tessl/pypi-prowler
Open source cloud security assessment tool for AWS, Azure, GCP, and Kubernetes with hundreds of compliance checks.
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-prowler@5.10.0index.mddocs/
Prowler
Prowler is an open-source cloud security assessment tool that performs comprehensive security audits across AWS, Azure, GCP, Kubernetes, GitHub, and Microsoft 365 environments. It provides hundreds of security checks aligned with industry compliance frameworks including CIS benchmarks, NIST, PCI-DSS, GDPR, HIPAA, and SOC2, enabling automated security assessments, continuous monitoring, and compliance validation for cloud infrastructures.
Package Information
- Package Name: prowler
- Language: Python
- Installation:
pip install prowler - Repository: https://github.com/prowler-cloud/prowler
- Documentation: https://docs.prowler.cloud
Core Imports
import prowlerMain CLI entry point:
from prowler.__main__ import prowlerCore check execution:
from prowler.lib.check.check import execute_checks
from prowler.lib.check.checks_loader import load_checks_to_execute
from prowler.lib.check.models import CheckMetadata, Severity
from prowler.lib.outputs.finding import FindingProvider management:
from prowler.providers.aws.aws_provider import AWSProvider
from prowler.providers.azure.azure_provider import AzureProvider
from prowler.providers.gcp.gcp_provider import GCPProvider
from prowler.providers.common.provider import ProviderConfiguration and compliance:
from prowler.config.config import (
prowler_version,
get_available_compliance_frameworks,
available_compliance_frameworks,
available_output_formats,
default_output_directory
)Logging:
from prowler.lib.logger import logger, set_logging_configBasic Usage
CLI Usage
from prowler.__main__ import prowler
# Run prowler CLI with arguments
import sys
sys.argv = ['prowler', 'aws', '--region', 'us-east-1']
prowler()Programmatic Usage
from prowler.lib.check.check import execute_checks
from prowler.lib.check.checks_loader import load_checks_to_execute
from prowler.providers.aws.aws_provider import AWSProvider
from prowler.lib.outputs.finding import Finding
# Initialize AWS provider with authentication
provider = AWSProvider(
profile="default",
regions={"us-east-1", "us-west-2"},
resource_tags=["Environment=production"]
)
# Load checks for execution
checks = load_checks_to_execute(provider, check_list=['iam_user_mfa_enabled'])
# Execute security checks
findings = execute_checks(checks, provider)
# Process findings
for finding in findings:
if finding.status == 'FAIL':
print(f"Failed check: {finding.metadata.CheckID}")
print(f"Resource: {finding.resource_uid}")
print(f"Description: {finding.metadata.Description}")Provider Authentication Examples
from prowler.providers.aws.aws_provider import AWSProvider
from prowler.providers.azure.azure_provider import AzureProvider
from prowler.providers.gcp.gcp_provider import GCPProvider
# AWS with IAM role assumption
aws_provider = AWSProvider(
role_arn="arn:aws:iam::123456789012:role/ProwlerRole",
external_id="unique-external-id",
regions={"us-east-1", "eu-west-1"}
)
# Azure with service principal
azure_provider = AzureProvider(
client_id="12345678-1234-1234-1234-123456789012",
client_secret="your-client-secret",
tenant_id="87654321-4321-4321-4321-210987654321",
subscription_ids=["sub-1", "sub-2"]
)
# GCP with service account
gcp_provider = GCPProvider(
credentials_file="/path/to/service-account.json",
project_ids=["project-1", "project-2"],
organization_id="123456789012"
)Architecture
Prowler follows a modular architecture organized around key components:
- Providers: Cloud platform abstractions (AWS, Azure, GCP, Kubernetes, GitHub, M365) implementing a common Provider interface
- Checks: Security assessment modules organized by service and compliance framework
- Findings: Standardized result objects representing security check outcomes
- Outputs: Multiple output formats (JSON, CSV, HTML, ASFF, OCSF) with compliance reporting
- Compliance: Framework mappings linking checks to industry standards and regulations
This design enables Prowler to scale across multiple cloud platforms while maintaining consistent security assessment patterns and supporting extensive compliance reporting requirements.
Capabilities
CLI Interface and Main Entry Point
Main command-line interface providing comprehensive cloud security scanning with support for multiple providers, filtering options, compliance frameworks, and output formats.
def prowler():
"""
Main CLI entry point that orchestrates the entire scanning process.
Uses sys.argv for command-line argument parsing.
Returns:
None (exits with appropriate status code)
"""Check Management and Execution
Core functionality for loading, filtering, and executing security checks across cloud providers with support for custom checks, service filtering, and compliance framework mapping.
def execute_checks(checks: list, provider: Provider) -> list[Finding]:
"""
Execute security checks and return findings.
Parameters:
- checks: List of check modules to execute
- provider: Provider instance (AWS, Azure, GCP, etc.)
Returns:
List of Finding objects representing check results
"""
def load_checks_to_execute(provider: Provider, check_list: list = None, service_list: list = None) -> list:
"""
Load checks based on provider and filtering criteria.
Parameters:
- provider: Provider instance
- check_list: Optional list of specific checks to run
- service_list: Optional list of services to include
Returns:
List of check modules to execute
"""Check Metadata and Models
Standardized data models for representing security check metadata, severity levels, remediation information, and compliance mappings using Pydantic for validation.
class CheckMetadata:
"""
Pydantic model for check metadata.
Attributes:
- Provider: str - Provider type (aws, azure, gcp, etc.)
- CheckID: str - Unique check identifier
- CheckTitle: str - Human-readable check name
- CheckType: list[str] - Check categories
- ServiceName: str - Cloud service name
- SubServiceName: str - Sub-service name
- Severity: Severity - Severity level enum
- ResourceType: str - Resource type being checked
- Description: str - Check description
- Risk: str - Risk description
- Remediation: Remediation - Remediation information
"""
class Severity(Enum):
"""Severity level enumeration."""
critical = "critical"
high = "high"
medium = "medium"
low = "low"
informational = "informational"Finding Management and Output
Comprehensive finding representation and output generation supporting multiple formats (JSON, CSV, HTML, ASFF, OCSF) with compliance reporting and integration capabilities.
class Finding:
"""
Pydantic model representing a security finding.
Attributes:
- auth_method: str - Authentication method used
- timestamp: datetime - Finding timestamp
- account_uid: str - Account unique identifier
- metadata: CheckMetadata - Check metadata
- status: Status - Finding status (PASS/FAIL/MANUAL)
- resource_uid: str - Resource unique identifier
- region: str - Cloud region
- compliance: dict - Compliance framework mappings
"""
def generate_output(findings: list[Finding], output_format: str, output_directory: str):
"""
Generate output in specified format.
Parameters:
- findings: List of Finding objects
- output_format: Output format (json, csv, html, asff, ocsf)
- output_directory: Directory for output files
Returns:
None (writes files to output directory)
"""Provider Framework
Multi-cloud provider abstraction supporting AWS, Azure, GCP, Kubernetes, GitHub, and Microsoft 365 with standardized authentication, session management, and credential handling.
class Provider:
"""
Abstract base class for all cloud providers.
Properties:
- type: str - Provider type identifier
- identity: dict - Provider identity information
- session: object - Provider session object
- audit_config: dict - Audit configuration
Methods:
- setup_session(): Abstract method to setup provider session
- print_credentials(): Abstract method to print credential info
- validate_arguments(): Abstract method to validate provider arguments
"""
class AWSProvider(Provider):
"""AWS provider implementation."""
class AzureProvider(Provider):
"""Azure provider implementation."""
class GCPProvider(Provider):
"""GCP provider implementation."""Configuration and Compliance
Configuration management and compliance framework support with mappings to industry standards including CIS benchmarks, NIST, ISO 27001, PCI-DSS, and custom frameworks.
prowler_version: str = "5.10.2"
available_compliance_frameworks: list[str]
available_output_formats: list[str]
default_output_directory: str
def get_available_compliance_frameworks(provider: str = None) -> list[str]:
"""
Get available compliance frameworks for a provider.
Parameters:
- provider: Optional provider name to filter frameworks
Returns:
List of available compliance framework names
"""
def check_current_version() -> dict:
"""
Check for newer Prowler versions.
Returns:
Dictionary with version information and update availability
"""Logging and Utilities
Logging configuration, utility functions, and helper methods for string manipulation, data processing, and common operations across the Prowler ecosystem.
def set_logging_config(log_level: str, log_file: str = None, only_logs: bool = False):
"""
Configure logging for Prowler.
Parameters:
- log_level: Logging level (DEBUG, INFO, WARNING, ERROR, CRITICAL)
- log_file: Optional log file path
- only_logs: Whether to suppress banner and only show logs
Returns:
None
"""
logger: Logger # Global logger instance
logging_levels: dict[str, int] # Mapping of level names to constantsTypes
from enum import Enum
from typing import Optional, List, Dict, Any
from pydantic import BaseModel
from datetime import datetime
class Status(Enum):
"""Finding status enumeration."""
PASS = "PASS"
FAIL = "FAIL"
MANUAL = "MANUAL"
class Provider(Enum):
"""Supported provider enumeration."""
aws = "aws"
azure = "azure"
gcp = "gcp"
kubernetes = "kubernetes"
github = "github"
m365 = "m365"
nhn = "nhn"
iac = "iac"
class Code(BaseModel):
"""Remediation code model."""
NativeIaC: Optional[str] = None
Terraform: Optional[str] = None
CLI: Optional[str] = None
Other: Optional[str] = None
class Recommendation(BaseModel):
"""Recommendation model."""
Text: str
Url: Optional[str] = None
class Remediation(BaseModel):
"""Remediation information model."""
Code: Optional[Code] = None
Recommendation: Recommendation