Full documentation, training and use-cases can be found here

CALDERA is a cyber security framework designed to easily run autonomous breach-and-simulation exercises. It can also be used to run manual red-team engagements or automated incident response.

It is built on the MITRE ATT&CK™ framework and is an active research project at MITRE.

The framework consists of two components:

1. The core system. This is the framework code, consisting of what is available in this repository. Included is an asynchronous command-and-control (C2) server with a REST API and a web interface.
2. Plugins. These are separate repositories that hang off of the core framework, providing additional functionality. Examples include agents, GUI interfaces, collections of TTPs and more.

• Access (red team initial access tools and techniques)
• Atomic (Atomic Read Team project TTPs)
• Builder (dynamically compile payloads)
• Compass (ATT&CK visualizations)
• GameBoard (visualize joint red and blue operations)
• Human (create simulated noise on an endpoint)
• Manx (shell functionality and reverse shell payloads)
• Mock (simulate agents in operations)
• Response (incident response)
• Sandcat (default agent)
• SSL (enable https for caldera)
• Stockpile (technique and profile storehouse)
• Training (certification and training course)

These requirements are for the computer running the core framework:

• Any Linux or MacOS
• Python 3.6.1+ (with Pip3)
• Google Chrome is our only supported browser
• Recommended hardware to run on is 8GB+ RAM and 2+ CPUs

Start by cloning this repository recursively, passing the desired version/release in x.x.x format. This will pull in all available plugins. If you clone master - or any non-release branch - you may experience bugs.

git clone https://github.com/mitre/caldera.git --recursive --branch x.x.x 

Next, install the PIP requirements:

pip install -r requirements.txt

Additionally, you can run our install script which will install several more dependencies that super-power your CALDERA server instance.

Finally, start the server.

python server.py --fresh --insecure

There is also a Docker image for CALDERA.

Watch the following video for a brief run through of how to run your first operation.

Refer to our contributor documentation

In addition to CALDERA's open source capabilities, MITRE maintains several in-house CALDERA plugins that offer more advanced functionality. For more information, or to discuss licensing opportunities, please reach out to [email protected] or directly to MITRE's Technology Transfer Office.