threatmodel-mcp

threatmodel-mcp

Enables AI-powered threat modeling with tools for creating threat models, analyzing security threats, generating security controls, and validating architecture against best practices.

Category
Visit Server

README

<i><b>ThreatModel-MCP</b></i>

Model Context Protocol server for AI-powered threat modeling.<br>

<samp>

<b>Demo</b></br>

Web Application Architecture

<b>Setup</b>

  1. <b>Install dependencies</b><br> <code>pip install -r requirements.txt</code>

  2. <b>Install Graphviz</b> (optional, for PNG diagrams)<br>

    • <b>Windows</b>: Download from https://graphviz.org/download/<br>
    • <b>Mac</b>: <code>brew install graphviz</code><br>
    • <b>Linux</b>: <code>sudo apt-get install graphviz</code>

  3. <b>Configure MCP client</b> (Claude Desktop, etc.)<br>

    {
  "mcpServers": {
    "threatmodel": {
      "command": "python",
      "args": ["/full/path/to/threatmodel_server.py"]
    }
  }
}

<b>Available Tools</b>

<code>create_threat_model</code>

Creates comprehensive threat models with components, boundaries, and data flows.

<b>Parameters:</b><br>

  • <code>system_name</code> - Name of the system<br>
  • <code>components</code> - Array of system components with types, boundaries, security controls<br>
  • <code>boundaries</code> - Trust boundaries with security levels (0-10)<br>
  • <code>dataflows</code> - Data flows between components with protocols and classifications<br>
  • <code>output_format</code> - "diagram", "pytm_code", "threats", or "full_analysis"<br>
  • <code>auto_save</code> - Auto-save files (default: true)<br>
  • <code>save_path</code> - Directory to save files (default: current directory)

<code>analyze_security_threats</code>

Performs deep security analysis using multiple frameworks.

<b>Parameters:</b><br>

  • <code>analysis_depth</code> - "basic", "standard", "comprehensive", or "paranoid"<br>
  • <code>threat_frameworks</code> - ["STRIDE", "MITRE_ATTACK", "OWASP", "NIST", "CIS"]<br>
  • <code>focus_areas</code> - Authentication, data protection, network security, etc.<br>
  • <code>compliance_frameworks</code> - ["SOC2", "ISO27001", "HIPAA", "PCI-DSS", "GDPR"]

<code>generate_security_controls</code>

Generates security control recommendations based on threats.

<b>Parameters:</b><br>

  • <code>threats</code> - Array of identified threats<br>
  • <code>risk_appetite</code> - "low", "medium", or "high"<br>
  • <code>technology_stack</code> - Current technologies (AWS, k8s, etc.)<br>
  • <code>prioritization_method</code> - "risk_based", "quick_wins", "compliance_driven"

<code>validate_architecture</code>

Validates architecture against security best practices.

<b>Parameters:</b><br>

  • <code>components</code> - System components to validate<br>
  • <code>validation_rules</code> - ["zero_trust", "encryption_in_transit", "api_gateway_pattern"]<br>
  • <code>architecture_patterns</code> - ["microservices", "serverless", "hybrid_cloud"]

<b>Component Types</b>

<b>Actors:</b> user, admin, service_account<br> <b>Services:</b> server, api_gateway, microservice, lambda, container<br> <b>Data:</b> database, cache, message_queue, file_storage<br> <b>Infrastructure:</b> load_balancer, firewall, external_service

<b>Protocols & Classifications</b>

<b>Protocols:</b> HTTPS, gRPC, WebSocket, SQL, Redis, S3 API<br> <b>Data Classifications:</b> PUBLIC → INTERNAL → CONFIDENTIAL → RESTRICTED → TOP_SECRET

<b>Auto-Save Features</b>

Generated files (with timestamps):<br>

  • <code>SystemName_threatmodel_YYYYMMDD_HHMMSS.png</code> - Diagram (when output_format="diagram")<br>
  • <code>SystemName_threatmodel_YYYYMMDD_HHMMSS.dot</code> - DOT source (always)<br>
  • <code>SystemName_threatmodel_YYYYMMDD_HHMMSS.py</code> - PyTM code (always)<br>
  • <code>SystemName_threatmodel_analysis_YYYYMMDD_HHMMSS.md</code> - Analysis report (when output_format="full_analysis")

<b>Example Usage</b>

<b>Example 1: Codebase Analysis</b>

<b>Prompt:</b><br> <code>"Create a high level threat diagram of current codebase"</code>

OpenAI Codex Architecture

<i>Example threat model diagram generated from a cloned <a href="https://github.com/openai/codex">OpenAI Codex</a> codebase, showing multi-layer security boundaries, component classifications, and encrypted data flows between services.</i>

<b>Example 2: Web Application Architecture</b>

<b>Prompt:</b><br> <code>"A web application where the user interacts with a web server, which in turn communicates with a database server. The web server and database server are outside the user's trust boundary. The user connects to the web application via a browser. The web server handles requests and responses, and the database server stores application data. The trust boundary is around the user only; both the web server and database server are outside this boundary"</code>

Web Application Architecture

<i>Example threat model showing user trust boundary with web and database servers in untrusted zone.</i>

<i> Refer to threat analysis report in assets/Web_Application_System_Threat_Analysis_Report.md </i>

<b>Troubleshooting</b>

<b>Graphviz issues:</b> Verify with <code>dot -V</code><br> <b>DOT syntax errors:</b> Component names automatically sanitized<br> <b>No Python:</b> Ensure Python in PATH

</samp>

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured