caldera
by mitre
MITRE Caldera is an automated adversary emulation platform that enables red teams and incident responders to simulate cyber attacks and automate security operations based on the MITRE ATT&CK framework.
Automated Adversary Emulation Platform
Primary Use Case
Caldera is primarily used by red teams, penetration testers, and incident response teams to emulate adversary behaviors, test defenses, and automate security workflows. It helps organizations validate their security posture and improve detection and response capabilities by simulating realistic attack scenarios.
- Asynchronous command-and-control (C2) server with REST API and web interface
- Built on the MITRE ATT&CK framework for adversary emulation
- Extensible via plugins to add agents, reporting, TTP collections, and more
- Supports automation of red team operations and incident response
- Includes default plugins for initial access, payload building, incident response, and visualization
- Provides training resources, tutorials, and documentation
- Active research project with ongoing development and community engagement
- Supports ICS/OT capabilities through dedicated plugins
Installation
- Clone the repository from https://github.com/mitre/caldera
- Install required dependencies as per the documentation at https://caldera.readthedocs.io/en/latest/
- Run the core system which includes the asynchronous C2 server
- Access the web interface to interact with the platform
- Optionally install and enable plugins to extend functionality
Usage
>_ Start the Caldera serverLaunches the asynchronous command-and-control server with REST API and web interface
>_ Use the web interfaceInteract with Caldera’s features including adversary emulation, operation management, and reporting
>_ Install plugins like Access, Atomic, or ResponseExtend the core framework with additional capabilities such as initial access tools, atomic red team TTPs, and incident response automation
- Integrate Caldera with SIEM tools to automate detection validation and tuning.
- Use Caldera’s plugin architecture to customize adversary emulations for industry-specific threats.
- Leverage Caldera in purple team exercises to improve collaboration between red and blue teams.
- Automate continuous security posture assessments by scheduling regular Caldera attack simulations.
- Combine Caldera with threat intelligence feeds to dynamically update TTPs and enhance realism.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about caldera. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
Awesome-Hacking
Hack-with-Github/Awesome-Hacking
A collection of various awesome lists for hackers, pentesters and security researchers
hackingtool
Z4nzu/hackingtool
ALL IN ONE Hacking Tool For Hackers
mitmproxy
mitmproxy/mitmproxy
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
sqlmap
sqlmapproject/sqlmap
Automatic SQL injection and database takeover tool
metasploit-framework
rapid7/metasploit-framework
Metasploit Framework
h4cker
The-Art-of-Hacking/h4cker
This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vulnerability research, exploit development, reverse engineering, and more. 🔥 Also check: https://hackertraining.org