## enterpriseattack - MITRE's Enterprise ATT&CK®
A lightweight Python module to interact with the [MITRE ATT&CK](https://attack.mitre.org/) Enterprise dataset. Built to be used in production applications due to it's speed and minimal depedancies. [Read the docs](https://gitlab.com/xakepnz/enterpriseattack/tree/main/docs) for more info.
## MITRE ATT&CK®
MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
### Dependancies
* Python 3.x
* ujson >= 3.0.0
* requests >= 2.9.2
## Installation
### Install via Pip:
```sh
pip3 install enterpriseattack
```
### Alternatively clone the repository:
```sh
git clone https://gitlab.com/xakepnz/enterpriseattack.git
cd enterpriseattack
python3 setup.py install
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Docker:
### Build the docker image:
```sh
docker build enterpriseattack:0.1.8 .
docker tag enterpriseattack:0.1.8 enterpriseattack:latest
```
### Run the benchmarks on the container:
```sh
docker run enterpriseattack
```
<p align="right">(<a href="#top">back to top</a>)</p>
## Usage
### Initialise an Attack object:
```py
import enterpriseattack
attack = enterpriseattack.Attack()
```
### Example Subscriptable objects:
Access any object directly from the Attack class, rather than iterating to find specific objects.
```py
attack = enterpriseattack.Attack(subscriptable=True)
wizard_spider = attack.groups.get('Wizard Spider')
print(len(wizard_spider.tactics))
execution = attack.tactics.get('Execution')
print(len(execution.techniques))
```
### Example: Passing custom args:
In this example, you can choose where to download the official Mitre Att&ck json from, including proxies to pass through. Alternatively, if you want to save the json file in a separate location, you can alter the enterprise_json arg. By default this is saved within your default site-packages location.
* `enterprise_json` - (optional) location of enterprise json file, (saved automatically in pip location)
* `url` - (optional) location of enterprise json file to download from.
* `update` - (optional) boolean forces a refresh download (each time this is called), overwriting the previous file.
* `include_deprecated` - (optional) boolean to include MITRE ATT&CK deprecated objects (from previous Att&ck versions).
* `mitre_version` - (optional) specify a MITRE ATT&CK data version.
* `proxies` - (optional) dict of proxies to pass through to reach the MITRE GitHub for the enterprise-attack.json.
```py
attack = enterpriseattack.Attack(
enterprise_json=None,
url='https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json',
include_deprecated=False,
update=False,
subscriptable=True,
mitre_version='latest',
proxies={'http':'http://127.0.0.1:1337'}
)
```
### Example: Force Download/use an older MITRE ATT&CK data set:
```py
attack = enterpriseattack.Attack(
mitre_version='11.3',
update=True
)
print(attack.mitre_version)
```
### Example: Iterate over tactics/techniques/sub_techniques:
```py
attack = enterpriseattack.Attack()
for tactic in attack.tactics:
print(tactic.name)
for technique in tactic.techniques:
print(technique.name)
print(technique.detection)
for software in attack.software:
for technique in software.techniques:
for sub_technique in technique.sub_techniques:
print(software.name, technique.name, sub_technique.name)
```
### Example: Create a json object of any tactic/technique/sub_technique/group/software/datasource:
```py
attack = enterpriseattack.Attack()
for tactic in attack.tactics:
print(tactic.to_json())
for group in attack.groups:
print(group.to_json())
...
```
For more examples, please refer to the [Documentation](https://gitlab.com/xakepnz/enterpriseattack/tree/main/docs)
<p align="right">(<a href="#top">back to top</a>)</p>
Raw data
{
"_id": null,
"home_page": "https://gitlab.com/xakepnz/enterpriseattack",
"name": "enterpriseattack",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.10",
"maintainer_email": null,
"keywords": "mitre att&ck, att&ck enterprise, enterpriseattack, mitre python, mitre att&ck python, mitre framework, att&ck",
"author": "xakepnz",
"author_email": "xakepnz <xakepnz@pm.me>",
"download_url": "https://files.pythonhosted.org/packages/02/8d/1ebb9df7eab22b52fc06a4a2a4b26d69a9b8f04c09db87077f546305a048/enterpriseattack-1.0.3.tar.gz",
"platform": null,
"description": "## enterpriseattack - MITRE's Enterprise ATT&CK\u00ae\n\nA lightweight Python module to interact with the [MITRE ATT&CK](https://attack.mitre.org/) Enterprise dataset. Built to be used in production applications due to it's speed and minimal depedancies. [Read the docs](https://gitlab.com/xakepnz/enterpriseattack/tree/main/docs) for more info.\n\n## MITRE ATT&CK\u00ae\n\nMITRE ATT&CK\u00ae is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.\n\n### Dependancies\n\n* Python 3.x\n* ujson >= 3.0.0\n* requests >= 2.9.2\n\n## Installation\n\n### Install via Pip:\n ```sh\n pip3 install enterpriseattack\n ```\n\n### Alternatively clone the repository:\n ```sh\n git clone https://gitlab.com/xakepnz/enterpriseattack.git\n cd enterpriseattack\n python3 setup.py install\n ```\n\n<p align=\"right\">(<a href=\"#top\">back to top</a>)</p>\n\n## Docker:\n\n### Build the docker image:\n\n```sh\ndocker build enterpriseattack:0.1.8 .\ndocker tag enterpriseattack:0.1.8 enterpriseattack:latest\n```\n\n### Run the benchmarks on the container:\n```sh\ndocker run enterpriseattack\n```\n\n<p align=\"right\">(<a href=\"#top\">back to top</a>)</p>\n\n## Usage\n\n### Initialise an Attack object:\n```py\nimport enterpriseattack\n\nattack = enterpriseattack.Attack()\n```\n\n### Example Subscriptable objects:\nAccess any object directly from the Attack class, rather than iterating to find specific objects.\n\n```py\nattack = enterpriseattack.Attack(subscriptable=True)\n\nwizard_spider = attack.groups.get('Wizard Spider')\nprint(len(wizard_spider.tactics))\n\nexecution = attack.tactics.get('Execution')\nprint(len(execution.techniques))\n```\n\n### Example: Passing custom args:\nIn this example, you can choose where to download the official Mitre Att&ck json from, including proxies to pass through. Alternatively, if you want to save the json file in a separate location, you can alter the enterprise_json arg. By default this is saved within your default site-packages location.\n\n* `enterprise_json` - (optional) location of enterprise json file, (saved automatically in pip location)\n* `url` - (optional) location of enterprise json file to download from.\n* `update` - (optional) boolean forces a refresh download (each time this is called), overwriting the previous file.\n* `include_deprecated` - (optional) boolean to include MITRE ATT&CK deprecated objects (from previous Att&ck versions).\n* `mitre_version` - (optional) specify a MITRE ATT&CK data version.\n* `proxies` - (optional) dict of proxies to pass through to reach the MITRE GitHub for the enterprise-attack.json.\n\n```py\nattack = enterpriseattack.Attack(\n enterprise_json=None,\n url='https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json',\n include_deprecated=False,\n update=False,\n subscriptable=True,\n mitre_version='latest',\n proxies={'http':'http://127.0.0.1:1337'}\n)\n```\n\n### Example: Force Download/use an older MITRE ATT&CK data set:\n```py\nattack = enterpriseattack.Attack(\n mitre_version='11.3',\n update=True\n)\n\nprint(attack.mitre_version)\n```\n\n### Example: Iterate over tactics/techniques/sub_techniques:\n```py\nattack = enterpriseattack.Attack()\n\nfor tactic in attack.tactics:\n print(tactic.name)\n for technique in tactic.techniques:\n print(technique.name)\n print(technique.detection)\n\nfor software in attack.software:\n for technique in software.techniques:\n for sub_technique in technique.sub_techniques:\n print(software.name, technique.name, sub_technique.name)\n```\n\n### Example: Create a json object of any tactic/technique/sub_technique/group/software/datasource:\n```py\nattack = enterpriseattack.Attack()\n\nfor tactic in attack.tactics:\n print(tactic.to_json())\n\nfor group in attack.groups:\n print(group.to_json())\n\n...\n```\n\nFor more examples, please refer to the [Documentation](https://gitlab.com/xakepnz/enterpriseattack/tree/main/docs)\n\n<p align=\"right\">(<a href=\"#top\">back to top</a>)</p>\n",
"bugtrack_url": null,
"license": null,
"summary": "A lightweight Python module to interact with the MITRE ATT&CK\u00ae Enterprise dataset.",
"version": "1.0.3",
"project_urls": {
"Changelog": "https://gitlab.com/xakepnz/enterpriseattack/-/tree/main/CHANGELOG.md",
"Documentation": "https://gitlab.com/xakepnz/enterpriseattack/-/tree/main/docs",
"Download": "https://gitlab.com/xakepnz/enterpriseattack/-/releases",
"Homepage": "https://gitlab.com/xakepnz/enterpriseattack",
"Issues": "https://gitlab.com/xakepnz/enterpriseattack/-/issues"
},
"split_keywords": [
"mitre att&ck",
" att&ck enterprise",
" enterpriseattack",
" mitre python",
" mitre att&ck python",
" mitre framework",
" att&ck"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "a843f945acc1d53eae6951d5531c0b7398b461e6643113717b25ab94a4329caf",
"md5": "ea1687f2962d6d090464454b814bdf16",
"sha256": "e45240304e70ddf3a3ce3fab355bf62b95ab11201796a9b425595c8aa4aca3a7"
},
"downloads": -1,
"filename": "enterpriseattack-1.0.3-py3-none-any.whl",
"has_sig": false,
"md5_digest": "ea1687f2962d6d090464454b814bdf16",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10",
"size": 24857,
"upload_time": "2025-07-31T21:43:12",
"upload_time_iso_8601": "2025-07-31T21:43:12.175387Z",
"url": "https://files.pythonhosted.org/packages/a8/43/f945acc1d53eae6951d5531c0b7398b461e6643113717b25ab94a4329caf/enterpriseattack-1.0.3-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "028d1ebb9df7eab22b52fc06a4a2a4b26d69a9b8f04c09db87077f546305a048",
"md5": "3014b1d26725edf29a20393ec4b33053",
"sha256": "21405fe784117aab6bb00ab835e36ae95ed0569e12db2766615ed04deecf2c10"
},
"downloads": -1,
"filename": "enterpriseattack-1.0.3.tar.gz",
"has_sig": false,
"md5_digest": "3014b1d26725edf29a20393ec4b33053",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10",
"size": 5838566,
"upload_time": "2025-07-31T21:43:13",
"upload_time_iso_8601": "2025-07-31T21:43:13.623844Z",
"url": "https://files.pythonhosted.org/packages/02/8d/1ebb9df7eab22b52fc06a4a2a4b26d69a9b8f04c09db87077f546305a048/enterpriseattack-1.0.3.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-07-31 21:43:13",
"github": false,
"gitlab": true,
"bitbucket": false,
"codeberg": false,
"gitlab_user": "xakepnz",
"gitlab_project": "enterpriseattack",
"lcname": "enterpriseattack"
}
JSON