The atomic GUI - Adam-Mashinchi/invoke-atomicredteam GitHub Wiki

A guide to creating new atomic tests using the web-based atomic GUI.

Prerequisites

Before you use the atomic GUI, make sure you meet the following requirements:

You installed Invoke-Atomic. See Install Invoke-Atomic.
You imported the Invoke-Atomic PowerShell module. See Import the module.

Start the atomic GUI

Open PowerShell and run the following:

Start-AtomicGUI

The atomic GUI starts on port 8487 by default. You can specify a different port with the -Port flag:

Start-AtomicGUI -Port <port number>

👉 Note: Starting the atomic GUI opens a web browser. We don't recommend using Microsoft Edge; instead, visit localhost:<port number> in a different browser.

Fill in the form

To define a new atomic test, fill in the web form displayed by the atomic GUI. You can leave optional components blank.

To convert your test to YAML, click Generate Test Definition.

The atomic GUI web form. The fields are blank, and a button labled "Generate Test Definition" is visible.

Adjust indentation

YAML uses indentation to determine the hierarchy of elements. It's important to match the indentation of your test definition to the indentation level of the file you want to add your test to.

Click the left and right arrows in the atomic GUI interface to change the indentation level of your test.

The atomic GUI YAML display. The left and right arrows adjust the number of indents.

Copy YAML into a test file

To save your test defintion to the clipboard, click Copy.

You can add your test to the Atomic Red Team repository:

Navigate to the atomics directory of the Atomic Red Team repository.
Select the directory named after the MITRE ATT&CK® technique you want to test.
Open the YAML file and paste in your test.
Commit your changes and open a pull request.

For more information about contributing to Atomic Red Team, see Contributing to Atomic Red Team.