init: goattack

LICENSE.md

@@ -0,0 +1,26 @@
+The Go module is available under the MIT License. 
+See the [MIT-LICENSE.txt](MIT-LICENSE.txt) file for more information. 
+
+The `gen/enterprise-attack.json` file is copied from the [MITRE CTI GitHub repository](https://github.com/mitre/cti)
+and is available under the following license and disclaimers:
+
+> **License**
+> 
+> The MITRE Corporation (MITRE) hereby grants you a non-exclusive, royalty-free license to use ATT&CK® for research,
+> development, and commercial purposes. Any copy you make for such purposes is authorized provided that you reproduce
+> MITRE's copyright designation and this license in any such copy.
+> 
+> "© 2024 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation."
+> 
+> **Disclaimers**
+> 
+> MITRE does not claim ATT&CK enumerates all possibilities for the types of actions and behaviors documented as part
+> of its adversary model and framework of techniques. Using the information contained within ATT&CK to address or
+> cover full categories of techniques will not guarantee full defensive coverage as there may be undisclosed techniques
+> or variations on existing techniques not documented by ATT&CK.
+> 
+> ALL DOCUMENTS AND THE INFORMATION CONTAINED THEREIN ARE PROVIDED ON AN "AS IS" BASIS AND THE CONTRIBUTOR, THE
+> ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS,
+> AGENTS, AND EMPLOYEES, DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE
+> USE OF THE INFORMATION THEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS
+> FOR A PARTICULAR PURPOSE.

MIT-LICENSE.txt

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Jonas Plum
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,5 @@
+.PHONY: generate
+generate:
+	@echo "Generating code..."
+	@go run ./gen/ > ./attack.go
+	@go fmt ./attack.go

README.md

@@ -0,0 +1,34 @@
+# Mitre ATT&CK in Go
+
+A Go module containing the Mitre ATT&CK framework tactics and techniques.
+
+## Usage
+
+```go
+package main
+
+import (
+	"fmt"
+
+	"github.com/SecurityBrewery/goattack"
+)
+
+func main() {
+	if tactic, ok := goattack.Objects["TA0004"]; ok {
+		fmt.Println(tactic.Name) // Privilege Escalation
+		fmt.Println(tactic.URL)  // https://attack.mitre.org/tactics/TA0004
+	}
+
+	if technique, ok := goattack.Objects["T1548.002"]; ok {
+		fmt.Println(technique.Name)     // Bypass User Account Control
+		fmt.Println(technique.FullName) // Abuse Elevation Control Mechanism: Bypass User Account Control
+		fmt.Println(technique.URL)      // https://attack.mitre.org/techniques/T1548/002
+	}
+}
+```
+
+## Generation
+
+To generate the code copy the JSON files from
+[github.com/mitre/cti/…/enterprise-attack.json](https://github.com/mitre/cti/blob/master/enterprise-attack/enterprise-attack.json)
+to the `gen` directory and run `make generate`.

example_test.go

@@ -0,0 +1,27 @@
+package goattack_test
+
+import (
+	"fmt"
+
+	"github.com/SecurityBrewery/goattack"
+)
+
+func Example() {
+	if tactic, ok := goattack.Objects["TA0004"]; ok {
+		fmt.Println(tactic.Name)
+		fmt.Println(tactic.URL)
+	}
+
+	if technique, ok := goattack.Objects["T1548.002"]; ok {
+		fmt.Println(technique.Name)
+		fmt.Println(technique.FullName)
+		fmt.Println(technique.URL)
+	}
+
+	// Output:
+	// Privilege Escalation
+	// https://attack.mitre.org/tactics/TA0004
+	// Bypass User Account Control
+	// Abuse Elevation Control Mechanism: Bypass User Account Control
+	// https://attack.mitre.org/techniques/T1548/002
+}

gen/foot.gotempl

@@ -0,0 +1,2 @@
+
+}

gen/head.gotempl

@@ -0,0 +1,12 @@
+package goattack
+
+type Object struct {
+	ID          string `json:"id"`
+	Type        string `json:"type"`
+	Name        string `json:"name"`
+	FullName    string `json:"full_name"`
+	Description string `json:"description"`
+	URL         string `json:"url"`
+}
+
+var Objects = map[string]*Object{

gen/main.go

@@ -0,0 +1,85 @@
+package main
+
+import (
+	_ "embed"
+	"encoding/json"
+	"fmt"
+	"log"
+	"slices"
+	"strings"
+)
+
+//go:embed foot.gotempl
+var foot string
+
+//go:embed head.gotempl
+var head string
+
+//go:embed enterprise-attack.json
+var enterpriseAttackJSON []byte
+
+type Object struct {
+	ID          string `json:"id"`
+	Type        string `json:"type"`
+	Name        string `json:"name"`
+	FullName    string `json:"full_name"`
+	Description string `json:"description"`
+	URL         string `json:"url"`
+}
+
+func main() {
+	var data enterpriseAttack
+
+	if err := json.Unmarshal(enterpriseAttackJSON, &data); err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Print(head)
+
+	var ids []string
+	objects := make(map[string]*Object)
+
+	for _, object := range data.Objects {
+		if !(object.Type == "attack-pattern" || object.Type == "x-mitre-tactic") {
+			continue
+		}
+
+		var externalId, url string
+
+		for _, externalReference := range object.ExternalReferences {
+			if externalReference.SourceName == "mitre-attack" {
+				externalId = externalReference.ExternalId
+				url = externalReference.URL
+
+				break
+			}
+		}
+
+		ids = append(ids, externalId)
+		objects[externalId] = &Object{
+			ID:          externalId,
+			Type:        object.Type,
+			Name:        object.Name,
+			Description: strings.TrimSpace(object.Description),
+			URL:         url,
+		}
+	}
+
+	slices.Sort(ids)
+
+	for _, id := range ids {
+		if object, ok := objects[id]; ok {
+			fullName := object.Name
+			parent, _, found := strings.Cut(object.ID, ".")
+			if found {
+				if parent, ok := objects[parent]; ok {
+					fullName = parent.Name + ": " + object.Name
+				}
+			}
+
+			fmt.Printf("\n\t%q: {ID: %q, Type: %q, Name: %q, FullName: %q, Description: %q, URL: %q},", object.ID, object.ID, object.Type, object.Name, fullName, object.Description, object.URL)
+		}
+	}
+
+	fmt.Print(foot)
+}

gen/parse.go

@@ -0,0 +1,22 @@
+package main
+
+import (
+	_ "embed"
+)
+
+type enterpriseAttack struct {
+	Objects []attackPattern `json:"objects"`
+}
+
+type attackPattern struct {
+	ID                 string `json:"id"`
+	Type               string `json:"type"`
+	Name               string `json:"name"`
+	Description        string `json:"description"`
+	ExternalReferences []struct {
+		SourceName  string `json:"source_name"`
+		ExternalId  string `json:"external_id,omitempty"`
+		URL         string `json:"url"`
+		Description string `json:"description,omitempty"`
+	} `json:"external_references"`
+}

go.mod

@@ -0,0 +1,3 @@
+module github.com/SecurityBrewery/goattack
+
+go 1.22.3