Skip to content

Latest commit

 

History

History
150 lines (112 loc) · 7.62 KB

README.md

File metadata and controls

150 lines (112 loc) · 7.62 KB
Raw

Release Testing Status Security Status codecov Documentation Status

MITRE Caldera™

MITRE Caldera™ is a cyber security platform designed to easily automate adversary emulation, assist manual red-teams, and automate incident response.

It is built on the MITRE ATT&CK™ framework and is an active research project at MITRE.

The framework consists of two components:

  1. The core system. This is the framework code, consisting of what is available in this repository. Included is an asynchronous command-and-control (C2) server with a REST API and a web interface.
  2. Plugins. These repositories expand the core framework capabilities and providing additional functionality. Examples include agents, reporting, collections of TTPs and more.

Resources & Socials

Plugins

⭐ Create your own plugin! Plugin generator: Skeleton

Default

These plugins are supported and maintained by the Caldera team.

  • Access (red team initial access tools and techniques)
  • Atomic (Atomic Red Team project TTPs)
  • Builder (dynamically compile payloads)
  • Caldera for OT (ICS/OT capabilities for Caldera)
  • Compass (ATT&CK visualizations)
  • Debrief (operations insights)
  • Emu (CTID emulation plans)
  • Fieldmanual (documentation)
  • GameBoard (visualize joint red and blue operations)
  • Human (create simulated noise on an endpoint)
  • Magma (VueJS UI for Caldera v5)
  • Manx (shell functionality and reverse shell payloads)
  • Response (incident response)
  • Sandcat (default agent)
  • SSL (enable https for caldera)
  • Stockpile (technique and profile storehouse)
  • Training (certification and training course)

More

These plugins are ready to use but are not included by default and are not maintained by the Caldera team.

  • Arsenal (MITRE ATLAS techniques and profiles)
  • CalTack (embedded ATT&CK website)
  • Pathfinder (vulnerability scanning)
  • SAML (SAML authentication)

Requirements

These requirements are for the computer running the core framework:

  • Any Linux or MacOS
  • Python 3.8+ (with Pip3)
  • Recommended hardware to run on is 8GB+ RAM and 2+ CPUs
  • Recommended: GoLang 1.17+ to dynamically compile GoLang-based agents.
  • NodeJS (v16+ recommended for v5 VueJS UI)

Installation

Concise installation steps:

git clone https://github.com/mitre/caldera.git --recursive
cd caldera
pip3 install -r requirements.txt
python3 server.py --insecure --build

Full steps: Start by cloning this repository recursively, passing the desired version/release in x.x.x format. This will pull in all available plugins.

git clone https://github.com/mitre/caldera.git --recursive --branch x.x.x

Next, install the PIP requirements:

pip3 install -r requirements.txt

Super-power your Caldera server installation! Install GoLang (1.19+)

Finally, start the server.

python3 server.py --insecure --build

The --build flag automatically installs any VueJS UI dependencies, bundles the UI into a dist directory, and is served by the Caldera server. You will only have to use the --build flag again if you add any plugins or make any changes to the UI. Once started, log into http://localhost:8888 using the default credentials red/admin. Then go into Plugins -> Training and complete the capture-the-flag style training course to learn how to use Caldera.

If you prefer to not use the new VueJS UI, revert to Caldera v4.2.0. Correspondingly, do not use the --build flag for earlier versions as not required.

User Interface Development

If you'll be developing the UI, there are a few more additional installation steps.

Requirements

  • NodeJS (v16+ recommended)

Setup

  1. Add the Magma submodule if you haven't already: git submodule add https://github.com/mitre/magma
  2. Install NodeJS dependencies: cd plugins/magma && npm install && cd ..
  3. Start the Caldera server with an additional flag: python3 server.py --uidev localhost

Your Caldera server is available at http://localhost:8888 as usual, but there will now be a hot-reloading development server for the VueJS front-end available at http://localhost:3000. Both logs from the server and the front-end will display in the terminal you launched the server from.

Docker Deployment

To build a Caldera docker image, ensure you have docker installed and perform the following actions:

# Recursively clone the Caldera repository if you have not done so
git clone https://github.com/mitre/caldera.git --recursive

# Build the docker image. Change image tagging as desired.
# WIN_BUILD is set to true to allow Caldera installation to compile windows-based agents.
# Alternatively, you can use the docker compose YML file via "docker-compose build"
cd caldera
docker build . --build-arg WIN_BUILD=true -t caldera:latest

# Run the image. Change port forwarding configuration as desired.
docker run -p 8888:8888 caldera:latest

To gracefully terminate your docker container, do the following:

# Find the container ID for your docker container running Caldera
docker ps

# Send interrupt signal, e.g. "docker kill --signal=SIGINT 5b9220dd9c0f"
docker kill --signal=SIGINT [container ID]

Contributing

Refer to our contributor documentation.

Vulnerability Disclosures

Refer to our vulnerability discolosure documentation for submitting bugs.

Licensing

To discuss licensing opportunities, please reach out to [email protected] or directly to MITRE's Technology Transfer Office.

Caldera Benefactor Program

If you are interested in partnering to support, sustain, and evolve MITRE Caldera™'s open source capabilities, please contact us at [email protected].