📢 TTModeler will only receive bug fixes for now. An improved version is available here: TTModeler Pro
TTModeler is a free and open-source threat modeling tool specialized on IoT devices and is available as web and desktop application.
TTModeler has the following benefits:
- Web and desktop application
- Online project storage with versioning
- Offline storage (without versioning)
- Built-in but customizable threat and mitigation library
- Integration of CWE, CAPEC, and CVE
- Integration of best practice guidelines for software and processes
- Diagramming: data flow diagram, hardware diagram, context diagram, use case diagram
- Risk assessment (CVSS, OWASP Risk Rating)
- Threat and mitigation dashboard
- Out of box reports (Word, HTML)
- Excel and CSV export
- Support of multiple languages (English, German)
- Collaboration with other persons (online storage only)
Watch an introduction video on YouTube.
The aim of TTModeler is to simplify threat modeling for IoT devices. Manufacturers of embedded devices should be able to access the security of their device without much prior security expertise.
The tool can be used without creating an account. The online version enables versioning and collaboration.
TTModeler utilizes GitHub as data storage. Your projects can be stored in private repositories and can be additionally password protected for advanced data protection.
You need to create a GitHub account or log in using your existing account.
Afterwards, follow these steps:
Fork the data repository by clicking on Use this template. Choose a name (e.g. My-Private-TTM-Projects) and set the repository to private(!!!).
Install the ThingThreatModeler app (install button is only visible when you are logged in). Click on Install, select Only selected repositories, and select the repository that you created in the previous step. Click on Install & Authorize.
Go to the Login page and log in using your GitHub account.
Create your own projects on the Home page. Happy threat modeling!
Clone this repository locally:
git clone https://github.com/SecSimon/TTM.git
Install dependencies with npm:
npm install
cd app/
npm install
Run the application
npm run ng:serve // serves web application (http://localhost:4200)
npm run electron:serve // serves desktop application
npm start // serves both desktop and web application
Build the desktop application
npm run electron:build // creates executable depending on your operating system