Static Scan
redcatsec opened this issue · comments
Is your feature request related to a problem? Please describe.
some time's you as Pen-Tester or Read Team Member get access to Role Definition Yaml Files and would like to do a static scan on them.
Describe the solution you would like
implementing Static Scan without the use of the API Kubernetes Client
implementing Parser for YAML File
Todo's
role.py : add parse method to create role object from a yaml file
rule.py : add parse method to create role object from a yaml file
subject : add parse method to create role object from a yaml file
utils.py : add get_roles_by_kind_from_file(kind) that open file and parse all Yaml File and create objects from the data
utils.py : add get_risky_role_by_kind_from_file(kind,roles) same as get_risky_role_by_kind but using get_roles_by_kind_from_file
kubiscan.py : add args for the new feature
Hi @aasyria,
Thank you for your suggestion, this is a great idea, like offline scan.
I will need to see how we can do it because this is something that will require time.
Meanwhile, we have other tool called "kubernetes-rbac-audit" which work on offline roles, this is I think exactly what you need.
Please see if this provides you a workaround for now.
Hi @aasyria,
Thank you for your suggestion, this is a great idea, like offline scan. I will need to see how we can do it because this is something that will require time.
Meanwhile, we have other tool called "kubernetes-rbac-audit" which work on offline roles, this is I think exactly what you need. Please see if this provides you a workaround for now.
yes something like this .
you can just try to merge both tools togther.