Skip to content

BaymaxPop23/attackmapper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
assets
assets
 
 
attackmapper
attackmapper
 
 
tests
tests
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation


AttackMapper
AttackMapper

Attack Path Visualization & Threat Intelligence Platform

Python 3.9+ MITRE ATT&CK License: MIT Threat Intel

FeaturesInstallationUsageThreat IntelContributing

AttackMapper Dashboard

Overview

AttackMapper is a CLI tool for red team operations that generates attack paths, maps techniques to the MITRE ATT&CK framework, and integrates real-time threat intelligence. Generate interactive HTML reports with attack flow visualizations.

Features

Feature Description
Attack Path Mapping Visualize complete kill chains from reconnaissance to impact
MITRE ATT&CK Integration Techniques mapped to official ATT&CK framework
Live Threat Intel Real-time CVEs, threat actors, and trending TTPs
Multi-Infrastructure AD, AWS, Azure, GCP, and Network attack paths
Interactive Reports Modern HTML dashboards with filtering and search

Supported Infrastructure

┌─────────────────┬─────────────────────────────────────────┐
│ Active Directory│ Kerberos, ADCS, GPO, DCSync, Golden Ticket│
│ AWS             │ IAM, S3, Lambda, EC2 privilege escalation │
│ Azure           │ Entra ID, Key Vault, Managed Identities   │
│ GCP             │ IAM, Cloud Functions, Service Accounts    │
│ Network         │ Traditional network attack vectors        │
└─────────────────┴─────────────────────────────────────────┘

Installation

# Clone the repository
git clone https://github.com/Sai-Jagadeesh/attackmapper.git
cd attackmapper

# Install
pip install -e .

# Verify
attackmapper --help

Usage

Generate Attack Paths

# Active Directory
attackmapper ad

# Cloud Infrastructure
attackmapper aws
attackmapper azure
attackmapper gcp

# Network
attackmapper network

Generate HTML Reports

# Full attack chain report
attackmapper full-chain --infra ad --output report.html --format html

# Filter by attack phase
attackmapper ad --category credential_access

Threat Intelligence

# Update threat feeds
attackmapper update-intel

# View threat intel
attackmapper threat-intel --infra ad

Threat Intelligence

AttackMapper integrates live threat intelligence from multiple sources:

Source Data
CISA KEV Known Exploited Vulnerabilities
AlienVault OTX Open Threat Exchange feeds
CVE Database Real-time vulnerability tracking

Configuration

cp .env.example .env
# AlienVault OTX API Key (free at otx.alienvault.com)
OTX_API_KEY=your_api_key_here

Commands

Command Description
attackmapper ad Active Directory attack paths
attackmapper aws AWS cloud attack paths
attackmapper azure Azure cloud attack paths
attackmapper gcp GCP cloud attack paths
attackmapper network Network attack paths
attackmapper full-chain Generate complete attack chain
attackmapper threat-intel View threat intelligence
attackmapper update-intel Update threat intel feeds

Contributing

# Fork and clone
git checkout -b feature/your-feature
git commit -m 'Add feature'
git push origin feature/your-feature
# Open a Pull Request

License

MIT License

Disclaimer

Warning This tool is intended for authorized security testing and red team engagements only. Always obtain proper authorization before scanning any systems you do not own. The authors are not responsible for misuse of this tool.

Built for Red Team Operations

About

attackmapper

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages