Origins of Prowler

Back in 2016 I took a cloud security architect role at Alfresco Software, where I led the security efforts around everything that we had to do with the cloud at that time. The first challenge I faced was to know what to secure. We had a good number of AWS accounts and I didn’t know what type of resources or services we were using. I didn’t even know which regions we were using! 

That’s when the idea occurred to me to write a small tool to see what was there.

Around that time, the Center for Internet Security (CIS) released the CIS Amazon Web Services Foundations Benchmark. It was the first time they had released a benchmark with a Creative Commons license. It meant I could take that and start writing something based on their work. So I wrote a very basic tool to verify the recommended security checks that the CIS had identified. 

At first the tool was very simple. You would run it and get red if you have something to fix, green if you were good to go. I made it this way because I didn’t want to run that tool myself—I wanted the engineers or teams working with AWS accounts to be able to use it. It was a mindset that helped ensure they were self-sufficient with their own hardening and security.

Over time, I fixed more issues and added more features. I made it open source and released it on GitHub, and sent out a couple of tweets. People started using it, and before I knew it, Prowler was gaining stars on Github while the community added new features and additional checks and fixes. Now it has 6,400 stars and 200 contributors.

What Is Prowler? 

Prowler is an open source security tool for AWS providing over 250 checks for more than 40 AWS services, built by an incredibly active community. It’s multi-region by default, and runs on any AWS partition (Commercial, GovCloud, China, Top Secret). With built-in checks for things like CIS benchmarks, GDPR, HIPPA compliance, SOC2 readiness, and many more, Prowler scans for all AWS services and API endpoints per region, per account. 

Internet-exposed resources, unauthenticated services, open S3 buckets, misconfigurations, secrets in code…you name it, Prowler likely has a check for that. And if it doesn’t, you can write your own custom checks for whatever additional or unique AWS security needs your organization might have.

Along with using Prowler for regular, continuous analysis of your overall security posture, you can also use it for:

  • Audits and assessments: Confirm compliance and audit requirements are met.
  • Hardening: Assess your system’s attack vectors in order to decide what needs to be done to reduce the overall attack surface.
  • Pen testing: Use Prowler to find secrets in code or variables, internet-exposed resources which expose attack vectors, and unauthenticated services.
  • Incident response: Take a snapshot of AWS services, filter by severity, and see if you have something like a S3 bucket open or an RDS database instance exposed to the internet.

One other helpful feature in Prowler is the number of different formats that it supports. Beyond the basic command-line output, you can get results in CSV, JSON, and HTML, and you can easily send those to an S3 bucket if you want. You can also use the JUnit XML format if you want to run Prowler within CodeBuild or Jenkins. And finally, you can send your results natively in ASFF (AWS Security Finding Format) to AWS Security Hub so you can easily check the Prowler results for your environment against security industry standards and best practices.

Prowler helps you to understand your full AWS security posture, and create your own checks and framework based on your organization’s specific needs. If you’re using AWS, then you need Prowler! 

Introducing Prowler Training

Today we’re releasing a Prowler Training Course to help people start using Prowler and get up to speed quickly. The course is free, and consists of a series of short, actionable videos where I walk you through the basics of Prowler, how to run it and what some sample outputs look like, and then how to write your own custom checks and some advanced features like sending your results directly to Security Hub.

The course is made up of the following modules:

  • Introduction to Prowler  (now available)
  • Module 1: Prowler in Action on AWS (now available) 
  • Module 2: Writing and Debugging Custom Checks in Prowler (coming soon)
  • Module 3: Using the Advanced Features of Prowler (coming soon)
  • Module 4: Advanced Prowler Tips and Tricks (coming soon)

I’m excited to get even more people using Prowler, and hope this course helps you get up and running fast! Sign up today to access the released modules and email notifications when the next modules are available.

Toni de la Fuente

Founder of Prowler Open Source & Lead of Prowler Pro

I’m founder of Prowler Open Source, tool for AWS security best practices. I also worked for AWS as security engineer and security consultant. I’m passionate about FLOSS (Free Libre Open Source Software) in general and Information Security, Incident Response and Digital Forensics in particular. I like everything related to cloud computing and automation. I have done some things for security and the Open Source community like Prowler, phpRADmin, Nagios plugin for Alfresco, Alfresco BART (backup tool). I’ve also contributed in books and courses related to Linux, Monitoring and AWS Security for PacktPublishing.