Prowler alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

84

Alternative: Security Monkey

Security Monkey monitors AWS and GCP accounts for policy changes and alerts on insecure configurations.

Security Monkey provides a single user interface to browse and search through all of your services and accounts.

Project details

Security Monkey is written in Python.

Strengths

  • + More than 50 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available
  • + Supported by a large company

Typical usage

  • security monitoring

Security Monkey project page

67

Alternative: 360-FAAR

Supported firewall configurations

  • Checkpoint FW1
  • Cisco ASA
  • Netscreen ScreenOS

68

Alternative: Docker Bench for Security

Docker Bench for Security is a small security scanner to perform several tests that are part of the Docker CIS benchmark.

Project details

Docker Bench for Security is written in shell script.

Strengths

  • + Screen output is colored
  • + More than 25 contributors
  • + More than 2000 GitHub stars
  • + The source code of this software is available

Typical usage

  • application security
  • security assessment

Docker Bench for Security project page

85

Alternative: VHostScan

VHostScan is a security tool that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases, and dynamic default pages.

Project details

VHostScan is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • penetration test
  • reconnaissance

VHostScan project page

64

Alternative: JShielder

JShielder is a security tool for Linux systems to make them more secure by adding system hardening measures.

Project details

JShielder is written in Python, shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Typical usage

  • system hardening

JShielder project page

100

Alternative: Lynis

Security auditing tool for systems running Linux, mac OS, or Unix, to perform an in-depth health check.

Lynis is an open source security auditing tool that is available since 2007 and created by Michael Boelen. Its primary goal is to evaluate the security defenses of systems running Linux or other flavors of Unix. It provides suggestions to install, configure, or correct any security measures.

Project details

Lynis is written in shell script.

Strengths

  • + Commercial support available
  • + More than 50 contributors
  • + More than 3000 GitHub stars
  • + Used language is shell script
  • + Very low number of dependencies
  • + Project is mature (5+ years)
  • + The source code of this software is available

Typical usage

  • IT audit
  • penetration test
  • security assessment
  • system hardening

Lynis project page

84

Alternative: Scout2

Scout2 is a security tool to assess the security of an AWS environment. It can be used for system hardening and IT audits.

Project details

Scout2 is written in Python.

Strengths

  • + More than 10 contributors
  • + More than 500 GitHub stars

Typical usage

  • IT audit
  • security assessment
  • self-assessment
  • system hardening

Scout2 project page

64

Alternative: seccheck

Seccheck is a security scanner for Linux systems. It is originally written for SuSE Linux by Marc Heuse.

Project details

seccheck is written in shell script.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Project looks outdated (old code or documentation)

Typical usage

  • security assessment
  • system hardening

seccheck project page

60

Alternative: sysechk (System Security Checker)

System Security Checker, or sysechk, is a tool to perform a system audit against a set of best practices. It uses a modular approach to test the system.

Project details

sysechk is written in shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Typical usage

  • IT audit
  • system hardening

sysechk project page

74

Alternative: YASAT

YASAT describes itself as another simple stupid audit tool to test Linux systems. It has many tests for checking the security configuration of the system.

The YASAT tool performs a system scan to detect configuration issues and possible improvements for hardening the system.

Project details

YASAT is written in shell script.

Strengths

  • + Used language is shell script

Weaknesses

  • - No updates for a while

Typical usage

  • IT audit
  • security assessment

YASAT project page

64

Alternative: Zeus

Zeus is a security tool to provide security audits on AWS environments. It is written in shell script and can be used for security audits.

Project details

Zeus is written in shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Typical usage

  • security assessment
  • self-assessment
  • system hardening

Zeus project page

76

Alternative: Clair

Clair is an open source container analyzer. It performs static analysis of container images and correlates their contents with public vulnerability databases.

The tool has been created by CoreOS and can scan containers of different formats. It analyzes them and determines available security weaknesses in the container.

Project details

Clair is written in Golang.

Strengths

  • + The source code of this software is available

Typical usage

  • security assessment
  • vulnerability scanning

Clair project page

64

Alternative: LUNAR

LUNAR is a security scanner that runs on a Linux system or other flavors of Unix. It provides insights on what can be done to harden the system.

LUNAR is short for Lockdown UNix Auditing and Reporting and runs on the system itself.

Project details

LUNAR is written in shell script.

Strengths

  • + The source code of this software is available

Typical usage

  • security assessment
  • self-assessment
  • system hardening

LUNAR project page

76

Alternative: Nix-Auditor

Nix-Auditor is a tool to help with scanning Linux systems and test them against CIS benchmarks.

This fairly new tool is written in shell script to scan Linux systems with the focus on security auditing.

Project details

Nix-Auditor is written in shell script.

Strengths

  • + Used language is shell script

Weaknesses

  • - Full name of author is unknown
  • - Unknown project license

Nix-Auditor project page

59

Alternative: Tiger

Tiger a security audit and intrusion detection tool for flavors of Unix

Project details

Tiger is written in shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Weaknesses

  • - No updates for a while

Typical usage

  • intrusion detection
  • IT audit
  • system hardening
  • vulnerability scanning

Tiger project page