Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.1...3.16.2
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.0...3.16.1
Full Changelog: https://github.com/prowler-cloud/prowler/compare/4.0.0...4.0.1
You'll take my life, but I'll take yours too You'll fire your musket, but I'll run you through So when you're waiting for the next attack You'd better stand, there's no turning back
When I started Prowler almost eight years ago, I thought about calling it The Trooper (thetrooper
as in the command line sounds good but I thought prowler
was even better). I can say today, with no doubt that this version 4.0 of Prowler, The Trooper, is by far the software that I always wanted to release. Now, as a company, with a whole team dedicated to Prowler (Open Source and SaaS), this is even more exciting. With standard support for AWS, Azure, GCP and also Kubernetes, with all new features, this is the beginning of a new era where Open Cloud Security makes an step forward and we say: hey WE ARE HERE FOR REAL and when you're waiting for the next attack, you'd better stand, there's no turning back
Enjoy Prowler - The Trooooooooper! π€π½π₯ song!
--sts-endpoint-region
since we use AWS STS regional tokens.--quiet
option has been deprecated, now use the --status
flag to select the finding's status you want to get from PASS
, FAIL
or MANUAL
.--send-sh-only-fails
or --security-hub --status FAIL
INFO
finding's status has changed MANUAL
.We have deprecated some of our outputs formats:
prowler dashboard
)Dashboard
prowler dashboard
and enjoy overview data and compliance.
ποΈ New Kubernetes provider
prowler kubernetes --kubeconfig-file <kube.yaml>
π Compliance
output/compliance
AWS
--scan-unused-services
.prowler aws --category threat-detection
for Enumeration and Privilege Escalation type of activities.πΊοΈ Azure
π Mutelist
π Outputs
π» Providers
π¨ Fixer
--fix
to allow you to remediate findings. You can list all the available fixers with prowler aws --list-fixers
--namespaces
argument and solve bugs by @sergargar in https://github.com/prowler-cloud/prowler/pull/3431
--sts-endpoint-region
by @sergargar in https://github.com/prowler-cloud/prowler/pull/3046
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.0...4.0.0
Turn the spotlights on the people Switch the dial and eat the worm Take your chances, kill the engine Drop your bombs and let it burn
Enjoy the last release of Prowler v3 π€π½π₯ with this Iron Maiden song!
πͺπΌ 17 New Azure checks
prowler azure --list-checks
π Azure CIS v2.0 and v2.1 coverage
prowler azure --compliance cis_2.1_azure
π§ More fixes and updates for all the providers
vm_ensure_using_managed_disks
metadata by @Hugo966 in https://github.com/prowler-cloud/prowler/pull/3617
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.15.3...3.16.0
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.15.2...3.15.3
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.15.1...3.15.2
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.15.0...3.15.1
Youβre children of the damned Your backs against the wall You turn into the light Youβre burning in the night
Beware the cloud security issues that paralyze! As per Bruce Dickinson comments at the BBC, this Iron Maiden song part of The Number of the Beast album was inspired by by Black Sabbathβs βChildren of the Seaβ. In any case, letβs put all those cloud security misconfigurations against the wall now!
Enjoy it! π€π½π₯
πͺπΌ 40 New Azure checks
See all the new available checks with
prowler azure -l
π Shodan.io support for Azure and GCP
prowler gcp -c compute_public_address_shodan --shodan <API_KEY>
and prowler azure -c network_public_ip_shodan --shodan <API_KEY>
The Shodan API Key can also be set in the
config.yaml
file instead of using the--shodan
flag.
β Added Kubernetes Coverage in Cloud Providers
prowler aws/azure/gcp --services eks/aks/gke
π New AWS FTR Compliance
prowler aws --compliance foundational_technical_review_aws
policy_ensure_asc_enforcement_enabled
by @puchy22 in https://github.com/prowler-cloud/prowler/pull/3452
monitor_ensure_diagnostic_setting_appropriate
by @Hugo966 in https://github.com/prowler-cloud/prowler/pull/3421
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.14.0...3.15.0
Home, far away From the war, a chance to live again Home, far away But the war, no chance to live again
Prowler 3.14 is here! Like the PI number, this version will drive you through the magic of fixing security issues in your cloud infrastructure, more Azure checks for your joy and amusement. Enjoy it! π€π½π₯
πͺπΌ 25 New Azure checks
See all the new available checks with
prowler azure -l
last_attempted_execution_date
is None by @sergargar in https://github.com/prowler-cloud/prowler/pull/3394
storage_default_network_access_rule_is_denied
by @Hugo966 in https://github.com/prowler-cloud/prowler/pull/3387
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.13.0...3.14.0