CDK vs Deepce
GitHub Stats
About CDK
CDK (Container penetration toolkit) is an open-source tool designed for container environment penetration testing and exploitation. It's distributed as a single static binary with zero dependencies, making it easy to deploy inside target containers during red team engagements. CDK bundles three categories of functionality: evaluation (gathering container environment information, checking capabilities, and identifying potential escape vectors), exploitation (automated container escape using techniques like mounting host filesystems, exploiting Docker socket, abusing Linux capabilities, and leveraging kernel vulnerabilities), and tools (network scanning, file transfer, reverse shell, and other post-exploitation utilities). CDK is regularly updated with new escape techniques as they're discovered, making it the most comprehensive container escape toolkit available.
About Deepce
Deepce (Docker Enumeration, Escalation of Privileges, and Container Escapes) is a tool designed to help identify vulnerable Docker installations and find potential container escape routes. Written as a portable shell script with no dependencies, it runs inside Docker containers to assess the security posture from the inside out. Deepce checks for dangerous capabilities (SYS_ADMIN, SYS_PTRACE, DAC_READ_SEARCH), mounted Docker sockets, writable host mounts, misconfigured namespaces, and known kernel vulnerabilities that enable container escapes. It also fingerprints the container environment, identifies the container runtime (Docker, Podman, LXC), checks network configuration, and enumerates neighboring containers. Its zero-dependency design makes it ideal for quick assessments during penetration tests where you land inside a container and need to assess your options.
Platform Support
Tags
Shared
CDK only
Deepce only