An agentic pentester
that thinks like
the adversary_
Kraken is an agentic pentester built for security consultants, MSSPs and MSPs. Paste a target, ship the engagement, hand the chained dossier to your client. No fixed checklist. No template report. Real attacker-grade reasoning, on tap.
Target
kraken@ops ~ $
demo targets:
By authorizing the scan I agree to ThreatMate's Privacy Policy, Terms of Use, and Acceptable Use Policy.
STATS pentest metrics
All Kraken Pentests
--
scans run
--
avg iterations
--
compromises
--
domains tested
My Kraken Pentests
Sign in to view your pentest stats
COMPROMISE SCALE severity levels
L0
No Access
Reconnaissance only. Target surface mapped but no exploitable vulnerabilities confirmed.
— scans
▶
L1
Information Leak
Sensitive data exposed — credentials, API keys, internal paths, or configuration files retrieved.
— scans
▶
L2
Authenticated Access
Gained authenticated access via credential reuse, default creds, session hijacking, or auth bypass.
— scans
▶
L3
Significant Access
Deep access achieved — database dumps, admin panels, cloud resource enumeration, or lateral movement.
— scans
▶
L4
Full Compromise
Complete system takeover — remote code execution, IAM privilege escalation, or full cloud account control.
— scans
SPECS operator loadout
Pioneer Model
Leads complex multi-step cloud attack chains. Handles lateral movement, privilege escalation, and chained exploits.
Executor Model
Handles generic web application testing. Fast reconnaissance, endpoint probing, and vulnerability validation.
Iteration Max
Each scan runs up to the selected number of attack iterations. The agent adapts its strategy based on findings from prior steps.
Supported Targets
Web Applications
AWS
Azure
engagement::active
COMPROMISE ACHIEVEDLevel 0
graph:// attack-tree
nodes: 0
kraken:// stdout
[SYS]
Kraken ready. Waiting for target...
Key Findings
Full pentest report ready
Enter your details to unlock the complete attack chain,
evidence, and remediation recommendations.
evidence, and remediation recommendations.
No spam. ThreatMate privacy policy applies.
ATTACK SURFACE vulnerability classes
OWASP A01
Broken Access Control
IDOR, privilege escalation, forced browsing, CORS misconfig. Tests every role boundary and object reference for unauthorized access paths.
OWASP A03
Injection & SSRF
SQL injection, command injection, SSRF to internal metadata services. Crafts context-aware payloads, chains SSRF to cloud IMDS for credential extraction.
OWASP A07
Authentication Flaws
Weak credentials, JWT forgery, session fixation, OAuth misconfigurations. Tests default creds, forges tokens, and exploits auth bypass chains.
CLOUD
Cloud Privilege Escalation
IAM policy abuse, role chaining, Lambda code extraction, storage key leaks. Enumerates AWS & Azure attack paths from initial foothold to full compromise.
OWASP A05
Security Misconfiguration
Exposed admin panels, verbose errors, directory listings, missing security headers. Probes every endpoint for configuration weaknesses.
OWASP A08
Data Exposure & Secrets
Leaked API keys, hardcoded credentials in source, exposed .env files, certificate transparency recon. Chains leaked secrets to deeper access.
CHAIN
Multi-Step Exploit Chains
Combines low-severity findings into critical attack paths. Staging subdomain CORS + token replay, SSRF + IMDS + role assumption. Paths no scanner finds.
OWASP A09
Logging & Monitoring Gaps
Identifies where your detection fails. Tests whether exploit activity triggers alerts, verifies audit trails, and maps blind spots in your SIEM coverage.
OWASP A03
XSS & Template Injection
Reflected, stored, and DOM-based XSS. Server-side template injection via Jinja2, Twig, and ERB. Escalates SSTI to remote code execution on the host.
OWASP A08
Insecure Deserialization
Python pickle, PHP object injection, Java deserialization. Crafts serialized payloads that achieve RCE through untrusted data unmarshalling.
OWASP A02
Cryptographic Failures
Padding oracle attacks, AES-CBC without MAC, weak JWT signing. Identifies exploitable crypto weaknesses and recovers plaintext or forges tokens.
UPLOAD
File Upload & LFI-to-RCE
Bypasses extension filters, MIME checks, and magic-byte validation. Chains local file inclusion with log poisoning to achieve remote code execution.
GRAPHQL
GraphQL & API Abuse
Introspection leaks, query depth attacks, field-level authorization bypass. Enumerates hidden schemas and extracts data through nested query manipulation.
CVE
Known CVE Exploitation
Apache path traversal (CVE-2021-41773), CGI-bin RCE, and other known vulns. Fingerprints server versions and deploys targeted, version-specific exploits.
RACE
Race Conditions & Logic Flaws
TOCTOU exploits, concurrent request abuse, business logic bypass. Fires parallel requests to exploit timing windows in state-changing operations.
RECON
Information Disclosure
Exposed .env and .git directories, directory listings, verbose stack traces, certificate transparency recon. Discovers secrets that unlock deeper attack paths.
LICENSE operator tiers
TRIAL
free
1 scan · limited tokens
See Kraken on a real target. One engagement, capped token budget, full dossier.
▶ deploy
PAY-AS-YOU-GO
$499
/ scan
For firms running occasional depth-tests. Pay per engagement, no retainer. Higher iterations per pentest available.
▶ deploy
FIRM
$2,500
/ month · up to 30 scans
For consultancies delivering recurring engagements. ~$50/scan effective.
▶ deploy
ARCHIVE my reports
Pentest reports from your paid engagements.