TTPForge is a cyber attack simulation platform. This project promotes a Purple
Team approach to cybersecurity with the following goals:
To help blue teams accurately measure their detection and response
capabilities through high-fidelity simulations of real attacker activity.
To help red teams improve the ROI/actionability of their findings by packaging
their attacks as automated, repeatable simulations.
TTPForge allows you to automate attacker tactics, techniques, and procedures
(TTPs) using a powerful but easy-to-use YAML format. Check out the links below
to learn more!
bashutils_url="https://raw.githubusercontent.com/l50/dotfiles/main/bashutils"
bashutils_path="/tmp/bashutils"
if [[ ! -f "${bashutils_path}" ]]; then
curl -s "${bashutils_url}" -o "${bashutils_path}"
fi
source "${bashutils_path}"
fetchFromGithub "facebookincubator" "TTPForge" "latest" ttpforge
At this point, the latest ttpforge release should be in
$HOME/.local/bin/ttpforge and subsequently, the $USER's $PATH.
If running in a stripped down system, you can add TTPForge to your $PATH
with the following command:
export PATH=$HOME/.local/bin:$PATH
Initialize TTPForge configuration
This command will place a configuration file at the default location
~/.ttpforge/config.yaml and configure the examples and forgearmory TTP
repositories:
ttpforge init
List available TTP repositories (should show examples and forgearmory)
ttpforge list repos
The examples repository contains the TTPForge examples found in this
repository. The
ForgeArmory repository
contains our arsenal of attacker TTPs powered by TTPForge.
List available TTPs that you can run:
ttpforge list ttps
Examine an example TTP:
ttpforge show ttp examples//args/basic.yaml
Run the specified example:
ttpforge run examples//args/basic.yaml \
--arg str_to_print=hello \
--arg run_second_step=true