From 03600227d246294afb748c52c2f3fbbe66fb45c0 Mon Sep 17 00:00:00 2001
From: Andrea Cardaci <cyrus.and@gmail.com>
Date: Sat, 14 Sep 2024 10:04:58 +0200
Subject: [PATCH] =?UTF-8?q?Add=20MITRE=20ATT&CK=C2=AE=20Navigator=20JSON?=
 =?UTF-8?q?=20and=20link?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 index.md   |  2 ++
 mitre.json | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 70 insertions(+)
 create mode 100644 mitre.json

diff --git a/index.md b/index.md
index c4cb7bd..1c949c1 100644
--- a/index.md
+++ b/index.md
@@ -25,6 +25,8 @@ If you are looking for Windows binaries you should visit [LOLBAS][].
 [Contributors][contributors]
 |
 [JSON API]({{ '/api.json' | relative_url }})
+|
+[MITRE ATT&CK® Navigator](https://mitre-attack.github.io/attack-navigator/#layerURL={{ '/mitre.json' | absolute_url }})
 {:.centered}
 
 [contributors]: https://github.com/GTFOBins/GTFOBins.github.io/graphs/contributors
diff --git a/mitre.json b/mitre.json
new file mode 100644
index 0000000..b5e6e74
--- /dev/null
+++ b/mitre.json
@@ -0,0 +1,68 @@
+---
+---
+{%- comment -%}capture the entries that have MITRE ids assigned {%- endcomment -%}
+{%- assign techniques = '' | split: '' -%}
+{%- for gtfobin in site.gtfobins -%}
+    {%- capture name -%}{%- include get_gtfobin_name.html path=gtfobin.path -%}{%- endcapture -%}
+    {%- for function_item in gtfobin.functions -%}
+        {%- assign function_name = function_item[0] -%}
+        {%- assign function = function_item[1] -%}
+        {%- for example in function -%}
+            {%- if example.mitre -%}
+                {%- capture item -%}{{ example.mitre }},{{ name }},{{ function_name }},{{ gtfobin.url | absolute_url }}{%- endcapture -%}
+                {%- assign item = item | split: ',' -%}
+                {%- assign techniques = techniques | push: item -%}
+            {%- endif -%}
+        {%- endfor -%}
+    {%- endfor -%}
+{%- endfor -%}
+{
+    "name": {{ site.title | jsonify }},
+    "versions": {
+        "attack": "15",
+        "navigator": "5.0.1",
+        "layer": "4.5"
+    },
+	"links": [
+		{
+			"label": "GTFOBins",
+			"url": {{ '/' | absolute_url | jsonify }}
+		}
+	],
+    "layout": {
+        "expandedSubtechniques": "annotated"
+    },
+    "domain": "enterprise-attack",
+    "filters": {
+        "platforms": [
+            "Linux",
+            "macOS"
+        ]
+    },
+    "techniques": [
+        {%- assign techniques = techniques | group_by_exp: "item", "item[0]" -%}
+        {%- for group in techniques -%}
+            {%- assign technique = group.name -%}
+            {%- assign gtfobins = '' | split: '' -%}
+            {%- for item in group.items -%}
+                {%- capture fields -%},{{ item[1] }},{{ item[2] }},{{ item[3] }}{%- endcapture -%}
+                {%- assign gtfobins = gtfobins | push: fields -%}
+            {%- endfor -%}
+            {
+                "techniqueID": {{ technique | jsonify }},
+                "links": [
+                    {%- assign gtfobins = gtfobins | uniq -%}
+                    {%- for gtfobin in gtfobins -%}
+                        {%- assign fields = gtfobin | split: ',' -%}
+                        {
+                            "label": {{ fields[1] | jsonify }},
+                            "url": {{ fields[3] | append: '#' | append: fields[2] | jsonify }}
+                        }
+                        {%- unless forloop.last -%},{%- endunless -%}
+                    {%- endfor -%}
+                ]
+            }
+            {%- unless forloop.last -%},{%- endunless -%}
+        {%- endfor -%}
+    ]
+}