-
Notifications
You must be signed in to change notification settings - Fork 0
/
attack_mapper.py
151 lines (118 loc) · 6.12 KB
/
attack_mapper.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
import json
from os import system, name
def load_attack_mapping():
try:
with open('attack_mapping.json') as attack_map:
attack_json = json.load(attack_map)
return attack_json
except FileNotFoundError:
print("[*] ERROR: Please put attack_mapping.json in the same directory as this script! "
"(https://github.com/MITRECND/mitrecnd.github.io/blob/master/_data/attack_mapping.json)")
exit()
def main():
attack_mapping = load_attack_mapping()
while True:
clear_screen()
prCastle()
first_input = input("[*] Would you like to search by ATT&CK Technique Name or ID?\n")
if first_input.lower() == 'quit' or first_input.lower() == 'exit':
prWarning("[+] Goodbye!")
exit()
elif first_input.lower() == 'name':
search_technique_name(attack_mapping)
elif first_input.lower() == 'id':
search_technique_id(attack_mapping)
def search_technique_name(attack_mapping):
clear_screen()
prCastle()
technique_search = input("[*] Enter ATT&CK Technique name:\n")
for techniques in attack_mapping:
tactic_list = []
technique_list = []
dtactic_list = []
procedure_list = []
if technique_search in techniques['attack_technique']['name'].lower():
map_attack(techniques, tactic_list, technique_list, dtactic_list, procedure_list)
def search_technique_id(attack_mapping):
clear_screen()
prCastle()
technique_search = input("[*] Enter ATT&CK Technique ID: \n")
for techniques in attack_mapping:
tactic_list = []
technique_list = []
dtactic_list = []
procedure_list = []
if technique_search.upper() == techniques['attack_technique']['id']:
map_attack(techniques, tactic_list, technique_list, dtactic_list, procedure_list)
def map_attack(techniques, tactic_list, technique_list, dtactic_list, procedure_list):
clear_screen()
for tactic in techniques['attack_tactics']:
tactic_list.append([tactic['name'], tactic['id']])
technique_list.append([techniques['attack_technique']['name'], techniques['attack_technique']['id']])
prRed(f"ATT&CK Tactic(s):")
for i in tactic_list:
print(f"[+] {[i][0][0]} ({i[1]})")
prRed(f"\nATT&CK Technique:")
print(f"[+] {technique_list[0][0]} ({technique_list[0][1]})\n")
prWarning(f"Active Defense Opportunity:")
print(f"[+] {techniques['opportunity']['description']} ({techniques['opportunity']['id']})\n")
for dtactic in techniques['tactics']:
dtactic_list.append([dtactic['name'], dtactic['id'], dtactic['long_description']])
prCyan(f"Active Defense Tactic:")
print(f"[+] {dtactic_list[0][0]} ({dtactic_list[0][1]})\n"
f"[*] {dtactic_list[0][2]}\n")
prCyan(f"Active Defense Technique:")
print(f"[+] {techniques['technique']['name']} ({techniques['technique']['id']})\n"
f"[*] {techniques['technique']['long_description']}\n")
prWarning(f"Active Defense Use Case:")
print(f"[+] {techniques['use_case']['description']} ({techniques['use_case']['id']})\n")
for procedure in techniques['procedures']:
procedure_list.append([procedure['id'], procedure['description']])
prCyan(f"Active Defense Procedure(s):")
for i in procedure_list:
print(f"[+] {[i][0][1]} ({i[0]})")
enter = input(f"\nPress enter to continue")
def prGreen(skk):
print("\033[92m {}\033[00m".format(skk))
def prRed(skk):
print("\033[91m {}\033[00m" .format(skk))
def prCyan(skk):
print("\033[96m {}\033[00m" .format(skk))
def prWarning(skk):
print("\033[93m {}\033[00m" .format(skk))
def clear_screen():
if name == 'nt':
system('cls')
else:
system('clear')
def prCastle():
print("\n *//////\n"
" *//////\n"
" *//////\n"
" *\n"
" .***\n"
" */// */////* *///\n"
" */// *////////** *///\n"
" * .((#%**/&&@@&%/**%#(/ *\n"
" ///. .((#%***&&@@&%***%#(/ ////\n"
" */////* .((#%%&&&&@@&&&&%%#(( */////*\n"
" *********** ///(((((#(((((//* **********,\n"
" *(#%&&&&@&&&%#(/ (##%&&&...&&%%##( /(#%&&&@&&&%#(\n"
" ,(#%%&&&&%%#(* (##%%&.....&%%##( /(#%%&&&%%#(\n"
" ,(#%&&&@&&%#(* (##%&&*****&%%##( /(%%&&@&&%#(\n"
" ,(#%......%#(* (##%%&(((((&%%##( /(%(.....%#(\n"
" ,(#%,,,,,,%#(* .#### (#%%%%&&&&&%%%%#( ####. /(%(,,,,,%#(\n"
" ,(#%//////%#(* .#### (#%%%%&&&&&%%%%#( ####. /(%#/////%#(\n"
" ,(#%&&@@&&%#((#####%%%%%%%%&&&&&&&&&%%%%%%%%#####/(%%&&@&&%#(\n"
" ,(#%&&@@&&%#((####%%%%%%%&&%#######%&&&%%%%%%%###/(%%&&@&&%#(\n"
" ,(#%&&@@&&%#((###%%%%%%&%##/*..*..*(##&&%%%%%%###/(%%&&@&&%#(\n"
" ,(#%&&@@&&%#((##%%%%%%&###.,*,,*,,*,.##%&%%%%%%##/(%%&&@&&%#(\n"
" ,(#%&&@@&&%#((##%%%%%&&##*,,*,,*,,*,,*##&&%%%%%%#/(%%&&@&&%#(\n"
" ,(#%&&@@&&%#((##%%%%%%&##*,,*,,*,,*,,*##&%%%%%%##/(%%&&@&&%#(\n"
" ,(#%&&@@&&%#((###%%%%%&##*,,*,,*,,*,,*##&%%%%%%##/(%%&&@&&%#(\n"
" ,(#%&&@@&&%#((###%%%%%%##*,,*,,*,,*,,*##%%%%%%###/(%%&&@&&%#(\n"
" ,(#%&&@@&&%#((####%%%%%##*,,*,,*,,*,,*##%%%%%####/(%%&&@&&%#(")
prCyan("▄▀█ █▀▀ ▀█▀ █ █░█ █▀▀ █▀▄ █▀▀ █▀▀ █▀▀ █▄░█ █▀ █▀▀ ▀█▀ ▀█▀ █▀█ █▀\n"
" █▀█ █▄▄ ░█░ █ ▀▄▀ ██▄ █▄▀ ██▄ █▀░ ██▄ █░▀█ ▄█ ██▄ ░█░ ░█░ █▀▀ ▄█\n")
if __name__ == "__main__":
main()