Added Feature/AWS Container Services (ECR,EKS,ECS)

README.md

@@ -13,57 +13,20 @@
 [![Docker Pulls](https://img.shields.io/docker/pulls/rossja/ncc-scoutsuite.svg?style=flat-square)](https://hub.docker.com/r/rossja/ncc-scoutsuite/)
 
 ## Description
+This pull request introduces support for key AWS container services—ECR (Elastic Container Registry), EKS (Elastic Kubernetes Service), and ECS (Elastic Container Service) within ScoutSuite. The changes extend the tool's capabilities to comprehensively assess the security posture of AWS environments utilizing container services.
 
-Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically.
+New Features:
 
-Scout Suite was designed by security consultants/auditors. It is meant to provide a point-in-time security-oriented view of the cloud account it was run in. Once the data has been gathered, all usage may be performed offline.
+AWS Container Service Support:
+Integration for ECR, EKS, and ECS services has been implemented, allowing ScoutSuite to analyze and report on the security configuration of these AWS container services.
 
-The project team can be contacted at <[email protected]>.
+Sample Rules:
+To jumpstart the assessment process, several sample rules have been incorporated to evaluate the vulnerability and compliance status of the AWS container services. These rules cover key security considerations in line with best practices.
 
-### Cloud Provider Support
+HTML Report Validation:
+The HTML reports generated by the modified code have been reviewed to confirm that they accurately represent the security posture of AWS container services.
 
-The following cloud providers are currently supported:
-
-- Amazon Web Services
-- Microsoft Azure
-- Google Cloud Platform
-- Alibaba Cloud (alpha)
-- Oracle Cloud Infrastructure (alpha)
-- Kubernetes clusters on a cloud provider (alpha)
-
-## Installation
-
-Refer to the [wiki](https://github.com/nccgroup/ScoutSuite/wiki/Setup).
-
-## Usage
-
-Scout Suite is run through the CLI:
-
-![Running Scout Suite](https://user-images.githubusercontent.com/13310971/78389085-22659d00-75b0-11ea-9f22-ea6fcaa6a1cd.gif)
-
-Once this has completed, it will generate an HTML report including findings and Cloud account configuration:
-
-![Scout Suite Report](https://user-images.githubusercontent.com/13310971/77861662-342bf680-71e4-11ea-8eed-ccaeb78c5f45.gif)
-
-The above report was generated by running Scout Suite against https://github.com/nccgroup/sadcloud.
-
-Additional information can be found in the [wiki](https://github.com/nccgroup/ScoutSuite/wiki). 
-There are also a number of handy [tools](https://github.com/nccgroup/ScoutSuite/tree/master/tools) for automation of common tasks.
-
-## NCC Scout 
-
-Our self-service cloud account monitoring platform, NCC Scout, is a user-friendly SaaS providing you with the ability to constantly monitor your public cloud accounts, allowing you to check they’re configured to comply with industry best practice.
-
-It features:
-
-- Persistent monitoring - so you know about changes or issues as they arise
-- One tool - all configuration checks in one place for speed and simplicity
-- Multi-vendor support - AWS, Azure and GCP public cloud accounts
-- Agnostic platform - a trusted third-party tool
-
-Additional details can be found in the [wiki](https://github.com/nccgroup/ScoutSuite/wiki/NCC-Scout).
-
-**NCC Scout now has a free tier under our "Freemium" offering**. 
-This offering provides access to NCC Group’s extended rulesets, keeping your cloud environment protected in-line with best practice configuration and cloud technologies. To sign up for the service, head on to https://cyberstore.nccgroup.com/our-services/service-details/16/cloud-account-monitoring.
+Issue Resolution:
+This pull request addresses the concerns raised in GitHub issue #1491, providing the requested support for AWS container services and delivering a comprehensive solution for security assessment within these environments.
 
 

ScoutSuite/output/data/html/partials/aws/services.ecr.regions.id.images.html

@@ -0,0 +1,30 @@
+<!-- ECR Image partial -->
+<script id="services.ecr.regions.id.images.partial" type="text/x-handlebars-template">
+    <div id="resource-name" class="list-group-item active">
+      <h4 class="list-group-item-heading">{{name}}</h4>
+    </div>
+    <div class="list-group-item">
+      <h4>Information</h4>
+      <ul>
+        <li class="list-group-item-text">Image Digest: {{imageDigest}}</li>
+        <li class="list-group-item-text">Registry ID: {{registryId}}</li>
+        <li class="list-group-item-text">Image Scan Enabled: {{imageScanEnabled}}</li>
+        <li class="list-group-item-text">Scan Status Message: {{ScanStatusMessage}}</li>
+        <li class="list-group-item-text">High Severity Counts: {{HighSeverityCounts}}</li>
+        <li class="list-group-item-text">Medium Severity Counts: {{MediumSeverityCounts}}</li>
+        <li class="list-group-item-text">Informational Severity Counts: {{InformationalSeverityCounts}}</li>
+        <li class="list-group-item-text">Low Severity Counts: {{LowSeverityCounts}}</li>
+        <li class="list-group-item-text">Image Scan Findings Summary Completed: {{imageScanFindingsSummaryCompleted}}</li>
+      </ul>
+    </div>
+  </script>
+  <script>
+    Handlebars.registerPartial("services.ecr.regions.id.images", $("#services\\.ecr\\.regions\\.id\\.images\\.partial").html());
+  </script>
+  <!-- Single ECR Image template -->
+  <script id="single_ecr_image-template" type="text/x-handlebars-template">
+    {{> modal-template template='services.ecr.regions.id.images'}}
+  </script>
+  <script>
+    var single_ecr_image_template = Handlebars.compile($("#single_ecr_image-template").html());
+  </script>

ScoutSuite/output/data/html/partials/aws/services.ecr.regions.id.repositories.html

@@ -0,0 +1,28 @@
+<!-- ECR Repositories partial -->
+<script id="services.ecr.regions.id.repositories.partial" type="text/x-handlebars-template">
+    <div id="resource-name" class="list-group-item active">
+      <h4 class="list-group-item-heading">{{name}}</h4>
+    </div>
+    <div class="list-group-item">
+      <h4>Information</h4>
+      <ul>
+        <li class="list-group-item-text">Registry ID: {{id}}</li>
+        <li class="list-group-item-text">Created At: {{created_at}}</li>
+        <li class="list-group-item-text">Image Tag Immutablity status: {{imageTagMutability}}</li>
+        <li class="list-group-item-text">Scan on Push: {{Scan_on_Push}}</li>
+        <li class="list-group-item-text">Encryption Type: {{encryptionType}}</li>
+        <li class="list-group-item-text">Region: {{region}}</li>
+
+      </ul>
+    </div>
+  </script>
+  <script>
+    Handlebars.registerPartial("services.ecr.regions.id.repositories", $("#services\\.ecr\\.regions\\.id\\.repositories\\.partial").html());
+  </script>
+  <!-- Single ECR repository instance template -->
+  <script id="single_ecr_repository-template" type="text/x-handlebars-template">
+    {{> modal-template template='services.ecr.regions.id.repositories' }}
+  </script>
+  <script>
+    var single_ecr_repository_template = Handlebars.compile($("#single_ecr_repository-template").html());
+  </script>

ScoutSuite/output/data/html/partials/aws/services.ecs.regions.html

@@ -0,0 +1,61 @@
+<script id="services.ecs.regions.partial" type="text/x-handlebars-template">
+    <div class="list-group-item active">
+      <h4 class="list-group-item-heading">{{name}}</h4>
+    </div>
+    <div class="list-group-item">
+    <h4>Information</h4>
+      <ul>
+        <li class="list-group-item-text">ECS Clusters count: {{clusters_count}}</li>
+        <li class="list-group-item-text">ECS Services count: {{services_count}}</li>
+        <li class="list-group-item-text">ECS Tasks count: {{tasks_count}}</li>
+
+      </ul>
+    </div>
+    <div class="list-group-item">
+      <div class="accordion">
+        <h4 class="list-group-item-heading accordion-heading">Clusters
+            {{> count_badge target=(concat '#services.ecs.regions' name 'clusters') count=clusters_count}}
+        </h4>
+        <div id="services.ecs.regions.{{name}}.clusters" class="accordion-body">
+          <div class="accordion-inner">
+            <ul class="no-bullet">
+              {{#each this.clusters}}
+                <li><a href="javascript:showObject('services.ecs.regions.{{../name}}.clusters.{{@key}}')">{{name}}</a></li>
+              {{/each}}
+            </ul>
+          </div>
+        </div>
+      </div>
+      <div class="accordion">
+        <h4 class="list-group-item-heading accordion-heading">Services
+            {{> count_badge target=(concat '#services.ecs.regions' name 'services') count=services_count}}
+        </h4>
+        <div id="services.ecs.regions.{{name}}.services" class="accordion-body">
+          <div class="accordion-inner">
+            <ul class="no-bullet">
+              {{#each this.services}}
+                <li><a href="javascript:showObject('services.ecs.regions.{{../name}}.services.{{@key}}')">{{name}}</a></li>
+              {{/each}}
+            </ul>
+          </div>
+        </div>
+      </div>
+      <div class="accordion">
+        <h4 class="list-group-item-heading accordion-heading">Tasks
+            {{> count_badge target=(concat '#services.ecs.regions' name 'tasks') count=tasks_count}}
+        </h4>
+        <div id="services.ecs.regions.{{arn}}.tasks" class="accordion-body">
+          <div class="accordion-inner">
+            <ul class="no-bullet">
+              {{#each this.tasks}}
+                <li><a href="javascript:showObject('services.ecs.regions.{{../name}}.tasks.{{@key}}')">{{arn}}</a></li>
+              {{/each}}
+            </ul>
+          </div>
+        </div>
+      </div>
+    </div>
+</script>
+<script>
+  Handlebars.registerPartial("services.ecs.regions", $("#services\\.ecs\\.regions\\.partial").html());
+</script>

ScoutSuite/output/data/html/partials/aws/services.ecs.regions.id.clusters.html

@@ -0,0 +1,27 @@
+<!-- ECS Cluster partial -->
+<script id="services.ecs.regions.id.clusters.partial" type="text/x-handlebars-template">
+    <div id="resource-name" class="list-group-item active">
+      <h4 class="list-group-item-heading">{{name}}</h4>
+    </div>
+    <div class="list-group-item">
+      <h4>Information</h4>
+      <ul>
+        <li class="list-group-item-text">Status: {{status}}</li>
+        <li class="list-group-item-text">Registered Container Instances Count: {{registered_container_instances_count}}</li>
+        <li class="list-group-item-text">Running Tasks Count: {{running_tasks_count}}</li>
+        <li class="list-group-item-text">Pending Tasks Count: {{pending_tasks_count}}</li>
+        <li class="list-group-item-text">Active Services Count: {{active_services_count}}</li>
+        <li class="list-group-item-text">Container Insights: {{containerInsights}}</li>
+      </ul>
+    </div>
+  </script>
+  <script>
+    Handlebars.registerPartial("services.ecs.regions.id.clusters", $("#services\\.ecs\\.regions\\.id\\.clusters\\.partial").html());
+  </script>
+  <!-- Single ECS cluster instance template -->
+  <script id="single_ecs_cluster-template" type="text/x-handlebars-template">
+    {{> modal-template template='services.ecs.regions.id.clusters' }}
+  </script>
+  <script>
+    var single_ecs_cluster_template = Handlebars.compile($("#single_ecs_cluster-template").html());
+  </script>

ScoutSuite/output/data/html/partials/aws/services.ecs.regions.id.services.html

@@ -0,0 +1,32 @@
+<!-- Service partial -->
+<script id="services.ecs.regions.id.services.partial" type="text/x-handlebars-template">
+    <!-- {{#unless scout_link}} -->
+      <div id="resource-name" class="list-group-item active">
+        <h4 class="list-group-item-heading">{{name}}</h4>
+      </div>
+      <div class="list-group-item">
+        <h4>Information</h4>
+        <ul>
+          <!-- <li class="list-group-item-text">Service ARN: <samp>{{arn}}</samp></li> -->
+          <li class="list-group-item-text">Service Name: {{name}}</li>
+          <li class="list-group-item-text">Cluster Name: {{cluster_name}}</li>
+          <li class="list-group-item-text">Desired Count: {{desired_count}}</li>
+          <li class="list-group-item-text">Running Count: {{running_count}}</li>
+          <li class="list-group-item-text">Pending Count: {{pending_count}}</li>
+          <li class="list-group-item-text">Scheduling Strategy: {{scheduling_strategy}}</li>
+          <!-- <li class="list-group-item-text">Stable: {{#if is_stable}}Yes{{else}}No{{/if}}</li> -->
+          <li class="list-group-item-text">Launch Type: {{launch_type}}</li>
+        </ul>
+      </div>
+    <!-- {{/unless}} -->
+  </script>
+  <script>
+    Handlebars.registerPartial("services.ecs.regions.id.services", $("#services\\.ecs\\.regions\\.id\\.services\\.partial").html());
+  </script>
+  <!-- Single ECS service template -->
+  <script id="single_ecs_service-template" type="text/x-handlebars-template">
+      {{> modal-template template='services.ecs.regions.id.services'}}
+  </script>
+  <script>
+      var single_ecs_service_template = Handlebars.compile($("#single_ecs_service-template").html());
+  </script>

ScoutSuite/output/data/html/partials/aws/services.ecs.regions.id.tasks.html

@@ -0,0 +1,34 @@
+<!-- ECS Task partial -->
+<script id="services.ecs.regions.id.tasks.partial" type="text/x-handlebars-template">
+    <div id="resource-name" class="list-group-item active">
+        <h4 class="list-group-item-heading">{{arn}}</h4>
+    </div>
+    <div class="list-group-item">
+        <h4>Information</h4>
+        <ul>
+            <li class="list-group-item-text">Task Definition ARN: {{taskDefinitionArn}}</li>
+            <li class="list-group-item-text">Cluster ARN: {{cluster_arn}}</li>
+            <li class="list-group-item-text">Launch Type: {{task_launchType}}</li>
+            <li class="list-group-item-text">Status: {{last_status}}</li>
+            <li class="list-group-item-text">Health Status: {{healthStatus}}</li>
+            <li class="list-group-item-text">Desired Status: {{desiredStatus}}</li>
+            <li class="list-group-item-text">Region: {{region}}</li>
+            <li class="list-group-item-text">Availiblity Zone: {{availabilityZone}}</li>
+            <li class="list-group-item-text">Container Instance ARN : {{containerInstanceArn}}</li>
+            <li class="list-group-item-text">Container ARN : {{containerArn}}</li>
+            <li class="list-group-item-text">Container Name : {{container_name}}</li>
+            <li class="list-group-item-text">Image Name : {{container_image_name}}</li>
+            <li class="list-group-item-text">Container Last Status : {{container_lastStatus}}</li>
+        </ul>
+    </div>
+</script>
+<script>
+    Handlebars.registerPartial("services.ecs.regions.id.tasks", $("#services\\.ecs\\.regions\\.id\\.tasks\\.partial").html());
+</script>
+<!-- Single ECS task instance template -->
+<script id="single_ecs_task-template" type="text/x-handlebars-template">
+    {{> modal-template template='services.ecs.regions.id.tasks' }}
+</script>
+<script>
+    var single_ecs_task_template = Handlebars.compile($("#single_ecs_task-template").html());
+</script>

ScoutSuite/output/data/html/partials/aws/services.eks.regions.id.clusters.html

@@ -0,0 +1,32 @@
+<!-- EKS Cluster partial -->
+<script id="services.eks.regions.id.clusters.partial" type="text/x-handlebars-template">
+    <div id="resource-name" class="list-group-item active">
+      <h4 class="list-group-item-heading">{{name}}</h4>
+    </div>
+    <div class="list-group-item">
+      <h4>Information</h4>
+      <ul>
+        <li class="list-group-item-text">Status: {{status}}</li>
+        <li class="list-group-item-text">ARN: {{arn}}</li>
+        <li class="list-group-item-text">Endpoint: {{endpoint}}</li>
+        <li class="list-group-item-text">Kubernetes Cluster Version: {{version}}</li>
+        <li class="list-group-item-text">Created At: {{created_at}}</li>
+        <li class="list-group-item-text">Endpoint Public Access enabled: {{endpointPublicAccess}}</li>
+        <li class="list-group-item-text">Endpoint Private Access enabled: {{endpointPrivateAccess}}</li>
+        <li class="list-group-item-text">Cluster Security group: {{cluster_sg_group}}</li>
+        <li class="list-group-item-text">Cluster VPC: {{cluster_vpc}}</li>
+        <li class="list-group-item-text">Region: {{region}}</li>
+        <li class="list-group-item-text">Logging: {{logging}}</li>
+      </ul>
+    </div>
+  </script>
+  <script>
+    Handlebars.registerPartial("services.eks.regions.id.clusters", $("#services\\.eks\\.regions\\.id\\.clusters\\.partial").html());
+  </script>
+  <!-- Single EKS cluster instance template -->
+  <script id="single_eks_cluster-template" type="text/x-handlebars-template">
+    {{> modal-template template='services.eks.regions.id.clusters' }}
+  </script>
+  <script>
+    var single_eks_cluster_template = Handlebars.compile($("#single_eks_cluster-template").html());
+  </script>

ScoutSuite/output/data/html/partials/aws/services.eks.regions.id.nodegroups.html

@@ -0,0 +1,37 @@
+<!-- EKS Nodegroup partial -->
+<script id="services.eks.regions.id.nodegroups.partial" type="text/x-handlebars-template">
+    <div id="resource-name" class="list-group-item active">
+      <h4 class="list-group-item-heading">{{name}}</h4>
+    </div>
+    <div class="list-group-item">
+      <h4>Information</h4>
+      <ul>
+        <li class="list-group-item-text">ARN: {{nodegroupArn}}</li>
+        <li class="list-group-item-text">Cluster Name: {{clusterName}}</li>
+        <li class="list-group-item-text">Version: {{Nodegroup_version}}</li>
+        <li class="list-group-item-text">Minimum Size: {{MinSize}}</li>
+        <li class="list-group-item-text">Maximum Size: {{MaxSize}}</li>
+        <li class="list-group-item-text">Desired Size: {{desiredSize}}</li>
+        <li class="list-group-item-text">Node Security Group: {{Node_sg}}</li>
+        <li class="list-group-item-text">Created At: {{created_at}}</li>
+        <li class="list-group-item-text">Modified At: {{modified_at}}</li>
+        <li class="list-group-item-text">Status: {{status}}</li>
+        <li class="list-group-item-text">Capacity Type: {{capacityType}}</li>
+        <li class="list-group-item-text">Region: {{region}}</li>
+        <li class="list-group-item-text">Instance Types: {{instanceTypes}}</li>
+        <li class="list-group-item-text">AMI Type: {{amiType}}</li>
+        <li class="list-group-item-text">Disk Size: {{diskSize}}</li>
+        <li class="list-group-item-text">Node Role: {{nodeRole}}</li>
+      </ul>
+    </div>
+  </script>
+  <script>
+    Handlebars.registerPartial("services.eks.regions.id.nodegroups", $("#services\\.eks\\.regions\\.id\\.nodegroups\\.partial").html());
+  </script>
+  <!-- Single EKS Nodegroup template -->
+  <script id="single_eks_nodegroup-template" type="text/x-handlebars-template">
+    {{> modal-template template='services.eks.regions.id.nodegroups'}}
+  </script>
+  <script>
+    var single_eks_nodegroup_template = Handlebars.compile($("#single_eks_nodegroup-template").html());
+  </script>

ScoutSuite/providers/aws/facade/base.py

@@ -12,7 +12,10 @@
 from ScoutSuite.providers.aws.facade.directconnect import DirectConnectFacade
 from ScoutSuite.providers.aws.facade.dynamodb import DynamoDBFacade
 from ScoutSuite.providers.aws.facade.ec2 import EC2Facade
+from ScoutSuite.providers.aws.facade.ecs import ECSFacade
+from ScoutSuite.providers.aws.facade.ecr import ECRFacade
 from ScoutSuite.providers.aws.facade.efs import EFSFacade
+from ScoutSuite.providers.aws.facade.eks import EKSFacade
 from ScoutSuite.providers.aws.facade.elasticache import ElastiCacheFacade
 from ScoutSuite.providers.aws.facade.elb import ELBFacade
 from ScoutSuite.providers.aws.facade.elbv2 import ELBv2Facade