{"id":19399725,"url":"https://github.com/fbsamples/caldera-security-tests","last_synced_at":"2025-12-15T20:03:22.336Z","repository":{"id":61448540,"uuid":"537590272","full_name":"fbsamples/caldera-security-tests","owner":"fbsamples","description":"This project was created to provide examples of a TTP Runner and Security Regression Pipeline using vulnerabilities discovered in MITRE CALDERA by Jayson Grace from Meta's Purple Team.","archived":false,"fork":false,"pushed_at":"2024-04-19T16:15:43.000Z","size":206,"stargazers_count":5,"open_issues_count":0,"forks_count":4,"subscribers_count":6,"default_branch":"main","last_synced_at":"2024-06-21T19:54:04.303Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fbsamples.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-09-16T19:16:01.000Z","updated_at":"2024-01-15T08:31:03.000Z","dependencies_parsed_at":"2023-11-15T00:27:20.915Z","dependency_job_id":"83922371-3f38-4ec4-ae64-2691faa1dfaa","html_url":"https://github.com/fbsamples/caldera-security-tests","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fbsamples%2Fcaldera-security-tests","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fbsamples%2Fcaldera-security-tests/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fbsamples%2Fcaldera-security-tests/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fbsamples%2Fcaldera-security-tests/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fbsamples","download_url":"https://codeload.github.com/fbsamples/caldera-security-tests/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223942581,"owners_count":17229112,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-10T11:10:59.681Z","updated_at":"2025-12-15T20:03:21.905Z","avatar_url":"https://github.com/fbsamples.png","language":"Go","readme":"# CALDERA Security Regression Pipeline\n\n[![License](https://img.shields.io/github/license/l50/goutils?label=License\u0026style=flat\u0026color=blue\u0026logo=github)](https://github.com/fbsamples/caldera-security-tests/blob/main/LICENSE)\n[![🚨 Semgrep Analysis](https://github.com/fbsamples/caldera-security-tests/actions/workflows/semgrep.yaml/badge.svg)](https://github.com/fbsamples/caldera-security-tests/actions/workflows/semgrep.yaml)\n[![goreleaser](https://github.com/fbsamples/caldera-security-tests/actions/workflows/goreleaser.yaml/badge.svg)](https://github.com/fbsamples/caldera-security-tests/actions/workflows/goreleaser.yaml)\n[![Baseline Tests](https://github.com/fbsamples/caldera-security-tests/actions/workflows/baseline.yaml/badge.svg)](https://github.com/fbsamples/caldera-security-tests/actions/workflows/baseline.yaml)\n[![Security Regression Pipeline](https://github.com/fbsamples/caldera-security-tests/actions/workflows/srp.yaml/badge.svg)](https://github.com/fbsamples/caldera-security-tests/actions/workflows/srp.yaml)\n\nThis project was created to provide an example of a TTP Runner\nand accompanying Security Regression Pipeline (SRP) for vulnerabilities\nthat were discovered in [MITRE CALDERA](https://github.com/mitre/caldera)\nby [Jayson Grace](https://techvomit.net) from Meta's Purple Team.\n\nThe attacks that are automated using the TTP Runner are\nrun regularly against a fresh test environment with the latest\nMITRE CALDERA on a weekly basis using\n[Github Actions](https://github.com/features/actions). Because patches\nhave been created for all of the discovered\nvulnerabilities, these attacks are expected to fail.\n\nIf any of the attacks land successfully during one of these runs,\nan issue is automatically created noting the regression.\n\nIdeally this should be run as part of a CALDERA IaC deployment\npipeline to gate commits. However, it can also be used as a\nstandalone tool for Purple Team engagements, pentests, etc.\nthat include CALDERA in the scope.\n\n---\n\n## Table of Contents\n\n- [Getting Started](#getting-started)\n  - [Test Environment Preparation](#test-environment-preparation)\n- [Execution](#execution)\n  - [Execute TTP Runner in SRP](#execute-ttp-runner-in-srp)\n  - [Execute TTP Runner Locally](#execute-ttp-runner-locally)\n\n---\n\n## Getting Started\n\n### Test Environment Preparation\n\n- Run this command if on an ARM-based macOS system:\n\n  ```bash\n  export ARCH=\"$(uname -a | awk '{ print $NF }')\"\n  if [[ $ARCH == \"arm64\" ]]; then\n      export DOCKER_DEFAULT_PLATFORM=linux/amd64\n  fi\n  ```\n\n- Download the latest caldera-security-tests release from github or run this:\n\n  ```bash\n  export ARCH=\"$(uname -a | awk '{ print $NF }')\"\n  export OS=\"$(uname | python3 -c 'print(open(0).read().lower().strip())')\"\n  gh release download -p \"*${OS}_${ARCH}.tar.gz\"\n  tar -xvf *tar.gz\n  ```\n\n- Clone the caldera repo:\n\n  ```bash\n  # From the caldera-security-tests repo root\n  pushd ../ \u0026\u0026 git clone https://github.com/mitre/caldera.git \u0026\u0026 popd\n  ```\n\n---\n\n## Execution\n\n### Execute TTP Runner in SRP\n\nYou can incorporate the CALDERA SRP into your CALDERA fork\nby creating `.github/workflows/srp.yaml` and populating it with the following contents:\n\n```yaml\nname: CALDERA Security Regression Pipeline\non:\n  pull_request:\n  push:\n    branches: [master]\n\n  # Run once a week (see https://crontab.guru)\n  schedule:\n    - cron: \"0 0 * * 0\"\n\n  # Allows you to run this workflow manually from the Actions tab\n  workflow_dispatch:\n\njobs:\n  tests:\n    uses: fbsamples/caldera-security-tests/.github/workflows/srp.yaml@main\n```\n\nThe outcomes of these workflow runs can\nbe used to gate updates for your CALDERA deployments if a security regression is\ndetected in the latest CALDERA release.\n\n### Execute TTP Runner Locally\n\nCreate vulnerable test environment, run the [first XSS](https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-5m86-x5ph-jc47),\nand tear the test environment down:\n\n```bash\n./caldera-security-tests testEnv -v\n./caldera-security-tests storedXSSUno\n./caldera-security-tests testEnv -d\n```\n\nCreate vulnerable test environment, run the [second XSS](https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-2gjc-v4hv-m4p9),\nand tear the test environment down:\n\n```bash\n./caldera-security-tests testEnv -v\n./caldera-security-tests storedXSSDos\n./caldera-security-tests testEnv -d\n```\n\nCreate vulnerable test environment, run the [third XSS](https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-7344-4pg9-qf45),\nand tear the test environment down:\n\n```bash\n./caldera-security-tests testEnv -v\n./caldera-security-tests storedXSSTres\n./caldera-security-tests testEnv -d\n```\n\nCreate test environment using the most recent commit\nto the default CALDERA branch, try running all attacks,\nand tear the test environment down:\n\n```bash\n./caldera-security-tests testEnv -r\n./caldera-security-tests storedXSSUno\n./caldera-security-tests storedXSSDos\n./caldera-security-tests storedXSSTres\n./caldera-security-tests testEnv -d\n```\n\nParameters for the tests can be modified\nin the generated `config/config.yaml` file.\nThis file is created as soon as the `testEnv`\ncommand in the above example is run.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffbsamples%2Fcaldera-security-tests","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffbsamples%2Fcaldera-security-tests","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffbsamples%2Fcaldera-security-tests/lists"}