Sandcat | Mock | Terminal | SSL | Stockpile | Atomic | Compass | Access | Response |
---|---|---|---|---|---|---|---|---|
Full documentation, training and use-cases can be found here
CALDERA is a cyber security framework designed to easily run autonomous breach-and-simulation exercises. It can also be used to run manual red-team engagements or automated incident response.
It is built on the MITRE ATT&CK™ framework and is an active research project at MITRE.
The framework consists of two components:
- The core system. This is the framework code, consisting of what is available in this repository. Included is an asynchronous command-and-control (C2) server with a REST API and a web interface.
- Plugins. These are separate repositories that hang off of the core framework, providing additional functionality. Examples include agents, GUI interfaces, collections of TTPs and more.
These requirements are for the computer running the core framework:
- Any Linux or MacOS
- Python 3.6.1+
- Google Chrome or Safari are our only supported browsers
- Recommended hardware to run on is 8GB+ RAM and 2+ CPUs
Start by cloning this repository recursively, passing the desired version/release in x.x.x format. This will pull in all available plugins.
git clone https://github.com/mitre/caldera.git --recursive --branch x.x.x
Next install the PIP requirements
pip install -r requirements.txt
Instead of running the step above, you could run the auto-installer.sh script to automatically configure CALDERA in our recommended way.
Finally, start the server.
python server.py
You can now navigate to 127.0.0.1:8888 in a browser and log in with either red team (red:admin) or blue team (blue:admin) credentials.
There is also a Docker image for CALDERA.
Watch the following video for a brief run through of how to run your first operation.
Want to contribute to this project? We use the basic feature branch GIT flow. Fork this repository and create a feature branch off of master and when ready, submit a merge request. Make branch names and commits descriptive. A merge request should solve one problem, not many.
In addition to CALDERA's open source capabilities, MITRE maintains several in-house CALDERA plugins that offer more advanced functionality. For more information, or to discuss licensing opportunities, please reach out to caldera@mitre.org or directly to MITRE's Technology Transfer Office.
BRAWL Game - Data set created by the BRAWL project representing one CALDERA operation with data collected by Microsoft Sysmon and other sensors.
CASCADE - Prototype blue team analysis tool to automate investigative work.