AI-assisted defensive security analyzer for codebases — scans a repository, models assets and controls, finds cross-cutting weaknesses, and generates an evidence-grounded review with MITRE ATT&CK mappings and detection-engineering hints.
Project description
AttackMap
AI-assisted defensive security analysis for codebases. AttackMap reads your repository, models its assets and defensive controls, finds cross-cutting weaknesses that single-file scanners miss, and produces an evidence-grounded security review with MITRE ATT&CK mappings and detection-engineering hints.
Built for AppSec engineers, SOC and detection-engineering teams, and engineering managers who need to triage an unfamiliar codebase.
Story over checklist. Asset-aware. Control-absence-aware. Evidence-grounded.
Quickstart
Install with all bundled analyzers:
pip install "attackmap[all]"
Run a review on a repository:
attackmap analyze /path/to/repo --output reports
Optional: add an AI-narrated review using Claude. Either set an
ANTHROPIC_API_KEY, or log in once with the Claude Code CLI
to use your existing Pro/Max subscription:
attackmap analyze /path/to/repo --output reports --llm
Read reports/defensive-review.md (heuristic) and reports/defensive-review-llm.md
(LLM-narrated) side by side.
Install
From PyPI
pip install attackmap # core only
pip install "attackmap[llm]" # add LLM narrative support
pip install "attackmap[all]" # core + LLM + all 13 analyzer plugins
You can also install individual analyzer plugins on demand:
pip install attackmap-analyzer-python attackmap-analyzer-go
With Docker
docker run --rm -v "$PWD:/src" ghcr.io/mlaify/attackmap:latest analyze /src --output /src/reports
With Homebrew (macOS)
brew install mlaify/tap/attackmap
From source
git clone https://github.com/mlaify/AttackMap.git
cd AttackMap
pip install -e ".[llm]"
What you get
Every attackmap analyze run writes:
| File | What it is |
|---|---|
architecture.md |
High-level summary of the repository |
attack-surface.md |
Surfaces classified by category, exposure, and risk |
defensive-review.md |
Notable Observations, Asset Inventory, Defensive Controls, Strengths, Weaknesses, Detection Opportunities, Recommendations |
defensive-review.json |
Structured equivalent (schema v1.2.0) |
review-context-pack.json |
Structured evidence pack consumed by the LLM stage |
attackmap-report.json |
Everything bundled |
defensive-review-llm.md (with --llm) |
Claude-narrated review |
defensive-review-llm.meta.json (with --llm) |
Backend, model, token usage |
How it works
AttackMap is built as four layers, each grounded in the layer below.
1. Heuristic scanner + analyzer plugins. Language-aware extraction of routes,
databases, external calls, auth signals, secrets, frameworks, and entrypoints.
Every signal carries a file:line citation, an evidence-text snippet, and a
confidence score. Plugins are auto-discovered through the attackmap.analyzers
entry-point group.
2. Asset and control overlay. Identifies what's at risk (credentials, sessions, PII, payment records, internal secrets — with criticality tiers) and what protects it (authentication, authorization, input validation, rate limiting, CSRF, encryption, audit logging, RBAC, MFA), including detection of absent expected controls.
3. Cross-cutting insight engine. Connects findings into narratives — sensitive-asset reachability, shared-secret blast radius, defense gaps in attack chains, control-strength mismatches, asymmetric protection, audit gaps, trust-boundary violations, and more.
4. LLM narrative review. With --llm, Claude Opus generates a final review
from the structured evidence pack. The model is forced to cite real
surface/asset/control IDs, so it can't invent findings.
Layered on top: MITRE ATT&CK technique mappings on every insight and detection opportunities (Sigma/KQL/Splunk-style hints) for each weakness.
Supported ecosystems
Thirteen official analyzer plugins, each distributable as a separate package:
| Plugin | Coverage |
|---|---|
attackmap-analyzer-python |
Django, Starlette, AIOHTTP, Sanic, Litestar, DRF; SQLAlchemy/asyncpg/motor; passlib/PyJWT/authlib; httpx/aiohttp |
attackmap-analyzer-rust |
axum, actix-web, rocket; sqlx, diesel, sea-orm; jsonwebtoken, argon2; reqwest |
attackmap-analyzer-go |
net/http, chi, gin, echo, fiber, gorilla/mux; database/sql, gorm, pgx; golang-jwt; resty |
attackmap-analyzer-java-spring |
Java/Kotlin Spring Boot, JAX-RS, Ktor; Spring Data; Spring Security; jjwt |
attackmap-analyzer-dotnet |
ASP.NET Core minimal APIs and attribute routing, EF Core, Identity, JwtBearer |
attackmap-analyzer-terraform |
AWS, Azure, GCP resources; IAM wildcards; open SGs; secrets |
attackmap-analyzer-c |
libmicrohttpd, civetweb, mongoose; libcurl; OpenSSL/libsodium; sqlite3/libpq/mysql |
attackmap-analyzer-cpp |
Crow, Pistache, Drogon, cpprestsdk; libcurl/cpr; OpenSSL/Botan/libsodium; libpqxx/mongocxx |
attackmap-analyzer-node-service |
Node.js / TypeScript service ecosystems |
attackmap-analyzer-atproto |
AT Protocol (Bluesky) services |
attackmap-analyzer-php-web / -php-laminas / -omeka-s |
Generic PHP web, Laminas/Zend MVC, Omeka-S |
pip install "attackmap[all]" installs every official plugin.
Building your own analyzer
The plugin contract is documented in code at
attackmap.sdk; the developer cookbook with
scaffolding, testing, and publishing instructions is in
docs/external-analyzers.md.
CLI reference
attackmap analyze <path> # run a review on a repository
attackmap analyze <path> --output dir # write outputs to `dir/`
attackmap analyze <path> --module python --module rust # only these analyzers
attackmap analyze <path> --llm # add LLM narrative (auto-resolve auth)
attackmap analyze <path> --llm --llm-backend cli # force Claude CLI
attackmap modules # list installed analyzers
--module is repeatable. Missing requested external analyzers can be
auto-installed (when possible) from the mlaify GitHub organization.
What AttackMap is not
- A runtime detector. AttackMap is static. The detection opportunities it emits are hints for your SIEM team — they are not deployable rules.
- A vulnerability scanner. AttackMap models architecture, assets, and controls. It does not match known-CVE patterns.
- Exhaustive. AttackMap is heuristic by design. Findings are confidence-tiered with explicit guardrails for stale signals.
Documentation
CHANGELOG.md— release notesCONTRIBUTING.md— development setup and PR processSECURITY.md— vulnerability disclosureAGENTS.md— agent-facing repo guideVISION.md— project direction- GitHub wiki — deeper architecture and analyzer-contract references
Contributing
Issues and pull requests are welcome. See CONTRIBUTING.md for setup, testing, and submission guidelines. By contributing you agree that your contributions will be MIT-licensed.
License
MIT. Copyright (c) 2026 Matthew Davis and AttackMap Contributors.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file attackmap-0.1.1.tar.gz.
File metadata
- Download URL: attackmap-0.1.1.tar.gz
- Upload date:
- Size: 103.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8322ef9fefda5986b730b7b6297ef4ff69a8eb8226cd70391d5f020bdd4335ea
|
|
| MD5 |
a16294bc289056a8d9ed426fdd404ef7
|
|
| BLAKE2b-256 |
e5a5c89d6f04cf94e897b94334de96b74b57398a4a9c6db9a29f1e3dabc3544d
|
Provenance
The following attestation bundles were made for attackmap-0.1.1.tar.gz:
Publisher:
release.yml on mlaify/AttackMap
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
attackmap-0.1.1.tar.gz -
Subject digest:
8322ef9fefda5986b730b7b6297ef4ff69a8eb8226cd70391d5f020bdd4335ea - Sigstore transparency entry: 2048563021
- Sigstore integration time:
-
Permalink:
mlaify/AttackMap@b43167535957b6f4cf0db812299b2044da532346 -
Branch / Tag:
refs/tags/v0.1.1 - Owner: https://github.com/mlaify
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@b43167535957b6f4cf0db812299b2044da532346 -
Trigger Event:
push
-
Statement type:
File details
Details for the file attackmap-0.1.1-py3-none-any.whl.
File metadata
- Download URL: attackmap-0.1.1-py3-none-any.whl
- Upload date:
- Size: 84.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
208bbd1e6a4593f74e12c83a8a47cbc5246660eabe059d6bb921fc65808ac1ee
|
|
| MD5 |
d896956c2ab7e3231acfd66778290b35
|
|
| BLAKE2b-256 |
765b2fed0875f9e72c44237dfa8787f5773d010e968cd011c58e6d727bbab723
|
Provenance
The following attestation bundles were made for attackmap-0.1.1-py3-none-any.whl:
Publisher:
release.yml on mlaify/AttackMap
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
attackmap-0.1.1-py3-none-any.whl -
Subject digest:
208bbd1e6a4593f74e12c83a8a47cbc5246660eabe059d6bb921fc65808ac1ee - Sigstore transparency entry: 2048563037
- Sigstore integration time:
-
Permalink:
mlaify/AttackMap@b43167535957b6f4cf0db812299b2044da532346 -
Branch / Tag:
refs/tags/v0.1.1 - Owner: https://github.com/mlaify
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@b43167535957b6f4cf0db812299b2044da532346 -
Trigger Event:
push
-
Statement type: