ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-11 07:15:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,435 Commits 1 Branch 0 Tags
f7e4a1f6a4ddc650dbdb69d4fed9513cc2c6074d
Commit Graph

1435 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
soffensive
f7e4a1f6a4 Update check_extra7130 
Profile was not set
 2021-01-18 16:41:18 +01:00
Toni de la Fuente
b1332f1154 Fix regex in check43 @ilyas28 
Fix regex in check43 @ilyas28
 2021-01-15 13:05:29 +01:00
İlyas Apaydın
8e35e63359 fix regex in check43 2021-01-14 13:38:33 +03:00
Toni de la Fuente
f5b26387f0 Clear AWS_DEFAULT_OUTPUT on start @zfLQ2qx2 
Clear AWS_DEFAULT_OUTPUT on start @zfLQ2qx2
 2021-01-14 10:19:07 +01:00
C.J
ed0f01b617 Clear AWS_DEFAULT_OUTPUT on start 2021-01-14 04:01:40 -05:00
Toni de la Fuente
d047cd807a Fix check extra73 fail message omits bucket name @zfLQ2qx2 
Fix check extra73 fail message omits bucket name @zfLQ2qx2
 2021-01-14 09:28:44 +01:00
C.J
6a9a47e549 Fix for issue 713 2021-01-13 19:16:48 -05:00
Toni de la Fuente
6cbee3b16c Fix log metric filter check3x with multiple trails @bridgecrewio 
Fix log metric filter check3x with multiple trails @bridgecrewio
 2021-01-13 23:08:17 +01:00
Toni de la Fuente
a53aeff0e8 Catch errors assuming role and describing regions @zfLQ2qx2 
Catch errors assuming role and describing regions @zfLQ2qx2
 2021-01-13 22:50:11 +01:00
Toni de la Fuente
81787d1946 Add check for AccessDenied when calling GetBucketLocation in extra73,extra734,extra764 @zfLQ2qx2 
Add check for AccessDenied when calling GetBucketLocation in extra73,extra734,extra764 @zfLQ2qx2
 2021-01-13 22:35:20 +01:00
Toni de la Fuente
b23f9b3b5d Fix changes made in check27 2021-01-13 22:21:45 +01:00
Toni de la Fuente
51d6fc99ed Handle shadow CloudTrails more gracefully in checks check21,check22,check24,check27 @zfLQ2qx2 
Handle shadow CloudTrails more gracefully in checks check21,check22,check24,check27 @zfLQ2qx2
 2021-01-13 21:35:07 +01:00
Toni de la Fuente
0d4988b874 Additional check for location of awscli @zfLQ2qx2 
Additional check for location of awscli @zfLQ2qx2
 2021-01-13 21:25:04 +01:00
Toni de la Fuente
17c0409d35 Fix date command for busybox @zfLQ2qx2 
Fix date command for busybox @zfLQ2qx2
 2021-01-13 21:19:07 +01:00
C.J
1d9c1eaece Catch errors assuming role and describing regions 2021-01-13 09:44:15 -05:00
Toni de la Fuente
d77f1ea651 Add new check extra7131 RDS minor version upgrade 2021-01-13 12:58:23 +01:00
Toni de la Fuente
2bc3fcf7ee Add new check extra7131 RDS minor version upgrade 2021-01-13 12:57:08 +01:00
Toni de la Fuente
bcdd12bf84 Add new check extra7131 RDS minor version upgrade 2021-01-13 12:51:49 +01:00
C.J
733c99c1e0 Add check for AccessDenied when calling GetBucetLocation 2021-01-12 15:38:47 -05:00
C.J
ecc08722e1 Handle shadow cloudtrails more gracefully 2021-01-12 13:37:30 -05:00
C.J
f53a32ae26 Additional check for location of awscli 2021-01-12 11:03:30 -05:00
C.J
bf1bd505c5 Fix for busybox date command 2021-01-12 09:11:52 -05:00
Toni de la Fuente
eac59cade8 Add new check extra_7130 to check encryption of a SNS topic @mpratsch 
Add new check extra_7130 to check encryption of a SNS topic @mpratsch
 2021-01-08 13:54:55 +01:00
Martina Rath
994abe8fa3 Add check7130 to group7_extras and fix some issues 2021-01-08 13:43:46 +01:00
Toni de la Fuente
6ad1816e37 Fix EKS related checks regarding us-west-1 @njgibbon 
Fix EKS related checks regarding us-west-1 @njgibbon
 2021-01-07 19:29:22 +01:00
Toni de la Fuente
20b8b1eb1f Enhance check extra792 to accept current most restrictive TLSv1.2 @bazbremner 
Enhance check extra792 to accept current most restrictive TLSv1.2 @bazbremner
 2021-01-07 19:22:20 +01:00
Martina Rath
9a060a3c43 Add new extras check (7130) to check encryption of a SNS topic 2020-12-30 08:46:13 +01:00
Barrie Bremner
75e5de9c37 Accept current most restrictive TLSv1.2-only ALB security policy as secure 
The `ELBSecurityPolicy-FS-1-2-Res-2020-10` policy is the most
restrictive TLS v1.2 only SSL/TLS security policy available, and is a
subset of the already accepted `ELBSecurityPolicy-FS-1-2-Res-2019-08`
policy - this commit adds `ELBSecurityPolicy-FS-1-2-Res-2020-10` to
the list of acceptable "secure" security policies.

`ELBSecurityPolicy-FS-1-2-Res-2020-10` has a very limited set of
ciphers, is TLS v1.2 only and supports Forward Secrecy.

Current SSL Labs tests gives it an "A" rating for another source of
confirmation.
 2020-12-24 16:52:01 +00:00
njgibbon
4adc7f5864 feat - fix - taking out eks check condition because california region 2020-12-24 00:00:06 +00:00
Toni de la Fuente
0ddb045ca2 Update README.md 2020-12-18 15:27:59 +01:00
Toni de la Fuente
297eeea783 Label version 2.3.0-18122020 2020-12-18 13:09:47 +01:00
Toni de la Fuente
d540cefc23 Fix FreeBSD $OSTYPE check @ring-pete 
Fix FreeBSD $OSTYPE check @ring-pete
 2020-12-18 10:24:48 +01:00
Toni de la Fuente
953bdf3034 Merge branch 'master' into master 2020-12-18 10:24:25 +01:00
Toni de la Fuente
823c7d4b61 Enhanced check extra740: reworked to consider all snapshots, use JMESPath query @pacohope 
Enhanced check extra740: reworked to consider all snapshots, use JMESPath query
 2020-12-18 10:17:52 +01:00
Toni de la Fuente
e298158bcd Enhanced error handling without credentials 2020-12-17 17:15:17 +01:00
Toni de la Fuente
810801fb3d Fix error handling for SubscriptionRequiredException in extra77 2020-12-17 16:52:18 +01:00
Toni de la Fuente
91ce905a5a Fix issue assuming role in regions with STS disabled 2020-12-17 16:34:10 +01:00
Toni de la Fuente
6ed6a47f8f Add sleep to extra7102 to avoid Shodan API limits 2020-12-17 15:27:00 +01:00
Toni de la Fuente
347872a6de Refresh assumed role credentials to avoid role chaining limitations @michael-dickinson-sainsburys 
Refresh assumed role credentials to avoid role chaining limitations @michael-dickinson-sainsburys
 2020-12-17 15:24:06 +01:00
Toni de la Fuente
8c19583ac7 Update prowler 
Adapted execute_check to renew creds
 2020-12-17 15:21:50 +01:00
Toni de la Fuente
5c620949f0 Update os_detector 
Change above is because epoch time generator in BSD is 1h less than in Linux
 2020-12-17 15:20:20 +01:00
Toni de la Fuente
5be38a15d9 Update os_detector bsd_convert_date_to_timestamp 2020-12-17 10:24:25 +01:00
Toni de la Fuente
5e38c61286 Refresh assumed role credentials to avoid role chaining limitations @michael-dickinson-sainsburys 
Refresh assumed role credentials to avoid role chaining limitations @michael-dickinson-sainsburys
 2020-12-16 20:04:21 +00:00
Toni de la Fuente
de3e2c3a2b Added support to run inside AWS CloudShell 2020-12-16 13:41:54 +01:00
Toni de la Fuente
687cfd0a34 Merge pull request #709 from toniblyx/revert-694-master 
Revert "Refresh assumed role credentials to avoid role chaining limitations"
 2020-12-15 17:38:00 +01:00
Toni de la Fuente
aa0440e426 Revert "Refresh assumed role credentials to avoid role chaining limitations" 2020-12-15 17:37:42 +01:00
Toni de la Fuente
31182059e4 Refresh assumed role credentials to avoid role chaining limitations @michael-dickinson-sainsburys 
Refresh assumed role credentials to avoid role chaining limitations @michael-dickinson-sainsburys
 2020-12-15 17:29:11 +01:00
Toni de la Fuente
e047dc8764 Added latest checks to extras group 2020-12-15 15:10:33 +01:00
Toni de la Fuente
7f1df739c4 Added -N <shodan_api_key> support for extra7102 2020-12-15 12:25:47 +01:00
Toni de la Fuente
9ed576b09d Fix issue in extra776 when ECR Scanning imageDigest @adamcanzuk 
Fix issue in extra776 when ECR Scanning imageDigest @adamcanzuk
 2020-12-14 12:59:19 +01:00