Special thanks to all contributors mentioned below.

This new version of Prowler wouldn't be possible without you all. Thanks!

List of Contributors for this release:

zfLQ2qx2 gabrielsoltz Nimrod Kor Mr. Secure Tobi Fuhrimann jonnyCodev Or Evron soffensive Venki angabini Venkatadri Duggina Samuel Dugo Martin Kemp Marcus Maxwell Fayez Barbari Dominick Bellizzi David Lladro C.J Ricardo Oliveira Kim Oliver Fehrs Kasprzykowski Jonathan Rau Jerome Caffet Barak Schoster Goihman tomcrawf90 shaunography james-portman-contino bgeesaman barnhartguy alphad05 Will Thames Tom Crawford Ryan John Peck Roman Vynar Richard Nienaber Ralph Rodkey Nick Malcolm Nic Doye Ngọ Anh Đức Morey Straus Michael Peterson Kinnaird McQuade Kevin Pawloski JohnVonNeumann Dom Bellizzi Clint Moyer Christopher Morrow Brian Fallik Artashes Arabajyan Affan Malik

New features:

f3bfe90: Add native support for AssumeRole f979c73: Add quiet mode that only shows failures be4bbe4: New POC for scoring report 00e5e65: Option "-c" supports one or multiple checks 71355b0: New option "-E" supports exclusion of one or multiple checks ab5968c: Re remove colors in json output f006c81: Use custom AWS profile with Role to assume cea0cfb: Prevent colorization on Failed and Info 8bb1529: More jq_improvements 61ef02e: Reduced API calls 64e38dd: Added megaprowler code for multiaccount (sample implementation) f32b769: Make 3.x tests simpler and more useful 4bc64e9: Create Pipfile ea6d9c9: Integration with Yelp detect-secrets 58fdd45: Ability to exclude check from group run e273ae3: Adding detect_secrets support to Docker da9cb41: Added jq to Dockerfile and fixes bc9d4fe: Created a new Dockerfile based on Alpine a2ccac9: FreeBSD support

New checks:

4098521: Check find secrets in UserData for Auto Scaling groups check_extra775 a824e06: Check if user have unused console login 2f17cfb: Check if CloudFront is using a WAF 4c1d188: Check for unused Elastic IP addresses 3b264d5: Check for internet facing instances with an Instance Profile attached. 7b5ece8: Check IAM Access Analyzer fe65eaf: Check ECS scan on push b61af3a: Check secrets in ECS task definition environment variables 961b79a: Check for CloudFront field level encryption 264b84a: Check for ECR scanning 2c531a2: Check for unsupported lambda runtimes 66c59ea: Check for EBS default encryption 40117ed: Checks for EC2 age b8c7915: Check extra756 Redshift cluster public 5cd7214: Check extra755 open Memcached port 4f00760: Check extra754 open Cassandra port 660b573: Check open MongoDB port 1d45c45: Check open Redis port 3693ee3: Check SG open Postgres port c36a606: Check SG open MySQL ports 5325bab: Check SG open MySQL ports e283d35: Check SG open Oracle ports b95cf5b: Check SG open to any port c6dfbfd: Check IPv6 support to networking checks 62991cf: Check RDS CloudWatch Log integration 8b4b59e: Check RDS backup and RDS group of checks a6569a0: Added group12 apigateway checks 50b6e63: Check API Gateway has authorizers 3582b42: Check API Gateway has CloudWatch Logs 65e2ff7: Check API Gateway has authorizers 504a11b: Check API Gateway public or private f03eccf: Check API Gateway has a WAF ACL attached d078985: Check API Gateway has client certificate enabled bde9482: Check to find keys in CloudFormation Outputs

Documentation improvements:

e5e5e84: Add documentation for excluding group checks 4f4591d: Added more install details and docker run 1e1de4f: Added Security Hub integration link 24780b4: Improve documentation with prowler-additions-policy.json 2da125f: UPDATE README.md - fix incorrect group flag 04acb74: Enhanced requirements and installation bc12717: Added MFA help d818381: Wazuh integration guide DRAFT b59d5db: Added new option exclude 2700365: Improved rules ID 08cdf35: Added CODE_OF_CONDUCT.md

Fixes:

0210c43: check_11_check_access_keys_usage 4a1d406: Check Extra 774 - Fixed bug - was checking account creation time instead of last logon date. 44716cf: mark_only_available_rds_instances_as_violating 1f3aaa8: es_public_domains_filter_condition 6213a74: public_bucket_policy_check_for_conditions bf9ffc0: extra748_check_for_all_ports fff605b: fix_extra_764_handle_all_aws a6516e4: Check 1.1 - check password access and access key usage 4fe5750: Filter for only available rds instances in check 178a34e: Add conditions check for extra716 5f3293a: Add conditions check for extra771 28a8ae7: Check extra748 should fail in case of all ports (0-65535) open daa26ed: extra764 should also check for principal being AWS = "" 9bd54ca: Fixed issue #378 4d683a7: fix-check11 4476571: check if last_login_date is a valid date 5069fd2: Associate VPCFlowLog with VPC 0d1807b: Remove ses:sendemails a77d3b0: handle_get_bucket_policy_error 5cebebb: handle_get_bucket_policy_error 528e14d: Update check119 fe2d2b4: check root account access login and fail if used in the last day 74cbbdd: add text info in case of error occurred 029c330: fix check extra 764 2abe360: Update group7_extras d473ebe: moving MAX_DAYS to the inner scope of the function f038074: Update prowler-additions-policy.json f797805: issue 458 ef001af: issue 459 2d712f6: issue-163-CloudFront-WAF 278e382: Update group7_extras 3452ecd: eip_check f2f8216: issue 460 f735de8: Rewrite of check extra73 9fc0f6c: Remove check 766, dupe of check 765 41ccd45: Add additional error checking to address issue 459 9ed7d75: Add command for check119 b3b9039: cleanup_temp_files 4806d5f: update_check_extra764 a755ec8: update_extra769 3c703de: update_check_extra726 7d324be: Resolve issue with not_available state in results b22b0af: Misc fixes to check extra764 4cc5cd1: Try to make sure prowler cleans up its temporary files 688f028: Add additional error checkings to check extra769 c84190c: Add error checking to checks extra77 and extra765 23be47a: Enhanced title for check extra723 ab75f19: small_fixes_to_extra731_extra716 20b127f: Added DS IAM actions cc5da42: add lambda:get to prowler-additions-policy 1087d60: Small check fixes d2b3e5e: Added new checks to extras group 0d120a4: check_bucket_policies_public_write 0ab5d87: public-instance-with-instance-profile-attached 39c7ea5: Add feature custom checks folder issue #439 933e415: fix_check26 fc3f4e8: Reuse ACCOUNT_NUM 7e803bb: Change to check 771 8e1aa17: Fix check26 - get the account ID from sts dd5bf6c: fix_check21 7cb869a: use more generic access-analyzer:List* 559b058: Add trail count to check21 and fail if no trail exist 53f097c: Add "access-analyzer:ListTagsForResource" to prowler-additions-policy.json b6e34ad: Fix issue #409 4af3dc1: Fix issue #426 updated base64 function 923fadb: check-3xx-whitespace-tolerance 3f68acc: Added missing file iam/prowler-additions-policy.json 2e11e0a: Fix extra764 check c630c02: Update check_extra768 e18cea2: consolidated ProwlerReadOnlyPolicy and available json 8f91bfe: clean up documentation and added info to check_sample c513e7a: ecs_task_definition_secrets_check_contribute 2e1cead: extra719 5c8b0aa: check726 15dda01: prowler-misc-updates d19ae27: Fix merge issue 687686c: Filter out private zones in check extra719 94a9059: Handle Trusted Advisor entitlement issue gracefully 669469e: Update extra764 and extra734, add .gitignore rules for vim 031b68a: fixed typo in iam policy d737193: extra75-enhancement f83ce78: prowler-3x-checks 054043d: Update extra75 to aware of default security groups 603ed0b: Update log metric filter checks to latest AWS CIS Foundations Benchmark and provide hints on how to remediate 3a89388: Misc prowler fixes 2e18192: Added pull request template 508a935: fix jq array 6389869: remove_old_check d026ed5: improve_extra727 529fc64: better_output 5cadd0c: remove_unused_variable df5def4: comments_and_fix 5252518: extra73 be0bc7a: extra 7.62 - output cleanup c460e35: obsolete_runtimes 827b1fd: add region info to textFail,textPass output 23a7c7f: fix spelling error in message e683ea5: fix over-quoting bug 826cc00: replacing git clone with ADD as to not cache layer indefinetely 77b3a9b: unsetting excluded_checks d4fad17: update pipeline commands to use multi-account path ddb4983: bring in quoting nits 31a4024: Merge pull request #392 from MrSecure/mega 40a2ea6: fixed region for extra757 and extra758 7e28f85: add cli options 64667ea: grant codebuild the ability to assume audit role 70304dc: suppress remaining shell check warnings e0a77b3: cleanup using shellcheck 70de023: more output structure cleanup b5ccdad: change bucket resource name d0af7f4: remove 'out' from artifact storage path fc77b4a: Merge pull request #390 from Quiq/master 4540fd7: Add missing permission 44cfa71: updated logging ecde624: remove unnecessary variables and removed echo d5f22ab: fixing check26 cross access bug 72b1421: fixing cross account cloudtrail issue cd52bf8: fix typo aba697a: List CloudFront distributions only once 49994d1: List successful cases as PASS! for 7.27 f3d617a: Fix Pipfile 1be58e0: Fix issue #323 8333c57: Fixed issue #348 -e option back to work 02d2561: Fix issue #354 30b2f55: support_role_added_to_groups 253fa5e: #351 188a681: check314_case_sensitivity 9e06297: fix_check_extra741 eecb272: Fixed output for PR #339 2ed3378: refactor_check_extra734 bd9ae4b: improve_check_extra73 30e2360: remove filter by roles so that groups are included as well 033e262: [FIX] remove duplicated filter condition | kf/aa/if 2b95f69: [FIX] allow 1.22 checks on policies with only one statement block | kf/aa/if 5bd3f0b: Fix typo a430ad4: Tabs to 4 spaces 85dc040: Made check314 less case sensitive a259571: Fixing missing && 8b2c113: add_detect_secrets_to_docker cea45f4: remove REGION from Bucket Listing d7d2246: improved for other file types like empty and very short e6992e8: ignore None when user data is empty c8622bc: better check denied 76e6657: refactor check_extra734 de83360: fix locations d50c3af: add check for explicit deny 3947ee2: Improved -l option to list uniq checks 0db97d5: improve AWS CLI parameters order, same as other checks 588976a: Fixed lack of in PR #331 b1e7dc8: get_date_previous_than_months compatible busybox c5f1703: add linux and cygwin get_date_previous_than_months function ea886b8: guardduty_regions d640086: add guardduty regions 5037cb0: improve code 085dd33: function os c4ddb8f: review outputs df6c323: fix extra731 output 004f882: iterate across all default sg, so fail more for each one and also add output sg a59aedc: Fixed accuracy for check_extra722 da25a02: removed extra746 duplicated with extra722 967fe02: Fixed new API Gateway checks alias f5708d7: Separate default encryption and bucket policy encryption 4222082: Fixed issue #317 b4c4a46: Fixed issue #315 e0d86c1: Iterate over all regions a707b38: Revert adding freebsd detector 1956be4: Delete duplicate check extra739 917a323: Fixed check122 to match CIS 1.22 checks requirements, instead of '=~ *' use '== *' ddad72f: Fix issue #309 b03aca8: Fixed issue #308 9d526ff: Added group11 keys and improved 741 and 742 fa1a3b8: Fix issue #301 c8cc343: Fix issue #303 6d15bb6: Fix issue #300 b60d320: Improved tittle to describe what extra71 does 2bc3575: Improved extra714 to find secrets 3c2ad65: Spelling fix "reshift" means "redshift" 069b540: Fixed typo in hipaa 2e754a5: Fixed check120 8935233: Update check_extra739 c9c4620: format fix bacdf6e: Check for flowlogs only in active VPCs, avoid false flag if a region has no VPCs d78424b: gdpr fix 1727758: enhanced gdpr and first wazuh integration bits 573fa46: Fixed AccessDeniedException on extra730 31a0de1: Adding extra340 to GDPR group 25d1aa9: Make check3x more tolerant