Welcome to MITRE Caldera’s documentation!

Caldera™ is an adversary emulation platform designed to easily run autonomous breach-and-attack simulation exercises. It can also be used to run manual red-team engagements or automated incident response. Caldera is built on the MITRE ATT&CK™ framework and is an active research project at MITRE.

The framework consists of two components:

1. The core system. This is the framework code, including an asynchronous command-and-control (C2) server with a REST API and a web interface.

2. Plugins. These are separate repositories that hang off of the core framework, providing additional functionality. Examples include agents, GUI interfaces, collections of TTPs and more.

Visit Installing Caldera for installation information.

For getting familiar with the project, visit Getting started, which documents step-by-step guides for the most common use cases of Caldera, and Basic usage, which documents how to use some of the basic components in core Caldera. Visit Learning the terminology for in depth definitions of the terms used throughout the project.

For information about Caldera plugins, visit Plugin Library and How to Build Plugins if you are interested in building your own.

Usage Guides

• Installing MITRE Caldera
  • Requirements
  • Installation
  • Docker Deployment
  • Offline Installation
• Getting started
  • Autonomous red-team engagements
  • Autonomous incident-response
  • Manual red-team engagements
  • Research on artificial intelligence
• Learning the terminology
  • Agents
  • Abilities and Adversaries
  • Operations
  • Plugins
• Basic Usage
  • Agents
  • Abilities
  • Adversary Profiles
  • Operations
  • Facts
  • Fact sources
  • Rules
  • Planners
  • Plugins
• Server Configuration
  • Startup parameters
  • Configuration file
  • Custom configuration files
  • Enabling LDAP login
  • Setting Custom Login Handlers
• Plugin library
  • Sandcat
  • Caldera for OT
  • Mock
  • Manx
  • Stockpile
  • Response
  • Compass
  • Caltack
  • SSL
  • Atomic
  • GameBoard
  • Human
  • Training
  • Access
  • Builder
  • Debrief
• Parsers
  • Linking Parsers to an Ability
• Relationships
  • Creating Relationships using Abilities
  • Creating Relationships using Caldera Server
• Requirements
  • Example
• Objectives
  • Objectives
  • Goals
• Operation Results
  • Operation Report
  • Operation Event Logs
• Initial Access Attacks
  • Run an initial access technique
  • Write an initial access ability
• Windows Lateral Movement Guide
  • Setup
  • Lateral Movement Using Caldera
  • Example Lateral Movement Profile
• Dynamically-Compiled Payloads
  • Basic Example
  • Advanced Examples
• Exfiltration
  • Exfiltrating Files
  • Accessing Exfiltrated Files
  • Accessing Operations Reports
  • Unencrypting the files
• Peer-to-Peer Proxy Functionality for Sandcat Agents
  • How Sandcat Uses Peer-to-Peer
  • Peer-To-Peer Interfaces
  • Current Peer-to-Peer Implementations
• C2 Communications Tunneling
  • SSH Tunneling
• Uninstall MITRE Caldera
• Troubleshooting
  • Installing MITRE Caldera
  • Starting Caldera
  • Stopping Caldera
  • Agent Deployment
  • Operations
  • Opening Files
• Resources
  • Summary Sheets
  • Ability List
  • Lateral Movement Video Tutorial

The following section contains documentation from installed plugins.

Plugin Documentation

• Sandcat Plugin Details
  • Source Code
  • Precompiled Binaries
  • Deploy
    • Options
  • Extensions
  • Exit Codes
  • Customizing Default Options & Execution Without CLI Options
• Stockpile: Exfiltration Walkthrough
  • Groundwork - Destinations
    • Dropbox
    • GitHub Repositories
    • GitHub Gist
    • FTP
    • AWS
  • The Fact Source
  • Adversaries
  • An Example
    • Pre-Work: GitHub
    • Operation Planning
    • Finding Content
    • Limiting our results
    • Staging
    • Final Piece: A Password
  • Operation
  • Wrap-up

The following section contains information intended to help developers understand the inner workings of the Caldera adversary emulation tool, Caldera plugins, or new tools that interface with the Caldera server.

Developer Information

• The REST API
  • /api/rest
  • Agents
  • Adversaries
  • Operations
  • /file/upload
  • /file/download
• How to Build Plugins
  • Creating the structure
  • The enable function
  • Writing the code
  • Making it visual
  • Adding documentation
• How to Build Planners
  • Buckets
  • Creating a Planner
  • A Minimal Planner
  • Advanced Fact Usage
  • Planning Service Utilities
  • Operation Utilities
  • Knowledge Service
• How to Build Agents
  • Understanding contacts
  • Building an agent: HTTP contact
  • Lateral Movement Tracking
  • Manually Compiling Sandcat Agent

Core System API

• app package
  • Subpackages
    • app.api namespace
    • app.contacts namespace
    • app.data_encoders namespace
    • app.learning namespace
    • app.objects namespace
    • app.planners namespace
    • app.service namespace
    • app.utility namespace
  • Submodules
  • app.ascii_banner module
    • no_color()
    • print_rich_banner()
  • app.version module
    • get_version()
  • Module contents
• app.api namespace
  • Subpackages
    • app.api.packs namespace
    • app.api.v2 package
  • Submodules
  • app.api.rest_api module
    • RestApi
• app.api.packs namespace
  • Submodules
  • app.api.packs.advanced module
    • AdvancedPack
  • app.api.packs.campaign module
    • CampaignPack
• app.api.v2 package
  • Subpackages
    • app.api.v2.handlers namespace
    • app.api.v2.managers namespace
    • app.api.v2.schemas namespace
  • Submodules
  • app.api.v2.errors module
    • DataValidationError
    • RequestBodyParseError
    • RequestUnparsableJsonError
    • RequestValidationError
  • app.api.v2.responses module
    • JsonHttpBadRequest
    • JsonHttpErrorResponse
    • JsonHttpForbidden
    • JsonHttpNotFound
    • apispec_request_validation_middleware()
    • json_request_validation_middleware()
  • app.api.v2.security module
    • authentication_exempt()
    • authentication_required_middleware_factory()
    • is_handler_authentication_exempt()
    • pass_option_middleware()
  • app.api.v2.validation module
    • check_not_empty_string()
    • check_positive_integer()
  • Module contents
    • make_app()
• app.api.v2.handlers namespace
  • Submodules
  • app.api.v2.handlers.ability_api module
    • AbilityApi
  • app.api.v2.handlers.adversary_api module
    • AdversaryApi
  • app.api.v2.handlers.agent_api module
    • AgentApi
  • app.api.v2.handlers.base_api module
    • BaseApi
  • app.api.v2.handlers.base_object_api module
    • BaseObjectApi
  • app.api.v2.handlers.config_api module
    • ConfigApi
  • app.api.v2.handlers.contact_api module
    • ContactApi
  • app.api.v2.handlers.fact_api module
    • FactApi
  • app.api.v2.handlers.fact_source_api module
    • FactSourceApi
  • app.api.v2.handlers.health_api module
    • HealthApi
  • app.api.v2.handlers.obfuscator_api module
    • ObfuscatorApi
  • app.api.v2.handlers.objective_api module
    • ObjectiveApi
  • app.api.v2.handlers.operation_api module
    • OperationApi
  • app.api.v2.handlers.payload_api module
    • PayloadApi
  • app.api.v2.handlers.planner_api module
    • PlannerApi
  • app.api.v2.handlers.plugins_api module
    • PluginApi
  • app.api.v2.handlers.schedule_api module
    • ScheduleApi
• app.api.v2.managers namespace
  • Submodules
  • app.api.v2.managers.ability_api_manager module
    • AbilityApiManager
  • app.api.v2.managers.adversary_api_manager module
    • AdversaryApiManager
  • app.api.v2.managers.agent_api_manager module
    • AgentApiManager
  • app.api.v2.managers.base_api_manager module
    • BaseApiManager
  • app.api.v2.managers.config_api_manager module
    • ConfigApiManager
    • ConfigNotFound
    • ConfigUpdateNotAllowed
    • filter_keys()
    • filter_sensitive_props()
    • is_sensitive_prop()
  • app.api.v2.managers.contact_api_manager module
    • ContactApiManager
  • app.api.v2.managers.fact_api_manager module
    • FactApiManager
  • app.api.v2.managers.fact_source_manager module
    • FactSourceApiManager
  • app.api.v2.managers.operation_api_manager module
    • OperationApiManager
  • app.api.v2.managers.schedule_api_manager module
    • ScheduleApiManager
• app.api.v2.schemas namespace
  • Submodules
  • app.api.v2.schemas.base_schemas module
    • BaseGetAllQuerySchema
    • BaseGetOneQuerySchema
  • app.api.v2.schemas.caldera_info_schemas module
    • CalderaInfoSchema
  • app.api.v2.schemas.config_schemas module
    • AgentConfigUpdateSchema
    • ConfigUpdateSchema
  • app.api.v2.schemas.deploy_command_schemas module
    • DeployCommandsSchema
  • app.api.v2.schemas.error_schemas module
    • JsonHttpErrorSchema
  • app.api.v2.schemas.link_result_schema module
    • LinkResultSchema
  • app.api.v2.schemas.payload_schemas module
    • PayloadCreateRequestSchema
    • PayloadDeleteRequestSchema
    • PayloadQuerySchema
    • PayloadSchema
• app.contacts namespace
  • Subpackages
    • app.contacts.handles namespace
    • app.contacts.tunnels namespace
  • Submodules
  • app.contacts.contact_dns module
    • Contact
    • DnsAnswerObj
    • DnsPacket
    • DnsRecordType
    • DnsResponse
    • DnsResponseCodes
    • Handler
  • app.contacts.contact_ftp module
    • Contact
    • FtpHandler
  • app.contacts.contact_gist module
    • Contact
    • api_access()
  • app.contacts.contact_html module
    • Contact
  • app.contacts.contact_http module
    • Contact
  • app.contacts.contact_slack module
    • Contact
    • api_access()
  • app.contacts.contact_tcp module
    • Contact
    • TcpSessionHandler
  • app.contacts.contact_udp module
    • Contact
    • Handler
  • app.contacts.contact_websocket module
    • Contact
    • Handler
• app.contacts.handles namespace
  • Submodules
  • app.contacts.handles.h_beacon module
    • Handle
• app.contacts.tunnels namespace
  • Submodules
  • app.contacts.tunnels.tunnel_ssh module
    • SSHServerTunnel
    • Tunnel
• app.data_encoders namespace
  • Submodules
  • app.data_encoders.base64_basic module
    • Base64Encoder
    • load()
  • app.data_encoders.plain_text module
    • PlainTextEncoder
    • load()
• app.learning namespace
  • Submodules
  • app.learning.p_ip module
    • Parser
  • app.learning.p_path module
    • Parser
• app.objects namespace
  • Subpackages
    • app.objects.interfaces namespace
    • app.objects.secondclass namespace
  • Submodules
  • app.objects.c_ability module
    • Ability
    • AbilitySchema
  • app.objects.c_adversary module
    • Adversary
    • AdversarySchema
  • app.objects.c_agent module
    • Agent
    • AgentFieldsSchema
    • AgentSchema
  • app.objects.c_data_encoder module
    • DataEncoder
    • DataEncoderSchema
  • app.objects.c_obfuscator module
    • Obfuscator
    • ObfuscatorSchema
  • app.objects.c_objective module
    • Objective
    • ObjectiveSchema
  • app.objects.c_operation module
    • HostSchema
    • InvalidOperationStateError
    • Operation
    • OperationOutputRequestSchema
    • OperationSchema
    • OperationSchemaAlt
  • app.objects.c_planner module
    • Planner
    • PlannerSchema
  • app.objects.c_plugin module
    • Plugin
    • PluginSchema
  • app.objects.c_schedule module
    • Schedule
    • ScheduleSchema
  • app.objects.c_source module
    • Adjustment
    • AdjustmentSchema
    • Source
    • SourceSchema
• app.objects.interfaces namespace
  • Submodules
  • app.objects.interfaces.i_object module
    • FirstClassObjectInterface
• app.objects.secondclass namespace
  • Submodules
  • app.objects.secondclass.c_executor module
    • Executor
    • ExecutorSchema
    • get_variations()
  • app.objects.secondclass.c_fact module
    • Fact
    • FactSchema
    • FactUpdateRequestSchema
    • OriginType
  • app.objects.secondclass.c_goal module
    • Goal
    • GoalSchema
  • app.objects.secondclass.c_instruction module
    • Instruction
    • InstructionSchema
  • app.objects.secondclass.c_link module
    • Link
    • LinkSchema
    • update_scores()
  • app.objects.secondclass.c_parser module
    • Parser
    • ParserSchema
  • app.objects.secondclass.c_parserconfig module
    • ParserConfig
    • ParserConfigSchema
  • app.objects.secondclass.c_relationship module
    • Relationship
    • RelationshipSchema
    • RelationshipUpdateSchema
  • app.objects.secondclass.c_requirement module
    • Requirement
    • RequirementSchema
  • app.objects.secondclass.c_result module
    • Result
    • ResultSchema
  • app.objects.secondclass.c_rule module
    • Rule
    • RuleSchema
  • app.objects.secondclass.c_variation module
    • Variation
    • VariationSchema
  • app.objects.secondclass.c_visibility module
    • Visibility
    • VisibilitySchema
• app.planners namespace
  • Submodules
  • app.planners.atomic module
    • LogicalPlanner
• app.service namespace
  • Subpackages
    • app.service.interfaces namespace
    • app.service.login_handlers namespace
  • Submodules
  • app.service.app_svc module
    • AppService
    • Error
  • app.service.auth_svc module
    • AuthService
    • DictionaryAuthorizationPolicy
    • check_authorization()
    • for_all_public_methods()
  • app.service.contact_svc module
    • ContactService
    • report()
  • app.service.data_svc module
    • DataService
  • app.service.event_svc module
    • EventService
  • app.service.file_svc module
    • FileSvc
  • app.service.knowledge_svc module
    • KnowledgeService
  • app.service.learning_svc module
    • LearningService
  • app.service.planning_svc module
    • PlanningService
  • app.service.rest_svc module
    • RestService
• app.service.interfaces namespace
  • Submodules
  • app.service.interfaces.i_app_svc module
    • AppServiceInterface
  • app.service.interfaces.i_auth_svc module
    • AuthServiceInterface
  • app.service.interfaces.i_contact_svc module
    • ContactServiceInterface
  • app.service.interfaces.i_data_svc module
    • DataServiceInterface
  • app.service.interfaces.i_event_svc module
    • EventServiceInterface
  • app.service.interfaces.i_file_svc module
    • FileServiceInterface
  • app.service.interfaces.i_knowledge_svc module
    • KnowledgeServiceInterface
  • app.service.interfaces.i_learning_svc module
    • LearningServiceInterface
  • app.service.interfaces.i_login_handler module
    • LoginHandlerInterface
  • app.service.interfaces.i_object_svc module
    • ObjectServiceInterface
  • app.service.interfaces.i_planning_svc module
    • PlanningServiceInterface
  • app.service.interfaces.i_rest_svc module
    • RestServiceInterface
• app.service.login_handlers namespace
  • Submodules
  • app.service.login_handlers.default module
    • DefaultLoginHandler
• app.utility namespace
  • Submodules
  • app.utility.base_knowledge_svc module
    • BaseKnowledgeService
  • app.utility.base_obfuscator module
    • BaseObfuscator
  • app.utility.base_object module
    • AppConfigGlobalVariableIdentifier
    • BaseObject
  • app.utility.base_parser module
    • BaseParser
  • app.utility.base_planning_svc module
    • BasePlanningService
  • app.utility.base_service module
    • BaseService
  • app.utility.base_world module
    • AccessSchema
    • BaseWorld
    • PrivilegesSchema
  • app.utility.config_generator module
    • ensure_local_config()
    • log_config_message()
    • make_secure_config()
  • app.utility.file_decryptor module
    • decrypt()
    • get_encryptor()
    • read()
  • app.utility.payload_encoder module
    • xor_bytes()
    • xor_file()
  • app.utility.rule_set module
    • RuleAction
    • RuleSet
• app
  • app package
    • Subpackages
    • Submodules
    • app.ascii_banner module
    • app.version module
    • Module contents

Indices and tables

• Index

• Module Index

• Search Page