Metadata-Version: 2.1
Name: TMTool
Version: 0.0.19
Summary: python tool for Microsoft Threat modeling tool
Home-page: https://github.com/tmart234/TMT
Author-email: tmart234@gmail.com
License: UNKNOWN
Platform: UNKNOWN
Classifier: Programming Language :: Python :: 3
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Requires-Python: >=3.7
Description-Content-Type: text/markdown
Requires-Dist: openpyxl
Requires-Dist: xlsxwriter
Requires-Dist: Click
Requires-Dist: lxml
Requires-Dist: atlassian-python-api (>=3.5.0)
Requires-Dist: pypandoc (>=1.5)
Requires-Dist: xmltodict (>=0.12.0)
Requires-Dist: jira (>=2.0.0)
Requires-Dist: ttkthemes (>=3.2.2)

*This project is currently in beta and is highly unstable!*

# TMTool

A simple GUI utility that provides additional workflows for Microsoft's Threat Modeling Tool

## Installation

```
$ pip install TMTool
```

## Usage

```
$ TMTool
```



## Project Goals:

 - Improve upon Microsoft Threat Modeling Tool by providing a simple interface of supplemental workflows

    - It's NOT a goal of this project to create the "perfect" threat model/model template. There are plenty of other projects for templates and threat databases.

 - This project works heavily off of the concept of "scoring methodologies" (such as OWASP Risk Rating and CVSS v2)

     - How can we abstract and automate the scoring rubric (a manual process) and bring the threat's score into the model file as a threat property?
     - Risk = Impact * Likelihood; Each scoring methodology contains metrics that can be further categorized into either Impact or Likelihood based metrics
     - Because Microsoft's Threat Modeling tool uses STRIDE, it is "threat" or "attacker" centric it. TMTool believes a Model's Stencils or Threats can contain the Likelihood based metrics, but determining Impact takes additional insight into the assets at hand: What are we protecting? Therefore, we also aim to provide an "asset centric" method that describes assets in a repeatable way in order to derive these Impact metrics.

 - For template design, this project hopes to address some of the complexities that come with managing a “database” of threats and stencils.

     - Make mass edits to threat logic or any other threat/stencil properties from excel
     - For using completed templates (not starting from test_template.tm7), additional workflow to import (blank) Likelihood based scoring metrics as either threat/stencil properties (template dev would have to fill these in) 

 - For modeling, this project experiments with extracting metrics from our model and improving how Threat Modeling fits within DevOps and SDLC

     - ![](https://github.com/tmart234/TMT/blob/main/README.assets/TMT_boards.png)



View threat_modeling_notes.md for more



