thomaspatzke/mitre_attack_oneliners.sh

## mitre_attack_oneliners.sh
# Requires: curl, jq

# Download MITRE ATT&CK data from GitHub repository
curl -o enterprise-attack.json https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json

# List all ATT&CK object types
jq -r '[ .objects[].type ] | unique | .[]' enterprise-attack.json

# List all ATT&CK technique identifiers
jq -r '[ .objects[] | select(.type == "attack-pattern") | .external_references[] | select(.source_name == "mitre-attack") | .external_id ] | sort | .[]' enterprise-attack.json

# List all software identifiers
jq -r '[ .objects[] | select(.type == "tool" or .type == "malware") | .external_references[] | select(.source_name == "mitre-attack") | .external_id ] | sort | .[]' enterprise-attack.json

# List all attacker group identifiers
jq -r '[ .objects[] | select(.type == "intrusion-set") | .external_references[] | select(.source_name == "mitre-attack") | .external_id ] | sort | .[]' enterprise-attack.json
	# Requires: curl, jq

	# Download MITRE ATT&CK data from GitHub repository
	curl -o enterprise-attack.json https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json

	# List all ATT&CK object types
	jq -r '[ .objects[].type ] \| unique \| .[]' enterprise-attack.json

	# List all ATT&CK technique identifiers
	jq -r '[ .objects[] \| select(.type == "attack-pattern") \| .external_references[] \| select(.source_name == "mitre-attack") \| .external_id ] \| sort \| .[]' enterprise-attack.json

	# List all software identifiers
	jq -r '[ .objects[] \| select(.type == "tool" or .type == "malware") \| .external_references[] \| select(.source_name == "mitre-attack") \| .external_id ] \| sort \| .[]' enterprise-attack.json

	# List all attacker group identifiers
	jq -r '[ .objects[] \| select(.type == "intrusion-set") \| .external_references[] \| select(.source_name == "mitre-attack") \| .external_id ] \| sort \| .[]' enterprise-attack.json