mitre/caldera
Automated Adversary Emulation
| repo name | mitre/caldera |
| repo link | https://github.com/mitre/caldera |
| homepage | |
| language | Python |
| size (curr.) | 19023 kB |
| stars (curr.) | 1724 |
| created | 2017-11-29 |
| license | Apache License 2.0 |
CALDERA
Full documentation, training and use-cases can be found here
CALDERA is a cyber security framework designed to easily run autonomous breach-and-simulation exercises. It can also be used to run manual red-team engagements or automated incident response.
It is built on the MITRE ATT&CK™ framework and is an active research project at MITRE.
The framework consists of two components:
- The core system. This is the framework code, consisting of what is available in this repository. Included is an asynchronous command-and-control (C2) server with a REST API and a web interface.
- Plugins. These are separate repositories that hang off of the core framework, providing additional functionality. Examples include agents, GUI interfaces, collections of TTPs and more.
Plugins
- Access (red team initial access tools and techniques)
- Atomic (Atomic Read Team project TTPs)
- Builder (dynamically compile payloads)
- Compass (ATT&CK visualizations)
- GameBoard (visualize joint red and blue operations)
- Human (create simulated noise on an endpoint)
- Manx (shell functionality and reverse shell payloads)
- Mock (simulate agents in operations)
- Response (incident response)
- Sandcat (default agent)
- SSL (enable https for caldera)
- Stockpile (technique and profile storehouse)
- Training (certification and training course)
Requirements
These requirements are for the computer running the core framework:
- Any Linux or MacOS
- Python 3.6.1+ (with Pip3)
- Google Chrome is our only supported browser
- Recommended hardware to run on is 8GB+ RAM and 2+ CPUs
Installation
Start by cloning this repository recursively, passing the desired version/release in x.x.x format. This will pull in all available plugins. If you clone master - or any non-release branch - you may experience bugs.
git clone https://github.com/mitre/caldera.git --recursive --branch x.x.x
Next, install the PIP requirements:
pip install -r requirements.txt
Want to super-power your CALDERA server installation? Make sure GoLang (1.13+) is installed.
Finally, start the server.
python server.py --insecure
Once started, you should log into http://localhost:8888 using the credentials red/admin. Then go into Plugins -> Training and complete the capture-the-flag style training course to learn how to use the framework.
Video tutorial
Watch the following video for a brief run through of how to run your first operation.
Contributing
Refer to our contributor documentation
Licensing
In addition to CALDERA’s open source capabilities, MITRE maintains several in-house CALDERA plugins that offer more advanced functionality. For more information, or to discuss licensing opportunities, please reach out to caldera@mitre.org or directly to MITRE’s Technology Transfer Office.
