# splunk/attack_range

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/splunk-attack-range).**

2,507 stars · 411 forks · Python · Apache-2.0

## Links

- GitHub: https://github.com/splunk/attack_range
- awesome-repositories: https://awesome-repositories.com/repository/splunk-attack-range.md

## Topics

`adversary` `attack-range` `attack-simulation` `detection` `lab` `simulation` `simulations`

## Description

Attack Range is a cybersecurity breach simulation framework designed to orchestrate the lifecycle of security labs and execute controlled attack scenarios. It functions as a security simulation infrastructure orchestrator, enabling the deployment of instrumented cloud and local environments to validate defensive capabilities and generate security telemetry.

The platform distinguishes itself through configuration-driven automation and infrastructure-as-code orchestration, which allow for the repeatable provisioning of vulnerable environments. It manages the entire simulation lifecycle, from the automated execution of attack sequences to the configuration of endpoint logging and session recording. By applying modular simulation roles, the system triggers specific security events against target servers to test detection rules and alert effectiveness.

The system includes comprehensive operational workflows for managing infrastructure, including secure remote access via encrypted network tunnels and real-time monitoring of asynchronous task execution. It supports both interactive and headless simulation modes, providing a unified interface for building and destroying isolated lab environments.

## Tags

### DevOps & Infrastructure

- [Cybersecurity Breach Simulators](https://awesome-repositories.com/f/devops-infrastructure/deployment-orchestration/deployment-simulators/cybersecurity-breach-simulators.md) — Orchestrates the lifecycle of security labs and executes controlled attack scenarios to validate defensive capabilities.
- [Execution Simulation](https://awesome-repositories.com/f/devops-infrastructure/automated-action-execution/execution-simulation.md) — Executes automated attack sequences against provisioned infrastructure to test detection capabilities and generate realistic security telemetry. ([source](https://github.com/splunk/attack_range#readme))
- [Infrastructure as Code](https://awesome-repositories.com/f/devops-infrastructure/infrastructure-as-code.md) — Uses declarative templates to automate the provisioning and teardown of cloud-based virtual environments and network configurations.
- [Infrastructure Orchestration](https://awesome-repositories.com/f/devops-infrastructure/infrastructure-orchestration.md) — Orchestrates the creation and destruction of cloud-based lab environments using templates to generate security telemetry for analysis. ([source](https://github.com/splunk/attack_range/tree/develop/api))
- [Cloud Infrastructure Orchestration](https://awesome-repositories.com/f/devops-infrastructure/cloud-infrastructure-orchestration.md) — Automates the deployment and teardown of isolated, vulnerable lab environments in the cloud for repeatable security research and testing.
- [Configuration-Driven Deployments](https://awesome-repositories.com/f/devops-infrastructure/configuration-driven-deployments.md) — Executes predefined sequences of security tasks and system settings by parsing structured configuration files during the deployment lifecycle.
- [Testing Environment Templates](https://awesome-repositories.com/f/devops-infrastructure/environment-configuration-orchestration/testing-environment-templates.md) — Stores and retrieves configuration definitions to ensure that testing environments remain consistent and repeatable across every deployment. ([source](https://github.com/splunk/attack_range/tree/develop/api))

### Security & Cryptography

- [Breach Simulation Frameworks](https://awesome-repositories.com/f/security-cryptography/breach-simulation-frameworks.md) — Orchestrates the lifecycle of security labs and executes controlled attack scenarios to measure defensive effectiveness.
- [Attack Simulations](https://awesome-repositories.com/f/security-cryptography/governance-policy-frameworks/compliance-governance/security-and-compliance/security-and-threat-mitigations/attack-simulations.md) — Enables the management, monitoring, and termination of active infrastructure deployments with real-time status updates on security operation progress. ([source](https://github.com/splunk/attack_range/tree/develop/app))
- [Secure Remote Access](https://awesome-repositories.com/f/security-cryptography/secure-remote-access.md) — Configures secure virtual private network tunnels to provide team members with controlled access to simulated lab environments. ([source](https://github.com/splunk/attack_range/blob/develop/README.md))
- [Cybersecurity Training Labs](https://awesome-repositories.com/f/security-cryptography/security/offensive-operations/penetration-testing-ethical-hacking/cybersecurity-training-labs.md) — Provisions and manages secure, temporary environments for teams to practice incident response and threat hunting in a controlled setting.

### Part of an Awesome List

- [Cloud Security Lab Provisioning](https://awesome-repositories.com/f/awesome-lists/devtools/infrastructure-as-code/lab-provisioning-automation/cloud-security-lab-provisioning.md) — Provisions isolated cloud or local environments pre-configured with known security weaknesses to serve as targets for cyberattack exercises. ([source](https://github.com/splunk/attack_range#readme))
- [Preconfigured Lab Environments](https://awesome-repositories.com/f/awesome-lists/devtools/infrastructure-as-code/lab-provisioning-automation/preconfigured-lab-environments.md) — Provisions repeatable and vulnerable testing environments to validate detection capabilities against automated attack sequences.

### Development Tools & Productivity

- [Remote Session Recorders](https://awesome-repositories.com/f/development-tools-productivity/input-recording-and-playback/remote-session-recorders.md) — Captures desktop activity and keystrokes during simulated cyberattacks to generate security telemetry for analysis. ([source](https://github.com/splunk/attack_range/tree/develop/capattack))

### Networking & Communication

- [VPN](https://awesome-repositories.com/f/networking-communication/connection-management/vpn.md) — Automates the deployment of secure network tunnels to provide isolated access to simulated infrastructure during the build process. ([source](https://github.com/splunk/attack_range/tree/develop/api))

### Software Engineering & Architecture

- [Asynchronous Task Execution](https://awesome-repositories.com/f/software-engineering-architecture/concurrency-models/asynchronous-task-execution.md) — Manages long-running infrastructure builds and simulation sequences through a background process model with real-time status tracking.
- [Modular Plugin Frameworks](https://awesome-repositories.com/f/software-engineering-architecture/modular-plugin-frameworks.md) — Applies isolated automation roles to target environments to trigger specific security events without affecting the underlying infrastructure management layer.

### System Administration & Monitoring

- [Remote Access Tunnels](https://awesome-repositories.com/f/system-administration-monitoring/administrative-operations/linux-system-administration/networking/remote-access-tunnels.md) — Establishes secure, isolated communication channels between the management interface and remote lab environments for controlled access.
- [Endpoint Auditing Configurations](https://awesome-repositories.com/f/system-administration-monitoring/audit-logging-systems/endpoint-auditing-configurations.md) — Enables advanced system auditing and process monitoring on target machines to track attacker behavior. ([source](https://github.com/splunk/attack_range/tree/develop/capattack))
- [Lab Lifecycle Management](https://awesome-repositories.com/f/system-administration-monitoring/lab-lifecycle-management.md) — Provides a unified interface for building, destroying, and managing the lifecycle of security simulation environments via command line or programming interfaces. ([source](https://github.com/splunk/attack_range/blob/develop/README.md))
- [Detection Rule Testing](https://awesome-repositories.com/f/system-administration-monitoring/monitoring-and-observability/rule-based-alerting-engines/alerting-rule-validators/automation-rule-testing/detection-rule-testing.md) — Builds and tests security detection rules by simulating real-world cyberattacks against instrumented infrastructure to verify alert effectiveness.
- [Attack-Driven Telemetry Generators](https://awesome-repositories.com/f/system-administration-monitoring/security-audit-logs/attack-driven-telemetry-generators.md) — Creates realistic logs and system audit data by executing automated attack sequences against target servers to populate security analysis platforms.
- [Agent-Based Collectors](https://awesome-repositories.com/f/system-administration-monitoring/telemetry-collection/agent-based-collectors.md) — Deploys monitoring agents onto target systems to capture and forward granular security events for analysis.

### Testing & Quality Assurance

- [Security Event Simulators](https://awesome-repositories.com/f/testing-quality-assurance/synthetic-traffic-generators/security-event-simulators.md) — Applies custom automation roles against running infrastructure to trigger specific security events and test detection capabilities. ([source](https://github.com/splunk/attack_range/tree/develop/api))
