Skip to main content

Welcome to AegisShield

AegisShield is an enterprise-ready threat modeling tool designed to democratize the threat modeling process while meeting federal and enterprise compliance requirements. Leveraging GPT-4o and integrating with multiple threat intelligence sources, AegisShield provides comprehensive threat analysis with NIST SP 800-53 Rev. 5 compliance and FedRAMP readiness.

Quick Start

Get up and running with AegisShield in minutes

Installation

Install and configure AegisShield for your environment

7-Step Workflow

Learn the guided threat modeling process

API Reference

Explore the complete API documentation

Core Capabilities

AI-Powered Analysis

GPT-4o generates comprehensive STRIDE-based threat models tailored to your application

Threat Intelligence

Real-time integration with MITRE ATT&CK, NVD, and AlienVault OTX

NIST Compliance

15 implemented NIST SP 800-53 Rev. 5 controls with FedRAMP readiness

Risk Assessment

DREAD methodology for threat prioritization and risk scoring

Attack Trees

Visual attack tree generation with Mermaid diagrams

Test Cases

Automated security test case generation in Gherkin format

Key Features

A guided workflow takes you from application description through technology selection, threat modeling, risk assessment, and PDF report generation. No prior threat modeling expertise required.
  • MITRE ATT&CK Framework: Direct integration with STIX repository for threat tactics and techniques
  • National Vulnerability Database (NVD): Real-time vulnerability scanning with CPE-based version tracking
  • AlienVault OTX: Industry-specific threat intelligence and indicators of compromise
Supports web, mobile, desktop, cloud, IoT, ICS/SCADA, and AI/ML systems across finance, healthcare, government, and technology industries with HIPAA, GDPR, SOC 2, and other regulatory framework alignment.
Machine-readable control mappings enable integration with GRC tools like ServiceNow and RSA Archer. Complete audit trails provide traceability for compliance assessments.

Technology Coverage

AegisShield provides specialized threat modeling for diverse application types:
  • Web Applications: React, Vue, Angular, Flask, Django, Rails, Express
  • Mobile Applications: iOS, Android, React Native, Flutter
  • Cloud Platforms: AWS, Azure, GCP, Kubernetes, Docker
  • Databases: PostgreSQL, MongoDB, MySQL, Redis, Elasticsearch
  • ICS/SCADA: Industrial control systems and critical infrastructure
  • AI/ML Systems: Machine learning models and AI applications

Compliance & Security

AegisShield implements 15 NIST SP 800-53 Rev. 5 security controls across 6 control families, making it suitable for federal and enterprise environments requiring compliance with cybersecurity frameworks.
Implemented Control Families:
  • Access Control (AC)
  • Identification and Authentication (IA)
  • System and Communications Protection (SC)
  • System and Information Integrity (SI)
  • Audit and Accountability (AU)
  • Risk Assessment (RA)

Get Started

1

Install Dependencies

Install Python 3.12 and required packages
pip install -r requirements.txt
2

Configure API Keys

Set up your OpenAI, NVD, and AlienVault API keys
local_config.py
default_nvd_api_key="YOUR_NVD_KEY"
default_openai_api_key="YOUR_OPENAI_KEY"
default_alienvault_api_key="YOUR_ALIENVAULT_KEY"
3

Launch Application

Start the Streamlit interface
streamlit run main.py

Ready to start?

Follow the quickstart guide to create your first threat model

License & Acknowledgements

AegisShield is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0). Portions of code adapted from stride-gpt under MIT license.
This project is not affiliated with or endorsed by MITRE, AlienVault, NIST, or any other organization mentioned. All trademarks are property of their respective owners.

Build docs developers (and LLMs) love

Get started for freeTalk to us