This repo hosts the TTPForge tool created by Meta's Purple Team. It is intended to provide an interface to execute TTPs across various targets and mediums.
- Getting Started - User
- Getting Started - Developer
- Using the TTPForge Dev Container
- Code Standards
- Creating a new release
- TTPForge Building Blocks
Grab the latest release
- Download and install the gh cli tool:
-
Get latest TTPForge release:
# Download utility functions bashutils_url="https://raw.githubusercontent.com/l50/dotfiles/main/bashutils" # Define the local path of bashutils.sh bashutils_path="/tmp/bashutils" if [[ ! -f "${bashutils_path}" ]]; then # bashutils.sh doesn't exist locally, so download it curl -s "${bashutils_url}" -o "${bashutils_path}" fi # Source bashutils # shellcheck source=/dev/null source "${bashutils_path}" fetchFromGithub "facebookincubator" "TTPForge" "v1.0.1" ttpforge $GITHUB_TOKEN
At this point, the latest
ttpforge
release should be in~/.local/bin/ttpforge
and subsequently, the$USER
's$PATH
. -
Initialize TTPForge configuration
This command will place a configuration file at the default location
~/.ttpforge/config.yaml
and download the ForgeArmory TTPs repository:ttpforge init
-
List available TTP repositories (should show
forgearmory
)ttpforge list repos
-
List available TTPs that you can run:
ttpforge list ttps
-
Examine an example TTP:
ttpforge show ttp forgearmory//examples/args/define-args.yaml
-
Run the specified example:
ttpforge run \ forgearmory//examples/args/define-args.yaml \ --arg a_message="hello" \ --arg a_number=1337