Skip to main content

AttackMate is an attack orchestration tool that executes full attack-chains based on playbooks.

Project description

AttackMate Logo

AttackMate is a tool to automate cyber attack scenarios that supports scripting of attack techniques across all phases of the Cyber Kill Chain. AttackMate's design principles aim to integrate with penetration testing and attack emulation frameworks such as Metasploit and Sliver Framework and enables simple execution of commands via shell or ssh. For example, AttackMate enables to execute Metasploit modules or generate payloads and run commands in Metasploit sessions. Moreover, it is able to generate Sliver implants, automatize Sliver to send C2 commands, and configure and compile LD_PRELOAD-rootkits. AttackMate also offers a simple interface to automate shell or ssh interaction, run commands in background mode, transfer files via sftp, and start http clients or servers. All attack steps may be scheduled, chained, and repeatedly executed using a simple configuration file that supports variable declarations and conditional workflows.

AttackMate Schema

Requirements

  • python >= 3.12
  • libmagic

Installation

Manually:

$ git clone https://github.com/ait-aecid/attackmate.git
$ cd attackmate
$ pip3 install .

Using pip:

$ pip3 install attackmate

Using uv:

$ git clone https://github.com/ait-aecid/attackmate.git
$ cd attackmate
$ uv sync

Execute

With pip:

$ attackmate playbook.yml

With uv:

$ uv run attackmate playbook.yml

AttackMate Demo

Documentation

Please take a look at our documentation on how to install and use attackmate:

Publications

Contribution

We're happily taking patches and other contributions. Please see the following links on how to get started:

Disclaimer

AttackMate is purely for educational and academic purposes. The software is provided "as is" and the authors are not responsible for any damage or mishaps that may occur during its use.

Do not attempt to use AttackMate to violate the law. Misuse of the provided software and information may result in criminal charges.

Security

AttackMate should only be executed against systems you own or have explicit permission to test. For this reason, all software bugs are treated with equal priority, regardless of whether they have security implications.

*Please note that AttackMate could easily be executed in a dangerous way. For example, by parsing the RESULT_STDOUT of a malicious server. The server response could lead to a command injection. Keep that in mind and always treat external input with caution!

License

GPL-3.0

Financial Support

Funded by the European Union under GA no. 101121403 (NEWSROOM) and GA no. 101103385 (AInception). Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Commission. Neither the European Union nor the granting authority can be held responsible for them. Further supported by the Horizon Europe project MIRANDA (101168144). Co-funded by the Austrian security research programme KIRAS of the Federal Ministry of Finance (BMF) in course of the projects ASOC (FO999905301) and Testcat (FO999911248).

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

attackmate-1.0.2.tar.gz (79.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

attackmate-1.0.2-py3-none-any.whl (102.6 kB view details)

Uploaded Python 3

File details

Details for the file attackmate-1.0.2.tar.gz.

File metadata

  • Download URL: attackmate-1.0.2.tar.gz
  • Upload date:
  • Size: 79.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for attackmate-1.0.2.tar.gz
Algorithm Hash digest
SHA256 8e5695606dc958bd35e0b87d65af85ea70eff087ee359ed3a3604c124258d4a6
MD5 156ae51f794c2af6555ad6362b17b2fb
BLAKE2b-256 c79d058fe729042fbd768f04a6dc5931a1ebb18098d7ad81b95c504cd63412e5

See more details on using hashes here.

Provenance

The following attestation bundles were made for attackmate-1.0.2.tar.gz:

Publisher: python-publish.yml on ait-testbed/attackmate

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file attackmate-1.0.2-py3-none-any.whl.

File metadata

  • Download URL: attackmate-1.0.2-py3-none-any.whl
  • Upload date:
  • Size: 102.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for attackmate-1.0.2-py3-none-any.whl
Algorithm Hash digest
SHA256 1a5e7b742fe10ae16f527cc3e156fd0f03d5e274145905cf3507a9f11ebf9602
MD5 7b7cbf5bb5ad489900a87201d789cd8b
BLAKE2b-256 20abde4f71b95c903beaa54dc27028a384a55860c857d9055361cc1e1af5a981

See more details on using hashes here.

Provenance

The following attestation bundles were made for attackmate-1.0.2-py3-none-any.whl:

Publisher: python-publish.yml on ait-testbed/attackmate

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page