Prowler is an Open Source security tool to perform AWS, GCP and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for prowler from gravatar.com prowler

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers
Report project as malware

Project description

Prowler SaaS and Prowler Open Source are as dynamic and adaptable as the environment they’re meant to protect. Trusted by the leaders in security.

Learn more at prowler.com

Prowler community on Slack
Join our Prowler community!

Slack Shield Python Version Python Version PyPI Prowler Downloads Docker Pulls Docker Docker AWS ECR Gallery

Repo size Issues Version Version Contributors License Twitter Twitter

Description

Prowler is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call Prowler SaaS.

Prowler App

Prowler App is a web application that allows you to run Prowler in your cloud provider accounts and visualize the results in a user-friendly interface.

Prowler App

More details at Prowler App Documentation

Prowler CLI

prowler <provider>

Prowler CLI Execution

Prowler Dashboard

prowler dashboard

Prowler Dashboard

It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks.

Provider Checks Services Compliance Frameworks Categories
AWS 561 81 -> prowler aws --list-services 30 -> prowler aws --list-compliance 9 -> prowler aws --list-categories
GCP 77 13 -> prowler gcp --list-services 3 -> prowler gcp --list-compliance 2 -> prowler gcp --list-categories
Azure 139 18 -> prowler azure --list-services 4 -> prowler azure --list-compliance 2 -> prowler azure --list-categories
Kubernetes 83 7 -> prowler kubernetes --list-services 1 -> prowler kubernetes --list-compliance 7 -> prowler kubernetes --list-categories

💻 Installation

Prowler App

Prowler App can be installed in different ways, depending on your environment:

See how to use Prowler App in the Prowler App Usage Guide.

Docker Compose

Requirements

Commands

curl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/master/docker-compose.yml
curl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/master/.env
docker compose up -d

Enjoy Prowler App at http://localhost:3000 by signing up with your email and password.

From GitHub

Requirements

Commands to run the API

git clone https://github.com/prowler-cloud/prowler
cd prowler/api
poetry install
poetry shell
set -a
source .env
docker compose up postgres valkey -d
cd src/backend
python manage.py migrate --database admin
gunicorn -c config/guniconf.py config.wsgi:application

Now, you can access the API documentation at http://localhost:8080/api/v1/docs.

Commands to run the API Worker

git clone https://github.com/prowler-cloud/prowler
cd prowler/api
poetry install
poetry shell
set -a
source .env
cd src/backend
python -m celery -A config.celery worker -l info -E

Commands to run the UI

git clone https://github.com/prowler-cloud/prowler
cd prowler/ui
npm install
npm run build
npm start

Enjoy Prowler App at http://localhost:3000 by signing up with your email and password.

Prowler CLI

Pip package

Prowler CLI is available as a project in PyPI, thus can be installed using pip with Python >= 3.9, < 3.13:

pip install prowler
prowler -v

More details at https://docs.prowler.com

Containers

The available versions of Prowler CLI are the following:

  • latest: in sync with master branch (bear in mind that it is not a stable version)
  • v4-latest: in sync with v4 branch (bear in mind that it is not a stable version)
  • v3-latest: in sync with v3 branch (bear in mind that it is not a stable version)
  • <x.y.z> (release): you can find the releases here, those are stable releases.
  • stable: this tag always point to the latest release.
  • v4-stable: this tag always point to the latest release for v4.
  • v3-stable: this tag always point to the latest release for v3.

The container images are available here:

From GitHub

Python >= 3.9, < 3.13 is required with pip and poetry:

git clone https://github.com/prowler-cloud/prowler
cd prowler
poetry shell
poetry install
python prowler.py -v

If you want to clone Prowler from Windows, use git config core.longpaths true to allow long file paths.

📐✏️ High level architecture

Prowler App

The Prowler App consists of three main components:

  • Prowler UI: A user-friendly web interface for running Prowler and viewing results, powered by Next.js.
  • Prowler API: The backend API that executes Prowler scans and stores the results, built with Django REST Framework.
  • Prowler SDK: A Python SDK that integrates with the Prowler CLI for advanced functionality.

Prowler App Architecture

Prowler CLI

You can run Prowler from your workstation, a Kubernetes Job, a Google Compute Engine, an Azure VM, an EC2 instance, Fargate or any other container, CloudShell and many more.

Architecture

Deprecations from v3

General

  • Allowlist now is called Mutelist.
  • The --quiet option has been deprecated, now use the --status flag to select the finding's status you want to get from PASS, FAIL or MANUAL.
  • All INFO finding's status has changed to MANUAL.
  • The CSV output format is common for all the providers.

We have deprecated some of our outputs formats:

  • The native JSON is replaced for the JSON OCSF v1.1.0, common for all the providers.

AWS

  • Deprecate the AWS flag --sts-endpoint-region since we use AWS STS regional tokens.
  • To send only FAILS to AWS Security Hub, now use either --send-sh-only-fails or --security-hub --status FAIL.

📖 Documentation

Install, Usage, Tutorials and Developer Guide is at https://docs.prowler.com/

📃 License

Prowler is licensed as Apache License 2.0 as specified in each file. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for prowler from gravatar.com prowler

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Release history Release notifications | RSS feed

5.9.2

5.9.1

5.9.0

5.8.1

5.8.0

5.7.5

5.7.4

5.7.3

5.7.2

5.7.1

5.7.0

5.6.0

5.5.1

5.5.0

5.4.4

5.4.3

5.4.2

5.4.1

5.4.0

5.3.0

5.2.3

5.2.2

5.2.1

5.2.0

5.1.5

5.1.4

5.1.3

5.1.2

5.1.1

5.1.0

5.0.5

5.0.4

5.0.3

5.0.2

This version

5.0.1

5.0.0

4.6.2

4.6.1

4.6.0

4.5.3

4.5.2

4.5.1

4.5.0

4.4.1

4.4.0

4.3.7

4.3.6

4.3.5

4.3.4

4.3.3

4.3.2

4.3.1

4.3.0

4.2.4

4.2.3

4.2.2

4.2.1

4.2.0

4.1.0

4.0.1

4.0.0

3.16.17

3.16.16

3.16.15

3.16.14

3.16.13

3.16.12

3.16.11

3.16.10

3.16.9

3.16.8

3.16.7

3.16.6

3.16.5

3.16.4

3.16.3

3.16.2

3.16.1

3.16.0

3.15.3

3.15.2

3.15.1

3.15.0

3.14.0

3.13.1 yanked

Reason this release was yanked:

The CI automation pushed some feature commits to a hotfix branch.

3.13.0

3.12.1

3.12.0

3.11.3

3.11.2

3.11.1

3.11.0

3.10.0

3.9.0

3.8.2

3.8.1

3.8.0

3.7.2

3.7.1

3.7.0

3.6.1

3.6.0

3.5.3

3.5.2

3.5.1

3.5.0

3.4.1

3.4.0

3.3.4

3.3.3 yanked

Reason this release was yanked:

Yanked since some code that do not belong to this release was pushed.

3.3.2

3.3.1 yanked

Reason this release was yanked:

We release a fix with new features that doesn't belong to this version.

3.3.0

3.2.4

3.2.3 yanked

Reason this release was yanked:

This release is broken due to a FileNotFoundError.

3.2.2

3.2.1

3.2.0

3.1.4

3.1.3

3.1.2

3.1.1

3.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

prowler-5.0.1.tar.gz (2.0 MB view details)

Uploaded Source

Built Distribution

prowler-5.0.1-py3-none-any.whl (3.6 MB view details)

Uploaded Python 3

File details

Details for the file prowler-5.0.1.tar.gz.

File metadata

  • Download URL: prowler-5.0.1.tar.gz
  • Upload date:
  • Size: 2.0 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.12.7

File hashes

Hashes for prowler-5.0.1.tar.gz
Algorithm Hash digest
SHA256 cafad78392c3ef18ff80ec8b974dc54f2f4367d3cdd8016b1b9172bb90303112
MD5 b3dd973333a13d5999b51a74db101d68
BLAKE2b-256 da27bb38b27c72deb5e179445083e55f921c5a5abed27898b2f68101a6270d63

See more details on using hashes here.

File details

Details for the file prowler-5.0.1-py3-none-any.whl.

File metadata

  • Download URL: prowler-5.0.1-py3-none-any.whl
  • Upload date:
  • Size: 3.6 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.12.7

File hashes

Hashes for prowler-5.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 3a98ce204a5b26a91ddde542ec67bae80aec910d983d7e5bd65649e6f628c78b
MD5 64a1da276f19f100db736ef4709fda27
BLAKE2b-256 79d8bbb3998cc361c5e95c70dfd02ee551b271c3158e816790d75f5557ad8867

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page