https://github.com/facebookincubator/TTPForge

The TTPForge is a Framework created to facilitate the development, automation, and execution of Tactics, Techniques, and Procedures (TTPs).

TTPForge

This repo hosts the TTPForge tool created by Meta's Purple Team. It is intended to provide an interface to execute TTPs across various targets and mediums.

---

Table of Contents

• Getting Started - User
• Getting Started - Developer
• Using the TTPForge Dev Container
• Code Standards
• Creating a new release
• TTPForge Building Blocks

---

Getting started as a user

Grab the latest release

1. Download and install the gh cli tool:

• macOS
• Linux
• Windows

1. Get latest TTPForge release:

   # Download utility functions
   bashutils_url="https://raw.githubusercontent.com/l50/dotfiles/main/bashutils"
   
   # Define the local path of bashutils.sh
   bashutils_path="/tmp/bashutils"
   
   if [[ ! -f "${bashutils_path}" ]]; then
      # bashutils.sh doesn't exist locally, so download it
      curl -s "${bashutils_url}" -o "${bashutils_path}"
   fi
   
   # Source bashutils
   # shellcheck source=/dev/null
   source "${bashutils_path}"
   
   fetchFromGithub "facebookincubator" "TTPForge" "v1.0.1" ttpforge $GITHUB_TOKEN

   At this point, the latest ttpforge release should be in ~/.local/bin/ttpforge and subsequently, the $USER's $PATH.

2. Initialize TTPForge configuration

   This command will place a configuration file at the default location ~/.ttpforge/config.yaml and download the ForgeArmory TTPs repository:

   ttpforge init

3. List available TTP repositories (should show forgearmory)

   ttpforge list repos

4. List available TTPs that you can run:

   ttpforge list ttps

5. Examine an example TTP:

   ttpforge show ttp forgearmory//examples/args/define-args.yaml

6. Run the specified example:

   ttpforge run \
     forgearmory//examples/args/define-args.yaml \
     --arg a_message="hello" \
     --arg a_number=1337