Skip to content

The TTPForge is a Cybersecurity Framework for developing, automating, and executing attacker Tactics, Techniques, and Procedures (TTPs).

License

Notifications You must be signed in to change notification settings

facebookincubator/TTPForge

Folders and files

NameName
Last commit message
Last commit date
Aug 9, 2024
Jun 25, 2024
Aug 5, 2024
Feb 12, 2025
Feb 19, 2025
Feb 19, 2025
Nov 22, 2023
Aug 10, 2023
Nov 22, 2023
Jul 25, 2024
Jul 25, 2024
Aug 10, 2023
Feb 12, 2025
Sep 17, 2024
Jan 28, 2025
Jan 28, 2025
Aug 5, 2024
Oct 5, 2023
Aug 5, 2024
Nov 17, 2023

Repository files navigation

TTPForge

License Tests 🚨 Semgrep Analysis Coverage Status

TTPForge is a cyber attack simulation platform designed and built by Sam Manzer (@d3sch41n), Alek Straumann (@CrimsonK1ng), and Geoff Pamerleau (@Sy14r), and including subsequent contributions from many good folks in Meta’s Red, Blue, and Purple security teams. Jayson Grace (@l50) migrated the project to GitHub and assisted with preparation for the project’s open source release.

This project promotes a Purple Team approach to cybersecurity with the following goals:

  • To help blue teams accurately measure their detection and response capabilities through high-fidelity simulations of real attacker activity.
  • To help red teams improve the ROI/actionability of their findings by packaging their attacks as automated, repeatable simulations.

TTPForge allows you to automate attacker tactics, techniques, and procedures (TTPs) using a powerful but easy-to-use YAML format. Check out the links below to learn more!


Table of Contents


Installation

  1. Get latest TTPForge release:

    curl \
    https://raw.githubusercontent.com/facebookincubator/TTPForge/main/dl-rl.sh \
    | bash

    At this point, the latest ttpforge release should be in $HOME/.local/bin/ttpforge and subsequently, the $USER's $PATH.

    If running in a stripped down system, you can add TTPForge to your $PATH with the following command:

    export PATH=$HOME/.local/bin:$PATH
  2. Initialize TTPForge configuration

    This command will place a configuration file at the default location ~/.ttpforge/config.yaml and configure the examples and forgearmory TTP repositories:

    ttpforge init
  3. List available TTP repositories (should show examples and forgearmory)

    ttpforge list repos

    The examples repository contains the TTPForge examples found in this repository. The ForgeArmory repository contains our arsenal of attacker TTPs powered by TTPForge.

  4. List available TTPs that you can run:

    ttpforge list ttps
  5. Examine an example TTP:

    ttpforge show ttp examples//args/basic.yaml
  6. Run the specified example:

    ttpforge run examples//args/basic.yaml \
      --arg str_to_print=hello \
      --arg run_second_step=true

About

The TTPForge is a Cybersecurity Framework for developing, automating, and executing attacker Tactics, Techniques, and Procedures (TTPs).

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks