1. 8

I saw this article today, and it reminded me of a project I’m working on to make documentation generation less of a manual effort, especially structural diagrams.

How often do you use PlantUML or similar tools, starting from Graphviz up?

    1. 1

      Neat, thank you for posting this.

      …and to answer your question: rarely, but I actually have a task at hand where I might turn to it.

    2. 1

      I use them quite often:

      • threat modeling: data flows, logical/physical connections, attacker path (“kill chain”)
      • program analysis: CFGs, data flow, symbolic execution (graph path & constraints)
      • documentation: laying out the states &c of a program, logical connection points, &c.
      • pentesting: similar to the threat model, I’ve definitely used them to document the attack path/kill chain (credential stuffing -> unpatched terminal server -> Mimikatz -> privesc -> DA).

      I don’t use UML as much, but I know PyTM, a threat modeling framework, uses it (and PlantUML specifically) quite extensively. I like graphviz and DOT because they’re pretty simple to parse and generate, but I have been tempted a few times given how clean the images that PlantUML generates…