release/5.7 #630

x4v13r64 · 2020-01-31T17:31:56Z

Changes:

Azure
- Adds support for scanning multiple subscriptions or a whole tenant in one go (see https://github.com/nccgroup/ScoutSuite/wiki/Azure#subscriptions)
- Adds a new authentication method (--user-account-browser), which allows authenticating with a user with MFA enabled, without the need for azure-cli (see https://github.com/nccgroup/ScoutSuite/wiki/Azure#user-credentials-via-browser)
AWS
- Tweak support for executing in Lambda
- Adds tags for RDS resources
Core
- Improves test coverage

Warning this implements backward-incompatible changes to:

Azure CLI options
Azure partials

Version bump 5.6.0

Enhancement/Improved test coverage

# Conflicts: # ScoutSuite/providers/azure/provider.py # ScoutSuite/providers/gcp/resources/kms/keyrings.py

…elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies

Minor change

Add new SSL/TLS security policies

# Conflicts: # ScoutSuite/providers/azure/rules/findings/securitycenter-auto-provisioning-off.json # ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-email-not-set.json # ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-admin-email-notifications.json # ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-email-notifications.json # ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-phone-not-set.json # ScoutSuite/providers/azure/rules/findings/securitycenter-standard-tier-not-enabled.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-auditing-low-retention.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-auditing.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-threat-detection.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-transparent-data-encryption.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-disabled-alerts.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-low-retention.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-auditing-low-retention.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-ad-admin-configured.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-auditing.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-threat-detection.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-disabled-alerts.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-low-retention.json # ScoutSuite/providers/azure/rules/findings/storageaccount-access-keys-not-rotated.json # ScoutSuite/providers/azure/rules/findings/storageaccount-account-allowing-clear-text.json # ScoutSuite/providers/azure/rules/findings/storageaccount-public-blob-container.json # ScoutSuite/providers/azure/rules/findings/storageaccount-trusted-microsoft-services.json

# Conflicts: # ScoutSuite/providers/azure/rules/findings/graphrbac-guest-users.json # ScoutSuite/providers/azure/rules/findings/securitycenter-auto-provisioning-off.json # ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-email-not-set.json # ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-admin-email-notifications.json # ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-email-notifications.json # ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-phone-not-set.json # ScoutSuite/providers/azure/rules/findings/securitycenter-standard-tier-not-enabled.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-auditing-low-retention.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-auditing.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-threat-detection.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-transparent-data-encryption.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-disabled-alerts.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-low-retention.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-auditing-low-retention.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-ad-admin-configured.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-auditing.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-threat-detection.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-disabled-alerts.json # ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-low-retention.json # ScoutSuite/providers/azure/rules/findings/storageaccount-access-keys-not-rotated.json # ScoutSuite/providers/azure/rules/findings/storageaccount-account-allowing-clear-text.json # ScoutSuite/providers/azure/rules/findings/storageaccount-public-blob-container.json # ScoutSuite/providers/azure/rules/findings/storageaccount-trusted-microsoft-services.json

Enhancement/Azure Major Changes

codecov-io · 2020-01-31T17:46:41Z

Codecov Report

Merging #630 into master will decrease coverage by 0.36%.
The diff coverage is 53.12%.

@@            Coverage Diff             @@
##           master     #630      +/-   ##
==========================================
- Coverage   65.32%   64.96%   -0.37%     
==========================================
  Files          22       22              
  Lines        1488     1504      +16     
==========================================
+ Hits          972      977       +5     
- Misses        516      527      +11

Impacted Files	Coverage Δ
ScoutSuite/utils.py	`85.71% <ø> (ø)`	⬆️
ScoutSuite/__main__.py	`19.8% <0%> (-0.41%)`	⬇️
ScoutSuite/__init__.py	`100% <100%> (ø)`	⬆️
ScoutSuite/core/cli_parser.py	`83.33% <52.94%> (-2.65%)`	⬇️
ScoutSuite/core/console.py	`65.07% <58.33%> (-2.15%)`	⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 03685e9...509f3df. Read the comment docs.

lgtm-com · 2020-01-31T17:59:09Z

This pull request introduces 2 alerts when merging 509f3df into e784fc2 - view on LGTM.com

new alerts:

1 for Unused local variable
1 for Unused import

zscholl and others added 30 commits December 2, 2019 08:25

fix: handles a closed loop in AWS lambda (#1)

6e090c8

Merge branch 'master' of https://github.com/nccgroup/ScoutSuite

b6594c3

Added tests

bc935ae

Added tests lines

4ded2d5

Add comments

5d785f0

Separate AAD from ARM

66f6f75

Move to separate function

7959993

Remove unused imports

94a33e3

Partial implementation of subscriptions

0677299

fix: handles a closed loop in AWS lambda (#1)

f784323

Merge pull request #3 from zendesk/nklauer/scoutsuite-560

a1f67d7

Version bump 5.6.0

Fix path problem

21b45f1

Merge pull request #594 from nccgroup/enhancement/add_test

c39d4fe

Enhancement/Improved test coverage

Prettify code

5fe2416

Fix partial

97e5b0a

Add subscriptions left menu

7640d5a

Fix partials

55a4d86

Working implementation for AAD/ARM

ed5c7d5

Fix

54ec3b0

Update resources

4304257

Include subscriptions

6470b3c

Merge branch 'develop' into improvements/azure

aafd60c

# Conflicts: # ScoutSuite/providers/azure/provider.py # ScoutSuite/providers/gcp/resources/kms/keyrings.py

Add subscription options

8d904d1

WIP implementation of multi-subscription scanning

577431e

WIP implementation of multi-subscription scanning

91eff34

Add new SSL/TLS security policies as per https://docs.aws.amazon.com/…

36f5347

…elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies

Update elbv2-older-ssl-policy.json

a46c766

Minor change

Update elbv2-older-ssl-policy.json

0c0afdd

Minor change

Merge pull request #610 from trevorrea/master

833df4d

Add new SSL/TLS security policies

Significant changes towards multi-subscription support

d01a2dd

x4v13r64 added 26 commits January 28, 2020 17:57

Improve parsing and partial

c380d82

Remove useless code

6cec215

Fix missing subscription

4727166

Minor change

f04baef

Minor change

c157c6e

Fix partials

59657cf

Improve partials

7e68efb

Change CLI option

98f2986

Update formatting

71dc008

Fix import namming

5a564ac

Improve script

ea5f3e0

Remove implemented TODOs

dd92ceb

Improve parsing

c09c965

Improve parsing

c37daa1

Improve implementation

d6dbafd

Update requirements

996a3d6

Add new authentication method

ec515c2

Properly handle normal case

d302f87

Add missing requirement

0fb3926

Tweak function

642bad3

Fix authentication implementation

d466073

Fix report name

3206b3a

Fix whitespaces

51b0679

Merge pull request #603 from nccgroup/improvements/azure

f7a7042

Enhancement/Azure Major Changes

Update version

509f3df

x4v13r64 merged commit 300a76b into master Feb 2, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

release/5.7 #630

release/5.7 #630

x4v13r64 commented Jan 31, 2020 •

edited

Loading

codecov-io commented Jan 31, 2020 •

edited

Loading

lgtm-com bot commented Jan 31, 2020

release/5.7 #630

release/5.7 #630

Conversation

x4v13r64 commented Jan 31, 2020 • edited Loading

codecov-io commented Jan 31, 2020 • edited Loading

Codecov Report

lgtm-com bot commented Jan 31, 2020

x4v13r64 commented Jan 31, 2020 •

edited

Loading

codecov-io commented Jan 31, 2020 •

edited

Loading