[](https://pepy.tech/project/enterpriseattack)
[](https://badge.fury.io/py/enterpriseattack)
[](https://opensource.org/licenses/MIT)
[](https://pypi.org/project/enterpriseattack/)
[](https://travis-ci.com/xakepnz/enterpriseattack)
## enterpriseattack - MITRE's Enterprise Att&ck
A lightweight Python module to interact with the [MITRE ATT&CK](https://attack.mitre.org/) Enterprise dataset. Built to be used in production applications due to it's speed and minimal depedancies. [Read the docs](https://github.com/xakepnz/enterpriseattack/tree/main/docs) for more info.
## MITRE Att&ck
MITRE ATT&CKĀ® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
### Dependancies
* Python 3.x
* ujson >= 3.0.0
* requests >= 2.9.2
## Installation
### Install via Pip:
```sh
pip3 install enterpriseattack
```
### Alternatively clone the repository:
```sh
git clone https://github.com/xakepnz/enterpriseattack.git
cd enterpriseattack
python3 setup.py install
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Docker:
### Build the docker image:
```sh
docker build enterpriseattack:0.1.8 .
docker tag enterpriseattack:0.1.8 enterpriseattack:latest
```
### Run the benchmarks on the container:
```sh
docker run enterpriseattack
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Usage
### Initialise an Attack object:
```py
import enterpriseattack
attack = enterpriseattack.Attack()
```
### Example Subscriptable objects:
Access any object directly from the Attack class, rather than iterating to find specific objects.
```py
attack = enterpriseattack.Attack(subscriptable=True)
wizard_spider = attack.groups.get('Wizard Spider')
print(len(wizard_spider.tactics))
execution = attack.tactics.get('Execution')
print(len(execution.techniques))
```
### Example: Passing custom args:
In this example, you can choose where to download the official Mitre Att&ck json from, including proxies to pass through. Alternatively, if you want to save the json file in a separate location, you can alter the enterprise_json arg. By default this is saved within your default site-packages location.
* `enterprise_json` - (optional) location of enterprise json file, (saved automatically in pip location)
* `url` - (optional) location of enterprise json file to download from.
* `update` - (optional) boolean forces a refresh download (each time this is called), overwriting the previous file.
* `include_deprecated` - (optional) boolean to include MITRE ATT&CK deprecated objects (from previous Att&ck versions).
* `mitre_version` - (optional) specify a MITRE ATT&CK data version.
* `proxies` - (optional) dict of proxies to pass through to reach the MITRE GitHub for the enterprise-attack.json.
```py
attack = enterpriseattack.Attack(
enterprise_json=None,
url='https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json',
include_deprecated=False,
update=False,
subscriptable=True,
mitre_version='latest',
proxies={'http':'http://127.0.0.1:1337'}
)
```
### Example: Force Download/use an older MITRE ATT&CK data set:
```py
attack = enterpriseattack.Attack(
mitre_version='11.3',
update=True
)
print(attack.mitre_version)
```
### Example: Iterate over tactics/techniques/sub_techniques:
```py
attack = enterpriseattack.Attack()
for tactic in attack.tactics:
print(tactic.name)
for technique in tactic.techniques:
print(technique.name)
print(technique.detection)
for software in attack.software:
for technique in software.techniques:
for sub_technique in technique.sub_techniques:
print(software.name, technique.name, sub_technique.name)
```
### Example: Create a json object of any tactic/technique/sub_technique/group/software/datasource:
```py
attack = enterpriseattack.Attack()
for tactic in attack.tactics:
print(tactic.to_json())
for group in attack.groups:
print(group.to_json())
...
```
For more examples, please refer to the [Documentation](https://github.com/xakepnz/enterpriseattack/tree/main/docs)
<p align="right">(<a href="#top">back to top</a>)</p>
Raw data
{
"_id": null,
"home_page": "https://github.com/xakepnz/enterpriseattack",
"name": "enterpriseattack",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "mitre att&ck,att&ck enterprise,enterpriseattack,mitre framework,att&ck",
"author": "xakepnz",
"author_email": "xakepnz@protonmail.com",
"download_url": "https://files.pythonhosted.org/packages/9c/3b/88479ddc33d59029e5fa565d9dffdf9888b6a36f361d753863d46891d40d/enterpriseattack-0.1.8.tar.gz",
"platform": null,
"description": "[](https://pepy.tech/project/enterpriseattack)\n[](https://badge.fury.io/py/enterpriseattack)\n[](https://opensource.org/licenses/MIT)\n[](https://pypi.org/project/enterpriseattack/)\n[](https://travis-ci.com/xakepnz/enterpriseattack)\n\n## enterpriseattack - MITRE's Enterprise Att&ck\n\nA lightweight Python module to interact with the [MITRE ATT&CK](https://attack.mitre.org/) Enterprise dataset. Built to be used in production applications due to it's speed and minimal depedancies. [Read the docs](https://github.com/xakepnz/enterpriseattack/tree/main/docs) for more info.\n\n## MITRE Att&ck\n\nMITRE ATT&CK\u00ae is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.\n\n### Dependancies\n\n* Python 3.x\n* ujson >= 3.0.0\n* requests >= 2.9.2\n\n## Installation\n\n### Install via Pip:\n ```sh\n pip3 install enterpriseattack\n ```\n\n### Alternatively clone the repository:\n ```sh\n git clone https://github.com/xakepnz/enterpriseattack.git\n cd enterpriseattack\n python3 setup.py install\n ```\n\n<p align=\"right\">(<a href=\"#top\">back to top</a>)</p>\n\n## Docker:\n\n### Build the docker image:\n\n```sh\ndocker build enterpriseattack:0.1.8 .\ndocker tag enterpriseattack:0.1.8 enterpriseattack:latest\n```\n\n### Run the benchmarks on the container:\n```sh\ndocker run enterpriseattack\n```\n\n<p align=\"right\">(<a href=\"#top\">back to top</a>)</p>\n\n## Usage\n\n### Initialise an Attack object:\n```py\nimport enterpriseattack\n\nattack = enterpriseattack.Attack()\n```\n\n### Example Subscriptable objects:\nAccess any object directly from the Attack class, rather than iterating to find specific objects.\n\n```py\nattack = enterpriseattack.Attack(subscriptable=True)\n\nwizard_spider = attack.groups.get('Wizard Spider')\nprint(len(wizard_spider.tactics))\n\nexecution = attack.tactics.get('Execution')\nprint(len(execution.techniques))\n```\n\n### Example: Passing custom args:\nIn this example, you can choose where to download the official Mitre Att&ck json from, including proxies to pass through. Alternatively, if you want to save the json file in a separate location, you can alter the enterprise_json arg. By default this is saved within your default site-packages location.\n\n* `enterprise_json` - (optional) location of enterprise json file, (saved automatically in pip location)\n* `url` - (optional) location of enterprise json file to download from.\n* `update` - (optional) boolean forces a refresh download (each time this is called), overwriting the previous file.\n* `include_deprecated` - (optional) boolean to include MITRE ATT&CK deprecated objects (from previous Att&ck versions).\n* `mitre_version` - (optional) specify a MITRE ATT&CK data version.\n* `proxies` - (optional) dict of proxies to pass through to reach the MITRE GitHub for the enterprise-attack.json.\n\n```py\nattack = enterpriseattack.Attack(\n enterprise_json=None,\n url='https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json',\n include_deprecated=False,\n update=False,\n subscriptable=True,\n mitre_version='latest',\n proxies={'http':'http://127.0.0.1:1337'}\n)\n```\n\n### Example: Force Download/use an older MITRE ATT&CK data set:\n```py\nattack = enterpriseattack.Attack(\n mitre_version='11.3',\n update=True\n)\n\nprint(attack.mitre_version)\n```\n\n### Example: Iterate over tactics/techniques/sub_techniques:\n```py\nattack = enterpriseattack.Attack()\n\nfor tactic in attack.tactics:\n print(tactic.name)\n for technique in tactic.techniques:\n print(technique.name)\n print(technique.detection)\n\nfor software in attack.software:\n for technique in software.techniques:\n for sub_technique in technique.sub_techniques:\n print(software.name, technique.name, sub_technique.name)\n```\n\n### Example: Create a json object of any tactic/technique/sub_technique/group/software/datasource:\n```py\nattack = enterpriseattack.Attack()\n\nfor tactic in attack.tactics:\n print(tactic.to_json())\n\nfor group in attack.groups:\n print(group.to_json())\n\n...\n```\n\nFor more examples, please refer to the [Documentation](https://github.com/xakepnz/enterpriseattack/tree/main/docs)\n\n<p align=\"right\">(<a href=\"#top\">back to top</a>)</p>\n",
"bugtrack_url": null,
"license": "",
"summary": "A lightweight Python module to interact with the Mitre Att&ck Enterprise framework.",
"version": "0.1.8",
"split_keywords": [
"mitre att&ck",
"att&ck enterprise",
"enterpriseattack",
"mitre framework",
"att&ck"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "04b6f300d4faab57fa30cd3959171694551e7bbd435d52b2d690f33bc94f735b",
"md5": "f83c8a5199f5abb5818fbb25fc0dd734",
"sha256": "aaa4b0472e943014a3f13a06ef969deb81f3320c8417e2aad532e9c1f10b0c2d"
},
"downloads": -1,
"filename": "enterpriseattack-0.1.8-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "f83c8a5199f5abb5818fbb25fc0dd734",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 20529,
"upload_time": "2023-01-12T04:07:01",
"upload_time_iso_8601": "2023-01-12T04:07:01.449751Z",
"url": "https://files.pythonhosted.org/packages/04/b6/f300d4faab57fa30cd3959171694551e7bbd435d52b2d690f33bc94f735b/enterpriseattack-0.1.8-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "839512d59db36cfcb69e6105c09e337626274af801c4b7ea41ad81de5895bfc0",
"md5": "779a80cd8f26b571c4f581022a869811",
"sha256": "2f380eff10a818e94183e33b910625617ee6153b8bcfbc5ab5a89c3a88e02f8f"
},
"downloads": -1,
"filename": "enterpriseattack-0.1.8-py3.10.egg",
"has_sig": false,
"md5_digest": "779a80cd8f26b571c4f581022a869811",
"packagetype": "bdist_egg",
"python_version": "0.1.8",
"requires_python": null,
"size": 42463,
"upload_time": "2023-01-12T04:07:03",
"upload_time_iso_8601": "2023-01-12T04:07:03.643158Z",
"url": "https://files.pythonhosted.org/packages/83/95/12d59db36cfcb69e6105c09e337626274af801c4b7ea41ad81de5895bfc0/enterpriseattack-0.1.8-py3.10.egg",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "9c3b88479ddc33d59029e5fa565d9dffdf9888b6a36f361d753863d46891d40d",
"md5": "6710e14f198f5bd4641d56ab2b06134a",
"sha256": "bc43ede88e517b4f4a1cfb2dbb9a86e231bb44b03d7bcff0bc99baca03e0e4fa"
},
"downloads": -1,
"filename": "enterpriseattack-0.1.8.tar.gz",
"has_sig": false,
"md5_digest": "6710e14f198f5bd4641d56ab2b06134a",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 13316,
"upload_time": "2023-01-12T04:07:05",
"upload_time_iso_8601": "2023-01-12T04:07:05.215127Z",
"url": "https://files.pythonhosted.org/packages/9c/3b/88479ddc33d59029e5fa565d9dffdf9888b6a36f361d753863d46891d40d/enterpriseattack-0.1.8.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-01-12 04:07:05",
"github": true,
"gitlab": false,
"bitbucket": false,
"github_user": "xakepnz",
"github_project": "enterpriseattack",
"travis_ci": true,
"coveralls": false,
"github_actions": false,
"requirements": [],
"lcname": "enterpriseattack"
}
JSON
