Show HN: Kubesplaining CLI that maps RBAC privilege-escalation paths in K8s

Category: security

Tags: kubernetes, rbac, security, privilege-escalation, cli-tool

Score: 7.5/10 (Innovation: 7, Technical: 8, Documentation: 8, Utility: 7)

Kubesplaining is a Go-based CLI tool that maps RBAC privilege-escalation paths in Kubernetes clusters, showing how an attacker could move from a subject to cluster-admin or other high-value sinks. It innovatively combines graph-based escalation analysis with 41 rule IDs across 7 modules, and produces rich reports in multiple formats (HTML, JSON, CSV, SARIF), making it a compelling security assessment tool for Kubernetes environments.

Target audience: security engineers, devops, platform engineers, pentesters

Repository: https://github.com/0hardik1/Kubesplaining · Go · Apache-2.0

View on Hacker News