.. image:: https://readthedocs.org/projects/swat/badge/?version=latest :target: https://swat.readthedocs.io/en/latest/?badge=latest :alt: Documentation Status
.. image:: https://img.shields.io/badge/python-3670A0?style=for-the-badge&logo=python&logoColor=ffdd54 :target: https://www.python.org/downloads/ :alt: Python
.. image:: https://img.shields.io/badge/ATT&CK-Navigator-red.svg?style=for-the-badge&logoColor=white :target: https://attack.mitre.org/matrices/enterprise/cloud/googleworkspace/ :alt: ATT&CK Coverage
.. image:: https://img.shields.io/badge/Google_Cloud-4285F4?style=for-the-badge&logo=google-cloud&logoColor=white :target: https://workspace.google.com/ :alt: Google Cloud
SWAT (Simple Workspace ATT&CK Tool) is a robust red teaming tool tailored for Google Workspace environments. Its primary aim is to assist Elastic rule authors, threat researchers, and the broader community with simulated attack exercises against Google Workspace infrastructures. The overarching goal is to drive threat research and craft precise detection rules. SWAT emphasizes simplicity, intuitiveness, and is rooted in the MITRE ATT&CK framework. However, its straightforward nature doesn't limit its flexibility. Its modular architecture encourages users and community members to extend its functionalities seamlessly.
Google Workspace, widely known as GSuite previously, is a collection of Google's digital services, such as Gmail, Drive, Docs, and Sheets. Its vast features set makes it a staple for numerous businesses, from startups to large corporations. With such widespread usage, it becomes an enticing target for cyber threat actors with varying objectives, from data breaches to system compromises. SWAT, envisioned by the Threat Research and Detection Engineering (TRaDE) team at Elastic, emerges as a crucial tool for evaluating detection rule effectiveness and hosting red teaming exercises for Google Workspace environments.
official website <https://www.python.org/downloads/>
_.python3 -m venv swat-env
in your desired location.source swat-env/bin/activate (macOS/Linux)
or swat-env\Scripts\activate (Windows)
.Poetry's official website <https://python-poetry.org/docs/#installation>
_.poetry install
.swat
or poetry run swat
.The comprehensive documentation is available on ReadTheDocs: SWAT Documentation <https://swat.readthedocs.io/>
. Developers keen on diving deeper into the code or contributing can begin with the Developer's Guide <https://swat.readthedocs.io/en/latest/developers.html>
.
The birth of SWAT was influenced by several pioneering projects:
Elastic Dorothy <https://github.com/elastic/dorothy>
_Endgame's Red Team Automation (RTA) <https://github.com/endgameinc/RTA>
_Red Canary's Atomic Red Team <https://github.com/redcanaryco/atomic-red-team>
_Splunk's Attack Range <https://github.com/splunk/attack_range>
_MITRE's Caldera <https://github.com/mitre/caldera>
_Drawing from these inspirations and addressing the unique challenges of red teaming within Google Workspace, SWAT stands as an embodiment of collaborative and purposeful development.
Your contributions can shape SWAT! Dive into our Contributing Guide <https://swat.readthedocs.io/en/latest/contributing.html>
_ for details.
Encountering issues? Reach out! Initiate a discussion <https://github.com/elastic/SWAT/discussions>
_ on our GitHub repository.
Stay updated about SWAT's latest developments by visiting our CHANGELOG <https://swat.readthedocs.io/en/latest/changelog.html>
_.
SWAT is open-source, licensed under the Apache License, Version 2.0. Delve into the LICENSE file for comprehensive details or visit Apache License 2.0 <http://www.apache.org/licenses/>
_.