OpenStack (coming soon)

OpenStack

Authentication

NOTE: ScoutSuite leverages OpenstackSDK to handle authentication; in particular it uses the Connection class as described here. Terms used in this section refer to official OpenStack documentation.

There are two ways to authenticate against an OpenStack instance.

1. Using keyword arguments

With this method the necessary parameters are passed as arguments to ScoutSuite.

Flag for authentication method: --keywords.
Flags for authentication parameters:

--auth_url API endpoint to which ScoutSuite should authenticate;
--username username of the account;
--user_domain_name name of the domain to which belongs the account;
--password password for the account;
--project_name name of the project to work on;
--project_domain_name name of the domain to which belongs the project.

NOTE: To generate a project-scoped token and consequently a project-scoped connection, all of the above arguments are required.

2. Configuration file: clouds.yaml

This method uses clouds.yaml, a configuration file commonly used in controller nodes to manage Openstack instances. Flag for authentication method: --clouds_yaml.
If the configuration file is not in the working directory of ScotSuite, --config_path flag can be used to set its path.

NOTE: Please look here for more information on configuration file and its creation.

Examples

Project-scoped connection with --keywords flag

$ python scout.py os --keywords --username john --user_domain_name dom1 --password $3kr3t --project_name proj1 --project_domain_name dom1

Connection with --clouds_yaml flag

$ python scout.py os --clouds_yaml --cloud_name cloudTest --config_path <PATH/TO/CLOUDS.YAML>

Home
Getting Started
- Setup
- Compliance
- Configuration and Usage
  - AWS
  - Azure
  - GCP
  - Aliyun
  - OCI
  - OpenStack
  - Kubernetes
  - DigitalOcean
- Docker
- [v6] Upgrade to v6-alpha
Advanced Usage
Understanding the Architecture
How to Contribute
FAQ

Provide feedback

Saved searches