STRIDE GPT is an AI-powered threat modelling tool that leverages OpenAI's GPT models to generate threat models and attack trees for a given application based on the STRIDE methodology. Users provide application details, such as the application type, authentication methods, and whether the application is internet-facing or processes sensitive data. The GPT model then generates its output based on the provided information.
If you find STRIDE GPT useful, please consider starring the repository on GitHub. This helps more people discover the tool. Your support is greatly appreciated! ⭐
- Simple and user-friendly interface
- Generates threat models based on the STRIDE methodology
- Generates attack trees to enumerate possible attack paths
- Suggests possible mitigations for identified threats
- Utilises OpenAI's powerful GPT models for AI-driven threat analysis
- No data storage; application details are not saved
In the latest update of STRIDE GPT, I've introduced a range of improvements to streamline the threat modelling process and improve overall user experience. Here are the key updates in version 0.4:
-
Integration of New GPT Models: The application now supports the latest "gpt-4-1106-preview" and "gpt-3.5-turbo-1106" models, offering advanced capabilities and more accurate responses for threat modelling and attack tree generation.
-
Direct OpenAI API Calls: STRIDE GPT now makes direct calls to the OpenAI API in order to take advantage of the recently introduced JSON Mode. This should greatly reduce the reduce the likelihood of syntax errors when generating threat models.
-
Refined Attack Tree Generation: The process for generating attack trees has been overhauled to be more reliable, minimising syntax errors when generating Mermaid diagrams and improving the overall quality of the visualisations.
-
New Logo and Color Scheme: A refreshed colour scheme and new logo (generated by DALL·E 3).
-
Continued Bug Fixes and Performance Improvements: I've made a small number of additional updates to address existing bugs and optimise the application for better performance, ensuring a smoother and more efficient user experience.
These updates are designed to make STRIDE GPT a more powerful and user-friendly tool for cybersecurity professionals and set the platform for some new features in v0.5. As always, your feedback is invaluable for future improvements, and I look forward to hearing your thoughts.
Release highlights:
- Threat Mitigations: STRIDE GPT can now suggest potential mitigations for the threats identified in the threat modelling phase. This helps users develop strategies to prevent or minimise the impact of the identified threats.
- Downloadable Output: Users can now download the generated threat model, attack tree, and mitigations as Markdown files directly from the application. This makes it easy to share and document the generated outputs.
- Improved User Interface: I've further refined the user interface to provide a smoother and more intuitive user experience. The application layout has been optimised for better readability and usability.
- Updated GPT Models: STRIDE GPT now supports the latest 0613 versions of the GPT-3.5-turbo and GPT-4 models. These updated models provide improved performance and increased control over the generated output.
- Bug Fixes and Performance Enhancements: I've addressed several bugs and made performance improvements to ensure a more stable and responsive application.
Release highlights:
- Attack Tree Generation: In addition to generating threat models, STRIDE GPT can now generate attack trees for your applications based on the provided details. This helps users better understand potential attack paths for their applications.
- Attack Tree Visualisation: This is an experimental feature that allows users to visualise the generated attack tree directly in the app using Mermaid.js. This provides a more interactive experience within the STRIDE GPT interface.
- GPT-4 Model Support: STRIDE GPT now supports the use of OpenAI's GPT-4 model, provided the user has access to the GPT-4 API. This allows users to leverage the latest advancements in GPT technology to generate more accurate and comprehensive threat models and attack trees.
- Improved Layout and Organisation: I've restructured the app layout to make it easier to navigate and use. Key sections, such as Threat Model and Attack Tree, are now organised into collapsible sections for a cleaner and more intuitive user experience.
Initial release of the application.
- Clone this repository:
git clone https://github.com/mrwadams/stride-gpt.git
- Change to the cloned repository directory:
cd stride-gpt
- Install the required Python packages:
pip install -r requirements.txt
Note: 📝 Streamlit should not be included in requirements.txt as it causes the Streamlit deployment process to fail.
- Run the Streamlit app:
streamlit run main.py
-
Open the app in your web browser using the provided URL.
-
Enter your OpenAI API key in the sidebar.
-
Provide the application details and select the appropriate options.
-
Navigate to the Threat Model and/or Attack Tree section and click the "Generate..." button.
-
Review the generated threat model and/or attack tree and, if required, download a markdown copy of the output.
-
If you want to generate suggested mitigations for the identified threats, go to the "Mitigations" section and click the "Suggest Mitigations" button.
-
Review the suggested mitigations and, if required, download them as a Markdown file.
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.