What is the atomic red team python package?
Show
atomic-operatorThis python package is used to execute Atomic Red Team tests (Atomics) across multiple operating system environments.
Why?
Additionally,
Features
Getting Started
If you are wanting a PowerShell version, please checkout Invoke-AtomicRedTeam. pip install atomic-operator The next steps will guide you through setting up and running
InstallationYou can install atomic-operator on OS X, Linux, or Windows. You can also install it directly from the source. To install, see the commands under the relevant operating system heading, below. PrerequisitesThe following libraries are required and installed by atomic-operator:
macOS, Linux and Windows:pip install atomic-operator macOS using M1 processorgit clone https://github.com/swimlane/atomic-operator.git cd atomic-operator # Satisfy ModuleNotFoundError: No module named 'setuptools_rust' brew install rust pip3 install --upgrade pip pip3 install setuptools_rust # Back to our regularly scheduled programming . . . pip install -r requirements.txt python setup.py install Installing from sourcegit clone https://github.com/swimlane/atomic-operator.git
cd atomic-operator
pip install -r requirements.txt
python setup.py install Usage example (command line)You can run atomic-operator --help atomic-operator run -- --help
Retrieving Atomic TestsIn order to use atomic-operator get_atomics # You can specify the destination directory by using the --destination flag atomic-operator get_atomics --destination "/tmp/some_directory" Running Tests LocallyIn order to run a test you must provide some additional properties (and options if desired). The main method to run tests is named # This will run ALL tests compatiable with your local operating system atomic-operator run --atomics-path "/tmp/some_directory/redcanaryco-atomic-red-team-3700624" You can select individual tests when you provide one or more specific techniques. For example running the following on the command line: atomic-operator run --techniques T1564.001 --select_tests Will prompt the user with a selection list of tests associated with that technique. A user can select one or more tests by using the space bar to highlight the desired test:
Running Tests RemotelyIn order to run a test remotely you must provide some additional properties (and options if desired). The main method to run tests is
named # This will run ALL tests compatiable with your local operating system atomic-operator run --atomics-path "/tmp/some_directory/redcanaryco-atomic-red-team-3700624" --hosts "10.32.1.0" --username "my_username" --password "my_password"
Additional parametersYou can see additional parameters by running the following command: atomic-operator run -- --help
You should see a similar output to the following:
Running atomic-operator using a config_fileIn addition to the ability to pass in parameters with atomic_tests: - guid: f7e6ec05-c19e-4a80-a7e7-241027992fdb input_arguments: output_file: value: custom_output.txt input_file: value: custom_input.txt - guid: 3ff64f0b-3af2-3866-339d-38d9791407c3 input_arguments: second_arg: value: SWAPPPED argument - guid: 32f90516-4bc9-43bd-b18d-2cbe0b7ca9b2 Usage example (scripts)To use atomic-operator you must instantiate an AtomicOperator object. from atomic_operator import AtomicOperator operator = AtomicOperator() # This will download a local copy of the atomic-red-team repository print(operator.get_atomics('/tmp/some_directory')) # this will run tests on your local system operator.run( technique: str='All', atomics_path=os.getcwd(), check_dependencies=False, get_prereqs=False, cleanup=False, command_timeout=20, debug=False, prompt_for_input_args=False, **kwargs ) Getting HelpPlease create an issue if you have questions or run into any issues. Built With
ContributingPlease read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us. VersioningWe use SemVer for versioning. Authors
See also the list of contributors who participated in this project. LicenseThis project is licensed under the MIT License - see the LICENSE file for details Shoutout
|