Tutorial
This tutorial walks through using Keycloak Auditor to assess a Keycloak deployment.
Prerequisites
- Python 3.10+
- Nuclei binary installed (
nucleion PATH) or specify--nuclei-path - Access to a Keycloak base URL (authorized testing only)
Install
pip install -e .
Quickstart
Enumerate public endpoints and generate a basic audit:
keycloak-auditor \
--base-url https://kc.example.com \
--realm master \
--out audit-output enumerate
keycloak-auditor \
--base-url https://kc.example.com \
--realm master audit
Run Nuclei scans using local templates and wordlists:
keycloak-auditor \
--base-url https://kc.example.com \
--realm master \
--use-wordlists \
--wordlists-dir wordlists \
--nuclei-templates nuclei-templates \
scan --workflow
Generate a final report:
keycloak-auditor \
--base-url https://kc.example.com \
--realm master report
Authenticated Enumeration
To enumerate realms, clients, roles, and more, provide a client credentials token:
keycloak-auditor \
--base-url https://kc.example.com \
--realm master \
--client-id admin-cli \
--client-secret $SECRET \
enumerate
Performance and Safety
--rate-limitcontrols HTTP/Nuclei RPS (default 5). Increase cautiously.--timeoutcontrols request timeout.--retriescontrols HTTP retries (exponential backoff).--insecuredisables TLS verification (use only in lab environments).
Outputs
Artifacts written to audit-output/ by default:
enumeration.json: Enumeration resultsaudit.json: Audit checksnuclei.json/nuclei.jsonl: Nuclei findingstargets.txt: Targets composed from wordlistsexploitation.json: Exploitation attempts/resultsreport.mdandreport.json: Consolidated reportreport.html: Interactive HTML report with chartsreport.sarif: SARIF format for CI/CD integration
Report Formats
Generate different report formats:
# All formats (default)
keycloak-auditor --base-url https://kc.example.com --realm master report
# HTML only (interactive with charts)
keycloak-auditor --base-url https://kc.example.com --realm master report --format html
# SARIF for CI/CD integration
keycloak-auditor --base-url https://kc.example.com --realm master report --format sarif
Extending the Framework
- Add Nuclei templates under
nuclei-templates/and rerun scans. - Add URLs/subdomains to
wordlists/to broaden coverage. - Implement custom checks under
keycloak_auditor/audit/and import in CLI. - Add new exploitation PoCs under
keycloak_auditor/exploitation/.