mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-04-10 19:58:52 +00:00
9ca1899ebf
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com> Co-authored-by: Andoni Alonso <14891798+andoniaf@users.noreply.github.com>
86 lines
2.9 KiB
Markdown
86 lines
2.9 KiB
Markdown
# Pentesting
|
|
|
|
Prowler has some checks that analyse pentesting risks (Secrets, Internet Exposed, AuthN, AuthZ, and more).
|
|
|
|
## Detect Secrets
|
|
|
|
Prowler uses `detect-secrets` library to search for any secrets that are stores in plaintext within your environment.
|
|
|
|
The actual checks that have this functionality are the following:
|
|
|
|
- autoscaling\_find\_secrets\_ec2\_launch\_configuration
|
|
- awslambda\_function\_no\_secrets\_in\_code
|
|
- awslambda\_function\_no\_secrets\_in\_variables
|
|
- cloudformation\_stack\_outputs\_find\_secrets
|
|
- ec2\_instance\_secrets\_user\_data
|
|
- ec2\_launch\_template\_no\_secrets
|
|
- ecs\_task\_definitions\_no\_environment\_secrets
|
|
- ssm\_document\_secrets
|
|
|
|
To execute detect-secrets related checks, you can run the following command:
|
|
|
|
```console
|
|
prowler <provider> --categories secrets
|
|
```
|
|
|
|
## Internet Exposed Resources
|
|
|
|
Several checks analyse resources that are exposed to the Internet, these are:
|
|
|
|
1. apigateway\_restapi\_public
|
|
|
|
- appstream\_fleet\_default\_internet\_access\_disabled
|
|
- awslambda\_function\_not\_publicly\_accessible
|
|
- ec2\_ami\_public
|
|
- ec2\_ebs\_public\_snapshot
|
|
- ec2\_instance\_internet\_facing\_with\_instance\_profile
|
|
- ec2\_instance\_port\_X\_exposed\_to\_internet (where X is the port number)
|
|
- ec2\_instance\_public\_ip
|
|
- ec2\_networkacl\_allow\_ingress\_any\_port
|
|
- ec2\_securitygroup\_allow\_wide\_open\_public\_ipv4
|
|
- ec2\_securitygroup\_allow\_ingress\_from\_internet\_to\_any\_port
|
|
- ecr\_repositories\_not\_publicly\_accessible
|
|
- eks\_control\_plane\_endpoint\_access\_restricted
|
|
- eks\_endpoints\_not\_publicly\_accessible
|
|
- eks\_control\_plane\_endpoint\_access\_restricted
|
|
- eks\_endpoints\_not\_publicly\_accessible
|
|
- elbv2\_internet\_facing
|
|
- kms\_key\_not\_publicly\_accessible
|
|
- opensearch\_service\_domains\_not\_publicly\_accessible
|
|
- rds\_instance\_no\_public\_access
|
|
- rds\_snapshots\_public\_access
|
|
- s3\_bucket\_policy\_public\_write\_access
|
|
- s3\_bucket\_public\_access
|
|
- sagemaker\_notebook\_instance\_without\_direct\_internet\_access\_configured
|
|
- sns\_topics\_not\_publicly\_accessible
|
|
- sqs\_queues\_not\_publicly\_accessible
|
|
- network\_public\_ip\_shodan
|
|
|
|
To execute Internet-exposed related checks, you can run the following command:
|
|
|
|
```console
|
|
prowler <provider> --categories internet-exposed
|
|
```
|
|
|
|
### Shodan
|
|
|
|
Prowler allows you check if any public IPs in your Cloud environments are exposed in Shodan with the `-N`/`--shodan <shodan_api_key>` option:
|
|
|
|
For example, you can check if any of your AWS Elastic Compute Cloud (EC2) instances has an elastic IP exposed in Shodan:
|
|
|
|
```console
|
|
prowler aws -N/--shodan <shodan_api_key> -c ec2_elastic_ip_shodan
|
|
```
|
|
|
|
Also, you can check if any of your Azure Subscription has an public IP exposed in Shodan:
|
|
|
|
```console
|
|
prowler azure -N/--shodan <shodan_api_key> -c network_public_ip_shodan
|
|
```
|
|
|
|
And finally, you can check if any of your GCP projects has an public IP address exposed in Shodan:
|
|
|
|
```console
|
|
prowler gcp -N/--shodan <shodan_api_key> -c compute_public_address_shodan
|
|
```
|