# Install kubehound with Homebrew

Tool for building Kubernetes attack paths. Version 1.6.7 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:kubehound
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install kubehound
```

  Evidence: local Homebrew formula metadata

## Package facts

- **Package key:** brew:kubehound
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/kubehound>
- **Version:** 1.6.7
- **Source summary:** Tool for building Kubernetes attack paths
- **Homepage:** <https://kubehound.io>
- **Repository:** <https://github.com/DataDog/KubeHound>
- **Upstream docs:** <https://kubehound.io/>
- **License:** Apache-2.0
- **Source archive:** <https://github.com/DataDog/KubeHound/archive/refs/tags/v1.6.7.tar.gz>
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- kubehound (cli)
- kubehound (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.6.7
- Local data: ok
- Upstream repository: https://github.com/DataDog/KubeHound
- Upstream latest detected: v1.6.7 (current)
- info: No package-manager update timestamp was available.
## Project history and usage

KubeHound is Datadog's open source Kubernetes attack-graph tool. It collects cluster data, computes attack paths, and stores them in a graph database so defenders and red teams can reason about multi-hop compromise paths instead of isolated findings.

### Project history

The public GitHub repository was created on May 15, 2023. Datadog Security Labs announced KubeHound on October 2, 2023, describing it as a new open source project for visualizing attack paths in Kubernetes deployments.

Datadog's 2023 Security Labs review says KubeHound was an internal project used by the adversary emulation team before it was open sourced. The documentation presents KubeHound as a graph of pods, nodes, identities, permissions, and attack techniques.

### Adoption history

KubeHound is narrower than general Kubernetes admin tools, but it entered package-manager culture quickly enough to appear in Homebrew. That packaging matters for security teams because the tool is meant to run from an analyst workstation against a selected kubeconfig context.

The project's adoption signal is strongest in Kubernetes security circles: official docs, Datadog Security Labs posts, and conference material frame it as a way to prioritize security work by graph reachability rather than scanner output volume.

### How it is used

KubeHound can select a target cluster through kubectx or through a KUBECONFIG environment variable. It ingests data from the Kubernetes API server, computes attack paths, stores results in JanusGraph, and supports graph queries through Gremlin or the KubeHound DSL.

The documentation says KubeHound can identify more than 25 attacks, including container escape and lateral movement techniques, and can answer questions such as whether a path exists from a specific container to a node or cluster-admin role.

### Why package nerds care

KubeHound is package-nerd interesting because it brings graph-security analysis into a CLI that can be installed from Homebrew beside kubectl and kubectx. It represents the Kubernetes security tooling trend from static lists toward attack-path modeling.

### Timeline

- 2023-05-15: Public GitHub repository created
- 2023-10-02: Datadog Security Labs announced KubeHound as an open source project
- 2024-01-04: Datadog's Security Labs review described KubeHound as open sourced from an internal adversary-emulation project
- 2025-11-14: v1.6.7 release published

### Related projects

- kubectx is documented as one way to select the target Kubernetes cluster.
- JanusGraph and Gremlin are the graph database and query ecosystem used for attack-path storage and analysis.
- The KubeHound documentation includes an attack reference for Kubernetes attack techniques.

### Sources

- <https://api.github.com/repos/DataDog/KubeHound>
- <https://formulae.brew.sh/formula/kubehound>
- <https://github.com/DataDog/KubeHound>
- <https://kubehound.io/>
- <https://securitylabs.datadoghq.com/articles/kubehound-identify-kubernetes-attack-paths/>
- <https://securitylabs.datadoghq.com/articles/security-labs-in-review-2023/>


## Security Notes

infrastructure mutation or orchestration signal.

- **Geiger risk:** orange / medium
- infrastructure mutation or orchestration signal

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** kubehound
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable


## Related links

- [Cloud CLI packages](https://www.automicvault.com/pkg/cloud-clis/) - Belongs to a cloud or infrastructure command family.
- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [gator](https://www.automicvault.com/pkg/brew/gator/) - Shares av.db curated category or tags: cli, kubernetes, security.
- [kube-bench](https://www.automicvault.com/pkg/brew/kube-bench/) - Shares av.db curated category or tags: cli, kubernetes, security.
- [kubescape](https://www.automicvault.com/pkg/brew/kubescape/) - Shares av.db curated category or tags: cli, kubernetes, security.
- [ksops](https://www.automicvault.com/pkg/brew/ksops/) - Shares av.db curated category or tags: cli, kubernetes, security.
- [kubeseal](https://www.automicvault.com/pkg/brew/kubeseal/) - Shares av.db curated category or tags: cli, kubernetes, security.
- [bounceback](https://www.automicvault.com/pkg/brew/bounceback/) - Shares av.db curated category or tags: cli, red-team, security.
- [checkov](https://www.automicvault.com/pkg/brew/checkov/) - Shares av.db curated category or tags: cli, kubernetes, security.
- [netfetch](https://www.automicvault.com/pkg/brew/netfetch/) - Shares av.db curated category or tags: cli, kubernetes, security.

## Combined YAML source

View the package source record on GitHub. [combined/kubehound.yml](https://github.com/automic-vault/db/blob/main/combined/kubehound.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- cross-ecosystem install command graph
