Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
111 changes: 72 additions & 39 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,45 +1,22 @@
# PIRANHA 🐟

![piranha](images/piranha_logo.png)

Piranha is an advanced cyber threat analysis and hunt planning tool that bridges the gap between intelligence analysts and defensive cyber operators. By simplifying the translation of Priority Intelligence Requirements (PIRs) into actionable hunt strategies, Piranha accelerates mission planning, enhances detection coverage, and supports data-driven decision making in cyber defense operations.

---
![piranha](images/piranha_logo.png)
![Piranha Desktop](https://startme-uploaded-files.s3.amazonaws.com/Uploaded-file-7881758-2025-9-8-599b2952f6d9e032.png)

## 🔍 Key Features

- **APT-Centric Analysis**
Select one or more APTs to instantly retrieve their associated MITRE ATT&CK tactics and techniques, including overlaps and patterns.

- **IoM Graph Viewer**
Visualize attack behavior using Indicators of Methodology (IoMs), with graph-based tracking of adversary TTP overlap.

- **Tactic Optimization Engine**
Input a desired number of tactics and receive an optimized combination that closely aligns with an ideal detection strategy.

- **Radar Chart Visualization**
See how a threat profile or hunt plan distributes across data component categories:
- Host Collection
- Network Collection
- **APT-Centric Analysis:** Instantly retrieve TTPs for selected threat actors.
- **IoM Graph Viewer:** Visualize adversary behavior by methodology, including overlaps & relationships.
- **Tactic Optimization Engine:** Get optimized tactic combinations for detection.
- **Radar Chart Visualization:** Analyze threat or hunt plan distribution across core data categories:
- Host & Network Collection
- Host Interrogation
- Memory Analysis

- **Nessus Scan Integration**
Import Nessus XML scans to:
- Extract CVEs and map to ATT&CK techniques using `cve2capec`.
- Generate heatmaps based on APT usage, CVSS scores, and detection relevance.

- **Threat Profile Builder**
Define reusable profiles by combining APTs, tactics, and techniques for mission-specific or domain-focused threat modeling.

- **Compare to Profile**
Match imported scans against threat profiles and calculate a match score using F1 comparison logic.

- **Extra Tools**
- Quick CVE mapper
- Automated CVE -> Technique DB Updating.
- AI Enrichment
---
- **Nessus Scan Integration:** Import XML scans, map CVEs to ATT&CK techniques, and generate heatmaps.
- **Threat Profile Builder:** Create and compare reusable threat profiles for defense planning.
- **Export/Import:** Export reports as Excel, import/craft profiles (.pir).
- **AI Enrichment:** Enrich report data using OpenAI's API.

## 🧠 Why Piranha?

Expand All @@ -49,16 +26,72 @@ Cyber intel teams often know **who** the threat actor is and **what** they're tr
- Suggesting ideal tactic combinations based on analyst goals.
- Enabling live visual and data-driven analysis.
- Bridging data silos between threat intelligence and network defense.
---

## To Do
- Add support for multiple GPTs

## 📦 Installation

### 1. Clone the Repository
```bash
git clone https://github.com/williamjsmail/piranha
git clone https://github.com/HackingForNoobs/piranha.git
cd piranha
```

### 2. Install Python 3.8+ (if needed)

- [Download Python](https://www.python.org/downloads/) (choose "Add Python to PATH" during installation)
- Confirm installation: `python --version`

### 3. Set Up a Python Virtual Environment

Windows
```
python -m venv venv
.\venv\Scripts\activate
```

macOS/Linux
```bash
python3 -m venv venv
source venv/bin/activate
```

### 4. Install Dependencies
```
pip install --upgrade pip
pip install -r requirements.txt
```

### 5. [Optional] Install Qt Libraries (for Linux/Headless)

If you get Qt-related errors (on servers or minimal distros):
```bash
sudo apt-get install -y libxcb*-dev libx11-xcb-dev libglu1-mesa-dev libxrender-dev libxi-dev libxkbcommon-dev libxkbcommon-x11-dev
```

### 6. Run the Application

On desktop
```
python piranha.py
```

On headless environments
```
QT_QPA_PLATFORM=offscreen python piranha.py
```

### 7. Deactivate environment when done
```
deactivate
```

## Project Structure

```plaintext
├── piranha.py # Main app entry point
├── requirements.txt # Python requirements
├── backend/ # Backend logic and helpers
├── frontend/ # Frontend logic and UI modules
├── backend/files/ # Data JSONs (enterprise-attack.json, etc.)
├── profiles/ # Saved profile examples
├── tests/ # Automated tests
└── README.md # Project documentation
Binary file not shown.
Binary file added backend/__pycache__/enrich.cpython-312.pyc
Binary file not shown.
Binary file added backend/__pycache__/export.cpython-312.pyc
Binary file not shown.
Binary file added backend/__pycache__/loader.cpython-312.pyc
Binary file not shown.
Binary file not shown.
Binary file added backend/__pycache__/parse_nessus.cpython-312.pyc
Binary file not shown.
Binary file added backend/__pycache__/processor.cpython-312.pyc
Binary file not shown.
Binary file added backend/__pycache__/utils.cpython-312.pyc
Binary file not shown.
Loading