ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-11 07:15:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
623 Commits 1 Branch 0 Tags
504a11bb2edd6be56857ce9a9ba54b071ea72d8d
Commit Graph

119 Commits

Author SHA1 Message Date
Toni de la Fuente
504a11bb2e Added extra745 API Gateway public or private 2019-05-07 00:03:23 -04:00
Toni de la Fuente
f03eccf6c8 Added extra744 API Gateway has a WAF ACL attached 2019-05-06 23:25:14 -04:00
Toni de la Fuente
d0789859a3 Added extra743 API Gateway has client certificate enabled 2019-05-06 23:21:27 -04:00
Toni de la Fuente
1b4045d57c Added extra743 API Gateway has client certificate enabled 2019-05-06 23:10:27 -04:00
soffensive
f5708d7db6 Separate default encryption and bucket policy encryption 
Default encryption (2017): https://aws.amazon.com/blogs/aws/new-amazon-s3-encryption-security-features/
Bucket policy (2016): https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/
 2019-04-29 16:31:42 +02:00
Toni de la Fuente
6dd0ab06d2 Merge pull request #319 from toniblyx/devel 
Devel
 2019-04-23 23:21:47 -04:00
Toni de la Fuente
42220828ce Fixed issue #317 2019-04-23 23:20:11 -04:00
Toni de la Fuente
b4c4a46cc6 Fixed issue #315 2019-04-23 11:32:56 -04:00
soffensive
e0d86c134a Iterate over all regions 
Iterate over all regions
 2019-04-17 13:38:12 +02:00
soffensive
7a44b8bcca Iterate over all regions 
Iterate over all regions
 2019-04-17 13:36:00 +02:00
Toni de la Fuente
2870f38bdc Merge pull request #312 from toniblyx/devel 
Devel for 2.0.1
 2019-04-09 02:51:04 +01:00
Toni de la Fuente
1956be4dc3 Delete duplicate check extra739 2019-04-09 02:49:55 +01:00
Artashes Arabajyan
917a323c15 Fixed check122 to match CIS 1.22 checks requirements, instead of '=~ *' use '== *' 2019-04-05 12:06:27 +02:00
Toni de la Fuente
ddad72fc5f Fix issue #309 2019-03-27 22:42:13 +00:00
Toni de la Fuente
b03aca80a1 Fixed issue #308 2019-03-27 22:35:50 +00:00
Toni de la Fuente
9d526ff098 Added group11 keys and improved 741 and 742 2019-03-12 23:14:50 -04:00
Toni de la Fuente
bde9482928 Added check extra742 to find keys in CloudFormation Outputs 2019-03-12 22:40:40 -04:00
Toni de la Fuente
a3d1ed5129 Merge pull request #304 from toniblyx/devel 
Devel
 2019-03-11 22:27:07 -04:00
Toni de la Fuente
c8cc343784 Fix issue #303 2019-03-11 22:12:54 -04:00
Toni de la Fuente
6d15bb67fe Fix issue #300 2019-03-11 22:10:37 -04:00
Toni de la Fuente
b60d320622 Improved tittle to describe what extra71 does 2019-03-11 22:09:12 -04:00
Toni de la Fuente
7117399e14 Added find creds in URL on extra741 2019-03-05 11:40:29 -05:00
Toni de la Fuente
6f678a1093 Merge pull request #298 from toniblyx/devel 
Devel
 2019-03-04 22:45:58 -05:00
Toni de la Fuente
2bc3575de8 Improved extra714 to find secrets 2019-03-04 22:25:04 -05:00
Toni de la Fuente
18e9e7f0e1 Merge pull request #297 from toniblyx/devel 
Devel
 2019-03-04 21:26:29 -05:00
Toni de la Fuente
327323e32f Merge pull request #295 from clintmoyer/spellcheck 
Spelling fix "reshift" means "redshift"
 2019-02-20 18:11:31 -05:00
Clint Moyer
3c2ad65246 Spelling fix "reshift" means "redshift" 2019-02-20 12:30:04 -07:00
Toni de la Fuente
170557a422 New POC scoring and extra741 key finder userdata 2019-02-08 16:39:05 +00:00
Tom Crawford
34b6c4446d Added check for integer in response from AWS 2019-02-04 17:01:37 +00:00
Toni de la Fuente
6600df9be9 extra741 finding keys in UserData 2019-01-29 06:09:37 +00:00
Toni de la Fuente
8f89a01541 Merge pull request #284 from toniblyx/devel 
Devel
 2019-01-07 22:15:28 -05:00
Toni de la Fuente
2e754a5370 Fixed check120 2019-01-07 22:06:34 -05:00
Toni de la Fuente
97a59cf5e4 Merge pull request #276 from affanhmalik/check29 
Check for flowlogs only in active VPCs, avoid false flag if a region …
 2018-12-19 23:53:42 -05:00
Morey Straus
8935233a05 Update check_extra739 
typo correction
 2018-12-14 14:32:38 -08:00
Affan Malik
bacdf6ed22 Check for flowlogs only in active VPCs, avoid false flag if a region has no VPCs 2018-12-12 15:09:31 -05:00
Samuel Dugo
573fa46aac Fixed AccessDeniedException on extra730 
When executing Prowler using a specific profile (in my case to assume a role) , check_extra730 returns:

"An error occurred (AccessDeniedException) when calling the DescribeCertificate operation: User: [ASSUMED_ROLE_ARN] is not authorized to perform: acm:DescribeCertificate on resource: [RESOURCE_ARN]"

This is because line 28 did not contain  the following parameters: "$PROFILE_OPT --region $regx" .
 2018-12-05 11:35:44 +01:00
Toni de la Fuente
aeaf533585 Added extra740 EBS snapshots are encrypted and HIPAA 2018-11-19 23:22:18 -05:00
Toni de la Fuente
5757a88227 Added extra739 ELB logging and typos 2018-11-19 22:55:29 -05:00
Jason Turner
cafd203406 Updated check29 to validate against FlowLogId which is valid for both CloudWatch and s3 destinations 2018-11-14 14:19:44 -08:00
Toni de la Fuente
2437f8fb16 Added extra738 CloudFront HTTPS 2018-11-08 20:21:46 -05:00
Toni de la Fuente
fa5b81b28e Added extra737 KMS keys rotation 2018-11-07 23:37:06 -05:00
Toni de la Fuente
9bdbf6f51c Added extra736 check exposed KMS keys 2018-11-07 23:27:58 -05:00
Toni de la Fuente
b6a30df808 Added extra735 check encrypted RDS 2018-11-07 22:00:28 -05:00
Toni de la Fuente
0dc2b9a081 Improved extra734 checking enforce policy 2018-11-06 00:17:00 -05:00
Toni de la Fuente
29e142361b Improved extra734 checking enforce policy 2018-11-06 00:15:20 -05:00
Toni de la Fuente
883afa4959 Added extra734 check S3 bucket encryption 2018-11-05 23:30:00 -05:00
Toni de la Fuente
c7bfd72d2d Add check extra733 SAML Provider STS 2018-10-31 23:09:24 -04:00
Toni de la Fuente
9a88249965 Added check extra732 Cloudfront CDN Geo restrictions 2018-10-31 22:45:59 -04:00
Toni de la Fuente
6cb75fa26a Added check extra732 Cloudfront CDN Geo restrictions 2018-10-31 22:44:45 -04:00
Toni de la Fuente
2fd6f9801a Added check extra731 SNS topics Public 2018-10-31 22:23:41 -04:00