Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
APACHE-2.0 License
Bot releases are hidden (Show)
Published by toniblyx over 1 year ago
Drawn by quest for fire
They searched all through the land
Drawn by quest for fire
Discovery of man.
Quest for Fire is a song part of Piece of Mind album of Iron Maiden. This new version is the result of our quest for your security issues and our quest to help you to improve your cloud security posture. See below the amazing new features we have added to Prowler 3.2.0 ๐ฅQuest for Fire๐ฅ
๐ท๏ธ Tag-based scan: now you can scan only resources with specific tags across your entire account with the following command:
prowler aws --resource-tags Environment=dev Project=prowler
๐ฏ Resource-based scan: now you can scan only a specific resources by the ARN
prowler aws --resource-arn arn:aws:iam::012345678910:user/test arn:aws:ec2:us-east-1:123456789012:vpc/vpc-12345678
test
and all VPC related checks to VPC vpc-12345678
โ๏ธ 17 New Security Compliance Frameworks: we added 17 new security frameworks for AWS.
โ New check:
๐บHandler for output code:
๐Allow list feature now supports Lambda to manage it:
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.1.4...3.2.0
Published by jfagoagas over 1 year ago
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.1.3...3.1.4
Published by sergargar over 1 year ago
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.1.2...3.1.3
Published by sergargar over 1 year ago
prowler
or prowler-cloud
can be used to install Prowler by @sergargar in https://github.com/prowler-cloud/prowler/pull/1768
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.1.1...3.1.2
Published by sergargar over 1 year ago
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.1.0...3.1.1
Published by toniblyx almost 2 years ago
"The swords of scorn divide,
Take not thy thunder from us,
But take away our pride."
Revelations is the second song of the Peace of Mind album of Iron Maiden that was written by Bruce Dickinson.
This last month has been a real revelation for us and we realize how big is our community and how well accepted has been version 3. We have passed the number of 2 Million of downloads ๐ since the project started (not counting forks). As a reference see OSS Insight stats in the last month https://ossinsight.io/collections/security-tool, we became the Top 1 tool thanks to all of you!
Ensure IAM Service Roles prevents against a cross-service confused deputy attack. Use the aws:SourceArn
and aws:SourceAccount
global condition context keys in trust relationship policies to limit the permissions that a service has to a specific resource. More information at https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html#cross-service-confused-deputy-prevention.
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.0.2...3.1.0
Published by jfagoagas almost 2 years ago
apk update
in Dockerfile by @PeterDaveHello in https://github.com/prowler-cloud/prowler/pull/1617
contents: write
permission by @sergargar in https://github.com/prowler-cloud/prowler/pull/1643
pull-requests: write
permissions by @sergargar in https://github.com/prowler-cloud/prowler/pull/1644
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.0.1...3.0.2
Published by toniblyx almost 2 years ago
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.0.0...3.0.1
Published by toniblyx almost 2 years ago
Today we are releasing a new major version of Prowler ๐๐ฅณ๐๐พ, the Version 3 aka Piece of Mind.
Take Prowler v3 as our ๐Christmas gift ๐ for the Cloud Security Community.
Artwork property of Iron Maiden
Piece of Mind was the fourth studio album of Iron Maiden. Its meaning fits perfectly with what we do with Prowler in both senses: being protected and at the same time, this is the software I would have wanted to write when I started Prowler back in 2016 (this is now, more than ever, a piece of my mind). Now this has been possible thanks to my awesome team at Verica.
No doubt that 2022 has been a pretty interesting year for us, we launched ProwlerPro and released many minor versions of Prowler. Now enjoy Sun and Steel while you keep reading these release notes.
If you are an Iron Maiden fan as I am, you have noticed the latest minor release of Prowler (2.12) was a song from this very same album, just a clue of what was coming! In Piece of Mind you can find one of the most popular heavy metal songs of all times, The Trooper, which will be a Prowler version to be released during 2023.
Prowler v3 is more than a new version of Prowler, it is a whole new piece of software, we have fully rewritten it in Python and we have made it multi-cloud adding Azure as our second supported Cloud Provider. Prowler v3 is also way faster, being able to scan an entire AWS account across all regions 37 times faster than before, yes! you read it correctly, what before took hours now it takes literally few minutes or even seconds.
We are also releasing today our brand new documentation site for Prowler at https://docs.prowler.cloud and it is also stored in the docs
folder in the repo.
Here is a list of the most important changes in Prowler v3:
pip install prowler
then run prowler
thatโs all.prowler
.In addition to the Prowler rock stars @jfagoagas @n4ch04 @sergargar we have a couple of new contributors in this release:
Full Changelog: https://github.com/prowler-cloud/prowler/compare/2.10.0...3.0.0
Published by toniblyx almost 2 years ago
Full Changelog: https://github.com/prowler-cloud/prowler/compare/2.12.0...2.12.1
Published by toniblyx almost 2 years ago
Where Eagles Dare is the song that opens the Piece of Mind album of Iron Maiden, released back in 1983, the first one with Nicko McBrain as drummer after Clive Burr left the band, note his first seconds on this piece, it is like Nicko saying "here I go!". This song relates the adventure of a team of soldiers raiding a castle in Germany during the WWII, that is related in the movie with the same name starred by Clint Eastwood and Richard Burton.
For all of you that have contributed to this version (see list below), thank you โค๏ธ!!! And reach out to me on Twitter (@toniblyx - DMs are open) if you want some laptop stickers.
New checks:
7.195 [check7195] Ensure CodeArtifact internal packages do not allow external public source publishing. - codeartifact [Critical]
Other changes:
cisig2
for CIS Critical Security Controls v8 by @artfulbodgerFull Changelog: https://github.com/prowler-cloud/prowler/compare/2.11.0...2.12.0
Published by toniblyx over 2 years ago
Steve Harris, founder and bass guitar of Iron Maiden ๐ค๐ฝ wrote this song when he lost his father, lyrics and music is beautiful. This release is for those that always look forward and only look back to be thankful and learn. Also this song and version is to thanks my Prowler brothers @jfagoagas, @n4ch04, @sergargar and @drewkerrigan, they are working as beasts every day to make this piece of software better and building something awesome with Prowler underneath called Prowler Pro.
For all of you that have contributed to this version (see list below), thank you โค๏ธ!!! And reach out to me on Twitter (@toniblyx - DMs are open) if you want some laptop stickers.
7.181 [extra7181] Directory Service monitoring with CloudWatch logs - ds [Medium]
7.182 [extra7182] Directory Service SNS Notifications - ds [Medium]
7.183 [extra7183] Directory Service LDAP Certificates expiration - ds [Medium]
7.184 [extra7184] Directory Service Manual Snapshot Limit - ds [Low]
7.185 [extra7185] Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation - iam [High]
7.186 [extra7186] Check S3 Account Level Public Access Block - s3 [High]
7.187 [extra7187] Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements - workspaces [High]
7.188 [extra7188] Ensure Radius server in DS is using the recommended security protocol - ds [Medium]
7.189 [extra7189] Ensure Multi-Factor Authentication (MFA) using Radius Server is enabled in DS - ds [Medium]
7.190 [extra7190] Ensure user maximum session duration is no longer than 10 hours. - appstream [Medium]
7.191 [extra7191] Ensure session disconnect timeout is set to 5 minutes or less. - appstream [Medium]
7.192 [extra7192] Ensure session idle disconnect timeout is set to 10 minutes or less. - appstream [Medium]
7.193 [extra7193] Ensure default Internet Access from your Amazon AppStream fleet streaming instances should remain unchecked. - appstream [Medium]
7.194 [extra7194] Check if ECR repositories have lifecycle policies enabled - ecr [Low]
New beta feature called Prowler Quick Inventory, run ./prowler -i
and tell us how it works for you. More information here: https://github.com/prowler-cloud/prowler#inventory
Look at the new IAM check extra7185
that will help you find IAM customer managed policies that may lead into privilege escalation.
Now you can send findings directly to a PostgreSQL DB. More here https://github.com/prowler-cloud/prowler#database-providers-connector.
We have refactored the whole core to improve how everything is put together, that is helping us to write the new v3 in python.
yum check-update
by @jfagoagas https://github.com/prowler-cloud/prowler/pull/1275
Full Changelog: https://github.com/prowler-cloud/prowler/compare/2.10.0...2.11.0
Published by toniblyx over 2 years ago
Fly on your way, like an eagle
Fly as high as the sun
On your way, like an eagle
Fly, touch the sun
Flight of Icarus is a song of Iron Maiden released in 1983 as part of their Piece of Mind album. There are some amazing guitar solos in this song and it is so good, watch the video and enjoy it like this new version here:
https://www.youtube.com/watch?v=p4w2BZXL6Ss:
Image copyright by Iron Maiden
7.174 [extra7174] CodeBuild Project last invoked greater than 90 days - codebuild [High]
7.175 [extra7175] CodeBuild Project with an user controlled buildspec - codebuild [High]
7.176 [extra7176] EMR Cluster without Public IP - emr [Medium]
7.177 [extra7177] Publicly accessible EMR Cluster - emr [High]
7.178 [extra7178] EMR Account Public Access Block enabled - emr [High]
7.179 [extra7179] Check Public Lambda Function URL - lambda [High]
7.180 [extra7180] Check Lambda Function URL CORS configuration - lambda [Medium]
Full Changelog: https://github.com/prowler-cloud/prowler/compare/2.9.0...2.10.0
Published by jfagoagas over 2 years ago
In 1982, Iron Maiden released The Number of the Beast, their third studio album and the first with Bruce Dickinson as their lead vocalist. The song Run to the Hills gives me very good memories, as the time we are living will do the same in the future. That song is one of the greatest metal songs in music history. Enjoy it as we do while releasing this new version of Prowler!
https://www.youtube.com/watch?v=86URGgqONvA
Image copyright by Iron Maiden
Now, if you want to use your allowlist or custom checks you can retrieve it from a S3 Bucket using -w
option along with a S3 URI like s3://bucket/prefix/allowlist_sample.txt
Also, we have enriched some IAM checks to provide more information about resources when the check status is PASS.
csv
format by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/1102
Full Changelog: https://github.com/prowler-cloud/prowler/compare/2.8.1...2.9.0
Published by sergargar over 2 years ago
Full Changelog: https://github.com/prowler-cloud/prowler/compare/2.8.0...2.8.1
Published by toniblyx over 2 years ago
The Ides of March is an instrumental song that opens the second studio album of Iron Maiden called Killers. This song is great as an opening, March is the month when spring starts in my side of the world, is always time for optimism. Ides of March also means 15 of March in the Roman calendar (and the day of the assassination of Julius Caesar). Enjoy the song here.
We have put our best to make this release and with important help of the Prowler community of cloud security engineers around the world, thank you all! Special thanks to the Prowler full time engineers @jfagoagas, @n4ch04 and @sergargar! (and Bruce, my dog) โค๏ธ
Now, if you have AWS Organizations and are scanning multiple accounts using the assume role functionality, Prowler can get your account details like Account Name, Email, ARN, Organization ID and Tags and add them to CSV and JSON output formats. More information and usage here.
7.172 [extra7172] Check if S3 buckets have ACLs enabled - s3 [Medium]
Full Changelog: https://github.com/prowler-cloud/prowler/compare/2.7.0...2.8.0
Published by toniblyx over 2 years ago
This release name is in honor of Brave New World, a great song of ๐ฅIron Maiden๐ฅ from their Brave New World album. Dedicated to all of you looking forward to having the world we had before COVID... We hope is not hitting you bad. Enjoy!
master
branch will be the latest available code and we will keep the stable code as each release, if you are installing or deploying Prowler using git clone
to master take that into account and use the latest release instead, i.e.: git clone --branch 2.7 https://github.com/prowler-cloud/prowler
or curl https://github.com/toniblyx/prowler/archive/refs/tags/2.7.0.tar.gz -o prowler-2.7.0.tar.gz
bug
as a red tag.7.160 [extra7160] Check if Redshift has automatic upgrades enabled - redshift [Medium]
7.161 [extra7161] Check if EFS have protects sensative data with encryption at rest - efs [Medium]
7.162 [extra7162] Check if CloudWatch Log Groups have a retention policy of 365 days - cloudwatch [Medium]
7.163 [extra7163] Check if Secrets Manager key rotation is enabled - secretsmanager [Medium]
7.164 [extra7164] Check if CloudWatch log groups are protected by AWS KMS - logs [Medium]
7.165 [extra7165] Check if DynamoDB: DAX Clusters are encrypted at rest - dynamodb [Medium]
7.166 [extra7166] Check if Elastic IP addresses with associations are protected by AWS Shield Advanced - shield [Medium]
7.167 [extra7167] Check if Cloudfront distributions are protected by AWS Shield Advanced - shield [Medium]
7.168 [extra7168] Check if Route53 hosted zones are protected by AWS Shield Advanced - shield [Medium]
7.169 [extra7169] Check if global accelerators are protected by AWS Shield Advanced - shield [Medium]
7.170 [extra7170] Check if internet-facing application load balancers are protected by AWS Shield Advanced - shield [Medium]
7.171 [extra7171] Check if classic load balancers are protected by AWS Shield Advanced - shield [Medium]
-D
option to copy to S3 with the initial AWS credentials instead of the assumed as with -B
option by @sectoramen in https://github.com/toniblyx/prowler/pull/974
-T
option is not mandatory by @jfagoagas in https://github.com/toniblyx/prowler/pull/944
-T
and -A
options are set together by @jfagoagas in https://github.com/toniblyx/prowler/pull/945
group25
FTR by @lopmoris in https://github.com/toniblyx/prowler/pull/948
group25
FTR by @lopmoris in https://github.com/toniblyx/prowler/pull/949
Full Changelog: https://github.com/toniblyx/prowler/compare/2.6.1...2.7
Published by toniblyx almost 3 years ago
Full Changelog: https://github.com/toniblyx/prowler/compare/2.6.0...2.6.1
Published by toniblyx almost 3 years ago
This release name is in honor to Phantom of the Opera, one of my favorite songs and a master piece of ๐ฅIron Maiden๐ฅ. It starts by "I've been lookin' so long for you now" like looking for security issues, isn't it? ๐ค๐ผ Enjoy it here while reading the rest of this note.
7.148 [extra7148] Check if EFS File systems have backup enabled - efs [Medium]
7.149 [extra7149] Check if Redshift Clusters have automated snapshots enabled - redshift [Medium]
7.150 [extra7150] Check if Elastic Load Balancers have deletion protection enabled - elb [Medium]
7.151 [extra7151] Check if DynamoDB tables point-in-time recovery (PITR) is enabled - dynamodb [Medium]
7.152 [extra7152] Enable Privacy Protection for for a Route53 Domain - route53 [Medium]
7.153 [extra7153] Enable Transfer Lock for a Route53 Domain - route53 [Medium]
7.154 [extra7154] Enable termination protection for Cloudformation Stacks - cloudformation [MEDIUM]
7.155 [extra7155] Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode - elb [MEDIUM]
7.156 [extra7156] Checks if API Gateway V2 has Access Logging enabled - apigateway [Medium]
7.157 [extra7157] Check if API Gateway V2 has configured authorizers - apigateway [Medium]
7.158 [extra7158] Check if ELBV2 has listeners underneath - elb [Medium]
7.159 [extra7159] Check if ELB has listeners underneath - elb [Medium]
Z
to control if Prowler returns exit code 3 on a failed check by @Kirizan in https://github.com/toniblyx/prowler/pull/865
-C
to be ran by @Kirizan in https://github.com/toniblyx/prowler/pull/891
-q
option (issue #884) by @w0rmr1d3r in https://github.com/toniblyx/prowler/pull/890
Full Changelog: https://github.com/toniblyx/prowler/compare/2.5.0...2.6.0
Thank you all for your contributions, Prowler community is awesome! ๐ฅณ
Published by toniblyx about 3 years ago
This new version was planned to celebrate AWS re:Inforce that would have taken place on August 24th and 25th but has been cancelled and the new studio album of Iron Maiden (Senjutsu) to be released on September 3rd 2021. In any case, enjoy this new version. More cool stuff coming soon!
Prowler would have been present in the re:Inforce 2021 conference with a pretty expected workshop called "Building Prowler into a QuickSight powered AWS security dashboard". Templates and workshop link to be public soon. For updates follow me on Twitter: https://twitter.com/ToniBlyx.
As Prowler keeps growing in user base and downloads (averages 1400 clones/day), there are more contributions and I want to thank you all for your feedback and code. Please keep contributing to make the Internet more secure.
Please read carefully this new features and changes (for CSV output and also to improve the data in json ASFF for Security Hub integration) if you have integrations using CSV, it may affect you.
PROFILE{SEP}ACCOUNT_NUM,REGION,TITLE_ID,CHECK_RESULT,ITEM_SCORED,ITEM_LEVEL,TITLE_TEXT,CHECK_RESULT_EXTENDED,CHECK_ASFF_COMPLIANCE_TYPE,CHECK_SEVERITY,CHECK_SERVICENAME,CHECK_ASFF_RESOURCE_TYPE,CHECK_ASFF_TYPE,CHECK_RISK,CHECK_REMEDIATION,CHECK_DOC,CHECK_CAF_EPIC,CHECK_RESOURCE_ID,PROWLER_START_TIME
.7.134 [extra7134] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21 - ec2 [High]
7.135 [extra7135] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092 - ec2 [High]
7.136 [extra7136] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23 - ec2 [High]
7.137 [extra7137] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434 - ec2 [High]
7.138 [extra7138] Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port - ec2 [High]
7.139 [extra7139] There are High severity GuardDuty findings - guardduty [High]
7.140 [extra7140] Check if there are SSM Documents set as public - ssm [High]
7.141 [extra7141] Find secrets in SSM Documents - ssm [Critical]
7.142 [extra7142] Check if Application Load Balancer is dropping invalid packets to prevent header based http request smuggling - elb [Medium]
7.143 [extra7143] Check if EFS have policies which allow access to everyone - efs [Critical]
7.144 [extra7144] Check if CloudWatch has allowed cross-account sharing - cloudwatch [Medium]
7.145 [extra7145] Check if Lambda functions have policies which allow access to any AWS account - lambda [Critical]
7.146 [extra7146] Check if there is any unassigned Elastic IP - ec2 [Low]
7.147 [extra7147] Check if S3 Glacier vaults have policies which allow access to everyone - glacier [Critical]
./prowler -h
for details) using bucket-owner-full-control../prowler -h
for details) @yangsec888-f <filterregion>
usage info*If you have made a contribution to this released and I missed your Github id here, my apologies and please let me know to include you. Thank you!