ScoutSuite
ScoutSuite copied to clipboard
nccgroup
ScoutSuite: Azure - Authentication failure: 'list' object has no attribute 'get'
Hi there, I'm trying to run the ScoutSuite on my Azure subscription but I'm getting the following error:
Authentication failure: 'list' object has no attribute 'get'
To Reproduce Install ScoutSuite using the official documentation:
$ virtualenv -p python3 venv
created virtual environment CPython3.9.9.final.0-64 in 171ms
creator CPython3Posix(dest=/home/low/scout2/venv, clear=False, no_vcs_ignore=False, global=False)
seeder FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=/home/low/.local/share/virtualenv)
added seed packages: pip==20.3.4, pkg_resources==0.0.0, setuptools==44.1.1, wheel==0.34.2
activators BashActivator,CShellActivator,FishActivator,NushellActivator,PowerShellActivator,PythonActivator
$ source venv/bin/activate
$ ls
venv
$ pip install scoutsuite
Collecting scoutsuite
Using cached ScoutSuite-5.10.2-py3-none-any.whl
[…]
Successfully installed PyJWT-1.7.1 adal-1.2.4 aliyun-python-sdk-actiontrail-2.0.4 aliyun-python-sdk-core-2.13.35 aliyun-python-sdk-ecs-4.24.13 aliyun-python-sdk-kms-2.15.0 aliyun-python-sdk-ocs-0.0.4 aliyun-python-sdk-ram-3.2.0 aliyun-python-sdk-rds-2.6.1 aliyun-python-sdk-sts-3.1.0 aliyun-python-sdk-vpc-3.0.16 applicationinsights-0.11.10 argcomplete-1.12.3 asyncio-throttle-0.1.1 azure-cli-core-2.12.0 azure-cli-telemetry-1.0.6 azure-common-1.1.27 azure-core-1.21.1 azure-graphrbac-0.61.1 azure-mgmt-authorization-0.60.0 azure-mgmt-compute-5.0.0 azure-mgmt-core-1.2.0 azure-mgmt-keyvault-1.1.0 azure-mgmt-monitor-0.5.2 azure-mgmt-network-2.5.1 azure-mgmt-nspkg-3.0.2 azure-mgmt-redis-6.0.0 azure-mgmt-resource-10.2.0 azure-mgmt-security-0.4.1 azure-mgmt-sql-0.11.0 azure-mgmt-storage-7.1.0 azure-mgmt-web-0.47.0 azure-nspkg-3.0.2 bcrypt-3.2.0 boto3-1.20.44 botocore-1.23.44 cachetools-4.2.4 certifi-2021.10.8 cffi-1.15.0 charset-normalizer-2.0.10 cheroot-8.6.0 cherrypy-18.6.1 cherrypy-cors-1.6 circuitbreaker-1.3.2 colorama-0.4.4 coloredlogs-10.0 crcmod-1.7 cryptography-3.4.7 google-api-core-1.31.5 google-api-python-client-2.36.0 google-auth-1.35.0 google-auth-httplib2-0.1.0 google-cloud-appengine-logging-1.1.0 google-cloud-audit-log-0.2.0 google-cloud-container-2.10.1 google-cloud-core-2.2.2 google-cloud-iam-2.5.1 google-cloud-kms-1.3.0 google-cloud-logging-2.7.0 google-cloud-monitoring-1.1.0 google-cloud-resource-manager-1.3.3 google-cloud-storage-2.1.0 google-crc32c-1.3.0 google-resumable-media-2.1.0 googleapis-common-protos-1.54.0 grpc-google-iam-v1-0.12.3 grpcio-1.43.0 httpagentparser-1.9.2 httplib2-0.20.2 httplib2shim-0.0.3 humanfriendly-8.2 idna-3.3 isodate-0.6.1 jaraco.classes-3.2.1 jaraco.collections-3.5.1 jaraco.context-4.1.1 jaraco.functools-3.5.0 jar aco.text-3.7.0 jmespath-0.10.0 knack-0.7.2 libcst-0.4.0 more-itertools-8.12.0 msal-1.0.0 msal-extensions-0.1.3 msrest-0.6.21 msrestazure-0.6.4 mypy-extensions-0.4.3 netaddr-0.8.0 oauth2client-4.1.3 oauthlib-3.1.1 oci-2.55.0 oss2-2.15.0 packaging-21.3 paramiko-2.9.2 pkginfo-1.8.2 policyuniverse-1.4.0.20220110 portalocker-1.7.1 portend-3.1.0 proto-plus-1.19.9 protobuf-3.19.3 pyasn1-0.4.8 pyasn1-modules-0.2.8 pycparser-2.21 pycryptodome-3.13.0 pygments-2.11.2 pynacl-1.5.0 pyopenssl-19.1.0 pyparsing-3.0.7 python-dateutil-2.8.0 pytz-2021.3 pyyaml-6.0 requests-2.27.1 requests-oauthlib-1.3.0 rsa-4.8 s3transfer-0.5.0 scoutsuite-5.10.2 six-1.16.0 sqlitedict-1.7.0 tabulate-0.8.9 tempora-5.0.0 typing-extensions-4.0.1 typing-inspect-0.7.1 uritemplate-4.1.1 urllib3-1.26.8 zc.lockfile-2.0
$ scout --version
Scout Suite 5.10.2
$ python --version
Python 3.9.9
Generate credentials using az login:
$ az login >> creds.json # using the browser I had to sign-in, then choose the right subscription
$ cat creds.json
[
{
"cloudName": "AzureCloud",
"homeTenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"isDefault": true,
"managedByTenants": [],
"name": "Pay-As-You-Go",
"state": "Enabled",
"tenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"user": {
"name": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"type": "user"
}
},
{
"cloudName": "AzureCloud",
"homeTenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"isDefault": false,
"managedByTenants": [],
"name": "Test",
"state": "Enabled",
"tenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"user": {
"name": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"type": "user"
}
}
]
Run the tool using the creds.json:
$ scout azure --file-auth creds.json --debug
2022-01-27 16:37:59 kali scout[38534] INFO Launching Scout
2022-01-27 16:37:59 kali scout[38534] INFO Authenticating to cloud provider
2022-01-27 16:37:59 kali scout[38534] ERROR __main__.py L185: Authentication failure: 'list' object has no attribute 'get'
Traceback (most recent call last):
File "/home/low/scout2/venv/lib/python3.9/site-packages/ScoutSuite/providers/azure/authentication_strategy.py", line 190, in authenticate
tenant_id = data.get('tenantId')
AttributeError: 'list' object has no attribute 'get'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/low/scout2/venv/lib/python3.9/site-packages/ScoutSuite/__main__.py", line 185, in _run
credentials = auth_strategy.authenticate(profile=profile,
File "/home/low/scout2/venv/lib/python3.9/site-packages/ScoutSuite/providers/azure/authentication_strategy.py", line 227, in authenticate
raise AuthenticationException(e)
ScoutSuite.providers.base.authentication_strategy.AuthenticationException: 'list' object has no attribute 'get'
I'm using a dedicated low-privileged (normal user) low user on the latest (fully upgraded few minutes ago) Kali Linux:
$ lsb_release -a
No LSB modules are available.
Distributor ID: Kali
Description: Kali GNU/Linux Rolling
Release: 2021.4
Codename: kali-rolling
Any ideas how to fix it? Cheers, maciek
On the official docker image is the same:
$ docker run -v $(pwd):/root/data/ -it rossja/ncc-scoutsuite
Welcome to ScoutSuite!
To run ScoutSuite, just type `scout -h` to see the help documentation.
Have fun!
(scoutsuite) root@655d6de206fd:~# cd data/
(scoutsuite) root@655d6de206fd:~/data# ls
creds.json test venv
(scoutsuite) root@655d6de206fd:~/data# scout azure --file-auth creds.json --debug
2022-01-27 17:23:35 655d6de206fd scout[10] INFO Launching Scout
2022-01-27 17:23:35 655d6de206fd scout[10] INFO Authenticating to cloud provider
2022-01-27 17:23:35 655d6de206fd scout[10] ERROR __main__.py L185: Authentication failure: 'list' object has no attribute 'get'
Traceback (most recent call last):
File "/root/scoutsuite/lib/python3.9/site-packages/ScoutSuite/providers/azure/authentication_strategy.py", line 190, in authenticate
tenant_id = data.get('tenantId')
AttributeError: 'list' object has no attribute 'get'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/root/scoutsuite/lib/python3.9/site-packages/ScoutSuite/__main__.py", line 185, in _run
credentials = auth_strategy.authenticate(profile=profile,
File "/root/scoutsuite/lib/python3.9/site-packages/ScoutSuite/providers/azure/authentication_strategy.py", line 227, in authenticate
raise AuthenticationException(e)
ScoutSuite.providers.base.authentication_strategy.AuthenticationException: 'list' object has no attribute 'get'
(scoutsuite) root@655d6de206fd:~/data#
Hi,
This has been fixed in the develop branch by updating the authentication libraries and functions to use the new versions.
Changes have not yet made it to master; please give it a try with the develop branch to see if the error persists. Also check the new requirements.txt file which contains updated versions for multiple packages. These will be needed for the upgraded authentication scheme to work as expected.
@fernando-gallego I did git checkout on the develop branch and installed from there but still got it:
2023-07-03 16:53:32 3b3ac3e1472f scout[203] ERROR base.py L17: Failed to call fetch_all() for resource images: 'Image' object has no attribute 'hyper_vgeneration'
I fixed it with:
image_dict['hyper_vgeneration'] = raw_image.hyper_vgeneration if hasattr(raw_image, 'hyper_vgeneration') else ''
in:
ScoutSuite/providers/azure/resources/virtualmachines/images.py
to fix my error.