.iam_configuration.get('bucketPolicyOnly', False)
+
+        iam_configuration = raw_bucket.iam_configuration.get('uniformBucketLevelAccess') or \
+            raw_bucket.iam_configuration.get('bucketPolicyOnly')
         if iam_configuration:
             bucket_dict['uniform_bucket_level_access'] = iam_configuration.get("enabled", False)
         else:
-            print("raw_bucket.iam_configuration missing both uniformBucketLevelAccess and bucketPolicyOnly")
-            raise 
-        
+            bucket_dict['uniform_bucket_level_access'] = None
+
         if bucket_dict['uniform_bucket_level_access']:
             bucket_dict['acls'] = []
             bucket_dict['default_object_acl'] = []

From af2bd7b18c96796384ccf5ee0d2f276ed1b4a204 Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Tue, 17 Mar 2020 16:02:00 +0100
Subject: [PATCH 131/145] Allow creating arbitrary clients

---
 ScoutSuite/providers/gcp/facade/base.py       |  2 +-
 ScoutSuite/providers/gcp/facade/basefacade.py | 17 +++++++++++++----
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py
index e07475399..5313710f4 100644
--- a/ScoutSuite/providers/gcp/facade/base.py
+++ b/ScoutSuite/providers/gcp/facade/base.py
@@ -91,7 +91,7 @@ async def _get_projects_recursively(self, parent_type, parent_id):
             return None
 
         resourcemanager_client = self._get_client()
-        resourcemanager_client_v2 = self._build_arbitrary_client('cloudresourcemanager', 'v2')
+        resourcemanager_client_v2 = self._build_arbitrary_client('cloudresourcemanager', 'v2', force_new=True)
 
         projects = []
 
diff --git a/ScoutSuite/providers/gcp/facade/basefacade.py b/ScoutSuite/providers/gcp/facade/basefacade.py
index dba36ca05..24deaab91 100644
--- a/ScoutSuite/providers/gcp/facade/basefacade.py
+++ b/ScoutSuite/providers/gcp/facade/basefacade.py
@@ -17,10 +17,19 @@ def __init__(self, client_name: str, client_version: str):
     def _build_client(self) -> discovery.Resource:
         return self._build_arbitrary_client(self._client_name, self._client_version)
 
-    def _build_arbitrary_client(self, client_name, client_version):
-        if not self._client:
-            self._client = discovery.build(client_name, client_version, cache_discovery=False, cache=MemoryCache())
-        return self._client
+    def _build_arbitrary_client(self, client_name, client_version, force_new=False):
+        """
+        :param client_name: name of the service
+        :param client_version:  version of the client to create
+        :param force_new: whether to create a new client - useful to create arbitrary clients from facades
+        :return:
+        """
+        if force_new:
+            return discovery.build(client_name, client_version, cache_discovery=False, cache=MemoryCache())
+        else:
+            if not self._client:
+                self._client = discovery.build(client_name, client_version, cache_discovery=False, cache=MemoryCache())
+            return self._client
 
     def _get_client(self) -> discovery.Resource:
         return self._build_client()

From 7c46a158e2d575a7c7c6f3249891c33ba7ab632d Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Thu, 19 Mar 2020 10:01:37 +0100
Subject: [PATCH 132/145] Small improvement

---
 .../services.ec2.regions.id.vpcs.id.security_groups.html    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.security_groups.html b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.security_groups.html
index c3926cc37..903ca2f17 100644
--- a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.security_groups.html
+++ b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.security_groups.html
@@ -6,10 +6,10 @@ <h4 class="list-group-item-heading">{{name}}</h4>
 
     <div class="list-group-item">
         <h4 class="list-group-item-heading">Information</h4>
-        <div class="list-group-item-text">ID: {{id}}</div>
-        <div class="list-group-item-text">Region: {{region}}</div>
+        <div class="list-group-item-text">ID: <samp>{{id}}</samp></div>
+        <div class="list-group-item-text">Region: <samp>{{region}}</samp></div>
         <div class="list-group-item-text">VPC: {{getValueAt 'services.vpc.regions' region 'vpcs' vpc 'name'}} ({{vpc}})</div>
-        <div class="list-group-item-text">Description: {{description}}</div>
+        <div class="list-group-item-text">Description: <samp>{{description}}</samp></div>
     </div>
 
     {{#each rules}}

From b74f2abef0a36e8ebe341f471f504e8d66a14224 Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Thu, 19 Mar 2020 10:02:21 +0100
Subject: [PATCH 133/145] Pull name field from tags

---
 ScoutSuite/providers/aws/resources/vpcs.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/ScoutSuite/providers/aws/resources/vpcs.py b/ScoutSuite/providers/aws/resources/vpcs.py
index cb7bd5762..c46c29b36 100644
--- a/ScoutSuite/providers/aws/resources/vpcs.py
+++ b/ScoutSuite/providers/aws/resources/vpcs.py
@@ -27,8 +27,16 @@ async def fetch_all(self):
 
     def _parse_vpc(self, raw_vpc):
         vpc = {}
-        vpc['name'] = raw_vpc['VpcId']
+        vpc['id'] = raw_vpc['VpcId']
         vpc['cidr_block'] = raw_vpc['CidrBlock']
         vpc['default'] = raw_vpc['IsDefault']
         vpc['state'] = raw_vpc['State']
-        return raw_vpc['VpcId'], vpc
+
+        # pull the name from tags
+        name_tag = next((d for i,d in enumerate(raw_vpc.get('Tags', [])) if d.get('Key') == 'Name'), None)
+        if name_tag:
+            vpc['name'] = name_tag.get('Value')
+        else:
+            vpc['name'] = raw_vpc['VpcId']
+
+        return vpc['id'], vpc

From 2cd8e0c497df95d5bbde416b3ce5594a81b1935e Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Thu, 19 Mar 2020 10:02:30 +0100
Subject: [PATCH 134/145] Add name field and improve partial

---
 .../partials/aws/services.vpc.regions.id.vpcs.html   | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.html b/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.html
index 3cb72430d..023de9a0c 100644
--- a/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.html
+++ b/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.html
@@ -2,15 +2,15 @@
     <!-- VPC partial -->
     <script id="services.vpc.regions.id.vpcs.partial" type="text/x-handlebars-template">
         <div id="resource-name" class="list-group-item active">
-          <h4 class="list-group-item-heading">{{@key}}</h4>
+          <h4 class="list-group-item-heading">{{name}}</h4>
         </div>
         <div class="list-group-item">
             <h4 class="list-group-item-heading">Information</h4>
-            <div class="list-group-item-text">ID: {{@key}}</div>
-            <div class="list-group-item-text">Region: {{region}}</div>
-            <div class="list-group-item-text">State: {{state}}</div>
-            <div class="list-group-item-text">CIDR Block: {{cidr_block}}</div>
-            <div class="list-group-item-text">Default: {{default}}</div>
+            <div class="list-group-item-text">ID: <samp>{{@key}}</samp></div>
+            <div class="list-group-item-text">Region: <samp>{{region}}</samp></div>
+            <div class="list-group-item-text">State: <samp>{{state}}</samp></div>
+            <div class="list-group-item-text">CIDR Block: <samp>{{cidr_block}}</samp></div>
+            <div class="list-group-item-text">Default: <samp>{{default}}</samp></div>
         </div>
         <div class="list-group-item" style="padding-bottom: 0 !important;">
           <div class="accordion">

From 8e614be9e364d64248658e20ce86d7ff15152cf4 Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Thu, 19 Mar 2020 10:07:32 +0100
Subject: [PATCH 135/145] Remove duplicate call

---
 ScoutSuite/providers/aws/provider.py | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py
index 4c114b446..c352f30c5 100644
--- a/ScoutSuite/providers/aws/provider.py
+++ b/ScoutSuite/providers/aws/provider.py
@@ -74,9 +74,6 @@ def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None):
             self._check_ec2_zone_distribution()
             self._add_last_snapshot_date_to_ec2_volumes()
 
-        if 'emr' in self.service_list and 'ec2' in self.service_list and 'vpc' in self.service_list:
-            self._set_emr_vpc_ids()
-
         if 'ec2' in self.service_list and 'iam' in self.service_list:
             self._match_instances_and_roles()
 
@@ -90,7 +87,7 @@ def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None):
         if 'elb' in self.services:
             self._parse_elb_policies()
 
-        if 'emr' in self.service_list and 'ec2' in self.service_list:
+        if 'emr' in self.service_list and 'ec2' in self.service_list and 'vpc' in self.service_list:
             self._set_emr_vpc_ids()
 
         self._add_cidr_display_name(ip_ranges, ip_ranges_name_key)

From 5d6a414ca7fe828ee5678ec54f2d7173c7074899 Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Thu, 19 Mar 2020 10:09:30 +0100
Subject: [PATCH 136/145] Minor change

---
 ScoutSuite/providers/aws/resources/vpcs.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ScoutSuite/providers/aws/resources/vpcs.py b/ScoutSuite/providers/aws/resources/vpcs.py
index c46c29b36..50a31c44f 100644
--- a/ScoutSuite/providers/aws/resources/vpcs.py
+++ b/ScoutSuite/providers/aws/resources/vpcs.py
@@ -33,7 +33,7 @@ def _parse_vpc(self, raw_vpc):
         vpc['state'] = raw_vpc['State']
 
         # pull the name from tags
-        name_tag = next((d for i,d in enumerate(raw_vpc.get('Tags', [])) if d.get('Key') == 'Name'), None)
+        name_tag = next((d for i, d in enumerate(raw_vpc.get('Tags', [])) if d.get('Key') == 'Name'), None)
         if name_tag:
             vpc['name'] = name_tag.get('Value')
         else:

From 7c7ce2f4ff818a12b8f12e0d0e22bf150cbc6b78 Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Thu, 19 Mar 2020 20:03:53 +0100
Subject: [PATCH 137/145] Change parameter

---
 ScoutSuite/core/cli_parser.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ScoutSuite/core/cli_parser.py b/ScoutSuite/core/cli_parser.py
index 3ba865485..a6481d3bf 100755
--- a/ScoutSuite/core/cli_parser.py
+++ b/ScoutSuite/core/cli_parser.py
@@ -333,7 +333,7 @@ def _init_common_args_parser(self):
                             default=[],
                             nargs='+',
                             help='Name of in-scope services, defaults to all.')
-        parser.add_argument('--list_services',
+        parser.add_argument('--list-services',
                             dest='list_services',
                             default=False,
                             action='store_true',

From 5fedd209e12449c0426bc92da7fd59c014cf37e1 Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Thu, 19 Mar 2020 20:12:36 +0100
Subject: [PATCH 138/145] Tweaks

---
 ScoutSuite/__main__.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/ScoutSuite/__main__.py b/ScoutSuite/__main__.py
index 69545e036..ced8ff8e4 100755
--- a/ScoutSuite/__main__.py
+++ b/ScoutSuite/__main__.py
@@ -197,8 +197,7 @@ async def _run(provider,
                                                  username=username,
                                                  password=password,
                                                  access_key_id=access_key_id,
-                                                 access_key_secret=access_key_secret,
-                                                 list_services=list_services)
+                                                 access_key_secret=access_key_secret)
 
         if not credentials:
             return 101
@@ -239,7 +238,10 @@ async def _run(provider,
         return
 
     if list_services:
-        return [x for x in dir(cloud_provider.services) if not x.startswith('_')]
+        available_services = [x for x in dir(cloud_provider.services) if
+                              not (x.startswith('_') or x in ['credentials', 'fetch'])]
+        print_info('The available services are: "{}"'.format('", "'.join(available_services)))
+        return 0
     else:
         # Complete run, including pulling data from provider
         if not fetch_local:

From bd7f9b118dc33ad5b57dbddbd880ed4efd8da882 Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Fri, 20 Mar 2020 09:41:37 +0100
Subject: [PATCH 139/145] This implementation has less impact on the logic

---
 ScoutSuite/__main__.py | 171 +++++++++++++++++++++--------------------
 1 file changed, 86 insertions(+), 85 deletions(-)

diff --git a/ScoutSuite/__main__.py b/ScoutSuite/__main__.py
index ced8ff8e4..1a9ed7d04 100755
--- a/ScoutSuite/__main__.py
+++ b/ScoutSuite/__main__.py
@@ -237,96 +237,97 @@ async def _run(provider,
         Server.init(database_file, host_ip, host_port)
         return
 
+    # If this command, run and exit
     if list_services:
         available_services = [x for x in dir(cloud_provider.services) if
                               not (x.startswith('_') or x in ['credentials', 'fetch'])]
         print_info('The available services are: "{}"'.format('", "'.join(available_services)))
         return 0
-    else:
-        # Complete run, including pulling data from provider
-        if not fetch_local:
-
-            # Fetch data from provider APIs
-            try:
-                print_info('Gathering data from APIs')
-                await cloud_provider.fetch(regions=regions, excluded_regions=excluded_regions)
-            except KeyboardInterrupt:
-                print_info('\nCancelled by user')
-                return 130
-
-            # Update means we reload the whole config and overwrite part of it
-            if update:
-                print_info('Updating existing data')
-                current_run_services = copy.deepcopy(cloud_provider.services)
-                last_run_dict = report.encoder.load_from_file('RESULTS')
-                cloud_provider.services = last_run_dict['services']
-                for service in cloud_provider.service_list:
-                    cloud_provider.services[service] = current_run_services[service]
-
-        # Partial run, using pre-pulled data
-        else:
-            print_info('Using local data')
-            # Reload to flatten everything into a python dictionary
+
+    # Complete run, including pulling data from provider
+    if not fetch_local:
+
+        # Fetch data from provider APIs
+        try:
+            print_info('Gathering data from APIs')
+            await cloud_provider.fetch(regions=regions, excluded_regions=excluded_regions)
+        except KeyboardInterrupt:
+            print_info('\nCancelled by user')
+            return 130
+
+        # Update means we reload the whole config and overwrite part of it
+        if update:
+            print_info('Updating existing data')
+            current_run_services = copy.deepcopy(cloud_provider.services)
             last_run_dict = report.encoder.load_from_file('RESULTS')
-            for key in last_run_dict:
-                setattr(cloud_provider, key, last_run_dict[key])
-
-        # Pre processing
-        cloud_provider.preprocessing(
-            ip_ranges, ip_ranges_name_key)
-
-        # Analyze config
-        print_info('Running rule engine')
-        finding_rules = Ruleset(cloud_provider=cloud_provider.provider_code,
-                                environment_name=cloud_provider.environment,
-                                filename=ruleset,
-                                ip_ranges=ip_ranges,
-                                account_id=cloud_provider.account_id)
-        processing_engine = ProcessingEngine(finding_rules)
-        processing_engine.run(cloud_provider)
-
-        # Create display filters
-        print_info('Applying display filters')
-        filter_rules = Ruleset(cloud_provider=cloud_provider.provider_code,
-                               environment_name=cloud_provider.environment,
-                               rule_type='filters',
-                               account_id=cloud_provider.account_id)
-        processing_engine = ProcessingEngine(filter_rules)
-        processing_engine.run(cloud_provider)
-
-        # Handle exceptions
-        if exceptions:
-            print_info('Applying exceptions')
-            try:
-                exceptions = RuleExceptions(exceptions)
-                exceptions.process(cloud_provider)
-                exceptions = exceptions.exceptions
-            except Exception as e:
-                print_exception('Failed to load exceptions: {}'.format(e))
-                exceptions = {}
-        else:
+            cloud_provider.services = last_run_dict['services']
+            for service in cloud_provider.service_list:
+                cloud_provider.services[service] = current_run_services[service]
+
+    # Partial run, using pre-pulled data
+    else:
+        print_info('Using local data')
+        # Reload to flatten everything into a python dictionary
+        last_run_dict = report.encoder.load_from_file('RESULTS')
+        for key in last_run_dict:
+            setattr(cloud_provider, key, last_run_dict[key])
+
+    # Pre processing
+    cloud_provider.preprocessing(
+        ip_ranges, ip_ranges_name_key)
+
+    # Analyze config
+    print_info('Running rule engine')
+    finding_rules = Ruleset(cloud_provider=cloud_provider.provider_code,
+                            environment_name=cloud_provider.environment,
+                            filename=ruleset,
+                            ip_ranges=ip_ranges,
+                            account_id=cloud_provider.account_id)
+    processing_engine = ProcessingEngine(finding_rules)
+    processing_engine.run(cloud_provider)
+
+    # Create display filters
+    print_info('Applying display filters')
+    filter_rules = Ruleset(cloud_provider=cloud_provider.provider_code,
+                           environment_name=cloud_provider.environment,
+                           rule_type='filters',
+                           account_id=cloud_provider.account_id)
+    processing_engine = ProcessingEngine(filter_rules)
+    processing_engine.run(cloud_provider)
+
+    # Handle exceptions
+    if exceptions:
+        print_info('Applying exceptions')
+        try:
+            exceptions = RuleExceptions(exceptions)
+            exceptions.process(cloud_provider)
+            exceptions = exceptions.exceptions
+        except Exception as e:
+            print_exception('Failed to load exceptions: {}'.format(e))
             exceptions = {}
+    else:
+        exceptions = {}
+
+    run_parameters = {
+        'services': services,
+        'skipped_services': skipped_services,
+        'regions': regions,
+        'excluded_regions': excluded_regions,
+    }
+    # Finalize
+    cloud_provider.postprocessing(report.current_time, finding_rules, run_parameters)
 
-        run_parameters = {
-            'services': services,
-            'skipped_services': skipped_services,
-            'regions': regions,
-            'excluded_regions': excluded_regions,
-        }
-        # Finalize
-        cloud_provider.postprocessing(report.current_time, finding_rules, run_parameters)
-
-        # Save config and create HTML report
-        html_report_path = report.save(
-            cloud_provider, exceptions, force_write, debug)
-
-        # Open the report by default
-        if not no_browser:
-            print_info('Opening the HTML report')
-            url = 'file://%s' % os.path.abspath(html_report_path)
-            webbrowser.open(url, new=2)
-
-        if ERRORS_LIST:  # errors were handled during execution
-            return 200
-        else:
-            return 0
\ No newline at end of file
+    # Save config and create HTML report
+    html_report_path = report.save(
+        cloud_provider, exceptions, force_write, debug)
+
+    # Open the report by default
+    if not no_browser:
+        print_info('Opening the HTML report')
+        url = 'file://%s' % os.path.abspath(html_report_path)
+        webbrowser.open(url, new=2)
+
+    if ERRORS_LIST:  # errors were handled during execution
+        return 200
+    else:
+        return 0
\ No newline at end of file

From 1bbaed9b5a146d4b9a5252a61a239526ee59425d Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Fri, 20 Mar 2020 09:43:46 +0100
Subject: [PATCH 140/145] Restore change from develop branch

---
 ScoutSuite/__main__.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ScoutSuite/__main__.py b/ScoutSuite/__main__.py
index 1a9ed7d04..60e3c3c04 100755
--- a/ScoutSuite/__main__.py
+++ b/ScoutSuite/__main__.py
@@ -56,7 +56,8 @@ def run_from_cli():
                    # General
                    report_name=args.get('report_name'), report_dir=args.get('report_dir'),
                    timestamp=args.get('timestamp'),
-                   services=args.get('services'), skipped_services=args.get('skipped_services'), list_services=args.get('list_services'),
+                   services=args.get('services'), skipped_services=args.get('skipped_services'),
+                   list_services=args.get('list_services'),
                    result_format=args.get('result_format'),
                    database_name=args.get('database_name'),
                    host_ip=args.get('host_ip'),
@@ -291,6 +292,7 @@ async def _run(provider,
     filter_rules = Ruleset(cloud_provider=cloud_provider.provider_code,
                            environment_name=cloud_provider.environment,
                            rule_type='filters',
+                           filename='filters.json',
                            account_id=cloud_provider.account_id)
     processing_engine = ProcessingEngine(filter_rules)
     processing_engine.run(cloud_provider)
@@ -330,4 +332,4 @@ async def _run(provider,
     if ERRORS_LIST:  # errors were handled during execution
         return 200
     else:
-        return 0
\ No newline at end of file
+        return 0

From 2cbf0ee4218d2156d11419aa4ec09759cd32e337 Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Fri, 20 Mar 2020 09:44:55 +0100
Subject: [PATCH 141/145] Restore order

---
 ScoutSuite/__main__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ScoutSuite/__main__.py b/ScoutSuite/__main__.py
index 60e3c3c04..da480b684 100755
--- a/ScoutSuite/__main__.py
+++ b/ScoutSuite/__main__.py
@@ -291,8 +291,8 @@ async def _run(provider,
     print_info('Applying display filters')
     filter_rules = Ruleset(cloud_provider=cloud_provider.provider_code,
                            environment_name=cloud_provider.environment,
-                           rule_type='filters',
                            filename='filters.json',
+                           rule_type='filters',
                            account_id=cloud_provider.account_id)
     processing_engine = ProcessingEngine(filter_rules)
     processing_engine.run(cloud_provider)

From 3266f9dfd234521f733a76742c25550c7fbe0e8a Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Sun, 22 Mar 2020 16:25:17 +0100
Subject: [PATCH 142/145] Make function safer

---
 ScoutSuite/providers/aws/utils.py | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/ScoutSuite/providers/aws/utils.py b/ScoutSuite/providers/aws/utils.py
index 4b708ed9a..517f1bc9f 100644
--- a/ScoutSuite/providers/aws/utils.py
+++ b/ScoutSuite/providers/aws/utils.py
@@ -1,4 +1,5 @@
 import re
+from ScoutSuite.core.console import print_exception
 
 ec2_classic = 'EC2-Classic'
 
@@ -28,12 +29,16 @@ def is_throttled(e):
     :param e:                           Exception raised
     :return:                            True if it's a throttling exception else False
     """
-    return (hasattr(e, 'response')
-            and e.response
-            and 'Error' in e.response
-            and e.response['Error']['Code'] in ['Throttling',
-                                                'RequestLimitExceeded',
-                                                'ThrottlingException'])
+    try:
+        return (hasattr(e, 'response')
+                and e.response
+                and 'Error' in e.response
+                and e.response['Error']['Code'] in ['Throttling',
+                                                    'RequestLimitExceeded',
+                                                    'ThrottlingException'])
+    except Exception as e:
+        print_exception('Unable to validate exception for throttling: {}'.format(e))
+        return False
 
 
 def get_keys(src, dst, keys):

From e075cc3f10b32f0b38b0bc98c719f3c822a995b0 Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Sun, 22 Mar 2020 16:33:22 +0100
Subject: [PATCH 143/145] Improve throttling check

---
 ScoutSuite/providers/utils.py | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/ScoutSuite/providers/utils.py b/ScoutSuite/providers/utils.py
index 144047f2f..6ff030791 100644
--- a/ScoutSuite/providers/utils.py
+++ b/ScoutSuite/providers/utils.py
@@ -24,8 +24,7 @@ async def run_concurrently(function, backoff_seconds=15):
             return await run_function_concurrently(function)
     except Exception as e:
         # Determine whether the exception is due to API throttling
-        throttled = aws_is_throttled(e)  # FIXME - this only works for AWS
-        if throttled:
+        if is_throttled(e):
             print_info('Hitting API rate limiting, will retry in {}s'.format(backoff_seconds))
             await asyncio.sleep(backoff_seconds)
             return await run_concurrently(function, backoff_seconds + 15)
@@ -105,3 +104,15 @@ async def map_concurrently(coroutine, entities, **kwargs):
             results.append(result)
 
     return results
+
+
+def is_throttled(e):
+    """
+    Function that tries to determine if an exception was caused by throttling
+    TODO - this implementation is incomplete
+    """
+
+    if hasattr(e, 'message') and 'Google Cloud' in e.message:
+        return False
+    else:
+        return aws_is_throttled(e)

From 57940a287a37f7d231d306cea68056fb96de6cea Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Sun, 22 Mar 2020 21:08:16 +0100
Subject: [PATCH 144/145] Remove test code

---
 ScoutSuite/providers/azure/resources/aad/groups.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/ScoutSuite/providers/azure/resources/aad/groups.py b/ScoutSuite/providers/azure/resources/aad/groups.py
index bc255be5a..fb58c5450 100755
--- a/ScoutSuite/providers/azure/resources/aad/groups.py
+++ b/ScoutSuite/providers/azure/resources/aad/groups.py
@@ -23,7 +23,5 @@ async def _parse_group(self, raw_group):
         group_dict['users'] = []  # this will be filled in `finalize()`
         group_dict['roles'] = []  # this will be filled in `finalize()`
 
-        additional_details = await self.facade.aad.get_group_details(group_dict['id'])
-
         return group_dict['id'], group_dict
 

From a934ee41963776f35541cf61385334c1b92d3734 Mon Sep 17 00:00:00 2001
From: xga <xavier.garceau-aranda@owasp.org>
Date: Sun, 22 Mar 2020 22:02:21 +0100
Subject: [PATCH 145/145] Set maximum version for dependency

---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index ceb2a28ce..b91e3bfc2 100755
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,7 +4,7 @@ netaddr>=0.7.11
 sqlitedict>=1.6.0
 cherrypy>=18.1.0
 cherrypy-cors>=1.6
-coloredlogs>=10.0
+coloredlogs<=10.0
 asyncio-throttle>=0.1.1
 
 # AWS Provider