EN
ENNA

CDK

Apache-2.0

๐Ÿ“ฆ Container Security ยท Go

CDK (Container penetration toolkit) is an open-source tool designed for container environment penetration testing and exploitation. It's distributed as a single static binary with zero dependencies, making it easy to deploy inside target containers during red team engagements. CDK bundles three categories of functionality: evaluation (gathering container environment information, checking capabilities, and identifying potential escape vectors), exploitation (automated container escape using techniques like mounting host filesystems, exploiting Docker socket, abusing Linux capabilities, and leveraging kernel vulnerabilities), and tools (network scanning, file transfer, reverse shell, and other post-exploitation utilities). CDK is regularly updated with new escape techniques as they're discovered, making it the most comprehensive container escape toolkit available.

4.6kstars
599forks
16issues
Updated 1mo ago
View on GitHubOfficial Website

Installation

Download

$ Download static binary from GitHub releases

from source

$ git clone https://github.com/cdk-team/CDK.git && cd CDK && make

Use Cases

  • Evaluating container security posture by checking capabilities and mounts
  • Automated container escape via Docker socket, host mounts, and kernel exploits
  • Post-exploitation inside containers including network scanning and file transfer
  • Red team operations targeting containerized environments and Kubernetes clusters
  • Testing container isolation and security boundaries during penetration tests

Tags

container-escapedockerkubernetescapabilitiesred-teampost-exploitationblackhatcloud-nativecloud-native-securitycontainercontainer-securityexploitshacktoolshitbk8sk8s-penetration-toolkitkernel-exploitationkubernetes-securitylinuxpenetrationpenetration-testing-toolsprivilege-escalationvulnerabilities

Details

Category
๐Ÿ“ฆ Container Security
Language
Go
Repository
cdk-team/CDK
License
Apache-2.0
Platforms
๐Ÿงlinux

Links

GitHub Repository

github.com/cdk-team/CDK

Official Website

github.com/cdk-team/CDK/wiki

Releases

github.com/cdk-team/CDK/releases

Issues

github.com/cdk-team/CDK/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Alternatives & Comparisons

Falco

C++

Cloud-native runtime security. Detects threats in containers, Kubernetes, and Linux hosts using system call monitoring and custom rules.

Compare CDK vs Falco

kube-hunter

Python

Kubernetes penetration testing tool. Hunts for security weaknesses in Kubernetes clusters from inside or outside the network.

Compare CDK vs kube-hunter

Deepce

Shell

Docker enumeration and privilege escalation. Discover Docker containers, check for misconfigurations, and find escape paths.

Compare CDK vs Deepce

Dockle

Go

Container image linter. Checks Docker images for security best practices, CIS benchmarks, and Dockerfile misconfigurations.

Compare CDK vs Dockle

Syft

Go

Software Bill of Materials generator. Creates SBOMs from container images and filesystems in SPDX and CycloneDX formats.

Compare CDK vs Syft

More in Container Security

Falco

C++

Cloud-native runtime security. Detects threats in containers, Kubernetes, and Linux hosts using system call monitoring and custom rules.

runtime-securityebpfkubernetes

kube-hunter

Python

Kubernetes penetration testing tool. Hunts for security weaknesses in Kubernetes clusters from inside or outside the network.

kubernetespentestcluster-security

Deepce

Shell

Docker enumeration and privilege escalation. Discover Docker containers, check for misconfigurations, and find escape paths.

dockerenumerationprivilege-escalation

Dockle

Go

Container image linter. Checks Docker images for security best practices, CIS benchmarks, and Dockerfile misconfigurations.

dockerlintercis-benchmark

Syft

Go

Software Bill of Materials generator. Creates SBOMs from container images and filesystems in SPDX and CycloneDX formats.

sbomsupply-chainspdx