Welcome to the PASTA Threat Modeling Tool — a Python-based threat modeling tool designed to assist security professionals in implementing the Process for Attack Simulation and Threat Analysis (PASTA) methodology. PASTA provides an iterative, risk-centric approach for identifying and mitigating cybersecurity threats.
- Comprehensive PASTA threat modeling capabilities.
- Attack surface analysis and vulnerability identification.
- Risk-based prioritization of threat scenarios.
- Customizable for various environments (on-prem, cloud, etc.) [future release]
- Visual representation of threat models and attack vectors.
- Exportable reports (PDF, CSV) [future release]
- Python 3.8+
- Virtualenv (optional, but recommended)
- Dependencies listed in
requirements.txt
-
Clone the repository:
git clone https://github.com/vsn411/pasta_gpt.git cd pasta_gpt -
Set up a virtual environment (optional):
python3 -m venv venv source venv/bin/activate -
Install dependencies:
pip install -r requirements.txt
-
Run the tool:
streamlit run pasta_gpt.py
Use side-bar in threat modeling app further details. Note that you need to provide OpenAI or Mistral API key in order to get results.
We welcome contributions! Here's how you can contribute:
- Fork the repository.
- Create a new branch (
git checkout -b feature-branch). - Make your changes and commit (
git commit -m 'Add new feature'). - Push to your branch (
git push origin feature-branch). - Open a Pull Request.
Please refer to our Contributing Guidelines for more details.
This project is licensed under the MIT License. See the LICENSE file for details.
This PASTA threat modeling tool is built on https://github.com/mrwadams/stride-gpt
Happy threat modeling! If you have any questions or run into issues, feel free to open an issue or reach out via GitHub Discussions.