GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → swimlane → PSAttck

swimlane / PSAttck

Licence: MIT license
PSAttck is a light-weight framework for the MITRE ATT&CK Framework.

Programming Languages

powershell
5483 projects

Labels

hacktoberfest

PowerShell Core Windows PowerShell

PSAttck

PSAttck is a light-weight framework for the MITRE ATT&CK Framework. This package extracts details about MITRE ATT&CK Tactics, Techniques, Actors/Groups, Tools, Malware, and Mitigations provided by MITRE.

DESCRIPTION

Currently PSAttck supports the Enterprise Mitre ATT&CK Framework with future plans to support additional frameworks.

By default, PSAttck downloads data about the Mitre ATT&CK framework from an external source. Additionally, additional generated data sets are downloaded as well.

You can set an alternate path to retrieve these data sets from by using the Set-PSAttckConfiguration function.

COMPATIBILITY

PSAttck is compatible with Windows PowerShell 5 and PowerShell Core.

PSAttck utilizes PowerShell Classes to generate and create standard objects across all ATT&CK data categories.

FEATURES

The PSAttck package retrieves all Tactics, Techniques, Actors, Malware, Tools, and Mitigations from the MITRE ATT&CK Enterprise framework as well as any defined relationships within the MITRE ATT&CK dataset. In addition, Techniques, Actors, and Tools (if applicable) now have collected data from third-party resources that are accessible via properties on a technique. For more detailed information about these features, see External Datasets.

The PSAttck package allows you to:

  • Update or sync the external datasets by calling the update() method on an Attck object. By default it checks for updates every 30 days.
  • Specify a local file path for the MITRE ATT&CK Enterprise Framework json, generated dataset, and/or a config.yml file.
  • Retrieve an image_logo of an actor (when available). If an image_logo isn't available, it generates an ascii_logo.
  • Search the external dataset for external commands that are similar using search_commands.

FUNCTIONS

To see what functions are provided by PSAttck, execute the command:

Get-Command -Module PSAttck

In addition to the below functions, you can also retrieve relationship data objects defined within the Mitre ATT&CK Framework.

Available functions and their related data objects are defined below:

Get-Attck

Select an ATT&CK data type and FilterBy a property name and it's value (if desired)

Get-AttckActor

Retrieve all or a specific Actor by name

Related Data Objects:

  • Malwares
  • Tools
  • Techniques

Get-AttckMalware

Retrieve all or a specific Malware by name

Related Data Objects:

  • Techniques
  • Actors

Get-AttckMitigation

Retrieve all or a specific Mitigation by name

Related Data Objects:

  • Techniques

Get-AttckTactic

Retrieve all or a specific Tactic by name

Related Data Objects:

  • Techniques

Get-AttckTechnique

Retrieve all or a specific Technique by name

Related Data Objects:

  • Techniques
  • Actors
  • Mitigations
  • Datasets

Get-AttckTool

Retrieve all or a specific Tool by name

Related Data Objects:

  • Techniques
  • Actors

Installation

You can install PSAttk on OS X, Linux, or Windows.

Install-Module -Name PSAttck

You can also install it directly from the source. To install, see the commands under the relevant operating system heading, below.

ADDITIONAL FEATURES

PSAttck also allows you to retrieve external data sets related to Techniques.

For example, every Technique object has additional (non-standard) properties which allow you to access:

  • Commands
    • Source
    • Command
    • Name (if applicable)
  • CommandList
    • command from Commands['command']
  • RawDatasets
    • Raw dataset data
  • Queries
    • Product
    • Query
    • Name (if applicable)
  • RawDetections
    • Raw detection data source

Running the tests

Tests within this project should cover all available properties and methods. As this project grows the tests will become more robust but for now we are testing that they exist and return outputs.

Contributing

Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.

Versioning

We use SemVer for versioning.

Change Log

Please read CHANGELOG.md for details on features for a specific version of PSAttck

License

This project is licensed under the MIT License - see the LICENSE file for details

FEEDBACK

Please submit any feedback, including defects and enhancement requests at:

Issues

CREDITS

This is a list of people and/or groups who have directly or indirectly helped by offering significant suggestions & code without which PSAttck would be a lesser product. In no particular order:

Name: Mathias Jessen Twitter: @IISResetMe Blog: https://blog.iisreset.me/

Authors

See also the list of contributors who participated in this project.

Acknowledgments

First of all, I would like to thank everyone who contributes to open-source projects, especially the maintainers and creators of these projects. Without them, this capability would not be possible.

This data set is generated from many different sources. As we continue to add more sources, we will continue to add them here. Again thank you to all of these projects. In no particular order, PSAttck utilizes data from the following projects:

SEE ALSO

For more information, please visit https://swimlane.com

Additionally, most of the functions have help associated with them e.g.:

PS> Get-Help Get-Attck
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].