How to set up Metta with Vagrant and VirtualBox?

Follow the setup.md and wiki for detailed steps, but expect to install Vagrant, VirtualBox, Redis, and Celery, which can be complex and time-consuming for first-time users.

Metta vs Atomic Red Team: which is better for security testing?

Metta focuses on YAML-based simulation in Vagrant environments with Celery queuing, while Atomic Red Team uses simpler PowerShell/Python scripts for quick tests. Choose Metta for structured, automated scenarios in VMs.

How do I create a custom YAML action for Metta?

Define a YAML file with an OS field and a purple_actions array of commands, ensuring to escape quotes and special characters as per the README's gotchas to avoid execution errors.

Does Metta work with cloud VMs like AWS or Azure?

Primarily designed for Vagrant with VirtualBox, so it doesn't natively support cloud platforms; you'd need to adapt the Vagrant configuration, which may require extra effort.

Can Metta be integrated into CI/CD pipelines?

Yes, but integration is manual since it relies on Vagrant VMs and Celery; you'd need to script the setup and execution, which might slow down pipelines due to VM overhead.

What are the performance implications of using Metta?

Running simulations in Vagrant VMs can be resource-intensive and slower than bare-metal or container-based tools, affecting testing speed and scalability.

Open-Awesome

Metta

MITPython

An information security preparedness tool for adversarial simulation using Redis/Celery, Python, and Vagrant.

GitHub

1.1k stars155 forks0 contributors

What is Metta?

Metta is an open-source information security preparedness tool that performs adversarial simulation to test host-based and network-based security defenses. It parses YAML files containing attack actions and uses Celery to queue and execute them sequentially in Vagrant virtual machines. This helps organizations proactively identify weaknesses in their security instrumentation.

Target Audience

Security professionals, red teams, and blue teams responsible for testing and improving organizational security defenses through realistic attack simulations.

Value Proposition

Developers choose Metta for its integration with MITRE ATT&CK frameworks, flexible scenario building via YAML, and self-hosted Vagrant environments that provide safe, isolated testing without relying on external services.

Overview

An information security preparedness tool to do adversarial simulation.

Use Cases

Best For

Testing host-based security instrumentation against known attack techniques
Simulating adversarial actions organized by MITRE ATT&CK phases
Building custom security testing scenarios with YAML-defined actions
Running sequential attack commands in isolated Vagrant environments
Integrating Celery and Redis for scalable, queued security task execution
Self-hosting security simulation tools without cloud dependencies

Not Ideal For

Teams needing quick, ad-hoc security tests without virtual machine setup
Organizations lacking Vagrant and VirtualBox infrastructure
Projects requiring real-time, interactive red teaming with GUI interfaces

Pros & Cons

Pros

MITRE ATT&CK Alignment

Actions are organized by MITRE ATT&CK phases, enabling structured security testing as shown in the README's folder structure like MITRE/Discovery.

Flexible Scenario Building

Supports creating complex attack chains via YAML files with purple_actions arrays and scenario definitions, allowing customizable simulations.

Isolated Testing Environments

Uses Vagrant with VirtualBox to create safe, isolated VMs for simulation, minimizing risk to production systems.

Automated Task Execution

Leverages Celery and Redis to queue and run actions sequentially, enabling hands-off, scalable security testing.

Cons

Steep Initial Setup

Requires installing and configuring Vagrant, VirtualBox, Redis, and Celery, which the brief README defers to setup.md and a wiki, indicating complexity.

Command Escaping Pitfalls

The README's 'Gotchas' section notes that quotes and shell characters must be escaped in commands, leading to potential errors in action execution.

Vendor Lock-in to Vagrant

Tightly coupled with Vagrant and VirtualBox, limiting portability to other virtualization or cloud platforms without significant modification.

Frequently Asked Questions

Related Projects

Atomic Red Team

Small and highly portable detection tests based on MITRE's ATT&CK.

Stars12,097

Forks3,135

Last commit4 days ago

Caldera

Automated Adversary Emulation Platform

Stars7,049

Forks1,348

Last commit2 days ago

APTSimulator

A toolset to make a system look as if it was the victim of an APT attack

Stars2,750

Forks451

Last commit8 months ago

Network Flight Simulator (flightsim)

A utility to safely generate malicious network traffic patterns and evaluate controls.

Stars1,360

Forks144

Last commit2 years ago

Community-curated · Updated weekly · 100% open source

Found a gem we're missing?

Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.

Submit a project Star on GitHub