Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 240 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.

These details have not been verified by PyPI

Project links

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Project description

See all the things you and your team can do with ProwlerPro at prowler.pro

Description

Prowler is an Open Source security tool to perform AWS and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.

It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.

⚙️ Install

pip install prowler-cloud
prowler -v

Prowler container versions

The available versions of Prowler are the following:

latest: in sync with master branch (bear in mind that it is not a stable version)
<x.y.z> (release): you can find the releases here, those are stable releases.
stable: this tag always point to the latest release.

The container images are available here:

📐✏️ High level architecture

You can run Prowler from your workstation, an EC2 instance, Fargate or any other container, Codebuild, CloudShell and Cloud9.

Architecture

📝 Requirements

Prowler has been written in Python using the AWS SDK (Boto3) and Azure SDK.

AWS

Since Prowler uses AWS Credentials under the hood, you can follow any authentication method as described here. Make sure you have properly configured your AWS-CLI with a valid Access Key and Region or declare AWS variables properly (or instance profile/role):

aws configure

export AWS_ACCESS_KEY_ID="ASXXXXXXX"
export AWS_SECRET_ACCESS_KEY="XXXXXXXXX"
export AWS_SESSION_TOKEN="XXXXXXXXX"

Those credentials must be associated to a user or role with proper permissions to do all checks. To make sure, add the following AWS managed policies to the user or role being used:

arn:aws:iam::aws:policy/SecurityAudit
arn:aws:iam::aws:policy/job-function/ViewOnlyAccess

Moreover, some read-only additional permissions are needed for several checks, make sure you attach also the custom policy prowler-additions-policy.json to the role you are using.

If you want Prowler to send findings to AWS Security Hub, make sure you also attach the custom policy prowler-security-hub.json.

💻 Basic Usage

To run prowler, you will need to specify the provider (e.g aws or azure):

prowler <provider>

Prowler Execution

Running the prowler command without options will use your environment variable credentials.

By default, prowler will generate a CSV and a JSON report, however you could generate an HTML or an JSON-ASFF report with -M or --output-modes:

prowler <provider> -M csv json json-asff html

You can use -l/--list-checks or --list-services to list all available checks or services within the provider.

prowler <provider> --list-checks
prowler <provider> --list-services

For executing specific checks or services you can use options -c/checks or -s/services:

prowler aws --checks s3_bucket_public_access
prowler aws --services s3 ec2

Also, checks and services can be excluded with options -e/--excluded-checks or --excluded-services:

prowler aws --excluded-checks s3_bucket_public_access
prowler aws --excluded-services s3 ec2

You can always use -h/--help to access to the usage information and all the possible options:

prowler -h

AWS

Use a custom AWS profile with -p/--profile and/or AWS regions which you want to audit with -f/--filter-region:

prowler aws --profile custom-profile -f us-east-1 eu-south-2

By default, prowler will scan all AWS regions.

Azure

With Azure you need to specify which auth method is going to be used:

prowler azure [--sp-env-auth, --az-cli-auth, --browser-auth, --managed-identity-auth]

By default, prowler will scan all Azure subscriptions.

🎉 New Features

Multi-cloud support!

📖 Documentation

The full documentation can be found here:

https://docs.prowler.cloud

📃 License

Prowler is licensed as Apache License 2.0 as specified in each file. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0

Project details

These details have not been verified by PyPI

Project links

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

4.1.0

Apr 19, 2024

4.0.1

Apr 9, 2024

4.0.0

Apr 4, 2024

3.16.3

Apr 24, 2024

3.16.2

Apr 15, 2024

3.16.1

Apr 9, 2024

3.16.0

Apr 4, 2024

3.15.3

Mar 22, 2024

3.15.2

Mar 21, 2024

3.15.1

Mar 20, 2024

3.15.0

Mar 14, 2024

3.14.0

Feb 22, 2024

3.13.1

Feb 20, 2024

3.13.0 yanked

Feb 20, 2024

Reason this release was yanked:

The CI automation pushed some features to a hotfix branch.

3.12.1

Jan 12, 2024

3.12.0

Jan 8, 2024

3.11.3

Nov 16, 2023

3.11.2

Nov 14, 2023

3.11.1

Nov 10, 2023

3.11.0

Oct 31, 2023

3.10.0

Oct 11, 2023

3.9.0

Aug 25, 2023

3.8.2

Aug 14, 2023

3.8.1

Aug 10, 2023

3.8.0

Aug 3, 2023

3.7.2

Jul 26, 2023

3.7.1

Jul 12, 2023

3.7.0

Jul 6, 2023

3.6.1

Jun 16, 2023

3.6.0

Jun 13, 2023

3.5.3

May 24, 2023

3.5.2

May 18, 2023

3.5.1

May 16, 2023

3.5.0

May 11, 2023

3.4.1

Apr 25, 2023

3.4.0

Apr 20, 2023

3.3.4

Apr 5, 2023

3.3.3 yanked

Apr 5, 2023

Reason this release was yanked:

Yanked since some code that do not belong to this release was pushed.

3.3.2

Mar 30, 2023

3.3.1 yanked

Mar 30, 2023

Reason this release was yanked:

We release a fix with new features that doesn't belong to this version.

3.3.0

Mar 16, 2023

3.2.4

Feb 27, 2023

3.2.3 yanked

Feb 27, 2023

Reason this release was yanked:

This release is broken due to a FileNotFoundError.

3.2.2

Feb 23, 2023

3.2.1

Feb 21, 2023

3.2.0

Feb 13, 2023

3.1.4

Feb 7, 2023

3.1.3

Feb 3, 2023

3.1.2

Jan 26, 2023

3.1.1

Jan 20, 2023

3.1.0

Jan 17, 2023

3.0.2

Jan 5, 2023

3.0.1

Dec 23, 2022

3.0.0

Dec 21, 2022

3.0.0rc15 pre-release

Dec 21, 2022

3.0.0rc14 pre-release

Dec 21, 2022

3.0.0rc13 pre-release

Dec 20, 2022

3.0.0rc12 pre-release

Dec 15, 2022

3.0.0rc11 pre-release

Dec 15, 2022

This version

3.0.0rc1 pre-release

Dec 15, 2022

0.0.0rc11 pre-release

Dec 12, 2022

0.0.0rc10 pre-release

Dec 6, 2022

0.0.0rc9 pre-release

Dec 6, 2022

0.0.0rc8 pre-release

Dec 6, 2022

0.0.0rc7 pre-release

Dec 6, 2022

0.0.0rc6 pre-release

Dec 6, 2022

0.0.0rc5 pre-release

Dec 6, 2022

0.0.0rc4 pre-release

Dec 6, 2022

0.0.0rc3 pre-release

Dec 6, 2022

0.0.0rc2 pre-release

Dec 2, 2022

0.0.0rc1 pre-release

Dec 1, 2022

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

prowler-cloud-3.0.0rc1.tar.gz (347.6 kB view hashes)

Uploaded Dec 15, 2022 Source

Built Distribution

prowler_cloud-3.0.0rc1-py3-none-any.whl (824.3 kB view hashes)

Uploaded Dec 15, 2022 Python 3

Hashes for prowler-cloud-3.0.0rc1.tar.gz

Hashes for prowler-cloud-3.0.0rc1.tar.gz
Algorithm	Hash digest
SHA256	`ed21a485f828e7ea403687666173474a29a879ac413b93dff868ae1defae1269`
MD5	`fe308e41e5e02bada928d841aee251e8`
BLAKE2b-256	`103339c1bf0ac16ddae5718a8e0c1bb60282f9c753062bfc6762a6c0f8d5cc20`

Hashes for prowler_cloud-3.0.0rc1-py3-none-any.whl

Hashes for prowler_cloud-3.0.0rc1-py3-none-any.whl
Algorithm	Hash digest
SHA256	`0d26f6dc4421483cbce560f6ae9ffda27361c685f022c18465b099ab327a6264`
MD5	`a20d651b60582eb1d3af38ed01ab0f8e`
BLAKE2b-256	`649a368d71d5a6c81f4480d84591cc6f345ee46c991b2fd6d56982eb99b87c75`