Tyr - get-capec
Installation
cargo install get-capec
Purpose
This command line utility explore the list of CAPEC according to the cwe id.
Initialisation
You must initialize the CAPEC database first. This database will be installed into you <home_directory>/.tyr directory. If this directory doesn't exist it will be created automatically.
From a console run the following command first to test your internet connection:
$ get-capec check
Check mitre domain: Capec
Test: https://capec.mitre.org/data/csv/282.csv.zip... valid
Test: https://capec.mitre.org/data/csv/283.csv.zip... valid
Test: https://capec.mitre.org/data/csv/284.csv.zip... valid
Test: https://capec.mitre.org/data/csv/483.csv.zip... valid
Test: https://capec.mitre.org/data/csv/553.csv.zip... valid
Test: https://capec.mitre.org/data/csv/683.csv.zip... valid
Test: https://capec.mitre.org/data/csv/703.csv.zip... valid
Test: https://capec.mitre.org/data/csv/1000.csv.zip... valid
Test: https://capec.mitre.org/data/csv/2000.csv.zip... valid
This command test the availability of each CSV file that will be used for your internal database.
Afterward, run the following command:
$ get-capec refresh
Successfully created MITRE 'capec' table
Source file downloaded successfully: 282.csv
CAPEC table: 77/77 - 100.00%
CAPEC data injected into SQLite database successfully.
Operation completed successfully: 282.csv.zip
Source file downloaded successfully: 283.csv
CAPEC table: 197/197 - 100.00%
CAPEC data injected into SQLite database successfully.
Operation completed successfully: 283.csv.zip
Source file downloaded successfully: 284.csv
CAPEC table: 341/341 - 100.00%
CAPEC data injected into SQLite database successfully.
Operation completed successfully: 284.csv.zip
Source file downloaded successfully: 483.csv
CAPEC table: 56/56 - 100.00%
CAPEC data injected into SQLite database successfully.
Operation completed successfully: 483.csv.zip
Source file downloaded successfully: 553.csv
CAPEC table: 23/23 - 100.00%
CAPEC data injected into SQLite database successfully.
Operation completed successfully: 553.csv.zip
Source file downloaded successfully: 683.csv
CAPEC table: 51/51 - 100.00%
CAPEC data injected into SQLite database successfully.
Operation completed successfully: 683.csv.zip
Source file downloaded successfully: 703.csv
CAPEC table: 46/46 - 100.00%
CAPEC data injected into SQLite database successfully.
Operation completed successfully: 703.csv.zip
Source file downloaded successfully: 1000.csv
CAPEC table: 559/559 - 100.00%
CAPEC data injected into SQLite database successfully.
Operation completed successfully: 1000.csv.zip
Source file downloaded successfully: 2000.csv
CAPEC table: 615/615 - 100.00%
CAPEC data injected into SQLite database successfully.
Operation completed successfully: 2000.csv.zip
Each archive file is downloaded and injected into your local sqlite database.
You're ready to go !
Additional checking
You can check your local database with the following command:
$ get-capec check --db
Database successfully found!
If you have no database, you'll get this status:
$ get-capec check --db
Database does not exist!
Explore
To explore a CAPEC :
get-capec id CAPEC-2
[ CAPEC-22 ]
︎-> Name: Exploiting Trust in Client (Abstraction: Meta. Status: Draft.)
[ Consequences ]
[ Scope ]
- Confidentiality
- Integrity
- Availability
[ Technical impact ]
...
[ Weaknesses ]
- CWE-20 - Improper Input Validation
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
- CWE-287 - Improper Authentication
- CWE-290 - Authentication Bypass by Spoofing
- CWE-693 - Protection Mechanism Failure
Search by criteria
To search some CAPEC according to criteria :
$ get-capec search 'description = HTTP or Java'
[ CAPEC-31 ]
︎-> Name: Accessing/Intercepting/Modifying HTTP Cookies (Abstraction: Detailed. Status: Draft.)
[ Description ]
- This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. There are several different forms of this attack. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the adversary to impersonate the remote user/session. The third form is when the cookie's content is modified by the adversary before it is sent back to the server. Here the adversary seeks to convince the target server to operate on this falsified information.
...
[ CAPEC-614 ]
︎-> Name: Rooting SIM Cards (Abstraction: Detailed. Status: Draft.)
[ Description ]
- SIM cards are the de facto trust anchor of mobile devices worldwide. The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with ...
Capec's schema
CAPEC's schema allows to view the list of associated CWE and CVE for a CAPEC's id.
Shows the capec's schema:
$ get-capec capec-1 --schema
Search cve for cwe: CWE-1327
CAPEC-1
├─ CWE-276 - Incorrect Default Permissions
│ ├─ CVE-1999-0426
│ ├─ CVE-2001-0497
│ ├─ CVE-2002-1713
│ ├─ CVE-2002-1844
│ ├─ CVE-2004-1778
...
│ ├─ CVE-2025-26621
│ ├─ CVE-2025-3982
│ └─ CVE-2025-5150
└─ CWE-1327 - Binding to an Unrestricted IP Address
Mitre Att&ck identifications
To get the list of Mitre Att&ck identifications for a CAPEC uses the --taxonomy --mitre options:
get-capec capec-13 --taxonomy --mitre
[ CAPEC-13 ]
︎-> Name: Subverting Environment Variable Values (Abstraction: Detailed. Status: Stable.)
[ Mitre Att&ck ]
> 1562.003
> 1574.006
> 1574.007
These ids can be exploited with the get-mitre command.
Other
To explore all options run get-capec help
Authors and acknowledgment
Help will be appreciated. All tools will be developed with rust technology.
License
This project is under MIT license.
Project status
This project is under development and all contributions are welcome.
These tools are provided without any guaranties.