https://github.com/cmndcntrlcyber/attck-planner

The ATT&CK Planner is a web-based tool built using Streamlit, which utilizes the MITRE ATT&CK framework and Ollama API to generate adversary emulation plans based on a selected threat actor and desired impact.

The application fetches known attack techniques for specific threat actors and uses the Ollama AI model to generate detailed emulation strategies and mitigation recommendations.

Features

• Threat Actor Lookup: Retrieve known MITRE ATT&CK techniques used by a specified adversary.
• Impact Selection: Choose a desired impact (e.g., Data Exfiltration, Credential Theft, System Disruption).
• AI-Powered Plan Generation: Leverage Ollama's Red Team Operator model to generate emulation plans.
• User-Friendly Interface: Built with Streamlit for quick and easy interaction.
• Customizable API Parameters: Modify model-specific settings to fine-tune responses.

Pull & Run the docker image

docker pull cmndcntrl/threat-emulation-planner:1.0 docker run -d --gpus=all -p 8501:8501 --name threat-planner cmndcntrl/threat-emulation-planner

Future Enhancements

• Download as MD or HTML
  • APT 29 Emulation Plan

Generate payloads and commands per phase

Expand TTPs

Post Emulation Plan to ATT&CK Workbench object

Agent-Tool: Planner