Kraken by ThreatMate
Request Demo

An agentic pentester that thinks like the adversary

Moving beyond traditional static scanners. Autonomous, multi-step exploit chaining designed for security consultants, MSSPs, and MSPs.

Live Pentest Metrics
--
Scans Run
--
Compromises
--
Avg Iterations
--
Domains Tested
TARGET:
sandbox targets:
TARGET:
SCANNING
0Subdomains
0Open Ports
0Endpoints
0Findings
Recon
Scan
Enumerate
Exploit
Report

Where do we send the pentest report?

Enter your email — we'll deliver the full dossier as soon as the scan completes.

> Initializing Kraken core...

> Loading autonomous exploit modules...

> System ready. Attacker-grade reasoning active.

[ LIVE_PROGRESS ] ENGAGEMENT ACTIVE Level 0
graph:// attack-tree nodes: 0
kraken:// stdout
[ KEY_FINDINGS ]
[ ENGAGEMENT COMPLETE ]
Open Full Report → ↓ DOCX

[ PLATFORM_OVERVIEW ]

Kraken is an autonomous agentic pentesting platform designed specifically for security consultants, MSSPs, and MSPs.

It provides attacker-grade dossiers without human intervention by simulating real-world adversary behavior and executing complete OODA loops.

  • FunctionUtility & Exploit Chaining
  • PricingPay-per-scan or Subscription
  • OutcomeHigher depth, lower human overhead
  • ScopeWeb, API, Cloud, Infrastructure

[ AI_REASONING ]

Kraken chains vulnerabilities into complex attack paths across web and cloud environments using advanced multi-agent reasoning.

Unlike automated scanners that flag isolated findings, Kraken contextualizes data, adapts to defenses, and executes multi-step exploits exactly as a skilled adversary would.

Evidence-based reporting delivers verifiable results with full technical precision — no noise, only actionable attack paths.

Circuit board macro — technical precision

[ CORE_VALUES ]

Autonomous Innovation

Self-directed, intelligent scanning protocols that require zero manual oversight during execution — freeing your analysts for higher-value work.

Attacker-Grade Reasoning

Simulating the lateral movement, privilege escalation, and exploit chaining methodologies used by advanced persistent threats.

Technical Precision

Evidence-based reporting strips away noise and delivers verifiable, reproducible attack paths with full technical detail.

Operational Efficiency

Designed to drastically reduce human overhead for service providers while increasing assessment depth and client coverage.

[ TARGET_ENVIRONMENT ]

Built for professional security operations that need to scale without adding headcount.

Kraken runs in the background, executing vulnerability chaining and OODA loops to map your client's attack surface before the adversary does — and produces a client-ready PDF report automatically.

View Pricing Request Demo
Security operations center analyst

[ PRICING ]

Simple, transparent pricing. No retainer required. Start free and scale with your engagements.

Starter
Trial
$0
  • 1 scan included
  • Limited scope
  • Sandbox environments
  • Full dossier included
  • No credit card required
Most Popular
Pay-As-You-Go
$7/scan
  • 50-scan pack · $350 minimum
  • Valid for 1 year
  • Up to 50 domains per pack
  • Full PDF + JSON report
  • Email support
For MSSPs
Continuous
$2/IP/mo
  • Up to 100 IPs · fixed list
  • Weekly pentest per IP
  • $200/mo minimum (100 IP-slots)
  • Auto-scheduled · no manual trigger
  • Full PDF + JSON report per IP

Authorized security testing only. All plans include access to Kraken's agentic pentesting capabilities across web, AWS, and Azure environments.

[ ATTACK_SURFACE ] vulnerability classes tested
OWASP A01
Broken Access Control
IDOR, privilege escalation, forced browsing, CORS misconfig. Tests every role boundary and object reference for unauthorized access paths.
OWASP A03
Injection & SSRF
SQL injection, command injection, SSRF to internal metadata services. Crafts context-aware payloads, chains SSRF to cloud IMDS for credential extraction.
OWASP A07
Authentication Flaws
Weak credentials, JWT forgery, session fixation, OAuth misconfigurations. Tests default creds, forges tokens, and exploits auth bypass chains.
CLOUD
Cloud Privilege Escalation
IAM policy abuse, role chaining, Lambda code extraction, storage key leaks. Enumerates AWS & Azure attack paths from initial foothold to full compromise.
OWASP A05
Security Misconfiguration
Exposed admin panels, verbose errors, directory listings, missing security headers. Probes every endpoint for configuration weaknesses.
OWASP A08
Data Exposure & Secrets
Leaked API keys, hardcoded credentials in source, exposed .env files, certificate transparency recon. Chains leaked secrets to deeper access.
CHAIN
Multi-Step Exploit Chains
Combines low-severity findings into critical attack paths. Staging subdomain CORS + token replay, SSRF + IMDS + role assumption. Paths no scanner finds.
OWASP A09
Logging & Monitoring Gaps
Identifies where your detection fails. Tests whether exploit activity triggers alerts, verifies audit trails, and maps blind spots in your SIEM coverage.
OWASP A03
XSS & Template Injection
Reflected, stored, and DOM-based XSS. Server-side template injection via Jinja2, Twig, and ERB. Escalates SSTI to remote code execution on the host.
OWASP A08
Insecure Deserialization
Python pickle, PHP object injection, Java deserialization. Crafts serialized payloads that achieve RCE through untrusted data unmarshalling.
OWASP A02
Cryptographic Failures
Padding oracle attacks, AES-CBC without MAC, weak JWT signing. Identifies exploitable crypto weaknesses and recovers plaintext or forges tokens.
UPLOAD
File Upload & LFI-to-RCE
Bypasses extension filters, MIME checks, and magic-byte validation. Chains local file inclusion with log poisoning to achieve remote code execution.
GRAPHQL
GraphQL & API Abuse
Introspection leaks, query depth attacks, field-level authorization bypass. Enumerates hidden schemas and extracts data through nested query manipulation.
CVE
Known CVE Exploitation
Apache path traversal (CVE-2021-41773), CGI-bin RCE, and other known vulns. Fingerprints server versions and deploys targeted, version-specific exploits.
RACE
Race Conditions & Logic Flaws
TOCTOU exploits, concurrent request abuse, business logic bypass. Fires parallel requests to exploit timing windows in state-changing operations.
RECON
Information Disclosure
Exposed .env and .git directories, directory listings, verbose stack traces, certificate transparency recon. Discovers secrets that unlock deeper attack paths.
[ ARCHIVE ] my pentest reports

Your completed engagements — viewable and downloadable at any time.