-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Matthew A. Davis edited this page May 8, 2026
·
2 revisions
AttackMap is an open source security analysis tool built to explain a codebase from an attacker's perspective.
The goal is not generic static analysis. The goal is to help answer:
- What is exposed?
- What can talk to what?
- Where are the trust boundaries?
- How could an attacker move through this system?
- What should be fixed first?
- MVP Roadmap
- Architecture
- Threat Modeling Approach
- Examples
- Contributing
- Generated Engineering Docs
- Maintainer Architecture Overview
- Maintainer Data Flow
- Maintainer Module Map
- Maintainer File Guide
- Analyzer Ecosystem
- Analyzer Contract
- Hint Taxonomy
- Test Strategy
- Behavior Guarantees
- Test Gaps
- Threat-Ops Positioning
- Defender Workflow
- Next Security Evolution
- Maintainer Extension Points
- Maintainer Known Design Debt
The current MVP work is organized around five issues:
- Framework-aware route detection
- Datastore and authentication signal detection
- Realistic example applications
- Findings prioritization
- Richer connected attack paths
- Prefer small, reviewable changes.
- Keep security language concrete.
- Favor attacker-path reasoning over generic code explanation.
- Validate behavior with tests and example apps.
attackmap .
attackmap examples/webhook-billing-demo
attackmap examples/flask-admin-demoMigrated from https://gitlab.com/matthewd.xyzAI/AttackMap/-/wikis/Home.