creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-14 23:14:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills

Browse Source 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
This commit is contained in:
mukul975
2026-03-10 21:02:12 +01:00
parent c74d52fa30
commit 27c6414ca5
1390 changed files with 106806 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/detecting-mobile-malware-behavior/references/api-reference.md
+71
View File
@@ -0,0 +1,71 @@
# API Reference: Detecting Mobile Malware Behavior
## Android Dangerous Permissions
| Permission | Risk | Abuse Scenario |
|------------|------|---------------|
| SEND_SMS | HIGH | Premium rate SMS fraud |
| READ_SMS | HIGH | OTP/2FA theft |
| BIND_ACCESSIBILITY_SERVICE | CRITICAL | Screen scraping, keylogging |
| BIND_DEVICE_ADMIN | CRITICAL | Device lockout, ransomware |
| INSTALL_PACKAGES | CRITICAL | Dropper functionality |
| SYSTEM_ALERT_WINDOW | HIGH | Overlay phishing attacks |
## Android Analysis Tools
```bash
# Extract permissions from APK
aapt dump permissions app.apk
# Decompile APK
apktool d app.apk -o output_dir/
# Decompile to Java source
jadx app.apk -d java_output/
# Run MobSF scan
docker run -p 8000:8000 opensecurity/mobile-security-framework-mobsf
```
## Suspicious API Patterns
```python
# Dynamic code loading
r"DexClassLoader|PathClassLoader"
# Shell execution
r"Runtime\.exec|ProcessBuilder"
# Device fingerprinting
r"TelephonyManager\.getDeviceId"
```
## MobSF REST API
```python
import requests
# Upload APK
resp = requests.post("http://localhost:8000/api/v1/upload",
files={"file": open("app.apk", "rb")},
headers={"Authorization": API_KEY})
# Get scan results
resp = requests.post("http://localhost:8000/api/v1/scan",
data={"hash": file_hash},
headers={"Authorization": API_KEY})
```
## Android Broadcast Receivers (Persistence)
| Action | Malware Use |
|--------|-------------|
| BOOT_COMPLETED | Auto-start on reboot |
| SMS_RECEIVED | SMS interception |
| PHONE_STATE | Call monitoring |
| CONNECTIVITY_CHANGE | Network-triggered C2 |
## CLI Usage
```bash
python agent.py --apk suspicious.apk
python agent.py --source-dir jadx_output/
python agent.py --apk app.apk --source-dir decompiled/
```