AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework.
The tool generates tailored incident response scenarios based on user-selected threat actor groups and your organisation’s details.
If you find AttackGen useful, please consider starring the repository on GitHub. This helps more people discover the tool. Your support is greatly appreciated!
What’s new? | Why is it useful? |
---|---|
Custom Scenarios based on ATT&CK Techniques | – For Mature Organisations: This feature is particularly beneficial if your organisation has advanced threat intelligence capabilities. For instance, if you’re monitoring a newly identified or lesser-known threat actor group, you can tailor incident response testing scenarios specific to the techniques used by that group. – Focused Testing: Alternatively, use this feature to focus your incident response testing on specific parts of the cyber kill chain or certain MITRE ATT&CK Tactics like ‘Lateral Movement’ or ‘Exfiltration’. This is useful for organisations looking to evaluate and improve specific areas of their defence posture. |
User feedback on generated scenarios | – Collecting feedback is essential to track model performance over time and helps to highlight strengths and weaknesses in scenario generation tasks. |
Improved error handling for missing API keys | – Improved user experience. |
Replaced Streamlit st.spinner widgets with new st.status widget | – Provides better visibility into long running processes (i.e. scenario generation). |
Initial release.
langchain
and mitreattack
).enterprise-attack.json
(MITRE ATT&CK dataset in STIX format) and groups.json
.git clone https://github.com/mrwadams/attackgen.git
2. Change directory into the cloned repository:
cd attackgen
3. Install the required Python packages:
pip install -r requirements.txt
If you would like to use LangSmith for debugging, testing, and monitoring of model performance, you will need to set up a LangSmith account and create a .streamlit/secrets.toml
file that contains your LangChain API key.
Please follow the instructions here to set up your account and obtain your API key.
If you do not wish to use LangSmith, you can delete the LangSmith related environment variables from the top of the following files:
pages/1_Threat_Group_Scenarios.py
pages/2_Custom_Scenarios.py
Download the latest version of the MITRE ATT&CK dataset in STIX format from here. Ensure to place this file in the ./data/
directory within the repository.
After the data setup, you can run AttackGen with the following command:
streamlit run _Welcome.py
You can also try the app on Streamlit Community Cloud.
Threat Group Scenarios
page.Custom Scenario
page.Please note that generating scenarios may take a minute or so. Once the scenario is generated, you can view it on the app and also download it as a Markdown file.
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…