package module
v0.1.0 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jan 29, 2021 License: MIT Imports: 11 Imported by: 0


go-atomicredteam is a Golang application to execute tests as defined in the atomics folder of Red Canary's Atomic Red Team project. The "atomics folder" contains a folder for each Technique defined by the MITRE ATT&CK™ Framework. Inside of each of these "T#" folders you'll find a yaml file that defines the attack procedures for each atomic test as well as an easier to read markdown (md) version of the same data.

  • Executing atomic tests may leave your system in an undesirable state. You are responsible for understanding what a test does before executing.

  • Ensure you have permission to test before you begin.

  • It is recommended to set up a test machine for atomic test execution that is similar to the build in your environment. Be sure you have your collection/EDR solution in place, and that the endpoint is checking in and active.

Note: This execution framwork works on Windows, MacOS, and Linux (assuming it's cross-compiled).




This section is empty.


View Source
var (
	LOCAL   string
	REPO    string

	AtomicsFolderRegex = regexp.MustCompile(`PathToAtomicsFolder(\\|\/)`)
	BlockQuoteRegex    = regexp.MustCompile(`<\/?blockquote>`)
View Source
var Version = "version not set"


func DumpTechnique

func DumpTechnique(dir, tid string) (string, error)

func Execute

func Execute(tid, name string, index int, inputs []string) (*types.AtomicTest, error)

func GetMarkdown

func GetMarkdown(tid string) ([]byte, error)

func GetTechnique

func GetTechnique(tid string) (*types.Atomic, error)


This section is empty.


Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL