From 5234306ded0feef35d147546ee2367b11b166a18 Mon Sep 17 00:00:00 2001 From: MaineK00n Date: Wed, 15 Jun 2022 08:08:12 +0000 Subject: [PATCH] feat(cti): add Cyber Threat Intelligence info (#1442) * feat(cti): add Cyber Threat Intelligence info * chore: replace io/ioutil as it is deprecated * chore: remove --format-csv in stdout writer * chore(deps): go get go-cti@v0.0.1 * feat(cti): update cti dict(support MITRE ATT&CK v11.1) * chore(deps): go get go-cti@master --- README.md | 3 + config/config.go | 2 + config/tomlloader.go | 1 + config/vulnDictConf.go | 27 + .../owasp-dependency-check/parser/parser.go | 4 +- contrib/trivy/cmd/main.go | 3 +- cti/cti.go | 3953 +++++++++++++++++ detector/cti.go | 222 + detector/detector.go | 4 + detector/github.go | 4 +- detector/kevuln.go | 5 + detector/util.go | 8 +- detector/wordpress.go | 4 +- go.mod | 53 +- go.sum | 124 +- logging/logutil.go | 5 +- models/vulninfos.go | 1 + reporter/localfile.go | 3 +- reporter/stdout.go | 3 +- reporter/util.go | 32 +- saas/saas.go | 4 +- saas/uuid.go | 3 +- scanner/base.go | 3 +- server/server.go | 5 + subcmds/history.go | 6 +- subcmds/report.go | 1 - subcmds/scan.go | 4 +- tui/tui.go | 28 + 28 files changed, 4406 insertions(+), 109 deletions(-) create mode 100644 cti/cti.go create mode 100644 detector/cti.go diff --git a/README.md b/README.md index 2def756a..91bfb831 100644 --- a/README.md +++ b/README.md @@ -91,6 +91,9 @@ Vuls is a tool created to solve the problems listed above. It has the following - CISA(Cybersecurity & Infrastructure Security Agency) - [Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) +- Cyber Threat Intelligence(MITRE ATT&CK and CAPEC) + - [mitre/cti](https://github.com/mitre/cti) + - Libraries - [Node.js Security Working Group](https://github.com/nodejs/security-wg) - [Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db) diff --git a/config/config.go b/config/config.go index f503f3bc..e2276b69 100644 --- a/config/config.go +++ b/config/config.go @@ -42,6 +42,7 @@ type Config struct { Exploit ExploitConf `json:"exploit,omitempty"` Metasploit MetasploitConf `json:"metasploit,omitempty"` KEVuln KEVulnConf `json:"kevuln,omitempty"` + Cti CtiConf `json:"cti,omitempty"` Slack SlackConf `json:"-"` EMail SMTPConf `json:"-"` @@ -178,6 +179,7 @@ func (c *Config) ValidateOnReport() bool { &Conf.Exploit, &Conf.Metasploit, &Conf.KEVuln, + &Conf.Cti, } { if err := cnf.Validate(); err != nil { errs = append(errs, xerrors.Errorf("Failed to validate %s: %+v", cnf.GetName(), err)) diff --git a/config/tomlloader.go b/config/tomlloader.go index aef0c5cc..63948363 100644 --- a/config/tomlloader.go +++ b/config/tomlloader.go @@ -32,6 +32,7 @@ func (c TOMLLoader) Load(pathToToml string) error { &Conf.Exploit, &Conf.Metasploit, &Conf.KEVuln, + &Conf.Cti, } { cnf.Init() } diff --git a/config/vulnDictConf.go b/config/vulnDictConf.go index ce94355a..b5b5b627 100644 --- a/config/vulnDictConf.go +++ b/config/vulnDictConf.go @@ -301,3 +301,30 @@ func (cnf *KEVulnConf) Init() { cnf.setDefault("go-kev.sqlite3") cnf.DebugSQL = Conf.DebugSQL } + +// CtiConf is go-cti config +type CtiConf struct { + VulnDict +} + +const ctiDBType = "CTI_TYPE" +const ctiDBURL = "CTI_URL" +const ctiDBPATH = "CTI_SQLITE3_PATH" + +// Init set options with the following priority. +// 1. Environment variable +// 2. config.toml +func (cnf *CtiConf) Init() { + cnf.Name = "cti" + if os.Getenv(ctiDBType) != "" { + cnf.Type = os.Getenv(ctiDBType) + } + if os.Getenv(ctiDBURL) != "" { + cnf.URL = os.Getenv(ctiDBURL) + } + if os.Getenv(ctiDBPATH) != "" { + cnf.SQLite3Path = os.Getenv(ctiDBPATH) + } + cnf.setDefault("go-cti.sqlite3") + cnf.DebugSQL = Conf.DebugSQL +} diff --git a/contrib/owasp-dependency-check/parser/parser.go b/contrib/owasp-dependency-check/parser/parser.go index e1aaab59..3585d34c 100644 --- a/contrib/owasp-dependency-check/parser/parser.go +++ b/contrib/owasp-dependency-check/parser/parser.go @@ -2,7 +2,7 @@ package parser import ( "encoding/xml" - "io/ioutil" + "io" "os" "strings" @@ -41,7 +41,7 @@ func Parse(path string) ([]string, error) { } defer file.Close() - b, err := ioutil.ReadAll(file) + b, err := io.ReadAll(file) if err != nil { log.Warnf("Failed to read OWASP Dependency Check XML: %s", path) return []string{}, nil diff --git a/contrib/trivy/cmd/main.go b/contrib/trivy/cmd/main.go index 8f9a8d96..9fa60126 100644 --- a/contrib/trivy/cmd/main.go +++ b/contrib/trivy/cmd/main.go @@ -5,7 +5,6 @@ import ( "bytes" "encoding/json" "fmt" - "io/ioutil" "os" "path/filepath" @@ -39,7 +38,7 @@ func main() { } trivyJSON = buf.Bytes() } else { - if trivyJSON, err = ioutil.ReadFile(jsonFilePath); err != nil { + if trivyJSON, err = os.ReadFile(jsonFilePath); err != nil { fmt.Printf("Failed to read file. err: %+v\n", err) os.Exit(1) } diff --git a/cti/cti.go b/cti/cti.go new file mode 100644 index 00000000..edcef85f --- /dev/null +++ b/cti/cti.go @@ -0,0 +1,3953 @@ +package cti + +// Technique has MITER ATT&CK Technique or CAPEC information +type Technique struct { + Name string `json:"name"` + Platforms []string `json:"platforms"` +} + +// TechniqueDict is the MITRE ATT&CK Technique and CAPEC dictionary +var TechniqueDict = map[string]Technique{ + "CAPEC-1": { + Name: "CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs", + }, + "CAPEC-10": { + Name: "CAPEC-10: Buffer Overflow via Environment Variables", + }, + "CAPEC-100": { + Name: "CAPEC-100: Overflow Buffers", + }, + "CAPEC-101": { + Name: "CAPEC-101: Server Side Include (SSI) Injection", + }, + "CAPEC-102": { + Name: "CAPEC-102: Session Sidejacking", + }, + "CAPEC-103": { + Name: "CAPEC-103: Clickjacking", + }, + "CAPEC-104": { + Name: "CAPEC-104: Cross Zone Scripting", + }, + "CAPEC-105": { + Name: "CAPEC-105: HTTP Request Splitting", + }, + "CAPEC-107": { + Name: "CAPEC-107: Cross Site Tracing", + }, + "CAPEC-108": { + Name: "CAPEC-108: Command Line Execution through SQL Injection", + }, + "CAPEC-109": { + Name: "CAPEC-109: Object Relational Mapping Injection", + }, + "CAPEC-11": { + Name: "CAPEC-11: Cause Web Server Misclassification", + }, + "CAPEC-110": { + Name: "CAPEC-110: SQL Injection through SOAP Parameter Tampering", + }, + "CAPEC-111": { + Name: "CAPEC-111: JSON Hijacking (aka JavaScript Hijacking)", + }, + "CAPEC-112": { + Name: "CAPEC-112: Brute Force", + }, + "CAPEC-113": { + Name: "CAPEC-113: Interface Manipulation", + }, + "CAPEC-114": { + Name: "CAPEC-114: Authentication Abuse", + }, + "CAPEC-115": { + Name: "CAPEC-115: Authentication Bypass", + }, + "CAPEC-116": { + Name: "CAPEC-116: Excavation", + }, + "CAPEC-117": { + Name: "CAPEC-117: Interception", + }, + "CAPEC-12": { + Name: "CAPEC-12: Choosing Message Identifier", + }, + "CAPEC-120": { + Name: "CAPEC-120: Double Encoding", + }, + "CAPEC-121": { + Name: "CAPEC-121: Exploit Non-Production Interfaces", + }, + "CAPEC-122": { + Name: "CAPEC-122: Privilege Abuse", + }, + "CAPEC-123": { + Name: "CAPEC-123: Buffer Manipulation", + }, + "CAPEC-124": { + Name: "CAPEC-124: Shared Resource Manipulation", + }, + "CAPEC-125": { + Name: "CAPEC-125: Flooding", + }, + "CAPEC-126": { + Name: "CAPEC-126: Path Traversal", + }, + "CAPEC-127": { + Name: "CAPEC-127: Directory Indexing", + }, + "CAPEC-128": { + Name: "CAPEC-128: Integer Attacks", + }, + "CAPEC-129": { + Name: "CAPEC-129: Pointer Manipulation", + }, + "CAPEC-13": { + Name: "CAPEC-13: Subverting Environment Variable Values", + }, + "CAPEC-130": { + Name: "CAPEC-130: Excessive Allocation", + }, + "CAPEC-131": { + Name: "CAPEC-131: Resource Leak Exposure", + }, + "CAPEC-132": { + Name: "CAPEC-132: Symlink Attack", + }, + "CAPEC-133": { + Name: "CAPEC-133: Try All Common Switches", + }, + "CAPEC-134": { + Name: "CAPEC-134: Email Injection", + }, + "CAPEC-135": { + Name: "CAPEC-135: Format String Injection", + }, + "CAPEC-136": { + Name: "CAPEC-136: LDAP Injection", + }, + "CAPEC-137": { + Name: "CAPEC-137: Parameter Injection", + }, + "CAPEC-138": { + Name: "CAPEC-138: Reflection Injection", + }, + "CAPEC-139": { + Name: "CAPEC-139: Relative Path Traversal", + }, + "CAPEC-14": { + Name: "CAPEC-14: Client-side Injection-induced Buffer Overflow", + }, + "CAPEC-140": { + Name: "CAPEC-140: Bypassing of Intermediate Forms in Multiple-Form Sets", + }, + "CAPEC-141": { + Name: "CAPEC-141: Cache Poisoning", + }, + "CAPEC-142": { + Name: "CAPEC-142: DNS Cache Poisoning", + }, + "CAPEC-143": { + Name: "CAPEC-143: Detect Unpublicized Web Pages", + }, + "CAPEC-144": { + Name: "CAPEC-144: Detect Unpublicized Web Services", + }, + "CAPEC-145": { + Name: "CAPEC-145: Checksum Spoofing", + }, + "CAPEC-146": { + Name: "CAPEC-146: XML Schema Poisoning", + }, + "CAPEC-147": { + Name: "CAPEC-147: XML Ping of the Death", + }, + "CAPEC-148": { + Name: "CAPEC-148: Content Spoofing", + }, + "CAPEC-149": { + Name: "CAPEC-149: Explore for Predictable Temporary File Names", + }, + "CAPEC-15": { + Name: "CAPEC-15: Command Delimiters", + }, + "CAPEC-150": { + Name: "CAPEC-150: Collect Data from Common Resource Locations", + }, + "CAPEC-151": { + Name: "CAPEC-151: Identity Spoofing", + }, + "CAPEC-153": { + Name: "CAPEC-153: Input Data Manipulation", + }, + "CAPEC-154": { + Name: "CAPEC-154: Resource Location Spoofing", + }, + "CAPEC-155": { + Name: "CAPEC-155: Screen Temporary Files for Sensitive Information", + }, + "CAPEC-157": { + Name: "CAPEC-157: Sniffing Attacks", + }, + "CAPEC-158": { + Name: "CAPEC-158: Sniffing Network Traffic", + }, + "CAPEC-159": { + Name: "CAPEC-159: Redirect Access to Libraries", + }, + "CAPEC-16": { + Name: "CAPEC-16: Dictionary-based Password Attack", + }, + "CAPEC-160": { + Name: "CAPEC-160: Exploit Script-Based APIs", + }, + "CAPEC-161": { + Name: "CAPEC-161: Infrastructure Manipulation", + }, + "CAPEC-162": { + Name: "CAPEC-162: Manipulating Hidden Fields", + }, + "CAPEC-163": { + Name: "CAPEC-163: Spear Phishing", + }, + "CAPEC-164": { + Name: "CAPEC-164: Mobile Phishing", + }, + "CAPEC-165": { + Name: "CAPEC-165: File Manipulation", + }, + "CAPEC-166": { + Name: "CAPEC-166: Force the System to Reset Values", + }, + "CAPEC-167": { + Name: "CAPEC-167: White Box Reverse Engineering", + }, + "CAPEC-168": { + Name: "CAPEC-168: Windows ::DATA Alternate Data Stream", + }, + "CAPEC-169": { + Name: "CAPEC-169: Footprinting", + }, + "CAPEC-17": { + Name: "CAPEC-17: Using Malicious Files", + }, + "CAPEC-170": { + Name: "CAPEC-170: Web Application Fingerprinting", + }, + "CAPEC-173": { + Name: "CAPEC-173: Action Spoofing", + }, + "CAPEC-174": { + Name: "CAPEC-174: Flash Parameter Injection", + }, + "CAPEC-175": { + Name: "CAPEC-175: Code Inclusion", + }, + "CAPEC-176": { + Name: "CAPEC-176: Configuration/Environment Manipulation", + }, + "CAPEC-177": { + Name: "CAPEC-177: Create files with the same name as files protected with a higher classification", + }, + "CAPEC-178": { + Name: "CAPEC-178: Cross-Site Flashing", + }, + "CAPEC-179": { + Name: "CAPEC-179: Calling Micro-Services Directly", + }, + "CAPEC-18": { + Name: "CAPEC-18: XSS Targeting Non-Script Elements", + }, + "CAPEC-180": { + Name: "CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels", + }, + "CAPEC-181": { + Name: "CAPEC-181: Flash File Overlay", + }, + "CAPEC-182": { + Name: "CAPEC-182: Flash Injection", + }, + "CAPEC-183": { + Name: "CAPEC-183: IMAP/SMTP Command Injection", + }, + "CAPEC-184": { + Name: "CAPEC-184: Software Integrity Attack", + }, + "CAPEC-185": { + Name: "CAPEC-185: Malicious Software Download", + }, + "CAPEC-186": { + Name: "CAPEC-186: Malicious Software Update", + }, + "CAPEC-187": { + Name: "CAPEC-187: Malicious Automated Software Update via Redirection", + }, + "CAPEC-188": { + Name: "CAPEC-188: Reverse Engineering", + }, + "CAPEC-189": { + Name: "CAPEC-189: Black Box Reverse Engineering", + }, + "CAPEC-19": { + Name: "CAPEC-19: Embedding Scripts within Scripts", + }, + "CAPEC-190": { + Name: "CAPEC-190: Reverse Engineer an Executable to Expose Assumed Hidden Functionality", + }, + "CAPEC-191": { + Name: "CAPEC-191: Read Sensitive Constants Within an Executable", + }, + "CAPEC-192": { + Name: "CAPEC-192: Protocol Analysis", + }, + "CAPEC-193": { + Name: "CAPEC-193: PHP Remote File Inclusion", + }, + "CAPEC-194": { + Name: "CAPEC-194: Fake the Source of Data", + }, + "CAPEC-195": { + Name: "CAPEC-195: Principal Spoof", + }, + "CAPEC-196": { + Name: "CAPEC-196: Session Credential Falsification through Forging", + }, + "CAPEC-197": { + Name: "CAPEC-197: Exponential Data Expansion", + }, + "CAPEC-198": { + Name: "CAPEC-198: XSS Targeting Error Pages", + }, + "CAPEC-199": { + Name: "CAPEC-199: XSS Using Alternate Syntax", + }, + "CAPEC-2": { + Name: "CAPEC-2: Inducing Account Lockout", + }, + "CAPEC-20": { + Name: "CAPEC-20: Encryption Brute Forcing", + }, + "CAPEC-200": { + Name: "CAPEC-200: Removal of filters: Input filters, output filters, data masking", + }, + "CAPEC-201": { + Name: "CAPEC-201: Serialized Data External Linking", + }, + "CAPEC-202": { + Name: "CAPEC-202: Create Malicious Client", + }, + "CAPEC-203": { + Name: "CAPEC-203: Manipulate Registry Information", + }, + "CAPEC-204": { + Name: "CAPEC-204: Lifting Sensitive Data Embedded in Cache", + }, + "CAPEC-206": { + Name: "CAPEC-206: Signing Malicious Code", + }, + "CAPEC-207": { + Name: "CAPEC-207: Removing Important Client Functionality", + }, + "CAPEC-208": { + Name: "CAPEC-208: Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements", + }, + "CAPEC-209": { + Name: "CAPEC-209: XSS Using MIME Type Mismatch", + }, + "CAPEC-21": { + Name: "CAPEC-21: Exploitation of Trusted Identifiers", + }, + "CAPEC-212": { + Name: "CAPEC-212: Functionality Misuse", + }, + "CAPEC-215": { + Name: "CAPEC-215: Fuzzing for application mapping", + }, + "CAPEC-216": { + Name: "CAPEC-216: Communication Channel Manipulation", + }, + "CAPEC-217": { + Name: "CAPEC-217: Exploiting Incorrectly Configured SSL/TLS", + }, + "CAPEC-218": { + Name: "CAPEC-218: Spoofing of UDDI/ebXML Messages", + }, + "CAPEC-219": { + Name: "CAPEC-219: XML Routing Detour Attacks", + }, + "CAPEC-22": { + Name: "CAPEC-22: Exploiting Trust in Client", + }, + "CAPEC-220": { + Name: "CAPEC-220: Client-Server Protocol Manipulation", + }, + "CAPEC-221": { + Name: "CAPEC-221: Data Serialization External Entities Blowup", + }, + "CAPEC-222": { + Name: "CAPEC-222: iFrame Overlay", + }, + "CAPEC-224": { + Name: "CAPEC-224: Fingerprinting", + }, + "CAPEC-226": { + Name: "CAPEC-226: Session Credential Falsification through Manipulation", + }, + "CAPEC-227": { + Name: "CAPEC-227: Sustained Client Engagement", + }, + "CAPEC-228": { + Name: "CAPEC-228: DTD Injection", + }, + "CAPEC-229": { + Name: "CAPEC-229: Serialized Data Parameter Blowup", + }, + "CAPEC-23": { + Name: "CAPEC-23: File Content Injection", + }, + "CAPEC-230": { + Name: "CAPEC-230: Serialized Data with Nested Payloads", + }, + "CAPEC-231": { + Name: "CAPEC-231: Oversized Serialized Data Payloads", + }, + "CAPEC-233": { + Name: "CAPEC-233: Privilege Escalation", + }, + "CAPEC-234": { + Name: "CAPEC-234: Hijacking a privileged process", + }, + "CAPEC-237": { + Name: "CAPEC-237: Escaping a Sandbox by Calling Code in Another Language", + }, + "CAPEC-24": { + Name: "CAPEC-24: Filter Failure through Buffer Overflow", + }, + "CAPEC-240": { + Name: "CAPEC-240: Resource Injection", + }, + "CAPEC-242": { + Name: "CAPEC-242: Code Injection", + }, + "CAPEC-243": { + Name: "CAPEC-243: XSS Targeting HTML Attributes", + }, + "CAPEC-244": { + Name: "CAPEC-244: XSS Targeting URI Placeholders", + }, + "CAPEC-245": { + Name: "CAPEC-245: XSS Using Doubled Characters", + }, + "CAPEC-247": { + Name: "CAPEC-247: XSS Using Invalid Characters", + }, + "CAPEC-248": { + Name: "CAPEC-248: Command Injection", + }, + "CAPEC-25": { + Name: "CAPEC-25: Forced Deadlock", + }, + "CAPEC-250": { + Name: "CAPEC-250: XML Injection", + }, + "CAPEC-251": { + Name: "CAPEC-251: Local Code Inclusion", + }, + "CAPEC-252": { + Name: "CAPEC-252: PHP Local File Inclusion", + }, + "CAPEC-253": { + Name: "CAPEC-253: Remote Code Inclusion", + }, + "CAPEC-256": { + Name: "CAPEC-256: SOAP Array Overflow", + }, + "CAPEC-26": { + Name: "CAPEC-26: Leveraging Race Conditions", + }, + "CAPEC-261": { + Name: "CAPEC-261: Fuzzing for garnering other adjacent user/sensitive data", + }, + "CAPEC-263": { + Name: "CAPEC-263: Force Use of Corrupted Files", + }, + "CAPEC-267": { + Name: "CAPEC-267: Leverage Alternate Encoding", + }, + "CAPEC-268": { + Name: "CAPEC-268: Audit Log Manipulation", + }, + "CAPEC-27": { + Name: "CAPEC-27: Leveraging Race Conditions via Symbolic Links", + }, + "CAPEC-270": { + Name: "CAPEC-270: Modification of Registry Run Keys", + }, + "CAPEC-271": { + Name: "CAPEC-271: Schema Poisoning", + }, + "CAPEC-272": { + Name: "CAPEC-272: Protocol Manipulation", + }, + "CAPEC-273": { + Name: "CAPEC-273: HTTP Response Smuggling", + }, + "CAPEC-274": { + Name: "CAPEC-274: HTTP Verb Tampering", + }, + "CAPEC-275": { + Name: "CAPEC-275: DNS Rebinding", + }, + "CAPEC-276": { + Name: "CAPEC-276: Inter-component Protocol Manipulation", + }, + "CAPEC-277": { + Name: "CAPEC-277: Data Interchange Protocol Manipulation", + }, + "CAPEC-278": { + Name: "CAPEC-278: Web Services Protocol Manipulation", + }, + "CAPEC-279": { + Name: "CAPEC-279: SOAP Manipulation", + }, + "CAPEC-28": { + Name: "CAPEC-28: Fuzzing", + }, + "CAPEC-285": { + Name: "CAPEC-285: ICMP Echo Request Ping", + }, + "CAPEC-287": { + Name: "CAPEC-287: TCP SYN Scan", + }, + "CAPEC-29": { + Name: "CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions", + }, + "CAPEC-290": { + Name: "CAPEC-290: Enumerate Mail Exchange (MX) Records", + }, + "CAPEC-291": { + Name: "CAPEC-291: DNS Zone Transfers", + }, + "CAPEC-292": { + Name: "CAPEC-292: Host Discovery", + }, + "CAPEC-293": { + Name: "CAPEC-293: Traceroute Route Enumeration", + }, + "CAPEC-294": { + Name: "CAPEC-294: ICMP Address Mask Request", + }, + "CAPEC-295": { + Name: "CAPEC-295: Timestamp Request", + }, + "CAPEC-296": { + Name: "CAPEC-296: ICMP Information Request", + }, + "CAPEC-297": { + Name: "CAPEC-297: TCP ACK Ping", + }, + "CAPEC-298": { + Name: "CAPEC-298: UDP Ping", + }, + "CAPEC-299": { + Name: "CAPEC-299: TCP SYN Ping", + }, + "CAPEC-3": { + Name: "CAPEC-3: Using Leading 'Ghost' Character Sequences to Bypass Input Filters", + }, + "CAPEC-30": { + Name: "CAPEC-30: Hijacking a Privileged Thread of Execution", + }, + "CAPEC-300": { + Name: "CAPEC-300: Port Scanning", + }, + "CAPEC-301": { + Name: "CAPEC-301: TCP Connect Scan", + }, + "CAPEC-302": { + Name: "CAPEC-302: TCP FIN Scan", + }, + "CAPEC-303": { + Name: "CAPEC-303: TCP Xmas Scan", + }, + "CAPEC-304": { + Name: "CAPEC-304: TCP Null Scan", + }, + "CAPEC-305": { + Name: "CAPEC-305: TCP ACK Scan", + }, + "CAPEC-306": { + Name: "CAPEC-306: TCP Window Scan", + }, + "CAPEC-307": { + Name: "CAPEC-307: TCP RPC Scan", + }, + "CAPEC-308": { + Name: "CAPEC-308: UDP Scan", + }, + "CAPEC-309": { + Name: "CAPEC-309: Network Topology Mapping", + }, + "CAPEC-31": { + Name: "CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies", + }, + "CAPEC-310": { + Name: "CAPEC-310: Scanning for Vulnerable Software", + }, + "CAPEC-312": { + Name: "CAPEC-312: Active OS Fingerprinting", + }, + "CAPEC-313": { + Name: "CAPEC-313: Passive OS Fingerprinting", + }, + "CAPEC-317": { + Name: "CAPEC-317: IP ID Sequencing Probe", + }, + "CAPEC-318": { + Name: "CAPEC-318: IP 'ID' Echoed Byte-Order Probe", + }, + "CAPEC-319": { + Name: "CAPEC-319: IP (DF) 'Don't Fragment Bit' Echoing Probe", + }, + "CAPEC-32": { + Name: "CAPEC-32: XSS Through HTTP Query Strings", + }, + "CAPEC-320": { + Name: "CAPEC-320: TCP Timestamp Probe", + }, + "CAPEC-321": { + Name: "CAPEC-321: TCP Sequence Number Probe", + }, + "CAPEC-322": { + Name: "CAPEC-322: TCP (ISN) Greatest Common Divisor Probe", + }, + "CAPEC-323": { + Name: "CAPEC-323: TCP (ISN) Counter Rate Probe", + }, + "CAPEC-324": { + Name: "CAPEC-324: TCP (ISN) Sequence Predictability Probe", + }, + "CAPEC-325": { + Name: "CAPEC-325: TCP Congestion Control Flag (ECN) Probe", + }, + "CAPEC-326": { + Name: "CAPEC-326: TCP Initial Window Size Probe", + }, + "CAPEC-327": { + Name: "CAPEC-327: TCP Options Probe", + }, + "CAPEC-328": { + Name: "CAPEC-328: TCP 'RST' Flag Checksum Probe", + }, + "CAPEC-329": { + Name: "CAPEC-329: ICMP Error Message Quoting Probe", + }, + "CAPEC-33": { + Name: "CAPEC-33: HTTP Request Smuggling", + }, + "CAPEC-330": { + Name: "CAPEC-330: ICMP Error Message Echoing Integrity Probe", + }, + "CAPEC-331": { + Name: "CAPEC-331: ICMP IP Total Length Field Probe", + }, + "CAPEC-332": { + Name: "CAPEC-332: ICMP IP 'ID' Field Error Message Probe", + }, + "CAPEC-34": { + Name: "CAPEC-34: HTTP Response Splitting", + }, + "CAPEC-35": { + Name: "CAPEC-35: Leverage Executable Code in Non-Executable Files", + }, + "CAPEC-36": { + Name: "CAPEC-36: Using Unpublished Interfaces", + }, + "CAPEC-37": { + Name: "CAPEC-37: Retrieve Embedded Sensitive Data", + }, + "CAPEC-38": { + Name: "CAPEC-38: Leveraging/Manipulating Configuration File Search Paths", + }, + "CAPEC-383": { + Name: "CAPEC-383: Harvesting Information via API Event Monitoring", + }, + "CAPEC-384": { + Name: "CAPEC-384: Application API Message Manipulation via Man-in-the-Middle", + }, + "CAPEC-385": { + Name: "CAPEC-385: Transaction or Event Tampering via Application API Manipulation", + }, + "CAPEC-386": { + Name: "CAPEC-386: Application API Navigation Remapping", + }, + "CAPEC-387": { + Name: "CAPEC-387: Navigation Remapping To Propagate Malicious Content", + }, + "CAPEC-388": { + Name: "CAPEC-388: Application API Button Hijacking", + }, + "CAPEC-389": { + Name: "CAPEC-389: Content Spoofing Via Application API Manipulation", + }, + "CAPEC-39": { + Name: "CAPEC-39: Manipulating Opaque Client-based Data Tokens", + }, + "CAPEC-390": { + Name: "CAPEC-390: Bypassing Physical Security", + }, + "CAPEC-391": { + Name: "CAPEC-391: Bypassing Physical Locks", + }, + "CAPEC-392": { + Name: "CAPEC-392: Lock Bumping", + }, + "CAPEC-393": { + Name: "CAPEC-393: Lock Picking", + }, + "CAPEC-394": { + Name: "CAPEC-394: Using a Snap Gun Lock to Force a Lock", + }, + "CAPEC-395": { + Name: "CAPEC-395: Bypassing Electronic Locks and Access Controls", + }, + "CAPEC-397": { + Name: "CAPEC-397: Cloning Magnetic Strip Cards", + }, + "CAPEC-398": { + Name: "CAPEC-398: Magnetic Strip Card Brute Force Attacks", + }, + "CAPEC-399": { + Name: "CAPEC-399: Cloning RFID Cards or Chips", + }, + "CAPEC-4": { + Name: "CAPEC-4: Using Alternative IP Address Encodings", + }, + "CAPEC-40": { + Name: "CAPEC-40: Manipulating Writeable Terminal Devices", + }, + "CAPEC-400": { + Name: "CAPEC-400: RFID Chip Deactivation or Destruction", + }, + "CAPEC-401": { + Name: "CAPEC-401: Physically Hacking Hardware", + }, + "CAPEC-402": { + Name: "CAPEC-402: Bypassing ATA Password Security", + }, + "CAPEC-406": { + Name: "CAPEC-406: Dumpster Diving", + }, + "CAPEC-407": { + Name: "CAPEC-407: Pretexting", + }, + "CAPEC-41": { + Name: "CAPEC-41: Using Meta-characters in E-mail Headers to Inject Malicious Payloads", + }, + "CAPEC-410": { + Name: "CAPEC-410: Information Elicitation", + }, + "CAPEC-412": { + Name: "CAPEC-412: Pretexting via Customer Service", + }, + "CAPEC-413": { + Name: "CAPEC-413: Pretexting via Tech Support", + }, + "CAPEC-414": { + Name: "CAPEC-414: Pretexting via Delivery Person", + }, + "CAPEC-415": { + Name: "CAPEC-415: Pretexting via Phone", + }, + "CAPEC-416": { + Name: "CAPEC-416: Manipulate Human Behavior", + }, + "CAPEC-417": { + Name: "CAPEC-417: Influence Perception", + }, + "CAPEC-418": { + Name: "CAPEC-418: Influence Perception of Reciprocation", + }, + "CAPEC-42": { + Name: "CAPEC-42: MIME Conversion", + }, + "CAPEC-420": { + Name: "CAPEC-420: Influence Perception of Scarcity", + }, + "CAPEC-421": { + Name: "CAPEC-421: Influence Perception of Authority", + }, + "CAPEC-422": { + Name: "CAPEC-422: Influence Perception of Commitment and Consistency", + }, + "CAPEC-423": { + Name: "CAPEC-423: Influence Perception of Liking", + }, + "CAPEC-424": { + Name: "CAPEC-424: Influence Perception of Consensus or Social Proof", + }, + "CAPEC-425": { + Name: "CAPEC-425: Target Influence via Framing", + }, + "CAPEC-426": { + Name: "CAPEC-426: Influence via Incentives", + }, + "CAPEC-427": { + Name: "CAPEC-427: Influence via Psychological Principles", + }, + "CAPEC-428": { + Name: "CAPEC-428: Influence via Modes of Thinking", + }, + "CAPEC-429": { + Name: "CAPEC-429: Target Influence via Eye Cues", + }, + "CAPEC-43": { + Name: "CAPEC-43: Exploiting Multiple Input Interpretation Layers", + }, + "CAPEC-433": { + Name: "CAPEC-433: Target Influence via The Human Buffer Overflow", + }, + "CAPEC-434": { + Name: "CAPEC-434: Target Influence via Interview and Interrogation", + }, + "CAPEC-435": { + Name: "CAPEC-435: Target Influence via Instant Rapport", + }, + "CAPEC-438": { + Name: "CAPEC-438: Modification During Manufacture", + }, + "CAPEC-439": { + Name: "CAPEC-439: Manipulation During Distribution", + }, + "CAPEC-44": { + Name: "CAPEC-44: Overflow Binary Resource File", + }, + "CAPEC-440": { + Name: "CAPEC-440: Hardware Integrity Attack", + }, + "CAPEC-441": { + Name: "CAPEC-441: Malicious Logic Insertion", + }, + "CAPEC-442": { + Name: "CAPEC-442: Infected Software", + }, + "CAPEC-443": { + Name: "CAPEC-443: Malicious Logic Inserted Into Product Software by Authorized Developer", + }, + "CAPEC-444": { + Name: "CAPEC-444: Development Alteration", + }, + "CAPEC-445": { + Name: "CAPEC-445: Malicious Logic Insertion into Product Software via Configuration Management Manipulation", + }, + "CAPEC-446": { + Name: "CAPEC-446: Malicious Logic Insertion into Product Software via Inclusion of 3rd Party Component Dependency", + }, + "CAPEC-447": { + Name: "CAPEC-447: Design Alteration", + }, + "CAPEC-448": { + Name: "CAPEC-448: Embed Virus into DLL", + }, + "CAPEC-45": { + Name: "CAPEC-45: Buffer Overflow via Symbolic Links", + }, + "CAPEC-452": { + Name: "CAPEC-452: Infected Hardware", + }, + "CAPEC-456": { + Name: "CAPEC-456: Infected Memory", + }, + "CAPEC-457": { + Name: "CAPEC-457: USB Memory Attacks", + }, + "CAPEC-458": { + Name: "CAPEC-458: Flash Memory Attacks", + }, + "CAPEC-459": { + Name: "CAPEC-459: Creating a Rogue Certification Authority Certificate", + }, + "CAPEC-46": { + Name: "CAPEC-46: Overflow Variables and Tags", + }, + "CAPEC-460": { + Name: "CAPEC-460: HTTP Parameter Pollution (HPP)", + }, + "CAPEC-461": { + Name: "CAPEC-461: Web Services API Signature Forgery Leveraging Hash Function Extension Weakness", + }, + "CAPEC-462": { + Name: "CAPEC-462: Cross-Domain Search Timing", + }, + "CAPEC-463": { + Name: "CAPEC-463: Padding Oracle Crypto Attack", + }, + "CAPEC-464": { + Name: "CAPEC-464: Evercookie", + }, + "CAPEC-465": { + Name: "CAPEC-465: Transparent Proxy Abuse", + }, + "CAPEC-466": { + Name: "CAPEC-466: Leveraging Active Adversary in the Middle Attacks to Bypass Same Origin Policy", + }, + "CAPEC-467": { + Name: "CAPEC-467: Cross Site Identification", + }, + "CAPEC-468": { + Name: "CAPEC-468: Generic Cross-Browser Cross-Domain Theft", + }, + "CAPEC-469": { + Name: "CAPEC-469: HTTP DoS", + }, + "CAPEC-47": { + Name: "CAPEC-47: Buffer Overflow via Parameter Expansion", + }, + "CAPEC-470": { + Name: "CAPEC-470: Expanding Control over the Operating System from the Database", + }, + "CAPEC-471": { + Name: "CAPEC-471: Search Order Hijacking", + }, + "CAPEC-472": { + Name: "CAPEC-472: Browser Fingerprinting", + }, + "CAPEC-473": { + Name: "CAPEC-473: Signature Spoof", + }, + "CAPEC-474": { + Name: "CAPEC-474: Signature Spoofing by Key Theft", + }, + "CAPEC-475": { + Name: "CAPEC-475: Signature Spoofing by Improper Validation", + }, + "CAPEC-476": { + Name: "CAPEC-476: Signature Spoofing by Misrepresentation", + }, + "CAPEC-477": { + Name: "CAPEC-477: Signature Spoofing by Mixing Signed and Unsigned Content", + }, + "CAPEC-478": { + Name: "CAPEC-478: Modification of Windows Service Configuration", + }, + "CAPEC-479": { + Name: "CAPEC-479: Malicious Root Certificate", + }, + "CAPEC-48": { + Name: "CAPEC-48: Passing Local Filenames to Functions That Expect a URL", + }, + "CAPEC-480": { + Name: "CAPEC-480: Escaping Virtualization", + }, + "CAPEC-481": { + Name: "CAPEC-481: Contradictory Destinations in Traffic Routing Schemes", + }, + "CAPEC-482": { + Name: "CAPEC-482: TCP Flood", + }, + "CAPEC-485": { + Name: "CAPEC-485: Signature Spoofing by Key Recreation", + }, + "CAPEC-486": { + Name: "CAPEC-486: UDP Flood", + }, + "CAPEC-487": { + Name: "CAPEC-487: ICMP Flood", + }, + "CAPEC-488": { + Name: "CAPEC-488: HTTP Flood", + }, + "CAPEC-489": { + Name: "CAPEC-489: SSL Flood", + }, + "CAPEC-49": { + Name: "CAPEC-49: Password Brute Forcing", + }, + "CAPEC-490": { + Name: "CAPEC-490: Amplification", + }, + "CAPEC-491": { + Name: "CAPEC-491: Quadratic Data Expansion", + }, + "CAPEC-492": { + Name: "CAPEC-492: Regular Expression Exponential Blowup", + }, + "CAPEC-493": { + Name: "CAPEC-493: SOAP Array Blowup", + }, + "CAPEC-494": { + Name: "CAPEC-494: TCP Fragmentation", + }, + "CAPEC-495": { + Name: "CAPEC-495: UDP Fragmentation", + }, + "CAPEC-496": { + Name: "CAPEC-496: ICMP Fragmentation", + }, + "CAPEC-497": { + Name: "CAPEC-497: File Discovery", + }, + "CAPEC-498": { + Name: "CAPEC-498: Probe iOS Screenshots", + }, + "CAPEC-499": { + Name: "CAPEC-499: Android Intent Intercept", + }, + "CAPEC-5": { + Name: "CAPEC-5: Blue Boxing", + }, + "CAPEC-50": { + Name: "CAPEC-50: Password Recovery Exploitation", + }, + "CAPEC-500": { + Name: "CAPEC-500: WebView Injection", + }, + "CAPEC-501": { + Name: "CAPEC-501: Android Activity Hijack", + }, + "CAPEC-502": { + Name: "CAPEC-502: Intent Spoof", + }, + "CAPEC-503": { + Name: "CAPEC-503: WebView Exposure", + }, + "CAPEC-504": { + Name: "CAPEC-504: Task Impersonation", + }, + "CAPEC-505": { + Name: "CAPEC-505: Scheme Squatting", + }, + "CAPEC-506": { + Name: "CAPEC-506: Tapjacking", + }, + "CAPEC-507": { + Name: "CAPEC-507: Physical Theft", + }, + "CAPEC-508": { + Name: "CAPEC-508: Shoulder Surfing", + }, + "CAPEC-509": { + Name: "CAPEC-509: Kerberoasting", + }, + "CAPEC-51": { + Name: "CAPEC-51: Poison Web Service Registry", + }, + "CAPEC-510": { + Name: "CAPEC-510: SaaS User Request Forgery", + }, + "CAPEC-511": { + Name: "CAPEC-511: Infiltration of Software Development Environment", + }, + "CAPEC-516": { + Name: "CAPEC-516: Hardware Component Substitution During Baselining", + }, + "CAPEC-517": { + Name: "CAPEC-517: Documentation Alteration to Circumvent Dial-down", + }, + "CAPEC-518": { + Name: "CAPEC-518: Documentation Alteration to Produce Under-performing Systems", + }, + "CAPEC-519": { + Name: "CAPEC-519: Documentation Alteration to Cause Errors in System Design", + }, + "CAPEC-52": { + Name: "CAPEC-52: Embedding NULL Bytes", + }, + "CAPEC-520": { + Name: "CAPEC-520: Counterfeit Hardware Component Inserted During Product Assembly", + }, + "CAPEC-521": { + Name: "CAPEC-521: Hardware Design Specifications Are Altered", + }, + "CAPEC-522": { + Name: "CAPEC-522: Malicious Hardware Component Replacement", + }, + "CAPEC-523": { + Name: "CAPEC-523: Malicious Software Implanted", + }, + "CAPEC-524": { + Name: "CAPEC-524: Rogue Integration Procedures", + }, + "CAPEC-528": { + Name: "CAPEC-528: XML Flood", + }, + "CAPEC-529": { + Name: "CAPEC-529: Malware-Directed Internal Reconnaissance", + }, + "CAPEC-53": { + Name: "CAPEC-53: Postfix, Null Terminate, and Backslash", + }, + "CAPEC-530": { + Name: "CAPEC-530: Provide Counterfeit Component", + }, + "CAPEC-531": { + Name: "CAPEC-531: Hardware Component Substitution", + }, + "CAPEC-532": { + Name: "CAPEC-532: Altered Installed BIOS", + }, + "CAPEC-533": { + Name: "CAPEC-533: Malicious Manual Software Update", + }, + "CAPEC-534": { + Name: "CAPEC-534: Malicious Hardware Update", + }, + "CAPEC-535": { + Name: "CAPEC-535: Malicious Gray Market Hardware", + }, + "CAPEC-536": { + Name: "CAPEC-536: Data Injected During Configuration", + }, + "CAPEC-537": { + Name: "CAPEC-537: Infiltration of Hardware Development Environment", + }, + "CAPEC-538": { + Name: "CAPEC-538: Open-Source Library Manipulation", + }, + "CAPEC-539": { + Name: "CAPEC-539: ASIC With Malicious Functionality", + }, + "CAPEC-54": { + Name: "CAPEC-54: Query System for Information", + }, + "CAPEC-540": { + Name: "CAPEC-540: Overread Buffers", + }, + "CAPEC-541": { + Name: "CAPEC-541: Application Fingerprinting", + }, + "CAPEC-542": { + Name: "CAPEC-542: Targeted Malware", + }, + "CAPEC-543": { + Name: "CAPEC-543: Counterfeit Websites", + }, + "CAPEC-544": { + Name: "CAPEC-544: Counterfeit Organizations", + }, + "CAPEC-545": { + Name: "CAPEC-545: Pull Data from System Resources", + }, + "CAPEC-546": { + Name: "CAPEC-546: Incomplete Data Deletion in a Multi-Tenant Environment", + }, + "CAPEC-547": { + Name: "CAPEC-547: Physical Destruction of Device or Component", + }, + "CAPEC-548": { + Name: "CAPEC-548: Contaminate Resource", + }, + "CAPEC-549": { + Name: "CAPEC-549: Local Execution of Code", + }, + "CAPEC-55": { + Name: "CAPEC-55: Rainbow Table Password Cracking", + }, + "CAPEC-550": { + Name: "CAPEC-550: Install New Service", + }, + "CAPEC-551": { + Name: "CAPEC-551: Modify Existing Service", + }, + "CAPEC-552": { + Name: "CAPEC-552: Install Rootkit ", + }, + "CAPEC-554": { + Name: "CAPEC-554: Functionality Bypass", + }, + "CAPEC-555": { + Name: "CAPEC-555: Remote Services with Stolen Credentials", + }, + "CAPEC-556": { + Name: "CAPEC-556: Replace File Extension Handlers", + }, + "CAPEC-558": { + Name: "CAPEC-558: Replace Trusted Executable", + }, + "CAPEC-559": { + Name: "CAPEC-559: Orbital Jamming", + }, + "CAPEC-560": { + Name: "CAPEC-560: Use of Known Domain Credentials", + }, + "CAPEC-561": { + Name: "CAPEC-561: Windows Admin Shares with Stolen Credentials", + }, + "CAPEC-562": { + Name: "CAPEC-562: Modify Shared File", + }, + "CAPEC-563": { + Name: "CAPEC-563: Add Malicious File to Shared Webroot", + }, + "CAPEC-564": { + Name: "CAPEC-564: Run Software at Logon", + }, + "CAPEC-565": { + Name: "CAPEC-565: Password Spraying", + }, + "CAPEC-568": { + Name: "CAPEC-568: Capture Credentials via Keylogger", + }, + "CAPEC-569": { + Name: "CAPEC-569: Collect Data as Provided by Users", + }, + "CAPEC-57": { + Name: "CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data", + }, + "CAPEC-571": { + Name: "CAPEC-571: Block Logging to Central Repository", + }, + "CAPEC-572": { + Name: "CAPEC-572: Artificially Inflate File Sizes", + }, + "CAPEC-573": { + Name: "CAPEC-573: Process Footprinting", + }, + "CAPEC-574": { + Name: "CAPEC-574: Services Footprinting", + }, + "CAPEC-575": { + Name: "CAPEC-575: Account Footprinting", + }, + "CAPEC-576": { + Name: "CAPEC-576: Group Permission Footprinting", + }, + "CAPEC-577": { + Name: "CAPEC-577: Owner Footprinting", + }, + "CAPEC-578": { + Name: "CAPEC-578: Disable Security Software", + }, + "CAPEC-579": { + Name: "CAPEC-579: Replace Winlogon Helper DLL", + }, + "CAPEC-58": { + Name: "CAPEC-58: Restful Privilege Elevation", + }, + "CAPEC-580": { + Name: "CAPEC-580: System Footprinting", + }, + "CAPEC-581": { + Name: "CAPEC-581: Security Software Footprinting", + }, + "CAPEC-582": { + Name: "CAPEC-582: Route Disabling", + }, + "CAPEC-583": { + Name: "CAPEC-583: Disabling Network Hardware", + }, + "CAPEC-584": { + Name: "CAPEC-584: BGP Route Disabling", + }, + "CAPEC-585": { + Name: "CAPEC-585: DNS Domain Seizure", + }, + "CAPEC-586": { + Name: "CAPEC-586: Object Injection", + }, + "CAPEC-587": { + Name: "CAPEC-587: Cross Frame Scripting (XFS)", + }, + "CAPEC-588": { + Name: "CAPEC-588: DOM-Based XSS", + }, + "CAPEC-589": { + Name: "CAPEC-589: DNS Blocking", + }, + "CAPEC-59": { + Name: "CAPEC-59: Session Credential Falsification through Prediction", + }, + "CAPEC-590": { + Name: "CAPEC-590: IP Address Blocking", + }, + "CAPEC-591": { + Name: "CAPEC-591: Reflected XSS", + }, + "CAPEC-592": { + Name: "CAPEC-592: Stored XSS", + }, + "CAPEC-593": { + Name: "CAPEC-593: Session Hijacking", + }, + "CAPEC-594": { + Name: "CAPEC-594: Traffic Injection", + }, + "CAPEC-595": { + Name: "CAPEC-595: Connection Reset", + }, + "CAPEC-596": { + Name: "CAPEC-596: TCP RST Injection", + }, + "CAPEC-597": { + Name: "CAPEC-597: Absolute Path Traversal", + }, + "CAPEC-598": { + Name: "CAPEC-598: DNS Spoofing", + }, + "CAPEC-599": { + Name: "CAPEC-599: Terrestrial Jamming", + }, + "CAPEC-6": { + Name: "CAPEC-6: Argument Injection", + }, + "CAPEC-60": { + Name: "CAPEC-60: Reusing Session IDs (aka Session Replay)", + }, + "CAPEC-600": { + Name: "CAPEC-600: Credential Stuffing", + }, + "CAPEC-601": { + Name: "CAPEC-601: Jamming", + }, + "CAPEC-603": { + Name: "CAPEC-603: Blockage", + }, + "CAPEC-604": { + Name: "CAPEC-604: Wi-Fi Jamming", + }, + "CAPEC-605": { + Name: "CAPEC-605: Cellular Jamming", + }, + "CAPEC-606": { + Name: "CAPEC-606: Weakening of Cellular Encryption", + }, + "CAPEC-607": { + Name: "CAPEC-607: Obstruction", + }, + "CAPEC-608": { + Name: "CAPEC-608: Cryptanalysis of Cellular Encryption", + }, + "CAPEC-609": { + Name: "CAPEC-609: Cellular Traffic Intercept", + }, + "CAPEC-61": { + Name: "CAPEC-61: Session Fixation", + }, + "CAPEC-610": { + Name: "CAPEC-610: Cellular Data Injection", + }, + "CAPEC-611": { + Name: "CAPEC-611: BitSquatting", + }, + "CAPEC-612": { + Name: "CAPEC-612: WiFi MAC Address Tracking", + }, + "CAPEC-613": { + Name: "CAPEC-613: WiFi SSID Tracking", + }, + "CAPEC-614": { + Name: "CAPEC-614: Rooting SIM Cards", + }, + "CAPEC-615": { + Name: "CAPEC-615: Evil Twin Wi-Fi Attack", + }, + "CAPEC-616": { + Name: "CAPEC-616: Establish Rogue Location", + }, + "CAPEC-617": { + Name: "CAPEC-617: Cellular Rogue Base Station", + }, + "CAPEC-618": { + Name: "CAPEC-618: Cellular Broadcast Message Request", + }, + "CAPEC-619": { + Name: "CAPEC-619: Signal Strength Tracking", + }, + "CAPEC-62": { + Name: "CAPEC-62: Cross Site Request Forgery", + }, + "CAPEC-620": { + Name: "CAPEC-620: Drop Encryption Level", + }, + "CAPEC-621": { + Name: "CAPEC-621: Analysis of Packet Timing and Sizes", + }, + "CAPEC-622": { + Name: "CAPEC-622: Electromagnetic Side-Channel Attack", + }, + "CAPEC-623": { + Name: "CAPEC-623: Compromising Emanations Attack", + }, + "CAPEC-624": { + Name: "CAPEC-624: Hardware Fault Injection", + }, + "CAPEC-625": { + Name: "CAPEC-625: Mobile Device Fault Injection", + }, + "CAPEC-626": { + Name: "CAPEC-626: Smudge Attack", + }, + "CAPEC-627": { + Name: "CAPEC-627: Counterfeit GPS Signals", + }, + "CAPEC-628": { + Name: "CAPEC-628: Carry-Off GPS Attack", + }, + "CAPEC-629": { + Name: "CAPEC-629: Unauthorized Use of Device Resources", + }, + "CAPEC-63": { + Name: "CAPEC-63: Cross-Site Scripting (XSS)", + }, + "CAPEC-630": { + Name: "CAPEC-630: TypoSquatting", + }, + "CAPEC-631": { + Name: "CAPEC-631: SoundSquatting", + }, + "CAPEC-632": { + Name: "CAPEC-632: Homograph Attack via Homoglyphs", + }, + "CAPEC-633": { + Name: "CAPEC-633: Token Impersonation", + }, + "CAPEC-634": { + Name: "CAPEC-634: Probe Audio and Video Peripherals", + }, + "CAPEC-635": { + Name: "CAPEC-635: Alternative Execution Due to Deceptive Filenames", + }, + "CAPEC-636": { + Name: "CAPEC-636: Hiding Malicious Data or Code within Files", + }, + "CAPEC-637": { + Name: "CAPEC-637: Collect Data from Clipboard", + }, + "CAPEC-638": { + Name: "CAPEC-638: Altered Component Firmware", + }, + "CAPEC-639": { + Name: "CAPEC-639: Probe System Files", + }, + "CAPEC-64": { + Name: "CAPEC-64: Using Slashes and URL Encoding Combined to Bypass Validation Logic", + }, + "CAPEC-640": { + Name: "CAPEC-640: Inclusion of Code in Existing Process", + }, + "CAPEC-641": { + Name: "CAPEC-641: DLL Side-Loading", + }, + "CAPEC-642": { + Name: "CAPEC-642: Replace Binaries", + }, + "CAPEC-643": { + Name: "CAPEC-643: Identify Shared Files/Directories on System", + }, + "CAPEC-644": { + Name: "CAPEC-644: Use of Captured Hashes (Pass The Hash)", + }, + "CAPEC-645": { + Name: "CAPEC-645: Use of Captured Tickets (Pass The Ticket)", + }, + "CAPEC-646": { + Name: "CAPEC-646: Peripheral Footprinting", + }, + "CAPEC-647": { + Name: "CAPEC-647: Collect Data from Registries", + }, + "CAPEC-648": { + Name: "CAPEC-648: Collect Data from Screen Capture", + }, + "CAPEC-649": { + Name: "CAPEC-649: Adding a Space to a File Extension", + }, + "CAPEC-65": { + Name: "CAPEC-65: Sniff Application Code", + }, + "CAPEC-650": { + Name: "CAPEC-650: Upload a Web Shell to a Web Server", + }, + "CAPEC-651": { + Name: "CAPEC-651: Eavesdropping", + }, + "CAPEC-652": { + Name: "CAPEC-652: Use of Known Kerberos Credentials", + }, + "CAPEC-653": { + Name: "CAPEC-653: Use of Known Windows Credentials", + }, + "CAPEC-654": { + Name: "CAPEC-654: Credential Prompt Impersonation", + }, + "CAPEC-655": { + Name: "CAPEC-655: Avoid Security Tool Identification by Adding Data", + }, + "CAPEC-656": { + Name: "CAPEC-656: Voice Phishing", + }, + "CAPEC-657": { + Name: "CAPEC-657: Malicious Automated Software Update via Spoofing", + }, + "CAPEC-66": { + Name: "CAPEC-66: SQL Injection", + }, + "CAPEC-660": { + Name: "CAPEC-660: Root/Jailbreak Detection Evasion via Hooking", + }, + "CAPEC-661": { + Name: "CAPEC-661: Root/Jailbreak Detection Evasion via Debugging", + }, + "CAPEC-662": { + Name: "CAPEC-662: Adversary in the Browser (AiTB)", + }, + "CAPEC-663": { + Name: "CAPEC-663: Exploitation of Transient Instruction Execution", + }, + "CAPEC-664": { + Name: "CAPEC-664: Server Side Request Forgery", + }, + "CAPEC-665": { + Name: "CAPEC-665: Exploitation of Thunderbolt Protection Flaws", + }, + "CAPEC-666": { + Name: "CAPEC-666: BlueSmacking", + }, + "CAPEC-667": { + Name: "CAPEC-667: Bluetooth Impersonation AttackS (BIAS)", + }, + "CAPEC-668": { + Name: "CAPEC-668: Key Negotiation of Bluetooth Attack (KNOB)", + }, + "CAPEC-669": { + Name: "CAPEC-669: Alteration of a Software Update", + }, + "CAPEC-67": { + Name: "CAPEC-67: String Format Overflow in syslog()", + }, + "CAPEC-670": { + Name: "CAPEC-670: Software Development Tools Maliciously Altered", + }, + "CAPEC-671": { + Name: "CAPEC-671: Requirements for ASIC Functionality Maliciously Altered", + }, + "CAPEC-672": { + Name: "CAPEC-672: Malicious Code Implanted During Chip Programming", + }, + "CAPEC-673": { + Name: "CAPEC-673: Developer Signing Maliciously Altered Software", + }, + "CAPEC-674": { + Name: "CAPEC-674: Design for FPGA Maliciously Altered", + }, + "CAPEC-675": { + Name: "CAPEC-675: Retrieve Data from Decommissioned Devices", + }, + "CAPEC-676": { + Name: "CAPEC-676: NoSQL Injection", + }, + "CAPEC-677": { + Name: "CAPEC-677: Server Functionality Compromise", + }, + "CAPEC-678": { + Name: "CAPEC-678: System Build Data Maliciously Altered", + }, + "CAPEC-679": { + Name: "CAPEC-679: Exploitation of Improperly Configured or Implemented Memory Protections", + }, + "CAPEC-68": { + Name: "CAPEC-68: Subvert Code-signing Facilities", + }, + "CAPEC-680": { + Name: "CAPEC-680: Exploitation of Improperly Controlled Registers", + }, + "CAPEC-681": { + Name: "CAPEC-681: Exploitation of Improperly Controlled Hardware Security Identifiers", + }, + "CAPEC-69": { + Name: "CAPEC-69: Target Programs with Elevated Privileges", + }, + "CAPEC-7": { + Name: "CAPEC-7: Blind SQL Injection", + }, + "CAPEC-70": { + Name: "CAPEC-70: Try Common or Default Usernames and Passwords", + }, + "CAPEC-71": { + Name: "CAPEC-71: Using Unicode Encoding to Bypass Validation Logic", + }, + "CAPEC-72": { + Name: "CAPEC-72: URL Encoding", + }, + "CAPEC-73": { + Name: "CAPEC-73: User-Controlled Filename", + }, + "CAPEC-74": { + Name: "CAPEC-74: Manipulating State", + }, + "CAPEC-75": { + Name: "CAPEC-75: Manipulating Writeable Configuration Files", + }, + "CAPEC-76": { + Name: "CAPEC-76: Manipulating Web Input to File System Calls", + }, + "CAPEC-77": { + Name: "CAPEC-77: Manipulating User-Controlled Variables", + }, + "CAPEC-78": { + Name: "CAPEC-78: Using Escaped Slashes in Alternate Encoding", + }, + "CAPEC-79": { + Name: "CAPEC-79: Using Slashes in Alternate Encoding", + }, + "CAPEC-8": { + Name: "CAPEC-8: Buffer Overflow in an API Call", + }, + "CAPEC-80": { + Name: "CAPEC-80: Using UTF-8 Encoding to Bypass Validation Logic", + }, + "CAPEC-81": { + Name: "CAPEC-81: Web Logs Tampering", + }, + "CAPEC-83": { + Name: "CAPEC-83: XPath Injection", + }, + "CAPEC-84": { + Name: "CAPEC-84: XQuery Injection", + }, + "CAPEC-85": { + Name: "CAPEC-85: AJAX Footprinting", + }, + "CAPEC-86": { + Name: "CAPEC-86: XSS Through HTTP Headers", + }, + "CAPEC-87": { + Name: "CAPEC-87: Forceful Browsing", + }, + "CAPEC-88": { + Name: "CAPEC-88: OS Command Injection", + }, + "CAPEC-89": { + Name: "CAPEC-89: Pharming", + }, + "CAPEC-9": { + Name: "CAPEC-9: Buffer Overflow in Local Command-Line Utilities", + }, + "CAPEC-90": { + Name: "CAPEC-90: Reflection Attack in Authentication Protocol", + }, + "CAPEC-92": { + Name: "CAPEC-92: Forced Integer Overflow", + }, + "CAPEC-93": { + Name: "CAPEC-93: Log Injection-Tampering-Forging", + }, + "CAPEC-94": { + Name: "CAPEC-94: Adversary in the Middle (AiTM)", + }, + "CAPEC-95": { + Name: "CAPEC-95: WSDL Scanning", + }, + "CAPEC-96": { + Name: "CAPEC-96: Block Access to Libraries", + }, + "CAPEC-97": { + Name: "CAPEC-97: Cryptanalysis", + }, + "CAPEC-98": { + Name: "CAPEC-98: Phishing", + }, + "T1001": { + Name: "TA0011: Command and Control => T1001: Data Obfuscation", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1001.001": { + Name: "TA0011: Command and Control => T1001.001: Junk Data", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1001.002": { + Name: "TA0011: Command and Control => T1001.002: Steganography", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1001.003": { + Name: "TA0011: Command and Control => T1001.003: Protocol Impersonation", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1003": { + Name: "TA0006: Credential Access => T1003: OS Credential Dumping", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1003.001": { + Name: "TA0006: Credential Access => T1003.001: LSASS Memory", + Platforms: []string{"Windows"}, + }, + "T1003.002": { + Name: "TA0006: Credential Access => T1003.002: Security Account Manager", + Platforms: []string{"Windows"}, + }, + "T1003.003": { + Name: "TA0006: Credential Access => T1003.003: NTDS", + Platforms: []string{"Windows"}, + }, + "T1003.004": { + Name: "TA0006: Credential Access => T1003.004: LSA Secrets", + Platforms: []string{"Windows"}, + }, + "T1003.005": { + Name: "TA0006: Credential Access => T1003.005: Cached Domain Credentials", + Platforms: []string{"Windows"}, + }, + "T1003.006": { + Name: "TA0006: Credential Access => T1003.006: DCSync", + Platforms: []string{"Windows"}, + }, + "T1003.007": { + Name: "TA0006: Credential Access => T1003.007: Proc Filesystem", + Platforms: []string{"Linux"}, + }, + "T1003.008": { + Name: "TA0006: Credential Access => T1003.008: /etc/passwd and /etc/shadow", + Platforms: []string{"Linux"}, + }, + "T1005": { + Name: "TA0009: Collection => T1005: Data from Local System", + Platforms: []string{"Linux", "Network", "Windows", "macOS"}, + }, + "T1006": { + Name: "TA0005: Defense Evasion => T1006: Direct Volume Access", + Platforms: []string{"Windows"}, + }, + "T1007": { + Name: "TA0007: Discovery => T1007: System Service Discovery", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1008": { + Name: "TA0011: Command and Control => T1008: Fallback Channels", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1010": { + Name: "TA0007: Discovery => T1010: Application Window Discovery", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1011": { + Name: "TA0010: Exfiltration => T1011: Exfiltration Over Other Network Medium", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1011.001": { + Name: "TA0010: Exfiltration => T1011.001: Exfiltration Over Bluetooth", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1012": { + Name: "TA0007: Discovery => T1012: Query Registry", + Platforms: []string{"Windows"}, + }, + "T1014": { + Name: "TA0005: Defense Evasion => T1014: Rootkit", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1016": { + Name: "TA0007: Discovery => T1016: System Network Configuration Discovery", + Platforms: []string{"Linux", "Network", "Windows", "macOS"}, + }, + "T1016.001": { + Name: "TA0007: Discovery => T1016.001: Internet Connection Discovery", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1018": { + Name: "TA0007: Discovery => T1018: Remote System Discovery", + Platforms: []string{"Linux", "Network", "Windows", "macOS"}, + }, + "T1020": { + Name: "TA0010: Exfiltration => T1020: Automated Exfiltration", + Platforms: []string{"Linux", "Network", "Windows", "macOS"}, + }, + "T1020.001": { + Name: "TA0010: Exfiltration => T1020.001: Traffic Duplication", + Platforms: []string{"Network"}, + }, + "T1021": { + Name: "TA0008: Lateral Movement => T1021: Remote Services", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1021.001": { + Name: "TA0008: Lateral Movement => T1021.001: Remote Desktop Protocol", + Platforms: []string{"Windows"}, + }, + "T1021.002": { + Name: "TA0008: Lateral Movement => T1021.002: SMB/Windows Admin Shares", + Platforms: []string{"Windows"}, + }, + "T1021.003": { + Name: "TA0008: Lateral Movement => T1021.003: Distributed Component Object Model", + Platforms: []string{"Windows"}, + }, + "T1021.004": { + Name: "TA0008: Lateral Movement => T1021.004: SSH", + Platforms: []string{"Linux", "macOS"}, + }, + "T1021.005": { + Name: "TA0008: Lateral Movement => T1021.005: VNC", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1021.006": { + Name: "TA0008: Lateral Movement => T1021.006: Windows Remote Management", + Platforms: []string{"Windows"}, + }, + "T1025": { + Name: "TA0009: Collection => T1025: Data from Removable Media", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1027": { + Name: "TA0005: Defense Evasion => T1027: Obfuscated Files or Information", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1027.001": { + Name: "TA0005: Defense Evasion => T1027.001: Binary Padding", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1027.002": { + Name: "TA0005: Defense Evasion => T1027.002: Software Packing", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1027.003": { + Name: "TA0005: Defense Evasion => T1027.003: Steganography", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1027.004": { + Name: "TA0005: Defense Evasion => T1027.004: Compile After Delivery", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1027.005": { + Name: "TA0005: Defense Evasion => T1027.005: Indicator Removal from Tools", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1027.006": { + Name: "TA0005: Defense Evasion => T1027.006: HTML Smuggling", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1029": { + Name: "TA0010: Exfiltration => T1029: Scheduled Transfer", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1030": { + Name: "TA0010: Exfiltration => T1030: Data Transfer Size Limits", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1033": { + Name: "TA0007: Discovery => T1033: System Owner/User Discovery", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1036": { + Name: "TA0005: Defense Evasion => T1036: Masquerading", + Platforms: []string{"Containers", "Linux", "Windows", "macOS"}, + }, + "T1036.001": { + Name: "TA0005: Defense Evasion => T1036.001: Invalid Code Signature", + Platforms: []string{"Windows", "macOS"}, + }, + "T1036.002": { + Name: "TA0005: Defense Evasion => T1036.002: Right-to-Left Override", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1036.003": { + Name: "TA0005: Defense Evasion => T1036.003: Rename System Utilities", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1036.004": { + Name: "TA0005: Defense Evasion => T1036.004: Masquerade Task or Service", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1036.005": { + Name: "TA0005: Defense Evasion => T1036.005: Match Legitimate Name or Location", + Platforms: []string{"Containers", "Linux", "Windows", "macOS"}, + }, + "T1036.006": { + Name: "TA0005: Defense Evasion => T1036.006: Space after Filename", + Platforms: []string{"Linux", "macOS"}, + }, + "T1036.007": { + Name: "TA0005: Defense Evasion => T1036.007: Double File Extension", + Platforms: []string{"Windows"}, + }, + "T1037": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1037: Boot or Logon Initialization Scripts", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1037.001": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1037.001: Logon Script (Windows)", + Platforms: []string{"Windows"}, + }, + "T1037.002": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1037.002: Login Hook", + Platforms: []string{"macOS"}, + }, + "T1037.003": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1037.003: Network Logon Script", + Platforms: []string{"Windows"}, + }, + "T1037.004": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1037.004: RC Scripts", + Platforms: []string{"Linux", "macOS"}, + }, + "T1037.005": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1037.005: Startup Items", + Platforms: []string{"macOS"}, + }, + "T1039": { + Name: "TA0009: Collection => T1039: Data from Network Shared Drive", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1040": { + Name: "TA0006: Credential Access, TA0007: Discovery => T1040: Network Sniffing", + Platforms: []string{"IaaS", "Linux", "Network", "Windows", "macOS"}, + }, + "T1041": { + Name: "TA0010: Exfiltration => T1041: Exfiltration Over C2 Channel", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1046": { + Name: "TA0007: Discovery => T1046: Network Service Discovery", + Platforms: []string{"Containers", "IaaS", "Linux", "Network", "Windows", "macOS"}, + }, + "T1047": { + Name: "TA0002: Execution => T1047: Windows Management Instrumentation", + Platforms: []string{"Windows"}, + }, + "T1048": { + Name: "TA0010: Exfiltration => T1048: Exfiltration Over Alternative Protocol", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1048.001": { + Name: "TA0010: Exfiltration => T1048.001: Exfiltration Over Symmetric Encrypted Non-C2 Protocol", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1048.002": { + Name: "TA0010: Exfiltration => T1048.002: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1048.003": { + Name: "TA0010: Exfiltration => T1048.003: Exfiltration Over Unencrypted Non-C2 Protocol", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1049": { + Name: "TA0007: Discovery => T1049: System Network Connections Discovery", + Platforms: []string{"IaaS", "Linux", "Network", "Windows", "macOS"}, + }, + "T1052": { + Name: "TA0010: Exfiltration => T1052: Exfiltration Over Physical Medium", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1052.001": { + Name: "TA0010: Exfiltration => T1052.001: Exfiltration over USB", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1053": { + Name: "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation => T1053: Scheduled Task/Job", + Platforms: []string{"Containers", "Linux", "Windows", "macOS"}, + }, + "T1053.002": { + Name: "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation => T1053.002: At", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1053.003": { + Name: "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation => T1053.003: Cron", + Platforms: []string{"Linux", "macOS"}, + }, + "T1053.005": { + Name: "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation => T1053.005: Scheduled Task", + Platforms: []string{"Windows"}, + }, + "T1053.006": { + Name: "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation => T1053.006: Systemd Timers", + Platforms: []string{"Linux"}, + }, + "T1053.007": { + Name: "TA0002: Execution, TA0003: Persistence, TA0004: Privilege Escalation => T1053.007: Container Orchestration Job", + Platforms: []string{"Containers"}, + }, + "T1055": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1055: Process Injection", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1055.001": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1055.001: Dynamic-link Library Injection", + Platforms: []string{"Windows"}, + }, + "T1055.002": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1055.002: Portable Executable Injection", + Platforms: []string{"Windows"}, + }, + "T1055.003": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1055.003: Thread Execution Hijacking", + Platforms: []string{"Windows"}, + }, + "T1055.004": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1055.004: Asynchronous Procedure Call", + Platforms: []string{"Windows"}, + }, + "T1055.005": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1055.005: Thread Local Storage", + Platforms: []string{"Windows"}, + }, + "T1055.008": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1055.008: Ptrace System Calls", + Platforms: []string{"Linux"}, + }, + "T1055.009": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1055.009: Proc Memory", + Platforms: []string{"Linux"}, + }, + "T1055.011": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1055.011: Extra Window Memory Injection", + Platforms: []string{"Windows"}, + }, + "T1055.012": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1055.012: Process Hollowing", + Platforms: []string{"Windows"}, + }, + "T1055.013": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1055.013: Process Doppelgänging", + Platforms: []string{"Windows"}, + }, + "T1055.014": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1055.014: VDSO Hijacking", + Platforms: []string{"Linux"}, + }, + "T1055.015": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1055.015: ListPlanting", + Platforms: []string{"Windows"}, + }, + "T1056": { + Name: "TA0006: Credential Access, TA0009: Collection => T1056: Input Capture", + Platforms: []string{"Linux", "Network", "Windows", "macOS"}, + }, + "T1056.001": { + Name: "TA0006: Credential Access, TA0009: Collection => T1056.001: Keylogging", + Platforms: []string{"Linux", "Network", "Windows", "macOS"}, + }, + "T1056.002": { + Name: "TA0006: Credential Access, TA0009: Collection => T1056.002: GUI Input Capture", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1056.003": { + Name: "TA0006: Credential Access, TA0009: Collection => T1056.003: Web Portal Capture", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1056.004": { + Name: "TA0006: Credential Access, TA0009: Collection => T1056.004: Credential API Hooking", + Platforms: []string{"Windows"}, + }, + "T1057": { + Name: "TA0007: Discovery => T1057: Process Discovery", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1059": { + Name: "TA0002: Execution => T1059: Command and Scripting Interpreter", + Platforms: []string{"Linux", "Network", "Windows", "macOS"}, + }, + "T1059.001": { + Name: "TA0002: Execution => T1059.001: PowerShell", + Platforms: []string{"Windows"}, + }, + "T1059.002": { + Name: "TA0002: Execution => T1059.002: AppleScript", + Platforms: []string{"macOS"}, + }, + "T1059.003": { + Name: "TA0002: Execution => T1059.003: Windows Command Shell", + Platforms: []string{"Windows"}, + }, + "T1059.004": { + Name: "TA0002: Execution => T1059.004: Unix Shell", + Platforms: []string{"Linux", "macOS"}, + }, + "T1059.005": { + Name: "TA0002: Execution => T1059.005: Visual Basic", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1059.006": { + Name: "TA0002: Execution => T1059.006: Python", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1059.007": { + Name: "TA0002: Execution => T1059.007: JavaScript", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1059.008": { + Name: "TA0002: Execution => T1059.008: Network Device CLI", + Platforms: []string{"Network"}, + }, + "T1068": { + Name: "TA0004: Privilege Escalation => T1068: Exploitation for Privilege Escalation", + Platforms: []string{"Containers", "Linux", "Windows", "macOS"}, + }, + "T1069": { + Name: "TA0007: Discovery => T1069: Permission Groups Discovery", + Platforms: []string{"Azure AD", "Containers", "Google Workspace", "IaaS", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1069.001": { + Name: "TA0007: Discovery => T1069.001: Local Groups", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1069.002": { + Name: "TA0007: Discovery => T1069.002: Domain Groups", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1069.003": { + Name: "TA0007: Discovery => T1069.003: Cloud Groups", + Platforms: []string{"Azure AD", "Google Workspace", "IaaS", "Office 365", "SaaS"}, + }, + "T1070": { + Name: "TA0005: Defense Evasion => T1070: Indicator Removal on Host", + Platforms: []string{"Containers", "Linux", "Network", "Windows", "macOS"}, + }, + "T1070.001": { + Name: "TA0005: Defense Evasion => T1070.001: Clear Windows Event Logs", + Platforms: []string{"Windows"}, + }, + "T1070.002": { + Name: "TA0005: Defense Evasion => T1070.002: Clear Linux or Mac System Logs", + Platforms: []string{"Linux", "macOS"}, + }, + "T1070.003": { + Name: "TA0005: Defense Evasion => T1070.003: Clear Command History", + Platforms: []string{"Linux", "Network", "Windows", "macOS"}, + }, + "T1070.004": { + Name: "TA0005: Defense Evasion => T1070.004: File Deletion", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1070.005": { + Name: "TA0005: Defense Evasion => T1070.005: Network Share Connection Removal", + Platforms: []string{"Windows"}, + }, + "T1070.006": { + Name: "TA0005: Defense Evasion => T1070.006: Timestomp", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1071": { + Name: "TA0011: Command and Control => T1071: Application Layer Protocol", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1071.001": { + Name: "TA0011: Command and Control => T1071.001: Web Protocols", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1071.002": { + Name: "TA0011: Command and Control => T1071.002: File Transfer Protocols", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1071.003": { + Name: "TA0011: Command and Control => T1071.003: Mail Protocols", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1071.004": { + Name: "TA0011: Command and Control => T1071.004: DNS", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1072": { + Name: "TA0002: Execution, TA0008: Lateral Movement => T1072: Software Deployment Tools", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1074": { + Name: "TA0009: Collection => T1074: Data Staged", + Platforms: []string{"IaaS", "Linux", "Windows", "macOS"}, + }, + "T1074.001": { + Name: "TA0009: Collection => T1074.001: Local Data Staging", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1074.002": { + Name: "TA0009: Collection => T1074.002: Remote Data Staging", + Platforms: []string{"IaaS", "Linux", "Windows", "macOS"}, + }, + "T1078": { + Name: "TA0001: Initial Access, TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion => T1078: Valid Accounts", + Platforms: []string{"Azure AD", "Containers", "Google Workspace", "IaaS", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1078.001": { + Name: "TA0001: Initial Access, TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion => T1078.001: Default Accounts", + Platforms: []string{"Azure AD", "Containers", "Google Workspace", "IaaS", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1078.002": { + Name: "TA0001: Initial Access, TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion => T1078.002: Domain Accounts", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1078.003": { + Name: "TA0001: Initial Access, TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion => T1078.003: Local Accounts", + Platforms: []string{"Containers", "Linux", "Windows", "macOS"}, + }, + "T1078.004": { + Name: "TA0001: Initial Access, TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion => T1078.004: Cloud Accounts", + Platforms: []string{"Azure AD", "Google Workspace", "IaaS", "Office 365", "SaaS"}, + }, + "T1080": { + Name: "TA0008: Lateral Movement => T1080: Taint Shared Content", + Platforms: []string{"Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1082": { + Name: "TA0007: Discovery => T1082: System Information Discovery", + Platforms: []string{"IaaS", "Linux", "Network", "Windows", "macOS"}, + }, + "T1083": { + Name: "TA0007: Discovery => T1083: File and Directory Discovery", + Platforms: []string{"Linux", "Network", "Windows", "macOS"}, + }, + "T1087": { + Name: "TA0007: Discovery => T1087: Account Discovery", + Platforms: []string{"Azure AD", "Google Workspace", "IaaS", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1087.001": { + Name: "TA0007: Discovery => T1087.001: Local Account", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1087.002": { + Name: "TA0007: Discovery => T1087.002: Domain Account", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1087.003": { + Name: "TA0007: Discovery => T1087.003: Email Account", + Platforms: []string{"Google Workspace", "Office 365", "Windows"}, + }, + "T1087.004": { + Name: "TA0007: Discovery => T1087.004: Cloud Account", + Platforms: []string{"Azure AD", "Google Workspace", "IaaS", "Office 365", "SaaS"}, + }, + "T1090": { + Name: "TA0011: Command and Control => T1090: Proxy", + Platforms: []string{"Linux", "Network", "Windows", "macOS"}, + }, + "T1090.001": { + Name: "TA0011: Command and Control => T1090.001: Internal Proxy", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1090.002": { + Name: "TA0011: Command and Control => T1090.002: External Proxy", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1090.003": { + Name: "TA0011: Command and Control => T1090.003: Multi-hop Proxy", + Platforms: []string{"Linux", "Network", "Windows", "macOS"}, + }, + "T1090.004": { + Name: "TA0011: Command and Control => T1090.004: Domain Fronting", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1091": { + Name: "TA0001: Initial Access, TA0008: Lateral Movement => T1091: Replication Through Removable Media", + Platforms: []string{"Windows"}, + }, + "T1092": { + Name: "TA0011: Command and Control => T1092: Communication Through Removable Media", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1095": { + Name: "TA0011: Command and Control => T1095: Non-Application Layer Protocol", + Platforms: []string{"Linux", "Network", "Windows", "macOS"}, + }, + "T1098": { + Name: "TA0003: Persistence => T1098: Account Manipulation", + Platforms: []string{"Azure AD", "Google Workspace", "IaaS", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1098.001": { + Name: "TA0003: Persistence => T1098.001: Additional Cloud Credentials", + Platforms: []string{"Azure AD", "IaaS", "SaaS"}, + }, + "T1098.002": { + Name: "TA0003: Persistence => T1098.002: Additional Email Delegate Permissions", + Platforms: []string{"Google Workspace", "Office 365", "Windows"}, + }, + "T1098.003": { + Name: "TA0003: Persistence => T1098.003: Additional Cloud Roles", + Platforms: []string{"Azure AD", "Google Workspace", "IaaS", "Office 365", "SaaS"}, + }, + "T1098.004": { + Name: "TA0003: Persistence => T1098.004: SSH Authorized Keys", + Platforms: []string{"IaaS", "Linux", "macOS"}, + }, + "T1098.005": { + Name: "TA0003: Persistence => T1098.005: Device Registration", + Platforms: []string{"Azure AD", "SaaS", "Windows"}, + }, + "T1102": { + Name: "TA0011: Command and Control => T1102: Web Service", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1102.001": { + Name: "TA0011: Command and Control => T1102.001: Dead Drop Resolver", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1102.002": { + Name: "TA0011: Command and Control => T1102.002: Bidirectional Communication", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1102.003": { + Name: "TA0011: Command and Control => T1102.003: One-Way Communication", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1104": { + Name: "TA0011: Command and Control => T1104: Multi-Stage Channels", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1105": { + Name: "TA0011: Command and Control => T1105: Ingress Tool Transfer", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1106": { + Name: "TA0002: Execution => T1106: Native API", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1110": { + Name: "TA0006: Credential Access => T1110: Brute Force", + Platforms: []string{"Azure AD", "Containers", "Google Workspace", "IaaS", "Linux", "Network", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1110.001": { + Name: "TA0006: Credential Access => T1110.001: Password Guessing", + Platforms: []string{"Azure AD", "Containers", "Google Workspace", "IaaS", "Linux", "Network", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1110.002": { + Name: "TA0006: Credential Access => T1110.002: Password Cracking", + Platforms: []string{"Azure AD", "Linux", "Network", "Office 365", "Windows", "macOS"}, + }, + "T1110.003": { + Name: "TA0006: Credential Access => T1110.003: Password Spraying", + Platforms: []string{"Azure AD", "Containers", "Google Workspace", "IaaS", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1110.004": { + Name: "TA0006: Credential Access => T1110.004: Credential Stuffing", + Platforms: []string{"Azure AD", "Containers", "Google Workspace", "IaaS", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1111": { + Name: "TA0006: Credential Access => T1111: Multi-Factor Authentication Interception", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1112": { + Name: "TA0005: Defense Evasion => T1112: Modify Registry", + Platforms: []string{"Windows"}, + }, + "T1113": { + Name: "TA0009: Collection => T1113: Screen Capture", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1114": { + Name: "TA0009: Collection => T1114: Email Collection", + Platforms: []string{"Google Workspace", "Linux", "Office 365", "Windows", "macOS"}, + }, + "T1114.001": { + Name: "TA0009: Collection => T1114.001: Local Email Collection", + Platforms: []string{"Windows"}, + }, + "T1114.002": { + Name: "TA0009: Collection => T1114.002: Remote Email Collection", + Platforms: []string{"Google Workspace", "Office 365", "Windows"}, + }, + "T1114.003": { + Name: "TA0009: Collection => T1114.003: Email Forwarding Rule", + Platforms: []string{"Google Workspace", "Linux", "Office 365", "Windows", "macOS"}, + }, + "T1115": { + Name: "TA0009: Collection => T1115: Clipboard Data", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1119": { + Name: "TA0009: Collection => T1119: Automated Collection", + Platforms: []string{"IaaS", "Linux", "SaaS", "Windows", "macOS"}, + }, + "T1120": { + Name: "TA0007: Discovery => T1120: Peripheral Device Discovery", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1123": { + Name: "TA0009: Collection => T1123: Audio Capture", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1124": { + Name: "TA0007: Discovery => T1124: System Time Discovery", + Platforms: []string{"Windows"}, + }, + "T1125": { + Name: "TA0009: Collection => T1125: Video Capture", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1127": { + Name: "TA0005: Defense Evasion => T1127: Trusted Developer Utilities Proxy Execution", + Platforms: []string{"Windows"}, + }, + "T1127.001": { + Name: "TA0005: Defense Evasion => T1127.001: MSBuild", + Platforms: []string{"Windows"}, + }, + "T1129": { + Name: "TA0002: Execution => T1129: Shared Modules", + Platforms: []string{"Windows"}, + }, + "T1132": { + Name: "TA0011: Command and Control => T1132: Data Encoding", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1132.001": { + Name: "TA0011: Command and Control => T1132.001: Standard Encoding", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1132.002": { + Name: "TA0011: Command and Control => T1132.002: Non-Standard Encoding", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1133": { + Name: "TA0001: Initial Access, TA0003: Persistence => T1133: External Remote Services", + Platforms: []string{"Containers", "Linux", "Windows", "macOS"}, + }, + "T1134": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1134: Access Token Manipulation", + Platforms: []string{"Windows"}, + }, + "T1134.001": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1134.001: Token Impersonation/Theft", + Platforms: []string{"Windows"}, + }, + "T1134.002": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1134.002: Create Process with Token", + Platforms: []string{"Windows"}, + }, + "T1134.003": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1134.003: Make and Impersonate Token", + Platforms: []string{"Windows"}, + }, + "T1134.004": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1134.004: Parent PID Spoofing", + Platforms: []string{"Windows"}, + }, + "T1134.005": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1134.005: SID-History Injection", + Platforms: []string{"Windows"}, + }, + "T1135": { + Name: "TA0007: Discovery => T1135: Network Share Discovery", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1136": { + Name: "TA0003: Persistence => T1136: Create Account", + Platforms: []string{"Azure AD", "Google Workspace", "IaaS", "Linux", "Office 365", "Windows", "macOS"}, + }, + "T1136.001": { + Name: "TA0003: Persistence => T1136.001: Local Account", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1136.002": { + Name: "TA0003: Persistence => T1136.002: Domain Account", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1136.003": { + Name: "TA0003: Persistence => T1136.003: Cloud Account", + Platforms: []string{"Azure AD", "Google Workspace", "IaaS", "Office 365", "SaaS"}, + }, + "T1137": { + Name: "TA0003: Persistence => T1137: Office Application Startup", + Platforms: []string{"Office 365", "Windows"}, + }, + "T1137.001": { + Name: "TA0003: Persistence => T1137.001: Office Template Macros", + Platforms: []string{"Office 365", "Windows"}, + }, + "T1137.002": { + Name: "TA0003: Persistence => T1137.002: Office Test", + Platforms: []string{"Office 365", "Windows"}, + }, + "T1137.003": { + Name: "TA0003: Persistence => T1137.003: Outlook Forms", + Platforms: []string{"Office 365", "Windows"}, + }, + "T1137.004": { + Name: "TA0003: Persistence => T1137.004: Outlook Home Page", + Platforms: []string{"Office 365", "Windows"}, + }, + "T1137.005": { + Name: "TA0003: Persistence => T1137.005: Outlook Rules", + Platforms: []string{"Office 365", "Windows"}, + }, + "T1137.006": { + Name: "TA0003: Persistence => T1137.006: Add-ins", + Platforms: []string{"Office 365", "Windows"}, + }, + "T1140": { + Name: "TA0005: Defense Evasion => T1140: Deobfuscate/Decode Files or Information", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1176": { + Name: "TA0003: Persistence => T1176: Browser Extensions", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1185": { + Name: "TA0009: Collection => T1185: Browser Session Hijacking", + Platforms: []string{"Windows"}, + }, + "T1187": { + Name: "TA0006: Credential Access => T1187: Forced Authentication", + Platforms: []string{"Windows"}, + }, + "T1189": { + Name: "TA0001: Initial Access => T1189: Drive-by Compromise", + Platforms: []string{"Linux", "SaaS", "Windows", "macOS"}, + }, + "T1190": { + Name: "TA0001: Initial Access => T1190: Exploit Public-Facing Application", + Platforms: []string{"Containers", "IaaS", "Linux", "Network", "Windows", "macOS"}, + }, + "T1195": { + Name: "TA0001: Initial Access => T1195: Supply Chain Compromise", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1195.001": { + Name: "TA0001: Initial Access => T1195.001: Compromise Software Dependencies and Development Tools", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1195.002": { + Name: "TA0001: Initial Access => T1195.002: Compromise Software Supply Chain", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1195.003": { + Name: "TA0001: Initial Access => T1195.003: Compromise Hardware Supply Chain", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1197": { + Name: "TA0003: Persistence, TA0005: Defense Evasion => T1197: BITS Jobs", + Platforms: []string{"Windows"}, + }, + "T1199": { + Name: "TA0001: Initial Access => T1199: Trusted Relationship", + Platforms: []string{"IaaS", "Linux", "SaaS", "Windows", "macOS"}, + }, + "T1200": { + Name: "TA0001: Initial Access => T1200: Hardware Additions", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1201": { + Name: "TA0007: Discovery => T1201: Password Policy Discovery", + Platforms: []string{"IaaS", "Linux", "Network", "Windows", "macOS"}, + }, + "T1202": { + Name: "TA0005: Defense Evasion => T1202: Indirect Command Execution", + Platforms: []string{"Windows"}, + }, + "T1203": { + Name: "TA0002: Execution => T1203: Exploitation for Client Execution", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1204": { + Name: "TA0002: Execution => T1204: User Execution", + Platforms: []string{"Containers", "IaaS", "Linux", "Windows", "macOS"}, + }, + "T1204.001": { + Name: "TA0002: Execution => T1204.001: Malicious Link", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1204.002": { + Name: "TA0002: Execution => T1204.002: Malicious File", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1204.003": { + Name: "TA0002: Execution => T1204.003: Malicious Image", + Platforms: []string{"Containers", "IaaS"}, + }, + "T1205": { + Name: "TA0003: Persistence, TA0005: Defense Evasion, TA0011: Command and Control => T1205: Traffic Signaling", + Platforms: []string{"Linux", "Network", "Windows", "macOS"}, + }, + "T1205.001": { + Name: "TA0003: Persistence, TA0005: Defense Evasion, TA0011: Command and Control => T1205.001: Port Knocking", + Platforms: []string{"Linux", "Network", "Windows", "macOS"}, + }, + "T1207": { + Name: "TA0005: Defense Evasion => T1207: Rogue Domain Controller", + Platforms: []string{"Windows"}, + }, + "T1210": { + Name: "TA0008: Lateral Movement => T1210: Exploitation of Remote Services", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1211": { + Name: "TA0005: Defense Evasion => T1211: Exploitation for Defense Evasion", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1212": { + Name: "TA0006: Credential Access => T1212: Exploitation for Credential Access", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1213": { + Name: "TA0009: Collection => T1213: Data from Information Repositories", + Platforms: []string{"Google Workspace", "IaaS", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1213.001": { + Name: "TA0009: Collection => T1213.001: Confluence", + Platforms: []string{"SaaS"}, + }, + "T1213.002": { + Name: "TA0009: Collection => T1213.002: Sharepoint", + Platforms: []string{"Office 365", "Windows"}, + }, + "T1213.003": { + Name: "TA0009: Collection => T1213.003: Code Repositories", + Platforms: []string{"SaaS"}, + }, + "T1216": { + Name: "TA0005: Defense Evasion => T1216: System Script Proxy Execution", + Platforms: []string{"Windows"}, + }, + "T1216.001": { + Name: "TA0005: Defense Evasion => T1216.001: PubPrn", + Platforms: []string{"Windows"}, + }, + "T1217": { + Name: "TA0007: Discovery => T1217: Browser Bookmark Discovery", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1218": { + Name: "TA0005: Defense Evasion => T1218: System Binary Proxy Execution", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1218.001": { + Name: "TA0005: Defense Evasion => T1218.001: Compiled HTML File", + Platforms: []string{"Windows"}, + }, + "T1218.002": { + Name: "TA0005: Defense Evasion => T1218.002: Control Panel", + Platforms: []string{"Windows"}, + }, + "T1218.003": { + Name: "TA0005: Defense Evasion => T1218.003: CMSTP", + Platforms: []string{"Windows"}, + }, + "T1218.004": { + Name: "TA0005: Defense Evasion => T1218.004: InstallUtil", + Platforms: []string{"Windows"}, + }, + "T1218.005": { + Name: "TA0005: Defense Evasion => T1218.005: Mshta", + Platforms: []string{"Windows"}, + }, + "T1218.007": { + Name: "TA0005: Defense Evasion => T1218.007: Msiexec", + Platforms: []string{"Windows"}, + }, + "T1218.008": { + Name: "TA0005: Defense Evasion => T1218.008: Odbcconf", + Platforms: []string{"Windows"}, + }, + "T1218.009": { + Name: "TA0005: Defense Evasion => T1218.009: Regsvcs/Regasm", + Platforms: []string{"Windows"}, + }, + "T1218.010": { + Name: "TA0005: Defense Evasion => T1218.010: Regsvr32", + Platforms: []string{"Windows"}, + }, + "T1218.011": { + Name: "TA0005: Defense Evasion => T1218.011: Rundll32", + Platforms: []string{"Windows"}, + }, + "T1218.012": { + Name: "TA0005: Defense Evasion => T1218.012: Verclsid", + Platforms: []string{"Windows"}, + }, + "T1218.013": { + Name: "TA0005: Defense Evasion => T1218.013: Mavinject", + Platforms: []string{"Windows"}, + }, + "T1218.014": { + Name: "TA0005: Defense Evasion => T1218.014: MMC", + Platforms: []string{"Windows"}, + }, + "T1219": { + Name: "TA0011: Command and Control => T1219: Remote Access Software", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1220": { + Name: "TA0005: Defense Evasion => T1220: XSL Script Processing", + Platforms: []string{"Windows"}, + }, + "T1221": { + Name: "TA0005: Defense Evasion => T1221: Template Injection", + Platforms: []string{"Windows"}, + }, + "T1222": { + Name: "TA0005: Defense Evasion => T1222: File and Directory Permissions Modification", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1222.001": { + Name: "TA0005: Defense Evasion => T1222.001: Windows File and Directory Permissions Modification", + Platforms: []string{"Windows"}, + }, + "T1222.002": { + Name: "TA0005: Defense Evasion => T1222.002: Linux and Mac File and Directory Permissions Modification", + Platforms: []string{"Linux", "macOS"}, + }, + "T1480": { + Name: "TA0005: Defense Evasion => T1480: Execution Guardrails", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1480.001": { + Name: "TA0005: Defense Evasion => T1480.001: Environmental Keying", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1482": { + Name: "TA0007: Discovery => T1482: Domain Trust Discovery", + Platforms: []string{"Windows"}, + }, + "T1484": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1484: Domain Policy Modification", + Platforms: []string{"Azure AD", "Windows"}, + }, + "T1484.001": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1484.001: Group Policy Modification", + Platforms: []string{"Windows"}, + }, + "T1484.002": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1484.002: Domain Trust Modification", + Platforms: []string{"Azure AD", "Windows"}, + }, + "T1485": { + Name: "TA0040: Impact => T1485: Data Destruction", + Platforms: []string{"IaaS", "Linux", "Windows", "macOS"}, + }, + "T1486": { + Name: "TA0040: Impact => T1486: Data Encrypted for Impact", + Platforms: []string{"IaaS", "Linux", "Windows", "macOS"}, + }, + "T1489": { + Name: "TA0040: Impact => T1489: Service Stop", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1490": { + Name: "TA0040: Impact => T1490: Inhibit System Recovery", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1491": { + Name: "TA0040: Impact => T1491: Defacement", + Platforms: []string{"IaaS", "Linux", "Windows", "macOS"}, + }, + "T1491.001": { + Name: "TA0040: Impact => T1491.001: Internal Defacement", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1491.002": { + Name: "TA0040: Impact => T1491.002: External Defacement", + Platforms: []string{"IaaS", "Linux", "Windows", "macOS"}, + }, + "T1495": { + Name: "TA0040: Impact => T1495: Firmware Corruption", + Platforms: []string{"Linux", "Network", "Windows", "macOS"}, + }, + "T1496": { + Name: "TA0040: Impact => T1496: Resource Hijacking", + Platforms: []string{"Containers", "IaaS", "Linux", "Windows", "macOS"}, + }, + "T1497": { + Name: "TA0005: Defense Evasion, TA0007: Discovery => T1497: Virtualization/Sandbox Evasion", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1497.001": { + Name: "TA0005: Defense Evasion, TA0007: Discovery => T1497.001: System Checks", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1497.002": { + Name: "TA0005: Defense Evasion, TA0007: Discovery => T1497.002: User Activity Based Checks", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1497.003": { + Name: "TA0005: Defense Evasion, TA0007: Discovery => T1497.003: Time Based Evasion", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1498": { + Name: "TA0040: Impact => T1498: Network Denial of Service", + Platforms: []string{"Azure AD", "Containers", "Google Workspace", "IaaS", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1498.001": { + Name: "TA0040: Impact => T1498.001: Direct Network Flood", + Platforms: []string{"Azure AD", "Google Workspace", "IaaS", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1498.002": { + Name: "TA0040: Impact => T1498.002: Reflection Amplification", + Platforms: []string{"Azure AD", "Google Workspace", "IaaS", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1499": { + Name: "TA0040: Impact => T1499: Endpoint Denial of Service", + Platforms: []string{"Azure AD", "Containers", "Google Workspace", "IaaS", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1499.001": { + Name: "TA0040: Impact => T1499.001: OS Exhaustion Flood", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1499.002": { + Name: "TA0040: Impact => T1499.002: Service Exhaustion Flood", + Platforms: []string{"Azure AD", "Google Workspace", "IaaS", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1499.003": { + Name: "TA0040: Impact => T1499.003: Application Exhaustion Flood", + Platforms: []string{"Azure AD", "Google Workspace", "IaaS", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1499.004": { + Name: "TA0040: Impact => T1499.004: Application or System Exploitation", + Platforms: []string{"Azure AD", "Google Workspace", "IaaS", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1505": { + Name: "TA0003: Persistence => T1505: Server Software Component", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1505.001": { + Name: "TA0003: Persistence => T1505.001: SQL Stored Procedures", + Platforms: []string{"Linux", "Windows"}, + }, + "T1505.002": { + Name: "TA0003: Persistence => T1505.002: Transport Agent", + Platforms: []string{"Linux", "Windows"}, + }, + "T1505.003": { + Name: "TA0003: Persistence => T1505.003: Web Shell", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1505.004": { + Name: "TA0003: Persistence => T1505.004: IIS Components", + Platforms: []string{"Windows"}, + }, + "T1505.005": { + Name: "TA0003: Persistence => T1505.005: Terminal Services DLL", + Platforms: []string{"Windows"}, + }, + "T1518": { + Name: "TA0007: Discovery => T1518: Software Discovery", + Platforms: []string{"Azure AD", "Google Workspace", "IaaS", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1518.001": { + Name: "TA0007: Discovery => T1518.001: Security Software Discovery", + Platforms: []string{"Azure AD", "Google Workspace", "IaaS", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1525": { + Name: "TA0003: Persistence => T1525: Implant Internal Image", + Platforms: []string{"Containers", "IaaS"}, + }, + "T1526": { + Name: "TA0007: Discovery => T1526: Cloud Service Discovery", + Platforms: []string{"Azure AD", "Google Workspace", "IaaS", "Office 365", "SaaS"}, + }, + "T1528": { + Name: "TA0006: Credential Access => T1528: Steal Application Access Token", + Platforms: []string{"Azure AD", "Containers", "Google Workspace", "Office 365", "SaaS"}, + }, + "T1529": { + Name: "TA0040: Impact => T1529: System Shutdown/Reboot", + Platforms: []string{"Linux", "Network", "Windows", "macOS"}, + }, + "T1530": { + Name: "TA0009: Collection => T1530: Data from Cloud Storage Object", + Platforms: []string{"IaaS"}, + }, + "T1531": { + Name: "TA0040: Impact => T1531: Account Access Removal", + Platforms: []string{"Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1534": { + Name: "TA0008: Lateral Movement => T1534: Internal Spearphishing", + Platforms: []string{"Google Workspace", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1535": { + Name: "TA0005: Defense Evasion => T1535: Unused/Unsupported Cloud Regions", + Platforms: []string{"IaaS"}, + }, + "T1537": { + Name: "TA0010: Exfiltration => T1537: Transfer Data to Cloud Account", + Platforms: []string{"IaaS"}, + }, + "T1538": { + Name: "TA0007: Discovery => T1538: Cloud Service Dashboard", + Platforms: []string{"Azure AD", "Google Workspace", "IaaS", "Office 365"}, + }, + "T1539": { + Name: "TA0006: Credential Access => T1539: Steal Web Session Cookie", + Platforms: []string{"Google Workspace", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1542": { + Name: "TA0003: Persistence, TA0005: Defense Evasion => T1542: Pre-OS Boot", + Platforms: []string{"Linux", "Network", "Windows", "macOS"}, + }, + "T1542.001": { + Name: "TA0003: Persistence, TA0005: Defense Evasion => T1542.001: System Firmware", + Platforms: []string{"Windows"}, + }, + "T1542.002": { + Name: "TA0003: Persistence, TA0005: Defense Evasion => T1542.002: Component Firmware", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1542.003": { + Name: "TA0003: Persistence, TA0005: Defense Evasion => T1542.003: Bootkit", + Platforms: []string{"Linux", "Windows"}, + }, + "T1542.004": { + Name: "TA0003: Persistence, TA0005: Defense Evasion => T1542.004: ROMMONkit", + Platforms: []string{"Network"}, + }, + "T1542.005": { + Name: "TA0003: Persistence, TA0005: Defense Evasion => T1542.005: TFTP Boot", + Platforms: []string{"Network"}, + }, + "T1543": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1543: Create or Modify System Process", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1543.001": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1543.001: Launch Agent", + Platforms: []string{"macOS"}, + }, + "T1543.002": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1543.002: Systemd Service", + Platforms: []string{"Linux"}, + }, + "T1543.003": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1543.003: Windows Service", + Platforms: []string{"Windows"}, + }, + "T1543.004": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1543.004: Launch Daemon", + Platforms: []string{"macOS"}, + }, + "T1546": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1546: Event Triggered Execution", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1546.001": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1546.001: Change Default File Association", + Platforms: []string{"Windows"}, + }, + "T1546.002": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1546.002: Screensaver", + Platforms: []string{"Windows"}, + }, + "T1546.003": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1546.003: Windows Management Instrumentation Event Subscription", + Platforms: []string{"Windows"}, + }, + "T1546.004": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1546.004: Unix Shell Configuration Modification", + Platforms: []string{"Linux", "macOS"}, + }, + "T1546.005": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1546.005: Trap", + Platforms: []string{"Linux", "macOS"}, + }, + "T1546.006": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1546.006: LC_LOAD_DYLIB Addition", + Platforms: []string{"macOS"}, + }, + "T1546.007": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1546.007: Netsh Helper DLL", + Platforms: []string{"Windows"}, + }, + "T1546.008": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1546.008: Accessibility Features", + Platforms: []string{"Windows"}, + }, + "T1546.009": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1546.009: AppCert DLLs", + Platforms: []string{"Windows"}, + }, + "T1546.010": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1546.010: AppInit DLLs", + Platforms: []string{"Windows"}, + }, + "T1546.011": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1546.011: Application Shimming", + Platforms: []string{"Windows"}, + }, + "T1546.012": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1546.012: Image File Execution Options Injection", + Platforms: []string{"Windows"}, + }, + "T1546.013": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1546.013: PowerShell Profile", + Platforms: []string{"Windows"}, + }, + "T1546.014": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1546.014: Emond", + Platforms: []string{"macOS"}, + }, + "T1546.015": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1546.015: Component Object Model Hijacking", + Platforms: []string{"Windows"}, + }, + "T1547": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1547: Boot or Logon Autostart Execution", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1547.001": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1547.001: Registry Run Keys / Startup Folder", + Platforms: []string{"Windows"}, + }, + "T1547.002": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1547.002: Authentication Package", + Platforms: []string{"Windows"}, + }, + "T1547.003": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1547.003: Time Providers", + Platforms: []string{"Windows"}, + }, + "T1547.004": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1547.004: Winlogon Helper DLL", + Platforms: []string{"Windows"}, + }, + "T1547.005": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1547.005: Security Support Provider", + Platforms: []string{"Windows"}, + }, + "T1547.006": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1547.006: Kernel Modules and Extensions", + Platforms: []string{"Linux", "macOS"}, + }, + "T1547.007": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1547.007: Re-opened Applications", + Platforms: []string{"macOS"}, + }, + "T1547.008": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1547.008: LSASS Driver", + Platforms: []string{"Windows"}, + }, + "T1547.009": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1547.009: Shortcut Modification", + Platforms: []string{"Windows"}, + }, + "T1547.010": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1547.010: Port Monitors", + Platforms: []string{"Windows"}, + }, + "T1547.012": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1547.012: Print Processors", + Platforms: []string{"Windows"}, + }, + "T1547.013": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1547.013: XDG Autostart Entries", + Platforms: []string{"Linux"}, + }, + "T1547.014": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1547.014: Active Setup", + Platforms: []string{"Windows"}, + }, + "T1547.015": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation => T1547.015: Login Items", + Platforms: []string{"macOS"}, + }, + "T1548": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1548: Abuse Elevation Control Mechanism", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1548.001": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1548.001: Setuid and Setgid", + Platforms: []string{"Linux", "macOS"}, + }, + "T1548.002": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1548.002: Bypass User Account Control", + Platforms: []string{"Windows"}, + }, + "T1548.003": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1548.003: Sudo and Sudo Caching", + Platforms: []string{"Linux", "macOS"}, + }, + "T1548.004": { + Name: "TA0004: Privilege Escalation, TA0005: Defense Evasion => T1548.004: Elevated Execution with Prompt", + Platforms: []string{"macOS"}, + }, + "T1550": { + Name: "TA0005: Defense Evasion, TA0008: Lateral Movement => T1550: Use Alternate Authentication Material", + Platforms: []string{"Containers", "Google Workspace", "IaaS", "Office 365", "SaaS", "Windows"}, + }, + "T1550.001": { + Name: "TA0005: Defense Evasion, TA0008: Lateral Movement => T1550.001: Application Access Token", + Platforms: []string{"Containers", "Google Workspace", "Office 365", "SaaS"}, + }, + "T1550.002": { + Name: "TA0005: Defense Evasion, TA0008: Lateral Movement => T1550.002: Pass the Hash", + Platforms: []string{"Windows"}, + }, + "T1550.003": { + Name: "TA0005: Defense Evasion, TA0008: Lateral Movement => T1550.003: Pass the Ticket", + Platforms: []string{"Windows"}, + }, + "T1550.004": { + Name: "TA0005: Defense Evasion, TA0008: Lateral Movement => T1550.004: Web Session Cookie", + Platforms: []string{"Google Workspace", "IaaS", "Office 365", "SaaS"}, + }, + "T1552": { + Name: "TA0006: Credential Access => T1552: Unsecured Credentials", + Platforms: []string{"Azure AD", "Containers", "Google Workspace", "IaaS", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1552.001": { + Name: "TA0006: Credential Access => T1552.001: Credentials In Files", + Platforms: []string{"Containers", "IaaS", "Linux", "Windows", "macOS"}, + }, + "T1552.002": { + Name: "TA0006: Credential Access => T1552.002: Credentials in Registry", + Platforms: []string{"Windows"}, + }, + "T1552.003": { + Name: "TA0006: Credential Access => T1552.003: Bash History", + Platforms: []string{"Linux", "macOS"}, + }, + "T1552.004": { + Name: "TA0006: Credential Access => T1552.004: Private Keys", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1552.005": { + Name: "TA0006: Credential Access => T1552.005: Cloud Instance Metadata API", + Platforms: []string{"IaaS"}, + }, + "T1552.006": { + Name: "TA0006: Credential Access => T1552.006: Group Policy Preferences", + Platforms: []string{"Windows"}, + }, + "T1552.007": { + Name: "TA0006: Credential Access => T1552.007: Container API", + Platforms: []string{"Containers"}, + }, + "T1553": { + Name: "TA0005: Defense Evasion => T1553: Subvert Trust Controls", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1553.001": { + Name: "TA0005: Defense Evasion => T1553.001: Gatekeeper Bypass", + Platforms: []string{"macOS"}, + }, + "T1553.002": { + Name: "TA0005: Defense Evasion => T1553.002: Code Signing", + Platforms: []string{"Windows", "macOS"}, + }, + "T1553.003": { + Name: "TA0005: Defense Evasion => T1553.003: SIP and Trust Provider Hijacking", + Platforms: []string{"Windows"}, + }, + "T1553.004": { + Name: "TA0005: Defense Evasion => T1553.004: Install Root Certificate", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1553.005": { + Name: "TA0005: Defense Evasion => T1553.005: Mark-of-the-Web Bypass", + Platforms: []string{"Windows"}, + }, + "T1553.006": { + Name: "TA0005: Defense Evasion => T1553.006: Code Signing Policy Modification", + Platforms: []string{"Windows", "macOS"}, + }, + "T1554": { + Name: "TA0003: Persistence => T1554: Compromise Client Software Binary", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1555": { + Name: "TA0006: Credential Access => T1555: Credentials from Password Stores", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1555.001": { + Name: "TA0006: Credential Access => T1555.001: Keychain", + Platforms: []string{"macOS"}, + }, + "T1555.002": { + Name: "TA0006: Credential Access => T1555.002: Securityd Memory", + Platforms: []string{"Linux", "macOS"}, + }, + "T1555.003": { + Name: "TA0006: Credential Access => T1555.003: Credentials from Web Browsers", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1555.004": { + Name: "TA0006: Credential Access => T1555.004: Windows Credential Manager", + Platforms: []string{"Windows"}, + }, + "T1555.005": { + Name: "TA0006: Credential Access => T1555.005: Password Managers", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1556": { + Name: "TA0003: Persistence, TA0005: Defense Evasion, TA0006: Credential Access => T1556: Modify Authentication Process", + Platforms: []string{"Linux", "Network", "Windows", "macOS"}, + }, + "T1556.001": { + Name: "TA0003: Persistence, TA0005: Defense Evasion, TA0006: Credential Access => T1556.001: Domain Controller Authentication", + Platforms: []string{"Windows"}, + }, + "T1556.002": { + Name: "TA0003: Persistence, TA0005: Defense Evasion, TA0006: Credential Access => T1556.002: Password Filter DLL", + Platforms: []string{"Windows"}, + }, + "T1556.003": { + Name: "TA0003: Persistence, TA0005: Defense Evasion, TA0006: Credential Access => T1556.003: Pluggable Authentication Modules", + Platforms: []string{"Linux", "macOS"}, + }, + "T1556.004": { + Name: "TA0003: Persistence, TA0005: Defense Evasion, TA0006: Credential Access => T1556.004: Network Device Authentication", + Platforms: []string{"Network"}, + }, + "T1556.005": { + Name: "TA0003: Persistence, TA0005: Defense Evasion, TA0006: Credential Access => T1556.005: Reversible Encryption", + Platforms: []string{"Windows"}, + }, + "T1557": { + Name: "TA0006: Credential Access, TA0009: Collection => T1557: Adversary-in-the-Middle", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1557.001": { + Name: "TA0006: Credential Access, TA0009: Collection => T1557.001: LLMNR/NBT-NS Poisoning and SMB Relay", + Platforms: []string{"Windows"}, + }, + "T1557.002": { + Name: "TA0006: Credential Access, TA0009: Collection => T1557.002: ARP Cache Poisoning", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1557.003": { + Name: "TA0006: Credential Access, TA0009: Collection => T1557.003: DHCP Spoofing", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1558": { + Name: "TA0006: Credential Access => T1558: Steal or Forge Kerberos Tickets", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1558.001": { + Name: "TA0006: Credential Access => T1558.001: Golden Ticket", + Platforms: []string{"Windows"}, + }, + "T1558.002": { + Name: "TA0006: Credential Access => T1558.002: Silver Ticket", + Platforms: []string{"Windows"}, + }, + "T1558.003": { + Name: "TA0006: Credential Access => T1558.003: Kerberoasting", + Platforms: []string{"Windows"}, + }, + "T1558.004": { + Name: "TA0006: Credential Access => T1558.004: AS-REP Roasting", + Platforms: []string{"Windows"}, + }, + "T1559": { + Name: "TA0002: Execution => T1559: Inter-Process Communication", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1559.001": { + Name: "TA0002: Execution => T1559.001: Component Object Model", + Platforms: []string{"Windows"}, + }, + "T1559.002": { + Name: "TA0002: Execution => T1559.002: Dynamic Data Exchange", + Platforms: []string{"Windows"}, + }, + "T1559.003": { + Name: "TA0002: Execution => T1559.003: XPC Services", + Platforms: []string{"macOS"}, + }, + "T1560": { + Name: "TA0009: Collection => T1560: Archive Collected Data", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1560.001": { + Name: "TA0009: Collection => T1560.001: Archive via Utility", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1560.002": { + Name: "TA0009: Collection => T1560.002: Archive via Library", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1560.003": { + Name: "TA0009: Collection => T1560.003: Archive via Custom Method", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1561": { + Name: "TA0040: Impact => T1561: Disk Wipe", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1561.001": { + Name: "TA0040: Impact => T1561.001: Disk Content Wipe", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1561.002": { + Name: "TA0040: Impact => T1561.002: Disk Structure Wipe", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1562": { + Name: "TA0005: Defense Evasion => T1562: Impair Defenses", + Platforms: []string{"Containers", "IaaS", "Linux", "Network", "Office 365", "Windows", "macOS"}, + }, + "T1562.001": { + Name: "TA0005: Defense Evasion => T1562.001: Disable or Modify Tools", + Platforms: []string{"Containers", "IaaS", "Linux", "Windows", "macOS"}, + }, + "T1562.002": { + Name: "TA0005: Defense Evasion => T1562.002: Disable Windows Event Logging", + Platforms: []string{"Windows"}, + }, + "T1562.003": { + Name: "TA0005: Defense Evasion => T1562.003: Impair Command History Logging", + Platforms: []string{"Linux", "Network", "Windows", "macOS"}, + }, + "T1562.004": { + Name: "TA0005: Defense Evasion => T1562.004: Disable or Modify System Firewall", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1562.006": { + Name: "TA0005: Defense Evasion => T1562.006: Indicator Blocking", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1562.007": { + Name: "TA0005: Defense Evasion => T1562.007: Disable or Modify Cloud Firewall", + Platforms: []string{"IaaS"}, + }, + "T1562.008": { + Name: "TA0005: Defense Evasion => T1562.008: Disable Cloud Logs", + Platforms: []string{"IaaS"}, + }, + "T1562.009": { + Name: "TA0005: Defense Evasion => T1562.009: Safe Mode Boot", + Platforms: []string{"Windows"}, + }, + "T1562.010": { + Name: "TA0005: Defense Evasion => T1562.010: Downgrade Attack", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1563": { + Name: "TA0008: Lateral Movement => T1563: Remote Service Session Hijacking", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1563.001": { + Name: "TA0008: Lateral Movement => T1563.001: SSH Hijacking", + Platforms: []string{"Linux", "macOS"}, + }, + "T1563.002": { + Name: "TA0008: Lateral Movement => T1563.002: RDP Hijacking", + Platforms: []string{"Windows"}, + }, + "T1564": { + Name: "TA0005: Defense Evasion => T1564: Hide Artifacts", + Platforms: []string{"Linux", "Office 365", "Windows", "macOS"}, + }, + "T1564.001": { + Name: "TA0005: Defense Evasion => T1564.001: Hidden Files and Directories", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1564.002": { + Name: "TA0005: Defense Evasion => T1564.002: Hidden Users", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1564.003": { + Name: "TA0005: Defense Evasion => T1564.003: Hidden Window", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1564.004": { + Name: "TA0005: Defense Evasion => T1564.004: NTFS File Attributes", + Platforms: []string{"Windows"}, + }, + "T1564.005": { + Name: "TA0005: Defense Evasion => T1564.005: Hidden File System", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1564.006": { + Name: "TA0005: Defense Evasion => T1564.006: Run Virtual Instance", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1564.007": { + Name: "TA0005: Defense Evasion => T1564.007: VBA Stomping", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1564.008": { + Name: "TA0005: Defense Evasion => T1564.008: Email Hiding Rules", + Platforms: []string{"Google Workspace", "Linux", "Office 365", "Windows", "macOS"}, + }, + "T1564.009": { + Name: "TA0005: Defense Evasion => T1564.009: Resource Forking", + Platforms: []string{"macOS"}, + }, + "T1564.010": { + Name: "TA0005: Defense Evasion => T1564.010: Process Argument Spoofing", + Platforms: []string{"Windows"}, + }, + "T1565": { + Name: "TA0040: Impact => T1565: Data Manipulation", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1565.001": { + Name: "TA0040: Impact => T1565.001: Stored Data Manipulation", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1565.002": { + Name: "TA0040: Impact => T1565.002: Transmitted Data Manipulation", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1565.003": { + Name: "TA0040: Impact => T1565.003: Runtime Data Manipulation", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1566": { + Name: "TA0001: Initial Access => T1566: Phishing", + Platforms: []string{"Google Workspace", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1566.001": { + Name: "TA0001: Initial Access => T1566.001: Spearphishing Attachment", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1566.002": { + Name: "TA0001: Initial Access => T1566.002: Spearphishing Link", + Platforms: []string{"Google Workspace", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1566.003": { + Name: "TA0001: Initial Access => T1566.003: Spearphishing via Service", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1567": { + Name: "TA0010: Exfiltration => T1567: Exfiltration Over Web Service", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1567.001": { + Name: "TA0010: Exfiltration => T1567.001: Exfiltration to Code Repository", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1567.002": { + Name: "TA0010: Exfiltration => T1567.002: Exfiltration to Cloud Storage", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1568": { + Name: "TA0011: Command and Control => T1568: Dynamic Resolution", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1568.001": { + Name: "TA0011: Command and Control => T1568.001: Fast Flux DNS", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1568.002": { + Name: "TA0011: Command and Control => T1568.002: Domain Generation Algorithms", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1568.003": { + Name: "TA0011: Command and Control => T1568.003: DNS Calculation", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1569": { + Name: "TA0002: Execution => T1569: System Services", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1569.001": { + Name: "TA0002: Execution => T1569.001: Launchctl", + Platforms: []string{"macOS"}, + }, + "T1569.002": { + Name: "TA0002: Execution => T1569.002: Service Execution", + Platforms: []string{"Windows"}, + }, + "T1570": { + Name: "TA0008: Lateral Movement => T1570: Lateral Tool Transfer", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1571": { + Name: "TA0011: Command and Control => T1571: Non-Standard Port", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1572": { + Name: "TA0011: Command and Control => T1572: Protocol Tunneling", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1573": { + Name: "TA0011: Command and Control => T1573: Encrypted Channel", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1573.001": { + Name: "TA0011: Command and Control => T1573.001: Symmetric Cryptography", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1573.002": { + Name: "TA0011: Command and Control => T1573.002: Asymmetric Cryptography", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1574": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion => T1574: Hijack Execution Flow", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1574.001": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion => T1574.001: DLL Search Order Hijacking", + Platforms: []string{"Windows"}, + }, + "T1574.002": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion => T1574.002: DLL Side-Loading", + Platforms: []string{"Windows"}, + }, + "T1574.004": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion => T1574.004: Dylib Hijacking", + Platforms: []string{"macOS"}, + }, + "T1574.005": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion => T1574.005: Executable Installer File Permissions Weakness", + Platforms: []string{"Windows"}, + }, + "T1574.006": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion => T1574.006: Dynamic Linker Hijacking", + Platforms: []string{"Linux", "macOS"}, + }, + "T1574.007": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion => T1574.007: Path Interception by PATH Environment Variable", + Platforms: []string{"Windows"}, + }, + "T1574.008": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion => T1574.008: Path Interception by Search Order Hijacking", + Platforms: []string{"Windows"}, + }, + "T1574.009": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion => T1574.009: Path Interception by Unquoted Path", + Platforms: []string{"Windows"}, + }, + "T1574.010": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion => T1574.010: Services File Permissions Weakness", + Platforms: []string{"Windows"}, + }, + "T1574.011": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion => T1574.011: Services Registry Permissions Weakness", + Platforms: []string{"Windows"}, + }, + "T1574.012": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion => T1574.012: COR_PROFILER", + Platforms: []string{"Windows"}, + }, + "T1574.013": { + Name: "TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion => T1574.013: KernelCallbackTable", + Platforms: []string{"Windows"}, + }, + "T1578": { + Name: "TA0005: Defense Evasion => T1578: Modify Cloud Compute Infrastructure", + Platforms: []string{"IaaS"}, + }, + "T1578.001": { + Name: "TA0005: Defense Evasion => T1578.001: Create Snapshot", + Platforms: []string{"IaaS"}, + }, + "T1578.002": { + Name: "TA0005: Defense Evasion => T1578.002: Create Cloud Instance", + Platforms: []string{"IaaS"}, + }, + "T1578.003": { + Name: "TA0005: Defense Evasion => T1578.003: Delete Cloud Instance", + Platforms: []string{"IaaS"}, + }, + "T1578.004": { + Name: "TA0005: Defense Evasion => T1578.004: Revert Cloud Instance", + Platforms: []string{"IaaS"}, + }, + "T1580": { + Name: "TA0007: Discovery => T1580: Cloud Infrastructure Discovery", + Platforms: []string{"IaaS"}, + }, + "T1583": { + Name: "TA0042: Resource Development => T1583: Acquire Infrastructure", + Platforms: []string{"PRE"}, + }, + "T1583.001": { + Name: "TA0042: Resource Development => T1583.001: Domains", + Platforms: []string{"PRE"}, + }, + "T1583.002": { + Name: "TA0042: Resource Development => T1583.002: DNS Server", + Platforms: []string{"PRE"}, + }, + "T1583.003": { + Name: "TA0042: Resource Development => T1583.003: Virtual Private Server", + Platforms: []string{"PRE"}, + }, + "T1583.004": { + Name: "TA0042: Resource Development => T1583.004: Server", + Platforms: []string{"PRE"}, + }, + "T1583.005": { + Name: "TA0042: Resource Development => T1583.005: Botnet", + Platforms: []string{"PRE"}, + }, + "T1583.006": { + Name: "TA0042: Resource Development => T1583.006: Web Services", + Platforms: []string{"PRE"}, + }, + "T1584": { + Name: "TA0042: Resource Development => T1584: Compromise Infrastructure", + Platforms: []string{"PRE"}, + }, + "T1584.001": { + Name: "TA0042: Resource Development => T1584.001: Domains", + Platforms: []string{"PRE"}, + }, + "T1584.002": { + Name: "TA0042: Resource Development => T1584.002: DNS Server", + Platforms: []string{"PRE"}, + }, + "T1584.003": { + Name: "TA0042: Resource Development => T1584.003: Virtual Private Server", + Platforms: []string{"PRE"}, + }, + "T1584.004": { + Name: "TA0042: Resource Development => T1584.004: Server", + Platforms: []string{"PRE"}, + }, + "T1584.005": { + Name: "TA0042: Resource Development => T1584.005: Botnet", + Platforms: []string{"PRE"}, + }, + "T1584.006": { + Name: "TA0042: Resource Development => T1584.006: Web Services", + Platforms: []string{"PRE"}, + }, + "T1585": { + Name: "TA0042: Resource Development => T1585: Establish Accounts", + Platforms: []string{"PRE"}, + }, + "T1585.001": { + Name: "TA0042: Resource Development => T1585.001: Social Media Accounts", + Platforms: []string{"PRE"}, + }, + "T1585.002": { + Name: "TA0042: Resource Development => T1585.002: Email Accounts", + Platforms: []string{"PRE"}, + }, + "T1586": { + Name: "TA0042: Resource Development => T1586: Compromise Accounts", + Platforms: []string{"PRE"}, + }, + "T1586.001": { + Name: "TA0042: Resource Development => T1586.001: Social Media Accounts", + Platforms: []string{"PRE"}, + }, + "T1586.002": { + Name: "TA0042: Resource Development => T1586.002: Email Accounts", + Platforms: []string{"PRE"}, + }, + "T1587": { + Name: "TA0042: Resource Development => T1587: Develop Capabilities", + Platforms: []string{"PRE"}, + }, + "T1587.001": { + Name: "TA0042: Resource Development => T1587.001: Malware", + Platforms: []string{"PRE"}, + }, + "T1587.002": { + Name: "TA0042: Resource Development => T1587.002: Code Signing Certificates", + Platforms: []string{"PRE"}, + }, + "T1587.003": { + Name: "TA0042: Resource Development => T1587.003: Digital Certificates", + Platforms: []string{"PRE"}, + }, + "T1587.004": { + Name: "TA0042: Resource Development => T1587.004: Exploits", + Platforms: []string{"PRE"}, + }, + "T1588": { + Name: "TA0042: Resource Development => T1588: Obtain Capabilities", + Platforms: []string{"PRE"}, + }, + "T1588.001": { + Name: "TA0042: Resource Development => T1588.001: Malware", + Platforms: []string{"PRE"}, + }, + "T1588.002": { + Name: "TA0042: Resource Development => T1588.002: Tool", + Platforms: []string{"PRE"}, + }, + "T1588.003": { + Name: "TA0042: Resource Development => T1588.003: Code Signing Certificates", + Platforms: []string{"PRE"}, + }, + "T1588.004": { + Name: "TA0042: Resource Development => T1588.004: Digital Certificates", + Platforms: []string{"PRE"}, + }, + "T1588.005": { + Name: "TA0042: Resource Development => T1588.005: Exploits", + Platforms: []string{"PRE"}, + }, + "T1588.006": { + Name: "TA0042: Resource Development => T1588.006: Vulnerabilities", + Platforms: []string{"PRE"}, + }, + "T1589": { + Name: "TA0043: Reconnaissance => T1589: Gather Victim Identity Information", + Platforms: []string{"PRE"}, + }, + "T1589.001": { + Name: "TA0043: Reconnaissance => T1589.001: Credentials", + Platforms: []string{"PRE"}, + }, + "T1589.002": { + Name: "TA0043: Reconnaissance => T1589.002: Email Addresses", + Platforms: []string{"PRE"}, + }, + "T1589.003": { + Name: "TA0043: Reconnaissance => T1589.003: Employee Names", + Platforms: []string{"PRE"}, + }, + "T1590": { + Name: "TA0043: Reconnaissance => T1590: Gather Victim Network Information", + Platforms: []string{"PRE"}, + }, + "T1590.001": { + Name: "TA0043: Reconnaissance => T1590.001: Domain Properties", + Platforms: []string{"PRE"}, + }, + "T1590.002": { + Name: "TA0043: Reconnaissance => T1590.002: DNS", + Platforms: []string{"PRE"}, + }, + "T1590.003": { + Name: "TA0043: Reconnaissance => T1590.003: Network Trust Dependencies", + Platforms: []string{"PRE"}, + }, + "T1590.004": { + Name: "TA0043: Reconnaissance => T1590.004: Network Topology", + Platforms: []string{"PRE"}, + }, + "T1590.005": { + Name: "TA0043: Reconnaissance => T1590.005: IP Addresses", + Platforms: []string{"PRE"}, + }, + "T1590.006": { + Name: "TA0043: Reconnaissance => T1590.006: Network Security Appliances", + Platforms: []string{"PRE"}, + }, + "T1591": { + Name: "TA0043: Reconnaissance => T1591: Gather Victim Org Information", + Platforms: []string{"PRE"}, + }, + "T1591.001": { + Name: "TA0043: Reconnaissance => T1591.001: Determine Physical Locations", + Platforms: []string{"PRE"}, + }, + "T1591.002": { + Name: "TA0043: Reconnaissance => T1591.002: Business Relationships", + Platforms: []string{"PRE"}, + }, + "T1591.003": { + Name: "TA0043: Reconnaissance => T1591.003: Identify Business Tempo", + Platforms: []string{"PRE"}, + }, + "T1591.004": { + Name: "TA0043: Reconnaissance => T1591.004: Identify Roles", + Platforms: []string{"PRE"}, + }, + "T1592": { + Name: "TA0043: Reconnaissance => T1592: Gather Victim Host Information", + Platforms: []string{"PRE"}, + }, + "T1592.001": { + Name: "TA0043: Reconnaissance => T1592.001: Hardware", + Platforms: []string{"PRE"}, + }, + "T1592.002": { + Name: "TA0043: Reconnaissance => T1592.002: Software", + Platforms: []string{"PRE"}, + }, + "T1592.003": { + Name: "TA0043: Reconnaissance => T1592.003: Firmware", + Platforms: []string{"PRE"}, + }, + "T1592.004": { + Name: "TA0043: Reconnaissance => T1592.004: Client Configurations", + Platforms: []string{"PRE"}, + }, + "T1593": { + Name: "TA0043: Reconnaissance => T1593: Search Open Websites/Domains", + Platforms: []string{"PRE"}, + }, + "T1593.001": { + Name: "TA0043: Reconnaissance => T1593.001: Social Media", + Platforms: []string{"PRE"}, + }, + "T1593.002": { + Name: "TA0043: Reconnaissance => T1593.002: Search Engines", + Platforms: []string{"PRE"}, + }, + "T1594": { + Name: "TA0043: Reconnaissance => T1594: Search Victim-Owned Websites", + Platforms: []string{"PRE"}, + }, + "T1595": { + Name: "TA0043: Reconnaissance => T1595: Active Scanning", + Platforms: []string{"PRE"}, + }, + "T1595.001": { + Name: "TA0043: Reconnaissance => T1595.001: Scanning IP Blocks", + Platforms: []string{"PRE"}, + }, + "T1595.002": { + Name: "TA0043: Reconnaissance => T1595.002: Vulnerability Scanning", + Platforms: []string{"PRE"}, + }, + "T1595.003": { + Name: "TA0043: Reconnaissance => T1595.003: Wordlist Scanning", + Platforms: []string{"PRE"}, + }, + "T1596": { + Name: "TA0043: Reconnaissance => T1596: Search Open Technical Databases", + Platforms: []string{"PRE"}, + }, + "T1596.001": { + Name: "TA0043: Reconnaissance => T1596.001: DNS/Passive DNS", + Platforms: []string{"PRE"}, + }, + "T1596.002": { + Name: "TA0043: Reconnaissance => T1596.002: WHOIS", + Platforms: []string{"PRE"}, + }, + "T1596.003": { + Name: "TA0043: Reconnaissance => T1596.003: Digital Certificates", + Platforms: []string{"PRE"}, + }, + "T1596.004": { + Name: "TA0043: Reconnaissance => T1596.004: CDNs", + Platforms: []string{"PRE"}, + }, + "T1596.005": { + Name: "TA0043: Reconnaissance => T1596.005: Scan Databases", + Platforms: []string{"PRE"}, + }, + "T1597": { + Name: "TA0043: Reconnaissance => T1597: Search Closed Sources", + Platforms: []string{"PRE"}, + }, + "T1597.001": { + Name: "TA0043: Reconnaissance => T1597.001: Threat Intel Vendors", + Platforms: []string{"PRE"}, + }, + "T1597.002": { + Name: "TA0043: Reconnaissance => T1597.002: Purchase Technical Data", + Platforms: []string{"PRE"}, + }, + "T1598": { + Name: "TA0043: Reconnaissance => T1598: Phishing for Information", + Platforms: []string{"PRE"}, + }, + "T1598.001": { + Name: "TA0043: Reconnaissance => T1598.001: Spearphishing Service", + Platforms: []string{"PRE"}, + }, + "T1598.002": { + Name: "TA0043: Reconnaissance => T1598.002: Spearphishing Attachment", + Platforms: []string{"PRE"}, + }, + "T1598.003": { + Name: "TA0043: Reconnaissance => T1598.003: Spearphishing Link", + Platforms: []string{"PRE"}, + }, + "T1599": { + Name: "TA0005: Defense Evasion => T1599: Network Boundary Bridging", + Platforms: []string{"Network"}, + }, + "T1599.001": { + Name: "TA0005: Defense Evasion => T1599.001: Network Address Translation Traversal", + Platforms: []string{"Network"}, + }, + "T1600": { + Name: "TA0005: Defense Evasion => T1600: Weaken Encryption", + Platforms: []string{"Network"}, + }, + "T1600.001": { + Name: "TA0005: Defense Evasion => T1600.001: Reduce Key Space", + Platforms: []string{"Network"}, + }, + "T1600.002": { + Name: "TA0005: Defense Evasion => T1600.002: Disable Crypto Hardware", + Platforms: []string{"Network"}, + }, + "T1601": { + Name: "TA0005: Defense Evasion => T1601: Modify System Image", + Platforms: []string{"Network"}, + }, + "T1601.001": { + Name: "TA0005: Defense Evasion => T1601.001: Patch System Image", + Platforms: []string{"Network"}, + }, + "T1601.002": { + Name: "TA0005: Defense Evasion => T1601.002: Downgrade System Image", + Platforms: []string{"Network"}, + }, + "T1602": { + Name: "TA0009: Collection => T1602: Data from Configuration Repository", + Platforms: []string{"Network"}, + }, + "T1602.001": { + Name: "TA0009: Collection => T1602.001: SNMP (MIB Dump)", + Platforms: []string{"Network"}, + }, + "T1602.002": { + Name: "TA0009: Collection => T1602.002: Network Device Configuration Dump", + Platforms: []string{"Network"}, + }, + "T1606": { + Name: "TA0006: Credential Access => T1606: Forge Web Credentials", + Platforms: []string{"Azure AD", "Google Workspace", "IaaS", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1606.001": { + Name: "TA0006: Credential Access => T1606.001: Web Cookies", + Platforms: []string{"IaaS", "Linux", "SaaS", "Windows", "macOS"}, + }, + "T1606.002": { + Name: "TA0006: Credential Access => T1606.002: SAML Tokens", + Platforms: []string{"Azure AD", "Google Workspace", "IaaS", "Office 365", "SaaS", "Windows"}, + }, + "T1608": { + Name: "TA0042: Resource Development => T1608: Stage Capabilities", + Platforms: []string{"PRE"}, + }, + "T1608.001": { + Name: "TA0042: Resource Development => T1608.001: Upload Malware", + Platforms: []string{"PRE"}, + }, + "T1608.002": { + Name: "TA0042: Resource Development => T1608.002: Upload Tool", + Platforms: []string{"PRE"}, + }, + "T1608.003": { + Name: "TA0042: Resource Development => T1608.003: Install Digital Certificate", + Platforms: []string{"PRE"}, + }, + "T1608.004": { + Name: "TA0042: Resource Development => T1608.004: Drive-by Target", + Platforms: []string{"PRE"}, + }, + "T1608.005": { + Name: "TA0042: Resource Development => T1608.005: Link Target", + Platforms: []string{"PRE"}, + }, + "T1609": { + Name: "TA0002: Execution => T1609: Container Administration Command", + Platforms: []string{"Containers"}, + }, + "T1610": { + Name: "TA0002: Execution, TA0005: Defense Evasion => T1610: Deploy Container", + Platforms: []string{"Containers"}, + }, + "T1611": { + Name: "TA0004: Privilege Escalation => T1611: Escape to Host", + Platforms: []string{"Containers", "Linux", "Windows"}, + }, + "T1612": { + Name: "TA0005: Defense Evasion => T1612: Build Image on Host", + Platforms: []string{"Containers"}, + }, + "T1613": { + Name: "TA0007: Discovery => T1613: Container and Resource Discovery", + Platforms: []string{"Containers"}, + }, + "T1614": { + Name: "TA0007: Discovery => T1614: System Location Discovery", + Platforms: []string{"IaaS", "Linux", "Windows", "macOS"}, + }, + "T1614.001": { + Name: "TA0007: Discovery => T1614.001: System Language Discovery", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1615": { + Name: "TA0007: Discovery => T1615: Group Policy Discovery", + Platforms: []string{"Windows"}, + }, + "T1619": { + Name: "TA0007: Discovery => T1619: Cloud Storage Object Discovery", + Platforms: []string{"IaaS"}, + }, + "T1620": { + Name: "TA0005: Defense Evasion => T1620: Reflective Code Loading", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1621": { + Name: "TA0006: Credential Access => T1621: Multi-Factor Authentication Request Generation", + Platforms: []string{"Azure AD", "Google Workspace", "IaaS", "Linux", "Office 365", "SaaS", "Windows", "macOS"}, + }, + "T1622": { + Name: "TA0005: Defense Evasion, TA0007: Discovery => T1622: Debugger Evasion", + Platforms: []string{"Linux", "Windows", "macOS"}, + }, + "T1647": { + Name: "TA0005: Defense Evasion => T1647: Plist File Modification", + Platforms: []string{"macOS"}, + }, +} diff --git a/detector/cti.go b/detector/cti.go new file mode 100644 index 00000000..14b0f0d5 --- /dev/null +++ b/detector/cti.go @@ -0,0 +1,222 @@ +//go:build !scanner +// +build !scanner + +package detector + +import ( + "encoding/json" + "net/http" + "time" + + "github.com/cenkalti/backoff" + "github.com/parnurzeal/gorequest" + "golang.org/x/xerrors" + + "github.com/future-architect/vuls/config" + "github.com/future-architect/vuls/logging" + "github.com/future-architect/vuls/models" + "github.com/future-architect/vuls/util" + ctidb "github.com/vulsio/go-cti/db" + ctilog "github.com/vulsio/go-cti/utils" +) + +// goCTIDBClient is a DB Driver +type goCTIDBClient struct { + driver ctidb.DB + baseURL string +} + +// closeDB close a DB connection +func (client goCTIDBClient) closeDB() error { + if client.driver == nil { + return nil + } + return client.driver.CloseDB() +} + +func newGoCTIDBClient(cnf config.VulnDictInterface, o logging.LogOpts) (*goCTIDBClient, error) { + if err := ctilog.SetLogger(o.LogToFile, o.LogDir, o.Debug, o.LogJSON); err != nil { + return nil, xerrors.Errorf("Failed to set go-cti logger. err: %w", err) + } + + db, err := newCTIDB(cnf) + if err != nil { + return nil, xerrors.Errorf("Failed to newCTIDB. err: %w", err) + } + return &goCTIDBClient{driver: db, baseURL: cnf.GetURL()}, nil +} + +// FillWithCTI : +func FillWithCTI(r *models.ScanResult, cnf config.CtiConf, logOpts logging.LogOpts) error { + client, err := newGoCTIDBClient(&cnf, logOpts) + if err != nil { + return err + } + defer func() { + if err := client.closeDB(); err != nil { + logging.Log.Errorf("Failed to close DB. err: %+v", err) + } + }() + + nCti := 0 + if client.driver == nil { + var cveIDs []string + for cveID := range r.ScannedCves { + cveIDs = append(cveIDs, cveID) + } + prefix, err := util.URLPathJoin(client.baseURL, "cves") + if err != nil { + return err + } + responses, err := getCTIsViaHTTP(cveIDs, prefix) + if err != nil { + return err + } + for _, res := range responses { + var techniqueIDs []string + if err := json.Unmarshal([]byte(res.json), &techniqueIDs); err != nil { + return err + } + v, ok := r.ScannedCves[res.request.cveID] + if ok { + v.Ctis = techniqueIDs + nCti++ + } + r.ScannedCves[res.request.cveID] = v + } + } else { + for cveID, vuln := range r.ScannedCves { + if cveID == "" { + continue + } + techniqueIDs, err := client.driver.GetTechniqueIDsByCveID(cveID) + if err != nil { + return xerrors.Errorf("Failed to get CTIs by CVE-ID. err: %w", err) + } + if len(techniqueIDs) == 0 { + continue + } + vuln.Ctis = techniqueIDs + nCti++ + r.ScannedCves[cveID] = vuln + } + } + + logging.Log.Infof("%s: Cyber Threat Intelligences are detected for %d CVEs", r.FormatServerName(), nCti) + return nil +} + +type ctiResponse struct { + request ctiRequest + json string +} + +func getCTIsViaHTTP(cveIDs []string, urlPrefix string) (responses []ctiResponse, err error) { + nReq := len(cveIDs) + reqChan := make(chan ctiRequest, nReq) + resChan := make(chan ctiResponse, nReq) + errChan := make(chan error, nReq) + defer close(reqChan) + defer close(resChan) + defer close(errChan) + + go func() { + for _, cveID := range cveIDs { + reqChan <- ctiRequest{ + cveID: cveID, + } + } + }() + + concurrency := 10 + tasks := util.GenWorkers(concurrency) + for i := 0; i < nReq; i++ { + tasks <- func() { + req := <-reqChan + url, err := util.URLPathJoin( + urlPrefix, + req.cveID, + ) + if err != nil { + errChan <- err + } else { + logging.Log.Debugf("HTTP Request to %s", url) + httpGetCTI(url, req, resChan, errChan) + } + } + } + + timeout := time.After(2 * 60 * time.Second) + var errs []error + for i := 0; i < nReq; i++ { + select { + case res := <-resChan: + responses = append(responses, res) + case err := <-errChan: + errs = append(errs, err) + case <-timeout: + return nil, xerrors.New("Timeout Fetching CTI") + } + } + if len(errs) != 0 { + return nil, xerrors.Errorf("Failed to fetch CTI. err: %w", errs) + } + return +} + +type ctiRequest struct { + cveID string +} + +func httpGetCTI(url string, req ctiRequest, resChan chan<- ctiResponse, errChan chan<- error) { + var body string + var errs []error + var resp *http.Response + count, retryMax := 0, 3 + f := func() (err error) { + // resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End() + resp, body, errs = gorequest.New().Timeout(10 * time.Second).Get(url).End() + if 0 < len(errs) || resp == nil || resp.StatusCode != 200 { + count++ + if count == retryMax { + return nil + } + return xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %+v", url, resp, errs) + } + return nil + } + notify := func(err error, t time.Duration) { + logging.Log.Warnf("Failed to HTTP GET. retrying in %s seconds. err: %+v", t, err) + } + if err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify); err != nil { + errChan <- xerrors.Errorf("HTTP Error %w", err) + return + } + if count == retryMax { + errChan <- xerrors.New("Retry count exceeded") + return + } + + resChan <- ctiResponse{ + request: req, + json: body, + } +} + +func newCTIDB(cnf config.VulnDictInterface) (ctidb.DB, error) { + if cnf.IsFetchViaHTTP() { + return nil, nil + } + path := cnf.GetURL() + if cnf.GetType() == "sqlite3" { + path = cnf.GetSQLite3Path() + } + driver, locked, err := ctidb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), ctidb.Option{}) + if err != nil { + if locked { + return nil, xerrors.Errorf("Failed to init cti DB. SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err) + } + return nil, xerrors.Errorf("Failed to init cti DB. DB Path: %s, err: %w", path, err) + } + return driver, nil +} diff --git a/detector/detector.go b/detector/detector.go index 6717e1f1..ebaee4d9 100644 --- a/detector/detector.go +++ b/detector/detector.go @@ -116,6 +116,10 @@ func Detect(rs []models.ScanResult, dir string) ([]models.ScanResult, error) { return nil, xerrors.Errorf("Failed to fill with Known Exploited Vulnerabilities: %w", err) } + if err := FillWithCTI(&r, config.Conf.Cti, config.Conf.LogOpts); err != nil { + return nil, xerrors.Errorf("Failed to fill with Cyber Threat Intelligences: %w", err) + } + FillCweDict(&r) r.ReportedBy, _ = os.Hostname() diff --git a/detector/github.go b/detector/github.go index 2b60076c..a45db739 100644 --- a/detector/github.go +++ b/detector/github.go @@ -8,7 +8,7 @@ import ( "context" "encoding/json" "fmt" - "io/ioutil" + "io" "net/http" "time" @@ -57,7 +57,7 @@ func DetectGitHubSecurityAlerts(r *models.ScanResult, owner, repo, token string, } defer resp.Body.Close() - body, err := ioutil.ReadAll(resp.Body) + body, err := io.ReadAll(resp.Body) if err != nil { return 0, err } diff --git a/detector/kevuln.go b/detector/kevuln.go index a32e0914..829765a8 100644 --- a/detector/kevuln.go +++ b/detector/kevuln.go @@ -59,6 +59,7 @@ func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging } }() + nKEV := 0 if client.driver == nil { var cveIDs []string for cveID := range r.ScannedCves { @@ -90,6 +91,7 @@ func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging v, ok := r.ScannedCves[res.request.cveID] if ok { v.AlertDict.CISA = alerts + nKEV++ } r.ScannedCves[res.request.cveID] = v } @@ -116,9 +118,12 @@ func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging } vuln.AlertDict.CISA = alerts + nKEV++ r.ScannedCves[cveID] = vuln } } + + logging.Log.Infof("%s: Known Exploited Vulnerabilities are detected for %d CVEs", r.FormatServerName(), nKEV) return nil } diff --git a/detector/util.go b/detector/util.go index f4c71f52..9979048b 100644 --- a/detector/util.go +++ b/detector/util.go @@ -6,7 +6,7 @@ package detector import ( "encoding/json" "fmt" - "io/ioutil" + "io/fs" "os" "path/filepath" "reflect" @@ -234,8 +234,8 @@ var jsonDirPattern = regexp.MustCompile( // ListValidJSONDirs returns valid json directory as array // Returned array is sorted so that recent directories are at the head func ListValidJSONDirs(resultsDir string) (dirs []string, err error) { - var dirInfo []os.FileInfo - if dirInfo, err = ioutil.ReadDir(resultsDir); err != nil { + var dirInfo []fs.DirEntry + if dirInfo, err = os.ReadDir(resultsDir); err != nil { err = xerrors.Errorf("Failed to read %s: %w", config.Conf.ResultsDir, err) return @@ -258,7 +258,7 @@ func loadOneServerScanResult(jsonFile string) (*models.ScanResult, error) { data []byte err error ) - if data, err = ioutil.ReadFile(jsonFile); err != nil { + if data, err = os.ReadFile(jsonFile); err != nil { return nil, xerrors.Errorf("Failed to read %s: %w", jsonFile, err) } result := &models.ScanResult{} diff --git a/detector/wordpress.go b/detector/wordpress.go index 21d71e2a..3f6236c9 100644 --- a/detector/wordpress.go +++ b/detector/wordpress.go @@ -7,7 +7,7 @@ import ( "context" "encoding/json" "fmt" - "io/ioutil" + "io" "net/http" "strings" "time" @@ -242,7 +242,7 @@ func httpRequest(url, token string) (string, error) { return "", errof.New(errof.ErrFailedToAccessWpScan, fmt.Sprintf("Failed to access to wpscan.com. err: %s", err)) } - body, err := ioutil.ReadAll(resp.Body) + body, err := io.ReadAll(resp.Body) if err != nil { return "", errof.New(errof.ErrFailedToAccessWpScan, fmt.Sprintf("Failed to access to wpscan.com. err: %s", err)) diff --git a/go.mod b/go.mod index 43cf8fa1..0d7a2f83 100644 --- a/go.mod +++ b/go.mod @@ -36,6 +36,7 @@ require ( github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5 github.com/sirupsen/logrus v1.8.1 github.com/spf13/cobra v1.4.0 + github.com/vulsio/go-cti v0.0.2-0.20220613013115-8c7e57a6aa86 github.com/vulsio/go-cve-dictionary v0.8.2-0.20211028094424-0a854f8e8f85 github.com/vulsio/go-exploitdb v0.4.2 github.com/vulsio/go-kev v0.1.1-0.20220118062020-5f69b364106f @@ -43,15 +44,15 @@ require ( github.com/vulsio/gost v0.4.1 github.com/vulsio/goval-dictionary v0.7.3 go.etcd.io/bbolt v1.3.6 - golang.org/x/exp v0.0.0-20220407100705-7b9b53b0aca4 + golang.org/x/exp v0.0.0-20220613132600-b0d781184e0d golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 - golang.org/x/sync v0.0.0-20210220032951-036812b2e83c - golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f + golang.org/x/sync v0.0.0-20220513210516-0976fa681c29 + golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f ) require ( cloud.google.com/go v0.100.2 // indirect - cloud.google.com/go/compute v1.5.0 // indirect + cloud.google.com/go/compute v1.6.1 // indirect cloud.google.com/go/iam v0.3.0 // indirect cloud.google.com/go/storage v1.14.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect @@ -62,7 +63,7 @@ require ( github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect github.com/PuerkitoBio/goquery v1.6.1 // indirect - github.com/VividCortex/ewma v1.1.1 // indirect + github.com/VividCortex/ewma v1.2.0 // indirect github.com/andybalholm/cascadia v1.2.0 // indirect github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce // indirect github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 // indirect @@ -89,7 +90,7 @@ require ( github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.2 // indirect github.com/google/go-containerregistry v0.8.0 // indirect - github.com/googleapis/gax-go/v2 v2.3.0 // indirect + github.com/googleapis/gax-go/v2 v2.4.0 // indirect github.com/gorilla/websocket v1.4.2 // indirect github.com/grokify/html-strip-tags-go v0.0.1 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect @@ -113,12 +114,13 @@ require ( github.com/jinzhu/now v1.1.5 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/klauspost/compress v1.14.2 // indirect + github.com/lib/pq v1.10.5 // indirect github.com/magiconair/properties v1.8.6 // indirect github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08 // indirect github.com/mattn/go-colorable v0.1.12 // indirect github.com/mattn/go-isatty v0.0.14 // indirect - github.com/mattn/go-runewidth v0.0.12 // indirect - github.com/mattn/go-sqlite3 v1.14.12 // indirect + github.com/mattn/go-runewidth v0.0.13 // indirect + github.com/mattn/go-sqlite3 v1.14.13 // indirect github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect github.com/mitchellh/go-testing-interface v1.0.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect @@ -126,41 +128,42 @@ require ( github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.0.2 // indirect github.com/pelletier/go-toml v1.9.5 // indirect - github.com/pelletier/go-toml/v2 v2.0.0-beta.8 // indirect + github.com/pelletier/go-toml/v2 v2.0.2 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/rivo/uniseg v0.2.0 // indirect + github.com/rogpeppe/go-internal v1.8.1 // indirect github.com/spf13/afero v1.8.2 // indirect - github.com/spf13/cast v1.4.1 // indirect + github.com/spf13/cast v1.5.0 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/spf13/viper v1.11.0 // indirect + github.com/spf13/viper v1.12.0 // indirect github.com/stretchr/objx v0.3.0 // indirect - github.com/stretchr/testify v1.7.1 // indirect - github.com/subosito/gotenv v1.2.0 // indirect + github.com/stretchr/testify v1.7.2 // indirect + github.com/subosito/gotenv v1.4.0 // indirect github.com/ulikunitz/xz v0.5.10 // indirect go.opencensus.io v0.23.0 // indirect go.uber.org/atomic v1.7.0 // indirect go.uber.org/goleak v1.1.12 // indirect go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.21.0 // indirect - golang.org/x/crypto v0.0.0-20220513210258-46612604a0f9 // indirect - golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57 // indirect - golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4 // indirect - golang.org/x/sys v0.0.0-20220422013727-9388b58f7150 // indirect + golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e // indirect + golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect + golang.org/x/net v0.0.0-20220614195744-fb05da6f9022 // indirect + golang.org/x/sys v0.0.0-20220614162138-6c1b26c55098 // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect golang.org/x/text v0.3.7 // indirect - google.golang.org/api v0.74.0 // indirect + google.golang.org/api v0.81.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac // indirect - google.golang.org/grpc v1.45.0 // indirect + google.golang.org/genproto v0.0.0-20220519153652-3a47de7e79bd // indirect + google.golang.org/grpc v1.46.2 // indirect google.golang.org/protobuf v1.28.0 // indirect - gopkg.in/ini.v1 v1.66.4 // indirect + gopkg.in/ini.v1 v1.66.6 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect - gorm.io/driver/mysql v1.3.3 // indirect - gorm.io/driver/postgres v1.3.5 // indirect - gorm.io/driver/sqlite v1.2.4 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + gorm.io/driver/mysql v1.3.4 // indirect + gorm.io/driver/postgres v1.3.7 // indirect + gorm.io/driver/sqlite v1.3.4 // indirect gorm.io/gorm v1.23.5 // indirect k8s.io/utils v0.0.0-20201110183641-67b214c5f920 // indirect moul.io/http2curl v1.0.0 // indirect diff --git a/go.sum b/go.sum index 0619b2f7..50f98bc6 100644 --- a/go.sum +++ b/go.sum @@ -40,8 +40,10 @@ cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4g cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow= cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM= -cloud.google.com/go/compute v1.5.0 h1:b1zWmYuuHz7gO9kDcM/EpHGr06UgsYNRpNJzI2kFiLM= cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M= +cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s= +cloud.google.com/go/compute v1.6.1 h1:2sMmt8prCn7DPaG4Pmh0N3Inmc8cT8ae5k1M6VJ9Wqc= +cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= @@ -134,8 +136,9 @@ github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWX github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= github.com/Ullaakut/nmap/v2 v2.1.2-0.20210406060955-59a52fe80a4f h1:U5oMIt9/cuLbHnVgNddFoJ6ebcMx52Unq2+/Wglo1XU= github.com/Ullaakut/nmap/v2 v2.1.2-0.20210406060955-59a52fe80a4f/go.mod h1:bWPItdcCK9CkZcAaC7yS9N+t2zijtIjAWBcQtOzV9nM= -github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM= github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA= +github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow= +github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= @@ -415,7 +418,7 @@ github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFP github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/elazarl/goproxy v0.0.0-20210110162100-a92cc753f88e/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= -github.com/elazarl/goproxy v0.0.0-20211114080932-d06c3be7c11b h1:1XqENn2YoYZd6w3Awx+7oa+aR87DFIZJFLF2n1IojA0= +github.com/elazarl/goproxy v0.0.0-20220417044921-416226498f94 h1:VIy7cdK7ufs7ctpTFkXJHm1uP3dJSnCGSPysEICB1so= github.com/elazarl/goproxy/ext v0.0.0-20190711103511-473e67f1d7d2/go.mod h1:gNh8nYJoAm43RfaxurUnxr+N1PwuFV3ZMl/efxlIlY8= github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21 h1:OJyUGMJTzHTd1XQp98QTaHernxMYzRaOasRir9hUlFQ= github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21/go.mod h1:iL2twTeMvZnrg54ZoPDNfJaJaqy0xIQFuBdrLsmspwQ= @@ -434,6 +437,7 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.m github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= github.com/envoyproxy/go-control-plane v0.10.1/go.mod h1:AY7fTTXNdv/aJ2O5jwpxAPOWUZ7hQAEvzN5Pf27BkQQ= +github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.6.2/go.mod h1:2t7qjJNvHPx8IjnBOzl9E9/baC+qXE/TeeyBRzgJDws= github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= @@ -447,6 +451,7 @@ github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoD github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= +github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= @@ -561,8 +566,9 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= +github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= +github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-containerregistry v0.8.0 h1:mtR24eN6rapCN+shds82qFEIWWmg64NPMuyCNT7/Ogc= github.com/google/go-containerregistry v0.8.0/go.mod h1:wW5v71NHGnQyb4k+gSshjxidrC7lN33MdWEn+Mz9TsI= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -600,8 +606,9 @@ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5m github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM= github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM= -github.com/googleapis/gax-go/v2 v2.3.0 h1:nRJtk3y8Fm770D42QV6T90ZnvFZyk7agSo3Q+Z9p3WI= github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM= +github.com/googleapis/gax-go/v2 v2.4.0 h1:dS9eYAjhrE2RjmzYw2XAPvcXfmcQLtFEQWn0CR82awk= +github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= @@ -720,7 +727,6 @@ github.com/jackc/pgconn v1.8.0/go.mod h1:1C2Pb36bGIP9QHGBYCjnyhqu7Rv3sGshaQUvmfG github.com/jackc/pgconn v1.8.1/go.mod h1:JV6m6b6jhjdmzchES0drzCcYcAHS1OPD5xu3OZ/lE2g= github.com/jackc/pgconn v1.9.0/go.mod h1:YctiPyvzfU11JFxoXokUOOKQXQmDMoJL9vJzHH8/2JY= github.com/jackc/pgconn v1.9.1-0.20210724152538-d89c8390a530/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI= -github.com/jackc/pgconn v1.12.0/go.mod h1:ZkhRC59Llhrq3oSfrikvwQ5NaxYExr6twkdkMLaKono= github.com/jackc/pgconn v1.12.1 h1:rsDFzIpRk7xT4B8FufgpCCeyjdNpKyghZeSefViE5W8= github.com/jackc/pgconn v1.12.1/go.mod h1:ZkhRC59Llhrq3oSfrikvwQ5NaxYExr6twkdkMLaKono= github.com/jackc/pgio v1.0.0 h1:g12B9UwVnzGhueNavwioyEEpAmqMe1E/BN9ES+8ovkE= @@ -763,7 +769,6 @@ github.com/jackc/pgx/v4 v4.6.1-0.20200510190926-94ba730bb1e9/go.mod h1:t3/cdRQl6 github.com/jackc/pgx/v4 v4.6.1-0.20200606145419-4e5062306904/go.mod h1:ZDaNWkt9sW1JMiNn0kdYBaLelIhw7Pg4qd+Vk6tw7Hg= github.com/jackc/pgx/v4 v4.11.0/go.mod h1:i62xJgdrtVDsnL3U8ekyrQXEwGNTRoG7/8r+CIdYfcc= github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs= -github.com/jackc/pgx/v4 v4.16.0/go.mod h1:N0A9sFdWzkw/Jy1lwoiB64F2+ugFZi987zRxcPez/wI= github.com/jackc/pgx/v4 v4.16.1 h1:JzTglcal01DrghUqt+PmzWsZx/Yh7SC/CTQmSBMTd0Y= github.com/jackc/pgx/v4 v4.16.1/go.mod h1:SIhx0D5hoADaiXZVyv+3gSm3LCIIINTVO0PficsvWGQ= github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= @@ -838,8 +843,8 @@ github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= @@ -852,8 +857,9 @@ github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.3.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/lib/pq v1.10.2 h1:AqzbZs4ZoCBp+GtejcpCpcxM3zlSMx29dXbUSeVtJb8= github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= +github.com/lib/pq v1.10.5 h1:J+gdV2cUmX7ZqL2B0lFcW0m+egaHC2V3lpO8nWxyYiQ= +github.com/lib/pq v1.10.5/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w= @@ -892,14 +898,15 @@ github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.12 h1:Y41i/hVW3Pgwr8gV+J23B9YEY0zxjptBuCWEaxmAOow= github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= +github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU= +github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-sqlite3 v1.14.5/go.mod h1:WVKg1VTActs4Qso6iwGbiFih2UIHo0ENGwNd0Lj+XmI= github.com/mattn/go-sqlite3 v1.14.7/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= -github.com/mattn/go-sqlite3 v1.14.9/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= -github.com/mattn/go-sqlite3 v1.14.12 h1:TJ1bhYJPV44phC+IMu1u2K/i5RriLTPe+yc68XDJ1Z0= github.com/mattn/go-sqlite3 v1.14.12/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= +github.com/mattn/go-sqlite3 v1.14.13 h1:1tj15ngiFfcZzii7yd82foL+ks+ouQcj8j/TPq3fk1I= +github.com/mattn/go-sqlite3 v1.14.13/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI= @@ -1032,12 +1039,13 @@ github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCko github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/pelletier/go-toml/v2 v2.0.0-beta.8 h1:dy81yyLYJDwMTifq24Oi/IslOslRrDSb3jwDggjz3Z0= -github.com/pelletier/go-toml/v2 v2.0.0-beta.8/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo= +github.com/pelletier/go-toml/v2 v2.0.2 h1:+jQXlF3scKIcSEKkdHzXhCTDLPFi5r1wnK6yPS+49Gw= +github.com/pelletier/go-toml/v2 v2.0.2/go.mod h1:MovirKjgVRESsAvNZlAjtFwV867yGuwRkXbG66OzopI= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= +github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -1099,6 +1107,8 @@ github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6So github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-charset v0.0.0-20180617210344-2471d30d28b4/go.mod h1:qgYeAmZ5ZIpBWTGllZSQnw97Dj+woV0toclVaRGI8pc= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg= +github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc= @@ -1131,8 +1141,8 @@ github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/assertions v1.2.0 h1:42S6lae5dvLc7BrLu/0ugRtcFVjoJNMC/N3yZFZkDFs= github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= +github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= @@ -1145,8 +1155,9 @@ github.com/spf13/afero v1.8.2/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfA github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.4.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA= github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= +github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU= github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= @@ -1166,8 +1177,8 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns= github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM= -github.com/spf13/viper v1.11.0 h1:7OX/1FS6n7jHD1zGrZTM7WtY13ZELRyosK4k93oPr44= -github.com/spf13/viper v1.11.0/go.mod h1:djo0X/bA5+tYVoCn+C7cAYJGcVn/qYLFTG8gdUsX7Zk= +github.com/spf13/viper v1.12.0 h1:CZ7eSOd3kZoaYDLbXnmzgQI5RlciuXBMA+18HwHRfZQ= +github.com/spf13/viper v1.12.0/go.mod h1:b6COn30jlNxbm/V2IqWiNWkJ+vZNiMNksliPCiuKtSI= github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8= github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= @@ -1186,10 +1197,11 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY= -github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s= +github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s= +github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= +github.com/subosito/gotenv v1.4.0 h1:yAzM1+SmVcz5R4tXGsNMu1jUl2aOJXoiWUCEwwnGrvs= +github.com/subosito/gotenv v1.4.0/go.mod h1:mZd6rFysKEcUhUHXJk0C/08wAgyDBFuwEYL7vWWGaGo= github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= @@ -1219,6 +1231,8 @@ github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:tw github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= +github.com/vulsio/go-cti v0.0.2-0.20220613013115-8c7e57a6aa86 h1:/Xie1YmCGo+SMpOP5xhZ7bzRBTvTu6zGZlCv1cahE8E= +github.com/vulsio/go-cti v0.0.2-0.20220613013115-8c7e57a6aa86/go.mod h1:EBt6G1VZylPciq3CHKmBIth6nDbcPOU59lqOily2aZM= github.com/vulsio/go-cve-dictionary v0.8.2-0.20211028094424-0a854f8e8f85 h1:nEhaBIAixxDQGeu/3sgHLSjpQpKGqENcUtWHEwkwC4k= github.com/vulsio/go-cve-dictionary v0.8.2-0.20211028094424-0a854f8e8f85/go.mod h1:Ii9TEH35giMSWJM2FwGm1PCPxuBKrbaYhDun2PM7ERo= github.com/vulsio/go-exploitdb v0.4.2 h1:eCqyOLWKPwD8hZ0NHGCtT6OG37Sadr5RGMnnHEEy0bI= @@ -1326,8 +1340,8 @@ golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220513210258-46612604a0f9 h1:NUzdAbFtCJSXU20AOXgeqaUwg8Ypg4MPYmL+d+rsB5c= -golang.org/x/crypto v0.0.0-20220513210258-46612604a0f9/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e h1:T8NU3HyQ8ClP4SEE+KbFlg6n0NhuTsN4MyznaarGsZM= +golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1338,8 +1352,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20220407100705-7b9b53b0aca4 h1:K3x+yU+fbot38x5bQbU2QqUAVyYLEktdNH2GxZLnM3U= -golang.org/x/exp v0.0.0-20220407100705-7b9b53b0aca4/go.mod h1:lgLbSvA5ygNOMpwM/9anMpWVlVJ7Z+cHWq/eFuinpGE= +golang.org/x/exp v0.0.0-20220613132600-b0d781184e0d h1:vtUKgx8dahOomfFzLREU8nSv25YHnTgLBn4rDnWZdU0= +golang.org/x/exp v0.0.0-20220613132600-b0d781184e0d/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1367,8 +1381,8 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= -golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57 h1:LQmS1nU0twXLA96Kt7U9qtHJEbBk3z6Q0V4UXjZkpr4= -golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= +golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o= +golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1432,8 +1446,11 @@ golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4 h1:HVyaeDAYux4pnY+D/SiwmLOR36ewZ4iGQIIrtnuCjFA= +golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220614195744-fb05da6f9022 h1:0qjDla5xICC2suMtyRH/QqX3B1btXTfNsIt/i4LFgO0= +golang.org/x/net v0.0.0-20220614195744-fb05da6f9022/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1466,8 +1483,9 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220513210516-0976fa681c29 h1:w8s32wxx3sY+OjLlv9qltkLU5yvJzxjjgiHWLjdIcw4= +golang.org/x/sync v0.0.0-20220513210516-0976fa681c29/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1584,8 +1602,10 @@ golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220422013727-9388b58f7150 h1:xHms4gcpe1YE7A3yIllJXP16CMAGuqwO2lX1mTyyRRc= -golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220614162138-6c1b26c55098 h1:PgOr27OhUx2IRqGJ2RxAWI4dJQ7bi9cSrB82uzFzfUA= +golang.org/x/sys v0.0.0-20220614162138-6c1b26c55098/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= @@ -1681,8 +1701,10 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f h1:GGU+dLjvlC3qDwqYgL6UgRmHXhOOgns0bZu2Ty5mm6U= golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= +golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f h1:uF6paiQQebLeSXkrTqHqz0MXhXXS1KgF41eUdBNvxK0= +golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= @@ -1722,8 +1744,11 @@ google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tD google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g= google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA= google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8= -google.golang.org/api v0.74.0 h1:ExR2D+5TYIrMphWgs5JCgwRhEDlPDXXrLwHHMgPHTXE= google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs= +google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA= +google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw= +google.golang.org/api v0.81.0 h1:o8WF5AvfidafWbFjsRyupxyEQJNUWxLZJCK5NXrxZZ8= +google.golang.org/api v0.81.0/go.mod h1:FA6Mb/bZxj706H2j+j2d6mHEEaHBmbbWnkfvmorOCko= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1811,8 +1836,14 @@ google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2 google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E= -google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac h1:qSNTkEN+L2mvWcLgJOR+8bdHX9rN/IdU3A1Ghpfb1Rg= google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220519153652-3a47de7e79bd h1:e0TwkXOdbnH/1x5rc5MZ/VYyiZ4v+RdVfrGMqEwT68I= +google.golang.org/genproto v0.0.0-20220519153652-3a47de7e79bd/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= @@ -1849,8 +1880,10 @@ google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9K google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.45.0 h1:NEpgUqV3Z+ZjkqMsxMg11IaDrXY4RY6CQukSGK0uI1M= google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= +google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.46.2 h1:u+MLGgVf7vRdjEYZ8wDFhAVNmhkbJ5hmrA1LMWK1CAQ= +google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -1886,8 +1919,8 @@ gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:a gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/ini.v1 v1.66.4 h1:SsAcf+mM7mRZo2nJNGt8mZCjG8ZRaNGMURJw7BsIST4= -gopkg.in/ini.v1 v1.66.4/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/ini.v1 v1.66.6 h1:LATuAqN/shcYAOkv3wl2L4rkaKqkcgTBQjOyYDvcPKI= +gopkg.in/ini.v1 v1.66.6/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= @@ -1910,22 +1943,21 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gorm.io/driver/mysql v1.1.0/go.mod h1:KdrTanmfLPPyAOeYGyG+UpDys7/7eeWT1zCq+oekYnU= -gorm.io/driver/mysql v1.3.3 h1:jXG9ANrwBc4+bMvBcSl8zCfPBaVoPyBEBshA8dA93X8= -gorm.io/driver/mysql v1.3.3/go.mod h1:ChK6AHbHgDCFZyJp0F+BmVGb06PSIoh9uVYKAlRbb2U= +gorm.io/driver/mysql v1.3.4 h1:/KoBMgsUHC3bExsekDcmNYaBnfH2WNeFuXqqrqMc98Q= +gorm.io/driver/mysql v1.3.4/go.mod h1:s4Tq0KmD0yhPGHbZEwg1VPlH0vT/GBHJZorPzhcxBUE= gorm.io/driver/postgres v1.1.0/go.mod h1:hXQIwafeRjJvUm+OMxcFWyswJ/vevcpPLlGocwAwuqw= -gorm.io/driver/postgres v1.3.5 h1:oVLmefGqBTlgeEVG6LKnH6krOlo4TZ3Q/jIK21KUMlw= -gorm.io/driver/postgres v1.3.5/go.mod h1:EGCWefLFQSVFrHGy4J8EtiHCWX5Q8t0yz2Jt9aKkGzU= +gorm.io/driver/postgres v1.3.7 h1:FKF6sIMDHDEvvMF/XJvbnCl0nu6KSKUaPXevJ4r+VYQ= +gorm.io/driver/postgres v1.3.7/go.mod h1:f02ympjIcgtHEGFMZvdgTxODZ9snAHDb4hXfigBVuNI= gorm.io/driver/sqlite v1.1.4/go.mod h1:mJCeTFr7+crvS+TRnWc5Z3UvwxUN1BGBLMrf5LA9DYw= -gorm.io/driver/sqlite v1.2.4 h1:jx16ESo1WzNjgBJNSbhEDoMKJnlhkU8BuBR2C0GC7D8= -gorm.io/driver/sqlite v1.2.4/go.mod h1:n8/CTEIEmo7lKrehQI4pd+rz6O514tMkBeCAR5UTXLs= +gorm.io/driver/sqlite v1.3.4 h1:NnFOPVfzi4CPsJPH4wXr6rMkPb4ElHEqKMvrsx9c9Fk= +gorm.io/driver/sqlite v1.3.4/go.mod h1:B+8GyC9K7VgzJAcrcXMRPdnMcck+8FgJynEehEPM16U= gorm.io/gorm v1.20.7/go.mod h1:0HFTzE/SqkGTzK6TlDPPQbAYCluiVvhzoA1+aVyzenw= gorm.io/gorm v1.21.9/go.mod h1:F+OptMscr0P2F2qU97WT1WimdH9GaQPoDW7AYd5i2Y0= gorm.io/gorm v1.21.10/go.mod h1:F+OptMscr0P2F2qU97WT1WimdH9GaQPoDW7AYd5i2Y0= -gorm.io/gorm v1.22.2/go.mod h1:F+OptMscr0P2F2qU97WT1WimdH9GaQPoDW7AYd5i2Y0= -gorm.io/gorm v1.23.1/go.mod h1:l2lP/RyAtc1ynaTjFksBde/O8v9oOGIApu2/xRitmZk= gorm.io/gorm v1.23.4/go.mod h1:l2lP/RyAtc1ynaTjFksBde/O8v9oOGIApu2/xRitmZk= gorm.io/gorm v1.23.5 h1:TnlF26wScKSvknUC/Rn8t0NLLM22fypYBlvj1+aH6dM= gorm.io/gorm v1.23.5/go.mod h1:l2lP/RyAtc1ynaTjFksBde/O8v9oOGIApu2/xRitmZk= diff --git a/logging/logutil.go b/logging/logutil.go index 5d1fae4c..96494abc 100644 --- a/logging/logutil.go +++ b/logging/logutil.go @@ -4,7 +4,6 @@ import ( "flag" "fmt" "io" - "io/ioutil" "os" "path/filepath" "runtime" @@ -36,7 +35,7 @@ type Logger struct { func init() { log := logrus.New() - log.Out = ioutil.Discard + log.Out = io.Discard fields := logrus.Fields{"prefix": ""} Log = Logger{Entry: *log.WithFields(fields)} } @@ -101,7 +100,7 @@ func NewCustomLogger(debug, quiet, logToFile bool, logDir, logMsgAnsiColor, serv } } } else if quiet { - log.Out = ioutil.Discard + log.Out = io.Discard } else { log.Out = os.Stderr } diff --git a/models/vulninfos.go b/models/vulninfos.go index b8aa7bd9..f83105b9 100644 --- a/models/vulninfos.go +++ b/models/vulninfos.go @@ -261,6 +261,7 @@ type VulnInfo struct { Exploits []Exploit `json:"exploits,omitempty"` Metasploits []Metasploit `json:"metasploits,omitempty"` Mitigations []Mitigation `json:"mitigations,omitempty"` + Ctis []string `json:"ctis,omitempty"` AlertDict AlertDict `json:"alertDict,omitempty"` CpeURIs []string `json:"cpeURIs,omitempty"` // CpeURIs related to this CVE defined in config.toml GitHubSecurityAlerts GitHubSecurityAlerts `json:"gitHubSecurityAlerts,omitempty"` diff --git a/reporter/localfile.go b/reporter/localfile.go index 4a3356f5..51c9054b 100644 --- a/reporter/localfile.go +++ b/reporter/localfile.go @@ -2,7 +2,6 @@ package reporter import ( "encoding/json" - "io/ioutil" "os" "path/filepath" @@ -99,5 +98,5 @@ func (w LocalFileWriter) writeFile(path string, data []byte, perm os.FileMode) ( } path += ".gz" } - return ioutil.WriteFile(path, []byte(data), perm) + return os.WriteFile(path, []byte(data), perm) } diff --git a/reporter/stdout.go b/reporter/stdout.go index 86be33c4..1f4eab88 100644 --- a/reporter/stdout.go +++ b/reporter/stdout.go @@ -8,7 +8,6 @@ import ( // StdoutWriter write to stdout type StdoutWriter struct { - FormatCsv bool FormatFullText bool FormatOneLineText bool FormatList bool @@ -33,7 +32,7 @@ func (w StdoutWriter) Write(rs ...models.ScanResult) error { fmt.Print("\n") } - if w.FormatList || w.FormatCsv { + if w.FormatList { for _, r := range rs { fmt.Println(formatList(r)) } diff --git a/reporter/util.go b/reporter/util.go index 05544c2e..f7487f45 100644 --- a/reporter/util.go +++ b/reporter/util.go @@ -5,7 +5,8 @@ import ( "encoding/csv" "encoding/json" "fmt" - "io/ioutil" + "io" + "io/fs" "os" "path/filepath" "reflect" @@ -15,6 +16,7 @@ import ( "time" "github.com/future-architect/vuls/config" + "github.com/future-architect/vuls/cti" "github.com/future-architect/vuls/logging" "github.com/future-architect/vuls/models" "github.com/gosuri/uitable" @@ -41,8 +43,8 @@ func OverwriteJSONFile(dir string, r models.ScanResult) error { // LoadScanResults read JSON data func LoadScanResults(jsonDir string) (results models.ScanResults, err error) { - var files []os.FileInfo - if files, err = ioutil.ReadDir(jsonDir); err != nil { + var files []fs.DirEntry + if files, err = os.ReadDir(jsonDir); err != nil { return nil, xerrors.Errorf("Failed to read %s: %w", jsonDir, err) } for _, f := range files { @@ -69,7 +71,7 @@ func loadOneServerScanResult(jsonFile string) (*models.ScanResult, error) { data []byte err error ) - if data, err = ioutil.ReadFile(jsonFile); err != nil { + if data, err = os.ReadFile(jsonFile); err != nil { return nil, xerrors.Errorf("Failed to read %s: %w", jsonFile, err) } result := &models.ScanResult{} @@ -88,8 +90,8 @@ var jsonDirPattern = regexp.MustCompile( // ListValidJSONDirs returns valid json directory as array // Returned array is sorted so that recent directories are at the head func ListValidJSONDirs(resultsDir string) (dirs []string, err error) { - var dirInfo []os.FileInfo - if dirInfo, err = ioutil.ReadDir(resultsDir); err != nil { + var dirInfo []fs.DirEntry + if dirInfo, err = os.ReadDir(resultsDir); err != nil { err = xerrors.Errorf("Failed to read %s: %w", resultsDir, err) return } @@ -129,7 +131,7 @@ func JSONDir(resultsDir string, args []string) (path string, err error) { // TODO remove Pipe flag if config.Conf.Pipe { - bytes, err := ioutil.ReadAll(os.Stdin) + bytes, err := io.ReadAll(os.Stdin) if err != nil { return "", xerrors.Errorf("Failed to read stdin: %w", err) } @@ -527,6 +529,22 @@ No CVE-IDs are found in updatable packages. data = append(data, []string{"US-CERT Alert", alert.URL}) } + attacks := []string{} + for _, techniqueID := range vuln.Ctis { + if strings.HasPrefix(techniqueID, "CAPEC-") { + continue + } + technique, ok := cti.TechniqueDict[techniqueID] + if !ok { + continue + } + attacks = append(attacks, technique.Name) + } + slices.Sort(attacks) + for _, attack := range attacks { + data = append(data, []string{"MITER ATT&CK", attack}) + } + // for _, rr := range vuln.CveContents.References(r.Family) { // for _, ref := range rr.Value { // data = append(data, []string{ref.Source, ref.Link}) diff --git a/saas/saas.go b/saas/saas.go index 83e24b36..3c3a309a 100644 --- a/saas/saas.go +++ b/saas/saas.go @@ -5,7 +5,7 @@ import ( "context" "encoding/json" "fmt" - "io/ioutil" + "io" "net/http" "os" "path" @@ -88,7 +88,7 @@ func (w Writer) Write(rs ...models.ScanResult) error { return xerrors.Errorf("Failed to get Credential. Request JSON : %s,", string(body)) } - t, err := ioutil.ReadAll(resp.Body) + t, err := io.ReadAll(resp.Body) if err != nil { return err } diff --git a/saas/uuid.go b/saas/uuid.go index 672fdd2e..14246b7a 100644 --- a/saas/uuid.go +++ b/saas/uuid.go @@ -3,7 +3,6 @@ package saas import ( "bytes" "fmt" - "io/ioutil" "os" "reflect" "strings" @@ -139,7 +138,7 @@ func writeToFile(cnf config.Config, path string) error { "# See README for details: https://vuls.io/docs/en/usage-settings.html", str) - return ioutil.WriteFile(realPath, []byte(str), 0600) + return os.WriteFile(realPath, []byte(str), 0600) } func cleanForTOMLEncoding(server config.ServerInfo, def config.ServerInfo) config.ServerInfo { diff --git a/scanner/base.go b/scanner/base.go index 96cc7366..f5a15d64 100644 --- a/scanner/base.go +++ b/scanner/base.go @@ -6,7 +6,6 @@ import ( "context" "encoding/json" "fmt" - "io/ioutil" "net" "os" "path/filepath" @@ -627,7 +626,7 @@ func (l *base) scanLibraries() (err error) { return xerrors.Errorf("Failed to get target file info. err: %w, filepath: %s", err, path) } f.Filemode = fileinfo.Mode().Perm() - f.Contents, err = ioutil.ReadFile(path) + f.Contents, err = os.ReadFile(path) if err != nil { return xerrors.Errorf("Failed to read target file contents. err: %w, filepath: %s", err, path) } diff --git a/server/server.go b/server/server.go index 06472076..0dbe6f69 100644 --- a/server/server.go +++ b/server/server.go @@ -99,6 +99,11 @@ func (h VulsHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) { http.Error(w, err.Error(), http.StatusServiceUnavailable) } + if err := detector.FillWithCTI(&r, config.Conf.Cti, config.Conf.LogOpts); err != nil { + logging.Log.Errorf("Failed to fill with Cyber Threat Intelligences: %+v", err) + http.Error(w, err.Error(), http.StatusServiceUnavailable) + } + detector.FillCweDict(&r) // set ReportedAt to current time when it's set to the epoch, ensures that ReportedAt will be set diff --git a/subcmds/history.go b/subcmds/history.go index 4e367e71..83443d15 100644 --- a/subcmds/history.go +++ b/subcmds/history.go @@ -4,7 +4,7 @@ import ( "context" "flag" "fmt" - "io/ioutil" + "io/fs" "os" "path/filepath" "strings" @@ -49,8 +49,8 @@ func (p *HistoryCmd) Execute(_ context.Context, _ *flag.FlagSet, _ ...interface{ return subcommands.ExitFailure } for _, d := range dirs { - var files []os.FileInfo - if files, err = ioutil.ReadDir(d); err != nil { + var files []fs.DirEntry + if files, err = os.ReadDir(d); err != nil { return subcommands.ExitFailure } var hosts []string diff --git a/subcmds/report.go b/subcmds/report.go index 7c424296..828bd105 100644 --- a/subcmds/report.go +++ b/subcmds/report.go @@ -265,7 +265,6 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{} // report reports := []reporter.ResultWriter{ reporter.StdoutWriter{ - FormatCsv: p.formatCsv, FormatFullText: p.formatFullText, FormatOneLineText: p.formatOneLineText, FormatList: p.formatList, diff --git a/subcmds/scan.go b/subcmds/scan.go index db323da7..18b0ec84 100644 --- a/subcmds/scan.go +++ b/subcmds/scan.go @@ -4,7 +4,7 @@ import ( "context" "flag" "fmt" - "io/ioutil" + "io" "os" "path/filepath" "strings" @@ -127,7 +127,7 @@ func (p *ScanCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) if 0 < len(f.Args()) { servernames = f.Args() } else if config.Conf.Pipe { - bytes, err := ioutil.ReadAll(os.Stdin) + bytes, err := io.ReadAll(os.Stdin) if err != nil { logging.Log.Errorf("Failed to read stdin. err: %+v", err) return subcommands.ExitFailure diff --git a/tui/tui.go b/tui/tui.go index f0d696d1..8dbe075a 100644 --- a/tui/tui.go +++ b/tui/tui.go @@ -9,9 +9,11 @@ import ( "text/template" "time" + "golang.org/x/exp/slices" "golang.org/x/xerrors" "github.com/future-architect/vuls/config" + "github.com/future-architect/vuls/cti" "github.com/future-architect/vuls/logging" "github.com/future-architect/vuls/models" "github.com/future-architect/vuls/util" @@ -845,6 +847,32 @@ func setChangelogLayout(g *gocui.Gui) error { } } + if len(vinfo.Ctis) > 0 { + lines = append(lines, "\n", + "Cyber Threat Intelligence", + "=========================", + ) + + attacks := []string{} + capecs := []string{} + for _, techniqueID := range vinfo.Ctis { + technique, ok := cti.TechniqueDict[techniqueID] + if !ok { + continue + } + if strings.HasPrefix(techniqueID, "CAPEC-") { + capecs = append(capecs, fmt.Sprintf("* %s", technique.Name)) + } else { + attacks = append(attacks, fmt.Sprintf("* %s", technique.Name)) + } + } + slices.Sort(attacks) + slices.Sort(capecs) + lines = append(lines, append([]string{"MITRE ATT&CK:"}, attacks...)...) + lines = append(lines, "\n") + lines = append(lines, append([]string{"CAPEC:"}, capecs...)...) + } + if currentScanResult.Config.Scan.Servers[currentScanResult.ServerName].Mode.IsDeep() { lines = append(lines, "\n", "ChangeLogs",