TTPForge
TTPForge is a cyber attack simulation platform. This project promotes a Purple Team approach to cybersecurity with the following goals:
- To help blue teams accurately measure their detection and response capabilities through high-fidelity simulations of real attacker activity.
- To help red teams improve the ROI/actionability of their findings by packaging their attacks as automated, repeatable simulations.
TTPForge allows you to automate attacker tactics, techniques, and procedures (TTPs) using a powerful but easy-to-use YAML format. Check out the links below to learn more!
Table of Contents
- Installation
- Documentation
- Getting Started - Developer
- Go Package Documentation
- Creating a new release
Installation
-
Get latest TTPForge release:
bashutils_url="https://raw.githubusercontent.com/l50/dotfiles/main/bashutils" bashutils_path="/tmp/bashutils" if [[ ! -f "${bashutils_path}" ]]; then curl -s "${bashutils_url}" -o "${bashutils_path}" fi source "${bashutils_path}" fetchFromGithub "facebookincubator" "TTPForge" "latest" ttpforge
At this point, the latest
ttpforge
release should be in$HOME/.local/bin/ttpforge
and subsequently, the$USER
's$PATH
.If running in a stripped down system, you can add TTPForge to your
$PATH
with the following command:export PATH=$HOME/.local/bin:$PATH
-
Initialize TTPForge configuration
This command will place a configuration file at the default location
~/.ttpforge/config.yaml
and configure theexamples
andforgearmory
TTP repositories:ttpforge init
-
List available TTP repositories (should show
examples
andforgearmory
)ttpforge list repos
The
examples
repository contains the TTPForge examples found in this repository. The ForgeArmory repository contains our arsenal of attacker TTPs powered by TTPForge. -
List available TTPs that you can run:
ttpforge list ttps
-
Examine an example TTP:
ttpforge show ttp examples//args/basic.yaml
-
Run the specified example:
ttpforge run examples//args/basic.yaml \ --arg str_to_print=hello \ --arg run_second_step=true