TTModeler - Thing Threat Modeler

📢 TTModeler will only receive bug fixes for now. An improved version is available here: TTModeler Pro

Threat Modeling for Internet of Things Devices

TTModeler is a free and open-source threat modeling tool specialized on IoT devices and is available as web and desktop application.

TTModeler has the following benefits:

• Web and desktop application
• Online project storage with versioning
• Offline storage (without versioning)
• Built-in but customizable threat and mitigation library
• Integration of CWE, CAPEC, and CVE
• Integration of best practice guidelines for software and processes
• Diagramming: data flow diagram, hardware diagram, context diagram, use case diagram
• Risk assessment (CVSS, OWASP Risk Rating)
• Threat and mitigation dashboard
• Out of box reports (Word, HTML)
• Excel and CSV export
• Support of multiple languages (English, German)
• Collaboration with other persons (online storage only)

Watch an introduction video on YouTube.

About TTModeler

The aim of TTModeler is to simplify threat modeling for IoT devices. Manufacturers of embedded devices should be able to access the security of their device without much prior security expertise.

The tool can be used without creating an account. The online version enables versioning and collaboration.

How to use the online verison of TTModeler

TTModeler utilizes GitHub as data storage. Your projects can be stored in private repositories and can be additionally password protected for advanced data protection.

You need to create a GitHub account or log in using your existing account.

Afterwards, follow these steps:

Step 1: Fork the data repository

Fork the data repository by clicking on Use this template. Choose a name (e.g. My-Private-TTM-Projects) and set the repository to private(!!!).

Step 2: Install the app

Install the ThingThreatModeler app (install button is only visible when you are logged in). Click on Install, select Only selected repositories, and select the repository that you created in the previous step. Click on Install & Authorize.

Step 3: Log in to TTModeler using GitHub

Go to the Login page and log in using your GitHub account.

Step 4: Explore the examples and start threat modelling

Create your own projects on the Home page. Happy threat modeling!

Create your own TTModeler

Clone this repository locally:

git clone https://github.com/SecSimon/TTM.git

Install dependencies with npm:

npm install
cd app/
npm install

Run the application

npm run ng:serve // serves web application (http://localhost:4200)
npm run electron:serve // serves desktop application
npm start // serves both desktop and web application

Build the desktop application

npm run electron:build // creates executable depending on your operating system