{"id":13540194,"url":"https://github.com/nshalabi/attack-tools","last_synced_at":"2025-05-16T13:02:10.892Z","repository":{"id":41066955,"uuid":"146099160","full_name":"nshalabi/ATTACK-Tools","owner":"nshalabi","description":"Utilities for MITRE™ ATT\u0026CK","archived":false,"fork":false,"pushed_at":"2024-05-23T03:23:18.000Z","size":452397,"stargazers_count":1028,"open_issues_count":2,"forks_count":215,"subscribers_count":72,"default_branch":"master","last_synced_at":"2025-05-16T13:01:34.642Z","etag":null,"topics":["adversary-emulation","mitre","mitre-attack","redteam","redteaming"],"latest_commit_sha":null,"homepage":null,"language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nshalabi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-08-25T13:50:18.000Z","updated_at":"2025-05-12T04:47:12.000Z","dependencies_parsed_at":"2022-09-11T22:23:46.761Z","dependency_job_id":"c1b00194-7219-448b-bd4b-6e00f13cd53d","html_url":"https://github.com/nshalabi/ATTACK-Tools","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nshalabi%2FATTACK-Tools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nshalabi%2FATTACK-Tools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nshalabi%2FATTACK-Tools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nshalabi%2FATTACK-Tools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nshalabi","download_url":"https://codeload.github.com/nshalabi/ATTACK-Tools/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254535792,"owners_count":22087397,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["adversary-emulation","mitre","mitre-attack","redteam","redteaming"],"created_at":"2024-08-01T09:01:42.467Z","updated_at":"2025-05-16T13:02:10.843Z","avatar_url":"https://github.com/nshalabi.png","language":"HTML","readme":"# ATT\u0026CK™-Tools\n\u003csup\u003e Looking for bsuiness partners, please visit www.cyber-distance.com for more information \u003c/sup\u003e\n### Utilities for MITRE™ ATT\u0026CK™\n\nThis repository contains the following:\n\n-   **ATT\u0026CK™ Data Model:** a relational data model for ATT\u0026CK™.\n-   **ATT\u0026CK™ View:** an adversary emulation planning tool.\n\n# Content\n\n-   Release Notes\n-   Overview\n-   The ATT\u0026CK™ Data Model\n-   Accessing ATT\u0026CK™ Data with SQL\n-   Additional Resources\n-   License\n\n# Release Notes\n\n-   **attack_view_db_structure** and **attack_view_db_data** SQL script used to build the SQLite database structure\n-   **enterprise-attack.xml** is an XML version of MITRE™ ATT\u0026CK™ JSON\n-   **ics-attack.xml** is an XML version of MITRE™ ICS ATT\u0026CK™ JSON\n-   **mobile-attack.xml** is an XML version of MITRE™ Mobile ATT\u0026CK™ JSON\n\n# Overview\n\nATT\u0026CK™ View is a planning tool that help defenders in designing an adversary\nemulation plans based on MITRE™ ATT\u0026CK™ framework in a structured approach. As a demonstration, ATT\u0026CK™ View comes bundled\nwith a full adversary emulation plan for **APT3** developed by MITRE™ (SOURCE :\nhttps://attack.mitre.org/wiki/Adversary_Emulation_Plans).\n\n\n![](https://github.com/nshalabi/ATTACK-Tools/blob/master/ci/attack_view.png)\n\n# The ATT\u0026CK™ Data Model\n\nThere are many use cases for ATT\u0026CK™ framework, many of which depend on existing tools being ATT\u0026CK™-enabled, to make this process easier, the database in this repository can help in getting up to speed with integrating existing tools with ATT\u0026CK™, build your own tooling or fuse ATT\u0026CK™ with other existing frameworks.\n\nThe database is based on SQLite for simplicity and portability, however, it is better to think of terms of a data model instead of the underlying technology used in implementation, this is very important, as it enables exploring other useful models and applications and then narrow down to technology.\n\nThe following is a conceptual model that can be implemented using any database technology (The *attack_view_db_structure.sql* is a good starting point).\n\n![](https://nosecurecode.files.wordpress.com/2022/02/61978-attackdatamodel.png)\n\n# Accessing ATT\u0026amp;CK™ Data with SQL\n\nTo have a better understanding about the database structure, following is  a list of sample SQL queries used to read ATT\u0026amp;CK™. To run the following SQL queries, you will need a SQLite management tool, there are many free and paid tools available supporting Windows, macOS and Linux (https://www.sqlite.org/cvstrac/wiki?p=ManagementTools)\n\n*Some output truncated for brevity*\n\n### Get the list of ATT\u0026amp;CK™ techniques\n\n**SQL**\n\n`SELECT name\nFROM sdos_object\nWHERE type IS \"attack-pattern\";`\n\n**OUTPUT**\n\n\u003ctable\u003e\n\u003ctr\u003e\u003cth\u003ename\u003c/th\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e.bash_profile and .bashrc\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAccess Token Manipulation\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAccessibility Features\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAccount Discovery\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAccount Manipulation\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e...\u003c/td\u003e\u003c/tr\u003e\u003c/table\u003e\n\n### Get the list of ATT\u0026amp;CK™ techniques names with their STIX 2.0 identifier\n\n**SQL**\n\n`SELECT id, name\nFROM sdos_object\nWHERE type IS \"attack-pattern\";`\n\n**OUTPUT**\n\n\u003ctable\u003e\n\u003ctr\u003e\u003cth\u003eid\u003c/th\u003e\u003cth\u003ename\u003c/th\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eattack-pattern--01df3350-ce05-4bdf-bdf8-0a919a66d4a8\u003c/td\u003e\u003ctd\u003e.bash_profile and .bashrc\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eattack-pattern--dcaa092b-7de9-4a21-977f-7fcb77e89c48\u003c/td\u003e\u003ctd\u003eAccess Token Manipulation\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eattack-pattern--9b99b83a-1aac-4e29-b975-b374950551a3\u003c/td\u003e\u003ctd\u003eAccessibility Features\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eattack-pattern--72b74d71-8169-42aa-92e0-e7b04b9f5a08\u003c/td\u003e\u003ctd\u003eAccount Discovery\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eattack-pattern--a10641f4-87b4-45a3-a906-92a149cb2c27\u003c/td\u003e\u003ctd\u003eAccount Manipulation\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd colspan=\"2\"\u003e...\u003c/td\u003e\u003c/tr\u003e\n\u003c/table\u003e\n\n*The* **id** *field is a unique key that will be used frequently in many SQL queries*\n\nThe external references are stored in external_references table, since one ATT\u0026amp;CK™ technique can have one or more references, the link between the two tables is the technique identifier (check previous query), I will list multiple ways to access the external references\n\n### Get the list of ATT\u0026amp;CK™ techniques with external names\n\n**SQL**\n\n```\nSELECT name, external_id\nFROM sdos_object INNER JOIN external_references ON \n     sdos_object.id = external_references.fk_object_id\nWHERE \n  sdos_object.type IS \"attack-pattern\"\n  AND \n  external_references.source_name IS \"mitre-attack\";\n```\n\n**OUTPUT**\n\n\u003ctable\u003e\n\u003ctr\u003e\u003cth\u003ename\u003c/th\u003e\u003cth\u003eexternal_id\u003c/th\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e.bash_profile and .bashrc\u003c/td\u003e\u003ctd\u003eT1156\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAccess Token Manipulation\u003c/td\u003e\u003ctd\u003eT1134\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAccessibility Features\u003c/td\u003e\u003ctd\u003eT1015\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAccount Discovery\u003c/td\u003e\u003ctd\u003eT1087\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAccount Manipulation\u003c/td\u003e\u003ctd\u003eT1098\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd colspan=\"2\"\u003e...\u003c/td\u003e\u003c/tr\u003e\n\u003c/table\u003e\n\n### List all ATT\u0026amp;CK™ techniques associated with \"Windows\" platform \n\n**SQL**\n\n```\nSELECT name, external_id\nFROM sdos_object INNER JOIN external_references ON\n     sdos_object.id = external_references.fk_object_id\nWHERE \n  sdos_object.type IS \"attack-pattern\" AND \n  x_mitre_platforms_windows IS \"true\" AND \n  external_references.source_name IS \"mitre-attack\";\n```\n\n**OUTPUT**\n\n\u003ctable\u003e\n\u003ctr\u003e\u003cth\u003ename\u003c/th\u003e\u003cth\u003eexternal_id\u003c/th\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAccess Token Manipulation\u003c/td\u003e\u003ctd\u003eT1134\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAccessibility Features\u003c/td\u003e\u003ctd\u003eT1015\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAccount Discovery\u003c/td\u003e\u003ctd\u003eT1087\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAccount Manipulation\u003c/td\u003e\u003ctd\u003eT1098\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAppCert DLLs\u003c/td\u003e\u003ctd\u003eT1182\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd colspan=\"2\"\u003e...\u003c/td\u003e\u003c/tr\u003e\n\u003c/table\u003e\n\n### List all Malware objects along with their description\n\n**SQL**\n\n```\nSELECT name, description FROM sdos_object \nWHERE type IS \"malware\";\n```\n\n**OUTPUT**\n\n\u003ctable\u003e\n\u003ctr\u003e\u003cth\u003ename\u003c/th\u003e\u003cth\u003edescription\u003c/th\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e3PARA RAT\u003c/td\u003e\u003ctd\u003e3PARA RAT is a remote access tool (RAT) programmed in C++ that has been used by Putter Panda. (Citation: CrowdStrike Putter Panda)\u003cbr/\u003e\u003cbr/\u003eAliases: 3PARA RAT\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e4H RAT\u003c/td\u003e\u003ctd\u003e4H RAT is malware that has been used by Putter Panda since at least 2007. (Citation: CrowdStrike Putter Panda)\u003cbr/\u003e\u003cbr/\u003eAliases: 4H RAT\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eADVSTORESHELL\u003c/td\u003e\u003ctd\u003eADVSTORESHELL is a spying backdoor that has been used by APT28 from at least 2012 to 2016. It is generally used for long-term espionage and is deployed on targets deemed interesting after a reconnaissance phase. (Citation: Kaspersky Sofacy) (Citation: ESET Sednit Part 2)\u003cbr/\u003e\u003cbr/\u003eAliases: ADVSTORESHELL, NETUI, EVILTOSS, AZZY, Sedreco\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eASPXSpy\u003c/td\u003e\u003ctd\u003eASPXSpy is a Web shell. It has been modified by Threat Group-3390 actors to create the ASPXTool version. (Citation: Dell TG-3390)\u003cbr/\u003e\u003cbr/\u003eAliases: ASPXSpy, ASPXTool\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAgent.btz\u003c/td\u003e\u003ctd\u003eAgent.btz is a worm that primarily spreads itself via removable devices such as USB drives. It reportedly infected U.S. military networks in 2008. (Citation: Securelist Agent.btz)\u003cbr/\u003e\u003cbr/\u003eAliases: Agent.btz\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd colspan=\"2\"\u003e...\u003c/td\u003e\u003c/tr\u003e\n\u003c/table\u003e\n\n### List all Adversaries (intrusion-sets) along with their description\n\n**SQL**\n\n```\nSELECT name, description FROM sdos_object \nWHERE type IS \"intrusion-set\";\n```\n\n**OUTPUT**\n\n\u003ctable\u003e\n\u003ctr\u003e\u003cth\u003ename\u003c/th\u003e\u003cth\u003edescription\u003c/th\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAPT1\u003c/td\u003e\u003ctd\u003eAPT1 is a Chinese threat group that has been attributed to the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398. (Citation: Mandiant APT1)\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAPT12\u003c/td\u003e\u003ctd\u003eAPT12 is a threat group that has been attributed to China. (Citation: Meyers Numbered Panda)\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAPT16\u003c/td\u003e\u003ctd\u003eAPT16 is a China-based threat group that has launched spearphishing campaigns targeting Japanese and Taiwanese organizations. (Citation: FireEye EPS Awakens Part 2)\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAPT17\u003c/td\u003e\u003ctd\u003eAPT17 is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations. (Citation: FireEye APT17)\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAPT18\u003c/td\u003e\u003ctd\u003eAPT18 is a threat group that has operated since at least 2009 and has targeted a range of industries, including technology, manufacturing, human rights groups, government, and medical. (Citation: Dell Lateral Movement)\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd colspan=\"2\"\u003e...\u003c/td\u003e\u003c/tr\u003e\n\u003c/table\u003e\n\n### List all Tools and Malware used by a certain Adversary\n\nAll STIX 2.0 Domain Objects (SDO) relations are stored in *\"relationship\"* table. The following query is a nested query used to get the tools/malware used by APT3:\n\n**SQL**\n\n```\nSELECT name, description\nFROM sdos_object\nWHERE (type IS \"malware\" OR type IS \"tool\") -- Query for tools or malware\n  AND id IN (SELECT target_ref -- filter tools/malware associated with APT3\n             FROM relationship\n             WHERE relationship_type IS \"uses\" -- Source \"uses\" Target\n               AND source_ref IS -- Source is APT3 identifier\n                   \"intrusion-set--0bbdf25b-30ff-4894-a1cd-49260d0dd2d9\");\n```\n\n**OUTPUT**\n\n\u003ctable\u003e\n\u003ctr\u003e\u003cth\u003ename\u003c/th\u003e\u003cth\u003edescription\u003c/th\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eOSInfo\u003c/td\u003e\u003ctd\u003eOSInfo is a custom tool used by APT3 to do internal discovery on a victim\u0026#39;s computer and network.  (Citation: Symantec Buckeye)\u003cbr/\u003e\u003cbr/\u003eAliases: OSInfo\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003ePlugX\u003c/td\u003e\u003ctd\u003ePlugX is a remote access tool (RAT) that uses modular plugins. (Citation: Lastline PlugX Analysis) It has been used by multiple threat groups. (Citation: FireEye Clandestine Fox Part 2) (Citation: New DragonOK) (Citation: Dell TG-3390)\u003cbr/\u003e\u003cbr/\u003eAliases: PlugX, Sogu, Kaba, Korplug\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eRemoteCMD\u003c/td\u003e\u003ctd\u003eRemoteCMD is a custom tool used by APT3 to execute commands on a remote system similar to SysInternal\u0026#39;s PSEXEC functionality.  (Citation: Symantec Buckeye)\u003cbr/\u003e\u003cbr/\u003eAliases: RemoteCMD\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eSHOTPUT\u003c/td\u003e\u003ctd\u003eSHOTPUT is a custom backdoor used by APT3. (Citation: FireEye Clandestine Wolf)\u003cbr/\u003e\u003cbr/\u003eAliases: SHOTPUT, Backdoor.APT.CookieCutter, Pirpi\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eschtasks\u003c/td\u003e\u003ctd\u003eschtasks is used to schedule execution of programs or scripts on a Windows system to run at a specific date and time. (Citation: TechNet Schtasks)\u003cbr/\u003e\u003cbr/\u003eAliases: schtasks, schtasks.exe\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd colspan=\"2\"\u003e...\u003c/td\u003e\u003c/tr\u003e\n\u003c/table\u003e\n\n### Get ATOMIC™ test(s) associated with an ATT\u0026CK™ technique\n\nATOMIC™ Tests are stored in three tables\n- atomic_test table, this table simply maps ATOMIC™ tests to ATT\u0026CK™ techniques. Each atomic_test record has one or more atomic_attack_test records that contains the actual test details\n- atomic_attack_test, this tables holds the actual ATOMIC™ test details, each test has one or more input arguments represented with an atomic_input_arguments record\n- atomic_input_arguments, holds tests input arguments details\n\nThe following SQL statement retrieves the ATOMIC™ test(s) associated with ATT\u0026CK™ technique \"T1031\"\n\n**SQL**\n\n```\nSELECT name, description, executor_name, executor_command\nFROM atomic_attack_test\n  WHERE fk_atomic_attack_id IN \n    (SELECT id FROM atomic_attack \n     WHERE fk_attack_external_id IS \"T1031\");\n```\n\n**OUTPUT**\n\n\u003ctable\u003e\n\u003ctr\u003e\u003cth\u003ename\u003c/th\u003e\u003cth\u003edescription\u003c/th\u003e\u003cth\u003eexecutor_name\u003c/th\u003e\u003cth\u003eexecutor_command\u003c/th\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eModify Fax service to run PowerShell\u003c/td\u003e\u003ctd\u003eThis test will temporarily modify the service Fax by changing the binPath to PowerShell\u003cbr/\u003eand will then revert the binPath change, restoring Fax to its original state.\u003c/td\u003e\u003ctd\u003ecommand_prompt\u003c/td\u003e\u003ctd\u003esc config Fax binPath= \u0026quot;C:\\windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe -noexit -c \\\u0026quot;write-host \u0026#39;T1031 Test\u0026#39;\\\u0026quot;\u0026quot;\u003cbr/\u003esc start Fax\u003cbr/\u003esc config Fax binPath= \u0026quot;C:\\WINDOWS\\system32\\fxssvc.exe\u0026quot;\u003c/td\u003e\u003c/tr\u003e\u003c/table\u003e\n\n# Additional Resources\n\n* [Research Automation with ATT\u0026CK \u0026 Python](https://www.lacework.com/blog/automation-attck-python/)\n\n* [MITRE ATT\u0026CK™ : de l’importance de la temporalité](https://medium.com/cyberthreatintel/mitre-att-ck-de-limportance-de-la-temporalité-787fa81a024f)\n\n# Support and addtional Features\n\nFor support and to report and issues, you may either file an issue at Github or email directly to nshalabi@cyber-distance.com\n\n# License\n\n```\nCopyright 2024 Nader Shallabi. All rights reserved. \n\nATT\u0026CK™ TOOLS CAN BE COPIED AND/OR DISTRIBUTED WITHOUT ANY EXPRESS PERMISSION OF NADER SHALLABI.\n\nTHIS SOFTWARE IS PROVIDED BY NADER SHALLABI ''AS IS'' AND ANY EXPRESS OR IMPLIED\nWARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND\nFITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NADER SHALLABI\nOR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR\nCONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\nOR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED\nAND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING\nNEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF\nADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\nThe views and conclusions contained in the software and documentation are those of the authors and\nshould not be interpreted as representing official policies, either expressed or implied, of Nader Shallabi.\n```\n","funding_links":[],"categories":["\u003ca id=\"249c9d207ed6743e412c8c8bcd8a2927\"\u003e\u003c/a\u003eMitreATT\u0026CK","\u003ca id=\"a88c0c355b342b835fb42abee283bd71\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"f2c76d99a0b1fda124d210bd1bbc8f3f\"\u003e\u003c/a\u003eWordlist生成","\u003ca id=\"6ab6835b55cf5c8462c4229a4a0ee94c\"\u003e\u003c/a\u003e未分类的"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnshalabi%2Fattack-tools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnshalabi%2Fattack-tools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnshalabi%2Fattack-tools/lists"}