Metadata-Version: 2.4
Name: enterpriseattack
Version: 1.0.3
Summary: A lightweight Python module to interact with the MITRE ATT&CK® Enterprise dataset.
Home-page: https://gitlab.com/xakepnz/enterpriseattack
Author: xakepnz
Author-email: xakepnz <xakepnz@pm.me>
Project-URL: Homepage, https://gitlab.com/xakepnz/enterpriseattack
Project-URL: Documentation, https://gitlab.com/xakepnz/enterpriseattack/-/tree/main/docs
Project-URL: Issues, https://gitlab.com/xakepnz/enterpriseattack/-/issues
Project-URL: Changelog, https://gitlab.com/xakepnz/enterpriseattack/-/tree/main/CHANGELOG.md
Project-URL: Download, https://gitlab.com/xakepnz/enterpriseattack/-/releases
Keywords: mitre att&ck,att&ck enterprise,enterpriseattack,mitre python,mitre att&ck python,mitre framework,att&ck
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Information Technology
Classifier: Intended Audience :: Science/Research
Classifier: Intended Audience :: System Administrators
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Classifier: Topic :: System :: Systems Administration
Classifier: Typing :: Typed
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: ujson>=3.0.0
Requires-Dist: requests>=2.9.2
Provides-Extra: build
Requires-Dist: setuptools~=80.0; extra == "build"
Requires-Dist: wheel==0.45.1; extra == "build"
Requires-Dist: build==1.2.2.post1; extra == "build"
Requires-Dist: setuptools-scm~=8.3.1; extra == "build"
Provides-Extra: release
Requires-Dist: twine==6.1.0; extra == "release"
Requires-Dist: python-semantic-release==10.2.0; extra == "release"
Provides-Extra: test
Requires-Dist: pytest>=6.1.0; extra == "test"
Requires-Dist: pytest-cov>=2.10.1; extra == "test"
Requires-Dist: flake8>=3.7.9; extra == "test"
Requires-Dist: tox>=3.14.2; extra == "test"
Requires-Dist: coverage==4.5.4; extra == "test"
Requires-Dist: pipdeptree==2.26.1; extra == "test"
Requires-Dist: pre-commit~=4.2.0; extra == "test"
Requires-Dist: bandit==1.8.3; extra == "test"
Requires-Dist: tox~=4.25.0; extra == "test"
Requires-Dist: isort==6.0.1; extra == "test"
Requires-Dist: black==25.1.0; extra == "test"
Dynamic: author
Dynamic: home-page
Dynamic: license-file

## enterpriseattack - MITRE's Enterprise ATT&CK®

A lightweight Python module to interact with the [MITRE ATT&CK](https://attack.mitre.org/) Enterprise dataset. Built to be used in production applications due to it's speed and minimal depedancies. [Read the docs](https://gitlab.com/xakepnz/enterpriseattack/tree/main/docs) for more info.

## MITRE ATT&CK®

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

### Dependancies

* Python 3.x
* ujson >= 3.0.0
* requests >= 2.9.2

## Installation

### Install via Pip:
   ```sh
   pip3 install enterpriseattack
   ```

### Alternatively clone the repository:
   ```sh
   git clone https://gitlab.com/xakepnz/enterpriseattack.git
   cd enterpriseattack
   python3 setup.py install
   ```

<p align="right">(<a href="#top">back to top</a>)</p>

## Docker:

### Build the docker image:

```sh
docker build enterpriseattack:0.1.8 .
docker tag enterpriseattack:0.1.8 enterpriseattack:latest
```

### Run the benchmarks on the container:
```sh
docker run enterpriseattack
```

<p align="right">(<a href="#top">back to top</a>)</p>

## Usage

### Initialise an Attack object:
```py
import enterpriseattack

attack = enterpriseattack.Attack()
```

### Example Subscriptable objects:
Access any object directly from the Attack class, rather than iterating to find specific objects.

```py
attack = enterpriseattack.Attack(subscriptable=True)

wizard_spider = attack.groups.get('Wizard Spider')
print(len(wizard_spider.tactics))

execution = attack.tactics.get('Execution')
print(len(execution.techniques))
```

### Example: Passing custom args:
In this example, you can choose where to download the official Mitre Att&ck json from, including proxies to pass through. Alternatively, if you want to save the json file in a separate location, you can alter the enterprise_json arg. By default this is saved within your default site-packages location.

* `enterprise_json` - (optional) location of enterprise json file, (saved automatically in pip location)
* `url` - (optional) location of enterprise json file to download from.
* `update` - (optional) boolean forces a refresh download (each time this is called), overwriting the previous file.
* `include_deprecated` - (optional) boolean to include MITRE ATT&CK deprecated objects (from previous Att&ck versions).
* `mitre_version` - (optional) specify a MITRE ATT&CK data version.
* `proxies` - (optional) dict of proxies to pass through to reach the MITRE GitHub for the enterprise-attack.json.

```py
attack = enterpriseattack.Attack(
   enterprise_json=None,
   url='https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json',
   include_deprecated=False,
   update=False,
   subscriptable=True,
   mitre_version='latest',
   proxies={'http':'http://127.0.0.1:1337'}
)
```

### Example: Force Download/use an older MITRE ATT&CK data set:
```py
attack = enterpriseattack.Attack(
   mitre_version='11.3',
   update=True
)

print(attack.mitre_version)
```

### Example: Iterate over tactics/techniques/sub_techniques:
```py
attack = enterpriseattack.Attack()

for tactic in attack.tactics:
   print(tactic.name)
   for technique in tactic.techniques:
      print(technique.name)
      print(technique.detection)

for software in attack.software:
    for technique in software.techniques:
        for sub_technique in technique.sub_techniques:
            print(software.name, technique.name, sub_technique.name)
```

### Example: Create a json object of any tactic/technique/sub_technique/group/software/datasource:
```py
attack = enterpriseattack.Attack()

for tactic in attack.tactics:
   print(tactic.to_json())

for group in attack.groups:
   print(group.to_json())

...
```

For more examples, please refer to the [Documentation](https://gitlab.com/xakepnz/enterpriseattack/tree/main/docs)

<p align="right">(<a href="#top">back to top</a>)</p>
