Prowler aws scan with Shodan

[gorodplt]

Hi!
If I add Shodan IP key in config file for aws provider and run prowler aws, will it automatically include check if any public IPs in my Cloud environments are exposed in Shodan or I need to seperatly run prowler aws -N <shodan_ip_key>? And is there a chance to run shodan together with other checks in one command?

And am I right that checks that analyse pentesting risks (like Detect Secrets, Internet Exposed Resources) are already used when I run prowler aws?

[puchy22]

Hi @gorodplt,

To address your first question: the Shodan check is part of the EC2 service checks. It runs automatically whenever you execute Prowler in full mode. If the required key is correctly configured in the configuration file, the Shodan check should always run alongside the other EC2 checks without the need of use the -N parameter.

Regarding your second question: “Is there a way to run the Shodan check together with other checks in one command?” The answer is yes, but it requires grouping checks using categories or specifying the desired checks with the -c parameter. The Shodan check falls under the "internet-exposed" category, so you can run it along with all related checks using the command:
prowler aws --categories internet-exposed.

Finally, to answer your last question: if you execute the command prowler aws, all Prowler checks will be performed, including the ones you mentioned. The only exception is the Threat Detection checks, which require specifying the parameter prowler aws --category threat-detection. This is because these checks are resource-intensive and can slow down the overall scan.

Thank you for your questions, and I hope this clarifies everything!

[gorodplt]

@puchy22 Hi, thank you for your answer!

[KING143ND]

Yes, Prowler automatically includes checks for pentesting risks like Detect Secrets and Internet Exposed Resources when you run prowler aws. However, Shodan-specific checks require the -N flag with your Shodan API key.