git404hub

what is cdk fr?

cdk-team/cdk — explained in plain English

Analysis updated 2026-06-26

4,654GoAudience · ops devopsComplexity · 4/5Setup · easy

tl;dr

CDK is an authorized security testing toolkit for Docker and Kubernetes containers, it scans for misconfigurations and tests known container escape techniques as a single dependency-free binary.

vibe map

mindmap
  root((cdk))
    What it does
      Container security audit
      Escape exploit PoCs
      Network recon
    Tech stack
      Go
      Docker
      Kubernetes
      containerd
    Modes
      Evaluate
      Exploit
      Tool utilities
    Vulnerabilities covered
      CVE-2019-5736
      CVE-2020-15257
      cgroup escapes
      Docker socket abuse
    Networking tools
      Port scanner
      Kubernetes API client
      etcd client
      TCP tunnels

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Run an automated security audit of a container to check for dangerous Linux capabilities, exposed mounts, and Kubernetes credential leaks.

VIBE 2

Test whether a container is vulnerable to CVE-2019-5736 (runc escape) or Docker socket abuse in a controlled lab environment.

VIBE 3

Use the built-in networking tools (port scanner, etcd client) when the target container lacks standard Unix diagnostic utilities.

VIBE 4

Simulate lateral movement within a compromised Kubernetes cluster to validate your detection and response capabilities.

what's the stack?

GoDockerKubernetescontainerdLinux

how it stacks up fr

cdk-team/cdkopen-telemetry/opentelemetry-collector-contribcrazy-max/diun
Stars4,6544,6544,653
LanguageGoGoGo
Setup difficultyeasymoderatemoderate
Complexity4/54/52/5
Audienceops devopsops devopsops devops

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · easy time til it works · 5min

Single static binary, no dependencies required, drop into any container and run immediately.

For authorized security testing only, using against targets without permission is illegal per the repo's own disclaimer.

in plain english

CDK is a security testing toolkit for container environments, specifically Docker, Kubernetes, and containerd. The README includes a legal disclaimer that it is intended for authorized security testing only and that using it against targets without permission is illegal. It was presented at Black Hat, a major security research conference. The tool is distributed as a single compiled binary with no dependencies on the operating system it runs in. This design is intentional: containerized environments often run stripped-down base images that lack common Unix tools, so CDK brings its own versions of utilities like netcat, ifconfig, and a text editor. You download the binary and drop it into the container you are testing. CDK has three main modes. The evaluate mode scans the container environment and reports on potential weaknesses: what Linux capabilities the process has, what file system mounts are accessible, whether Kubernetes service account credentials are present, whether cloud provider metadata endpoints are reachable, and similar indicators that a real attacker would look for. After running evaluate, it recommends specific exploits to try. The exploit mode provides proof-of-concept implementations of known container escape techniques, covering vulnerabilities in Docker's runtime (CVE-2019-5736), in containerd (CVE-2020-15257), in the cgroup subsystem, and in misconfigured setups where the Docker socket is accessible from inside the container. It also includes techniques for moving laterally within a Kubernetes cluster once a container is compromised. The tool module adds networking utilities: a port scanner, a way to make API calls to the Kubernetes API server, a client for querying etcd (the Kubernetes configuration database), and support for creating TCP tunnels. These fill the gap when the target container does not have the usual network diagnostic tools installed.

prompts (copy fr)

prompt 1
I am doing an authorized pentest of a Docker container. Show me how to run CDK in evaluate mode and interpret the output to find escape vectors.
prompt 2
How do I use CDK to test whether a container is vulnerable to the Docker socket escape technique in a lab environment?
prompt 3
Walk me through using CDK's Kubernetes API client to list service accounts and secrets from inside a compromised pod.
prompt 4
How do I set up a TCP tunnel using CDK to forward traffic out of a containerized environment during an authorized red team exercise?

Frequently asked questions

what is cdk fr?

CDK is an authorized security testing toolkit for Docker and Kubernetes containers, it scans for misconfigurations and tests known container escape techniques as a single dependency-free binary.

What language is cdk written in?

Mainly Go. The stack also includes Go, Docker, Kubernetes.

What license does cdk use?

For authorized security testing only, using against targets without permission is illegal per the repo's own disclaimer.

How hard is cdk to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is cdk for?

Mainly ops devops.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.