michenriksen/drawio-threatmodeling michenriksen/drawio-threatmodeling

  • Stars
    star
    633
  • Rank 68,391 (Top 2 %)
  • Language
  • License
    MIT License
  • Created over 5 years ago
  • Updated over 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
michenriksen/drawio-threatmodeling
github

michenriksen

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Draw.io libraries for threat modeling diagrams

Draw.io libraries for threat modeling

This is a collection of custom libraries to turn the free and cross-platform Draw.io diagramming application into the perfect tool for threat modeling.

Data Flow Diagrams

Data Flow Diagramming is a simple diagramming technique used to gain an understanding of how data flows in an application or system. DFDs are excellent for getting a bird's-eye view of a system to facilitate threat modeling.

Example Data Flow Diagram

Attack Trees

Attack Trees are another kind of diagramming method that is great for exploring how a threat actor might attain a specific goal, or how an asset might be attacked.

Example Attack Tree diagram

Installation

  1. Download and install draw.io for your operating system
  2. Clone or download this repository
  3. Open draw.io application and create a new blank diagram
  4. Click the File menu and then click Open Library...
  5. Navigate to where you put this project and open one of the xml files
  6. Start diagramming!

More Repositories

1

gitrob

Reconnaissance tool for GitHub organizations
Go
5,815
star
2

aquatone

A Tool for Domain Flyovers
Go
5,439
star
3

css3buttons

Simple CSS3 framework for creating GitHub-style buttons
CSS
688
star
4

birdwatcher

Data analysis and OSINT framework for Twitter
Ruby
410
star
5

searchpass

A simple tool for offline searching of default credentials for network devices, web applications and more.
Ruby
165
star
6

gokiburi

Automatic test runs for Go projects
JavaScript
134
star
7

bucketlist

Amazon S3 bucket spelunking!
HTML
83
star
8

hibp

A simple tool to check a bunch of email addresses against the Have I Been Pwned API.
Ruby
64
star
9

maltego

Custom Maltego transforms
Python
60
star
10

diceware

Generate secure passphrases with the Diceware method
JavaScript
60
star
11

hackpad

A web application hacker's toolbox. Base64 encoding/decoding, URL encoding/decoding, MD5/SHA1/SHA256/HMAC hashing, code deobfuscation, formatting, highlighting and much more.
JavaScript
49
star
12

nmap-scripts

A collection of Nmap NSE scripts that I made.
Lua
27
star
13

wikiranger

Gather information on Wiki contributions from IP ranges
Ruby
23
star
14

easywins

Probe a web server for common files and endpoints that are useful for gathering information or gaining a foothold.
Ruby
21
star
15

dia-attacktree

Attack Tree modeling sheet for Dia
19
star
16

dolus

Firefox Addon to fool websites with spoofed X-Forwarded-For headers
JavaScript
16
star
17

nmunch

A passive network discovery tool that finds live network nodes by analyzing ARP and broadcast packets.
Ruby
12
star
18

tmpl

Simple tmux session management.
Go
12
star
19

dia-dfd

DFD diagramming sheet for Dia
9
star
20

michenriksen.github.io

Personal website
SCSS
6
star
21

pkgdmp

A simple go code analysis CLI tool.
Go
2
star
22

nvim

My Neovim configuration
Lua
1
star
23

harmfuldotlink

Should I click this link?
JavaScript
1
star