A lightweight Python module to interact with the Mitre Att&ck Enterprise dataset.

Overview

PyPI version License: MIT image

enterpriseattack - Mitre's Enterprise Att&ck

A lightweight Python module to interact with the Mitre Att&ck Enterprise dataset. Built to be used in production applications due to it's speed and minimal depedancies. Read the docs for more info.

Mitre Att&ck

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

Dependancies

  • Python 3.x
  • ujson >= 3.0.0
  • requests >= 2.9.2

Installation

Install via Pip:

pip install enterpriseattack

Alternatively clone the repository:

git clone https://github.com/xakepnz/enterpriseattack.git
cd enterpriseattack
python3 setup.py install

(back to top)

Usage

Initialise an Attack object:

import enterpriseattack

attack = enterpriseattack.Attack()

Example: Iterate over tactics/techniques/sub_techniques:

for tactic in attack.tactics:
   print(tactic.name)
   for technique in tactic.techniques:
      print(technique.name)
      print(technique.detection)

for software in attack.software:
    for technique in software.techniques:
        for sub_technique in technique.sub_techniques:
            print(software.name, technique.name, sub_technique.name)

For more examples, please refer to the Documentation

(back to top)

Comments
  • Sub Techniques not correctly mapped? Issue while retrieving

    Sub Techniques not correctly mapped? Issue while retrieving "sub_techniques" attribute of a specific technique

    The following code should print the sub techniques of the first listed technique (Abuse Elevation Control Mechanism, at the moment): print(next(iter(attack.techniques)).sub_techniques) However, it prints ALL the subtechniques of the entire Mitre ATT&CK framework. The following code gets ALL the subtechniques as well: next(iter(next(iter(attack.groups)).techniques)).sub_techniques It looks like every technique has the whole set of subtechniques as its child, instead of the correct subtechniques.

    bug 
    opened by sibkyd 3
  • [BUG]: The techniques used by some groups seem to be missing

    [BUG]: The techniques used by some groups seem to be missing

    What happened?

    Here is a small script to output the techniques used by a particular group:

    #!/usr/bin/env python
    
    
    from __future__ import print_function
    
    
    __description__ = 'Display the techniques used by an APT group'
    __license__ = 'GPL'
    __VERSION__ = '1.0.0'
    
    
    from argparse import ArgumentParser
    from enterpriseattack import Attack
    
    
    def get_techniques(attack, group_id):
        for group in attack.groups:
            if group.id != group_id:
                continue
            techniques = []
            for technique in group.techniques:
                if technique.deprecated:
                    continue
                if len(technique.sub_techniques):
                    for subtechnique in technique.sub_techniques:
                        techniques.append(subtechnique.id)
                else:
                    techniques.append(technique.id)
            return techniques
    
    
    def main():
        parser = ArgumentParser(description=__description__)
        parser.add_argument('-v', '--version', action='version',
                            version='%(prog)s version {}'.format(__VERSION__))
        parser.add_argument('GID', nargs='+',
                            help='APT group ID')
        args = parser.parse_args()
        attack = Attack()
        for group_id in args.GID:
            techniques = get_techniques(attack, group_id)
            print('{}: {}'.format(group_id, ', '.join(techniques)))
    
    
    if __name__ == '__main__':
        main()
    

    If we use it for APT group G0001, it works fine:

    G0001: T1203, T1005, T1003.002, T1003.003, T1003.004, T1003.005, T1003.001, T1003.006, T1003.007, T1003.008, T1078.003, T1078.002, T1078.004, T1078.001, T1189, T1566.003, T1566.001, T1566.002, T1553.006, T1553.004, T1553.001, T1553.005, T1553.002, T1553.003, T1190, T1560.003, T1560.001, T1560.002
    

    But if we use it for APT group G0002, the result is empty:

    G0002:
    

    However, if we go to MITRE's site, we see that group G0002 is supposed to be using the technique T1027.001.

    Maybe this is some deficiency in the data? Or is it the result of a data parsing bug?

    Version

    0.1.6 (Default)

    Relevant log output

    No response

    bug 
    opened by bontchev 2
  • [BUG]: Subscriptable objects doesn't seem to work

    [BUG]: Subscriptable objects doesn't seem to work

    What happened?

    Using the example from the documentation:

    import enterpriseattack
    attack = enterpriseattack.Attack(subscriptable=True)
    wizard_spider = attack.groups.get('Wizard Spider')
    

    results in the error

    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
    AttributeError: 'list' object has no attribute 'get'
    

    Version

    0.1.6

    Relevant log output

    No response

    bug 
    opened by bontchev 2
  • Feature/0.1.7

    Feature/0.1.7

    Description:

    Issue raised in #14 whereby Group objects did not have sub techniques.

    Created a new sub_techniques property: https://github.com/xakepnz/enterpriseattack/blob/75b9fb0800e070b7b543b3b38abde774d59b5c02/enterpriseattack/group.py#L71-L94

    Tests for change: https://github.com/xakepnz/enterpriseattack/blob/75b9fb0800e070b7b543b3b38abde774d59b5c02/tests/test_groupsubs.py#L15-L16

    opened by xakepnz 0
  • Feature/0.1.6

    Feature/0.1.6

    Description

    • Add more tests for code coverage (#9) - 380cec3
    • Implement MITRE ATT&CK campaigns (#8) - 1f5630e
    • Add software & groups to campaigns (#8) - cc9a6f9
    • Alter the GitHub templates (#7) - 327b98d
    • Create Subscriptable objects in the main Attack class (#6) - c99c712
    • Allow users to harcode MITRE ATT&CK data versioning (#5) - d7b5318
    opened by xakepnz 0
  • Subscript objects

    Subscript objects

    Make objects subscriptable eg:

    >>> attack = enterpriseattack.Attack()
    >>> spider = attack.groups['Wizard Spider']
    >>> spider.name
    'Wizard Spider'
    

    VS:

    >>> attack = enterpriseattack.Attack()
    >>> spider = None
    >>> for group in attack.groups:
    ...     if group.name == 'Wizard Spider':
    ...             spider = group
    ...
    >>> spider.name
    'Wizard Spider'
    
    enhancement 
    opened by xakepnz 0
  • [FEATURE]: Support the other matrices too

    [FEATURE]: Support the other matrices too

    Feature Details

    Would be nice to have support for the other two matrices (Mobile and ICS) besides Enterprise. Although this would probably require some serious re-design.

    enhancement 
    opened by bontchev 0
Releases(v.0.1.7)
  • v.0.1.7(Dec 28, 2022)

    New:

    • Added sub_techniques property to Group objects (#14) - 29232d2
      • It was discovered in #14 that Group objects did not have the sub_techniques property available.
    • Added test for group sub_techniques iterations (#14) - a94394dc
    Source code(tar.gz)
    Source code(zip)
  • v.0.1.6(Dec 19, 2022)

    Changes:

    • Alter the GitHub templates (#7) - 327b98d

    New:

    • Add more tests for code coverage (#9) - 380cec3
    • Implement MITRE ATT&CK campaigns (#8) - 1f5630e
    • Add software & groups to campaigns (#8) - cc9a6f9
    • Create Subscriptable objects in the main Attack class (#6) - c99c712
    • Allow users to hardcode MITRE ATT&CK data versioning (#5) - d7b5318
    Source code(tar.gz)
    Source code(zip)
  • v.0.1.5(Mar 14, 2022)

  • v0.1.4(Mar 13, 2022)

    Modified

    • Cleaned up code line lengths
    • Fixed techniques mitigations
    • Ordered imports by type

    Added

    • Created component.py with Component class separate to Data source
    • Added tools & malware & software & components to techniques
    • Added tools & malware & tactics to groups
    • Added tools & malware & software & components & tactics to sub_techniques
    • Added tactics to software
    • Added tactics to mitigations
    • Created Code build tests with Travis CI
    • Added tactics & techniques to components
    Source code(tar.gz)
    Source code(zip)
  • v.0.1.3(Mar 11, 2022)

    Modified:

    • Converted format strings to f strings for readability/speed.
    • Updated README.md with more examples

    Added:

    • Allow proxy args to Attack() for proxy-passing.
    Source code(tar.gz)
    Source code(zip)
  • v.0.1.2(Dec 4, 2021)

    Fixed issue: https://github.com/xakepnz/enterpriseattack/issues/1

    • Issue related to all sub techniques being grouped under each technique, instead of relevant sub techniques. Fixed typo with ReadMe Documentation link
    Source code(tar.gz)
    Source code(zip)
Owner
xakepnz
Русский интернет волшебник.
xakepnz
A webapp for taking fast notes, designed for business, school, and collaboration with groups.

JOTS Journal of the Session A webapp for taking fast notes, designed for business, school, and collaboration with groups.

Zebadiah S. Taylor 2 Jun 10, 2022
Fix Eitaa Messenger's Font Problem on Linux

Fix Eitaa Messenger's Font Problem on Linux

6 Oct 15, 2022
The semi-complete teardown of Cosmo's Cosmic Adventure.

The semi-complete teardown of Cosmo's Cosmic Adventure.

Scott Smitelli 10 Dec 02, 2022
A desktop app to check the unlocked courses bases on previously done courses.

Course Picker A desktop app to check the unlocked courses bases on previously done courses. Table of contents About the Project Built with What it doe

Ahmed Symum Swapno 3 Feb 07, 2022
Tc-python - A Python script to receive message from a twitch chat

Twitch-Chat 📜 I did a script in Python to receive messages from a twitch chat.

miyucode 2 May 31, 2022
Package to provide translation methods for pyramid, and means to reload translations without stopping the application

Package to provide translation methods for pyramid, and means to reload translations without stopping the application

Grzegorz Śliwiński 4 Nov 20, 2022
Scraper pour les offres de stage Tesla et les notes sur Oasis (Polytech Paris-Saclay) sous forme de bot Discord

Scraper pour les offres de stage Tesla et les notes sur Oasis (Polytech Paris-Saclay) sous forme de bot Discord

Alexandre Malfreyt 1 Jan 21, 2022
A Python version of Canvacord

A copy of canvacord made in python! Table of contents Installation Examples Creating Images Links Downloads Installation Run any of these commands in

10 Mar 28, 2022
Материалы для курса VK Углубленный Python, весна 2022

VK Углубленный Python, весна 2022 Материалы для курса VK Углубленный Python, весна 2022 Лекции и материалы (слайды, домашки, код с занятий) Введение,

10 Nov 02, 2022
A Python package for searching journal publications and researchers

scholarpy A python package for searching journal publications and researchers Free software: MIT license Documentation: https://giswqs.github.io/schol

Qiusheng Wu 8 Mar 12, 2022
Make creating Excel XLSX files fun again

Poi: Make creating Excel XLSX files fun again. Poi helps you write Excel sheet in a declarative way, ensuring you have a better Excel writing experien

Ryan Wang 11 Apr 01, 2022
Appointment Tracker that allows user to input client information and update if needed.

Appointment-Tracker Appointment Tracker allows an assigned admin to input client information regarding their appointment and their appointment time. T

IS Coding @ KSU 1 Nov 30, 2021
Tesla App Update Differences Extractor

Tesla App Update Differences Extractor Python program that finds the differences between two versions of the Tesla App. When Tesla updates the app a l

Adrian 5 Apr 11, 2022
Um pequeno painel de consulta

Spynel Um pequeno painel com consultas de: IP CEP PLACA CNPJ OBS: caso execute o script pelo termux, recomendo que use o da F-Droid por ser mais atual

Spyware 12 Oct 25, 2022
Simple Crud Python vs MySQL

Simple Crud Python vs MySQL The idea came when I was studying MySQ... A desire to create a python program that can give access to a "localhost" databa

Lucas 1 Jan 21, 2022
A cookiecutter to start a Python package with flawless practices and a magical workflow 🧙🏼‍♂️

PyPackage Cookiecutter This repository is a cookiecutter to quickly start a Python package. It contains a ton of very useful features 🐳 : Package man

Daniel Leal 16 Dec 13, 2021
Hopefully the the next-generation backend server of bgm.tv

Hopefully the the next-generation backend server of bgm.tv

Bangumi 475 Jan 01, 2023
Modify the value and status of the records KoboToolbox

Modify the value and status of the records KoboToolbox (Modica el valor y status de los registros de KoboToolbox)

1 Oct 30, 2021
Spooky Castle Project

Spooky Castle Project Here is a repository where I have placed a few workflow scripts that could be used to automate the blender to godot sprite pipel

3 Jan 17, 2022
Canim1 - Simple python tool to search for packages without m1 wheels in poetry lockfiles

canim1 Usage Clone the repo. Run poetry install. Then you can use the tool: ❯ po

Korijn van Golen 1 Jan 25, 2022