Skip to content

whitfieldsdad/go-atomic

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits

.github/workflows

.github/workflows

 
 

cmd

cmd

 
 

data

data

 
 

examples

examples

 
 

pkg/atomic

pkg/atomic

 
 

scripts

scripts

 
 

.gitignore

.gitignore

 
 

Makefile

Makefile

 
 

QUERIES.md

QUERIES.md

 
 

README.md

README.md

 
 

TODO.md

TODO.md

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

main.go

main.go

 
 

Repository files navigation

go-atomic

A Go library for executing tests from the Atomic Red Team framework.

⚠️ This project is under active development ⚠️

Features

  • Import tests from the Atomic Red Team framework1

1. Tests can be imported from a directory, from one or more YAML files, or from a tarball.

Caveats

  • Tests referencing the atomic-red-team/atomics folder are not supported.

Usage

Caveats

  • Since the release artifacts are not signed, you may need to explicitly allow the binary to run on your system (macOS).

Command line interface

Throughout this guide, the following commands are equivalent:

go run main.go
./bin/go-atomic-red-team-darwin-amd64
./bin/go-atomic-red-team-darwin-arm64
./bin/go-atomic-red-team-linux-386
./bin/go-atomic-red-team-linux-amd64
./bin/go-atomic-red-team-linux-arm64
./bin/go-atomic-red-team-windows-amd64
./bin/go-atomic-red-team-windows-arm64

Importing tasks from the Atomic Red Team framework

Tests from the Atomic Red Team framework must be converted into task templates before they can be executed.

To import tests from a directory:

go run main.go task-templates -w data/content/ generate ~/src/atomic-red-team

To import tests from a YAML file in the format used by the Atomic Red Team framework:

go run main.go task-templates -w data/content/ generate ~/src/atomic-red-team/atomics/T1087.001/T1087.001.yaml

To import tests from a tarball file:

wget -O- -q "https://api.github.com/repos/redcanaryco/atomic-red-team/tarball" > atomic-red-team.tar.gz
go run main.go task-templates -w data/content/ generate atomic-red-team.tar.gz

Listing and counting task templates

You can list task templates as follows:

go run main.go task-templates -w data/content/ list

To list task templates matching a particular set of search criteria:

go run main.go task-templates -w data/content/ list --auto
go run main.go task-templates -w data/content/ list --elevation-required=true
go run main.go task-templates -w data/content/ list --elevation-required=false
go run main.go task-templates -w data/content/ list --tag T1057
go run main.go task-templates -w data/content/ list --attack-technique-id T1057
go run main.go task-templates -w data/content/ list --attack-tactic-id TA0007
go run main.go task-templates -w data/content/ list --platform windows
go run main.go task-templates -w data/content/ list --platform linux
go run main.go task-templates -w data/content/ list --platform darwin

To count task templates matching a particular set of search criteria:

go run main.go task-templates -w data/content/ count
go run main.go task-templates -w data/content/ count --auto
go run main.go task-templates -w data/content/ count --tag T1003
1109

About

Run tests from the Atomic Red Team framework through Go

Topics

mitre-attack adversary-emulation atomic-red-team breach-and-attack-simulation

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

v1.1.0 Latest
Feb 13, 2024
+ 1 release

Packages

No packages published

Languages