Container Security

CDK - Container Penetration Toolkit

An open-source container penetration toolkit designed for security researchers to uncover vulnerabilities in containerized environments.

Security Warning

CDK is a powerful security tool designed for authorized security testing only. Misuse may violate laws and regulations. Always obtain proper authorization before testing.

CDK Terminal

$./cdk evaluate

[Information Gathering - System Info]

OS: Ubuntu 20.04.3 LTS

Kernel: 5.4.0-91-generic

Container: Docker

...

[Information Gathering - Container Info]

Container Runtime: docker

AppArmor Profile: docker-default

Seccomp: enabled

User Namespace: disabled

...

$./cdk run shim-pwn

Core Capabilities

Comprehensive Container Security Toolkit

CDK provides a suite of tools for container security assessment, vulnerability detection, and penetration testing.

Container Evaluation

Automatically evaluate container security configurations and identify misconfigurations.

Escape Techniques

Test and validate container escape vulnerabilities with built-in exploitation modules.

Privilege Escalation

Discover and exploit privilege escalation paths within containerized environments.

K8s Penetration

Specialized tools for Kubernetes cluster penetration testing and security assessment.

Exploit Development

Framework for developing and testing new container security exploits.

Automated Scanning

Automate security scanning of container images and runtime environments.

Architecture

CDK Integration Architecture

Visual representation of how CDK integrates with Kubernetes and Docker environments.

Installation

Get Started with CDK

CDK is easy to install and deploy in your container environments.

Download Pre-built Binary

The easiest way to get started with CDK

$wget https://github.com/cdk-team/CDK/releases/download/v1.5.1/cdk_linux_amd64

$chmod +x cdk_linux_amd64

$./cdk_linux_amd64

Usage Examples

How to Use CDK

Explore common use cases and commands for container security assessment.

Basic Commands

$./cdk evaluate

# Evaluate the current container environment for security issues

$./cdk run

# List all available exploitation modules

$./cdk run [module-name]

# Run a specific exploitation module

Container Escape Examples

$./cdk run mount-cgroup

# Attempt to escape container using cgroup mount

$./cdk run shim-pwn

# Exploit container capabilities to escape

Kubernetes Penetration Testing

$./cdk run k8s-backdoor-daemonset

# Deploy a backdoor DaemonSet if permissions allow

$./cdk run k8s-serviceaccount-scan

# Scan for overprivileged service accounts

Documentation

Learn More About CDK

Comprehensive documentation and resources to help you master container security.

Getting Started Guide

Learn the basics of CDK and how to get started with container security assessment.

Wiki Documentation

Detailed documentation on all CDK modules, features, and exploitation techniques.

Contributing Guide

Learn how to contribute to CDK and help improve container security.

Issue Tracker

Report bugs, request features, or get help with CDK.

Contributors

Project Contributors

CDK is maintained by a dedicated team of security researchers and contributors.

Core Maintainers

Neargle

Project Lead

Cdxy