What is an attack tree?

An attack tree is a diagram that displays the various ways an asset or system can be attacked, starting from a root goal and branching into specific sub-goals and actions.

Is there a programmatic way to build these trees?

Yes, this skill includes a Python-based 'AttackTreeBuilder' template to programmatically define, export to JSON, and analyze trees within your development environment.

How does this skill help with mitigation planning?

The skill allows you to tag specific attack steps with current mitigations and automatically identify 'unmitigated' leaf nodes that represent the highest priority security gaps.

Can I use this for complex multi-stage attacks?

Yes, the skill supports AND/OR logic gates to model scenarios where an attacker must successfully complete multiple prerequisites to achieve a final objective.

Attack Tree Construction & Analysis

Name: Attack Tree Construction & Analysis
Author: sla-te

bysla-te

0•

Security & Testing

Constructs systematic attack trees to visualize threat paths, identify security vulnerabilities, and prioritize defensive investments.

This skill provides a structured framework for security professionals and developers to map out complex attack scenarios using hierarchical trees. By defining attack goals, sub-goals, and specific leaf-level exploits, users can quantitatively analyze risk based on metrics like difficulty, cost, and detection probability. It includes Python-based templates for programmatic tree building, allowing for automated pathfinding of the easiest or stealthiest routes an attacker might take, ultimately helping teams identify unmitigated gaps and communicate security risks effectively to stakeholders.

Key Features

01Hierarchical visualization of multi-stage attack paths

02Support for AND/OR logic gates in threat modeling

03Quantitative risk scoring based on cost, skill, and time

04Programmatic pathfinding for easiest and stealthiest attack routes

05Gap analysis to identify leaf-node attacks lacking mitigations

060 GitHub stars

Use Cases

01Planning and scoping penetration tests by mapping target surfaces

02Prioritizing defensive roadmap investments based on aggregate risk scores

03Security architecture reviews for cloud-native or enterprise systems

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add sla-te/copilot-converter attack-tree-construction

For use in Claude.ai and ChatGPT

Download Skill