The ATT&CK Planner is a web-based tool built using Streamlit, which utilizes the MITRE ATT&CK framework and Ollama API to generate adversary emulation plans based on a selected threat actor and desired impact.
The application fetches known attack techniques for specific threat actors and uses the Ollama AI model to generate detailed emulation strategies and mitigation recommendations.
- Threat Actor Lookup: Retrieve known MITRE ATT&CK techniques used by a specified adversary.
- Impact Selection: Choose a desired impact (e.g., Data Exfiltration, Credential Theft, System Disruption).
- AI-Powered Plan Generation: Leverage Ollama's Red Team Operator model to generate emulation plans.
- User-Friendly Interface: Built with Streamlit for quick and easy interaction.
- Customizable API Parameters: Modify model-specific settings to fine-tune responses.
Pull & Run the docker image
docker pull cmndcntrl/threat-emulation-planner:1.0
docker run -d --gpus=all --add-host=host.docker.internal:host-gateway -p 8501:8501 --name threat-planner cmndcntrl/threat-emulation-planner:1.0
├── backend/
│ ├── __init__.py
│ ├── threat_lookup.py # Fetch threat actor techniques from ATT&CK framework
│ ├── ollama_integration.py # Interact with Ollama API to generate plans
│
├── data/
│ ├── sample_stix_data.json # Sample MITRE ATT&CK STIX data (for testing)
│
├── test.py # Simple test script to verify API functionality
├── app.py # Streamlit application entry point
├── docker-compose.yml # Docker configuration for deployment
├── requirements.txt # Python dependencies
├── README.md # Project documentation (this file)
Ensure the following software is installed before running the project:
- Python 3.8+
- Docker
- Ollama
- Recommended: Virtual environment management (
venvorconda)
git clone https://github.com/yourusername/threat-emulation-planner.git
cd threat-emulation-plannerpython -m venv venv
source venv/bin/activate # For macOS/Linux
venv\Scripts\activate # For Windowspip install -r requirements.txtstreamlit run app.pyOnce running, open your browser and navigate to http://localhost:8501.
To run the project using Docker, ensure Docker is installed and run:
docker-compose up -dThis will start the application and Ollama API container.
Ensure the Ollama container is running with port 11434 exposed:
docker run -d -p 11434:11434 ollama/ollamaModify the Ollama API URL inside backend/ollama_integration.py if needed:
OLLAMA_API_URL = "http://localhost:11434/api/generate"Set up credentials inside .env (optional):
OLLAMA_API_URL=http://localhost:11434
USERNAME=cmndcntrl
API_KEY=your_api_key_here
- Open the web interface (
http://localhost:8501). - Enter a threat actor name, such as
APT29. - Choose the desired impact (e.g., "Data Exfiltration").
- Click "Generate Plan" to receive a comprehensive emulation plan.
- Review and download the generated plan.
Use the test.py script to verify the Ollama API connection:
python test.pyExpected output (example):
Generated Emulation Plan:
- T1071 - Application Layer Protocol
- T1059 - Command and Scripting Interpreter
Mitigation strategies...
-
404 API Error:
- Ensure the Ollama container is running and port
11434is correctly exposed. - Run
docker psto verify container status.
- Ensure the Ollama container is running and port
-
Slow Response Time:
- Adjust API parameters such as
num_threadandnum_gpuinbackend/ollama_integration.py.
- Adjust API parameters such as
-
Python Dependency Issues:
- Delete
venvand reinstall dependencies usingpip install -r requirements.txt.
- Delete
- Download as MD or HTML
- Expand TTPs
- Post Emulation Plan to ATT&CK Workbench object
- Generate payloads and commands per phase
Contributions are welcome! Please follow these steps:
- Fork the repository.
- Create a new branch:
git checkout -b feature-new-feature. - Commit changes:
git commit -m "Added new feature". - Push to branch:
git push origin feature-new-feature. - Submit a pull request.
This project is licensed under the MIT License.
For support or inquiries, reach out to:
- Email: [email protected]
- GitHub: cmndcntrlcyber/threat-emulation-planner