• Stars
    star
    679
  • Rank 66,532 (Top 2 %)
  • Language
  • License
    MIT License
  • Created about 6 years ago
  • Updated about 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Draw.io libraries for threat modeling diagrams

Draw.io libraries for threat modeling

This is a collection of custom libraries to turn the free and cross-platform Draw.io diagramming application into the perfect tool for threat modeling.

Data Flow Diagrams

Data Flow Diagramming is a simple diagramming technique used to gain an understanding of how data flows in an application or system. DFDs are excellent for getting a bird's-eye view of a system to facilitate threat modeling.

Example Data Flow Diagram

Attack Trees

Attack Trees are another kind of diagramming method that is great for exploring how a threat actor might attain a specific goal, or how an asset might be attacked.

Example Attack Tree diagram

Installation

  1. Download and install draw.io for your operating system
  2. Clone or download this repository
  3. Open draw.io application and create a new blank diagram
  4. Click the File menu and then click Open Library...
  5. Navigate to where you put this project and open one of the xml files
  6. Start diagramming!

More Repositories

1

gitrob

Reconnaissance tool for GitHub organizations
Go
5,895
star
2

aquatone

A Tool for Domain Flyovers
Go
5,597
star
3

css3buttons

Simple CSS3 framework for creating GitHub-style buttons
CSS
690
star
4

birdwatcher

Data analysis and OSINT framework for Twitter
Ruby
410
star
5

searchpass

A simple tool for offline searching of default credentials for network devices, web applications and more.
Ruby
164
star
6

gokiburi

Automatic test runs for Go projects
JavaScript
139
star
7

bucketlist

Amazon S3 bucket spelunking!
HTML
84
star
8

hibp

A simple tool to check a bunch of email addresses against the Have I Been Pwned API.
Ruby
64
star
9

maltego

Custom Maltego transforms
Python
60
star
10

diceware

Generate secure passphrases with the Diceware method
JavaScript
60
star
11

hackpad

A web application hacker's toolbox. Base64 encoding/decoding, URL encoding/decoding, MD5/SHA1/SHA256/HMAC hashing, code deobfuscation, formatting, highlighting and much more.
JavaScript
47
star
12

nmap-scripts

A collection of Nmap NSE scripts that I made.
Lua
27
star
13

wikiranger

Gather information on Wiki contributions from IP ranges
Ruby
23
star
14

easywins

Probe a web server for common files and endpoints that are useful for gathering information or gaining a foothold.
Ruby
22
star
15

dia-attacktree

Attack Tree modeling sheet for Dia
20
star
16

dolus

Firefox Addon to fool websites with spoofed X-Forwarded-For headers
JavaScript
16
star
17

chart

Command-line tool for rendering bar charts that can be displayed directly in the terminal or in text-based files like Markdown.
Go
16
star
18

tmpl

Simple tmux session management.
Go
13
star
19

nmunch

A passive network discovery tool that finds live network nodes by analyzing ARP and broadcast packets.
Ruby
12
star
20

dia-dfd

DFD diagramming sheet for Dia
9
star
21

michenriksen.github.io

Personal website
SCSS
7
star
22

tatt

A versatile CLI tool that makes it easy to render Go templates with dynamic data from YAML, JSON, or TOML files.
Go
4
star
23

pkgdmp

A simple go code analysis CLI tool.
Go
4
star
24

nvim

My Neovim configuration
Lua
1
star
25

harmfuldotlink

Should I click this link?
JavaScript
1
star