CloudGoat vs Prowler
GitHub Stats
About CloudGoat
CloudGoat is Rhino Security Labs' 'Vulnerable by Design' AWS deployment tool. It provisions intentionally misconfigured AWS environments (scenarios) using Terraform, creating realistic attack paths for practicing cloud penetration testing. Scenarios include IAM privilege escalation, Lambda function exploitation, EC2 SSRF to metadata service, S3 bucket misconfigurations, and cross-account access abuse. Each scenario has documented start and end conditions with multiple solution paths. CloudGoat provisions and destroys environments on demand in your own AWS account, providing hands-on practice with real AWS services rather than simulations.
About Prowler
Prowler is a cloud security assessment tool that performs over 300 checks against AWS, Azure, GCP, and Kubernetes infrastructures. Aligning with CIS benchmarks, it evaluates cloud environments for compliance and security vulnerabilities. Prowler is a critical resource for cloud security practitioners and auditors aiming to enhance the security posture of their cloud deployments through comprehensive and automated assessments.
Platform Support
Tags
Shared
CloudGoat only
Prowler only