This paper presents an attack graph tool that can be used to estimate the cyber security of enterprise architectures. The principal current approach for this purpose uses attack graphs; applying formal reasoning and graphical modelling to present possible attack paths corresponding to a certain architecture. According to a recent survey there are more than 30 different types of attack graph approaches but there are still many important aspects that current approaches do not manage. P2CySeMoL includes theory on how attacks and defences relate quantitatively; users model their assets and how these are connected in order to enable calculations. It has been validated on both a component level and a system level using literature, domain experts, surveys, observations, experiments and case studies.