Cybersecurity for Everyone! Powered by NextGen AI!

Prowler for AWS Security Review – Cheatsheet

Prowler is an open-source AWS security assessment and auditing tool that helps evaluate the security posture of your AWS services and accounts. It’s built on top of AWS-CLI and generates reports in text, JSON, JUnit XML, and CSV formats.

1. Prerequisites

Before using Prowler, ensure you have the following installed and configured:

  • AWS CLI: Install and configure the AWS CLI by following the official AWS guide.
  • Prowler: Clone the Prowler repository from GitHub with git clone https://github.com/toniblyx/prowler or download the latest release from here.

2. Basic Usage

To start using Prowler, navigate to the Prowler directory and execute ./prowler. By default, Prowler runs all the checks on your AWS environment.

3. Prowler Command-Line Options

You can customize Prowler’s behavior using various command-line options:

OptionDescriptionExample
-gRun specific group of checks./prowler -g group1
-cRun a specific check`./prowler -c check
OptionDescriptionExample
-rSpecify an AWS region./prowler -r us-west-2
-lList available checks and groups./prowler -l
-MSpecify output format (text, json, junit-xml, csv)./prowler -M json
-oSpecify output file./prowler -o prowler_report.txt
-ARun Prowler across all AWS accounts (requires AWS Organizations)./prowler -A
-fFilter results by a specific string./prowler -f "s3"

4. Customizing Prowler Checks

Prowler allows you to create custom checks and groups. You can follow these steps to add your own checks:

  1. Create a new check file: Create a new file in the checks directory named check_your_check_name.sh.
  2. Define your check: Use the following template to define your check:
groupname="your_group_name"
group_title="Your Group Title"
check_id="your_check_id"
check_title="Your Check Title"
check_cis_level="Level 1, Level 2 or Not applicable"
check_description="A brief description of your check"
check_remediation="A brief description of the remediation steps"
check_severity="Critical, High, Medium, Low or Info
check_awscli_installed="yes" # Set to "no" if the check doesn't require AWS CLI
check_supported_os="linux" # Specify supported OS (linux, macos, or all)
check_delay="0" # Set a delay between API calls if needed

function check_your_check_id() {
  # Add your check logic here
  # Use `awk`, `grep`, `jq`, or other tools to process the output
  # Store the check result in a variable, e.g., result

  if [[ "$result" == "EXPECTED_RESULT" ]]; then
    echo "$check_id,$check_severity,$check_cis_level,$result,$account,$region,$resource,$check_description,$check_remediation"
  else
    echo "$check_id,$check_severity,$check_cis_level,$result,$account,$region,$resource,$check_description,$check_remediation"
  fi
}
  1. Add your check to a group: In the groups directory, create a new file named group_your_group_name and add the following content:
#!/bin/bash

for check in check_your_check_id; do
  . "checks/$check.sh" && $check
done
  1. Run your custom check or group: Use the -c or -g options to run your custom check or group:
./prowler -c
./prowler -c check_your_check_id

or

./prowler -g your_group_name

Cheatsheet

ActionCommand
Run Prowler with default checks./prowler
Run a specific group of checks./prowler -g group1
Run a specific check./prowler -c check1
Specify an AWS region./prowler -r us-west-2
List available checks and groups./prowler -l
Specify output format./prowler -M json
Specify output file./prowler -o prowler_report.txt
Run Prowler across all AWS accounts./prowler -A
Filter results by a specific string./prowler -f "s3"
Run a custom check./prowler -c check_your_check_id
Run a custom group of checks./prowler -g your_group_name

Comment (1)

  1. Hello thank you for your effort. I have a question how should we do if for example we want to create a specific group that have some existing checks ? for example a new groupe name called cutom_group, that have some check from cis and others from gdpr

Leave a Reply

Understanding SSRF Attacks with Medieval Wisdom Decoding Phishing: A Visual Tale Digital Deception: The Cache Conspiracy Harnessing Auto-GPT for Penetration Testing with OSINT Understanding Docker Through the LEGO Analogy: A Comprehensive Guide