{"id":13482180,"url":"https://github.com/uber-common/metta","last_synced_at":"2025-04-12T19:46:36.261Z","repository":{"id":40313303,"uuid":"109185631","full_name":"uber-common/metta","owner":"uber-common","description":"An information security preparedness tool to do adversarial simulation.","archived":false,"fork":false,"pushed_at":"2019-04-01T06:34:25.000Z","size":536,"stargazers_count":1120,"open_issues_count":12,"forks_count":152,"subscribers_count":74,"default_branch":"master","last_synced_at":"2025-04-03T23:09:20.660Z","etag":null,"topics":["adversarial","celery","infosec","network","networking","python","redis","security","simulation","uber","vagrant","virtualbox","yaml"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/uber-common.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-11-01T21:24:47.000Z","updated_at":"2025-04-02T19:14:17.000Z","dependencies_parsed_at":"2022-08-01T00:08:17.922Z","dependency_job_id":null,"html_url":"https://github.com/uber-common/metta","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/uber-common%2Fmetta","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/uber-common%2Fmetta/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/uber-common%2Fmetta/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/uber-common%2Fmetta/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/uber-common","download_url":"https://codeload.github.com/uber-common/metta/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248625497,"owners_count":21135513,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["adversarial","celery","infosec","network","networking","python","redis","security","simulation","uber","vagrant","virtualbox","yaml"],"created_at":"2024-07-31T17:00:59.701Z","updated_at":"2025-04-12T19:46:36.241Z","avatar_url":"https://github.com/uber-common.png","language":"Python","readme":"# Metta \n\nMetta is an information security preparedness tool.  \n\nThis project uses Redis/Celery, python, and vagrant with virtualbox to do adversarial simulation.  This allows you to test (mostly) your host based instrumentation but may also allow you to test any network based detection and controls depending on how you set up your vagrants.\n\nThe project parses yaml files with actions and uses celery to queue these actions up and run them one at a time without interaction.\n\n\n\n---\n\n# Installation\n[see setup.md](setup.md)\n\nThere is also a [wiki](https://github.com/uber-common/metta/wiki)\n\n\n# Running actions\nThe various actions live in the MITRE folder sorted by MITRE ATT\u0026CK phases and also in Adversarial_Simulation\n\nJust run the python and yaml file of your choice\n\n```\n$ python run_simulation_yaml.py -f MITRE/Discovery/discovery_win_account.yml\nYAML FILE: MITRE/Discovery/discovery_account.yaml\nOS matched windows...sending to the windows vagrant\nRunning: cmd.exe /c net group \\\"Domain Admins\\\" /domain\nRunning: cmd.exe /c net user /add\nRunning: cmd.exe /c net user /domain\nRunning: cmd.exe /c net localgroup administrators\nRunning: cmd.exe /c net share\nRunning: cmd.exe /c net use\nRunning: cmd.exe /c net accounts\nRunning: cmd.exe /c net config workstation\nRunning: cmd.exe /c dsquery server\nRunning: cmd.exe /c dsquery user -name smith* | dsget user -dn -desc\nRunning: cmd.exe /c wmic useraccount list /format:list\nRunning: cmd.exe /c wmic ntdomain\nRunning: cmd.exe /c wmic group list /format:list\nRunning: cmd.exe /c wmic sysaccount list /format:list\n```\n\n\n# Making actions\nThe actions and scenarios live in the MITRE folder sorted by MITRE ATT\u0026CK phases and also in Adversarial_Simulation\n![actions example](docs/images/scenario.png)\n\nThe most important parts are the OS field and the purple_actions\n\nos: will tell the tool which vagrant to send the command to, obviously *nix commands on windows wont work out so well\n\npurple_actions: an array of commands to run sequentially\n\n# Making scenarios\nScenarios are a list of paths to actions.\n\nThe code will be looking for a  scenario: True field and scenario_actions list. Example below:\n![scenario example](docs/images/scenario2.png)\n\n\n\n\n# Gotchas\n\nThe tool takes the string from purple_actions and encapsulates it in quotes. Therefore you need to escape any other quotes, ticks, weird shell characters in your command.\n\nUse the output of the vagrant/celery piece to make sure things are working like they should\n\n# Why Metta?\nMetta (Pali)\nLoving kindness, gentle friendship; a practice for generating loving kindness said to be first taught by the Buddha as an antidote to fear. It helps cultivate our natural capacity for an open and loving heart and is traditionally offered along with other Brahma-vihara meditations that enrich compassion, joy in the happiness of others and equanimity. \u003cb\u003e These practices lead to the development of concentration, fearlessness, happiness and a greater ability to love. \u003c/b\u003e\n","funding_links":[],"categories":["IR Tools Collection","Python","IR tools Collection","Advesary Emulation Tools","Threat Simulation","Tools","Red and Purple Team","攻防演练","Preparedness training and wargaming"],"sub_categories":["Adversary Emulation","Tools","网络钓鱼意识和报告","Firewall appliances or distributions"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fuber-common%2Fmetta","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fuber-common%2Fmetta","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fuber-common%2Fmetta/lists"}