← 返回命令列表

Linux command

prowler 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Run AWS security audit

prowler aws

Scan specific services

prowler aws --services [s3] [iam] [ec2]

Output to file

prowler aws -M json -o [report.json]

Use specific profile

prowler aws -p [profile_name]

Scan Azure

prowler azure

Scan GCP

prowler gcp

Run specific checks

prowler aws -c [check11] [check12]

说明

prowler performs automated security assessments on cloud environments by running hundreds of checks against CIS benchmarks, compliance frameworks (GDPR, HIPAA, PCI-DSS), and provider-specific best practices. It supports AWS, Azure, GCP, Kubernetes, GitHub, and Microsoft 365, adapting its checks to each platform's security model. Scans can be targeted to specific services, individual checks, or severity levels to focus on the most critical findings. Output is available in JSON, CSV, and HTML formats for integration with security dashboards and CI/CD pipelines. The tool requires read-only credentials for the target environment and uses the provider's standard authentication (AWS profiles, Azure service principals, GCP service accounts).

参数

aws
Audit AWS account.
azure
Audit Azure subscription.
gcp
Audit GCP project.
--services _LIST_
Services to audit.
-c, --checks _LIST_
Specific checks.
-p, --profile _NAME_
AWS profile.
-M, --output-modes _FORMAT_
Output format.
-o, --output-filename _FILE_
Output file.
--severity _LEVEL_
Filter by severity.

FAQ

What is the prowler command used for?

prowler performs automated security assessments on cloud environments by running hundreds of checks against CIS benchmarks, compliance frameworks (GDPR, HIPAA, PCI-DSS), and provider-specific best practices. It supports AWS, Azure, GCP, Kubernetes, GitHub, and Microsoft 365, adapting its checks to each platform's security model. Scans can be targeted to specific services, individual checks, or severity levels to focus on the most critical findings. Output is available in JSON, CSV, and HTML formats for integration with security dashboards and CI/CD pipelines. The tool requires read-only credentials for the target environment and uses the provider's standard authentication (AWS profiles, Azure service principals, GCP service accounts).

How do I run a basic prowler example?

Run `prowler aws` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does aws do in prowler?

Audit AWS account.