Prowler 2.5.0 - Senjutsu

This new version was planned to celebrate AWS re:Inforce that would have taken place on August 24th and 25th but has been cancelled and the new studio album of Iron Maiden (Senjutsu) to be released on September 3rd 2021. In any case, enjoy this new version. More cool stuff coming soon!

Prowler would have been present in the re:Inforce 2021 conference with a pretty expected workshop called "Building Prowler into a QuickSight powered AWS security dashboard". Templates and workshop link to be public soon. For updates follow me on Twitter: https://twitter.com/ToniBlyx.

As Prowler keeps growing in user base and downloads (averages 1400 clones/day), there are more contributions and I want to thank you all for your feedback and code. Please keep contributing to make the Internet more secure.

New Features:

Please read carefully this new features and changes (for CSV output and also to improve the data in json ASFF for Security Hub integration) if you have integrations using CSV, it may affect you.

• New CSV headers, added PROWLER_START_TIME: PROFILE{SEP}ACCOUNT_NUM,REGION,TITLE_ID,CHECK_RESULT,ITEM_SCORED,ITEM_LEVEL,TITLE_TEXT,CHECK_RESULT_EXTENDED,CHECK_ASFF_COMPLIANCE_TYPE,CHECK_SEVERITY,CHECK_SERVICENAME,CHECK_ASFF_RESOURCE_TYPE,CHECK_ASFF_TYPE,CHECK_RISK,CHECK_REMEDIATION,CHECK_DOC,CHECK_CAF_EPIC,CHECK_RESOURCE_ID,PROWLER_START_TIME.
• 14 New checks (@jfagoagas, @nayabpatel, @Outrun207 and @pablopagani):

7.134 [extra7134] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21  - ec2 [High]
7.135 [extra7135] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092  - ec2 [High]
7.136 [extra7136] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23  - ec2 [High]
7.137 [extra7137] Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434  - ec2 [High]
7.138 [extra7138] Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port - ec2 [High]
7.139 [extra7139] There are High severity GuardDuty findings  - guardduty [High]
7.140 [extra7140] Check if there are SSM Documents set as public - ssm [High]
7.141 [extra7141] Find secrets in SSM Documents - ssm [Critical]
7.142 [extra7142] Check if Application Load Balancer is dropping invalid packets to prevent header based http request smuggling - elb [Medium]
7.143 [extra7143] Check if EFS have policies which allow access to everyone - efs [Critical]
7.144 [extra7144] Check if CloudWatch has allowed cross-account sharing - cloudwatch [Medium]
7.145 [extra7145] Check if Lambda functions have policies which allow access to any AWS account - lambda [Critical]
7.146 [extra7146] Check if there is any unassigned Elastic IP - ec2 [Low]
7.147 [extra7147] Check if S3 Glacier vaults have policies which allow access to everyone - glacier [Critical]

• Docker images are available in the official ECR https://gallery.ecr.aws/prowler/prowler (if you run Prowler with Fargate this will help you). Images at https://hub.docker.com/r/toniblyx/prowler won't be updated.
• Now when using -M option prowler shows standard output but saves desired reports in background
• Added code for better experience running Prowler in AWS CloudShell @hackersifu
• Added support for custom output folder and S3 bucket (see ./prowler -h for details) using bucket-owner-full-control.
• Added support for custom output file (see ./prowler -h for details) @yangsec888
• Added servicename to the title for ASFF and used for QuickSight dashboard
• Added resourceid and more metadata to the ASFF file to be imported in Security Hub @singergs
• Added s3 and glue required permissions and removed obsoletes
• Added section with info about regions in README.md
• Added WAF CLASSIC check for extra7129 @kamiryo
• Added severity and servicename to the default output, removed blue color on check ID.
• Removed duplicated checks extra756 and extra737 @w0rmr1d3r

Enhancements:

• HTML report: filtering and other nice things @nickmalcolm
• License file and banner cosolidation
• Now it shows default output regardless custom outputs called with -M
• Clean up check title without info related to CIS (like scored, etc. CIS support still in Prowler)
• Updated Docker image to Alpine to 3.13 and with py3-pip in Dockerfile @gliptak
• Improved error handling sts get-caller-identity @pablopagani
• Improved error handling when listing regions @pablopagani
• Updated html report color contrast for WCAG 2.1 accessibility standards @danielperez660
• Updated Prowler additions policy
• Updated check12 - Missing MFA at the beginning of remediation @thorkill
• Removed CSV header in stdout
• Updated README to include reference to CloudShell https://github.com/toniblyx/prowler/tree/2.5/util/cloudshell @hackersifu
• Updated README with better coverage of -f <filterregion> usage info

Fixes:

• Fixed Security Hub integration error resource type is always empty #776
• Fixed credential renewal broke on Alpine Linux #775
• Fixed check extra747 grammar #774
• Fixed grammar issue in scoring @w0rmr1d3r
• Fixed check21 to fail if trail is off
• Fixed aws organizations multi-account deployment s3 upload issue @owlvat
• Corrected bug on groups when listing checks @pablopagani
• Fixed issue #811 @h1008
• Fixed kms keys compatibility in cli v2 and v1 @dbellizzi
• Fixed typo in check extra7141 ID
• Fixed alias of extra7139
• Fixed link to doc for check45 check46 extra7138 and extras

*If you have made a contribution to this released and I missed your Github id here, my apologies and please let me know to include you. Thank you!