Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills

Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
2026-06-11 13:44:56 +03:00 · 2026-03-10 21:02:12 +01:00
parent c74d52fa30
commit 27c6414ca5
1390 changed files with 106806 additions and 0 deletions
@@ -0,0 +1,60 @@
+# API Reference: Active Directory Attack Simulation Agent
+
+## Dependencies
+
+| Library | Version | Purpose |
+|---------|---------|---------|
+| impacket | >=0.11.0 | Kerberos attacks, SMB interaction, DCSync |
+| ldap3 | >=2.9 | LDAP enumeration of users, groups, SPNs |
+
+## CLI Usage
+
+```bash
+python scripts/agent.py \
+  --dc-ip 10.10.10.1 \
+  --domain corp.local \
+  --username testuser \
+  --password 'P@ssw0rd' \
+  --output ad_report.json
+```
+
+## Functions
+
+### `ldap_enum_users(dc_ip, domain, username, password) -> list`
+Enumerates all domain user objects via LDAP. Returns list of dicts with `samaccountname`, `spns`, `no_preauth`, `admin_count`.
+
+### `find_kerberoastable(users) -> list`
+Filters user list for accounts with `servicePrincipalName` set (targets for Kerberoasting via `impacket-GetUserSPNs`).
+
+### `find_asrep_roastable(users) -> list`
+Filters for accounts with UAC flag `DONT_REQUIRE_PREAUTH` (0x400000) set.
+
+### `enum_groups(dc_ip, domain, username, password) -> dict`
+Queries LDAP for membership of Domain Admins, Enterprise Admins, Schema Admins, Backup Operators, Account Operators.
+
+### `check_smb_signing(target_ip) -> bool`
+Connects to SMB on port 445 and checks whether signing is required. Returns `False` when relay attacks are possible.
+
+### `generate_report(users, groups, dc_ip) -> dict`
+Aggregates findings into a JSON report with risk summary.
+
+## Output Schema
+
+```json
+{
+  "assessment_date": "ISO-8601",
+  "total_users": 500,
+  "kerberoastable_accounts": ["svc-sql", "svc-web"],
+  "asrep_roastable_accounts": ["old-account"],
+  "high_value_groups": {"Domain Admins": 5},
+  "dc_smb_signing_required": true,
+  "risk_summary": ["CRITICAL: 2 accounts are Kerberoastable"]
+}
+```
+
+## Key Impacket Modules
+
+- `impacket.krb5.kerberosv5`: TGT/TGS request functions
+- `impacket.smbconnection.SMBConnection`: SMB negotiation and signing check
+- `impacket.dcerpc.v5.samr`: SAM Remote Protocol for user/group enumeration
+- `ldap3.Connection.search()`: LDAP search with filter and attribute list