Pyattck - A Python Module To Interact With The Mitre ATT&CK Framework

A Python Module to interact with the Mitre ATT&CK Framework.

pyattck has the following notable features in it's current release:
  • Retrieve all Tactics, Techniques, Actors, Malware, Tools, and Mitigations
  • All techniques have suggested mitigations as a property
  • For each class you can access additional information about related data points:
  • Actor
    • Tools used by the Actor or Group
    • Malware used by the Actor or Group
    • Techniques this Actor or Group uses
  • Malware
    • Actor or Group(s) using this malware
    • Techniques this malware is used with
  • Mitigation
    • Techniques related to a specific set of mitigation suggestions
  • Tactic
    • Techniques found in a specific Tactic (phase)
  • Technique
    • Tactics a technique is found in
    • Mitigation suggestions for a given technique
    • Actor or Group(s) identified as using this technique
  • Tools
    • Techniques that the specified tool is used within
    • Actor or Group(s) using a specified tool

OS X & Linux:
pip install pyattck
pip install pyattck

Usage example
To use pyattck you must instantiate a Attck object:
from pyattck import Attck

attack = Attck()
You can access the following properties on your Attck object:
  • actor
  • malware
  • mitigation
  • tactic
  • technique
  • tools
Below are examples of accessing each of these properties:
from pyattck import Attck

attack = Attck()

# accessing actors
for actor in attack.actors:

# accessing malware used by an actor or group
for malware in actor.malware:

# accessing tools used by an actor or group
for tool in actor.tools:

# accessing techniques used by an actor or group
for technique in actor.techniques:

# accessing malware
for malware in attack.malwares:

# accessing actor or groups using this malware
for actor in malware.actors:

# accessing techniques that this malware is used in
for technique in malware.techniques:

# accessing mitigation
for mitigation in attack.mitigations:

# accessing techni ques related to mitigation recommendations
for technique in mitigation.techniques:

# accessing tactics
for tactic in attack.tactics:

# accessing techniques related to this tactic
for technique in tactic.techniques:

# accessing techniques
for technique in attack.techniques:

# accessing tactics that this technique belongs to
for tactic in technique.tactics:

# accessing mitigation recommendations for this technique
for mitigation in technique.mitigation:

# accessing actors using this technique
for actor in technique.actors:

# accessing tools
for tool in attack.tools:

# accessing techniques this tool is used in
for technique in tool.techniques:

# accessing actor or groups using this tool
for actor in tool.actors:

Release History
  • 1.0.0
    • Initial release of pyattck to PyPi
  • 1.0.1
    • Updating Documentation with new reference links

Josh Rickard – @MSAdministrator[email protected]
Distributed under the MIT license. See LICENSE for more information.

  1. Fork it (https://github.com/swimlane/pyattck/fork)
  2. Create your feature branch (git checkout -b feature/fooBar)
  3. Commit your changes (git commit -am 'Add some fooBar')
  4. Push to the branch (git push origin feature/fooBar)
  5. Create a new Pull Request

Disqus Comments