search

nccgroup / Scout2

Security auditing tool for AWS environments
http://nccgroup.github.io/Scout2/
GNU General Public License v2.0
1.73k stars 300 forks source link

CSV Credential support? #245

Closed arvinddoraiswamy closed 6 years ago

arvinddoraiswamy commented 6 years ago

It appears that Scout2 has csv-credential support. So I tried creating a file just like the one you get when you create a new Access key in IAM (download CSV credentials) and using it but it fails with an error saying:

"Error could not find AWS credentials. Use the --help option for more information."

I've compared the Hex dumps for both CSV files and they look exactly alike - binary characters included. I'm thinking I'm doing something wrong when copying creds into the csv (by hand).

Any ideas?

l01cd3v commented 6 years ago

Can you let me know the exact arguments you used to run Scout2 ?

arvinddoraiswamy commented 6 years ago

iirc it was just..

./Scout2.py --csv-credentials

l01cd3v commented 6 years ago

Just successfully ran Scout2 --csv-credentials test.csv. Reading the CSV contents is actually pretty flexible, the only constraint is to find a value starting with 'AKIA', and the secret key has to be the next value on the same line.

Can you cat the contents of your file, redact anything that needs to be, and share it? 

$ cat test.csv 
foobar,AKIAIXXXXX,<secret>
arvinddoraiswamy commented 6 years ago

Yeah, I wondered the same - it worked with a access key, secret key downloaded from the AWS console. This was an internal program though that generated a key pair and stored it in a CSV file so I could then use it with Scout2. So I did all that and diffed it with the original file and nothing was different, so I wonder what's wrong. Maybe the key I'm generating is off, somehow.

I will try and get a sample of the file tomorrow and attach it here.

On Wed, Feb 21, 2018 at 5:29 PM, Loïc Simon notifications@github.com wrote:

Just successfully ran Scout2 --csv-credentials test.csv. Reading the CSV contents is actually pretty flexible, the only constraint is to find an value starting with 'AKIA', followed by the secret key.

Can you cat the contents of your file, redact anything that needs to be, and share it?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/nccgroup/Scout2/issues/245#issuecomment-367536790, or mute the thread https://github.com/notifications/unsubscribe-auth/AA2D4ohUpfieqyPwEuvaohxk9I9ydzqIks5tXMLogaJpZM4R_AcR .