Idea: Get-AtomicStatistics function to pull stats on atomics directory

redcanaryco / invoke-atomicredteam

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.

MIT License

815 stars 193 forks source link

Idea: Get-AtomicStatistics function to pull stats on atomics directory #71

Closed mgraeber-rc closed 2 years ago

mgraeber-rc commented 3 years ago

We get a lot of question about what atomic red team has/doesn't have in terms of coverage and often times the answer is present by scraping the atomic YAML and hacking together a number. For example, how many atomic test are applicable to macos? What percentage of tests are applicable to linux, etc.

What common questions do you have of the atomics directory in atomic-red-team? What output might you like to see from a Get-AtomicStatistics function? Add your feedback to this issue. Thank you!

briancdonohue commented 3 years ago

Not sure this is possible with PowerShell (or in scope), but it would be neat to be able to search the contents of tests. For example, maybe I want to know every test that leverages runddl32.exe (including those that don't map to it).

clr2of8 commented 2 years ago

I believe a soon to be revealed feature of atomicredteam.io is going to fulfill this. Hang on just a little longer ...