Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?


Failed to load latest commit information.
Latest commit message
Commit time
December 13, 2022 16:03
December 19, 2022 20:45
September 15, 2022 09:05
December 13, 2022 16:21
July 22, 2020 11:33
September 2, 2021 14:29
February 15, 2021 12:32
January 28, 2023 10:11
May 23, 2022 12:19
April 26, 2019 15:34
November 15, 2022 10:48
November 15, 2022 10:48
November 23, 2022 16:05
December 13, 2022 16:03

Release Testing Status Security Status codecov Documentation Status


CALDERA™ is a cyber security platform designed to easily automate adversary emulation, assist manual red-teams, and automate incident response.

It is built on the MITRE ATT&CK™ framework and is an active research project at MITRE.

The framework consists of two components:

  1. The core system. This is the framework code, consisting of what is available in this repository. Included is an asynchronous command-and-control (C2) server with a REST API and a web interface.
  2. Plugins. These repositories expand the core framework capabilities and providing additional functionality. Examples include agents, reporting, collections of TTPs and more.

Resources and Socials


Create your own plugin! Plugin generator: Skeleton


  • Access (red team initial access tools and techniques)
  • Atomic (Atomic Red Team project TTPs)
  • Builder (dynamically compile payloads)
  • Compass (ATT&CK visualizations)
  • Debrief (operations insights)
  • Emu (CTID emulation plans)
  • Fieldmanual (documentation)
  • GameBoard (visualize joint red and blue operations)
  • Human (create simulated noise on an endpoint)
  • Manx (shell functionality and reverse shell payloads)
  • Mock (simulate agents in operations)
  • Response (incident response)
  • Sandcat (default agent)
  • SSL (enable https for caldera)
  • Stockpile (technique and profile storehouse)
  • Training (certification and training course)


These plugins are ready to use but are not included by default:


These requirements are for the computer running the core framework:

  • Any Linux or MacOS
  • Python 3.7+ (with Pip3)
  • Recommended hardware to run on is 8GB+ RAM and 2+ CPUs
  • Recommended: GoLang 1.17+ to dynamically compile GoLang-based agents.


Concise installation steps:

git clone --recursive
cd caldera
pip3 install -r requirements.txt
python3 --insecure

Full steps: Start by cloning this repository recursively, passing the desired version/release in x.x.x format. This will pull in all available plugins.

git clone --recursive --branch x.x.x

Next, install the PIP requirements:

pip3 install -r requirements.txt

Super-power your CALDERA server installation! Install GoLang (1.17+)

Finally, start the server.

python3 --insecure

Once started, log into http://localhost:8888 using the default credentials red/admin. Then go into Plugins -> Training and complete the capture-the-flag style training course to learn how to use CALDERA.

Docker Deployment

To build a CALDERA docker image, ensure you have docker installed and perform the following actions:

# Recursively clone the CALDERA repository if you have not done so
git clone --recursive

# Build the docker image. Change image tagging as desired.
# WIN_BUILD is set to true to allow CALDERA installation to compile windows-based agents.
# Alternatively, you can use the docker compose YML file via "docker-compose build"
cd caldera
docker build . --build-arg WIN_BUILD=true -t caldera:latest

# Run the image. Change port forwarding configuration as desired.
docker run -p 8888:8888 caldera:latest

To gracefully terminate your docker container, do the following:

# Find the container ID for your docker container running CALDERA
docker ps

# Send interrupt signal, e.g. "docker kill --signal=SIGINT 5b9220dd9c0f"
docker kill --signal=SIGINT [container ID]


Refer to our contributor documentation.

Vulnerability Disclosures

Refer to our vulnerability discolosure documentation for submitting bugs.


In addition to CALDERA™'s open source capabilities, MITRE maintains several in-house CALDERA™ plugins that offer more advanced functionality. For more information, or to discuss licensing opportunities, please reach out to or directly to MITRE's Technology Transfer Office.

Philanthropic Support

If you are interested in providing philanthropic support to sustain and evolve CALDERA™'s open source capabilities, please contact us at