search

nccgroup / Scout2

Security auditing tool for AWS environments
http://nccgroup.github.io/Scout2/
GNU General Public License v2.0
1.73k stars 300 forks source link

Can Scout2 scan china region (cn-north-1)? #242

Closed atheismist closed 6 years ago

atheismist commented 6 years ago

Hi Sir,

I'm just wondering if Scout2 can scan china region (cn-north-1)? I used --regions cn-north-1 to specify the region, but not working.

Thank you.

l01cd3v commented 6 years ago

Yes, with the --partition-name aws-cn argument.

atheismist commented 6 years ago

Hi,

After run the command "python Scout2.py --partition-name aws-cn --profile china_profile", I got the below exception, and didn't generate any report.

Fetching CloudFormation config... regions stacks 1/1 0/0 Fetching SQS config... regions queues 1/1 0/0 Fetching EC2 config... regions security_groups instances 1/1 33/33 12/12 Fetching VPC config... regions vpcs flow_logs network_acls route_tables subnets 1/1 2/2 0/0 2/2 3/3 6/6 Fetching EMR config... regions clusters 1/1 0/0 Fetching ElastiCache config... regions clusters security_groups 1/1 0/0 0/0 Fetching Route53 config... hosted_zones An error occurred (InvalidClientTokenId) when calling the ListHostedZones operation: The security token included in the request is invalid. 0/0 Fetching SNS config... regions topics subscriptions 1/1 2/2 1/1 Traceback (most recent call last): File "/var/www/html/Scout2/Scout2.py", line 8, in sys.exit(main()) File "/var/www/html/Scout2/AWSScout2/main.py", line 71, in main aws_config['aws_account_id'] = get_aws_account_id(credentials) File "/usr/local/lib/python2.7/site-packages/opinel/utils/aws.py", line 98, in get_aws_account_id caller_identity = get_caller_identity(credentials) File "/usr/local/lib/python2.7/site-packages/opinel/utils/aws.py", line 89, in get_caller_identity return api_client.get_caller_identity() File "/usr/lib/python2.7/dist-packages/botocore/client.py", line 310, in _api_call return self._make_api_call(operation_name, kwargs) File "/usr/lib/python2.7/dist-packages/botocore/client.py", line 599, in _make_api_call raise error_class(parsed_response, operation_name) botocore.exceptions.ClientError: An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid.

x4v13r64 commented 6 years ago

This issue doesn't seem to be with Scout2 but rather with the tokens provided when running the tool.

This line seems to indicate that the provided credentials weren't valid (or may have timed out):

botocore.exceptions.ClientError: An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid.

Can you confirm this was the case?

nomex commented 6 years ago

I'm also having this problem. Did you find a solution?

x4v13r64 commented 6 years ago

Can you please provide details on the issue you are encountering, as well as --debug output?