Prowler
Prowler is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks. Provider Checks Services Compliance Frameworks Categories AWS 304 61 -> prowler aws --list-services 28 -> prowler aws --list-compliance 6 -> prowler aws --list-categories GCP 75 11 -> prowler gcp --list-services 1 -> prowler gcp --list-compliance 2 -> prowler
FEATURES
SIMILAR TOOLS
Metabadger helps prevent SSRF attacks on AWS EC2 by automating upgrades to the more secure Instance Metadata Service v2 (IMDSv2).
An open-sourced framework for managing resources across hundreds of AWS Accounts
Weave Scope automatically generates a map of your application for troubleshooting and monitoring Docker & Kubernetes.
Converts the format of various S3 buckets for bug bounty and security testing.
gVisor is an application kernel that provides isolation for running sandboxed containers.
A comprehensive cloud security platform that provides threat prevention, posture management, and risk prioritization across cloud applications, networks, and workloads.
Kube-bench is a tool for checking Kubernetes security based on CIS Kubernetes Benchmark.
Open-source project for detecting security risks in cloud infrastructure accounts with support for AWS, Azure, GCP, OCI, and GitHub.
A tool for discovering company infrastructure and apps on major cloud providers, beneficial for bug bounty hunters and penetration testers.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.