AttackGen is a cybersecurity incident response testing tool that generates tailored scenarios using LLMs and the MITRE ATT&CK framework. It assists security teams in simulating and practicing responses to various cyber threats, supporting both Enterprise and ICS environments.

How It Works

AttackGen leverages large language models (LLMs) to create realistic incident response scenarios. Users select threat actor groups and can customize scenarios based on organization details, MITRE ATT&CK techniques, or pre-defined templates. It supports multiple LLM providers including OpenAI, Azure OpenAI, Google AI, Mistral, Groq, and locally hosted Ollama models, offering flexibility in model choice and deployment.

Quick Start & Requirements

• Install: pip install -r requirements.txt or docker pull mrwadams/attackgen
• Prerequisites: Python (recent version), OpenAI API key (or equivalent for other providers), MITRE ATT&CK datasets (enterprise-attack.json, ics-attack.json), groups.json, and a .env file for API keys. Optional LangChain API key for LangSmith integration.
• Run: streamlit run 00_👋_Welcome.py or docker run -p 8501:8501 mrwadams/attackgen
• Docs: https://github.com/mrwadams/attackgen

Highlighted Details

• Supports both MITRE ATT&CK Enterprise and ICS matrices.
• Offers an "AttackGen Assistant" chat interface for iterative scenario refinement.
• Integrates with LangSmith for debugging and monitoring LLM performance.
• Allows scenario generation via custom OpenAI-compatible API endpoints.
• Supports latest models from OpenAI (GPT-4o series) and Google AI (Gemini 1.5 Pro).

Maintenance & Community

The project is actively maintained with frequent releases adding new features and model support. Contributions are welcomed via issues and pull requests.

Licensing & Compatibility

• License: GNU GPLv3.
• Compatibility: GPLv3 is a strong copyleft license. Commercial use or linking with closed-source software may require careful consideration of license obligations.

Limitations & Caveats

Local model support via Ollama is not available on Streamlit Community Cloud deployments. The feedback buttons for scenario quality require a LangChain API key setup.