- Python libraries:
- csv, yaml, configparser, re (regex), os (directory file list)
- config.cfg
There must be a "config.cfg" file in the same location of "main.py". Without the configuration file the program can not run. In the configuration file there are two sections:
- Keyword file (csv) location
- [keyword_file_path] is the file which is parsed for search keywords. Column 1 is selected for candidate keywords.
- [output_file_path] is the file where output will be (over)written every time the program runs.
- Search files (yaml) location: Directory locations to search, separated by <separator> key.
- [separator] the value which is used to split sequence of files in <path> key, default value is ";".
- [path] sequence of search directories, separated by <separator> key.
- Subtechniques:
-
[subtechnique_switch] it is possible to have a switch etc [true/false] in the config file to ignore counting all the sub-techiques for one technique? e.g.
T1566.001
T1566.002
T1566.003
This will mean that if we find T1566 or T1566.00X in one rule we will say that we cover it ( under this new option ) no matter the rule will contain .001 .002 .003 .00X, we will say that are all a match if we switched this as a flag in the config file. This will affect the final percentage, meaning that only knowing that the technique is present, we mark all the sub-techniques under.
-
It reads a file 'os_techniques/ennterprise-attach.json' and parse all the techniques and subtechniques starting with "T", ignores others and informs in console. There are some techniques in this json file which are not mapped to any OS, rather they contain a key "revoked" with value "true". That means these techniques are mapped to new one. These exceptions are written into a file called "report.txt".
This file reads "reports.txt" and fetch all the mapped techniques by http GET request then writes corresponding mapping in "mapping.csv" file. Also it appends these new mapping in the 'os_techniques/X_techniques.csv' files, where X represents the platform/operating system accordingly to that new technique.
This program removes duplicate keys in all the os_techniques/OSx_techniques.csv files.
NET = % out of total "found" techniques CATEGORIZED = % out of total number techniques in platform category
Run the main.py file as >>> python3 main.py