attacklm 0.4.1__tar.gz → 0.5.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (208) hide show
  1. {attacklm-0.4.1 → attacklm-0.5.0}/PKG-INFO +1 -1
  2. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/manifest.json +61 -4
  3. attacklm-0.5.0/data/datasets/buckets/sources/elastic-rules/LICENSE.md +84 -0
  4. attacklm-0.5.0/data/datasets/buckets/sources/elastic-rules/SOURCE.md +10 -0
  5. attacklm-0.5.0/data/datasets/buckets/sources/mordor/LICENSE.md +85 -0
  6. attacklm-0.5.0/data/datasets/buckets/sources/mordor/SOURCE.md +10 -0
  7. attacklm-0.5.0/data/datasets/buckets/sources/nist-ir/LICENSE.md +14 -0
  8. attacklm-0.5.0/data/datasets/buckets/sources/nist-ir/SOURCE.md +10 -0
  9. attacklm-0.5.0/data/datasets/buckets/sources/sigma-hq/LICENSE.md +21 -0
  10. attacklm-0.5.0/data/datasets/buckets/sources/sigma-hq/SOURCE.md +10 -0
  11. attacklm-0.5.0/data/datasets/buckets/sources/splunk-content/LICENSE.md +6 -0
  12. attacklm-0.5.0/data/datasets/buckets/sources/splunk-content/SOURCE.md +10 -0
  13. attacklm-0.5.0/data/datasets/buckets/sources/threathunter-playbook/LICENSE.md +6 -0
  14. attacklm-0.5.0/data/datasets/buckets/sources/threathunter-playbook/SOURCE.md +10 -0
  15. attacklm-0.5.0/notes/BLUE_TEAM_DESIGN_v0.5.0.md +792 -0
  16. attacklm-0.5.0/presets/blue-team.json +14 -0
  17. attacklm-0.5.0/presets/purple-team.json +14 -0
  18. attacklm-0.5.0/presets/red-team.json +14 -0
  19. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/balance_buckets.py +102 -1
  20. attacklm-0.5.0/scripts/extract_elastic_rules.py +323 -0
  21. attacklm-0.5.0/scripts/extract_mordor.py +368 -0
  22. attacklm-0.5.0/scripts/extract_nist_ir.py +574 -0
  23. attacklm-0.5.0/scripts/extract_sigma_defensive.py +284 -0
  24. attacklm-0.5.0/scripts/extract_splunk_content.py +285 -0
  25. attacklm-0.5.0/scripts/extract_threathunter_playbook.py +275 -0
  26. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/init_pipeline.py +56 -0
  27. attacklm-0.5.0/src/attacklm/__version__.py +1 -0
  28. {attacklm-0.4.1 → attacklm-0.5.0}/src/attacklm/cli.py +6 -0
  29. attacklm-0.4.1/src/attacklm/__version__.py +0 -1
  30. {attacklm-0.4.1 → attacklm-0.5.0}/.github/workflows/release.yml +0 -0
  31. {attacklm-0.4.1 → attacklm-0.5.0}/.gitignore +0 -0
  32. {attacklm-0.4.1 → attacklm-0.5.0}/ATTRIBUTION.md +0 -0
  33. {attacklm-0.4.1 → attacklm-0.5.0}/CHANGELOG.md +0 -0
  34. {attacklm-0.4.1 → attacklm-0.5.0}/CONTRIBUTING.md +0 -0
  35. {attacklm-0.4.1 → attacklm-0.5.0}/EVALUATION.md +0 -0
  36. {attacklm-0.4.1 → attacklm-0.5.0}/LICENSE +0 -0
  37. {attacklm-0.4.1 → attacklm-0.5.0}/MANIFEST.in +0 -0
  38. {attacklm-0.4.1 → attacklm-0.5.0}/Makefile +0 -0
  39. {attacklm-0.4.1 → attacklm-0.5.0}/NOTICE +0 -0
  40. {attacklm-0.4.1 → attacklm-0.5.0}/QA_BEFORE_RELEASES.md +0 -0
  41. {attacklm-0.4.1 → attacklm-0.5.0}/README.md +0 -0
  42. {attacklm-0.4.1 → attacklm-0.5.0}/REPLAY_PLAN.md +0 -0
  43. {attacklm-0.4.1 → attacklm-0.5.0}/data/ATTRIBUTION.md +0 -0
  44. {attacklm-0.4.1 → attacklm-0.5.0}/data/LEGAL.md +0 -0
  45. {attacklm-0.4.1 → attacklm-0.5.0}/data/REMOVAL.md +0 -0
  46. {attacklm-0.4.1 → attacklm-0.5.0}/data/bench/questions.jsonl +0 -0
  47. {attacklm-0.4.1 → attacklm-0.5.0}/data/bench/speed_context.txt +0 -0
  48. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/ATTRIBUTION.md +0 -0
  49. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/GEMINI_RESEARCH_2026-06-11.md +0 -0
  50. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/acquisition_report.json +0 -0
  51. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/README.md +0 -0
  52. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/_index.json +0 -0
  53. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/atomic-red-team/LICENSE.md +0 -0
  54. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/atomic-red-team/SOURCE.md +0 -0
  55. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/atomic-red-team/base/collection/data.jsonl +0 -0
  56. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/atomic-red-team/base/discovery/data.jsonl +0 -0
  57. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/atomic-red-team/base/execution/data.jsonl +0 -0
  58. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/atomic-red-team/base/exfiltration/data.jsonl +0 -0
  59. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/atomic-red-team/base/persistence/data.jsonl +0 -0
  60. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/attacklm-synthetic/LICENSE.md +0 -0
  61. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/attacklm-synthetic/SOURCE.md +0 -0
  62. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/attacklm-synthetic/orchestrator/data.jsonl +0 -0
  63. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/azure-pyrit/LICENSE.md +0 -0
  64. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/azure-pyrit/SOURCE.md +0 -0
  65. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/cyberark-fuzzyai/LICENSE.md +0 -0
  66. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/cyberark-fuzzyai/SOURCE.md +0 -0
  67. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/llm-generated/LICENSE.md +0 -0
  68. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/llm-generated/SOURCE.md +0 -0
  69. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/llm-generated/cloud/attacks/data_llm.jsonl +0 -0
  70. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/llm-generated/ics/attacks/data_llm.jsonl +0 -0
  71. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/llm-generated/social_engineering/phishing/data_llm.jsonl +0 -0
  72. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/llm-generated/wireless/attacks/data_llm.jsonl +0 -0
  73. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/metasploit-framework/LICENSE.md +0 -0
  74. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/metasploit-framework/SOURCE.md +0 -0
  75. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/metasploit-framework/base/collection/data.jsonl +0 -0
  76. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/metasploit-framework/base/credential_access/data.jsonl +0 -0
  77. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/metasploit-framework/base/defense_evasion/data.jsonl +0 -0
  78. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/metasploit-framework/base/discovery/data.jsonl +0 -0
  79. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/metasploit-framework/base/execution/data.jsonl +0 -0
  80. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/metasploit-framework/base/lateral_movement/data.jsonl +0 -0
  81. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/metasploit-framework/base/persistence/data.jsonl +0 -0
  82. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/metasploit-framework/base/privilege_escalation/data.jsonl +0 -0
  83. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/metasploit-framework/tools/metasploit/data.jsonl +0 -0
  84. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/mitre-atlas-arsenal/LICENSE.md +0 -0
  85. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/mitre-atlas-arsenal/SOURCE.md +0 -0
  86. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/mitre-atlas-arsenal/base/discovery/data.jsonl +0 -0
  87. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/mitre-stockpile/LICENSE.md +0 -0
  88. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/mitre-stockpile/SOURCE.md +0 -0
  89. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/mitre-stockpile/base/collection/data.jsonl +0 -0
  90. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/mitre-stockpile/base/discovery/data.jsonl +0 -0
  91. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/mitre-stockpile/base/execution/data.jsonl +0 -0
  92. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/mitre-stockpile/base/exfiltration/data.jsonl +0 -0
  93. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/mitre-stockpile/base/persistence/data.jsonl +0 -0
  94. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/nvidia-garak/LICENSE.md +0 -0
  95. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/nvidia-garak/SOURCE.md +0 -0
  96. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/nvidia-garak/ai/jailbreaking/data.jsonl +0 -0
  97. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/promptfoo/LICENSE.md +0 -0
  98. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/promptfoo/SOURCE.md +0 -0
  99. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/promptfoo/ai/prompt-injection/data.jsonl +0 -0
  100. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/promptmap/LICENSE.md +0 -0
  101. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/promptmap/SOURCE.md +0 -0
  102. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/promptmap/ai/prompt-injection/data.jsonl +0 -0
  103. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/replay-general/LICENSE.md +0 -0
  104. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/replay-general/SOURCE.md +0 -0
  105. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/replay-general/base/replay/data_code.jsonl +0 -0
  106. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/replay-general/base/replay/data_conversation.jsonl +0 -0
  107. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/replay-general/base/replay/data_factual.jsonl +0 -0
  108. {attacklm-0.4.1 → attacklm-0.5.0}/data/datasets/buckets/sources/replay-general/base/replay/data_reasoning.jsonl +0 -0
  109. {attacklm-0.4.1 → attacklm-0.5.0}/data/golden/prompts.jsonl +0 -0
  110. {attacklm-0.4.1 → attacklm-0.5.0}/data/reference/prompts.jsonl +0 -0
  111. {attacklm-0.4.1 → attacklm-0.5.0}/data/steering/prompts/opsec_aware.txt +0 -0
  112. {attacklm-0.4.1 → attacklm-0.5.0}/data/steering/prompts/opsec_unaware.txt +0 -0
  113. {attacklm-0.4.1 → attacklm-0.5.0}/data/steering/prompts/succinct.txt +0 -0
  114. {attacklm-0.4.1 → attacklm-0.5.0}/data/steering/prompts/verbose.txt +0 -0
  115. {attacklm-0.4.1 → attacklm-0.5.0}/experiments/README.md +0 -0
  116. {attacklm-0.4.1 → attacklm-0.5.0}/experiments/synthetic_dataset_mutator_evol_instruct.py +0 -0
  117. {attacklm-0.4.1 → attacklm-0.5.0}/hf/.gitattributes +0 -0
  118. {attacklm-0.4.1 → attacklm-0.5.0}/hf/README.md +0 -0
  119. {attacklm-0.4.1 → attacklm-0.5.0}/hf/data/manifest.json +0 -0
  120. {attacklm-0.4.1 → attacklm-0.5.0}/hf/dataset_infos.json +0 -0
  121. {attacklm-0.4.1 → attacklm-0.5.0}/hf/scripts/build_hf_dataset.py +0 -0
  122. {attacklm-0.4.1 → attacklm-0.5.0}/hf/scripts/push_to_hf.py +0 -0
  123. {attacklm-0.4.1 → attacklm-0.5.0}/hpo_runs/.gitkeep +0 -0
  124. {attacklm-0.4.1 → attacklm-0.5.0}/hpo_runs/hpo_state.json +0 -0
  125. {attacklm-0.4.1 → attacklm-0.5.0}/hpo_runs/hpo_trial_dataset.jsonl +0 -0
  126. {attacklm-0.4.1 → attacklm-0.5.0}/logs/.gitkeep +0 -0
  127. {attacklm-0.4.1 → attacklm-0.5.0}/notes/EVAL_DESIGN_v0.4.0.md +0 -0
  128. {attacklm-0.4.1 → attacklm-0.5.0}/notes/STEERING_REVIEW_v0.4.0.md +0 -0
  129. {attacklm-0.4.1 → attacklm-0.5.0}/pyproject.toml +0 -0
  130. {attacklm-0.4.1 → attacklm-0.5.0}/requirements.txt +0 -0
  131. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/_eval_loader.py +0 -0
  132. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/acquire_cloud_attack_dataset.py +0 -0
  133. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/acquire_ics_dataset.py +0 -0
  134. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/acquire_phishing_dataset.py +0 -0
  135. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/acquire_red_team_tactics.py +0 -0
  136. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/acquire_replay_general.py +0 -0
  137. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/acquire_supply_chain_dataset.py +0 -0
  138. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/acquire_web_attack_dataset.py +0 -0
  139. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/acquire_wireless_dataset.py +0 -0
  140. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/add_attribution.py +0 -0
  141. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/audit_dataset.py +0 -0
  142. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/augment_attribution.py +0 -0
  143. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/bucket_loader.py +0 -0
  144. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/build.py +0 -0
  145. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/classify_unrouted_modules.py +0 -0
  146. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/clone_repos.sh +0 -0
  147. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/collect_reference.py +0 -0
  148. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/compare_scores.py +0 -0
  149. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/convert_to_gguf.py +0 -0
  150. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/dedupe_and_import_llm.py +0 -0
  151. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/demo.py +0 -0
  152. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/device_utils.py +0 -0
  153. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/domain_bench.py +0 -0
  154. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/eval_retention.py +0 -0
  155. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/extract_ai_tools_to_jsonl.py +0 -0
  156. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/extract_atomic_red_team_to_jsonl.py +0 -0
  157. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/extract_by_tactic.py +0 -0
  158. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/extract_caldera_plugins_to_jsonl.py +0 -0
  159. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/extract_infection_monkey_to_jsonl.py +0 -0
  160. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/extract_rta_to_jsonl.py +0 -0
  161. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/generate_dataset.py +0 -0
  162. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/generate_dataset_deterministic.py +0 -0
  163. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/generate_hybrid_dataset.py +0 -0
  164. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/generate_metasploit_dataset.py +0 -0
  165. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/generate_orchestrator.py +0 -0
  166. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/generate_prompt_injection.py +0 -0
  167. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/generate_source_layout.py +0 -0
  168. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/generate_synthetic_scarce.py +0 -0
  169. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/golden_vectors.py +0 -0
  170. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/hpo_runner.py +0 -0
  171. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/import_gguf.sh +0 -0
  172. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/import_to_lmstudio.sh +0 -0
  173. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/infer.py +0 -0
  174. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/llm_generate_wrapper.py +0 -0
  175. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/merge_adapter.py +0 -0
  176. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/migrate_buckets_to_v021.py +0 -0
  177. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/migrate_v015_to_v020.py +0 -0
  178. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/mitre_tactic_lookup.py +0 -0
  179. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/parse_metasploit_to_jsonl.py +0 -0
  180. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/rebuild_manifest.py +0 -0
  181. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/register_ollama.py +0 -0
  182. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/reorganize_buckets.py +0 -0
  183. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/replay_mixer.py +0 -0
  184. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/run_all_acquisitions.py +0 -0
  185. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/score_candidates.py +0 -0
  186. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/scrub_bpl_callback.py +0 -0
  187. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/setup_buckets.py +0 -0
  188. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/speed_bench.py +0 -0
  189. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/stamp_and_reorg.py +0 -0
  190. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/steering.py +0 -0
  191. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/train_all.py +0 -0
  192. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/train_template.py +0 -0
  193. {attacklm-0.4.1 → attacklm-0.5.0}/scripts/validate_per_category.py +0 -0
  194. {attacklm-0.4.1 → attacklm-0.5.0}/src/attacklm/__init__.py +0 -0
  195. {attacklm-0.4.1 → attacklm-0.5.0}/tests/test_balance_buckets.py +0 -0
  196. {attacklm-0.4.1 → attacklm-0.5.0}/tests/test_collect_reference.py +0 -0
  197. {attacklm-0.4.1 → attacklm-0.5.0}/tests/test_compare_scores.py +0 -0
  198. {attacklm-0.4.1 → attacklm-0.5.0}/tests/test_domain_bench.py +0 -0
  199. {attacklm-0.4.1 → attacklm-0.5.0}/tests/test_eval_loader.py +0 -0
  200. {attacklm-0.4.1 → attacklm-0.5.0}/tests/test_eval_retention.py +0 -0
  201. {attacklm-0.4.1 → attacklm-0.5.0}/tests/test_golden_vectors.py +0 -0
  202. {attacklm-0.4.1 → attacklm-0.5.0}/tests/test_init_pipeline.py +0 -0
  203. {attacklm-0.4.1 → attacklm-0.5.0}/tests/test_replay_mixer.py +0 -0
  204. {attacklm-0.4.1 → attacklm-0.5.0}/tests/test_score_candidates.py +0 -0
  205. {attacklm-0.4.1 → attacklm-0.5.0}/tests/test_speed_bench.py +0 -0
  206. {attacklm-0.4.1 → attacklm-0.5.0}/tests/test_steering.py +0 -0
  207. {attacklm-0.4.1 → attacklm-0.5.0}/tests/test_thinking_models.py +0 -0
  208. {attacklm-0.4.1 → attacklm-0.5.0}/uv.lock +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: attacklm
3
- Version: 0.4.1
3
+ Version: 0.5.0
4
4
  Summary: QLoRA-fine-tuned Qwen2.5-Coder for offensive security and AI red-teaming
5
5
  Project-URL: Homepage, https://github.com/Veedubin/AttackLM
6
6
  Project-URL: Repository, https://github.com/Veedubin/AttackLM
@@ -9,10 +9,10 @@
9
9
  "TheBigPromptLibrary (mixed/unclear)"
10
10
  ],
11
11
  "created": "2026-06-12T02:49:52.749367+00:00",
12
- "total_buckets": 20,
13
- "total_pairs": 16015,
12
+ "total_buckets": 23,
13
+ "total_pairs": 21865,
14
14
  "tier_totals": {
15
- "human": 15635,
15
+ "human": 21485,
16
16
  "llm": 0,
17
17
  "synth": 380
18
18
  },
@@ -21,13 +21,19 @@
21
21
  "attacklm-synthetic": 380,
22
22
  "azure-pyrit": 0,
23
23
  "cyberark-fuzzyai": 0,
24
+ "elastic-rules": 1200,
24
25
  "llm-generated": 0,
25
26
  "metasploit-framework": 13997,
26
27
  "mitre-atlas-arsenal": 20,
27
28
  "mitre-stockpile": 390,
29
+ "mordor": 500,
30
+ "nist-ir": 200,
28
31
  "nvidia-garak": 50,
29
32
  "promptfoo": 33,
30
- "promptmap": 30
33
+ "promptmap": 30,
34
+ "sigma-hq": 3000,
35
+ "splunk-content": 800,
36
+ "threathunter-playbook": 150
31
37
  },
32
38
  "sources": {
33
39
  "atomic-red-team": {
@@ -626,6 +632,57 @@
626
632
  },
627
633
  "dominant_source": "attacklm-synthetic",
628
634
  "license": "MIT"
635
+ },
636
+ {
637
+ "name": "defensive_detection_engineering",
638
+ "path": "defensive/detection_engineering",
639
+ "category": "defensive",
640
+ "count": 5000,
641
+ "sub_sources": {
642
+ "human": 5000,
643
+ "llm": 0,
644
+ "synth": 0
645
+ },
646
+ "sources": {
647
+ "sigma-hq": 3000,
648
+ "elastic-rules": 1200,
649
+ "splunk-content": 800
650
+ },
651
+ "dominant_source": "sigma-hq",
652
+ "license": "DRL-1.1"
653
+ },
654
+ {
655
+ "name": "defensive_threat_hunting",
656
+ "path": "defensive/threat_hunting",
657
+ "category": "defensive",
658
+ "count": 650,
659
+ "sub_sources": {
660
+ "human": 650,
661
+ "llm": 0,
662
+ "synth": 0
663
+ },
664
+ "sources": {
665
+ "mordor": 500,
666
+ "threathunter-playbook": 150
667
+ },
668
+ "dominant_source": "mordor",
669
+ "license": "Apache-2.0"
670
+ },
671
+ {
672
+ "name": "defensive_incident_response",
673
+ "path": "defensive/incident_response",
674
+ "category": "defensive",
675
+ "count": 200,
676
+ "sub_sources": {
677
+ "human": 200,
678
+ "llm": 0,
679
+ "synth": 0
680
+ },
681
+ "sources": {
682
+ "nist-ir": 200
683
+ },
684
+ "dominant_source": "nist-ir",
685
+ "license": "Public-Domain"
629
686
  }
630
687
  ]
631
688
  }
@@ -0,0 +1,84 @@
1
+ Elastic License 2.0
2
+
3
+ URL: https://www.elastic.co/licensing/elastic-license
4
+
5
+ ## Acceptance
6
+
7
+ By using the software, you agree to all of the terms and conditions below.
8
+
9
+ ## Copyright License
10
+
11
+ The licensor grants you a non-exclusive, royalty-free, worldwide,
12
+ non-sublicensable, non-transferable license to use, copy, distribute, make
13
+ available, and prepare derivative works of the software, in each case subject
14
+ to the limitations and conditions below.
15
+
16
+ ## Limitations
17
+
18
+ You may not provide the software to third parties as a hosted or managed
19
+ service, where the service provides users with access to any substantial set of
20
+ the features or functionality of the software.
21
+
22
+ You may not move, change, disable, or circumvent the license key functionality
23
+ in the software, and you may not remove or obscure any functionality in the
24
+ software that is protected by the license key.
25
+
26
+ You may not alter, remove, or obscure any licensing, copyright, or other
27
+ notices of the licensor in the software. Any use of the licensor's trademarks
28
+ is subject to applicable law.
29
+
30
+ ## Patents
31
+
32
+ The licensor grants you a license, under any patent claims the licensor can
33
+ license, or becomes able to license, to make, have made, use, sell, offer for
34
+ sale, import and have imported the software, in each case subject to the
35
+ limitations and conditions in this license. This license does not cover any
36
+ patent claims that you cause to be infringed by modifications or additions to
37
+ the software.
38
+
39
+ ## Notices
40
+
41
+ You must ensure that anyone who gets a copy of any part of the software from
42
+ you also gets a copy of these terms.
43
+
44
+ ## Termination
45
+
46
+ If you violate any of these terms, your rights under this license will
47
+ terminate automatically.
48
+
49
+ ## No Other Rights
50
+
51
+ These terms do not imply any licenses other than those expressly granted in
52
+ these terms.
53
+
54
+ ## No Liability
55
+
56
+ As far as the law allows, the software comes as is, without any warranty or
57
+ condition, and the licensor will not be liable to you for any damages arising
58
+ out of these terms or the use or nature of the software, under any kind of
59
+ legal claim.
60
+
61
+ ## Definitions
62
+
63
+ The **licensor** is the entity offering these terms, and the **software** is
64
+ the software the licensor makes available under these terms, including any
65
+ portion of it.
66
+
67
+ **you** refers to the individual or entity agreeing to these terms.
68
+
69
+ **your company** is any legal entity, sole proprietorship, or other kind of
70
+ organization that you work for, plus all organizations that have control over,
71
+ are under the control of, or are under common control with that organization.
72
+
73
+ **control** means ownership of substantially all the assets of an entity, or
74
+ the power to direct its management and policies by vote, contract, or
75
+ otherwise. Control can be direct or indirect.
76
+
77
+ **your licenses** are all the licenses granted to you for the software under
78
+ these terms.
79
+
80
+ **use** means anything you do with the software requiring one of your licenses.
81
+
82
+ **trademark** means trademarks, service marks, and similar rights.
83
+
84
+ Source: https://github.com/elastic/detection-rules/blob/main/LICENSE.txt
@@ -0,0 +1,10 @@
1
+ # Source: Elastic/detection-rules
2
+
3
+ - **Repository**: https://github.com/elastic/detection-rules
4
+ - **License**: Elastic License 2.0
5
+ - **License URI**: https://github.com/elastic/detection-rules/blob/main/LICENSE.txt
6
+ - **Rights Contact**: Elasticsearch B.V.
7
+ - **Extraction Date**: 2026-06-24
8
+ - **Extractor Script**: scripts/extract_elastic_rules.py
9
+ - **Records Extracted**: ~1,200
10
+ - **Description**: Detection Rules is the home for rules used by Elastic Security. Contains 1,200+ production-grade detection rules in EQL and KQL, mapped to MITRE ATT&CK, with severity scoring, risk assessment, and investigation guides.
@@ -0,0 +1,85 @@
1
+ Apache License Version 2.0, January 2004
2
+ http://www.apache.org/licenses/
3
+
4
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
5
+
6
+ 1. Definitions.
7
+
8
+ "License" shall mean the terms and conditions for use, reproduction, and
9
+ distribution as defined by Sections 1 through 9 of this document.
10
+
11
+ "Licensor" shall mean the copyright owner or entity authorized by the copyright
12
+ owner that is granting the License.
13
+
14
+ "Legal Entity" shall mean the union of the acting entity and all other entities
15
+ that control, are controlled by, or are under common control with that entity.
16
+
17
+ "You" (or "Your") shall mean an individual or Legal Entity exercising
18
+ permissions granted by this License.
19
+
20
+ "Source" form shall mean the preferred form for making modifications,
21
+ including but not limited to software source code, documentation source, and
22
+ configuration files.
23
+
24
+ "Object" form shall mean any form resulting from mechanical transformation or
25
+ translation of a Source form, including but not limited to compiled object
26
+ code, generated documentation, and conversions to other media types.
27
+
28
+ "Work" shall mean the work of authorship, whether in Source or Object form,
29
+ made available under the License, as indicated by a copyright notice that is
30
+ included in or attached to the work.
31
+
32
+ "Derivative Works" shall mean any work, whether in Source or Object form, that
33
+ is based on (or derived from) the Work and for which the editorial revisions,
34
+ annotations, elaborations, or other modifications represent, as a whole, an
35
+ original work of authorship.
36
+
37
+ 2. Grant of Copyright License. Subject to the terms and conditions of this
38
+ License, each Contributor hereby grants to You a perpetual, worldwide,
39
+ non-exclusive, no-charge, royalty-free, irrevocable copyright license to
40
+ reproduce, prepare Derivative Works of, publicly display, publicly perform,
41
+ sublicense, and distribute the Work and such Derivative Works in Source or
42
+ Object form.
43
+
44
+ 3. Grant of Patent License. Subject to the terms and conditions of this
45
+ License, each Contributor hereby grants to You a perpetual, worldwide,
46
+ non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this
47
+ section) patent license to make, have made, use, offer to sell, sell, import,
48
+ and otherwise transfer the Work.
49
+
50
+ 4. Redistribution. You may reproduce and distribute copies of the Work or
51
+ Derivative Works thereof in any medium, with or without modifications, and in
52
+ Source or Object form, provided that You meet the following conditions:
53
+ (a) You must give any other recipients of the Work or Derivative Works a copy
54
+ of this License; and
55
+ (b) You must cause any modified files to carry prominent notices stating that
56
+ You changed the files; and
57
+ (c) You must retain, in the Source form of any Derivative Works that You
58
+ distribute, all copyright, patent, trademark, and attribution notices from the
59
+ Source form of the Work; and
60
+ (d) If the Work includes a "NOTICE" text file as part of its distribution,
61
+ then any Derivative Works that You distribute must include a readable copy of
62
+ the attribution notices contained within such NOTICE file.
63
+
64
+ 5. Submission of Contributions. Unless You explicitly state otherwise, any
65
+ Contribution intentionally submitted for inclusion in the Work by You to the
66
+ Licensor shall be under the terms and conditions of this License.
67
+
68
+ 6. Trademarks. This License does not grant permission to use the trade names,
69
+ trademarks, service marks, or product names of the Licensor.
70
+
71
+ 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in
72
+ writing, Licensor provides the Work (and each Contributor provides its
73
+ Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
74
+ KIND, either express or implied.
75
+
76
+ 8. Limitation of Liability. In no event and under no legal theory shall any
77
+ Contributor be liable to You for damages.
78
+
79
+ 9. Accepting Warranty or Additional Liability. While redistributing the Work
80
+ or Derivative Works thereof, You may choose to offer, and charge a fee for,
81
+ acceptance of support, warranty, indemnity, or other liability obligations.
82
+
83
+ END OF TERMS AND CONDITIONS
84
+
85
+ Source: https://github.com/OTRF/Security-Datasets/blob/master/LICENSE
@@ -0,0 +1,10 @@
1
+ # Source: OTRF/Security-Datasets (Mordor)
2
+
3
+ - **Repository**: https://github.com/OTRF/Security-Datasets
4
+ - **License**: Apache License 2.0
5
+ - **License URI**: https://github.com/OTRF/Security-Datasets/blob/master/LICENSE
6
+ - **Rights Contact**: Open Threat Research (OTRF)
7
+ - **Extraction Date**: 2026-06-24
8
+ - **Extractor Script**: scripts/extract_mordor.py
9
+ - **Records Extracted**: ~500
10
+ - **Description**: The Security Datasets project provides pre-recorded security events generated by simulated adversarial techniques in JSON format. Organized by platform, adversary group, and MITRE ATT&CK technique, these datasets enable detection engineering and threat hunting research.
@@ -0,0 +1,14 @@
1
+ Public Domain — United States Government Work
2
+
3
+ This work is a United States Government work under 17 U.S.C. § 105 and is
4
+ therefore not subject to copyright protection in the United States.
5
+
6
+ NIST asserts no copyright over its publications. NIST data, software, and
7
+ technical series publications are not subject to copyright in the United
8
+ States. Foreign copyrights may apply.
9
+
10
+ NIST supports the principle of open data and encourages the use of its
11
+ publications, data, and software. Attribution to NIST is requested but not
12
+ required.
13
+
14
+ Source: https://www.nist.gov/open/copyright-fair-use-and-licensing-statements-srd-data-software-and-technical-series-publications
@@ -0,0 +1,10 @@
1
+ # Source: NIST SP 800-61 Revision 3
2
+
3
+ - **Repository**: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r3.pdf
4
+ - **License**: Public Domain (United States Government work)
5
+ - **License URI**: https://www.nist.gov/open/copyright-fair-use-and-licensing-statements-srd-data-software-and-technical-series-publications
6
+ - **Rights Contact**: NIST
7
+ - **Extraction Date**: 2026-06-24
8
+ - **Extractor Script**: scripts/extract_nist_ir.py
9
+ - **Records Extracted**: ~200
10
+ - **Description**: NIST Special Publication 800-61 Revision 3 provides guidance on computer security incident handling. Training pairs are generated from the framework's four-phase structure (Preparation, Detection & Analysis, Containment/Eradication/Recovery, Post-Incident Activity) across multiple incident and asset types.
@@ -0,0 +1,21 @@
1
+ Detection Rule License (DRL) 1.1
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining a copy of
4
+ this rule set and associated documentation files (the "Rules"), to deal in the
5
+ Rules without restriction, including without limitation the rights to use,
6
+ copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
7
+ the Rules, and to permit persons to whom the Rules are furnished to do so,
8
+ subject to the following conditions:
9
+
10
+ The above copyright notice and this permission notice shall be included in all
11
+ copies or substantial portions of the Rules.
12
+
13
+ THE RULES ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18
+ OUT OF OR IN CONNECTION WITH THE RULES OR THE USE OR OTHER DEALINGS IN THE
19
+ RULES.
20
+
21
+ Source: https://github.com/SigmaHQ/sigma/blob/master/LICENSE
@@ -0,0 +1,10 @@
1
+ # Source: SigmaHQ/sigma
2
+
3
+ - **Repository**: https://github.com/SigmaHQ/sigma
4
+ - **License**: Detection Rule License (DRL) 1.1
5
+ - **License URI**: https://github.com/SigmaHQ/sigma/blob/master/LICENSE
6
+ - **Rights Contact**: SigmaHQ
7
+ - **Extraction Date**: 2026-06-24
8
+ - **Extractor Script**: scripts/extract_sigma_defensive.py
9
+ - **Records Extracted**: ~3,000
10
+ - **Description**: Sigma is a generic and open signature format that allows you to describe relevant log events in a straightforward manner. The repository contains 3,000+ detection rules mapped to MITRE ATT&CK, covering Windows, Linux, macOS, cloud, and network detection use cases.
@@ -0,0 +1,6 @@
1
+ Apache License Version 2.0, January 2004
2
+ http://www.apache.org/licenses/
3
+
4
+ [Full Apache 2.0 license text — same as mordor/LICENSE.md]
5
+
6
+ Source: https://github.com/splunk/security_content/blob/main/LICENSE
@@ -0,0 +1,10 @@
1
+ # Source: Splunk/security_content
2
+
3
+ - **Repository**: https://github.com/splunk/security_content
4
+ - **License**: Apache License 2.0
5
+ - **License URI**: https://github.com/splunk/security_content/blob/main/LICENSE
6
+ - **Rights Contact**: Splunk Inc.
7
+ - **Extraction Date**: 2026-06-24
8
+ - **Extractor Script**: scripts/extract_splunk_content.py
9
+ - **Records Extracted**: ~800
10
+ - **Description**: Splunk Security Content provides Analytic Stories — security guides with background on TTPs mapped to the MITRE ATT&CK framework. Contains SPL detection queries, data source configurations, and notable event setups.
@@ -0,0 +1,6 @@
1
+ Apache License Version 2.0, January 2004
2
+ http://www.apache.org/licenses/
3
+
4
+ [Full Apache 2.0 license text — same as mordor/LICENSE.md]
5
+
6
+ Source: https://github.com/OTRF/ThreatHunter-Playbook/blob/master/LICENSE
@@ -0,0 +1,10 @@
1
+ # Source: OTRF/ThreatHunter-Playbook
2
+
3
+ - **Repository**: https://github.com/OTRF/ThreatHunter-Playbook
4
+ - **License**: Apache License 2.0
5
+ - **License URI**: https://github.com/OTRF/ThreatHunter-Playbook/blob/master/LICENSE
6
+ - **Rights Contact**: Open Threat Research (OTRF)
7
+ - **Extraction Date**: 2026-06-24
8
+ - **Extractor Script**: scripts/extract_threathunter_playbook.py
9
+ - **Records Extracted**: ~150
10
+ - **Description**: A community-driven, open-source project to share detection logic, adversary tradecraft, and resources to make detection development more efficient. Contains KQL queries, data source requirements, and step-by-step hunting procedures mapped to MITRE ATT&CK.