Home

AutoTARA Wiki

[INFO] AutoTARA is currently a prototype version and may contain bugs.

0. Software dependencies

It is recommended to use Docker to run AutoTARA, but you can also build it manually.

AutoTARA has been tested with the following software versions:

Python 3.12.3
Node 24.15.0
PostgreSQL 17

1. Installation (with docker)

Download the project files

git clone https://github.com/shirohacker/AutoTARA.git

API Key Settings

AutoTARA uses the Gemini API. Therefore, before building with Docker, you must edit tara.server/.env and replace GEMINI_API_KEY=ENTER_YOUR_API_KEY with your actual API key.

AutoTARA can still run without an API key, but the Expansion Scenario button on the TARA Dashboard will not work.

Docker Build

docker compose up -d --build

If the Docker build completes successfully, running docker ps should show output similar to the following:

CONTAINER ID   IMAGE                    COMMAND                  CREATED          STATUS                    PORTS                                         NAMES
e9251751f37c   autotara-tara-vue        "docker-entrypoint.s…"   17 minutes ago   Up 17 minutes             0.0.0.0:8080->8080/tcp, [::]:8080->8080/tcp   tara_frontend
bbdefeead5c8   autotara-tara-server     "docker-entrypoint.s…"   17 minutes ago   Up 17 minutes             0.0.0.0:3000->3000/tcp, [::]:3000->3000/tcp   tara_backend
3fa884ac9697   postgres:17              "docker-entrypoint.s…"   17 minutes ago   Up 17 minutes (healthy)   0.0.0.0:5432->5432/tcp, [::]:5432->5432/tcp   tara_db
a370a7864944   autotara-mal-simulator   "uvicorn api_server:…"   17 minutes ago   Up 17 minutes (healthy)   0.0.0.0:8000->8000/tcp, [::]:8000->8000/tcp   mal_simulator_server

2. Access Information

Frontend(Vue): http://127.0.0.1:8080
Backend(node): http://127.0.0.1:3000

3. Basic Test

3-1. Upload a MAL model file

AutoTARA does not currently provide a built-in feature for creating MAL models. You can create them through the mal-gui interface instead. For details, refer to GitHub: https://github.com/mal-lang/mal-gui

When you access the frontend at http://127.0.0.1:8080, you will see the main page. Click the Import MAL Model button and upload the MAL Model (.json) and MAL Lang (.mar) files.

For testing purposes, you can use the sample models included in the AutoTARA project:

MAL Model: sample/testcase/Jeep.json
Mal Lang: sample/testcase/org.mal-lang.vehicleLang-2.0.1.mar

Next, click Convert to DFD to define the DFD type, then click Apply & Generate DFD to generate the DFD.

For better readability, you can click Auto Layout to arrange the DFD stencils automatically.

3-2. Generate the shortest path

To derive the attack path, click the asset you want to use as the Entry/Target Point and configure the Entry/Target Attack Step.

Then click Simulate -> Run malsim to run the simulation. The shortest attack path will be generated and visualized.

3-3. Expand the attack scenario

When you access the dashboard at http://127.0.0.1:8080/dashboard, you can see the list of simulated sessions. You can expand the attack path by clicking the Expand Attack Path button.

The Gemini API is used during the attack path expansion step. If you have not configured an API key in tara.server/.env, this feature will not be available.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly