Skip to content
Python Script to access ATT&CK content available in STIX via a public TAXII server
Jupyter Notebook Python Shell Dockerfile
Branch: master
Clone or download
Cyb3rWard0g Updating 0.3.1
Latest commit 58df4ff Dec 23, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
attackcti Small simplification of the code. Dec 23, 2019
export_examples Updating 0.3.1 Dec 23, 2019
notebooks Create techniques_by_datasources.ipynb Nov 15, 2019
resources/images Updated Library 1.3.4 - 06142018 Jun 15, 2018
.gitignore HELK CTI 06142018 Jun 14, 2018
Dockerfile Updating 0.3.1 Dec 23, 2019
LICENSE Initial commit May 26, 2018
setup.cfg 05302018-0.1.0 May 30, 2018 Updating 0.3.1 Dec 23, 2019

ATT&CK Python Client


A Python module to access up to date ATT&CK content available in STIX via public TAXII server. This project leverages the python classes and functions of the cti-python-stix2 and cti-taxii-client libraries developed by MITRE.


  • Provide an easy way to access and interact with up to date ATT&CK content available in STIX via public TAXII server
  • Allow security analysts to quickly explore ATT&CK content and apply it in their daily operations
  • Allow the integration of ATT&Ck content with other platforms to host up to date information from the framework
  • Help security analysts during the transition from the ATT&CK MediaWiki API to the STIX/TAXII 2.0 API
  • Learn STIX2 and TAXII Client Python libraries

Current Status: Beta

The project is currently in a beta stage, which means that the code and the functionality is changing, but the current main functions are stabilising. I would love to get your feedback to make it a better project.


Getting Started

Attackcti Docs


Python 3+


You can install it via PIP:

pip install attackcti

Or you can also do the following:

git clone
cd ATTACK-Python-Client
pip install .




  • Revokation logic to update Groups Objects
  • Integration with HELK
You can’t perform that action at this time.