TTPForge
This repo hosts the TTPForge tool created by Meta's Purple Team. It is intended to provide an interface to execute TTPs across various targets and mediums.
Table of Contents
- Getting Started - User
- Getting Started - Developer
- Using the TTPForge Dev Container
- Code Standards
- Creating a new release
- TTPForge Building Blocks
Getting started as a user
-
Get latest TTPForge release:
bashutils_url="https://raw.githubusercontent.com/l50/dotfiles/main/bashutils" bashutils_path="/tmp/bashutils" if [[ ! -f "${bashutils_path}" ]]; then curl -s "${bashutils_url}" -o "${bashutils_path}" fi source "${bashutils_path}" fetchFromGithub "facebookincubator" "TTPForge" "v1.0.3" ttpforge # Optionally, if you are using the `gh` cli: fetchFromGithub "facebookincubator" "TTPForge" "v1.0.3" ttpforge $GITHUB_TOKEN
At this point, the latest
ttpforgerelease should be in~/.local/bin/ttpforgeand subsequently, the$USER's$PATH.If running in a stripped down system, you can add TTPForge to your
$PATHwith the following command:export PATH=$HOME/.local/bin:$PATH
-
Initialize TTPForge configuration
This command will place a configuration file at the default location
~/.ttpforge/config.yamland download the ForgeArmory TTPs repository:ttpforge init
-
List available TTP repositories (should show
forgearmory)ttpforge list repos
-
List available TTPs that you can run:
ttpforge list ttps
-
Examine an example TTP:
ttpforge show ttp forgearmory//examples/args/define-args.yaml
-
Run the specified example:
ttpforge run \ forgearmory//examples/args/define-args.yaml \ --arg a_message="hello" \ --arg a_number=1337