Esta página se muestra en inglés. Una traducción al español está en curso.
ScriptsJul 3, 2026·3 min de lectura

MITRE Caldera — Automated Adversary Emulation Platform

An open-source platform for running automated adversary emulation exercises mapped to the MITRE ATT&CK framework. Test your defenses by simulating real-world attack techniques.

Listo para agents

Instalación lista para agent

Este activo puede instalarse después de elegir el runtime, revisar el plan y ejecutar el comando correspondiente.

Native · 98/100Política: permitir
Superficie agent
Cualquier agent MCP/CLI
Tipo
Skill
Instalación
Single
Confianza
Confianza: Established
Entrada
MITRE Caldera
Comando de instalación directa
npx -y tokrepo@latest install 09e30b14-771e-11f1-9bc6-00163e2b0d79 --target codex

Ejecutar después de confirmar el plan con dry-run.

Introduction

MITRE Caldera is a cybersecurity platform for running automated adversary emulation operations. Built by the MITRE Corporation, it enables security teams to simulate real-world attack techniques mapped to the ATT&CK framework, helping organizations identify gaps in their defenses.

What MITRE Caldera Does

  • Runs automated adversary emulation operations against target systems
  • Maps all attack techniques to the MITRE ATT&CK knowledge base
  • Deploys lightweight agents on target machines to execute operations
  • Provides a web UI for planning, executing, and analyzing emulation campaigns
  • Supports both red team (attack simulation) and blue team (detection testing) workflows

Architecture Overview

Caldera consists of a central server, deployable agents, and a plugin system. The server orchestrates operations by sending instructions to agents installed on target systems. Agents execute techniques (called abilities) and report results back. The planner component decides which techniques to run next based on gathered intelligence. Everything is extensible through plugins that add new abilities, planners, or integrations.

Self-Hosting & Configuration

  • Requires Python 3.8+ and pip; clone and install dependencies
  • Run the server with a single command; access the web UI on port 8888
  • Deploy agents (Sandcat for Linux/macOS, Manx for reverse shell) on target systems
  • Configure adversary profiles to define which ATT&CK techniques to emulate
  • Extend with community plugins for additional techniques and reporting

Key Features

  • Direct mapping to MITRE ATT&CK techniques ensures industry-standard coverage
  • Autonomous operation planning simulates how real adversaries chain techniques
  • Plugin architecture supports custom abilities, agents, and planners
  • Built-in reporting shows which techniques succeeded and which were detected
  • Supports both automated campaigns and manual red team operations

Comparison with Similar Tools

  • Atomic Red Team — individual test scripts vs. full autonomous campaign orchestration
  • VECTR — tracking and reporting focus vs. active emulation execution
  • Infection Monkey — network propagation testing vs. broad ATT&CK technique emulation
  • Cobalt Strike — commercial red team tool vs. open-source emulation platform

FAQ

Q: Is Caldera safe to run in production? A: Caldera is designed for controlled environments. Run it in isolated lab networks or with explicit authorization from your security team.

Q: Does it require agents on every target? A: Yes. Lightweight agents must be deployed on target systems to execute techniques. Multiple agent types are available for different platforms.

Q: Can I add custom ATT&CK techniques? A: Yes. Custom abilities can be written as YAML files describing the commands to run for each platform and their ATT&CK mapping.

Q: How is it different from penetration testing tools? A: Caldera focuses on emulating known adversary behaviors systematically, while penetration testing tools focus on finding and exploiting vulnerabilities.

Sources

Discusión

Inicia sesión para unirte a la discusión.
Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados