maride/penretem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add support for MITRE ATT&CK

Browse Source
This commit is contained in:
maride 2026-02-03 18:58:42 +01:00
parent 36b3d034ff
commit 5ad469d6e7
7 changed files with 4228 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -8,6 +8,7 @@ Penetration Test report template written in [typst](https://typst.app).
- Easy to use, handles the formatting and typesetting hassle for you - as well as all those text you copy-paste anyway
- Supports [CVSS V3.1](https://www.first.org/cvss/v3-1/)
- Supports [TLP V2.0](https://www.first.org/tlp/)
- Supports [MITRE ATT&CK](https://attack.mitre.org/) references
## Usage

1
addons/addons.typ
View File

@ -1,3 +1,4 @@
#import "cia.typ"
#import "cvss.typ"
#import "mitre.typ"
#import "tlp.typ"

15
addons/mitre.typ Normal file
View File

@ -0,0 +1,15 @@
#let isUsed = state("mitreIsUsed", false)
#let mitreData = json("../extern/mitre-attack.json")
#let reference(name: str, id: str) = {
let elem = mitreData.find(d => d.name == name or d.id == id)
if elem == none {
panic("Referenced MITRE ATT&CK attack pattern, but it couldn't be found: id=" + str(id) + ", name=" + str(name))
}
text([
_#elem.name _ (#elem.id)#footnote(elem.url)
])
context(isUsed.update(true))
}

21
extern/README.md vendored Normal file
View File

@ -0,0 +1,21 @@
# External data
Some data is required for either core functions or addons.
## MITRE ATT&CK data
The attacks described in the MITRE ATT&CK framework is available on GitHub: [mitre-attack/attack-data-model](https://github.com/mitre-attack/attack-data-model).
It is filtered to only required values using this [nushell](https://www.nushell.sh/) one-liner:
```nu
http get https://raw.githubusercontent.com/mitre-attack/attack-stix-data/refs/heads/master/enterprise-attack/enterprise-attack-18.1.json | get objects | where type == "attack-pattern" | each {|e| let ref = ($e.external_references | where source_name == 'mitre-attack' | first | get external_id url); {name:$e.name, id: ($ref | first), url: ($ref | last) } } | to json | save mitre-attack.json
```
The filtered output is saved to `mitre-attack.json` and used by `addons/mitre.typ`.
### License
> The MITRE Corporation (MITRE) hereby grants you a non-exclusive, royalty-free license to use ATT&CK® for research, development, and commercial purposes. Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.
> "© 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation."
For more information, see [MITRE's Terms of Use](https://attack.mitre.org/resources/legal-and-branding/terms-of-use/).

4177
extern/mitre-attack.json vendored Normal file
View File

File diff suppressed because it is too large Load Diff

5
findings.typ
View File

@ -1,4 +1,5 @@
#import "addons/cvss.typ" as cvss
#import "addons/cvss.typ"
#import "addons/mitre.typ"
= Findings
@ -29,6 +30,8 @@ Both applications have a login screen and cannot be used by unauthorized visitor
The version of `Uptime Kuma` is not specified, while the version of `Nginx Proxy Manager` is 2.11.2 and free of publicly known vulnerabilities (CVEs).
This is referenced in MITRE's ATT&CK framework as #mitre.reference(name: "External Remote Services").
=== Evaluation
The administration interfaces are not vulnerable and cannot be used without valid credentials. Because of this, the findings are considered purely informative.

10
pages/mgmtsum.typ
View File

@ -1,6 +1,7 @@
#import "@preview/diagraph:0.3.6"
#import "../addons/cvss.typ"
#import "../addons/mitre.typ"
#let render(target: str, targetInSentence: str, testFocus: str, testObject: str, testScenario: str, recommendation: str, start: str, end: str, setup: str, nodes: raw, scope: array) = {
[
@ -18,7 +19,14 @@
== Test Methodology
The aim of the test was to uncover vulnerabilities and weaknesses of all kinds and chaining findings and vulnerabilities accordingly to gain a deep understanding of the audited hosts, following a security-in-depth approach. The tests were carried out in accordance with the MITRE ATT&CK Framework#footnote("https://attack.mitre.org").
The aim of the test was to uncover vulnerabilities and weaknesses of all kinds and chaining findings and vulnerabilities accordingly to gain a deep understanding of the audited hosts, following a security-in-depth approach. #context([
#let methods = (
if mitre.isUsed.final() { [the MITRE ATT&CK Framework#footnote("https://attack.mitre.org")] },
).filter(m => m != none)
#if methods.len() > 0 {
[The tests were carried out in accordance with #methods.join(", ", last: ", and ").]
}
])
The penetration test was performed as a #testScenario.