Agile Threat Modeling as Code

These details have not been verified by PyPI

Project links

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Project description

tmac

Agile Threat Modeling as Code

Install

pip install tmac

How to use

python3 tmac.py

#!/usr/bin/env python3

import tmac
import tmac.plus

model = Model("Login Model")

user = Browser(model, "User")

web_server = Process(
    model, "WebServer",
    machine=Machine.VIRTUAL,
    technology=Technology.WEB_WEB_APPLICATION,
)

login = DataFlow(
    model, "Login",
    source=user,
    destination=web_server,
    protocol=Protocol.HTTPS,
)

login.transfers(
    "UserCredentials",
    confidentiality=Score.HIGH,
    integrity=Score.HIGH,
    availability=Score.HIGH,
)

database = DataStore(
    model, "Database",
    machine=Machine.VIRTUAL,
    technology=Technology.DATABASE,
)

authenticate = DataFlow(
    model, "Authenticate",
    source=web_server,
    destination=database,
    protocol=Protocol.SQL,
)

user_details = Asset(
    model, "UserDetails",
    confidentiality=Score.HIGH,
    integrity=Score.HIGH,
    availability=Score.HIGH,
)

authenticate.transfers(user_details)

print(model.risks_table(table_format=TableFormat.GITHUB))

Output:

SID	Severity	Category	Name	Affected	Treatment
CAPEC-63@WebServer	elevated	Inject Unexpected Items	Cross-Site Scripting (XSS)	WebServer	mitigated
CAPEC-100@WebServer	high	Manipulate Data Structures	Overflow Buffers	WebServer	unchecked
CAPEC-101@WebServer	elevated	Inject Unexpected Items	Server Side Include (SSI) Injection	WebServer	mitigated
CAPEC-62@WebServer	high	Subvert Access Control	Cross Site Request Forgery	WebServer	unchecked
CAPEC-66@WebServer	elevated	Inject Unexpected Items	SQL Injection	WebServer	unchecked
...	...	...	...	...	...

Jupyter Threatbooks

Threat modeling with jupyter notebooks

Generating Diagrams

model.data_flow_diagram()

High level elements (tmac/plus*)

import tmac.plus_aws

# ...

alb = ApplicationLoadBalancer(model, "ALB", waf=True)

Custom threatlib

import tmac

threatlib = Threatlib()

threatlib.add_threat("""... your custom threats ...""")

model = Model("Demo Model", threatlib=threatlib)

Examples

See more complete examples.

Prior work and other related projects

pytm - A Pythonic framework for threat modeling
threagile - Agile Threat Modeling Toolkit
cdk-threagile - Agile Threat Modeling as Code
OpenThreatModel - OpenThreatModel

License

MIT

Project details

These details have not been verified by PyPI

Project links

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

0.0.9

Jan 3, 2023

0.0.8

Jan 2, 2023

0.0.7

Jan 1, 2023

0.0.5

Dec 31, 2022

0.0.4

Dec 31, 2022

0.0.3

Dec 31, 2022

0.0.2

Dec 27, 2022

This version

0.0.1

Dec 27, 2022

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

tmac-0.0.1.tar.gz (25.4 kB view hashes)

Uploaded Dec 27, 2022 Source

Built Distribution

tmac-0.0.1-py3-none-any.whl (30.3 kB view hashes)

Uploaded Dec 27, 2022 Python 3

Hashes for tmac-0.0.1.tar.gz

Hashes for tmac-0.0.1.tar.gz
Algorithm	Hash digest
SHA256	`d59cd2d5b5696fc034beef98b5d49f8bafe00f9b8797e66aec565a7887143160`
MD5	`f110230b5d80cc8de05150f323a15194`
BLAKE2b-256	`d5d4468f975a43aa931756c7c344370fe261ea8bc886c37f16b94e0142cdcb01`

Hashes for tmac-0.0.1-py3-none-any.whl

Hashes for tmac-0.0.1-py3-none-any.whl
Algorithm	Hash digest
SHA256	`0c28e9eecb33412fba4bf04b8d301441388976824054aa2574184c2dcad2d5a3`
MD5	`470f9b6ffea6d5d3360ce27a518d18a7`
BLAKE2b-256	`9f2f64e3ca77cde56e5477768a01833e840e1a73c2cf7a531a1e9e741b7a501d`