Skip to content

Miscellaneous

Prowler Version

Show Prowler version:

prowler <provider> -V/-v/--version

Verbose

Execute Prowler in verbose mode (like in Version 2):

prowler <provider> --verbose

Show only Fails

Prowler can only display the failed findings:

prowler <provider> -q/--quiet

Hide Prowler Banner

Prowler can run without showing its banner:

prowler <provider> -b/--no-banner

Checks

Prowler has checks per provider, there are options related with them:

  • List the available checks in the provider:
    prowler <provider> --list-checks
    
  • Execute specific check(s):
    prowler <provider> -c/--checks s3_bucket_public_access
    
  • Exclude specific check(s):
    prowler <provider> -e/--excluded-checks ec2 rds
    
  • Execute checks that appears in a json file:
    <checks_list>.json
    
    {
        "<provider>": [
            "<check_name_1",
            "<check_name_2",
            "<check_name_3",
            ...
        ],
        ...
    }
    
    prowler <provider> -C/--checks-file <checks_list>.json
    

Severities

Each of Prowler's checks has a severity, which can be: - informational - low - medium - high - critical

To execute specific severity(s):

prowler <provider> --severity critical high

Service

Prowler has services per provider, there are options related with them:

  • List the available services in the provider:
    prowler <provider> --list-services
    
  • Execute specific service(s):
    prowler <provider> -s/--services s3 iam
    
  • Exclude specific service(s):
    prowler <provider> --excluded-services ec2 rds
    

Categories

Prowler groups checks in different categories, there are options related with them:

  • List the available categories in the provider:
    prowler <provider> --list-categories
    
  • Execute specific category(s):
    prowler  <provider> --categories
    

AWS

Scan specific AWS Region

Prowler can scan specific region(s) with:

prowler <provider> -f/--filter-region eu-west-1 us-east-1

Use AWS Profile

Prowler can use your custom AWS Profile with:

prowler <provider> -p/--profile <profile_name>