attackmap 0.1.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,257 @@
1
+ Metadata-Version: 2.4
2
+ Name: attackmap
3
+ Version: 0.1.0
4
+ Summary: AI-assisted defensive security analyzer for codebases — scans a repository, models assets and controls, finds cross-cutting weaknesses, and generates an evidence-grounded review with MITRE ATT&CK mappings and detection-engineering hints.
5
+ Author: AttackMap Contributors
6
+ Author-email: Matthew Davis <matthewd@matthewd.xyz>
7
+ Maintainer-email: Matthew Davis <matthewd@matthewd.xyz>
8
+ License: MIT
9
+ Project-URL: Homepage, https://github.com/mlaify/AttackMap
10
+ Project-URL: Documentation, https://github.com/mlaify/AttackMap/wiki
11
+ Project-URL: Repository, https://github.com/mlaify/AttackMap
12
+ Project-URL: Issues, https://github.com/mlaify/AttackMap/issues
13
+ Project-URL: Changelog, https://github.com/mlaify/AttackMap/blob/main/CHANGELOG.md
14
+ Keywords: security,static-analysis,appsec,defensive-security,threat-modeling,attack-surface,mitre-attack,detection-engineering,code-review,llm,claude
15
+ Classifier: Development Status :: 4 - Beta
16
+ Classifier: Environment :: Console
17
+ Classifier: Intended Audience :: Developers
18
+ Classifier: Intended Audience :: Information Technology
19
+ Classifier: Intended Audience :: System Administrators
20
+ Classifier: License :: OSI Approved :: MIT License
21
+ Classifier: Operating System :: OS Independent
22
+ Classifier: Programming Language :: Python :: 3
23
+ Classifier: Programming Language :: Python :: 3.11
24
+ Classifier: Programming Language :: Python :: 3.12
25
+ Classifier: Programming Language :: Python :: 3.13
26
+ Classifier: Programming Language :: Python :: 3 :: Only
27
+ Classifier: Topic :: Security
28
+ Classifier: Topic :: Software Development :: Quality Assurance
29
+ Classifier: Topic :: Software Development :: Testing
30
+ Classifier: Typing :: Typed
31
+ Requires-Python: >=3.11
32
+ Description-Content-Type: text/markdown
33
+ License-File: LICENSE
34
+ Requires-Dist: typer>=0.12.3
35
+ Requires-Dist: pydantic>=2.7.0
36
+ Requires-Dist: networkx>=3.3
37
+ Provides-Extra: llm
38
+ Requires-Dist: anthropic>=0.40.0; extra == "llm"
39
+ Provides-Extra: all
40
+ Requires-Dist: attackmap[llm]; extra == "all"
41
+ Requires-Dist: attackmap-analyzer-python; extra == "all"
42
+ Requires-Dist: attackmap-analyzer-rust; extra == "all"
43
+ Requires-Dist: attackmap-analyzer-go; extra == "all"
44
+ Requires-Dist: attackmap-analyzer-java-spring; extra == "all"
45
+ Requires-Dist: attackmap-analyzer-dotnet; extra == "all"
46
+ Requires-Dist: attackmap-analyzer-terraform; extra == "all"
47
+ Requires-Dist: attackmap-analyzer-c; extra == "all"
48
+ Requires-Dist: attackmap-analyzer-cpp; extra == "all"
49
+ Requires-Dist: attackmap-analyzer-node-service; extra == "all"
50
+ Requires-Dist: attackmap-analyzer-atproto; extra == "all"
51
+ Requires-Dist: attackmap-analyzer-php-web; extra == "all"
52
+ Requires-Dist: attackmap-analyzer-php-laminas; extra == "all"
53
+ Requires-Dist: attackmap-analyzer-omeka-s; extra == "all"
54
+ Provides-Extra: dev
55
+ Requires-Dist: pytest>=8.0.0; extra == "dev"
56
+ Requires-Dist: build>=1.2.0; extra == "dev"
57
+ Dynamic: license-file
58
+
59
+ # AttackMap
60
+
61
+ **AI-assisted defensive security analysis for codebases.** AttackMap reads your
62
+ repository, models its assets and defensive controls, finds cross-cutting
63
+ weaknesses that single-file scanners miss, and produces an evidence-grounded
64
+ security review with MITRE ATT&CK mappings and detection-engineering hints.
65
+
66
+ Built for AppSec engineers, SOC and detection-engineering teams, and engineering
67
+ managers who need to triage an unfamiliar codebase.
68
+
69
+ > Story over checklist. Asset-aware. Control-absence-aware. Evidence-grounded.
70
+
71
+ [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
72
+ [![Python: 3.11+](https://img.shields.io/badge/Python-3.11%2B-blue.svg)](https://www.python.org/)
73
+
74
+ ---
75
+
76
+ ## Quickstart
77
+
78
+ Install with all bundled analyzers:
79
+
80
+ ```bash
81
+ pip install "attackmap[all]"
82
+ ```
83
+
84
+ Run a review on a repository:
85
+
86
+ ```bash
87
+ attackmap analyze /path/to/repo --output reports
88
+ ```
89
+
90
+ Optional: add an AI-narrated review using Claude. Either set an
91
+ `ANTHROPIC_API_KEY`, or log in once with the [Claude Code CLI](https://docs.claude.com/claude-code)
92
+ to use your existing Pro/Max subscription:
93
+
94
+ ```bash
95
+ attackmap analyze /path/to/repo --output reports --llm
96
+ ```
97
+
98
+ Read `reports/defensive-review.md` (heuristic) and `reports/defensive-review-llm.md`
99
+ (LLM-narrated) side by side.
100
+
101
+ ---
102
+
103
+ ## Install
104
+
105
+ ### From PyPI
106
+
107
+ ```bash
108
+ pip install attackmap # core only
109
+ pip install "attackmap[llm]" # add LLM narrative support
110
+ pip install "attackmap[all]" # core + LLM + all 11 analyzer plugins
111
+ ```
112
+
113
+ You can also install individual analyzer plugins on demand:
114
+
115
+ ```bash
116
+ pip install attackmap-analyzer-python attackmap-analyzer-go
117
+ ```
118
+
119
+ ### With Docker
120
+
121
+ ```bash
122
+ docker run --rm -v "$PWD:/src" ghcr.io/mlaify/attackmap:latest analyze /src --output /src/reports
123
+ ```
124
+
125
+ ### With Homebrew (macOS)
126
+
127
+ ```bash
128
+ brew install mlaify/tap/attackmap
129
+ ```
130
+
131
+ ### From source
132
+
133
+ ```bash
134
+ git clone https://github.com/mlaify/AttackMap.git
135
+ cd AttackMap
136
+ pip install -e ".[llm]"
137
+ ```
138
+
139
+ ---
140
+
141
+ ## What you get
142
+
143
+ Every `attackmap analyze` run writes:
144
+
145
+ | File | What it is |
146
+ |---|---|
147
+ | `architecture.md` | High-level summary of the repository |
148
+ | `attack-surface.md` | Surfaces classified by category, exposure, and risk |
149
+ | `defensive-review.md` | Notable Observations, Asset Inventory, Defensive Controls, Strengths, Weaknesses, Detection Opportunities, Recommendations |
150
+ | `defensive-review.json` | Structured equivalent (schema v1.2.0) |
151
+ | `review-context-pack.json` | Structured evidence pack consumed by the LLM stage |
152
+ | `attackmap-report.json` | Everything bundled |
153
+ | `defensive-review-llm.md` *(with `--llm`)* | Claude-narrated review |
154
+ | `defensive-review-llm.meta.json` *(with `--llm`)* | Backend, model, token usage |
155
+
156
+ ---
157
+
158
+ ## How it works
159
+
160
+ AttackMap is built as four layers, each grounded in the layer below.
161
+
162
+ **1. Heuristic scanner + analyzer plugins.** Language-aware extraction of routes,
163
+ databases, external calls, auth signals, secrets, frameworks, and entrypoints.
164
+ Every signal carries a `file:line` citation, an evidence-text snippet, and a
165
+ confidence score. Plugins are auto-discovered through the `attackmap.analyzers`
166
+ entry-point group.
167
+
168
+ **2. Asset and control overlay.** Identifies *what's at risk* (credentials,
169
+ sessions, PII, payment records, internal secrets — with criticality tiers) and
170
+ *what protects it* (authentication, authorization, input validation, rate
171
+ limiting, CSRF, encryption, audit logging, RBAC, MFA), including detection of
172
+ *absent* expected controls.
173
+
174
+ **3. Cross-cutting insight engine.** Connects findings into narratives —
175
+ sensitive-asset reachability, shared-secret blast radius, defense gaps in attack
176
+ chains, control-strength mismatches, asymmetric protection, audit gaps,
177
+ trust-boundary violations, and more.
178
+
179
+ **4. LLM narrative review.** With `--llm`, Claude Opus generates a final review
180
+ from the structured evidence pack. The model is forced to cite real
181
+ surface/asset/control IDs, so it can't invent findings.
182
+
183
+ Layered on top: **MITRE ATT&CK technique mappings** on every insight and
184
+ **detection opportunities** (Sigma/KQL/Splunk-style hints) for each weakness.
185
+
186
+ ---
187
+
188
+ ## Supported ecosystems
189
+
190
+ Eleven official analyzer plugins, each distributable as a separate package:
191
+
192
+ | Plugin | Coverage |
193
+ |---|---|
194
+ | `attackmap-analyzer-python` | Django, Starlette, AIOHTTP, Sanic, Litestar, DRF; SQLAlchemy/asyncpg/motor; passlib/PyJWT/authlib; httpx/aiohttp |
195
+ | `attackmap-analyzer-rust` | axum, actix-web, rocket; sqlx, diesel, sea-orm; jsonwebtoken, argon2; reqwest |
196
+ | `attackmap-analyzer-go` | net/http, chi, gin, echo, fiber, gorilla/mux; database/sql, gorm, pgx; golang-jwt; resty |
197
+ | `attackmap-analyzer-java-spring` | Java/Kotlin Spring Boot, JAX-RS, Ktor; Spring Data; Spring Security; jjwt |
198
+ | `attackmap-analyzer-dotnet` | ASP.NET Core minimal APIs and attribute routing, EF Core, Identity, JwtBearer |
199
+ | `attackmap-analyzer-terraform` | AWS, Azure, GCP resources; IAM wildcards; open SGs; secrets |
200
+ | `attackmap-analyzer-c` | libmicrohttpd, civetweb, mongoose; libcurl; OpenSSL/libsodium; sqlite3/libpq/mysql |
201
+ | `attackmap-analyzer-cpp` | Crow, Pistache, Drogon, cpprestsdk; libcurl/cpr; OpenSSL/Botan/libsodium; libpqxx/mongocxx |
202
+ | `attackmap-analyzer-node-service` | Node.js / TypeScript service ecosystems |
203
+ | `attackmap-analyzer-atproto` | AT Protocol (Bluesky) services |
204
+ | `attackmap-analyzer-php-web` / `-php-laminas` / `-omeka-s` | Generic PHP web, Laminas/Zend MVC, Omeka-S |
205
+
206
+ `pip install "attackmap[all]"` installs every official plugin.
207
+
208
+ ---
209
+
210
+ ## CLI reference
211
+
212
+ ```bash
213
+ attackmap analyze <path> # run a review on a repository
214
+ attackmap analyze <path> --output dir # write outputs to `dir/`
215
+ attackmap analyze <path> --module python --module rust # only these analyzers
216
+ attackmap analyze <path> --llm # add LLM narrative (auto-resolve auth)
217
+ attackmap analyze <path> --llm --llm-backend cli # force Claude CLI
218
+ attackmap modules # list installed analyzers
219
+ ```
220
+
221
+ `--module` is repeatable. Missing requested external analyzers can be
222
+ auto-installed (when possible) from the `mlaify` GitHub organization.
223
+
224
+ ---
225
+
226
+ ## What AttackMap is *not*
227
+
228
+ - **A runtime detector.** AttackMap is static. The detection opportunities it
229
+ emits are *hints* for your SIEM team — they are not deployable rules.
230
+ - **A vulnerability scanner.** AttackMap models architecture, assets, and
231
+ controls. It does not match known-CVE patterns.
232
+ - **Exhaustive.** AttackMap is heuristic by design. Findings are confidence-tiered
233
+ with explicit guardrails for stale signals.
234
+
235
+ ---
236
+
237
+ ## Documentation
238
+
239
+ - [`CHANGELOG.md`](CHANGELOG.md) — release notes
240
+ - [`CONTRIBUTING.md`](CONTRIBUTING.md) — development setup and PR process
241
+ - [`SECURITY.md`](SECURITY.md) — vulnerability disclosure
242
+ - [`AGENTS.md`](AGENTS.md) — agent-facing repo guide
243
+ - [`VISION.md`](VISION.md) — project direction
244
+ - [GitHub wiki](https://github.com/mlaify/AttackMap/wiki) — deeper architecture
245
+ and analyzer-contract references
246
+
247
+ ---
248
+
249
+ ## Contributing
250
+
251
+ Issues and pull requests are welcome. See [CONTRIBUTING.md](CONTRIBUTING.md)
252
+ for setup, testing, and submission guidelines. By contributing you agree that
253
+ your contributions will be MIT-licensed.
254
+
255
+ ## License
256
+
257
+ [MIT](LICENSE). Copyright (c) 2026 Matthew Davis and AttackMap Contributors.
@@ -0,0 +1,33 @@
1
+ attackmap/__init__.py,sha256=tXbRXsO0NE_UV1kIHiZTTQQH0fj0U2KoxxNusu_gzrM,48
2
+ attackmap/analyzer.py,sha256=SUvA2JEW--pot8WEBdscGmeAffwPXkI7rGhJP-lkmWw,12224
3
+ attackmap/analyzer_contracts.py,sha256=o0HJrclYs7WqJgeWp7FEIxDbTbi2DRBPkSWRw_zZTM8,2919
4
+ attackmap/analyzers.py,sha256=Z_8aNubakRqVbkvo4k0FLbSjlePN5n0nh1UlznOQde4,20115
5
+ attackmap/asset_model.py,sha256=Wbok0X8lwlhY8rRqtxag_JaOhB8lwPQL4hswjgLpbD0,9292
6
+ attackmap/attack_taxonomy.py,sha256=x823UHPPioAgeyDp7lBmXkmzyFIq5yR9YXD0tJgNro0,5666
7
+ attackmap/cli.py,sha256=0n8YR9wFxD1_LPeNkbSbdfMpeh_TeiD5ZAGgoByajjk,7127
8
+ attackmap/context_pack.py,sha256=TcCa9zsdDxVLk95rPvDSeSqezGwXcFMMCQEbX9qkIR4,3229
9
+ attackmap/control_model.py,sha256=NOn0a6NhCMd0vR4dbEuyX9NTIMesbmiLfgUrmpZ2XCg,11128
10
+ attackmap/defensive_review.py,sha256=zRyIFij1jQ0kqyYG_32nfU-TA7F2ZMpX96Qg-9Uo-ek,24676
11
+ attackmap/detection_opportunities.py,sha256=DHAkFDz4msfH6jbxiY2Q1vwLyjjHpryy1DQlKdWKjMI,15494
12
+ attackmap/graph.py,sha256=yuFNJ8A0ZiyJ-lntNRxUoWiqH96idR7nN1my_xt4DLE,828
13
+ attackmap/insights.py,sha256=qgv-og4ZicLC8eBYvll0NFaW7lIuUrU-8CY6LsvFtO0,29188
14
+ attackmap/llm_review.py,sha256=zAKJZ7ZsfJ-GLvO0aqKtrk-szT2VIxb-QpbHdG4DH8o,11107
15
+ attackmap/models.py,sha256=0PaIDXfLmhZvob7rfeWnC7XgVNZQgHRodTDCK6P_qrg,10085
16
+ attackmap/recon_models.py,sha256=AOJurJDjH6i6tgRXP4cxydBAL0wJ6fQMABNsqsfEgLI,591
17
+ attackmap/recon_to_analysis.py,sha256=BMRD75rJzx9uUs1hen3bB3gCv3aJVv78Srhwn7k7XTk,3936
18
+ attackmap/report.py,sha256=a-0ij1w76p1CIgJuKaItr2uc1qEhbZfDav4ODUDHGr4,3003
19
+ attackmap/review_eval.py,sha256=6vMFiz_vHTa-XF6VuYEcmQkatqpNmSfLwacc5rU0shM,12325
20
+ attackmap/review_json.py,sha256=4FiigYuBHLLI-zfurg8UQ6bd_UEY0_n7heslrdBTAQ0,12786
21
+ attackmap/review_prompts.py,sha256=sMz4lFVsZPrEBZdnWD1yS3O-WqJfhXCjpi4Xn6TSTWY,9678
22
+ attackmap/scanner.py,sha256=UPTmD89RWhxQBHPeJWZ1eX4a0SmzFxSPs0dYy-2yhiY,16490
23
+ attackmap/security_overlay.py,sha256=mcYM0vS1Og9TnhOeApsH01k4uZilDAm1UYLdzNvYwE8,2099
24
+ attackmap/threat_model.py,sha256=iX426oOrY9_f2mjH1YxfcGzBfZ5nIq6LySPKnc7XBgI,40940
25
+ attackmap/sdk/__init__.py,sha256=U_HWosFqOWM2t5W3k_hfbouBqcnE_uRozafF2mBrWqs,750
26
+ attackmap/sdk/contracts.py,sha256=M0Eu9Skv4u4Sk1N_UxraPnz0dzpmSZ1PQZqG6iK60kg,352
27
+ attackmap/sdk/models.py,sha256=O50pBylB22WA-wv6Uyz6KL7BobBm0hLAAKmvdssnOBc,466
28
+ attackmap-0.1.0.dist-info/licenses/LICENSE,sha256=vtPQVGUyxq359j0JmD3_eJaXyHmaHyjzaMOtaLwJc88,1097
29
+ attackmap-0.1.0.dist-info/METADATA,sha256=t7E3hPxt0AYsMC2ieX5z2hirYGc-HfvzMoWDDlMTF3c,10204
30
+ attackmap-0.1.0.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
31
+ attackmap-0.1.0.dist-info/entry_points.txt,sha256=Tupx9uE-Kg5wKY3pJCbIn-BT_iqHIQV2Iuhk-A0MvEs,48
32
+ attackmap-0.1.0.dist-info/top_level.txt,sha256=vtBiQh5-74BM1EN6EAORE8i_rNzybwtwX9VkBJQPBVE,10
33
+ attackmap-0.1.0.dist-info/RECORD,,
@@ -0,0 +1,5 @@
1
+ Wheel-Version: 1.0
2
+ Generator: setuptools (82.0.1)
3
+ Root-Is-Purelib: true
4
+ Tag: py3-none-any
5
+
@@ -0,0 +1,2 @@
1
+ [console_scripts]
2
+ attackmap = attackmap.cli:app
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Matthew Davis and AttackMap Contributors
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
@@ -0,0 +1 @@
1
+ attackmap