Skip to content

mitre/caldera

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
24 branches 30 tags
Code

Latest commit

@dependabot
dependabot[bot] Bump aiohttp from 3.8.5 to 3.8.6 (#2846)
1c944c6 Nov 16, 2023
Bump aiohttp from 3.8.5 to 3.8.6 (#2846) 
Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.8.5 to 3.8.6.
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](aio-libs/aiohttp@v3.8.5...v3.8.6)

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1c944c6

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github
Clone recursively for docker build workflow
October 23, 2023 16:11
app
fix race condition error due to consecutive requests
October 20, 2023 11:07
conf
Fix golang in Dockerfile, update min Go version
October 5, 2023 13:34
data
moved atomic planner into main repo from stockpile
June 7, 2023 10:54
plugins
updating pins
November 2, 2023 01:54
static
add toggle for autoscrolling
June 19, 2023 10:27
templates
fix width
September 13, 2023 12:35
tests
fix operation tests
October 13, 2023 13:17
.coveragerc
Don't count abstractmethods in coverage reports
August 11, 2022 09:22
.dockerignore
Docker update (#1795)
July 22, 2020 11:33
.eslintrc.js
Fix linting errors
September 2, 2021 14:29
.flake8
Revamp unit testing infrastructure (#1401)
March 18, 2020 12:50
.gitignore
Displaying un-encoded commands when using obfuscation (#2614)
September 12, 2022 16:05
.gitmodules
updating pins
June 10, 2023 11:04
.pre-commit-config.yaml
Fix CI pipeline failures (#2703)
December 13, 2022 16:03
.readthedocs.yaml
Add ReadTheDocs config file
August 30, 2023 17:26
.stylelintrc.json
Add CSS linting, modify static CSS files to ensure they pass
June 21, 2021 15:58
CITATION.cff
Update CITATION.cff
November 1, 2023 22:36
CONTRIBUTING.md
Drop Python 3.6 support, add 3.9 to tests
September 27, 2021 14:54
Dockerfile
Fix golang in Dockerfile, update min Go version
October 5, 2023 13:34
LICENSE
major upgrade
April 26, 2019 15:34
README.md
Merge branch 'master' into clenk/fix-dockerfile-golang
October 6, 2023 10:43
SECURITY.md
Updated VDP and README
November 15, 2022 10:48
docker-compose.yml
Removing fresh and insecure flags from compose yml
March 21, 2022 08:31
package-lock.json
Update JS dependencies (#2825)
October 3, 2023 10:04
package.json
Update JS dependencies (#2825)
October 3, 2023 10:04
requirements-dev.txt
upgrade aioftp and aiohttp versions
January 25, 2022 10:21
requirements.txt
Bump aiohttp from 3.8.5 to 3.8.6 (#2846)
November 16, 2023 17:04
server.py
Add system ready event
November 23, 2022 16:05
sonar-project.properties
Drop Python 3.7 support
July 25, 2023 23:05
tox.ini
Drop Python 3.7 support
July 25, 2023 23:05
MITRE Caldera™ Resources and Socials Plugins Default More Requirements Installation Docker Deployment Contributing Vulnerability Disclosures Licensing Caldera Benefactor Program

README.md

Release Testing Status Security Status codecov Documentation Status

MITRE Caldera™

MITRE Caldera™ is a cyber security platform designed to easily automate adversary emulation, assist manual red-teams, and automate incident response.

It is built on the MITRE ATT&CK™ framework and is an active research project at MITRE.

The framework consists of two components:

  1. The core system. This is the framework code, consisting of what is available in this repository. Included is an asynchronous command-and-control (C2) server with a REST API and a web interface.
  2. Plugins. These repositories expand the core framework capabilities and providing additional functionality. Examples include agents, reporting, collections of TTPs and more.

Resources and Socials

Plugins

:star: Create your own plugin! Plugin generator: Skeleton

Default

These plugins are supported and maintained by the Caldera team.

  • Access (red team initial access tools and techniques)
  • Atomic (Atomic Red Team project TTPs)
  • Builder (dynamically compile payloads)
  • Caldera for OT (ICS/OT capabilities for Caldera)
  • Compass (ATT&CK visualizations)
  • Debrief (operations insights)
  • Emu (CTID emulation plans)
  • Fieldmanual (documentation)
  • GameBoard (visualize joint red and blue operations)
  • Human (create simulated noise on an endpoint)
  • Manx (shell functionality and reverse shell payloads)
  • Response (incident response)
  • Sandcat (default agent)
  • SSL (enable https for caldera)
  • Stockpile (technique and profile storehouse)
  • Training (certification and training course)

More

These plugins are ready to use but are not included by default and are not maintained by the Caldera team.

  • Arsenal (MITRE ATLAS techniques and profiles)
  • CalTack (embedded ATT&CK website)
  • Pathfinder (vulnerability scanning)
  • SAML (SAML authentication)

Requirements

These requirements are for the computer running the core framework:

  • Any Linux or MacOS
  • Python 3.8+ (with Pip3)
  • Recommended hardware to run on is 8GB+ RAM and 2+ CPUs
  • Recommended: GoLang 1.17+ to dynamically compile GoLang-based agents.

Installation

Concise installation steps:

git clone https://github.com/mitre/caldera.git --recursive
cd caldera
pip3 install -r requirements.txt
python3 server.py --insecure

Full steps: Start by cloning this repository recursively, passing the desired version/release in x.x.x format. This will pull in all available plugins.

git clone https://github.com/mitre/caldera.git --recursive --branch x.x.x

Next, install the PIP requirements:

pip3 install -r requirements.txt

Super-power your Caldera server installation! Install GoLang (1.19+)

Finally, start the server.

python3 server.py --insecure

Once started, log into http://localhost:8888 using the default credentials red/admin. Then go into Plugins -> Training and complete the capture-the-flag style training course to learn how to use Caldera.

Docker Deployment

To build a Caldera docker image, ensure you have docker installed and perform the following actions:

# Recursively clone the Caldera repository if you have not done so
git clone https://github.com/mitre/caldera.git --recursive

# Build the docker image. Change image tagging as desired.
# WIN_BUILD is set to true to allow Caldera installation to compile windows-based agents.
# Alternatively, you can use the docker compose YML file via "docker-compose build"
cd caldera
docker build . --build-arg WIN_BUILD=true -t caldera:latest

# Run the image. Change port forwarding configuration as desired.
docker run -p 8888:8888 caldera:latest

To gracefully terminate your docker container, do the following:

# Find the container ID for your docker container running Caldera
docker ps

# Send interrupt signal, e.g. "docker kill --signal=SIGINT 5b9220dd9c0f"
docker kill --signal=SIGINT [container ID]

Contributing

Refer to our contributor documentation.

Vulnerability Disclosures

Refer to our vulnerability discolosure documentation for submitting bugs.

Licensing

To discuss licensing opportunities, please reach out to caldera@mitre.org or directly to MITRE's Technology Transfer Office.

Caldera Benefactor Program

If you are interested in partnering to support, sustain, and evolve Caldera™'s open source capabilities, please contact us at caldera@mitre.org.

About

Automated Adversary Emulation Platform

caldera.mitre.org

Topics

hacking cybersecurity mitre red-team security-automation security-testing mitre-attack adversary-emulation caldera mitre-corporation

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity

Stars

4.8k stars

Watchers

167 watching

Forks

970 forks
Report repository

Releases 30

4.2.0 Latest
Jun 19, 2023
+ 29 releases

Contributors 86

+ 72 contributors

Languages