-
Notifications
You must be signed in to change notification settings - Fork 0
Output Structure
All results live under the base directory (kraken_output/ by default,
override with KRAKEN_BASE_DIR). Each session is one directory; each
module writes one subdirectory per target.
kraken_output/
└── client_acme_audit/ # a session
├── kraken.log # audit trail of every log line
├── recon_example.com/
│ ├── dns_records.txt
│ ├── subdomains.txt
│ ├── whois.txt
│ └── reverse_dns.txt
├── scan_example.com/
│ ├── nmap_quick.txt
│ ├── nmap_services.txt
│ └── bash_scan.txt # only if nmap was unavailable
├── web_example_com/
│ ├── headers.txt
│ ├── directories.txt
│ ├── technologies.txt
│ └── robots.txt
├── vuln_example.com/
│ ├── ssl_cert.txt
│ └── findings.txt
├── REPORT_20260617_143000.txt
└── REPORT_20260617_143000.md
| Pattern | Meaning |
|---|---|
<session>/ |
one engagement, named at startup |
recon_<target>/ |
reconnaissance results for a target |
scan_<target>/ |
port-scan results |
web_<host>/ |
web enumeration (host slug, ./:// → _) |
vuln_<target>/ |
vulnerability assessment |
REPORT_<timestamp>.{txt,md} |
aggregated reports |
kraken.log |
color-stripped, timestamped log of the whole session |
kraken_report_run walks this tree and builds the report from whatever
subdirectories it finds. See Reporting.
Every log_* call is mirrored into kraken.log without color codes,
prefixed with its level tag and a timestamp:
[*] 2026-06-17 14:30:01 - Launching reconnaissance module...
[+] 2026-06-17 14:30:03 - DNS records saved
[!] 2026-06-17 14:30:05 - WHOIS lookup failed
It is append-only, so resuming a session keeps a continuous record.
The default kraken_output/ directory is listed in .gitignore, along
with *.log, *.tmp and editor/OS cruft. Engagement data is never
committed.
Kraken Pentest Framework · MIT License · Maintained by Melvin PETIT · For authorized security testing only.
Getting started
Reference
Modules
Development
More