Private Team Preview
SpotterSec
SpotterSec
Team access only

This preview is password protected while the site is in review. Enter the shared password to continue.

Internal preview only. Share the access code privately with your team.
Offensive K8s Security

FIND
EXPLOIT
REPORT.

The only K8s pentest toolkit built by practitioners who run real engagements. Not a compliance scanner. Not a dashboard. A weapon.

Download Krait Free (GitHub) Book an Engagement
Live cluster output
krait v1.8.0 — prod-cluster
$ krait whoami   identity system:admin blast-radius 95/100 // CRITICAL namespaces 10 (all accessible)   $ krait md-report --format findings 493 findings exported 2 EXPLOIT-READY · 7 ESCALATION-PATH krait-findings-2026-04-16.md written   $ krait cis --section rbac ✗ FAIL 5.1.2 minimize secret access ✗ FAIL 5.1.3 wildcard roles in 4 ns ✓ PASS 5.1.5 default SA not bound   $ krait escape -n default [!] privileged:true + hostPath:/ → node escape [!] containerd.sock mounted in 2 pods
44+
Commands
62+
Rules
25+
MITRE
1file
No Deps
RBAC Escalation Container Escape Secret Harvesting Supply Chain Audit CIS Benchmark v1.8 MITRE ATT&CK Node Takeover Cloud Pivot RBAC Escalation Container Escape Secret Harvesting Supply Chain Audit CIS Benchmark v1.8 MITRE ATT&CK Node Takeover Cloud Pivot
HOW
IT
WORKS

// offensive methodology

Most K8s tools ask "are we compliant?" Krait asks "what would I do with this cluster?" That difference shows in every finding.

01
LAND & ORIENT
Drop one Python file. No installs. Run krait whoami — instant identity mapping, blast radius score, and ranked next steps. Operational in under 60 seconds.
krait whoami
02
MAP ATTACK SURFACE
Trace every exploitable path — RBAC chains to cluster-admin, escape vectors per pod, secret locations, cloud credential paths. MITRE ATT&CK labelled throughout.
krait audit && krait chain
03
CONFIRM & EXPLOIT
Container escape with exact PoC commands. RBAC escalation paths with the kubectl steps to execute them. Every finding tells you what to run, not just what's wrong.
krait escape --exec
04
DELIVER THE REPORT
Three output modes: findings export (paste into your template), full branded report, or structured JSON for Dradis/PlexTrac. One command, professional output.
krait md-report --format findings
KRAIT v1.8.0
// 44 commands · 1 file · zero pip installs
krait whoami
Post-compromise orientation — identity, blast radius, permissions, ranked next steps.
First thing
krait attack
Full attack path tracing internet → cluster-admin. MITRE labelled every step.
Offensive
krait escape
Container escape vectors per pod with PoC commands and --exec confirmation.
Offensive
krait chain
RBAC escalation chains — who reaches cluster-admin and exactly how.
RBAC
krait loot
Secret enumeration with 33 credential classifiers — AWS, GCP, Azure, Vault, GitHub.
Offensive
krait cis
CIS Kubernetes Benchmark v1.8 — top 20 controls, JSON output, section filtering.
Compliance
krait sbom
CycloneDX or SPDX SBOM for every running image. Grype/Trivy compatible.
Supply Chain
krait md-report
Three formats: findings export, full branded report, JSON for Dradis/PlexTrac.
Reporting
krait --stealth audit
6 grouped API calls, randomised order, 0.8–2.5s jitter. Looks like admin traffic.
Red Team
// Personal
$0

Free forever for personal use, research, and internal assessments. Non-commercial.

  • Full krait.py — all 44 commands
  • CIS Benchmark, SBOM generation
  • Static YAML scanner + CI mode
  • Community support via GitHub
Download Free (GitHub)
// Pro — Most Popular
$149/mo

For pentesters billing clients. Save hours per engagement. Full commercial license.

  • Everything in Personal
  • PDF reports + custom firm branding
  • Priority CVE feed updates
  • Pentest methodology templates
  • Commercial license — bill clients
  • Email support
Start Pro Trial
// Firm
$499/mo

For security firms running multiple K8s engagements with multiple consultants.

  • Everything in Pro
  • Unlimited consultant seats
  • White-label report output
  • Client findings portal
  • Slack support + quarterly updates
Contact Sales
// 01
K8s PENTEST

Full offensive assessment of your Kubernetes cluster. RBAC enumeration, escape vector analysis, attack path tracing, credential audit. Professional report with prioritised findings and remediation YAML.

Starting at $6,000 per engagement
// 02
RED TEAM

Assume-breach scenario. We land with a constrained identity and attempt to reach your highest-value assets. Full attack narrative, TTPs documented, stealth-mode assessment to test your detection.

Starting at $12,000 per engagement
// 03
REMEDIATION REVIEW

Already have findings? We validate fixes and provide formal attestation that issues are resolved. Retest-focused, fast turnaround.

Starting at $2,500
// 04
K8s TRAINING

Half-day or full-day workshop for your engineering or security team. K8s attack surface, RBAC hardening, container security, and hands-on Krait usage.

Starting at $3,500 per session
READY TO SEE
WHAT AN
ATTACKERSEES?

Download Krait and run it against your cluster. Or reach out — we'll tell you exactly what's exploitable.

Download Krait Free (GitHub)
hello@spottersec.com

K8s penetration testing engagements, Krait Pro licenses, and team training. Response within 24 hours. Based in the US, assessments conducted remotely or on-site.

// Built by practitioners

Krait is built and maintained by offensive security engineers who run K8s pentests for a living. Every rule, every output format, every workflow — designed for real engagements.