Skip to content
/ webpage2attack Public

Generate portable TTP intelligence from a web-based report

License

MIT license
30 stars 13 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tropChaud/webpage2attack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
app
app
 
 
docs
docs
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

webpage2attack.py

About

Python3 script to generate portable TTP intelligence from a web-based report

Tallies explicit mentions of MITRE ATT&CK (sub)techniques (e.g. T1027 or T1027.001) on a single html webpage, and outputs a .json file compatible for use with the ATT&CK Navigator visualization tool.

Note: The script currently only covers ATT&CK Enterprise techniques, but updates around Mobile and ICS techniques are being explored

Required Python Libraries

Anticipated Use Case

Quickly extract TTP identifiers from a given technical report, for threat intelligence analysis, visualization, and operationalization (e.g. paste the output json content in the Threat Intelligence dropdown here to identify potentially relevant controls aligned with each TTP).

Run

python3 mitre2attack.py -u [your url]

Walkthroughs

Running the script:

webpage2attack1

Processing another report and combining the Navigator layers:

webpage2attack2

Exporting the combined heatmap to quickly identify potentially relevant detections and tests aligned with each TTP:

webpage2attack3

MITRE ATT&CK® is a registered trademark of The MITRE Corporation

About

Generate portable TTP intelligence from a web-based report

Resources

Readme

License

MIT license
Activity

Stars

30 stars

Watchers

1 watching

Forks

13 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages