Home

Kraken Wiki

Kraken is a modular Bash penetration-testing orchestrator. It wires reconnaissance, port scanning, web enumeration, lightweight vulnerability checks and reporting into a single interactive menu, with structured per-session output and graceful degradation when a tool is missing.

⚠️ For educational and authorized security testing only. Always obtain explicit written permission before testing systems you do not own. See Disclaimer & Legal.

---

Start here

If you want to…	Go to
Install Kraken and its tools	Installation
Launch and drive the menu	Usage
Understand how it is built	Architecture
Read what each module does	Modules
Tune behaviour with environment vars	Configuration
Find where results are written	Output Structure
Add a new tentacle	Extending Kraken
Contribute code	Contributing
Ask a common question	FAQ

The modules at a glance

Key	Module	Summary
1	Reconnaissance	DNS (A/AAAA/MX/NS/TXT/CNAME), subdomains, WHOIS, reverse DNS
2	Port Scanning	nmap quick + service detection, /dev/tcp fallback
3	Web Enumeration	HTTP headers, parallel directory probing, tech detection, robots.txt
4	Vulnerability Assessment	SSL/TLS, allowed HTTP methods, missing security headers
5	Reporting	Aggregate the session into a plaintext and Markdown report

Design principles

• Modular tentacles. Each module under lib/modules/ is independent and replaceable. See Architecture.
• Automation-first. The interactive menu walks an operator through a full assessment in a few keystrokes.
• Lightweight. Pure Bash, no Python runtime, no daemons.
• Structured output. One folder per session, one subfolder per module/target, an aggregated report at the end. See Output Structure.
• Graceful degradation. A missing tool produces a warning, never an abort. Install only what you need.

Project links

• Repository: https://github.com/WhiteMuush/Kraken
• Author: Melvin PETIT (linktree)
• License: MIT