{"id":38680506,"url":"https://github.com/przemub/cysectool","last_synced_at":"2026-01-17T10:13:06.753Z","repository":{"id":40954606,"uuid":"177289342","full_name":"przemub/cysectool","owner":"przemub","description":"CySecTool is a tool that finds a cost-optimal security controls portfolio in a given budget for a probabilistic attack graph.","archived":false,"fork":false,"pushed_at":"2025-06-24T15:20:00.000Z","size":2037,"stargazers_count":5,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-09T16:45:45.339Z","etag":null,"topics":["optimization","security"],"latest_commit_sha":null,"homepage":"https://cysectool.prem.moe","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/przemub.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-03-23T13:00:18.000Z","updated_at":"2025-06-24T15:18:55.000Z","dependencies_parsed_at":"2024-06-07T00:44:25.677Z","dependency_job_id":"408ced7b-33c5-4b63-a8d7-a7a485092d45","html_url":"https://github.com/przemub/cysectool","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/przemub/cysectool","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/przemub%2Fcysectool","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/przemub%2Fcysectool/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/przemub%2Fcysectool/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/przemub%2Fcysectool/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/przemub","download_url":"https://codeload.github.com/przemub/cysectool/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/przemub%2Fcysectool/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28505833,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T06:57:29.758Z","status":"ssl_error","status_checked_at":"2026-01-17T06:56:03.931Z","response_time":85,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["optimization","security"],"created_at":"2026-01-17T10:13:06.666Z","updated_at":"2026-01-17T10:13:06.727Z","avatar_url":"https://github.com/przemub.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"## Public instances\n* https://cysectool.prem.moe (always up to date)\n* http://hegel.eecs.qmul.ac.uk:5006/visualiser\n\n## Research\nRead the paper here: https://arxiv.org/abs/2204.11707\n\nCySecTool is a tool that finds a cost-optimal security controls portfolio in a given budget for a probabilistic attack graph. A portfolio is a set of counter-measures, or controls, against vulnerabilities adopted for a computer system, while an attack graph is a type of a threat scenario model. In an attack graph, nodes are privilege states of the attacker, edges are vulnerabilities escalating privileges, and controls reduce the probabilities of some vulnerabilities being exploited. The tool builds on an optimisation algorithm published by Khouzani et al. (2019), enabling a user to quickly create, edit, and incrementally improve models, analyse results for given portfolios and display the best solutions for all possible budgets in the form of a Pareto frontier. A case study was performed utilising a system graph and suspected attack paths prepared by industrial security engineers based on an industrial source with which they work. The goal of the case study is to model a supervisory control and data acquisition (SCADA) industrial system which, due to having the potential to harm people, necessitates strong protection while not allowing the use of typical penetration tools like vulnerability scanners. Results are analysed to show how a cyber-security analyst would use CySecTool to store cyber-security intelligence and draw further conclusions. \n\n## Requirements\n* Python 3.7+\n* virtualenv \u0026 pip OR conda\n\n## virtualenv way\n### Setup\n```sh\ngit clone https://github.com/przemub/security-graph-visualiser\ncd security-graph-visualiser\nvirtualenv3 venv\nsource venv/bin/activate\npip install -r requirements.txt\n```\n\n### Run\n```sh\nsource venv/bin/activate\npython main.py\n```\n\n## conda way\n### Setup\n```sh\ngit clone https://github.com/przemub/security-graph-visualiser\ncd security-graph-visualiser\nconda env create -f environment.yml\n```\n\n### Run\n```sh\nconda activate visualiser-env\npython main.py\n```\n\n## Test\nOnce you have a working environment:\n```sh\npython -m unittest\n```\n\nFor testing the optimization routine, see `test/test_model.py`. The way to test a model is to subclass `TemplateTestCase` (when testing a built-in model) or `FixtureTestCase` (when testing an extra model used only for testing). In the first case, set `model_number` to the number of the model. In the latter, put the model in `doc/fixtures` folder and set `fixture_name` to the name of the model (without extension).\n\nAfterwards, take a look at `CustomAdjustmentTestCase` to see the parameters that can be tested and set them in your test case.\n\nFor testing the GUI, see `test/test_gui.py`. These tests are run using headless Firefox and Chromium browsers instrumented by Selenium framework. Refer to [Selenium with Python](https://selenium-python.readthedocs.io/) docs in order to learn how to use it.\n\n# Structure\n\n* main.py - Bokeh server runner\n* src - Python server-side source code\n    * visualiser.py - analyzer/visualiser application code\n        * drawing.py - graph drawing routines\n        * api.py - API routes\n    * data.py - attack graph data structures\n        * optimization.py - optimization routines\n    * edit.py - graph editor application code (see my_static/js/edit.js)\n* my_static/js - JavaScript client-side code\n    * edit.js - graph editor code\n    * main.js - some fix-ups to Bokeh\n    * callbacks.js - events handling\n* templates - HTML templates of the sites, written in [Jinja2](https://jinja.palletsprojects.com/en/2.10.x/)\n* tests - see [Test](#Test)\n* doc - all kinds of research output and analysis tools\n    * **doc/templates - graph templates used in the application** (probably should be moved)\n    * doc/fixtures - graph templates used for automated testing\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprzemub%2Fcysectool","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprzemub%2Fcysectool","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprzemub%2Fcysectool/lists"}