A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
☆19Mar 13, 2024Updated 2 years ago
Alternatives and similar repositories for awesome-threat-modelling
Users that are interested in awesome-threat-modelling are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A colour-coded radar chart to keep track of technologies in use, whether they are being evaluated, adopted or phased out.☆14Apr 20, 2026Updated 2 months ago
- AWS X-Ray for Covert Command & Control☆50Oct 13, 2025Updated 8 months ago
- Repository for Endpoint Security Testing☆35Jul 26, 2018Updated 7 years ago
- A Pythonic framework for threat modeling☆1,139Updated this week
- Example of using Gauge and OWASP ZAP for test automation☆11Jan 9, 2020Updated 6 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Several Python scripts used to fuzz and exploit SLmail. These are meant to supplement the Kali Linux Hands-on Pentesting Udemy course.☆16Dec 24, 2018Updated 7 years ago
- ☆13Mar 15, 2021Updated 5 years ago
- A tool for analyzing the attack surface of an application☆19Mar 5, 2025Updated last year
- Integrated tool for extracting scripts and binaries of AutoIt, AutoHotKey, InnoSetup, NSIS executables and Decoding powershell / jse / vb…☆15Dec 10, 2018Updated 7 years ago
- Checklist intended to be used as a baseline for assessing, designing, and testing the security of a MAM (Application Wrapping) solution☆20Sep 2, 2015Updated 10 years ago
- Easy Cucumber JVM DSL tests.☆13May 6, 2026Updated 2 months ago
- for Windows Malware Analysis☆17May 14, 2020Updated 6 years ago
- ☆14Apr 14, 2019Updated 7 years ago
- Outputs vs. outcomes: what's the different and why does it matter?☆16Apr 14, 2025Updated last year
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- Script to mass deauthenticate multiple wireless clients.☆12Jan 1, 2017Updated 9 years ago
- This repository is for public files shared by the Microsoft Information Protection Team☆25Jan 6, 2021Updated 5 years ago
- scan s3 buckets for security issues☆86Aug 7, 2024Updated last year
- Terraform module providing a secure baseline for AWS☆18Jun 17, 2025Updated last year
- ☆26Sep 1, 2017Updated 8 years ago
- Using AWS for GitHub Actions and various security features available through AWS Container Services like Amazon ECS, AWS Fargate, and Ama…☆17Mar 15, 2021Updated 5 years ago
- MITRE Shield website☆19Oct 20, 2021Updated 4 years ago
- scala implementation of RFC 6238; Supports base32 & hex.☆29Jul 9, 2017Updated 9 years ago
- Consolidated demo and source links from Bryant Zadegan and Ryan Lester's Black Hat / DEF CON talk "Abusing Bleeding Edge Web Standards fo…☆11Aug 19, 2017Updated 8 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- ☆10Nov 30, 2020Updated 5 years ago
- Gram is Klarna's own threat model diagramming tool☆334Jun 30, 2026Updated last week
- Musings from the brainpan.☆10Jan 8, 2019Updated 7 years ago
- Custom Fortify SCA rules to detect common JSSE certification validation flaws☆11Nov 18, 2015Updated 10 years ago
- Crashbench is a LLM benchmark to measure bug-finding and reporting capabilities of LLMs☆14Mar 8, 2026Updated 4 months ago
- CTFd Challenge Type which decreases its value after every solve☆18Feb 1, 2019Updated 7 years ago
- #YOLO motherfuckers!☆22Jan 16, 2018Updated 8 years ago
- Miscellaneous parsing scripts for penetration testing