简体中文  |  繁體中文  |  English

---

ThreatGraph-CLI

轻量级网络安全威胁图谱分析引擎 · Lightweight Cybersecurity Threat Graph Analysis Engine

图：ThreatGraph-CLI Web 可视化界面 — D3.js 力导向图（暗色主题）

---

目录

• 简体中文
  • 项目介绍
  • 核心特性
  • 快速开始
  • 详细使用指南
  • 设计思路与迭代规划
  • 打包与部署指南
  • 贡献指南
  • 开源协议
• 繁體中文
• English

---

简体中文

🎉 项目介绍

它是什么？

ThreatGraph-CLI 是一款面向安全研究人员和蓝队分析师的轻量级命令行威胁图谱分析引擎。它将离散的安全指标（IOC）——IP 地址、域名、URL、邮箱、文件哈希、恶意软件家族、CVE 漏洞编号——转化为一张可交互、可查询、可分析的关系图谱，帮助你在终端中快速完成威胁关联、攻击溯源和态势感知。

解决什么痛点？

在日常安全运营中，我们经常面临这些困境：

• 数据孤岛：威胁情报散落在 CSV、JSON、STIX 等不同格式的文件中，难以统一关联
• 工具臃肿：主流威胁情报平台动辄需要部署 Elastic Stack 或 Neo4j，对轻量级应急响应来说太重了
• 可视化门槛高：想快速画一张攻击关系图，却要打开 Gephi 或 Maltego，配置繁琐
• 分析流程断裂：导入、分析、可视化、导出往往需要切换多个工具，效率低下

ThreatGraph-CLI 正是为了解决这些问题而诞生的。

核心价值

• 零依赖核心：纯 Python 实现，pip install 后即可使用，无需安装数据库或图引擎
• 多格式通吃：CSV、JSON、YAML、IOC 文本、STIX 一键导入，自动识别与映射
• 图算法内置：最短路径、中心性分析、社区检测等算法开箱即用
• 一键可视化：内置 D3.js 力导向图 Web 界面，threatgraph serve 即可启动
• 灵活导出：JSON、CSV、SVG、Mermaid、HTML 交互式报告，适配各种汇报场景

差异化亮点

特性	ThreatGraph-CLI	Neo4j + Bloom	Maltego	Gephi
零外部依赖	✅	❌	❌	❌
命令行原生	✅	❌	❌	❌
多格式自动解析	✅	⚠️	⚠️	❌
内置图算法	✅	✅	⚠️	✅
Web 可视化	✅	✅	✅	❌
单文件部署	✅	❌	❌	❌
开源免费	✅	⚠️	❌	✅

灵感来源

ThreatGraph-CLI 的设计灵感来自：

• MITRE ATT&CK 框架的攻击链建模思想
• Graph Theory 在社交网络分析中的成熟应用
• Unix 哲学——做好一件事，通过管道组合完成复杂任务
• 安全社区对"轻量级、可离线运行"安全工具的迫切需求

---

✨ 核心特性

🧠 图数据引擎

• 多类型节点：支持 IP、域名、URL、邮箱、文件 Hash（MD5/SHA1/SHA256）、恶意软件家族、CVE 等节点类型
• 丰富关系类型：resolves_to、communicates_with、hosts_malware、exploits、associated_with 等多种有向边
• Dijkstra 最短路径：快速查找两个节点间的最短攻击路径
• 中心性分析：度中心性（Degree Centrality）和介数中心性（Betweenness Centrality），精准定位关键节点
• 社区检测：基于标签传播算法（Label Propagation）自动发现威胁聚类

📥 多格式智能解析

• CSV：自动识别列名并映射到节点/边类型，支持自定义列映射
• JSON：原生 JSON、JSON 列表、嵌套 JSON 三种格式全兼容
• YAML：结构化配置文件直接导入
• IOC 文本提取：通过正则表达式从任意文本中提取 IP、域名、URL、Hash 等 IOC
• STIX 格式：支持 STIX 2.x 格式的威胁情报导入

🔍 威胁分析能力

• 多因子风险评分：综合考虑节点类型、连接数、中心性指标、社区规模等因素，计算综合风险分
• 关键节点识别：自动发现图谱中的枢纽节点和桥梁节点
• 关联分析：发现隐藏在数据背后的实体关联关系
• 聚类检测：基于图结构自动识别威胁团伙和攻击组织
• 时间线分析：按时间维度追踪威胁演化过程
• 攻击路径查找：从任意起点到终点的最短攻击路径还原

📤 多格式导出

• JSON：结构化数据导出，便于下游工具集成
• CSV：表格化导出，适配 Excel 和 BI 工具
• SVG：矢量图导出，适合报告和演示文稿
• Mermaid：Markdown 友好的流程图语法，可直接嵌入文档
• HTML 交互式报告：内嵌 D3.js 的独立 HTML 文件，无需服务器即可浏览

⌨️ 强大的 CLI 命令

命令	功能
import	导入威胁数据（支持 CSV/JSON/YAML/IOC/STIX）
analyze	执行图分析（风险评分/中心性/社区检测/路径查找）
export	导出图谱数据（JSON/CSV/SVG/Mermaid/HTML）
template	使用预置分析模板（钓鱼/恶意软件/APT）
stats	查看图谱统计信息
serve	启动 Web 可视化服务
query	交互式图查询

🌐 Web 可视化

• Flask REST API：完整的后端接口，支持图谱 CRUD 和分析操作
• D3.js 力导向图：物理模拟的节点布局，直观展示关系网络
• 暗色主题：护眼设计，适合长时间分析工作
• 节点着色：按节点类型（IP/域名/恶意软件等）自动着色
• 交互操作：支持拖拽节点、缩放画布、搜索定位、点击查看详情

📋 预置分析模板

• 钓鱼攻击分析：一键导入钓鱼邮件相关 IOC，自动构建攻击链
• 恶意软件溯源：从文件 Hash 出发，追踪恶意软件的传播路径
• APT 调查模板：针对高级持续性威胁的标准化分析流程

💾 持久化存储

• 图谱数据自动持久化到 ~/.threatgraph/graph.json
• 跨会话保留分析结果，无需重复导入

---

🚀 快速开始

环境要求

• Python 3.8 或更高版本
• 操作系统：Linux / macOS / Windows
• 可选依赖：
  • flask — Web 可视化模式（pip install flask）
  • networkx — 增强图算法（pip install networkx）
  • pyyaml — YAML 格式支持（pip install pyyaml）

安装

# 从 GitHub 克隆项目
git clone https://github.com/gitstq/ThreatGraph-CLI.git
cd ThreatGraph-CLI

# 安装核心（零外部依赖）
pip install .

# 或者，安装全部可选依赖
pip install ".[web,enhanced,yaml]"

三步上手

# 1️⃣ 导入威胁数据
threatgraph import --format csv --file ioc_data.csv

# 2️⃣ 执行分析
threatgraph analyze --method risk-score

# 3️⃣ 启动 Web 可视化
threatgraph serve --port 8080

打开浏览器访问 http://localhost:8080，即可看到交互式威胁图谱！

图：三步快速上手 ThreatGraph-CLI

---

📖 详细使用指南

1. 数据导入 (import)

从 CSV 导入

# 自动识别列名映射
threatgraph import --format csv --file threat_data.csv

# 指定列映射
threatgraph import --format csv --file data.csv \
  --map "source_ip=src,dst_ip=target,relation=type"

CSV 文件示例：

source_ip,dst_ip,relation,timestamp
192.168.1.100,10.0.0.1,communicates_with,2024-01-15
10.0.0.1,evil.com,resolves_to,2024-01-15
evil.com,phishing-page,hosts_malware,2024-01-16

从 JSON 导入

# 原生 JSON 格式
threatgraph import --format json --file nodes.json

# JSON 列表格式
threatgraph import --format json --file ioc_list.json

JSON 文件示例：

{
  "nodes": [
    {"id": "192.168.1.100", "type": "ip", "labels": ["internal"]},
    {"id": "evil.com", "type": "domain", "labels": ["malicious"]}
  ],
  "edges": [
    {"source": "192.168.1.100", "target": "evil.com", "relation": "communicates_with"}
  ]
}

从 IOC 文本提取

# 从任意文本中提取 IOC
threatgraph import --format ioc --file report.txt

# 直接从标准输入提取
cat firewall.log | threatgraph import --format ioc --stdin

从 STIX 格式导入

threatgraph import --format stix --file threat_intelligence.stix2.json

从 YAML 导入

threatgraph import --format yaml --file config.yaml

2. 图分析 (analyze)

风险评分

# 对所有节点进行风险评分
threatgraph analyze --method risk-score

# 查看风险最高的 Top 10 节点
threatgraph analyze --method risk-score --top 10

# 指定评分权重
threatgraph analyze --method risk-score \
  --weights "degree=0.3,betweenness=0.3,community=0.2,type=0.2"

中心性分析

# 度中心性分析
threatgraph analyze --method degree-centrality

# 介数中心性分析
threatgraph analyze --method betweenness-centrality

社区检测

# 标签传播社区检测
threatgraph analyze --method community-detection

# 指定迭代次数
threatgraph analyze --method community-detection --iterations 100

最短路径

# 查找两个节点间的最短路径
threatgraph analyze --method shortest-path \
  --source "192.168.1.100" --target "evil.com"

攻击路径分析

# 从指定起点查找所有可达的恶意节点
threatgraph analyze --method attack-path \
  --source "192.168.1.100" --target-type malware

3. 数据导出 (export)

# 导出为 JSON
threatgraph export --format json --output result.json

# 导出为 CSV
threatgraph export --format csv --output result.csv

# 导出为 SVG 矢量图
threatgraph export --format svg --output graph.svg

# 导出为 Mermaid 语法
threatgraph export --format mermaid --output graph.mmd

# 导出为 HTML 交互式报告
threatgraph export --format html --output report.html

4. 预置模板 (template)

# 钓鱼攻击分析模板
threatgraph template phishing --ioc "suspicious-url.com" --ioc "attacker@evil.com"

# 恶意软件溯源模板
threatgraph template malware-trace --hash "a1b2c3d4e5f6..."

# APT 调查模板
threatgraph template apt-investigation --cve "CVE-2024-0001" --domain "c2-server.com"

5. 图谱统计 (stats)

# 查看基本统计
threatgraph stats

# 查看详细统计（含中心性指标）
threatgraph stats --detailed

输出示例：

╔══════════════════════════════════════════════════╗
║            ThreatGraph 统计概览                  ║
╠══════════════════════════════════════════════════╣
║  节点总数:  1,234                                ║
║  边总数:    3,456                                ║
║  节点类型:  IP(456) Domain(234) Hash(189) ...   ║
║  关系类型:  12 种                                ║
║  社区数量:  8                                    ║
║  存储路径:  ~/.threatgraph/graph.json            ║
╚══════════════════════════════════════════════════╝

6. Web 可视化 (serve)

# 启动 Web 服务（默认端口 5000）
threatgraph serve

# 指定端口和主机
threatgraph serve --host 0.0.0.0 --port 8080

# 启用调试模式
threatgraph serve --debug

图：ThreatGraph-CLI Web 可视化界面 — 暗色主题 D3.js 力导向图

7. 交互式查询 (query)

# 进入交互式查询模式
threatgraph query

# 在查询模式中：
# > find node 192.168.1.100
# > find edges from 192.168.1.100
# > shortest-path 192.168.1.100 evil.com
# > neighbors evil.com --depth 2
# > exit

---

💡 设计思路与迭代规划

设计理念

ThreatGraph-CLI 遵循以下设计原则：

1. Unix 哲学：每个命令做好一件事，通过管道和组合完成复杂分析
2. 渐进增强：核心功能零依赖，可选依赖按需安装
3. 数据驱动：所有分析基于图数据结构，确保算法的通用性和可扩展性
4. 安全分析师优先：命令行原生，适配安全团队的日常工作流

技术选型原因

技术选择	原因
纯 Python 核心	最大化可移植性，避免 C 扩展编译问题
Flask	轻量级 Web 框架，与项目"轻量"定位一致
D3.js	最成熟的 JavaScript 可视化库，力导向图效果出色
networkx（可选）	Python 生态中最成熟的图算法库
JSON 持久化	人类可读、易于调试、无需数据库依赖

架构概览

graph TB
    subgraph 输入层["📥 输入层"]
        CSV["CSV"]
        JSON_F["JSON"]
        YAML_F["YAML"]
        IOC["IOC 文本"]
        STIX["STIX"]
    end

    subgraph 核心层["🧠 核心层"]
        Parser["多格式解析器"]
        GraphEngine["图数据引擎"]
        Algorithms["图算法库"]
        Storage["持久化存储"]
    end

    subgraph 分析层["🔍 分析层"]
        RiskScore["风险评分"]
        Centrality["中心性分析"]
        Community["社区检测"]
        PathFinder["路径查找"]
        Timeline["时间线分析"]
    end

    subgraph 输出层["📤 输出层"]
        CLI["CLI 命令"]
        WebVis["Web 可视化"]
        Export["多格式导出"]
    end

    CSV --> Parser
    JSON_F --> Parser
    YAML_F --> Parser
    IOC --> Parser
    STIX --> Parser

    Parser --> GraphEngine
    GraphEngine --> Algorithms
    GraphEngine --> Storage

    GraphEngine --> RiskScore
    GraphEngine --> Centrality
    GraphEngine --> Community
    GraphEngine --> PathFinder
    GraphEngine --> Timeline

    RiskScore --> CLI
    Centrality --> CLI
    Community --> CLI
    PathFinder --> CLI
    Timeline --> CLI

    GraphEngine --> WebVis
    GraphEngine --> Export

Loading

后续规划

• v1.1：支持 GraphML 和 GEXF 格式导入/导出
• v1.2：集成 MITRE ATT&CK 矩阵自动映射
• v1.3：添加时间序列分析模块，支持威胁趋势预测
• v1.5：支持插件系统，允许用户自定义分析算法
• v2.0：引入多图谱关联分析，支持跨调查协作

---

📦 打包与部署指南

从源码安装

git clone https://github.com/gitstq/ThreatGraph-CLI.git
cd ThreatGraph-CLI
pip install .

使用 pip 直接安装

pip install threatgraph-cli

安装可选依赖

# Web 可视化支持
pip install threatgraph-cli[web]

# 增强算法支持
pip install threatgraph-cli[enhanced]

# 全部可选依赖
pip install threatgraph-cli[all]

Web 模式部署

# 生产环境建议使用 gunicorn
pip install gunicorn

# 启动服务
gunicorn -w 4 -b 0.0.0.0:8080 "threatgraph.web:create_app()"

# 或使用内置命令
threatgraph serve --host 0.0.0.0 --port 8080

Docker 部署（规划中）

# 构建镜像
docker build -t threatgraph-cli .

# 运行容器
docker run -d -p 8080:8080 -v ~/.threatgraph:/data threatgraph-cli

---

🤝 贡献指南

我们欢迎任何形式的贡献！无论是提交 Bug 报告、改进文档，还是贡献新功能。

提交 Pull Request

1. Fork 本仓库
2. 创建特性分支：git checkout -b feature/your-feature-name
3. 提交更改：git commit -m "feat: add your feature description"
4. 推送到远程：git push origin feature/your-feature-name
5. 提交 Pull Request

Commit 规范

请遵循 Conventional Commits 规范：

feat: 新功能
fix: Bug 修复
docs: 文档更新
style: 代码格式（不影响逻辑）
refactor: 重构
test: 测试相关
chore: 构建/工具链相关

Issue 规则

• 提交 Bug 前，请先搜索已有 Issue，避免重复
• Bug 报告请包含：复现步骤、期望行为、实际行为、环境信息
• 功能建议请描述使用场景和预期效果

---

📄 开源协议

本项目基于 MIT License 开源。

MIT License

Copyright (c) 2024 ThreatGraph-CLI Contributors

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

⭐ 如果这个项目对你有帮助，欢迎 Star 支持一下！⭐

---

繁體中文

🎉 專案介紹

它是什麼？

ThreatGraph-CLI 是一款專為安全研究人員與藍隊分析師打造的輕量級命令列威脅圖譜分析引擎。它將散落的威脅指標（IOC）——IP 位址、網域名稱、URL、電子郵箱、檔案雜湊、惡意軟體家族、CVE 漏洞編號——轉化為一張可互動、可查詢、可分析的關係圖譜，協助你在終端機中快速完成威脅關聯、攻擊溯源與態勢感知。

解決什麼痛點？

在日常安全營運中，我們經常面臨以下困境：

• 資料孤島：威脅情報散落在 CSV、JSON、STIX 等不同格式的檔案中，難以統一關聯
• 工具臃腫：主流威脅情報平台動輒需要部署 Elastic Stack 或 Neo4j，對輕量級應急回應來說太重了
• 視覺化門檻高：想快速畫一張攻擊關係圖，卻要打開 Gephi 或 Maltego，配置繁瑣
• 分析流程斷裂：匯入、分析、視覺化、匯出往往需要切換多個工具，效率低下

ThreatGraph-CLI 正是為了解決這些問題而誕生的。

核心價值

• 零依賴核心：純 Python 實作，pip install 後即可使用，無須安裝資料庫或圖引擎
• 多格式通吃：CSV、JSON、YAML、IOC 文字、STIX 一鍵匯入，自動識別與映射
• 圖演算法內建：最短路徑、中心性分析、社群偵測等演算法開箱即用
• 一鍵視覺化：內建 D3.js 力導向圖 Web 介面，threatgraph serve 即可啟動
• 靈活匯出：JSON、CSV、SVG、Mermaid、HTML 互動式報告，適配各種彙報場景

差異化亮點

特性	ThreatGraph-CLI	Neo4j + Bloom	Maltego	Gephi
零外部依賴	✅	❌	❌	❌
命令列原生	✅	❌	❌	❌
多格式自動解析	✅	⚠️	⚠️	❌
內建圖演算法	✅	✅	⚠️	✅
Web 視覺化	✅	✅	✅	❌
單檔案部署	✅	❌	❌	❌
開源免費	✅	⚠️	❌	✅

靈感來源

ThreatGraph-CLI 的設計靈感來自：

• MITRE ATT&CK 框架的攻擊鏈建模思想
• Graph Theory 在社交網路分析中的成熟應用
• Unix 哲學——做好一件事，透過管道組合完成複雜任務
• 安全社群對「輕量級、可離線運行」安全工具的迫切需求

---

✨ 核心特性

🧠 圖資料引擎

• 多類型節點：支援 IP、網域名稱、URL、電子郵箱、檔案 Hash（MD5/SHA1/SHA256）、惡意軟體家族、CVE 等節點類型
• 豐富關係類型：resolves_to、communicates_with、hosts_malware、exploits、associated_with 等多種有向邊
• Dijkstra 最短路徑：快速查找兩個節點間的最短攻擊路徑
• 中心性分析：度中心性（Degree Centrality）與介數中心性（Betweenness Centrality），精準定位關鍵節點
• 社群偵測：基於標籤傳播演算法（Label Propagation）自動發現威脅聚類

📥 多格式智慧解析

• CSV：自動識別欄位名稱並映射到節點/邊類型，支援自訂欄位映射
• JSON：原生 JSON、JSON 列表、巢狀 JSON 三種格式全相容
• YAML：結構化設定檔直接匯入
• IOC 文字提取：透過正則表示式從任意文字中提取 IP、網域名稱、URL、Hash 等 IOC
• STIX 格式：支援 STIX 2.x 格式的威脅情報匯入

🔍 威脅分析能力

• 多因子風險評分：綜合考慮節點類型、連接數、中心性指標、社群規模等因素，計算綜合風險分
• 關鍵節點識別：自動發現圖譜中的樞紐節點與橋樑節點
• 關聯分析：發現隱藏在資料背後的實體關聯關係
• 聚類偵測：基於圖結構自動識別威脅團夥與攻擊組織
• 時間線分析：按時間維度追蹤威脅演化過程
• 攻擊路徑查找：從任意起點到終點的最短攻擊路徑還原

📤 多格式匯出

• JSON：結構化資料匯出，便於下游工具整合
• CSV：表格化匯出，適配 Excel 與 BI 工具
• SVG：向量圖匯出，適合報告與簡報文稿
• Mermaid：Markdown 友善的流程圖語法，可直接嵌入文件
• HTML 互動式報告：內嵌 D3.js 的獨立 HTML 檔案，無須伺服器即可瀏覽

⌨️ 強大的 CLI 命令

命令	功能
import	匯入威脅資料（支援 CSV/JSON/YAML/IOC/STIX）
analyze	執行圖分析（風險評分/中心性/社群偵測/路徑查找）
export	匯出圖譜資料（JSON/CSV/SVG/Mermaid/HTML）
template	使用預置分析模板（釣魚/惡意軟體/APT）
stats	查看圖譜統計資訊
serve	啟動 Web 視覺化服務
query	互動式圖查詢

🌐 Web 視覺化

• Flask REST API：完整的後端介面，支援圖譜 CRUD 與分析操作
• D3.js 力導向圖：物理模擬的節點佈局，直觀展示關係網路
• 暗色主題：護眼設計，適合長時間分析工作
• 節點著色：按節點類型（IP/網域名稱/惡意軟體等）自動著色
• 互動操作：支援拖曳節點、縮放畫布、搜尋定位、點擊查看詳情

📋 預置分析模板

• 釣魚攻擊分析：一鍵匯入釣魚郵件相關 IOC，自動建構攻擊鏈
• 惡意軟體溯源：從檔案 Hash 出發，追蹤惡意軟體的傳播路徑
• APT 調查模板：針對高階持續性威脅的標準化分析流程

💾 持久化儲存

• 圖譜資料自動持久化至 ~/.threatgraph/graph.json
• 跨會話保留分析結果，無須重複匯入

---

🚀 快速開始

環境需求

• Python 3.8 或更高版本
• 作業系統：Linux / macOS / Windows
• 可選依賴：
  • flask — Web 視覺化模式（pip install flask）
  • networkx — 增強圖演算法（pip install networkx）
  • pyyaml — YAML 格式支援（pip install pyyaml）

安裝

# 從 GitHub 複製專案
git clone https://github.com/gitstq/ThreatGraph-CLI.git
cd ThreatGraph-CLI

# 安裝核心（零外部依賴）
pip install .

# 或者，安裝全部可選依賴
pip install ".[web,enhanced,yaml]"

三步上手

# 1️⃣ 匯入威脅資料
threatgraph import --format csv --file ioc_data.csv

# 2️⃣ 執行分析
threatgraph analyze --method risk-score

# 3️⃣ 啟動 Web 視覺化
threatgraph serve --port 8080

打開瀏覽器造訪 http://localhost:8080，即可看到互動式威脅圖譜！

圖：三步快速上手 ThreatGraph-CLI

---

📖 詳細使用指南

1. 資料匯入 (import)

從 CSV 匯入

# 自動識別欄位名稱映射
threatgraph import --format csv --file threat_data.csv

# 指定欄位映射
threatgraph import --format csv --file data.csv \
  --map "source_ip=src,dst_ip=target,relation=type"

CSV 檔案範例：

source_ip,dst_ip,relation,timestamp
192.168.1.100,10.0.0.1,communicates_with,2024-01-15
10.0.0.1,evil.com,resolves_to,2024-01-15
evil.com,phishing-page,hosts_malware,2024-01-16

從 JSON 匯入

# 原生 JSON 格式
threatgraph import --format json --file nodes.json

# JSON 列表格式
threatgraph import --format json --file ioc_list.json

JSON 檔案範例：

{
  "nodes": [
    {"id": "192.168.1.100", "type": "ip", "labels": ["internal"]},
    {"id": "evil.com", "type": "domain", "labels": ["malicious"]}
  ],
  "edges": [
    {"source": "192.168.1.100", "target": "evil.com", "relation": "communicates_with"}
  ]
}

從 IOC 文字提取

# 從任意文字中提取 IOC
threatgraph import --format ioc --file report.txt

# 直接從標準輸入提取
cat firewall.log | threatgraph import --format ioc --stdin

從 STIX 格式匯入

threatgraph import --format stix --file threat_intelligence.stix2.json

從 YAML 匯入

threatgraph import --format yaml --file config.yaml

2. 圖分析 (analyze)

風險評分

# 對所有節點進行風險評分
threatgraph analyze --method risk-score

# 查看風險最高的 Top 10 節點
threatgraph analyze --method risk-score --top 10

# 指定評分權重
threatgraph analyze --method risk-score \
  --weights "degree=0.3,betweenness=0.3,community=0.2,type=0.2"

中心性分析

# 度中心性分析
threatgraph analyze --method degree-centrality

# 介數中心性分析
threatgraph analyze --method betweenness-centrality

社群偵測

# 標籤傳播社群偵測
threatgraph analyze --method community-detection

# 指定迭代次數
threatgraph analyze --method community-detection --iterations 100

最短路徑

# 查找兩個節點間的最短路徑
threatgraph analyze --method shortest-path \
  --source "192.168.1.100" --target "evil.com"

攻擊路徑分析

# 從指定起點查找所有可達的惡意節點
threatgraph analyze --method attack-path \
  --source "192.168.1.100" --target-type malware

3. 資料匯出 (export)

# 匯出為 JSON
threatgraph export --format json --output result.json

# 匯出為 CSV
threatgraph export --format csv --output result.csv

# 匯出為 SVG 向量圖
threatgraph export --format svg --output graph.svg

# 匯出為 Mermaid 語法
threatgraph export --format mermaid --output graph.mmd

# 匯出為 HTML 互動式報告
threatgraph export --format html --output report.html

4. 預置模板 (template)

# 釣魚攻擊分析模板
threatgraph template phishing --ioc "suspicious-url.com" --ioc "attacker@evil.com"

# 惡意軟體溯源模板
threatgraph template malware-trace --hash "a1b2c3d4e5f6..."

# APT 調查模板
threatgraph template apt-investigation --cve "CVE-2024-0001" --domain "c2-server.com"

5. 圖譜統計 (stats)

# 查看基本統計
threatgraph stats

# 查看詳細統計（含中心性指標）
threatgraph stats --detailed

輸出範例：

╔══════════════════════════════════════════════════╗
║            ThreatGraph 統計概覽                  ║
╠══════════════════════════════════════════════════╣
║  節點總數:  1,234                                ║
║  邊總數:    3,456                                ║
║  節點類型:  IP(456) Domain(234) Hash(189) ...   ║
║  關係類型:  12 種                                ║
║  社群數量:  8                                    ║
║  儲存路徑:  ~/.threatgraph/graph.json            ║
╚══════════════════════════════════════════════════╝

6. Web 視覺化 (serve)

# 啟動 Web 服務（預設連接埠 5000）
threatgraph serve

# 指定連接埠與主機
threatgraph serve --host 0.0.0.0 --port 8080

# 啟用除錯模式
threatgraph serve --debug

圖：ThreatGraph-CLI Web 視覺化介面 — 暗色主題 D3.js 力導向圖

7. 互動式查詢 (query)

# 進入互動式查詢模式
threatgraph query

# 在查詢模式中：
# > find node 192.168.1.100
# > find edges from 192.168.1.100
# > shortest-path 192.168.1.100 evil.com
# > neighbors evil.com --depth 2
# > exit

---

💡 設計思路與迭代規劃

設計理念

ThreatGraph-CLI 遵循以下設計原則：

1. Unix 哲學：每個命令做好一件事，透過管道與組合完成複雜分析
2. 漸進增強：核心功能零依賴，可選依賴按需安裝
3. 資料驅動：所有分析基於圖資料結構，確保演算法的通用性與可擴展性
4. 安全分析師優先：命令列原生，適配安全團隊的日常工作流

技術選型原因

技術選擇	原因
純 Python 核心	最大化可攜性，避免 C 擴充編譯問題
Flask	輕量級 Web 框架，與專案「輕量」定位一致
D3.js	最成熟的 JavaScript 視覺化函式庫，力導向圖效果出色
networkx（可選）	Python 生態中最成熟的圖演算法函式庫
JSON 持久化	人類可讀、易於除錯、無須資料庫依賴

架構概覽

graph TB
    subgraph 輸入層["📥 輸入層"]
        CSV["CSV"]
        JSON_F["JSON"]
        YAML_F["YAML"]
        IOC["IOC 文字"]
        STIX["STIX"]
    end

    subgraph 核心層["🧠 核心層"]
        Parser["多格式解析器"]
        GraphEngine["圖資料引擎"]
        Algorithms["圖演算法庫"]
        Storage["持久化儲存"]
    end

    subgraph 分析層["🔍 分析層"]
        RiskScore["風險評分"]
        Centrality["中心性分析"]
        Community["社群偵測"]
        PathFinder["路徑查找"]
        Timeline["時間線分析"]
    end

    subgraph 輸出層["📤 輸出層"]
        CLI["CLI 命令"]
        WebVis["Web 視覺化"]
        Export["多格式匯出"]
    end

    CSV --> Parser
    JSON_F --> Parser
    YAML_F --> Parser
    IOC --> Parser
    STIX --> Parser

    Parser --> GraphEngine
    GraphEngine --> Algorithms
    GraphEngine --> Storage

    GraphEngine --> RiskScore
    GraphEngine --> Centrality
    GraphEngine --> Community
    GraphEngine --> PathFinder
    GraphEngine --> Timeline

    RiskScore --> CLI
    Centrality --> CLI
    Community --> CLI
    PathFinder --> CLI
    Timeline --> CLI

    GraphEngine --> WebVis
    GraphEngine --> Export

Loading

後續規劃

• v1.1：支援 GraphML 與 GEXF 格式匯入/匯出
• v1.2：整合 MITRE ATT&CK 矩陣自動映射
• v1.3：新增時間序列分析模組，支援威脅趨勢預測
• v1.5：支援外掛系統，允許使用者自訂分析演算法
• v2.0：引入多圖譜關聯分析，支援跨調查協作

---

📦 打包與部署指南

從原始碼安裝

git clone https://github.com/gitstq/ThreatGraph-CLI.git
cd ThreatGraph-CLI
pip install .

使用 pip 直接安裝

pip install threatgraph-cli

安裝可選依賴

# Web 視覺化支援
pip install threatgraph-cli[web]

# 增強演算法支援
pip install threatgraph-cli[enhanced]

# 全部可選依賴
pip install threatgraph-cli[all]

Web 模式部署

# 生產環境建議使用 gunicorn
pip install gunicorn

# 啟動服務
gunicorn -w 4 -b 0.0.0.0:8080 "threatgraph.web:create_app()"

# 或使用內建命令
threatgraph serve --host 0.0.0.0 --port 8080

Docker 部署（規劃中）

# 建置映像
docker build -t threatgraph-cli .

# 執行容器
docker run -d -p 8080:8080 -v ~/.threatgraph:/data threatgraph-cli

---

🤝 貢獻指南

我們歡迎任何形式的貢獻！無論是提交 Bug 回報、改進文件，還是貢獻新功能。

提交 Pull Request

1. Fork 本倉庫
2. 建立特性分支：git checkout -b feature/your-feature-name
3. 提交變更：git commit -m "feat: add your feature description"
4. 推送到遠端：git push origin feature/your-feature-name
5. 提交 Pull Request

Commit 規範

請遵循 Conventional Commits 規範：

feat: 新功能
fix: Bug 修復
docs: 文件更新
style: 程式碼格式（不影響邏輯）
refactor: 重構
test: 測試相關
chore: 建置/工具鏈相關

Issue 規則

• 提交 Bug 前，請先搜尋已有 Issue，避免重複
• Bug 回報請包含：重現步驟、期望行為、實際行為、環境資訊
• 功能建議請描述使用場景與預期效果

---

📄 開源協議

本專案基於 MIT License 開源。

MIT License

Copyright (c) 2024 ThreatGraph-CLI Contributors

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

⭐ 如果這個專案對你有幫助，歡迎 Star 支持一下！⭐

---

English

🎉 About the Project

What is it?

ThreatGraph-CLI is a lightweight command-line threat graph analysis engine built for security researchers and blue team analysts. It transforms scattered Indicators of Compromise (IOCs) — IP addresses, domain names, URLs, email addresses, file hashes, malware families, CVE identifiers — into an interactive, queryable, and analyzable relationship graph, empowering you to perform threat correlation, attack attribution, and situational awareness right from your terminal.

What problems does it solve?

In day-to-day security operations, we frequently encounter these challenges:

• Data silos: Threat intelligence is scattered across CSV, JSON, STIX, and other formats, making unified correlation difficult
• Bloated toolchains: Mainstream threat intelligence platforms require deploying Elastic Stack or Neo4j — overkill for lightweight incident response
• High visualization barriers: Quickly sketching an attack relationship graph means firing up Gephi or Maltego with tedious configuration
• Fragmented workflows: Importing, analyzing, visualizing, and exporting often require switching between multiple tools, killing efficiency

ThreatGraph-CLI was born to solve exactly these problems.

Core Value Proposition

• Zero-dependency core: Pure Python implementation — just pip install and go, no database or graph engine required
• Universal format support: One-click import from CSV, JSON, YAML, IOC text, and STIX with automatic recognition and mapping
• Built-in graph algorithms: Shortest path, centrality analysis, community detection — all ready out of the box
• One-command visualization: Built-in D3.js force-directed graph web UI — just run threatgraph serve
• Flexible export: JSON, CSV, SVG, Mermaid, and interactive HTML reports to fit any reporting scenario

What Sets Us Apart

Feature	ThreatGraph-CLI	Neo4j + Bloom	Maltego	Gephi
Zero external dependencies	✅	❌	❌	❌
CLI-native	✅	❌	❌	❌
Multi-format auto-parsing	✅	⚠️	⚠️	❌
Built-in graph algorithms	✅	✅	⚠️	✅
Web visualization	✅	✅	✅	❌
Single-file deployment	✅	❌	❌	❌
Free & open source	✅	⚠️	❌	✅

Inspiration

ThreatGraph-CLI draws design inspiration from:

• MITRE ATT&CK framework's attack chain modeling philosophy
• Graph Theory applications in social network analysis
• The Unix philosophy — do one thing well, compose complex tasks through pipelines
• The security community's urgent need for lightweight, offline-capable security tools

---

✨ Core Features

🧠 Graph Data Engine

• Multi-type nodes: Supports IP, domain, URL, email, file hash (MD5/SHA1/SHA256), malware family, CVE, and more
• Rich relationship types: resolves_to, communicates_with, hosts_malware, exploits, associated_with, and other directed edge types
• Dijkstra shortest path: Quickly find the shortest attack path between any two nodes
• Centrality analysis: Degree Centrality and Betweenness Centrality for pinpointing critical nodes
• Community detection: Automatic threat cluster discovery via Label Propagation algorithm

📥 Smart Multi-Format Parsing

• CSV: Auto-detects column names and maps them to node/edge types, with custom column mapping support
• JSON: Full compatibility with native JSON, JSON lists, and nested JSON formats
• YAML: Direct import of structured configuration files
• IOC text extraction: Regex-powered extraction of IPs, domains, URLs, and hashes from arbitrary text
• STIX format: Import from STIX 2.x threat intelligence feeds

🔍 Threat Analysis Capabilities

• Multi-factor risk scoring: Computes composite risk scores considering node type, connection count, centrality metrics, and community size
• Key node identification: Automatically discovers hub nodes and bridge nodes in the graph
• Correlation analysis: Uncovers hidden entity relationships buried in your data
• Cluster detection: Identifies threat groups and attack organizations based on graph topology
• Timeline analysis: Tracks threat evolution along the time dimension
• Attack path finding: Reconstructs the shortest attack path from any origin to destination

📤 Multi-Format Export

• JSON: Structured data export for downstream tool integration
• CSV: Tabular export compatible with Excel and BI tools
• SVG: Vector graphics export for reports and presentations
• Mermaid: Markdown-friendly diagram syntax — embed directly in docs
• HTML interactive report: Self-contained HTML with embedded D3.js — no server needed to view

⌨️ Powerful CLI Commands

Command	Function
import	Import threat data (CSV/JSON/YAML/IOC/STIX)
analyze	Run graph analysis (risk scoring/centrality/community detection/path finding)
export	Export graph data (JSON/CSV/SVG/Mermaid/HTML)
template	Use pre-built analysis templates (phishing/malware/APT)
stats	View graph statistics
serve	Launch web visualization service
query	Interactive graph querying

🌐 Web Visualization

• Flask REST API: Complete backend interface supporting graph CRUD and analysis operations
• D3.js force-directed graph: Physics-simulated node layout for intuitive network visualization
• Dark theme: Easy on the eyes during extended analysis sessions
• Node coloring: Automatic color-coding by node type (IP/domain/malware/etc.)
• Interactive controls: Drag nodes, zoom canvas, search and locate, click for details

📋 Pre-built Analysis Templates

• Phishing analysis: One-click import of phishing-related IOCs with automatic attack chain construction
• Malware tracing: Trace malware propagation paths starting from a file hash
• APT investigation template: Standardized analysis workflow for advanced persistent threats

💾 Persistent Storage

• Graph data is automatically persisted to ~/.threatgraph/graph.json
• Analysis results carry over across sessions — no need to re-import

---

🚀 Quick Start

Prerequisites

• Python 3.8 or later
• Operating System: Linux / macOS / Windows
• Optional dependencies:
  • flask — Web visualization mode (pip install flask)
  • networkx — Enhanced graph algorithms (pip install networkx)
  • pyyaml — YAML format support (pip install pyyaml)

Installation

# Clone from GitHub
git clone https://github.com/gitstq/ThreatGraph-CLI.git
cd ThreatGraph-CLI

# Install core (zero external dependencies)
pip install .

# Or install all optional dependencies
pip install ".[web,enhanced,yaml]"

Three Steps to Get Started

# 1️⃣ Import threat data
threatgraph import --format csv --file ioc_data.csv

# 2️⃣ Run analysis
threatgraph analyze --method risk-score

# 3️⃣ Launch web visualization
threatgraph serve --port 8080

Open your browser and navigate to http://localhost:8080 to see the interactive threat graph!

Fig: Three steps to get started with ThreatGraph-CLI

---

📖 Detailed Usage Guide

1. Data Import (import)

Import from CSV

# Auto-detect column name mapping
threatgraph import --format csv --file threat_data.csv

# Specify custom column mapping
threatgraph import --format csv --file data.csv \
  --map "source_ip=src,dst_ip=target,relation=type"

Example CSV file:

source_ip,dst_ip,relation,timestamp
192.168.1.100,10.0.0.1,communicates_with,2024-01-15
10.0.0.1,evil.com,resolves_to,2024-01-15
evil.com,phishing-page,hosts_malware,2024-01-16

Import from JSON

# Native JSON format
threatgraph import --format json --file nodes.json

# JSON list format
threatgraph import --format json --file ioc_list.json

Example JSON file:

{
  "nodes": [
    {"id": "192.168.1.100", "type": "ip", "labels": ["internal"]},
    {"id": "evil.com", "type": "domain", "labels": ["malicious"]}
  ],
  "edges": [
    {"source": "192.168.1.100", "target": "evil.com", "relation": "communicates_with"}
  ]
}

Extract from IOC Text

# Extract IOCs from arbitrary text
threatgraph import --format ioc --file report.txt

# Extract directly from stdin
cat firewall.log | threatgraph import --format ioc --stdin

Import from STIX Format

threatgraph import --format stix --file threat_intelligence.stix2.json

Import from YAML

threatgraph import --format yaml --file config.yaml

2. Graph Analysis (analyze)

Risk Scoring

# Score all nodes for risk
threatgraph analyze --method risk-score

# View top 10 highest-risk nodes
threatgraph analyze --method risk-score --top 10

# Specify custom scoring weights
threatgraph analyze --method risk-score \
  --weights "degree=0.3,betweenness=0.3,community=0.2,type=0.2"

Centrality Analysis

# Degree centrality analysis
threatgraph analyze --method degree-centrality

# Betweenness centrality analysis
threatgraph analyze --method betweenness-centrality

Community Detection

# Label propagation community detection
threatgraph analyze --method community-detection

# Specify iteration count
threatgraph analyze --method community-detection --iterations 100

Shortest Path

# Find the shortest path between two nodes
threatgraph analyze --method shortest-path \
  --source "192.168.1.100" --target "evil.com"

Attack Path Analysis

# Find all reachable malicious nodes from a given source
threatgraph analyze --method attack-path \
  --source "192.168.1.100" --target-type malware

3. Data Export (export)

# Export as JSON
threatgraph export --format json --output result.json

# Export as CSV
threatgraph export --format csv --output result.csv

# Export as SVG vector graphic
threatgraph export --format svg --output graph.svg

# Export as Mermaid syntax
threatgraph export --format mermaid --output graph.mmd

# Export as interactive HTML report
threatgraph export --format html --output report.html

4. Pre-built Templates (template)

# Phishing analysis template
threatgraph template phishing --ioc "suspicious-url.com" --ioc "attacker@evil.com"

# Malware tracing template
threatgraph template malware-trace --hash "a1b2c3d4e5f6..."

# APT investigation template
threatgraph template apt-investigation --cve "CVE-2024-0001" --domain "c2-server.com"

5. Graph Statistics (stats)

# View basic statistics
threatgraph stats

# View detailed statistics (including centrality metrics)
threatgraph stats --detailed

Example output:

╔══════════════════════════════════════════════════╗
║           ThreatGraph Statistics Overview        ║
╠══════════════════════════════════════════════════╣
║  Total Nodes:    1,234                           ║
║  Total Edges:    3,456                           ║
║  Node Types:     IP(456) Domain(234) Hash(189)  ║
║  Relation Types: 12                              ║
║  Communities:    8                               ║
║  Storage Path:   ~/.threatgraph/graph.json       ║
╚══════════════════════════════════════════════════╝

6. Web Visualization (serve)

# Launch web service (default port 5000)
threatgraph serve

# Specify port and host
threatgraph serve --host 0.0.0.0 --port 8080

# Enable debug mode
threatgraph serve --debug

Fig: ThreatGraph-CLI Web Visualization — Dark-themed D3.js force-directed graph

7. Interactive Query (query)

# Enter interactive query mode
threatgraph query

# Inside query mode:
# > find node 192.168.1.100
# > find edges from 192.168.1.100
# > shortest-path 192.168.1.100 evil.com
# > neighbors evil.com --depth 2
# > exit

---

💡 Design Philosophy & Roadmap

Design Principles

ThreatGraph-CLI follows these core design principles:

1. Unix philosophy: Each command does one thing well; compose complex analyses through pipelines
2. Progressive enhancement: Zero dependencies for core features; optional dependencies installed on demand
3. Data-driven: All analyses built on graph data structures, ensuring algorithmic generality and extensibility
4. Analyst-first: CLI-native design tailored to security teams' daily workflows

Technology Choices

Choice	Rationale
Pure Python core	Maximizes portability; avoids C extension compilation issues
Flask	Lightweight web framework aligned with the project's "lightweight" positioning
D3.js	The most mature JavaScript visualization library with excellent force-directed graph support
networkx (optional)	The most mature graph algorithm library in the Python ecosystem
JSON persistence	Human-readable, easy to debug, no database dependency

Architecture Overview

graph TB
    subgraph Input["📥 Input Layer"]
        CSV["CSV"]
        JSON_F["JSON"]
        YAML_F["YAML"]
        IOC["IOC Text"]
        STIX["STIX"]
    end

    subgraph Core["🧠 Core Layer"]
        Parser["Multi-format Parser"]
        GraphEngine["Graph Data Engine"]
        Algorithms["Algorithm Library"]
        Storage["Persistent Storage"]
    end

    subgraph Analysis["🔍 Analysis Layer"]
        RiskScore["Risk Scoring"]
        Centrality["Centrality Analysis"]
        Community["Community Detection"]
        PathFinder["Path Finding"]
        Timeline["Timeline Analysis"]
    end

    subgraph Output["📤 Output Layer"]
        CLI["CLI Commands"]
        WebVis["Web Visualization"]
        Export["Multi-format Export"]
    end

    CSV --> Parser
    JSON_F --> Parser
    YAML_F --> Parser
    IOC --> Parser
    STIX --> Parser

    Parser --> GraphEngine
    GraphEngine --> Algorithms
    GraphEngine --> Storage

    GraphEngine --> RiskScore
    GraphEngine --> Centrality
    GraphEngine --> Community
    GraphEngine --> PathFinder
    GraphEngine --> Timeline

    RiskScore --> CLI
    Centrality --> CLI
    Community --> CLI
    PathFinder --> CLI
    Timeline --> CLI

    GraphEngine --> WebVis
    GraphEngine --> Export

Loading

Roadmap

• v1.1: GraphML and GEXF format import/export support
• v1.2: MITRE ATT&CK matrix auto-mapping integration
• v1.3: Time series analysis module for threat trend prediction
• v1.5: Plugin system for user-defined analysis algorithms
• v2.0: Multi-graph correlation analysis with cross-investigation collaboration

---

📦 Packaging & Deployment Guide

Install from Source

git clone https://github.com/gitstq/ThreatGraph-CLI.git
cd ThreatGraph-CLI
pip install .

Install via pip

pip install threatgraph-cli

Install Optional Dependencies

# Web visualization support
pip install threatgraph-cli[web]

# Enhanced algorithm support
pip install threatgraph-cli[enhanced]

# All optional dependencies
pip install threatgraph-cli[all]

Web Mode Deployment

# For production, we recommend using gunicorn
pip install gunicorn

# Launch the service
gunicorn -w 4 -b 0.0.0.0:8080 "threatgraph.web:create_app()"

# Or use the built-in command
threatgraph serve --host 0.0.0.0 --port 8080

Docker Deployment (Planned)

# Build the image
docker build -t threatgraph-cli .

# Run the container
docker run -d -p 8080:8080 -v ~/.threatgraph:/data threatgraph-cli

---

🤝 Contributing

We welcome contributions of all kinds — whether it's filing a bug report, improving documentation, or contributing new features.

Submitting a Pull Request

1. Fork this repository
2. Create a feature branch: git checkout -b feature/your-feature-name
3. Commit your changes: git commit -m "feat: add your feature description"
4. Push to remote: git push origin feature/your-feature-name
5. Submit a Pull Request

Commit Convention

Please follow the Conventional Commits specification:

feat:     New feature
fix:      Bug fix
docs:     Documentation update
style:    Code formatting (no logic change)
refactor: Code refactoring
test:     Test-related changes
chore:    Build/tooling changes

Issue Guidelines

• Search existing issues before submitting a new bug report to avoid duplicates
• Bug reports must include: reproduction steps, expected behavior, actual behavior, and environment details
• Feature requests should describe the use case and expected outcome

---

📄 License

This project is licensed under the MIT License.

MIT License

Copyright (c) 2024 ThreatGraph-CLI Contributors

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

⭐ If you find this project helpful, please give it a Star! ⭐

---

Made with ❤️ by ThreatGraph-CLI Contributors