ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-11 15:25:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,188 Commits 1 Branch 0 Tags
b822c19d2ccdabd46a2b9dff9cde7f4c8a74c870
Commit Graph

48 Commits

Author SHA1 Message Date
Jit
a46d7b2ed9 feat(aws): New Neptune, ElastiCache, APIGW and IAM checks (#2862) 2023-10-19 17:31:51 +02:00
Sergio Garcia
08b2ea01ab chore(iam): add IAM privilege escalation cases (#2921) 2023-10-10 12:41:02 +02:00
Sergio Garcia
e610c2514d feat(iam): improve disable credentials checks (#2909) 2023-10-06 11:41:04 +02:00
Sergio Garcia
0745a57f52 fix(findingID): remove duplicate finding IDs (#2890) 2023-10-03 11:31:33 +02:00
Nacho Rivera
e701aca64b test(iam_credentials): Don't use search and negative indexes (#2899) 2023-10-03 09:54:53 +02:00
Nacho Rivera
c158dcf2ef fix(iam creds checks): add missing tests and fix current ones (#2888) 2023-10-02 16:27:44 +02:00
Sergio Garcia
70fbf1676a fix(iam_inline_policy_no_administrative_privileges): set resource id as the entity name (#2820) 2023-09-22 12:59:10 +02:00
Kay Agahd
3dd8aeac7c fix(iam): findings of some checks may have been lost (#2847) 2023-09-18 10:46:04 +02:00
Kay Agahd
f1bea27e44 feat(iam): add new check iam_role_administratoraccess_policy (#2822) 2023-09-12 09:19:20 +02:00
Pepe Fagoaga
eedfbe3e7a fix(iam_policy_allows_privilege_escalation): Not use search for checking API actions (#2772) 2023-08-25 10:56:28 +02:00
Pepe Fagoaga
06a0b12efb fix(iam_policy_allows_privilege_escalation): Handle admin permission so * (#2763) 2023-08-23 10:40:06 +02:00
gerardocampo
e5d2c0c700 feat(iam): Check inline policies in IAM Users, Groups & Roles for admin priv's (#2750) 
Co-authored-by: Gerard Ocampo <gerard.ocampo@zelis.com>
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
 2023-08-23 08:29:13 +02:00
Pepe Fagoaga
4454d9115e chore(aws): 2nd round - Improve tests and include dot in status extended (#2714) 2023-08-12 01:41:35 +02:00
Sergio Garcia
36e095c830 fix(iam_role_cross_service_confused_deputy_prevention): add ResourceAccount and PrincipalAccount conditions (#2689) 2023-08-09 10:41:48 +02:00
Pepe Fagoaga
efa75a62e3 fix(iam_policy_allows_privilege_escalation): Handle permissions in groups (#2655) 2023-08-03 10:40:51 +02:00
Pepe Fagoaga
c335334402 fix(test_only_aws_service_linked_roles): Flaky test (#2666) 2023-08-03 09:18:06 +02:00
Pepe Fagoaga
e3d4e38a59 feat(aws): New AWSService class as parent (#2638) 2023-07-31 11:18:54 +02:00
Gabriel Pragin
965327e801 chore(typos): Update check's status (#2629) 
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
 2023-07-27 11:44:09 +02:00
Gabriel Pragin
65a737bb58 chore(metadata): Typos (#2595) 
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
 2023-07-18 09:27:58 +02:00
Sergio Garcia
6efe634850 fix(iam): add StringLike condition in iam_role_cross_service_confused_deputy_prevention (#2533) 2023-06-27 10:06:46 +02:00
Sebastian Nyberg
707584b2ef feat(aws): Add MFA flag if try to assume role in AWS (#2478) 
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
Co-authored-by: Sergio Garcia <sergargar1@gmail.com>
 2023-06-13 17:18:10 +02:00
Sergio Garcia
25e48ae546 chore(arn): include ARN of AWS accounts (#2477) 
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
 2023-06-13 10:18:23 +02:00
Sergio Garcia
c01c59023a fix(ClientError): handle ClientErrors in DynamoDB and Directory Service (#2400) 2023-05-24 11:50:08 +02:00
Pepe Fagoaga
9e9e7e1e96 fix(aws): Handle unique map keys (#2390) 
Co-authored-by: Sergio Garcia <sergargar1@gmail.com>
 2023-05-23 15:54:22 +02:00
Pepe Fagoaga
6f48012234 fix(ecr): Refactor service (#2302) 
Co-authored-by: Gabriel Soltz <thegaby@gmail.com>
Co-authored-by: Kay Agahd <kagahd@users.noreply.github.com>
Co-authored-by: Nacho Rivera <nachor1992@gmail.com>
Co-authored-by: Kevin Pullin <kevin.pullin@gmail.com>
Co-authored-by: Sergio Garcia <sergargar1@gmail.com>
 2023-05-09 17:04:21 +02:00
Sergio Garcia
784aaa98c9 feat(iam): add iam_role_cross_account_readonlyaccess_policy check (#2312) 2023-05-08 13:27:51 +02:00
Sergio Garcia
d51cdc068b fix(iam_role_cross_service_confused_deputy_prevention): avoid service linked roles (#2249) 2023-04-21 10:42:05 +02:00
Sergio Garcia
7a00f79a56 fix(iam_policy_no_administrative_privileges): check attached policies and AWS-Managed (#2200) 
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
 2023-04-19 14:34:53 +02:00
Sergio Garcia
5e567f3e37 fix(iam tests): mock audit_info object (#2226) 
Co-authored-by: n4ch04 <nachor1992@gmail.com>
 2023-04-17 11:14:48 +02:00
Gabriel Soltz
305b67fbed feat(check): New check cloudtrail_bucket_requires_mfa_delete (#2194) 
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
 2023-04-13 14:18:31 +02:00
Gabriel Soltz
2f8a8988d7 feat(checks): New IAM Checks no full access to critical services (#2183) 2023-04-12 07:47:21 +02:00
Gabriel Soltz
e75022763c feat(checks): New iam_securityaudit_role_created (#2182) 2023-04-11 14:15:39 +02:00
Sergio Garcia
e8a1378ad0 feat(tags): add resource tags to G-R services (#2009) 2023-03-02 13:56:22 +01:00
Sergio Garcia
5ac7cde577 chore(iam_disable_N_days_credentials): improve checks logic (#1923) 2023-02-21 15:20:33 +01:00
Fennerr
fa228c876c fix(iam_rotate_access_key_90_days): check only active access keys (#1929) 
Co-authored-by: Sergio Garcia <sergargar1@gmail.com>
 2023-02-17 12:53:28 +01:00
Ignacio Dominguez
b453df7591 fix(iam-credentials-expiration): IAM password policy expires passwords fix (#1903) 
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
 2023-02-14 13:54:58 +01:00
Nacho Rivera
5e9afddc3a fix(permissive role assumption): actions list handling (#1869) 2023-02-09 10:06:53 +01:00
Pepe Fagoaga
de281535b1 feat(boto3-config): Use standard retrier (#1868) 
Co-authored-by: Sergio Garcia <38561120+sergargar@users.noreply.github.com>
 2023-02-09 09:58:47 +01:00
Sergio Garcia
3ac4dc8392 feat(scanner): Tag-based scan (#1751) 
Co-authored-by: Toni de la Fuente <toni@blyx.com>
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
 2023-01-31 12:19:29 +01:00
Sergio Garcia
75571e4266 fix(iam_avoid_root_usage): correct date logic (#1801) 2023-01-30 16:47:24 +01:00
Sergio Garcia
4e879271a0 fix(iam_policy_no_administrative_privileges): check only *:* permissions (#1802) 2023-01-30 16:47:09 +01:00
Sergio Garcia
a795fdc40d fix(IAM): remove duplicate list_policies function (#1763) 
Co-authored-by: sergargar <sergio@verica.io>
 2023-01-25 13:58:58 +01:00
Acknosyn
02e57927fc fix(): IAM status messages switched fail and pass text and some grammar (#1756) 
Co-authored-by: Francesco Badraun <francesco.badraun@zxsecurity.co.nz>
Co-authored-by: sergargar <sergio@verica.io>
Co-authored-by: n4ch04 <nachor1992@gmail.com>
 2023-01-25 10:29:04 +01:00
Sergio Garcia
e6310c32ac feat(check): add iam_role_cross_service_confused_deputy_prevention check (#1710) 
Co-authored-by: sergargar <sergio@verica.io>
 2023-01-17 12:17:37 +01:00
Nacho Rivera
79c09e613b fix(): password enabled issues in iam_user_mfa_enabled_console_access (#1634) 2023-01-02 14:08:45 +01:00
Sergio Garcia
d9dc6c0a49 fix(global_services): handle global regions correctly (#1594) 
Co-authored-by: sergargar <sergio@verica.io>
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
 2022-12-23 12:32:31 +01:00
Pepe Fagoaga
167902616c test(credential_report): Improve credential report tests (#1579) 2022-12-22 12:20:54 +01:00
Sergio Garcia
bb09267f2a feat(pip): Prepare for PyPI (#1531) 2022-12-13 09:07:55 +01:00