What are the prerequisites for running an attack simulation?

This skill requires outputs from PASTA Stage 5 (vulnerability inventory) and ideally context from Stages 1-4, including business assets, entry points, and threat catalogs.

Can this skill identify specific detection gaps?

Yes, it assesses whether specific exploit chains would be logged, if alerts would fire, and if existing controls like WAFs or IDS would effectively block the attack.

How does the DREAD scoring system work in this skill?

It evaluates five factors—Damage, Reproducibility, Exploitability, Affected Users, and Discoverability—on a scale of 1 to 10 to calculate a weighted risk score for each attack scenario.

What is PASTA Stage 6?

Stage 6 of the PASTA framework focuses on Attack Simulation, where identified threats and vulnerabilities are combined to model realistic exploit paths and validate security controls.

PASTA Attack Simulator

Name: PASTA Attack Simulator
Author: florianbuetow

byflorianbuetow

•

보안 및 테스팅

Simulates realistic exploit chains and scores vulnerability exploitability using the PASTA threat modeling framework.

The PASTA Attack Simulator skill automates Stage 6 of the Process for Attack Simulation and Threat Analysis (PASTA) methodology, enabling developers and security teams to model complex exploit chains within Claude Code. By combining identified threats with known vulnerabilities, it constructs detailed attack trees, calculates DREAD scores, and identifies critical detection gaps in existing security controls. This skill is essential for performing red team simulations and prioritizing remediation efforts based on the actual feasibility and business impact of potential multi-stage attacks.

주요 기능

01Configurable analysis depths ranging from quick summaries to expert-level red team narratives

02Multi-step exploit chain construction and attack tree visualization

03Security control bypass assessment for WAF, IDS, and rate-limiting effectiveness

04Detection gap analysis to identify blind spots in logging and alerting systems

05Comprehensive DREAD scoring (Damage, Reproducibility, Exploitability, Affected Users, Discoverability)

066 GitHub stars

사용 사례

01Simulating red team attack scenarios to validate defensive postures and security controls

02Conducting detection gap analysis to improve security monitoring and incident response capabilities

03Prioritizing security patches based on multi-stage exploitability and business-critical asset impact

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add florianbuetow/claude-code pasta-attack-sim

For use in Claude.ai and ChatGPT

Download Skill