Skip to content

Blipblopblopblop/caldera

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Release Testing Status Security Status codecov Documentation Status

MITRE Caldera™

MITRE Caldera™ is a cyber security platform designed to easily automate adversary emulation, assist manual red-teams, and automate incident response.

It is built on the MITRE ATT&CK™ framework and is an active research project at MITRE.

The framework consists of two components:

  1. The core system. This is the framework code, consisting of what is available in this repository. Included is an asynchronous command-and-control (C2) server with a REST API and a web interface.
  2. Plugins. These repositories expand the core framework capabilities and providing additional functionality. Examples include agents, reporting, collections of TTPs and more.

Resources & Socials

Plugins

⭐ Create your own plugin! Plugin generator: Skeleton

Default

These plugins are supported and maintained by the Caldera team.

  • Access (red team initial access tools and techniques)
  • Atomic (Atomic Red Team project TTPs)
  • Builder (dynamically compile payloads)
  • Caldera for OT (ICS/OT capabilities for Caldera)
  • Compass (ATT&CK visualizations)
  • Debrief (operations insights)
  • Emu (CTID emulation plans)
  • Fieldmanual (documentation)
  • GameBoard (visualize joint red and blue operations)
  • Human (create simulated noise on an endpoint)
  • Magma (VueJS UI for Caldera v5)
  • Manx (shell functionality and reverse shell payloads)
  • Response (incident response)
  • Sandcat (default agent)
  • SSL (enable https for caldera)
  • Stockpile (technique and profile storehouse)
  • Training (certification and training course)

More

These plugins are ready to use but are not included by default and are not maintained by the Caldera team.

  • Arsenal (MITRE ATLAS techniques and profiles)
  • CalTack (embedded ATT&CK website)
  • Pathfinder (vulnerability scanning)
  • SAML (SAML authentication)

Requirements

These requirements are for the computer running the core framework:

  • Any Linux or MacOS
  • Python 3.8+ (with Pip3)
  • Recommended hardware to run on is 8GB+ RAM and 2+ CPUs
  • Recommended: GoLang 1.17+ to dynamically compile GoLang-based agents.
  • NodeJS (v16+ recommended for v5 VueJS UI)

Installation

Concise installation steps:

git clone https://github.com/mitre/caldera.git --recursive
cd caldera
pip3 install -r requirements.txt
python3 server.py --insecure --build

Full steps: Start by cloning this repository recursively, passing the desired version/release in x.x.x format. This will pull in all available plugins.

git clone https://github.com/mitre/caldera.git --recursive --tag x.x.x

Next, install the PIP requirements:

pip3 install -r requirements.txt

Super-power your Caldera server installation! Install GoLang (1.19+)

Finally, start the server.

python3 server.py --insecure --build

The --build flag automatically installs any VueJS UI dependencies, bundles the UI into a dist directory, writes the Magma plugin's .env file, and is served by the Caldera server. You will only have to use the --build flag again if you add any plugins or make any changes to the UI. Once started, log into http://localhost:8888 using the default credentials red/admin. Then go into Plugins -> Training and complete the capture-the-flag style training course to learn how to use Caldera.

In some situations the default configuration values can cause the UI to appear unresponsive due to misrouted requests. Modify the app.frontend.api_base_url config value and start the server using the --build flag to update the UI's request URL environment variable.

If you prefer to not use the new VueJS UI, revert to Caldera v4.2.0. Correspondingly, do not use the --build flag for earlier versions as not required.

User Interface Development

If you'll be developing the UI, there are a few more additional installation steps.

Requirements

  • NodeJS (v16+ recommended)

Setup

  1. Add the Magma submodule if you haven't already: git submodule add https://github.com/mitre/magma
  2. Install NodeJS dependencies: cd plugins/magma && npm install && cd ..
  3. Start the Caldera server with an additional flag: python3 server.py --uidev localhost

Your Caldera server is available at http://localhost:8888 as usual, but there will now be a hot-reloading development server for the VueJS front-end available at http://localhost:3000. Both logs from the server and the front-end will display in the terminal you launched the server from.

Docker Deployment

To build a Caldera docker image, ensure you have docker installed and perform the following actions:

# Recursively clone the Caldera repository if you have not done so
git clone https://github.com/mitre/caldera.git --recursive

# Build the docker image. Change image tagging as desired.
# WIN_BUILD is set to true to allow Caldera installation to compile windows-based agents.
# Alternatively, you can use the docker compose YML file via "docker-compose build"
cd caldera
docker build . --build-arg WIN_BUILD=true -t caldera:latest

# Run the image. Change port forwarding configuration as desired.
docker run -p 8888:8888 caldera:latest --build

To gracefully terminate your docker container, do the following:

# Find the container ID for your docker container running Caldera
docker ps

# Stop the container
docker stop [container ID]

Contributing

Refer to our contributor documentation.

Vulnerability Disclosures

Refer to our Vulnerability Disclosure Documentation for submitting bugs.

Licensing

To discuss licensing opportunities, please reach out to [email protected] or directly to MITRE's Technology Transfer Office.

Caldera Benefactor Program

If you are interested in partnering to support, sustain, and evolve MITRE Caldera™'s open source capabilities, please contact us at [email protected].

About

Automated Adversary Emulation Platform

Resources

License

Security policy

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 50.9%
  • HTML 23.8%
  • CSS 15.3%
  • Sass 7.7%
  • JavaScript 2.1%
  • Dockerfile 0.2%