442 tools indexed

CALDERA

Apache-2.0

🔥 Offensive Ops · Python

CALDERA is MITRE's open-source adversary emulation platform that automates attack simulations based on the ATT&CK framework. It enables red teams and purple teams to run realistic, repeatable attack chains against their infrastructure without manually executing each technique. CALDERA uses an agent-based architecture where lightweight agents (called Sandcat) are deployed on target systems and execute adversary profiles — curated sequences of ATT&CK techniques that mimic real-world threat actors. The platform includes dozens of pre-built abilities covering reconnaissance, credential access, lateral movement, persistence, and exfiltration. Blue teams can use CALDERA to validate detection coverage by running known attack sequences and checking whether their SIEM, EDR, and monitoring tools triggered appropriate alerts. The web-based UI provides real-time visibility into operation progress and a reporting engine for gap analysis.

6.9kstars

1.3kforks

65issues

Updated 22d ago

+I use this

View on GitHub Official Website

Use Cases

Automated adversary emulation using ATT&CK techniques
Purple team exercises and detection validation
Security control gap analysis

Tags

adversary-emulationmitre-attackred-teamautomationcalderacybersecurityhackinghacktoberfestmitremitre-corporationsecurity-automationsecurity-testing

Details

Category: 🔥 Offensive Ops
Language: Python
Repository: mitre/caldera
License: Apache-2.0
Platforms: 🐧linux🍎macos

Links

GitHub Repository

github.com/mitre/caldera

Official Website

caldera.mitre.org

Releases

github.com/mitre/caldera/releases

Issues

github.com/mitre/caldera/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Community Reviews

Alternatives & Comparisons

Infection Monkey

Automated adversary emulation platform for validating network security controls.

Compare CALDERA vs Infection Monkey

HexStrike AI

MCP server giving AI agents access to 150+ cybersecurity tools for automated pentesting, vulnerability discovery, and bug bounty automation.

Compare CALDERA vs HexStrike AI

Decepticon

Autonomous red team agent executing full kill chains from recon through C2 with MITRE ATT&CK mapping and Neo4j knowledge graph.

Compare CALDERA vs Decepticon

RedAmon

AI-powered agentic red team framework automating recon through exploitation with LangGraph, Neo4j, and 70+ integrated tools.

Compare CALDERA vs RedAmon

More in Offensive Ops

Mythic

Collaborative, multi-platform C2 framework. Docker-based with web UI, multiple agent types, and plugin architecture.

c2red-teammulti-operator

Havoc

Modern C2 framework. Qt-based GUI, BOF support, custom agents, and a Cobalt Strike-inspired workflow.

Rubeus

C# toolset for raw Kerberos interaction and abuse. AS-REP roasting, Kerberoasting, ticket manipulation, delegation attacks.

kerberosactive-directoryroasting

Certipy

Active Directory Certificate Services (AD CS) abuse tool. Find and exploit certificate template misconfigurations.

active-directorycertificatesadcs

Coercer

Automatically find and exploit Windows authentication coercion vulnerabilities. PetitPotam, PrinterBug, and more.

authentication-coercionntlm-relaypetitpotam

SharpHound

Official BloodHound data collector. Enumerates Active Directory objects, sessions, ACLs, and trusts for graph analysis.

active-directoryenumerationbloodhound