Skip to main content

AI-assisted defensive security analyzer for codebases — scans a repository, models assets and controls, finds cross-cutting weaknesses, and generates an evidence-grounded review with MITRE ATT&CK mappings and detection-engineering hints.

Project description

AttackMap

AI-assisted defensive security analysis for codebases. AttackMap reads your repository, models its assets and defensive controls, finds cross-cutting weaknesses that single-file scanners miss, and produces an evidence-grounded security review with MITRE ATT&CK mappings and detection-engineering hints.

Built for AppSec engineers, SOC and detection-engineering teams, and engineering managers who need to triage an unfamiliar codebase.

Story over checklist. Asset-aware. Control-absence-aware. Evidence-grounded.

License: MIT Python: 3.11+


Quickstart

Install with all bundled analyzers:

pip install "attackmap[all]"

Run a review on a repository:

attackmap analyze /path/to/repo --output reports

Optional: add an AI-narrated review using Claude. Either set an ANTHROPIC_API_KEY, or log in once with the Claude Code CLI to use your existing Pro/Max subscription:

attackmap analyze /path/to/repo --output reports --llm

Read reports/defensive-review.md (heuristic) and reports/defensive-review-llm.md (LLM-narrated) side by side.


Install

From PyPI

pip install attackmap                  # core only
pip install "attackmap[llm]"           # add LLM narrative support
pip install "attackmap[all]"           # core + LLM + all 11 analyzer plugins

You can also install individual analyzer plugins on demand:

pip install attackmap-analyzer-python attackmap-analyzer-go

With Docker

docker run --rm -v "$PWD:/src" ghcr.io/mlaify/attackmap:latest analyze /src --output /src/reports

With Homebrew (macOS)

brew install mlaify/tap/attackmap

From source

git clone https://github.com/mlaify/AttackMap.git
cd AttackMap
pip install -e ".[llm]"

What you get

Every attackmap analyze run writes:

File What it is
architecture.md High-level summary of the repository
attack-surface.md Surfaces classified by category, exposure, and risk
defensive-review.md Notable Observations, Asset Inventory, Defensive Controls, Strengths, Weaknesses, Detection Opportunities, Recommendations
defensive-review.json Structured equivalent (schema v1.2.0)
review-context-pack.json Structured evidence pack consumed by the LLM stage
attackmap-report.json Everything bundled
defensive-review-llm.md (with --llm) Claude-narrated review
defensive-review-llm.meta.json (with --llm) Backend, model, token usage

How it works

AttackMap is built as four layers, each grounded in the layer below.

1. Heuristic scanner + analyzer plugins. Language-aware extraction of routes, databases, external calls, auth signals, secrets, frameworks, and entrypoints. Every signal carries a file:line citation, an evidence-text snippet, and a confidence score. Plugins are auto-discovered through the attackmap.analyzers entry-point group.

2. Asset and control overlay. Identifies what's at risk (credentials, sessions, PII, payment records, internal secrets — with criticality tiers) and what protects it (authentication, authorization, input validation, rate limiting, CSRF, encryption, audit logging, RBAC, MFA), including detection of absent expected controls.

3. Cross-cutting insight engine. Connects findings into narratives — sensitive-asset reachability, shared-secret blast radius, defense gaps in attack chains, control-strength mismatches, asymmetric protection, audit gaps, trust-boundary violations, and more.

4. LLM narrative review. With --llm, Claude Opus generates a final review from the structured evidence pack. The model is forced to cite real surface/asset/control IDs, so it can't invent findings.

Layered on top: MITRE ATT&CK technique mappings on every insight and detection opportunities (Sigma/KQL/Splunk-style hints) for each weakness.


Supported ecosystems

Eleven official analyzer plugins, each distributable as a separate package:

Plugin Coverage
attackmap-analyzer-python Django, Starlette, AIOHTTP, Sanic, Litestar, DRF; SQLAlchemy/asyncpg/motor; passlib/PyJWT/authlib; httpx/aiohttp
attackmap-analyzer-rust axum, actix-web, rocket; sqlx, diesel, sea-orm; jsonwebtoken, argon2; reqwest
attackmap-analyzer-go net/http, chi, gin, echo, fiber, gorilla/mux; database/sql, gorm, pgx; golang-jwt; resty
attackmap-analyzer-java-spring Java/Kotlin Spring Boot, JAX-RS, Ktor; Spring Data; Spring Security; jjwt
attackmap-analyzer-dotnet ASP.NET Core minimal APIs and attribute routing, EF Core, Identity, JwtBearer
attackmap-analyzer-terraform AWS, Azure, GCP resources; IAM wildcards; open SGs; secrets
attackmap-analyzer-c libmicrohttpd, civetweb, mongoose; libcurl; OpenSSL/libsodium; sqlite3/libpq/mysql
attackmap-analyzer-cpp Crow, Pistache, Drogon, cpprestsdk; libcurl/cpr; OpenSSL/Botan/libsodium; libpqxx/mongocxx
attackmap-analyzer-node-service Node.js / TypeScript service ecosystems
attackmap-analyzer-atproto AT Protocol (Bluesky) services
attackmap-analyzer-php-web / -php-laminas / -omeka-s Generic PHP web, Laminas/Zend MVC, Omeka-S

pip install "attackmap[all]" installs every official plugin.


CLI reference

attackmap analyze <path>                 # run a review on a repository
attackmap analyze <path> --output dir    # write outputs to `dir/`
attackmap analyze <path> --module python --module rust   # only these analyzers
attackmap analyze <path> --llm           # add LLM narrative (auto-resolve auth)
attackmap analyze <path> --llm --llm-backend cli         # force Claude CLI
attackmap modules                        # list installed analyzers

--module is repeatable. Missing requested external analyzers can be auto-installed (when possible) from the mlaify GitHub organization.


What AttackMap is not

  • A runtime detector. AttackMap is static. The detection opportunities it emits are hints for your SIEM team — they are not deployable rules.
  • A vulnerability scanner. AttackMap models architecture, assets, and controls. It does not match known-CVE patterns.
  • Exhaustive. AttackMap is heuristic by design. Findings are confidence-tiered with explicit guardrails for stale signals.

Documentation


Contributing

Issues and pull requests are welcome. See CONTRIBUTING.md for setup, testing, and submission guidelines. By contributing you agree that your contributions will be MIT-licensed.

License

MIT. Copyright (c) 2026 Matthew Davis and AttackMap Contributors.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

attackmap-0.1.0.tar.gz (96.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

attackmap-0.1.0-py3-none-any.whl (80.0 kB view details)

Uploaded Python 3

File details

Details for the file attackmap-0.1.0.tar.gz.

File metadata

  • Download URL: attackmap-0.1.0.tar.gz
  • Upload date:
  • Size: 96.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for attackmap-0.1.0.tar.gz
Algorithm Hash digest
SHA256 d6d65adfd42e28c96562c9213872f0460cea3f18f5a65dc7e958f794fcb6c3cb
MD5 ee2654e0d267b22565d0656573dc2df3
BLAKE2b-256 d26ca19a6b87093a5133bbe24ac8abb52b37a2a35dabef9f4b6933b6b2a1f144

See more details on using hashes here.

Provenance

The following attestation bundles were made for attackmap-0.1.0.tar.gz:

Publisher: release.yml on mlaify/AttackMap

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file attackmap-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: attackmap-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 80.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for attackmap-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 cf907030b1862bb2db9a59afe05418ae9da5fb8bbcb46a19fa98a7a4f14634e5
MD5 86282f4fcfe4e9ccae98c0d9c033d561
BLAKE2b-256 216ceba17d406ca1f1b907c6c0325d816c51899476fcafa3714482db97bbb5c7

See more details on using hashes here.

Provenance

The following attestation bundles were made for attackmap-0.1.0-py3-none-any.whl:

Publisher: release.yml on mlaify/AttackMap

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page