Network threat simulation for Kubernetes. Deploy real attack patterns. Detect them.
K8s Mule deploys workloads that generate real malicious network traffic patterns into your Kubernetes cluster — DNS tunneling, C2 beaconing, credential theft, cryptomining, lateral movement, and more. Every scenario maps to a MITRE ATT&CK technique and produces traffic that any network security tool can detect.
Use it to:
- Train security teams on what real Kubernetes attacks look like on the wire
- Validate detection tools — does your SIEM/NDR/CNAPP actually catch these?
- Benchmark AI agents — challenge AI-powered security tools to find the threats
- Learn threat hunting — practice with known-answer scenarios at three difficulty levels
Warning: K8s Mule deploys intentionally malicious workloads. Do NOT run alongside production environments. Use a dedicated test cluster.
git clone https://github.com/kubeshark/k8s-mule.git
cd k8s-mule
# Deploy all 22 threat scenarios
./setup-k8s-mule.sh
# Or start with easy mode (5 obvious threats)
./setup-k8s-mule.sh -s easy
# Clean up — removes everything
./teardown-k8s-mule.shPrerequisites: kubectl (configured), helm v3+, a running Kubernetes cluster (kind, EKS, GKE, AKS).
22 pods generating real network threat patterns across 7 MITRE ATT&CK tactics:
| ID | Scenario | Difficulty | What It Does |
|---|---|---|---|
| NET-001 | DGA Beaconing | Medium | Queries algorithmically generated random domains — classic malware behavior |
| NET-002 | HTTP C2 Beacon | Medium | Periodic HTTP callbacks to an external C2 server with encoded session IDs |
| NET-003 | Encrypted C2 | Hard | HTTPS to suspicious domains — encrypted but DNS/SNI reveals intent |
| NET-004 | DNS-over-HTTPS C2 | Hard | Bypasses cluster DNS via Cloudflare/Google DoH resolvers |
| ID | Scenario | Difficulty | What It Does |
|---|---|---|---|
| NET-005 | DNS Tunneling | Medium | High-frequency DNS with base64-encoded subdomains — iodine/dnscat2 style |
| NET-006 | HTTP Header Exfil | Hard | Data hidden in Cookie and X-Trace-ID headers, disguised as analytics |
| NET-007 | DNS Credential Theft | Medium | Stolen JWT tokens encoded in DNS TXT queries |
| NET-008 | gRPC Stream Exfil | Hard | Data exfiltration via gRPC POST — blends with normal microservice traffic |
| ID | Scenario | Difficulty | What It Does |
|---|---|---|---|
| NET-009 | K8s API Enumeration | Medium | Pod with cluster-admin enumerates secrets, RBAC, pods across all namespaces |
| NET-010 | SSRF to Internals | Medium | Probes kube-dns metrics, Prometheus, Grafana across namespaces |
| NET-011 | Port Scanning | Easy | TCP SYN sweep across 20 IPs on 9 common service ports |
| NET-012 | Service Fingerprinting | Medium | HTTP probes to /version, /.env, /actuator/info across services |
| ID | Scenario | Difficulty | What It Does |
|---|---|---|---|
| NET-013 | IMDS Metadata Theft | Easy | Queries AWS metadata service (169.254.169.254) to steal IAM credentials |
| NET-014 | Cloud API Abuse | Medium | Direct calls to AWS STS/S3/EC2 APIs with stolen credentials |
| ID | Scenario | Difficulty | What It Does |
|---|---|---|---|
| NET-015 | Stratum Mining | Medium | Sends realistic Stratum JSON-RPC mining protocol messages |
| NET-016 | Mining Pool DNS | Easy | Resolves known mining pool domains (minexmr, nanopool) |
| NET-017 | WebSocket Mining | Hard | Mining via WebSocket upgrade on standard ports |
| ID | Scenario | Difficulty | What It Does |
|---|---|---|---|
| NET-018 | SQL Injection (PG) | Medium | UNION SELECT and pg_shadow queries via PostgreSQL wire protocol |
| NET-019 | Redis Unauth Access | Easy | CONFIG GET *, KEYS *, CLIENT LIST on unauthenticated Redis |
| NET-020 | Database Destruction | Medium | SELECT * (theft) then TRUNCATE (destruction) — ransomware pattern |
| ID | Scenario | Difficulty | What It Does |
|---|---|---|---|
| NET-021 | DNS Zone Enumeration | Easy | Brute-force DNS across namespaces with SRV lookups and AXFR attempts |
| NET-022 | gRPC Reflection Enum | Medium | Probes gRPC server reflection to discover API surfaces |
| Level | Scenarios | What Makes It Easy/Hard |
|---|---|---|
| Easy (5) | Port scan, IMDS, mining DNS, Redis, DNS enum | Unmistakable signals: known-bad IPs, ports, protocols |
| Medium (12) | DGA, C2 beacon, DNS tunnel, API enum, SQL injection, ... | Requires correlation: DNS entropy + domain names, protocol inspection |
| Hard (5) | Encrypted C2, DoH bypass, header exfil, gRPC exfil, WS mining | Mimics legitimate traffic, standard ports, low volume |
./setup-k8s-mule.sh -s easy # Start here
./setup-k8s-mule.sh -s medium # For experienced teams
./setup-k8s-mule.sh -s hard # All 22 — the full challengeK8s Mule is tool-agnostic. Any network security tool that inspects Kubernetes traffic can be tested against these scenarios:
The scenarios generate standard traffic patterns detectable by:
- NDR/NTA tools (Darktrace, ExtraHop, Vectra) — L4 flow anomalies, DNS analysis
- CNAPPs (Wiz, Prisma Cloud, Aqua) — runtime threat detection
- eBPF-based tools (Falco, Tetragon, Tracee) — syscall and network monitoring
- SIEM (Splunk, Elastic) — with network flow ingestion
- Manual analysis (Wireshark, tcpdump) — PCAP capture and inspection
Kubeshark provides the deepest visibility — real-time L7 protocol dissection of all cluster traffic including DNS, HTTP, PostgreSQL, Redis, gRPC, and 15+ other protocols. Combined with AI agent skills, it can run an automated security audit:
# Install Kubeshark
helm install kubeshark kubeshark/kubeshark
# Install the security-audit AI skill
git clone https://github.com/kubeshark/kubeshark
cp -r kubeshark/skills/security-audit ~/.claude/skills/
# Prompt your AI agent:
# "Run a security audit on the k8s-mule namespace and generate a PDF report"The security-audit skill guides AI agents through an 8-phase systematic threat sweep covering all MITRE ATT&CK tactics, producing a PDF report with evidence and remediation recommendations.
Detection results from testing:
| Test | Detection Rate | Notes |
|---|---|---|
| AI agent without skill | 7/17 (41%) | Found loud signals, missed protocol abuse |
| AI agent with security-audit skill | 13/17 (76%) | Caught SQL injection, Redis abuse, DGA, credential exfil |
Every scenario follows these principles:
- Real attack techniques — based on MITRE ATT&CK, real-world incidents, and threat intelligence
- Wire-visible — every scenario generates detectable network traffic (unlike config-only tools like Kubernetes Goat)
- Innocent names — workloads are named
batch-processor,telemetry-agent,backup-agent— notmalicious-pod - No custom images — uses
alpine:3.19with inline commands, so you can read the "malware" directly in the YAML - Self-contained — no external dependencies, no real C2 servers, no actual mining
# Only deploy the scenarios you want
helm install k8s-mule ./helm-chart \
--set scenarios.net005_dns_tunnel.enabled=true \
--set scenarios.net013_imds_access.enabled=true
# Custom namespace
./setup-k8s-mule.sh -n my-test-namespace
# Dry run — preview what would be deployed
./setup-k8s-mule.sh --dry-runThe full scenario catalog with MITRE ATT&CK mappings, detection methods, and KFL filter hints: helm-chart/scenarios.json
See CONTRIBUTING.md for guidelines on adding new threat scenarios.
k8s-mule/
├── helm-chart/
│ ├── Chart.yaml # Helm chart metadata
│ ├── values.yaml # Toggle individual scenarios
│ ├── scenarios.json # Answer key (MITRE mappings, detection hints)
│ └── templates/
│ ├── net-NNN-*.yaml # One template per threat scenario
│ └── infra-*.yaml # Supporting services (PostgreSQL, Redis)
├── scenarios/
│ ├── easy.yaml # 5 obvious threats
│ ├── medium.yaml # 17 mixed difficulty
│ └── hard.yaml # All 22
├── setup-k8s-mule.sh # Deploy
└── teardown-k8s-mule.sh # Clean up
We welcome contributions. See CONTRIBUTING.md.
Apache License 2.0. See LICENSE.