CDK vs kube-hunter
GitHub Stats
About CDK
CDK (Container penetration toolkit) is an open-source tool designed for container environment penetration testing and exploitation. It's distributed as a single static binary with zero dependencies, making it easy to deploy inside target containers during red team engagements. CDK bundles three categories of functionality: evaluation (gathering container environment information, checking capabilities, and identifying potential escape vectors), exploitation (automated container escape using techniques like mounting host filesystems, exploiting Docker socket, abusing Linux capabilities, and leveraging kernel vulnerabilities), and tools (network scanning, file transfer, reverse shell, and other post-exploitation utilities). CDK is regularly updated with new escape techniques as they're discovered, making it the most comprehensive container escape toolkit available.
About kube-hunter
kube-hunter is an open-source tool from Aqua Security that hunts for security weaknesses in Kubernetes clusters. It can run from outside the cluster (remote scanning), from a machine inside the network, or as a pod within the cluster itself to simulate different attacker perspectives. kube-hunter checks for a wide range of vulnerabilities including exposed API servers, kubelet API access, etcd access, privilege escalation paths, container escape vectors, and misconfigurations in RBAC, network policies, and pod security. Each finding includes a severity rating, description, and remediation guidance. The tool generates reports in JSON, YAML, or human-readable formats, making it easy to integrate into CI/CD pipelines or compliance workflows. kube-hunter is particularly valuable for security teams validating the hardening of their Kubernetes deployments.
Platform Support
Tags
Shared
CDK only
kube-hunter only