prowler

Run an AWS, Azure, GCP, Kubernetes - as provider - audit with default checks

$ prowler [provider]

$ prowler [provider] [[-l|--list-checks]]

$ prowler [provider] --list-services

$ prowler [provider] --output-modes [csv,json-asff,html,...]

$ prowler [provider] --verbose

$ prowler [provider] --status [PASS,FAIL,MANUAL]

$ prowler --help

$ prowler [[-v|--version]]

prowler cloud_provider [ options ]

cloud_provider: aws | azure | gcp | k8s

-h, --help
    Displays a help message and exits.

-p , --profile
    Specifies the AWS profile to use for authentication (e.g., from ~/.aws/credentials).

-r , --region
    Scans only resources within a specific cloud region (e.g., us-east-1 for AWS, eastus for Azure).

-c , --checks
    Runs only the specified comma-separated check IDs (e.g., 'iam_policy_no_sso,s3_bucket_public_access').

-g , --groups
    Runs all checks belonging to the specified comma-separated group IDs (e.g., 'iam,s3').

-s , --services
    Runs all checks for the specified comma-separated service IDs (e.g., 'ec2,s3').

--compliance
    Runs checks associated with a specific compliance framework (e.g., 'cis_v1.2_aws', 'hipaa', 'gdpr').

-o , --output-formats
    Specifies the desired output format(s). Multiple formats can be comma-separated (e.g., 'csv,html,json'). Supported formats include 'csv', 'json', 'json-asff', 'sarif', 'html', 'pdf', 'json-ocsf'.

-M , --output-modes
    Sets the output mode for the terminal. Options include 'plain' (default), 'quiet' (minimal output), 'json', 'html'.

--list-checks
    Lists all available checks with their IDs and descriptions.

--list-groups
    Lists all available check groups with their IDs and descriptions.

--list-services
    Lists all available cloud services that Prowler can audit.

-F, --fix
    Attempts to automatically remediate identified misconfigurations. Use with extreme caution and proper backups.

--dry-run
    When used with '--fix', shows what remediations would be applied without actually making changes.

--verbose
    Increases verbosity of output messages.

--no-colors
    Disables colored output in the terminal.

Prowler is an open-source command-line tool designed for comprehensive cloud security best practices assessment, auditing, hardening, and incident response. It helps organizations evaluate their cloud environments (AWS, Azure, Google Cloud Platform, and Kubernetes clusters) against a wide array of security standards and frameworks, including CIS Benchmarks, NIST, HIPAA, PCI-DSS, ISO 27001, and GDPR. Prowler automatically identifies misconfigurations, vulnerabilities, and deviations from security best practices by performing a multitude of checks against your cloud resources. Its reports provide actionable insights, enabling security teams to enhance their cloud posture and ensure compliance. Prowler is a vital tool for continuous security monitoring and proactive risk management in multi-cloud environments.

Prowler is not a standard Linux distribution utility; it's a standalone Python-based security auditing tool primarily for cloud environments. It typically needs to be cloned from its GitHub repository and run from that directory. It requires appropriate IAM permissions in your cloud provider accounts (usually read-only for auditing, and write permissions for remediation actions with the '--fix' flag). Running Prowler can generate a significant amount of network traffic and API calls to your cloud provider, which could incur costs or hit API rate limits if not managed properly. Always test remediation actions in a non-production environment first.

Prowler is typically installed by cloning its official GitHub repository:
git clone https://github.com/prowler-cloud/prowler.git
Once cloned, navigate into the directory and run it using Python:
cd prowler
./prowler aws
It requires Python 3.7+ and 'pip' for dependency management. Ensure your cloud provider CLI (e.g., AWS CLI, Azure CLI, gcloud CLI) is configured and authenticated.

Prowler generates detailed reports in various formats, by default saving them into an 'output/' directory within the Prowler installation path. These reports include findings, affected resources, and recommendations for remediation, making them valuable for compliance reporting and security posture improvement. The HTML reports provide an easily digestible, interactive view of the audit results.

Prowler supports auditing against numerous industry-recognized compliance frameworks and regulations, including:
CIS Benchmarks: For AWS, Azure, GCP, Kubernetes.
NIST CSF: National Institute of Standards and Technology Cybersecurity Framework.
HIPAA: Health Insurance Portability and Accountability Act.
PCI-DSS: Payment Card Industry Data Security Standard.
ISO 27001: Information Security Management System standard.
GDPR: General Data Protection Regulation.
Using the --compliance flag allows users to focus audits on specific regulatory requirements.

Prowler originated as a tool focused on auditing Amazon Web Services (AWS) environments against CIS Benchmarks and other security best practices. It quickly gained popularity within the security community due to its ease of use and comprehensive checks. Over time, its scope expanded significantly to include support for other major cloud providers like Microsoft Azure and Google Cloud Platform (GCP), and more recently, Kubernetes. This evolution reflects the growing demand for multi-cloud security posture management and compliance validation, making Prowler a cornerstone tool for cloud security professionals.

ScoutSuite, CloudMapper, Pacu, Falco, Tfsec, Kube-bench