tessl/pypi-prowler

Open source cloud security assessment tool for AWS, Azure, GCP, and Kubernetes with hundreds of compliance checks.

—

Pending

Overview

Eval results

Files

CLI Interface and Main Entry Point

Name: tessl/pypi-prowler
Author: tessl

Prowler's command-line interface provides comprehensive cloud security scanning capabilities with support for multiple providers, extensive filtering options, compliance frameworks, and various output formats. The CLI serves as the primary entry point for security assessments and automated compliance auditing.

Capabilities

Main CLI Entry Point

Primary entry point that orchestrates the entire security scanning process, handling argument parsing, provider initialization, check execution, and output generation.

def prowler():
    """
    Main CLI entry point that orchestrates the entire scanning process.
    
    Uses sys.argv for command-line argument parsing and coordinates:
    - Provider initialization and authentication
    - Check loading based on filters and compliance frameworks
    - Security check execution
    - Finding collection and processing
    - Output generation in multiple formats
    
    Returns:
    None (exits with appropriate status code)
    
    Raises:
    ProwlerException: On configuration or execution errors
    SystemExit: On argument parsing errors or completion
    """

Argument Parser

Comprehensive argument parsing system supporting all provider types, filtering options, output formats, and compliance frameworks.

class ProwlerArgumentParser:
    """
    Main argument parser class handling all CLI options.
    
    Supports provider-specific arguments, filtering options,
    output configuration, and compliance framework selection.
    """
    
    def __init__(self):
        """
        Initialize the parser with all provider and option parsers.
        
        Sets up argument groups for:
        - Provider selection and authentication
        - Check and service filtering
        - Output format and destination
        - Compliance framework selection
        - Logging and debugging options
        """
    
    def parse(self, args: list = None) -> argparse.Namespace:
        """
        Parse arguments and perform validation.
        
        Parameters:
        - args: Optional list of arguments (defaults to sys.argv)
        
        Returns:
        Parsed arguments namespace with validated options
        
        Raises:
        SystemExit: On parsing errors or help requests
        """

Banner Display

Prowler banner display functionality for CLI branding and visual identification.

def print_banner(legend: bool = False):
    """
    Print the Prowler banner with optional color legend.
    
    Parameters:
    - legend: Whether to include color legend for output interpretation
    
    Returns:
    None (prints to stdout)
    """

Usage Examples

Basic Provider Scanning

from prowler.__main__ import prowler
import sys

# Scan AWS account with default checks
sys.argv = ['prowler', 'aws']
prowler()

# Scan specific Azure region
sys.argv = ['prowler', 'azure', '--region', 'eastus']
prowler()

# Scan GCP project
sys.argv = ['prowler', 'gcp', '--project-id', 'my-project']
prowler()

Filtering and Compliance

import sys
from prowler.__main__ import prowler

# Run specific compliance framework
sys.argv = ['prowler', 'aws', '--compliance', 'cis_1.5_aws']
prowler()

# Run specific checks only
sys.argv = ['prowler', 'aws', '--check', 'iam_user_mfa_enabled', 'ec2_instance_public_ip']
prowler()

# Exclude services
sys.argv = ['prowler', 'azure', '--excluded-services', 'storage', 'network']
prowler()

# Filter by region
sys.argv = ['prowler', 'aws', '--region', 'us-east-1', 'us-west-2']
prowler()

Output Configuration

import sys
from prowler.__main__ import prowler

# Generate multiple output formats
sys.argv = [
    'prowler', 'aws',
    '--output-formats', 'json', 'csv', 'html',
    '--output-directory', '/tmp/prowler-results'
]
prowler()

# Generate ASFF output for AWS Security Hub
sys.argv = ['prowler', 'aws', '--output-formats', 'asff']
prowler()

# Generate OCSF output
sys.argv = ['prowler', 'gcp', '--output-formats', 'ocsf']
prowler()

Advanced Configuration

import sys
from prowler.__main__ import prowler

# Custom checks directory
sys.argv = [
    'prowler', 'aws',
    '--custom-checks-folder', '/path/to/custom/checks'
]
prowler()

# Mute specific findings
sys.argv = [
    'prowler', 'azure',
    '--mutelist-file', '/path/to/mutelist.yaml'
]
prowler()

# Parallel execution
sys.argv = [
    'prowler', 'aws',
    '--parallel',
    '--processes', '4'
]
prowler()

# Quiet mode with specific log level
sys.argv = [
    'prowler', 'gcp',
    '--quiet',
    '--log-level', 'ERROR',
    '--log-file', '/var/log/prowler.log'
]
prowler()

CLI Command Structure

The Prowler CLI follows this general structure:

prowler <provider> [provider-options] [global-options]

Supported Providers

aws - Amazon Web Services
azure - Microsoft Azure
gcp - Google Cloud Platform
kubernetes - Kubernetes clusters
github - GitHub organizations and repositories
m365 - Microsoft 365 environments

Global Options

--check - Specific checks to run
--excluded-checks - Checks to exclude
--service - Services to include
--excluded-services - Services to exclude
--compliance - Compliance frameworks to apply
--region - Regions to scan
--output-formats - Output formats (json, csv, html, asff, ocsf)
--output-directory - Output directory path
--quiet - Suppress banner and progress output
--log-level - Logging level
--parallel - Enable parallel execution
--mutelist-file - Path to findings mute list

Provider-specific options vary based on the selected provider and include authentication methods, resource filtering, and platform-specific configuration options.

Install with Tessl CLI