Zero Networks Labs

TrustMeter 4.0: The New Face of Cloud Scanning

Published March 21, 2022 by Dekel Paz

A new – and major – version of TrustMeter is out! TrustMeter not only gets a major facelift (GUI) but also supports scanning virtual assets over the three major cloud providers: Google, Amazon, and Microsoft.

Walkthrough Video

Exposure Doesn’t Stop with the Internal Network

With the ever-increasing prevalence of cloud hosting, companies are opening their networks to more and more external resources and gradually releasing control over critical infrastructure to 3rd party vendors. This exponentially increases both the complexity of assessing their network exposure and the chances of an adversary reaching sensitive resources. What was once manageable with a single firewall appliance now requires administrating a wide array of network security devices, access control lists (ACL), and various proprietary configurations across multiple networks––some of which are not even under direct control.

A new version of Zero Networks’ free visibility tool, TrustMeter, tackles this challenge by assessing the exposure of cloud-hosted assets, allowing organizations to see what an attacker can access if they get into a network. Another major improvement in the user experience is the addition of an user interface to make configuration intuitive and simple.

Additional information about the basics of TrustMeter can be found in our TrustMeter and CornerShot integration blog posts.

The Face Lift

Whenever TrustMeter starts, it loads the following GUI:

It has all the previous configuration options you had in older versions of TrustMeter, but now, it is accessible in a cleaner way via the following tabs:

  1. On-Prem: Domain credentials and options for Active Directory host enumeration.
  1. Cloud: Credentials for Cloud-based host enumeration.
  1. Advanced: Configurations for the host scan, report, and miscellaneous options.
  1. About: Mandatory self-promotion.

If you enjoyed running TrustMeter from the command line, you still have this option by providing the “-sg” flag to the command line arguments.

Scanning Cloud Assets with TrustMeter

As organizations shift towards cloud-based and hybrid infrastructures, it is no longer sufficient to focus security efforts on just the internal network. Discovery of network access, already a complex task, can no longer rely on Active Directory as the single source of asset inventory. In addition, for cloud-native organizations, TrustMeter can now support your entire virtual infrastructure.

By leveraging service provider APIs, TrustMeter enumerates cloud-hosted assets in addition to Active Directory for building an asset inventory. These hosts are then scanned as normal, both directly and indirectly using CornerShot.

Upon launching TrustMeter, it automatically locates stored credentials for AWS, Azure, and GCP using installed command line interfaces and configured environment variables. Also, users have the option to manually enter the credential keys that TrustMeter can use.

The results of the scans are added to the TrustMeter report, where a new entity type, “Cloud”, is created.

Additional New Features

We are glad to support the growing community of users that rely on TrustMeter for security assessments. We are always open to ideas, comments, and suggestions regarding future versions of TrustMeter, so if you have ideas, don’t hesitate to reach out to us at

Additional Resources