This python bundle is used to execute Atomic Crimson Crew assessments (Atomics) throughout a number of working system environments.
Why?
atomic-operator permits safety professionals to check their detection and defensive capabilities towards prescribed methods outlined inside atomic-red-team. By using a testing framework corresponding to atomic-operator, you possibly can determine each your defensive capabilities in addition to gaps in defensive protection.
Moreover, atomic-operator can be utilized in lots of different conditions like:
- Producing alerts to check merchandise
- Testing EDR and different safety instruments
- Figuring out solution to carry out defensive evasion from an adversary perspective
- Plus extra.
Options
- Assist native and distant execution of Atomic Crimson Groups assessments on Home windows, macOS, and Linux methods
- Helps working atomic-tests towards
iaas:aws - Can immediate for enter arguments however not required
- Help with downloading the atomic-red-team repository
- Could be automated additional based mostly on a configuration file
- A command-line and importable Python bundle
- Choose particular assessments when a number of methods are specified
- Plus extra
Getting Began
atomic-operator is a Python-only bundle hosted on PyPi and works with Python 3.6 and higher.
In case you are wanting a PowerShell model, please checkout Invoke-AtomicRedTeam.
pip set up atomic-operatorThe following steps will information you thru organising and working atomic-operator.
Set up
You possibly can set up atomic-operator on OS X, Linux, or Home windows. You can too set up it instantly from the supply. To put in, see the instructions below the related working system heading, under.
Stipulations
The next libraries are required and put in by atomic-operator:
pyyaml==5.4.1
hearth==0.4.0
requests==2.26.0
attrs==21.2.0
choose==1.2.0
macOS, Linux and Home windows:
pip set up atomic-operatormacOS utilizing M1 processor
git clone https://github.com/swimlane/atomic-operator.git
cd atomic-operator# Fulfill ModuleNotFoundError: No module named 'setuptools_rust'
brew set up rust
pip3 set up --upgrade pip
pip3 set up setuptools_rust
# Again to our often scheduled programming . . .
pip set up -r necessities.txt
python setup.py set up
Putting in from supply
git clone https://github.com/swimlane/atomic-operator.git
cd atomic-operator
pip set up -r necessities.txt
python setup.py set upUtilization instance (command line)
You possibly can run atomic-operator from the command line or inside your personal Python scripts. To make use of atomic-operator on the command line merely enter the next in your terminal:
atomic-operator --help
atomic-operator run -- --helpPlease observe that to see particulars in regards to the run command run
atomic-operator run -- --helpand NOTatomic-operator run --help
Retrieving Atomic Assessments
To be able to use atomic-operator you need to have a number of atomic-red-team assessments (Atomics) in your native system. atomic-operator gives you with the power to obtain the Atomic Crimson Crew repository. You are able to do so by working the next on the command line:
atomic-operator get_atomics
# You possibly can specify the vacation spot listing by utilizing the --destination flag
atomic-operator get_atomics --destination "/tmp/some_directory"Operating Assessments Domestically
To be able to run a take a look at you need to present some further properties (and choices if desired). The principle methodology to run assessments is known as run.
# This may run ALL assessments compatiable along with your native working system
atomic-operator run --atomics-path "/tmp/some_directory/redcanaryco-atomic-red-team-3700624"You possibly can choose particular person assessments whenever you present a number of particular methods. For instance working the next on the command line:
atomic-operator run --techniques T1564.001 --select_testsWill immediate the person with a variety listing of assessments related to that approach. A person can choose a number of assessments by utilizing the house bar to focus on the specified take a look at:
Choose Take a look at(s) for Approach T1564.001 (Cover Artifacts: Hidden Recordsdata and Directories)* Create a hidden file in a hidden listing (61a782e5-9a19-40b5-8ba4-69a4b9f3d7be)
Mac Hidden file (cddb9098-3b47-4e01-9d3b-6f5f323288a9)
Create Home windows System File with Attrib (f70974c8-c094-4574-b542-2c545af95a32)
Create Home windows Hidden File with Attrib (dadb792e-4358-4d8d-9207-b771faa0daa5)
Hidden information (3b7015f2-3144-4205-b799-b05580621379)
Cover a Listing (b115ecaf-3b24-4ed2-aefe-2fcb9db913d3)
Present all hidden information (9a1ec7da-b892-449f-ad68-67066d04380c)
Operating Assessments Remotely
To be able to run a take a look at remotely you need to present some further properties (and choices if desired). The principle methodology to run assessments is known as run.
# This may run ALL assessments compatiable along with your native working system
atomic-operator run --atomics-path "/tmp/some_directory/redcanaryco-atomic-red-team-3700624" --hosts "10.32.1.0" --username "my_username" --password "my_password"When working instructions remotely towards Home windows hosts it’s possible you’ll must configure PSRemoting. See particulars right here: Home windows Remoting
Extra parameters
You possibly can see further parameters by working the next command:
atomic-operator run -- --help| Parameter Title | Sort | Default | Description |
|---|---|---|---|
| methods | listing | all | A number of outlined methods by attack_technique ID. |
| test_guids | listing | None | A number of Atomic take a look at GUIDs. |
| select_tests | bool | False | Choose a number of atomic assessments to run when a methods are specified. |
| atomics_path | str | os.getcwd() | The trail of Atomic assessments. |
| check_prereqs | bool | False | Whether or not or to not test for prereq dependencies (prereq_comand). |
| get_prereqs | bool | False | Whether or not or not you need to retrieve stipulations. |
| cleanup | bool | False | Whether or not or not you need to run cleanup command(s). |
| copy_source_files | bool | True | Whether or not or not you need to copy any associated supply (src, bin, and so forth.) information to a distant host. |
| command_timeout | int | 20 | Time period for every command earlier than timeout. |
| debug | bool | False | Whether or not or not you need to output particulars about assessments being ran. |
| prompt_for_input_args | bool | False | Whether or not you need to immediate for enter arguments for every take a look at. |
| return_atomics | bool | False | Whether or not or not you need to return atomics as an alternative of working them. |
| config_file | str | None | A path to a conifg_file which is used to automate atomic-operator in environments. |
| config_file_only | bool | False | Whether or not or not you need to run assessments based mostly on the supplied config_file solely. |
| hosts | listing | None | An inventory of a number of distant hosts to run a take a look at on. |
| username | str | None | Username for authentication of distant connections. |
| password | str | None | Password for authentication of distant connections. |
| ssh_key_path | str | None | Path to a SSH Key for authentication of distant connections. |
| private_key_string | str | None | A non-public SSH Key string used for authentication of distant connections. |
| verify_ssl | bool | False | Whether or not or to not confirm ssl when connecting over RDP (home windows). |
| ssh_port | int | 22 | SSH port for authentication of distant connections. |
| ssh_timeout | int | 5 | SSH timeout for authentication of distant connections. |
| **kwargs | dict | None | If further flags are handed into the run command then we’ll try to match them with outlined inputs inside Atomic assessments and change their worth with the supplied worth. |
You must see an identical output to the next:
NAME
atomic-operator run - The principle methodology through which we run Atomic Crimson Crew assessments.SYNOPSIS
atomic-operator run <flags>
DESCRIPTION
The principle methodology through which we run Atomic Crimson Crew assessments.
FLAGS
--techniques=TECHNIQUES
Sort: listing
Default: ['all']
A number of outlined methods by attack_technique ID. Defaults to 'all'.
--test_guids=TEST_GUIDS
Sort: listing
Default: []
A number of Atomic take a look at GUIDs. Defaults to None.
--select_tests=SELECT_TESTS
Sort: bool
Default: False
Choose a number of assessments from supplied methods. Defaults to False.
--atomics_path=ATOMICS_PATH
Default: '/U...
The trail of Atomic assessments. Defaults to os.getcwd().
--check_prereqs=CHECK_PREREQS
Default: False
Whether or not or to not test for prereq dependencies (pr ereq_comand). Defaults to False.
--get_prereqs=GET_PREREQS
Default: False
Whether or not or not you need to retrieve stipulations. Defaults to False.
--cleanup=CLEANUP
Default: False
Whether or not or not you need to run cleanup command(s). Defaults to False.
--copy_source_files=COPY_SOURCE_FILES
Default: True
Whether or not or not you need to copy any associated supply (src, bin, and so forth.) information to a distant host. Defaults to True.
--command_timeout=COMMAND_TIMEOUT
Default: 20
Timeout period for every command. Defaults to twenty.
--debug=DEBUG
Default: False
Whether or not or not you need to output particulars about assessments being ran. Defaults to False.
--prompt_for_input_args=PROMPT_FOR_INPUT_ARGS
Default: False
Whether or not you need to immediate for enter arguments for every take a look at. Defaults to False.
--return_atomics=RETURN_ATOMICS
Default: False
Whether or not or not you need to return atomics as an alternative of working them. Defaults to False.
--config_file=CONFIG_FILE
Sort: Elective[]
Default: None
A path to a conifg_file which is used to automate atomic-operator in environments. Default to None.
--config_file_only=CONFIG_FILE_ONLY
Default: False
Whether or not or not you need to run assessments based mostly on the supplied config_file solely. Defaults to False.
--hosts=HOSTS
Default: []
An inventory of a number of distant hosts to run a take a look at on. Defaults to [].
--username=USERNAME
Sort: Elective[]
Default: None
Username for authentication of distant connections. Defaults to None.
--password=PASSWORD
Sort: Elective[]
Default: None
Password for authentication of distant connections. Defaults to None.
--ssh_key_path=SSH_KEY_PATH
Sort: Elective[]
Default: None
Path to a SSH Key for authentication of distant connections. Defaults to None.
--private_key_string=PRIVATE_KEY_STRING
Sort: Elective[]
Default: None
A non-public SSH Key string used for authentication of distant connections. Defaults to None.
--verify_ssl=VERIFY_SSL
Default: False
Whether or not or to not confirm ssl when connecting over RDP (home windows). Defaults to False.
--ssh_port=SSH_PORT
Default: 22
SSH port for authentication of distant connections. Defaults to 22.
--ssh_timeout=SSH_TIMEOUT
Default: 5
SSH timeout for authentication of distant connections. Defaults to five.
Extra flags are accepted.
If supplied, keys matching inputs for a take a look at shall be changed. Default is None.
Operating atomic-operator utilizing a config_file
Along with the power to move in parameters with atomic-operator you may as well move in a path to a config_file that accommodates all of the atomic assessments and their potential inputs. You possibly can see an instance of this config_file right here:
atomic_tests:
- guid: f7e6ec05-c19e-4a80-a7e7-241027992fdb
input_arguments:
output_file:
worth: custom_output.txt
input_file:
worth: custom_input.txt
- guid: 3ff64f0b-3af2-3866-339d-38d9791407c3
input_arguments:
second_arg:
worth: SWAPPPED argument
- guid: 32f90516-4bc9-43bd-b18d-2cbe0b7ca9b2Utilization instance (scripts)
To make use of atomic-operator you need to instantiate an AtomicOperator object.
from atomic_operator import AtomicOperatoroperator = AtomicOperator()
# This may obtain an area copy of the atomic-red-team repository
print(operator.get_atomics('/tmp/some_directory'))
# this can run assessments in your native system
operator.run(
approach: str="All",
atomics_path=os.getcwd(),
check_dependencies=False,
get_prereqs=False,
cleanup=False,
command_timeout=20,
debug=False,
prompt_for_input_args=False,
**kwargs
)
Getting Assist
Please create an difficulty when you’ve got questions or run into any points.
Constructed With
- carcass – Python packaging template
Contributing
Please learn CONTRIBUTING.md for particulars on our code of conduct, and the method for submitting pull requests to us.
Versioning
We use SemVer for versioning.
Authors
See additionally the listing of contributors who participated on this mission.
License
This mission is licensed below the MIT License – see the LICENSE file for particulars
Shoutout
- Due to keithmccammon for serving to determine points with macOS M1 based mostly proccesssor and offering a repair
