A Python package to interact with the Mitre ATT&CK Framework

Project description

pyattck

.______   ____    ____  ___   .___________.___________.  ______  __  ___ 
|   _  \  \   \  /   / /   \  |           |           | /      ||  |/  / 
|  |_)  |  \   \/   / /  ^  \ `---|  |----`---|  |----`|  ,----'|  '  /  
|   ___/    \_    _/ /  /_\  \    |  |        |  |     |  |     |    <   
|  |          |  |  /  _____  \   |  |        |  |     |  `----.|  .  \  
| _|          |__| /__/     \__\  |__|        |__|      \______||__|\__\

A Python Module to interact with the Mitre ATT&CK Framework

pyattck has the following notable features in it's current release:

Retrieve all Tactics, Techniques, Actors, Malware, Tools, and Mitigations
All techniques have suggested mitigations as a property
For each class you can access additional information about related data points:
Actors
- Tools used by the Actor or Group
- Malware used by the Actor or Group
- Techniques this Actor or Group uses
Malwares
- Actor or Group(s) using this malware
- Techniques this malware is used with
Mitigations
- Techniques related to a specific set of mitigation suggestions
Tactics
- Techniques found in a specific Tactic (phase)
Techniques
- Tactics a technique is found in
- Mitigation suggestions for a given technique
- Actor or Group(s) identified as using this technique
Tools
- Techniques that the specified tool is used within
- Actor or Group(s) using a specified tool

Installation

OS X & Linux:

pip install pyattck

Windows:

pip install pyattck

Usage example

To use pyattck you must instantiate a Attck object:

from pyattck import Attck

attack = Attck()

You can access the following properties on your Attck object:

actor
malware
mitigation
tactic
technique
tools

Below are examples of accessing each of these properties:

from pyattck import Attck

attack = Attck()

# accessing actors
for actor in attack.actors:
    print(actor)

    # accessing malware used by an actor or group
    for malware in actor.malwares:
        print(malware)

    # accessing tools used by an actor or group
    for tool in actor.tools:
        print(tool)

    # accessing techniques used by an actor or group
    for technique in actor.techniques:
        print(technique)

# accessing malware
for malware in attack.malwares:
    print(malware)

    # accessing actor or groups using this malware
    for actor in malware.actors:
        print(actor)

    # accessing techniques that this malware is used in
    for technique in malware.techniques:
        print(technique)

# accessing mitigation
for mitigation in attack.mitigations:
    print(mitigation)

    # accessing techniques related to mitigation recommendations
    for technique in mitigation.techniques:
        print(technique)

# accessing tactics
for tactic in attack.tactics:
    print(tactic)

    # accessing techniques related to this tactic
    for technique in tactic.techniques:
        print(technique)

# accessing techniques
for technique in attack.techniques:
    print(technique)

    # accessing tactics that this technique belongs to
    for tactic in technique.tactics:
        print(tactic)

    # accessing mitigation recommendations for this technique
    for mitigation in technique.mitigations:
        print(mitigation)

    # accessing actors using this technique
    for actor in technique.actors:
        print(actor)


# accessing tools
for tool in attack.tools:
    print(tool)

    # accessing techniques this tool is used in
    for technique in tool.techniques:
        print(technique)

    # accessing actor or groups using this tool
    for actor in tool.actors:
        print(actor)

Release History

1.0.0
- Initial release of pyattck to PyPi
1.0.1
- Updating Documentation with new reference links
1.0.2
- Updated Documentation
1.0.3
- Fixed issue with appending techniques correctly

Contributing

Fork it (https://github.com/swimlane/pyattck/fork)
Create your feature branch (git checkout -b feature/fooBar)
Commit your changes (git commit -am 'Add some fooBar')
Push to the branch (git push origin feature/fooBar)
Create a new Pull Request

Project details

Release history Release notifications | RSS feed

2.1.3

Dec 14, 2020

2.1.2

Nov 3, 2020

2.1.1

Nov 2, 2020

2.1.0

Sep 1, 2020

2.0.5

May 20, 2020

2.0.4

May 15, 2020

2.0.3

May 15, 2020

2.0.2

May 14, 2020

2.0.1

May 6, 2020

2.0.0

May 4, 2020

1.0.4

Sep 13, 2019

This version

1.0.3

Aug 12, 2019

1.0.2

May 30, 2019

1.0.1

May 22, 2019

1.0.0

May 17, 2019

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for pyattck, version 1.0.3
Filename, size	File type	Python version	Upload date	Hashes
Filename, size pyattck-1.0.3-py2-none-any.whl (11.6 kB)	File type Wheel	Python version py2	Upload date Aug 12, 2019	Hashes View
Filename, size pyattck-1.0.3-py3-none-any.whl (11.6 kB)	File type Wheel	Python version py3	Upload date Aug 12, 2019	Hashes View
Filename, size pyattck-1.0.3.tar.gz (8.8 kB)	File type Source	Python version None	Upload date Aug 12, 2019	Hashes View

Hashes for pyattck-1.0.3-py2-none-any.whl

Hashes for pyattck-1.0.3-py2-none-any.whl
Algorithm	Hash digest
SHA256	`f969f24845f726580ed08bb84466fd3c26fb9be7ebdcb9c76458b40120f9fd78`
MD5	`f29ff275308a09f1510722398ab27b12`
BLAKE2-256	`51c58cd8b8e3b7ceafef00071f82705b104861584df5574098c808e751e51181`

Hashes for pyattck-1.0.3-py3-none-any.whl

Hashes for pyattck-1.0.3-py3-none-any.whl
Algorithm	Hash digest
SHA256	`6d3559af4cdabf27613016c0f359b630fc7a1b76a832eb877f30e354a65fc7f2`
MD5	`d5c2cdd6a184272a036cba2913be7016`
BLAKE2-256	`49c12e794836047ba8c7adf28350fdd2e601b65334f61d4c91a340ad69fa7311`

Hashes for pyattck-1.0.3.tar.gz

Hashes for pyattck-1.0.3.tar.gz
Algorithm	Hash digest
SHA256	`43fb39d23e4e77f189fb154b8b580ebe9b92df4f92bcfacad74f9323c4f82c54`
MD5	`f9470c6310888ca7956ef504409bc1b9`
BLAKE2-256	`484f206479a6406264c61bd103caa98bdfce11e04601ef1dafc8f6737936ec02`