To build this project, run the make command from the root folder.

Quick Build

To run quick build for Linux, you can run the following:

export PATH=$PATH:/usr/local/go/bin
go build -o agent cmd/merlinagent/main.go
go build -o server cmd/merlinserver/main.go


YARA rules

We created YARA rules that will help to catch Kubesploit binaries. The rules are written in the file kubesploit.yara.

Agent Recording

Every Go module loaded to the agent is being recorded inside the victim machine.


We created a MITRE map of the vectors attack being used by Kubesploit.

kubesploit 5 mitre pic full

Mitigation for Modules

For every module we created, we wrote its description and how to defend from it.
We sum it up in the file.


We welcome contributions of all kinds to this repository.
For instructions on how to get started and descriptions of our development workflows, please see our contributing guide.


We want to thank Russel Van Tuyl (@Ne0nd0g) for creating Merlin as an open-source that allowed us to build Kubesploit on top of it.
We also want to thank Traefik Labs (@traefik) for creating Go interpreter (“Yaegi”) that allowed us to run the Golang modules on a remote agent easily.

Share Your Thoughts And Feedback

For more comments, suggestions or questions, you can contact Eviatar Gerzi (@g3rzi) from CyberArk Labs or open an issue. You can find more projects developed by us at

Download Kubesploit

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.


Original Source