├── hooks ├── post_checkout ├── pre_build └── post_push ├── .gitmodules ├── Dockerfile ├── CONTRIBUTING.md ├── .github └── ISSUE_TEMPLATE │ ├── feature_request.md │ └── bug_report.md ├── Makefile ├── LICENSE.txt ├── .gitignore ├── ISSUES.md ├── README.md └── CODE_OF_CONDUCT.md /hooks/post_checkout: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | git submodule init 4 | git submodule update 5 | 6 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "attack-navigator"] 2 | path = attack-navigator 3 | url = https://github.com/mitre-attack/attack-navigator 4 | -------------------------------------------------------------------------------- /hooks/pre_build: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | NODE_VERSION="10" 4 | 5 | docker run --rm -i -v `pwd`/attack-navigator:/attack-navigator node:$NODE_VERSION /bin/sh -c 'cd /attack-navigator/nav-app && npm install && npm run build' 6 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # We're built on a super-small Linux distro 2 | FROM nginx:stable-alpine 3 | 4 | # But if it all breaks, blame us instead 5 | MAINTAINER David J. Bianco 6 | 7 | # Copy the ATT&CK Navigator source to the local system 8 | COPY attack-navigator/nav-app/dist /usr/share/nginx/html 9 | -------------------------------------------------------------------------------- /hooks/post_push: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | export REPO="davidjbianco" 4 | export IMAGE_NAME="attacknav" 5 | export DATE=`date '+%Y%m%d'` 6 | 7 | # If we just built and pushed the ":latest" tag, also tag it with the 8 | # current date and push that. 9 | if [ "$CACHE_TAG" = "latest" ]; then 10 | docker tag $REPO/$IMAGE_NAME:latest $REPO/$IMAGE_NAME:$DATE 11 | docker push $REPO/$IMAGE_NAME:$DATE 12 | fi 13 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing to HuntLib 2 | 3 | ### Issues 4 | Issues are always welcome! You can expect conversation. 5 | 6 | ### Pull Requests 7 | 8 | These rules must be followed for any contributions to be merged into master. A Git installation is required. 9 | 10 | 1. Fork this repo 11 | 1. Create a branch 12 | 1. Complete desired changes 13 | 1. Validate the changes meet your desired use case 14 | 1. Ensure documentation has been updated 15 | 1. Open a pull-request: you can expect a discussion 16 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | 5 | --- 6 | 7 | **Is your feature request related to a problem? Please describe.** 8 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 9 | 10 | **Describe the solution you'd like** 11 | A clear and concise description of what you want to happen. 12 | 13 | **Describe alternatives you've considered** 14 | A clear and concise description of any alternative solutions or features you've considered. 15 | 16 | **Additional context** 17 | Add any other context or screenshots about the feature request here. 18 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | DATE=`date '+%Y%m%d'` 2 | IMAGE_NAME="attacknav" 3 | REPO="davidjbianco" 4 | NODE_VERSION="10-slim" 5 | 6 | build: Dockerfile refresh 7 | docker run -it --rm -v `pwd`/attack-navigator:/attack-navigator node:$(NODE_VERSION) /bin/sh -c 'cd /attack-navigator/nav-app && npm install && npm install node-sass && npm run build' 8 | docker build -t $(REPO)/$(IMAGE_NAME):dev -t $(REPO)/$(IMAGE_NAME):$(DATE) . 9 | 10 | refresh: 11 | docker pull node:$(NODE_VERSION) 12 | docker pull nginx:stable-alpine 13 | git submodule init 14 | git submodule update 15 | 16 | run: 17 | docker run -it -p 80:80 $(REPO)/$(IMAGE_NAME):dev 18 | 19 | push: 20 | docker push $(REPO)/$(IMAGE_NAME):latest 21 | docker push $(REPO)/$(IMAGE_NAME):$(DATE) 22 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | 5 | --- 6 | 7 | **Describe the bug** 8 | A clear and concise description of what the bug is. 9 | 10 | **To Reproduce** 11 | Steps to reproduce the behavior: 12 | 1. Go to '...' 13 | 2. Click on '....' 14 | 3. Scroll down to '....' 15 | 4. See error 16 | 17 | **Expected behavior** 18 | A clear and concise description of what you expected to happen. 19 | 20 | **Screenshots** 21 | If applicable, add screenshots to help explain your problem. 22 | 23 | **Desktop (please complete the following information):** 24 | - OS: [e.g. iOS] 25 | - Browser [e.g. chrome, safari] 26 | - Version [e.g. 22] 27 | 28 | **Smartphone (please complete the following information):** 29 | - Device: [e.g. iPhone6] 30 | - OS: [e.g. iOS8.1] 31 | - Browser [e.g. stock browser, safari] 32 | - Version [e.g. 22] 33 | 34 | **Additional context** 35 | Add any other context about the problem here. 36 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2018 Target Brands, Inc. 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (the "Software"), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in all 11 | copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | SOFTWARE. 20 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Logs 2 | logs 3 | *.log 4 | npm-debug.log* 5 | yarn-debug.log* 6 | yarn-error.log* 7 | 8 | # Runtime data 9 | pids 10 | *.pid 11 | *.seed 12 | *.pid.lock 13 | 14 | # Directory for instrumented libs generated by jscoverage/JSCover 15 | lib-cov 16 | 17 | # Coverage directory used by tools like istanbul 18 | coverage 19 | 20 | # nyc test coverage 21 | .nyc_output 22 | 23 | # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) 24 | .grunt 25 | 26 | # Bower dependency directory (https://bower.io/) 27 | bower_components 28 | 29 | # node-waf configuration 30 | .lock-wscript 31 | 32 | # Compiled binary addons (http://nodejs.org/api/addons.html) 33 | build/Release 34 | 35 | # Dependency directories 36 | node_modules/ 37 | jspm_packages/ 38 | 39 | # Typescript v1 declaration files 40 | typings/ 41 | 42 | # Optional npm cache directory 43 | .npm 44 | 45 | # Optional eslint cache 46 | .eslintcache 47 | 48 | # Optional REPL history 49 | .node_repl_history 50 | 51 | # Output of 'npm pack' 52 | *.tgz 53 | 54 | # Yarn Integrity file 55 | .yarn-integrity 56 | 57 | # dotenv environment variables file 58 | .env 59 | 60 | # NPM build artifacts 61 | package-lock.json 62 | -------------------------------------------------------------------------------- /ISSUES.md: -------------------------------------------------------------------------------- 1 | ## Issues tracking and resolution 2 | 3 | ### 1. Make failing to build 4 | 5 | If you get the error below and got a build error: 6 | ``` 7 | > node install 8 | 9 | node-pre-gyp ERR! Tried to download(404): https://fsevents-binaries.s3-us-west-2.amazonaws.com/v1.1.3/fse-v1.1.3-node-v64-darwin-x64.tar.gz 10 | node-pre-gyp ERR! Pre-built binaries not found for fsevents@1.1.3 and node@10.11.0 (node-v64 ABI, unknown) (falling back to source compile with node-gyp) 11 | node-pre-gyp ERR! Tried to download(undefined): https://fsevents-binaries.s3-us-west-2.amazonaws.com/v1.1.3/fse-v1.1.3-node-v64-darwin-x64.tar.gz 12 | node-pre-gyp ERR! Pre-built binaries not found for fsevents@1.1.3 and node@10.11.0 (node-v64 ABI, unknown) (falling back to source compile with node-gyp) 13 | 14 | ``` 15 | 16 | #### Resolution 17 | This is fixed. The original problem was that the ATT&CK Navigator module has a dependency on fsevents v1.1.3 when building on OS X. It tried to pull down precompiled binaries for node.js (10.11.0), but they weren't available. 18 | 19 | We now use a Docker container with `node` installed inside it to build, so the build environment is consistent every time (and it's not OS X, so fsevents isn't even used.) 20 | 21 | ------------- 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # attack-navigator-docker 2 | A simple Docker container that serves the MITRE ATT&CK Navigator web app 3 | 4 | [![Target’s CFC-Open-Source Slack](https://cfc-slack-inv.herokuapp.com/badge.svg?colorA=155799&colorB=159953)](https://cfc-slack-inv.herokuapp.com/) 5 | 6 | ## Prerequisites 7 | 8 | You really just need Docker and an Internet connection. 9 | 10 | ## Building 11 | 12 | First, check out the code: 13 | 14 | git clone --recurse-submodules https://github.com/target/attack-navigator-docker.git 15 | 16 | Now just change directory into the repo and run `make`: 17 | 18 | cd attack-navigator-docker 19 | make 20 | 21 | ### The Build Process Explained 22 | 23 | By default, the `Makefile` will pull down docker containers for `nginx` (which is the base of the final image we build) and `node`, which is used during the build process. It will also update the MITRE ATT&CK Navigator app's repo, which we include here as a submodule. Thus, whenever you build, you'll get the latest published version of the app. 24 | 25 | Once the images are staged and the app code updated, we run an ephemeral copy of the `node` container, in which we mount and build the app. The container is automatically deleted at the end of the run, but it leaves the compiled app in `attack-navigator/nav-app/dist`. 26 | 27 | Next, we call `docker build` with a very simple `Dockerfile` that just creates an `nginx` container with the app code copied into the web content directory. That's really all that's necessary to get this app running in Docker. 28 | 29 | **NOTE:** The copy you just built with the makefile will be tagged as ":dev". You can manually tag it with something else if you like (e.g., ":latest"). 30 | 31 | ## Running the Container 32 | 33 | You have two options. First, you can change directory into the repo and just run `make run` to start up the container with the most common options. Then just point your browser to [http://localhost:80](http://localhost:80) to access the Navigator. This will run the image version tagged as ":dev", which is typically the last version you built. 34 | 35 | Alternatively, if you're Docker friendly, you can run the container manually: 36 | 37 | docker run -it -p 80:80 --name attacknav davidjbianco/attacknav:dev 38 | 39 | As written, this is the same command the the `Makefile` uses to start the container, but this way you have the option to specify the exact Docker options you want. 40 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as 6 | contributors and maintainers pledge to make participation in our project and 7 | our community a harassment-free experience for everyone, regardless of age, body 8 | size, disability, ethnicity, gender identity and expression, level of experience, 9 | nationality, personal appearance, race, religion, or sexual identity and 10 | orientation. 11 | 12 | ## Our Standards 13 | 14 | Examples of behavior that contributes to creating a positive environment 15 | include: 16 | 17 | * Using welcoming and inclusive language 18 | * Being respectful of differing viewpoints and experiences 19 | * Gracefully accepting constructive criticism 20 | * Focusing on what is best for the community 21 | * Showing empathy towards other community members 22 | 23 | Examples of unacceptable behavior by participants include: 24 | 25 | * The use of sexualized language or imagery and unwelcome sexual attention or 26 | advances 27 | * Trolling, insulting/derogatory comments, and personal or political attacks 28 | * Public or private harassment 29 | * Publishing others' private information, such as a physical or electronic 30 | address, without explicit permission 31 | * Other conduct which could reasonably be considered inappropriate in a 32 | professional setting 33 | 34 | ## Our Responsibilities 35 | 36 | Project maintainers are responsible for clarifying the standards of acceptable 37 | behavior and are expected to take appropriate and fair corrective action in 38 | response to any instances of unacceptable behavior. 39 | 40 | Project maintainers have the right and responsibility to remove, edit, or 41 | reject comments, commits, code, wiki edits, issues, and other contributions 42 | that are not aligned to this Code of Conduct, or to ban temporarily or 43 | permanently any contributor for other behaviors that they deem inappropriate, 44 | threatening, offensive, or harmful. 45 | 46 | ## Scope 47 | 48 | This Code of Conduct applies both within project spaces and in public spaces 49 | when an individual is representing the project or its community. Examples of 50 | representing a project or community include using an official project e-mail 51 | address, posting via an official social media account, or acting as an appointed 52 | representative at an online or offline event. Representation of a project may be 53 | further defined and clarified by project maintainers. 54 | 55 | ## Enforcement 56 | 57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 58 | reported by contacting the project team at 59 | [TTS-OpenSource-Office@target.com](mailto:TTS-OpenSource-Office@target.com). All 60 | complaints will be reviewed and investigated and will result in a response that 61 | is deemed necessary and appropriate to the circumstances. The project team is 62 | obligated to maintain confidentiality with regard to the reporter of an incident. 63 | Further details of specific enforcement policies may be posted separately. 64 | 65 | Project maintainers who do not follow or enforce the Code of Conduct in good 66 | faith may face temporary or permanent repercussions as determined by other 67 | members of the project's leadership. 68 | 69 | ## Attribution 70 | 71 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, 72 | available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html 73 | 74 | [homepage]: https://www.contributor-covenant.org 75 | --------------------------------------------------------------------------------