MITRE Caldera
Automated adversary emulation platform built on ATT&CK: planners, abilities, sandboxes, and purple-team reporting.
Why it is included
Reference open purple-team engine for validating detective controls beyond point-in-time pentests.
Best for
Blue teams and purple teams running repeatability tests in lab or scoped production segments.
Strengths
- ATT&CK mapping
- Extensible abilities
- MITRE stewardship
Limitations
- Powerful offensive primitives—governance and isolation mandatory
Good alternatives
Atomic Red Team · commercial BAS
Related tools
Security & Privacy
Atomic Red Team
Library of small tests mapped to ATT&CK techniques—run via Invoke-AtomicRedTeam or CI to validate detections.
Security & Privacy
Sigma
Generic signature format for SIEM/detection rules convertible to Splunk, Elastic, KQL, and many backends.
Security & Privacy
Velociraptor
Endpoint visibility and DFIR: Velociraptor Query Language (VQL), hunts, notebooks, and artifact packs across fleets.
Security & Privacy
BloodHound
Active Directory attack-path graphing: ingest collectors, map privilege chains, and plan remediations.
Security & Privacy
kube-hunter
Penetration testing tool for Kubernetes clusters: active hunting modules for API exposure, services, and misconfigs.
Security & Privacy
GnuPG
OpenPGP implementation for encryption, signing, and key management.