#Mitre-attack

Showing 60 of 74 repositories tagged #mitre-attack, ranked by stars

mukul975
mukul975
Anthropic-Cybersecurity-Skills

817 structured cybersecurity skills for AI agents · Mapped to 6 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND, NIST AI RMF & MITRE F3 (Fight Fraud) · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platforms · 29 security domains · Apache 2.0

Score
100
★ 24.9k ⑂ 2.9k +494/day
Python
kubescape
kubescape
kubescape

Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.

Score
100
★ 11.5k ⑂ 953 +4/day
Go
A-poc
A-poc
RedTeam-Tools

Tools and Techniques for Red Team / Penetration Testing

Score
100
★ 9.4k ⑂ 1.3k +173/day
apache
apache
caldera

Automated Adversary Emulation Platform

Score
0
★ 7.1k ⑂ 1.4k +12/day
Python
mikeroyal
mikeroyal
Digital-Forensics-Guide

Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

Score
75
★ 2.9k ⑂ 353 +9/day
Python
mitre-attack
mitre-attack
attack-navigator

Web app that provides basic navigation and annotation of ATT&CK matrices

Score
98
★ 2.4k ⑂ 700 +3/day
TypeScript
DataDog
DataDog
stratus-red-team

:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud

Score
95
★ 2.4k ⑂ 307 +1/day
Go
Shuffle
Shuffle
Shuffle

Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.

Score
97
★ 2.3k ⑂ 415 +6/day
JavaScript
center-for-threat-informed-defense
center-for-threat-informed-defense
adversary_emulation_library

An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

Score
73
★ 2.1k ⑂ 367 +3/day
C
walidshaari
walidshaari
Certified-Kubernetes-Security-Specialist

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.

Score
90
★ 2.1k ⑂ 558
AGS Script
0xSteph
0xSteph
pentest-ai-agents

Turn Claude Code into your offensive security research assistant. Specialized AI subagents for authorized penetration testing plan engagements, analyze recon, research exploits, build detections, audit STIGs, and write reports.

Score
94
★ 2.0k ⑂ 388 +30/day
Shell
cyb3rxp
cyb3rxp
awesome-soc

A curated knowledge base to build, run and mature a SOC (including CSIRT).

Score
92
★ 1.8k ⑂ 277 +4/day
austinsonger
austinsonger
Incident-Playbook

GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

Score
70
★ 1.6k ⑂ 290 +2/day
beenuar
beenuar
AiSOC

Open-source AI-powered Security Operations Center — alert fusion, purple-team drills, agent-assisted triage, MITRE ATT&CK investigation. MIT-licensed, self-hostable.

Score
87
★ 1.5k ⑂ 149 +1/day
Python
ION28
ION28
BLUESPAWN

An Active Defense and EDR software to empower Blue Teams

Score
83
★ 1.3k ⑂ 178
C++
CyberStrikeus
CyberStrikeus
CyberStrike

AI-powered offensive security agent with 7,300+ actionable security skills. Autonomous pentesting powered by MITRE ATT&CK (2,000+ Atomic tests), CIS Benchmarks (1,500+ controls), OWASP, NIST. Lazy-loading, zero context pollution. Your AI red team.

Score
86
★ 1.2k ⑂ 192 +75/day
TypeScript
edoardogerosa
edoardogerosa
sentinel-attack

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Score
68
★ 1.1k ⑂ 200
mukul975
mukul975
cve-mcp-server

Production-grade MCP server giving Claude 27 security intelligence tools across 21 APIs — CVE lookup, EPSS scoring, CISA KEV, MITRE ATT&CK, Shodan, VirusTotal, and more.

Score
84
★ 1.1k ⑂ 174 +7/day
Python
DataDog
DataDog
KubeHound

Tool for building Kubernetes attack paths

Score
0
★ 979 ⑂ 65
Go
center-for-threat-informed-defense
center-for-threat-informed-defense
attack-flow

Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.

Score
81
★ 751 ⑂ 124 +1/day
TypeScript
mitre-attack
mitre-attack
mitreattack-python

A python module for working with ATT&CK

Score
79
★ 720 ⑂ 169
HTML
mitre-attack
mitre-attack
attack-scripts

Scripts and a (future) library to improve users' interactions with the ATT&CK content

Score
65
★ 595 ⑂ 149
Python
mitre-attack
mitre-attack
attack-website

MITRE ATT&CK Website

Score
78
★ 582 ⑂ 170
HTML
center-for-threat-informed-defense
center-for-threat-informed-defense
tram

TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE ATT&CK®.

Score
62
★ 571 ⑂ 114 +3/day
Jupyter Notebook
turbot
turbot
tailpipe

select * from logs; Tailpipe is an open source SIEM for instant log insights, powered by DuckDB. Analyze millions of events in seconds, right from your terminal.

Score
100
★ 567 ⑂ 14
Go
OpenCTI-Platform
OpenCTI-Platform
connectors

OpenCTI Connectors

Score
89
★ 562 ⑂ 610 +3/day
Python
center-for-threat-informed-defense
center-for-threat-informed-defense
attack-control-framework-mappings

🚨ATTENTION🚨 The NIST 800-53 mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.

Score
56
★ 499 ⑂ 90 +1/day
Python
center-for-threat-informed-defense
center-for-threat-informed-defense
security-stack-mappings

🚨ATTENTION🚨 The Security Stack Mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.

Score
54
★ 387 ⑂ 61
Python
redcanaryco
redcanaryco
chain-reactor

Chain Reactor is an open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints.

Score
51
★ 343 ⑂ 38 +2/day
C
Galeax
Galeax
CVE2CAPEC

Generate MITRE ATT&CK and D3FEND from a list of CVEs. Database with CVE, CWE, CAPEC, MITRE ATT&CK D3FEND and ATLAS Techniques data is updated daily. Showcased at BlackHat Europe 2025 Arsenal.

Score
76
★ 306 ⑂ 50
Python
center-for-threat-informed-defense
center-for-threat-informed-defense
cti-blueprints

CTI Blueprints is a free suite of templates and tools that helps Cyber Threat Intelligence analysts create high-quality, actionable reports more consistently and efficiently.

Score
49
★ 291 ⑂ 47
TypeScript
mitre
mitre
caldera-ot

MITRE Caldera™ for OT Plugins & Capabilities

Score
67
★ 256 ⑂ 34 +1/day
center-for-threat-informed-defense
center-for-threat-informed-defense
attack_to_cve

🚨ATTENTION🚨 The CVE mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.

Score
44
★ 245 ⑂ 53
PatrickGallucci
PatrickGallucci
threat-model-templates

Templates for the Microsoft Threat Modeling Tool

Score
71
★ 180 ⑂ 47
PowerShell
InnerWarden
InnerWarden
innerwarden

Local safety layer for AI agents that use the terminal. Screens risky commands and MCP/tool calls, watches Linux activity with eBPF, blocks dangerous behavior, and keeps audit trails local. Open source, self-hosted, dry-run by default.

Score
0
★ 163 ⑂ 32 +2/day
Rust
center-for-threat-informed-defense
center-for-threat-informed-defense
insider-threat-ttp-kb

The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders in the IT environment. It will establish an Insider Threat TTP Knowledge Base, built upon data collected on insider threat incidents and lessons learned and experience from the ATT&CK knowledge base.

Score
33
★ 155 ⑂ 19
Python
ControlCompass
ControlCompass
ControlCompass.github.io

Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques

Score
35
★ 143 ⑂ 27
JavaScript
center-for-threat-informed-defense
center-for-threat-informed-defense
top-attack-techniques

Top ATT&CK Techniques helps defenders approach the breadth and complexity of MITRE ATT&CK® with a prioritized top 10 list of techniques to focus on first.

Score
30
★ 127 ⑂ 25
Vue
attackevals
attackevals
ael

ATT&CK Evaluations Library

Score
60
★ 105 ⑂ 21 +1/day
C
center-for-threat-informed-defense
center-for-threat-informed-defense
technique-inference-engine

TIE is a machine learning model for inferring associated MITRE ATT&CK techniques from previously observed techniques.

Score
63
★ 72 ⑂ 15 +1/day
Jupyter Notebook
center-for-threat-informed-defense
center-for-threat-informed-defense
attack_to_veris

🚨ATTENTION🚨 The VERIS mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.

Score
14
★ 72 ⑂ 5
Python
mitre
mitre
engage

MITRE Engage™ is a framework for conducting Denial, Deception, and Adversary Engagements.

Score
17
★ 68 ⑂ 11
mitre-attack
mitre-attack
attack-evals

ATT&CK Evaluations website (DEPRECATED)

Score
21
★ 61 ⑂ 22
HTML
center-for-threat-informed-defense
center-for-threat-informed-defense
summiting-the-pyramid

Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research includes a scoring model, methodology, and worked examples.

Score
52
★ 61 ⑂ 7
Makefile
dessertlab
dessertlab
cti-to-mitre-with-nlp

Replication package for the paper "Automatic Mapping of Unstructured Cyber Threat Intelligence: An Experimental Study" published at the IEEE International Symposium on Software Reliability Engineering (ISSRE) 2022

Score
13
★ 60 ⑂ 11
Jupyter Notebook
bogdanticu88
bogdanticu88
threatmap

IaC threat modeler with STRIDE, MITRE ATT&CK, and PASTA frameworks. REST API, GraphQL, and Docker support for Terraform, CloudFormation, and Kubernetes.

Score
50
★ 60 ⑂ 9
Python
Kart1keya
Kart1keya
Hachi

This tool maps a file's behavior on MITRE ATT&CK matrix.

Score
16
★ 60 ⑂ 13
YARA
mukul975
mukul975
Threatswarm

27 scope-enforced AI agents that run the full pentest kill-chain (recon → exploit → post-ex → DFIR → report) as a one-command Claude Code plugin. Backed by 754 MITRE-mapped skills.

Score
59
★ 59 ⑂ 15
Python
infosecn1nja
infosecn1nja
TTPMapper

TTPMapper is an AI-driven threat intelligence parser that converts unstructured reports whether from web URLs or PDF files into structured intelligence. Using the DeepSeek LLM, it extracts MITRE ATT&CK techniques, IOCs, threat actors, and generates contextual summaries.

Score
11
★ 56 ⑂ 12
Python
center-for-threat-informed-defense
center-for-threat-informed-defense
cloud-analytics

Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as well as a blueprint for how others can create and use cloud analytics effectively.

Score
10
★ 54 ⑂ 10
HCL
center-for-threat-informed-defense
center-for-threat-informed-defense
sensor-mappings-to-attack

Sensor Mappings to ATT&CK is a collection of resources to assist cyber defenders with understanding which sensors and events can help detect real-world adversary behaviors in their environments.

Score
8
★ 54 ⑂ 4
Python
ThreatRecall
ThreatRecall
zettelforge

Agentic memory for CTI in Python — STIX knowledge graphs, threat-actor alias resolution, offline-first RAG, MCP server for Claude Code and LangChain agents

Score
57
★ 53 ⑂ 8 +2/day
Python
sysflow-telemetry
sysflow-telemetry
sysflow

SysFlow documentation and issues tracker

Score
0
★ 47 ⑂ 10
Batchfile
cyb3rint3l-labs
cyb3rint3l-labs
ServerSecurityAudit

PowerShell-based Windows Server Security Audit Engine by Cyb3rint3l Labs. Measures alignment with the NIS2 directive and maps findings to MITRE ATT&CK tactics & CIS Controls v8 practices. Generates interactive HTML dashboards & structured JSON datasets.

Score
46
★ 46 ⑂ 8
PowerShell
center-for-threat-informed-defense
center-for-threat-informed-defense
sightings_ecosystem

Sightings Ecosystem gives cyber defenders visibility into what adversaries actually do in the wild. With your help, we are tracking MITRE ATT&CK® techniques observed to give defenders real data on technique prevalence.

Score
6
★ 38 ⑂ 7
Python
yukh1402
yukh1402
cti-stix-diamond-activity-attack-graph

STIX 2.1 Visualizer, Attack and Activity Thread Graph for Threat Modeling

Score
5
★ 33 ⑂ 9
JavaScript
mangod12
mangod12
OneAlert

AI-powered SOC for OT/ICS networks — 6 autonomous agents, MITRE ATT&CK mapping, Suricata/Zeek ingestion, human-in-the-loop response, 330+ tests. Open-source alternative to Claroty/Dragos for SMBs.

Score
43
★ 30 ⑂ 3
Python
Darksp33d
Darksp33d
hyperhives-macos-infostealer-analysis

Full static analysis of HyperHives macOS Rust infostealer — 571 decrypted config values, C2 infrastructure, DPRK/Contagious Interview attribution, YARA/Sigma rules, STIX 2.1 bundle, ATT&CK Navigator layer

Score
40
★ 30 ⑂ 4
Python
CyCat-project
CyCat-project
cycat-service

CyCAT.org API back-end server including crawlers

Score
3
★ 29 ⑂ 3
Python
CooperCyberCoffee
CooperCyberCoffee
opencti_mcp_server

Natural language interface to OpenCTI threat intelligence. Built with Claude Code for $22. Part of Cooper Cyber Coffee.

Score
29
★ 29 ⑂ 4
Python
Related Topics
#cybersecurity#security#cyber-threat-intelligence#ctid#threat-intelligence#red-team#cti#threat-informed-defense#incident-response#threat-hunting#security-tools#mitre-corporation

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly