This project is in beta and is highly unstable! TMTool was an idea to try and create a risk based threat model (RBTM) approach using the Microsoft threat modeling tool. Tmtool is a set of custom workflows for the inputs & outputs of the Microsoft tool
A simple GUI utility that provides additional workflows for Microsoft's Threat Modeling Tool
$ pip install TMTool
$ TMTool
The Tkinter GUI containing all the available workflows and scripts:
- Search and quickly refine the threat knowledge base
- View modifications between 2 knowledge bases
- Parsing Element properties from a model: For example a flow could have "access vector" as an element prop.
- Parsing Threat properties from a model: For example a threat have "access complexity" as a threat property.
- And adding a repeatable way to describe assets and apply those assets to a model’s flows or threats. This step being able to derive CIA, severity, and risk impact of the score.
This project experiments with uploading the MS Threat Modeling results to other tools.
- For Jira, we create a set of issues and set the issue's priority based on the threat ID's risk score.
- For Confluence, we just upload the generated HTML report to the platform.
View threat_modeling_notes.md for more