• python 2.7
• pip
• git
• gcc (for sshpass installation (OS Audit). Not a mandatory pre-requisite)
• AWS Audit - AWS ReadOnly Keys
• GCP Audit - gcloud setup
• Azure Audit - Azure user read-only access

git clone https://github.com/SecurityFTW/cs-suite.git
cd cs-suite/
sudo python setup.py

(in order to avoid missing with the already installed python libraries)

• install virtualenv pip install virtualenv
• create a python 2.7 local enviroment virtualenv -p python2.7 venv
• activate the virtual enviroment source venv/bin/activate
• install project dependencies pip install -r requirements.txt
• run the tool via python cs.py -h

• In AWS create a IAM user with at least the following policy arn:aws:iam::aws:policy/ReadOnlyAccess
• In your local install aws cli brew install awscli for OSX
• Configure AWS cli aws configure

• create a project in GCP
• enable the Cloud resource manager API
• create a service account, download its key JSON and place it on the root of this project (example cs-suite/keyfile.json)
• set GOOGLE_APPLICATION_CREDENTIALS enviromental variable to you keyfile.json path export GOOGLE_APPLICATION_CREDENTIALS=/Users/jhernandez/workspace/cs-suite/keyfile.json
• Install google cloud sdk
• configure google clound sdk gcloud init

• signup and have logged in already to azure.microsoft.com
• install azure CLI brew install az
• authenticate the azure cli az login, you should see your subscription type if it was successful, simiarly to: ``` [ { "cloudName": "AzureCloud", "id": "xxxxx-5595-4da5-bc27-xxxeeee", "isDefault": true, "name": "Free Trial", "state": "Enabled", "tenantId": "xxxxx-18e9-41a4-961b-xxxxx", "user": { "name": "customer@email.com", "type": "user" } } ]

## Running cs-suite

```bash
To run AWS Audit - python cs.py -env aws
To run GCP Audit - python cs.py -env gcp -pId <project_name>
To run Azure Audit - python cs.py -env azure

• The final report will be available in reports directory

• The final AWS Audit report looks like below:

• The final GCP Audit report looks like below:

• Create a local directory aws with credentials and config files

• The config file looks like below

$ cat aws/config

[default]
output = json
region = us-east-1

• The credentials file looks like below

$ cat aws/credentials

[default]
aws_access_key_id = XXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXX

Note: This tool requires arn:aws:iam::aws:policy/ReadOnlyAccess IAM policy

• Then run the follwing docker command to start (passing your specific enviroment)

docker run -v `pwd`/aws:/root/.aws -v `pwd`/reports:/app/reports securityftw/cs-suite -env aws

https://securityftw.github.io

• Scout2 - https://github.com/nccgroup/Scout2
• Prowler - https://github.com/Alfresco/prowler
• Lunar - https://github.com/lateralblast/lunar
• Lynis - https://github.com/CISOfy/lynis
• G-Scout - https://github.com/nccgroup/G-Scout
• @alanrenouf - https://github.com/alanrenouf/Windows-Workstation-and-Server-Audit
• Ranjeet Sengar - https://github.com/sengar23