nccgroup / Scout2

Security auditing tool for AWS environments
http://nccgroup.github.io/Scout2/
GNU General Public License v2.0
1.73k stars 300 forks source link

Error in Running Scout2 #288

Closed saurabheligible closed 6 years ago

saurabheligible commented 6 years ago

While running Scout2, it is throwing the following runtime error. Also i would like to mention here is that with the same config it once ran in between. Can anyone please help me with this?

### Error: botocore.exceptions.EndpointConnectionError: Could not connect to the endpoint URL: "https://sts.amazonaws.com/"

Traceback (most recent call last): File "/usr/local/bin/Scout2", line 9, in load_entry_point('AWSScout2==3.2.1', 'console_scripts', 'Scout2')() File "/Library/Python/2.7/site-packages/AWSScout2-3.2.1-py2.7.egg/AWSScout2/main.py", line 74, in main aws_config['aws_account_id'] = get_aws_account_id(credentials) File "/Library/Python/2.7/site-packages/opinel/utils/aws.py", line 99, in get_aws_account_id caller_identity = get_caller_identity(credentials) File "/Library/Python/2.7/site-packages/opinel/utils/aws.py", line 90, in get_caller_identity return api_client.get_caller_identity() File "/Library/Python/2.7/site-packages/botocore/client.py", line 314, in _api_call return self._make_api_call(operation_name, kwargs) File "/Library/Python/2.7/site-packages/botocore/client.py", line 599, in _make_api_call operation_model, request_dict) File "/Library/Python/2.7/site-packages/botocore/endpoint.py", line 148, in make_request return self._send_request(request_dict, operation_model) File "/Library/Python/2.7/site-packages/botocore/endpoint.py", line 177, in _send_request success_response, exception): File "/Library/Python/2.7/site-packages/botocore/endpoint.py", line 273, in _needs_retry caught_exception=caught_exception, request_dict=request_dict) File "/Library/Python/2.7/site-packages/botocore/hooks.py", line 227, in emit return self._emit(event_name, kwargs) File "/Library/Python/2.7/site-packages/botocore/hooks.py", line 360, in _emit aliased_event_name, kwargs, stop_on_response File "/Library/Python/2.7/site-packages/botocore/hooks.py", line 210, in _emit response = handler(**kwargs) File "/Library/Python/2.7/site-packages/botocore/retryhandler.py", line 183, in call if self._checker(attempts, response, caught_exception): File "/Library/Python/2.7/site-packages/botocore/retryhandler.py", line 251, in call caught_exception) File "/Library/Python/2.7/site-packages/botocore/retryhandler.py", line 277, in _should_retry return self._checker(attempt_number, response, caught_exception) File "/Library/Python/2.7/site-packages/botocore/retryhandler.py", line 317, in call caught_exception) File "/Library/Python/2.7/site-packages/botocore/retryhandler.py", line 223, in call attempt_number, caught_exception) File "/Library/Python/2.7/site-packages/botocore/retryhandler.py", line 359, in _check_caught_exception raise caught_exception botocore.exceptions.EndpointConnectionError: Could not connect to the endpoint URL: "https://sts.amazonaws.com/" exit status 1

fernando-assing commented 6 years ago

facing this same issue

saurabheligible commented 6 years ago

Can someone please help?

l01cd3v commented 6 years ago

We’ll need details on how you configured your account (where are the credentials), the exact command you ran, and whether this is in the gov/china/public partition.

Keep in mind this is an open source project maintained by a tiny team so waiting 3 days or more to get support should be expected.

On Fri, Aug 24, 2018 at 7:53 AM Saurabh Gupta notifications@github.com wrote:

Can someone please help?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/nccgroup/Scout2/issues/288#issuecomment-415736887, or mute the thread https://github.com/notifications/unsubscribe-auth/AAt3w5znsiEExvG8BJAIlYdv4i6iSygaks5uT-lJgaJpZM4WFsP4 .

x4v13r64 commented 6 years ago

@fernando-assing @saurabheligible, this is not a Scout2 error per say, but an authentication error with AWS's STS endpoint. This is most likely due to the way you've configured the tool to run. Could you please provide answers to @l01cd3v's questions as well as debug output (--debug).

fernando-assing commented 6 years ago

Configured as follows - installed via pip keys inside ~/credentials/accessKeys.csv

Command executed Scout2 --csv-credentials ~/credentials/accessKeys.csv

Console output Traceback (most recent call last): File "/home/fassing/.local/bin/Scout2", line 11, in sys.exit(main()) File "/home/fassing/.local/lib/python2.7/site-packages/AWSScout2/main.py", line 67, in main aws_config.fetch(credentials, regions=args.regions, partition_name = get_partition_name(credentials)) File "/home/fassing/.local/lib/python2.7/site-packages/opinel/utils/aws.py", line 104, in get_partition_name caller_identity = get_caller_identity(credentials) File "/home/fassing/.local/lib/python2.7/site-packages/opinel/utils/aws.py", line 90, in get_caller_identity return api_client.get_caller_identity() File "/home/fassing/.local/lib/python2.7/site-packages/botocore/client.py", line 314, in _api_call return self._make_api_call(operation_name, kwargs) File "/home/fassing/.local/lib/python2.7/site-packages/botocore/client.py", line 599, in _make_api_call operation_model, request_dict) File "/home/fassing/.local/lib/python2.7/site-packages/botocore/endpoint.py", line 102, in make_request return self._send_request(request_dict, operation_model) File "/home/fassing/.local/lib/python2.7/site-packages/botocore/endpoint.py", line 135, in _send_request success_response, exception): File "/home/fassing/.local/lib/python2.7/site-packages/botocore/endpoint.py", line 202, in _needs_retry caught_exception=caught_exception, request_dict=request_dict) File "/home/fassing/.local/lib/python2.7/site-packages/botocore/hooks.py", line 227, in emit return self._emit(event_name, kwargs) File "/home/fassing/.local/lib/python2.7/site-packages/botocore/hooks.py", line 360, in _emit aliased_event_name, kwargs, stop_on_response File "/home/fassing/.local/lib/python2.7/site-packages/botocore/hooks.py", line 210, in _emit response = handler(**kwargs) File "/home/fassing/.local/lib/python2.7/site-packages/botocore/retryhandler.py", line 183, in call if self._checker(attempts, response, caught_exception): File "/home/fassing/.local/lib/python2.7/site-packages/botocore/retryhandler.py", line 251, in call caught_exception) File "/home/fassing/.local/lib/python2.7/site-packages/botocore/retryhandler.py", line 277, in _should_retry return self._checker(attempt_number, response, caught_exception) File "/home/fassing/.local/lib/python2.7/site-packages/botocore/retryhandler.py", line 317, in call caught_exception) File "/home/fassing/.local/lib/python2.7/site-packages/botocore/retryhandler.py", line 223, in call attempt_number, caught_exception) File "/home/fassing/.local/lib/python2.7/site-packages/botocore/retryhandler.py", line 359, in _check_caught_exception raise caught_exception botocore.exceptions.EndpointConnectionError: Could not connect to the endpoint URL: "https://sts.us-east.amazonaws.com/"

Deployment Account is not in gov/china region. It is in public.

saurabheligible commented 6 years ago

Audit runs successfully on some of my colleagues at the office with same configuration and command on their workstation. It ran for 2 times on my machine too.

Configured as follows - Installed via pip Keys inside: ~/.aws/config-eligible

Command: eligible-aws Scout2

Account is not in gov/china region. It is in public.

Error on Console Output:

Traceback (most recent call last): File "/usr/local/bin/Scout2", line 9, in load_entry_point('AWSScout2==3.2.1', 'console_scripts', 'Scout2')() File "/Library/Python/2.7/site-packages/AWSScout2-3.2.1-py2.7.egg/AWSScout2/main.py", line 74, in main aws_config['aws_account_id'] = get_aws_account_id(credentials) File "/Library/Python/2.7/site-packages/opinel/utils/aws.py", line 99, in get_aws_account_id caller_identity = get_caller_identity(credentials) File "/Library/Python/2.7/site-packages/opinel/utils/aws.py", line 90, in get_caller_identity return api_client.get_caller_identity() File "/Library/Python/2.7/site-packages/botocore/client.py", line 314, in _api_call return self._make_api_call(operation_name, kwargs) File "/Library/Python/2.7/site-packages/botocore/client.py", line 599, in _make_api_call operation_model, request_dict) File "/Library/Python/2.7/site-packages/botocore/endpoint.py", line 148, in make_request return self._send_request(request_dict, operation_model) File "/Library/Python/2.7/site-packages/botocore/endpoint.py", line 177, in _send_request success_response, exception): File "/Library/Python/2.7/site-packages/botocore/endpoint.py", line 273, in _needs_retry caught_exception=caught_exception, request_dict=request_dict) File "/Library/Python/2.7/site-packages/botocore/hooks.py", line 227, in emit return self._emit(event_name, kwargs) File "/Library/Python/2.7/site-packages/botocore/hooks.py", line 360, in _emit aliased_event_name, kwargs, stop_on_response File "/Library/Python/2.7/site-packages/botocore/hooks.py", line 210, in _emit response = handler(**kwargs) File "/Library/Python/2.7/site-packages/botocore/retryhandler.py", line 183, in call if self._checker(attempts, response, caught_exception): File "/Library/Python/2.7/site-packages/botocore/retryhandler.py", line 251, in call caught_exception) File "/Library/Python/2.7/site-packages/botocore/retryhandler.py", line 277, in _should_retry return self._checker(attempt_number, response, caught_exception) File "/Library/Python/2.7/site-packages/botocore/retryhandler.py", line 317, in call caught_exception) File "/Library/Python/2.7/site-packages/botocore/retryhandler.py", line 223, in call attempt_number, caught_exception) File "/Library/Python/2.7/site-packages/botocore/retryhandler.py", line 359, in _check_caught_exception raise caught_exception botocore.exceptions.EndpointConnectionError: Could not connect to the endpoint URL: "https://sts.amazonaws.com/" exit status 1

saurabheligible commented 6 years ago

It was the [botocore & boto3] causing an error which needs to be upgraded. Command: [pip install -r requirements.txt --upgrade] which upgrades above 2. Scout2 is now working for me. cc: @fernando-assing @l01cd3v @j4v

x4v13r64 commented 6 years ago

Closed as not a Scout error.