Xavier Garceau-Aranda
Xavier Garceau-Aranda
Any progress on this?
Thanks @evemorgen - looks good. We've implemented this (for now) with https://github.com/hallazzang/asyncio-throttle and it works, but as the library isn't supported we'd rather move to a more mature project as...
Fixed by https://github.com/nccgroup/ScoutSuite/pull/1383
> The Cloud Asset API allows searches of resources across multiple projects, and has a default quota of 600 searches per minute. Gotcha, we'll look into it. > An alternative...
I've been looking into this and I'm not convinced by the Cloud Asset Inventory option, since that API needs to be manually enabled before querying, which in many scenarios (e.g....
Thanks, will review. > although if you have a large number of guest users, the issue still remains There's really no way around that though. If you have a very...
It does not (currently). The only service not subscription-based is AAD, so I guess we could allow for running against no subscriptions though.
It's a relatively simple logic change, but not something we plan on implementing in the short terms.
The subscription validation is implemented here https://github.com/nccgroup/ScoutSuite/blob/master/ScoutSuite/providers/azure/facade/base.py#L78, not sure if it runs out of the box if `subscriptions_list` is empty.
@ramimac @rossja @thommor thoughts?