Exploit for kage

Name: Exploit for kage
Rating: 5 (2 reviews)
2026-06-17 | CVSS 0.0
## https://sploitus.com/exploit?id=1EF2C6EE-A7AF-573F-A48E-4C1275F9AD4F
# kage

[![demo](public/demo.gif)](https://github.com/skshadan/kage/raw/main/public/kage-main.mp4)

The preview above is a clip. Click it for the full video.

A Claude Code plugin that runs a full pentest engagement from inside your coding agent. Point
it at a target and it works through recon, deep testing, exploit verification, chain-building,
judging, and writes a consolidated audit report to `./results//audit-report.md`.

Every tool runs inside a per-engagement Kali Docker container. Each host working directory
gets its own isolated sandbox, so two engagements never share state and nothing pentest-related
touches your host.

## Requirements

- Docker, running. Docker Desktop on macOS/Windows, Docker Engine on Linux.
- A Claude Code (or other Agent Skills compatible) client.
- About 3 GB of disk for the Kali image, and roughly 200 MB of idle RAM per container.

You do not need to install nmap, nuclei, subfinder, or any other tool on the host. They all
live in the container, which builds itself on first run.

## Install

Pick the method that fits how you want to use it. The skill resolves its own files across all
of them, so any of these work.

### From the marketplace (recommended)

```
/plugin marketplace add skshadan/kage
/plugin install kage@kage
```

Then invoke it with `/kage:kage` (plugin skills are namespaced as `plugin:skill`).

### Try it locally

Point Claude Code at the plugin directory for the current session:

```bash
claude --plugin-dir /path/to/kage
```

Use `/reload-plugins` after edits. Invoked as `/kage:kage`.

### As a standalone skill (shorter `/kage` command)

If you prefer to type `/kage` without the namespace, copy just the skill folder into your
skills directory:

```bash
cp -r /path/to/kage/skills/kage ~/.claude/skills/kage
```

It then loads as `/kage` in every session.

### First run

The first engagement builds the Kali image automatically (a one-time pull and build of a few
minutes). To warm it ahead of time:

```bash
cd /path/to/skill/assets/docker && docker build -t kage:latest .
```

Optionally put the container shim on your `PATH` for the management commands below:

```bash
sudo ln -sf /path/to/skill/scripts/k /usr/local/bin/k
```

## Usage

Run the agent from a clean engagement directory and call the skill:

```bash
cd ~/engagements/acme-audit
claude
> /kage:kage acme.com                 # full pipeline
> /kage:kage recon-only acme.com       # stop after recon
> /kage:kage greybox acme.com ./src    # black-box plus source context
> /kage:kage audit ./src               # white-box source audit only
```

The target can be a domain, URL, wildcard (`*.example.com`), or a local source path. Output
lands at `./results//audit-report.md`, with raw artifacts (nmap, nuclei, PoCs, verified
exploits) under `./results//`.

Drop a `./creds.md` in the engagement directory before running and the skill reads it for
target credentials, multi-account IDOR testing, and rules of engagement. A template lives at
[`skills/kage/assets/creds.sample.md`](skills/kage/assets/creds.sample.md).

### Managing sandboxes

```bash
k ls       # list all kage containers
k reset    # remove this folder's container
k prune    # remove containers whose workspace directory no longer exists
k nuke     # remove every kage container
```

## Pipeline

| Turn | Phase                            | Output                                               |
| ---- | -------------------------------- | ---------------------------------------------------- |
| 0    | Engagement setup                 | `engagement.json`, results tree                      |
| 1    | Reconnaissance                   | subdomains, live hosts, ports, URLs, tech            |
| 2    | Deep testing (parallel)          | per-class candidate findings                         |
| 3    | Exploit, verify, chain, judge    | reproducible PoCs to `judging/approved_findings.json` |
| 4    | Audit report                     | consolidated `audit-report.md`                       |

Full methodology is in [`skills/kage/references/methodology.md`](skills/kage/references/methodology.md),
judging rules in [`skills/kage/references/judging.md`](skills/kage/references/judging.md), and
escalation patterns in [`skills/kage/references/chains.md`](skills/kage/references/chains.md).

## Layout

```
kage/
├── .claude-plugin/        # plugin.json manifest and marketplace.json
└── skills/kage/
    ├── SKILL.md           # agent instructions
    ├── scripts/           # k shim, probe scripts, shared tls/browser client
    ├── agents/            # sub-agents: testers, verifier, chain-builder, judge, report-writer
    ├── references/        # methodology, judging, chains, report formatting, tools
    └── assets/            # Dockerfile, compose.yml, creds template, dorks, wordlists
```

## Scope and safety

Only test systems you own or have explicit permission to test. All output stays on your local
filesystem. `creds.md` is bind-mounted into the container but never transmitted.

## License

MIT