Last active
October 17, 2023 10:21
-
-
Save Korkmatik/bb4953eb139c434ee42de042f0404f89 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"T1548": "Abuse Elevation Control Mechanism", "T1134": "Access Token Manipulation", "T1531": "Account Access Removal", "T1529": "System Shutdown/Reboot", "T1087": "Account Discovery", "T1078": "Valid Accounts", "T1098": "Account Manipulation", "T1650": "Acquire Access", "T1583": "Acquire Infrastructure", "T1071": "Application Layer Protocol", "T1189": "Drive-by Compromise", "T1566": "Phishing", "T1102": "Web Service", "T1567": "Exfiltration Over Web Service", "T1595": "Active Scanning", "T1110": "Brute Force", "T1591": "Gather Victim Org Information", "T1594": "Search Victim-Owned Websites", "T1557": "Adversary-in-the-Middle", "T1040": "Network Sniffing", "T1010": "Application Window Discovery", "T1560": "Archive Collected Data", "T1123": "Audio Capture", "T1119": "Automated Collection", "T1059": "Command and Scripting Interpreter", "T1020": "Automated Exfiltration", "T1197": "BITS Jobs", "T1547": "Boot or Logon Autostart Execution", "T1037": "Boot or Logon Initialization Scripts", "T1176": "Browser Extensions", "T1217": "Browser Information Discovery", "T1185": "Browser Session Hijacking", "T1003": "OS Credential Dumping", "T1602": "Data from Configuration Repository", "T1612": "Build Image on Host", "T1115": "Clipboard Data", "T1651": "Cloud Administration Command", "T1580": "Cloud Infrastructure Discovery", "T1538": "Cloud Service Dashboard", "T1526": "Cloud Service Discovery", "T1619": "Cloud Storage Object Discovery", "T1083": "File and Directory Discovery", "T1021": "Remote Services", "T1106": "Native API", "T1092": "Communication Through Removable Media", "T1091": "Replication Through Removable Media", "T1586": "Compromise Accounts", "T1585": "Establish Accounts", "T1598": "Phishing for Information", "T1554": "Compromise Client Software Binary", "T1584": "Compromise Infrastructure", "T1609": "Container Administration Command", "T1613": "Container and Resource Discovery", "T1136": "Create Account", "T1543": "Create or Modify System Process", "T1555": "Credentials from Password Stores", "T1485": "Data Destruction", "T1132": "Data Encoding", "T1486": "Data Encrypted for Impact", "T1530": "Data from Cloud Storage", "T1213": "Data from Information Repositories", "T1005": "Data from Local System", "T1039": "Data from Network Shared Drive", "T1025": "Data from Removable Media", "T1565": "Data Manipulation", "T1001": "Data Obfuscation", "T1074": "Data Staged", "T1030": "Data Transfer Size Limits", "T1622": "Debugger Evasion", "T1491": "Defacement", "T1140": "Deobfuscate/Decode Files or Information", "T1027": "Obfuscated Files or Information", "T1610": "Deploy Container", "T1587": "Develop Capabilities", "T1652": "Device Driver Discovery", "T1497": "Virtualization/Sandbox Evasion", "T1068": "Exploitation for Privilege Escalation", "T1006": "Direct Volume Access", "T1561": "Disk Wipe", "T1484": "Domain Policy Modification", "T1482": "Domain Trust Discovery", "T1568": "Dynamic Resolution", "T1114": "Email Collection", "T1573": "Encrypted Channel", "T1499": "Endpoint Denial of Service", "T1611": "Escape to Host", "T1546": "Event Triggered Execution", "T1480": "Execution Guardrails", "T1048": "Exfiltration Over Alternative Protocol", "T1041": "Exfiltration Over C2 Channel", "T1011": "Exfiltration Over Other Network Medium", "T1052": "Exfiltration Over Physical Medium", "T1190": "Exploit Public-Facing Application", "T1203": "Exploitation for Client Execution", "T1212": "Exploitation for Credential Access", "T1211": "Exploitation for Defense Evasion", "T1210": "Exploitation of Remote Services", "T1133": "External Remote Services", "T1008": "Fallback Channels", "T1222": "File and Directory Permissions Modification", "T1495": "Firmware Corruption", "T1187": "Forced Authentication", "T1606": "Forge Web Credentials", "T1592": "Gather Victim Host Information", "T1589": "Gather Victim Identity Information", "T1590": "Gather Victim Network Information", "T1615": "Group Policy Discovery", "T1200": "Hardware Additions", "T1564": "Hide Artifacts", "T1574": "Hijack Execution Flow", "T1562": "Impair Defenses", "T1047": "Windows Management Instrumentation", "T1525": "Implant Internal Image", "T1070": "Indicator Removal", "T1105": "Ingress Tool Transfer", "T1112": "Modify Registry", "T1647": "Plist File Modification", "T1202": "Indirect Command Execution", "T1570": "Lateral Tool Transfer", "T1490": "Inhibit System Recovery", "T1056": "Input Capture", "T1559": "Inter-Process Communication", "T1534": "Internal Spearphishing", "T1036": "Masquerading", "T1556": "Modify Authentication Process", "T1578": "Modify Cloud Compute Infrastructure", "T1601": "Modify System Image", "T1111": "Multi-Factor Authentication Interception", "T1621": "Multi-Factor Authentication Request Generation", "T1104": "Multi-Stage Channels", "T1599": "Network Boundary Bridging", "T1498": "Network Denial of Service", "T1046": "Network Service Discovery", "T1135": "Network Share Discovery", "T1095": "Non-Application Layer Protocol", "T1571": "Non-Standard Port", "T1553": "Subvert Trust Controls", "T1588": "Obtain Capabilities", "T1137": "Office Application Startup", "T1550": "Use Alternate Authentication Material", "T1201": "Password Policy Discovery", "T1120": "Peripheral Device Discovery", "T1069": "Permission Groups Discovery", "T1204": "User Execution", "T1542": "Pre-OS Boot", "T1057": "Process Discovery", "T1055": "Process Injection", "T1572": "Protocol Tunneling", "T1090": "Proxy", "T1012": "Query Registry", "T1620": "Reflective Code Loading", "T1219": "Remote Access Software", "T1563": "Remote Service Session Hijacking", "T1018": "Remote System Discovery", "T1496": "Resource Hijacking", "T1207": "Rogue Domain Controller", "T1014": "Rootkit", "T1053": "Scheduled Task/Job", "T1029": "Scheduled Transfer", "T1113": "Screen Capture", "T1597": "Search Closed Sources", "T1596": "Search Open Technical Databases", "T1593": "Search Open Websites/Domains", "T1505": "Server Software Component", "T1648": "Serverless Execution", "T1489": "Service Stop", "T1129": "Shared Modules", "T1072": "Software Deployment Tools", "T1518": "Software Discovery", "T1608": "Stage Capabilities", "T1528": "Steal Application Access Token", "T1649": "Steal or Forge Authentication Certificates", "T1558": "Steal or Forge Kerberos Tickets", "T1539": "Steal Web Session Cookie", "T1195": "Supply Chain Compromise", "T1218": "System Binary Proxy Execution", "T1082": "System Information Discovery", "T1614": "System Location Discovery", "T1016": "System Network Configuration Discovery", "T1049": "System Network Connections Discovery", "T1033": "System Owner/User Discovery", "T1216": "System Script Proxy Execution", "T1007": "System Service Discovery", "T1569": "System Services", "T1124": "System Time Discovery", "T1080": "Taint Shared Content", "T1221": "Template Injection", "T1205": "Traffic Signaling", "T1537": "Transfer Data to Cloud Account", "T1127": "Trusted Developer Utilities Proxy Execution", "T1199": "Trusted Relationship", "T1552": "Unsecured Credentials", "T1535": "Unused/Unsupported Cloud Regions", "T1125": "Video Capture", "T1600": "Weaken Encryption", "T1220": "XSL Script Processing"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from bs4 import BeautifulSoup | |
| import json | |
| html_path = "Techniques.html" | |
| html_doc = open(html_path, "r") | |
| soup = BeautifulSoup(html_doc, 'html.parser') | |
| a_tags = soup.find_all('a') | |
| root_technique = "" | |
| data = {} | |
| for a_tag in a_tags: | |
| href = a_tag.get('href') | |
| text = a_tag.text | |
| if "techniques/T" in href: | |
| href = href.replace("https://attack.mitre.org/techniques/", "").replace("/", ".") | |
| text = text.strip() | |
| if "." not in href: | |
| if href in text: | |
| continue | |
| root_technique = text | |
| if "." in href: | |
| continue | |
| subtechnique = href.split(".")[-1] | |
| if subtechnique in text: | |
| continue | |
| text = f"{root_technique}: {text}" | |
| print(f"{href}: {text}") | |
| data[href] = text | |
| html_doc.close() | |
| print(data) | |
| file_path = "data.json" | |
| # Dump the dictionary to a JSON file | |
| with open(file_path, "w") as json_file: | |
| json.dump(data, json_file) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment