{"id":13757420,"url":"https://github.com/cyberark/kubernetes-rbac-audit","last_synced_at":"2025-04-07T15:11:24.114Z","repository":{"id":41542164,"uuid":"200913273","full_name":"cyberark/kubernetes-rbac-audit","owner":"cyberark","description":"Tool for auditing RBACs in Kubernetes","archived":false,"fork":false,"pushed_at":"2024-02-05T12:58:06.000Z","size":111,"stargazers_count":216,"open_issues_count":10,"forks_count":61,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-31T13:18:40.905Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cyberark.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2019-08-06T19:37:42.000Z","updated_at":"2025-03-25T14:46:34.000Z","dependencies_parsed_at":"2024-04-18T11:47:02.790Z","dependency_job_id":"dbfc7a45-332a-4dd2-9f26-a73cb3c3eaed","html_url":"https://github.com/cyberark/kubernetes-rbac-audit","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fkubernetes-rbac-audit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fkubernetes-rbac-audit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fkubernetes-rbac-audit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Fkubernetes-rbac-audit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cyberark","download_url":"https://codeload.github.com/cyberark/kubernetes-rbac-audit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247675609,"owners_count":20977378,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T12:00:37.368Z","updated_at":"2025-04-07T15:11:24.097Z","avatar_url":"https://github.com/cyberark.png","language":"Python","funding_links":[],"categories":["Other Awesome Lists","Open Source Projects","Tools"],"sub_categories":["Subdomain Takeover","Kubernetes"],"readme":"# ExtensiveRoleCheck\n\n`ExtensiveRoleCheck` is a Python tool that scans the Kubernetes RBAC for risky roles. The tool is a part of the \"Kubernetes Pentest Methdology\" blog post series.\n```\nusage: ExtensiveRoleCheck.py [-h] [--clusterRole CLUSTERROLE] [--role ROLE]  \n                           [--rolebindings ROLEBINDINGS]  \n                           [--cluseterolebindings CLUSETEROLEBINDINGS]\n```\n\n\n## Overview\n\n**Status**: Alpha\n\nThe RBAC API is a set of roles that administrators can configure to limit access to the Kubernetes resources. The *ExtensiveRoleCheck* automates the searching process and outputs the risky roles and rolebindings found in the RBAC API. \n\n## Requirements:\n*ExtensiveRoleCheck* requires python3\n\n*ExtensiveRoleCheck* works in offline mode. This means that you should first export the following `JSON` from your Kubernetes cluster configuration:\n\n - Roles \n - ClusterRoles \n - RoleBindings \n - ClusterRoleBindings\n\nTo export those files you will need access permissions in the Kubernetes cluster. To export them, you might use the following commands:\n**Export RBAC Roles:**\n```\nkubectl get roles --all-namespaces -o json \u003e Roles.json\n```\n**Export RBAC ClusterRoles:**\n```\nkubectl get clusterroles -o json \u003e clusterroles.json\n```\n**Export RBAC RolesBindings:**\n```\nkubectl get rolebindings --all-namespaces -o json \u003e rolebindings.json\n```\n**Export RBAC Cluster RolesBindings:**\n```\nkubectl get clusterrolebindings -o json \u003e clusterrolebindings.json\n```\n##  example \u0026 output:\n**Usage**\n```\npython ExtensiveRoleCheck.py --clusterRole clusterroles.json  --role Roles.json --rolebindings rolebindings.json --cluseterolebindings clusterrolebindings.json\n```\n![Output example](https://github.com/cyberark/kubernetes-rbac-audit/blob/master/output-example.png)\n\n##  Maintainers:\nOr Ida: or.ida@cyberark.com\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberark%2Fkubernetes-rbac-audit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyberark%2Fkubernetes-rbac-audit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberark%2Fkubernetes-rbac-audit/lists"}