TTPForge is a cyber attack simulation platform designed and built by Sam Manzer (@d3sch41n), Alek Straumann (@CrimsonK1ng), and Geoff Pamerleau (@Sy14r), and including subsequent contributions from many good folks in Meta’s Red, Blue, and Purple security teams. Jayson Grace (@l50) migrated the project to GitHub and assisted with preparation for the project’s open source release.
This project promotes a Purple Team approach to cybersecurity with the following goals:
TTPForge allows you to automate attacker tactics, techniques, and procedures (TTPs) using a powerful but easy-to-use YAML format. Check out the links below to learn more!
bash
curl \
https://raw.githubusercontent.com/facebookincubator/TTPForge/main/dl-rl.sh \
| bash
At this point, the latest ttpforge release should be in
$HOME/.local/bin/ttpforge and subsequently, the $USER's $PATH.
If running in a stripped down system, you can add TTPForge to your $PATH
with the following command:
bash
export PATH=$HOME/.local/bin:$PATH
This command will place a configuration file at the default location
~/.ttpforge/config.yaml and configure the examples and forgearmory TTP
repositories:
bash
ttpforge init
examples and forgearmory)bash
ttpforge list repos
The examples repository contains the TTPForge examples found in this
repository. The
ForgeArmory repository
contains our arsenal of attacker TTPs powered by TTPForge.
bash
ttpforge list ttps
bash
ttpforge show ttp examples//args/basic.yaml
bash
ttpforge run examples//args/basic.yaml \
--arg str_to_print=hello \
--arg run_second_step=true
$ claude mcp add TTPForge \
-- python -m otcore.mcp_server <graph>