mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-16 04:35:18 +03:00
Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
This commit is contained in:
@@ -0,0 +1,21 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2025 Anthropic Agent Skills Contributors
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
@@ -0,0 +1,59 @@
|
||||
# API Reference: BGP Hijacking Assessment Agent
|
||||
|
||||
## Dependencies
|
||||
|
||||
| Library | Version | Purpose |
|
||||
|---------|---------|---------|
|
||||
| requests | >=2.28 | HTTP client for RIPEstat API queries |
|
||||
|
||||
## CLI Usage
|
||||
|
||||
```bash
|
||||
# Full ASN assessment
|
||||
python scripts/agent.py --asn 12345 --output bgp_report.json
|
||||
|
||||
# Check a specific prefix
|
||||
python scripts/agent.py --asn 12345 --prefix 203.0.113.0/24
|
||||
```
|
||||
|
||||
## Functions
|
||||
|
||||
### `check_rpki_status(prefix, asn) -> dict`
|
||||
Queries RIPEstat RPKI validation endpoint. Returns `{status, validating_roas}`.
|
||||
|
||||
### `get_announced_prefixes(asn) -> list`
|
||||
Lists all prefixes currently announced by the given ASN.
|
||||
|
||||
### `get_routing_status(prefix) -> dict`
|
||||
Returns first/last seen timestamps, visibility across RIS peers, and origin ASN list.
|
||||
|
||||
### `check_roas(prefix) -> list`
|
||||
Retrieves Route Origin Authorization records for the prefix.
|
||||
|
||||
### `get_bgp_looking_glass(prefix) -> dict`
|
||||
Queries RIPEstat looking glass for current route advertisements across RRCs.
|
||||
|
||||
### `assess_hijack_resilience(asn) -> dict`
|
||||
Runs full assessment: enumerates prefixes, checks RPKI, detects multi-origin conflicts.
|
||||
|
||||
## RIPEstat API Endpoints
|
||||
|
||||
| Endpoint | Purpose |
|
||||
|----------|---------|
|
||||
| `/rpki-validation/data.json` | RPKI validity for prefix-origin pair |
|
||||
| `/announced-prefixes/data.json` | Prefixes announced by an ASN |
|
||||
| `/routing-status/data.json` | Current routing state of a prefix |
|
||||
| `/looking-glass/data.json` | BGP routes from RIS collectors |
|
||||
|
||||
## Output Schema
|
||||
|
||||
```json
|
||||
{
|
||||
"asn": 12345,
|
||||
"total_prefixes": 5,
|
||||
"rpki_valid": 3,
|
||||
"rpki_unprotected": 2,
|
||||
"multi_origin_conflicts": 0,
|
||||
"prefix_details": [{"prefix": "203.0.113.0/24", "rpki_status": "valid"}]
|
||||
}
|
||||
```
|
||||
@@ -0,0 +1,149 @@
|
||||
#!/usr/bin/env python3
|
||||
# For authorized testing in lab/CTF environments only
|
||||
"""BGP hijacking assessment agent for monitoring route origin validation and RPKI status."""
|
||||
|
||||
import argparse
|
||||
import json
|
||||
import logging
|
||||
import sys
|
||||
from datetime import datetime
|
||||
from typing import List, Optional
|
||||
|
||||
try:
|
||||
import requests
|
||||
except ImportError:
|
||||
sys.exit("requests is required: pip install requests")
|
||||
|
||||
logging.basicConfig(level=logging.INFO, format="%(asctime)s [%(levelname)s] %(message)s")
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
RIPESTAT_BASE = "https://stat.ripe.net/data"
|
||||
|
||||
|
||||
def check_rpki_status(prefix: str, asn: int) -> dict:
|
||||
"""Check RPKI validation status for a prefix-origin pair via RIPEstat."""
|
||||
url = f"{RIPESTAT_BASE}/rpki-validation/data.json"
|
||||
params = {"resource": f"AS{asn}", "prefix": prefix}
|
||||
resp = requests.get(url, params=params, timeout=30)
|
||||
resp.raise_for_status()
|
||||
data = resp.json().get("data", {})
|
||||
return {
|
||||
"prefix": prefix,
|
||||
"asn": asn,
|
||||
"status": data.get("status", "unknown"),
|
||||
"validating_roas": data.get("validating_roas", []),
|
||||
}
|
||||
|
||||
|
||||
def get_announced_prefixes(asn: int) -> List[dict]:
|
||||
"""Get prefixes currently announced by an ASN via RIPEstat."""
|
||||
url = f"{RIPESTAT_BASE}/announced-prefixes/data.json"
|
||||
params = {"resource": f"AS{asn}"}
|
||||
resp = requests.get(url, params=params, timeout=30)
|
||||
resp.raise_for_status()
|
||||
prefixes = resp.json().get("data", {}).get("prefixes", [])
|
||||
logger.info("AS%d announces %d prefixes", asn, len(prefixes))
|
||||
return prefixes
|
||||
|
||||
|
||||
def get_routing_status(prefix: str) -> dict:
|
||||
"""Get current routing status for a prefix via RIPEstat."""
|
||||
url = f"{RIPESTAT_BASE}/routing-status/data.json"
|
||||
params = {"resource": prefix}
|
||||
resp = requests.get(url, params=params, timeout=30)
|
||||
resp.raise_for_status()
|
||||
data = resp.json().get("data", {})
|
||||
return {
|
||||
"prefix": prefix,
|
||||
"first_seen": data.get("first_seen", {}).get("time", ""),
|
||||
"last_seen": data.get("last_seen", {}).get("time", ""),
|
||||
"visibility": data.get("visibility", {}).get("v4", {}).get("total_ris_peers", 0),
|
||||
"origins": [str(o.get("asn", "")) for o in data.get("origins", [])],
|
||||
}
|
||||
|
||||
|
||||
def check_roas(prefix: str) -> List[dict]:
|
||||
"""Query ROA (Route Origin Authorization) records for a prefix."""
|
||||
url = f"{RIPESTAT_BASE}/rpki-validation/data.json"
|
||||
params = {"resource": prefix}
|
||||
resp = requests.get(url, params=params, timeout=30)
|
||||
resp.raise_for_status()
|
||||
return resp.json().get("data", {}).get("validating_roas", [])
|
||||
|
||||
|
||||
def get_bgp_looking_glass(prefix: str) -> dict:
|
||||
"""Query BGP looking glass for current route advertisements."""
|
||||
url = f"{RIPESTAT_BASE}/looking-glass/data.json"
|
||||
params = {"resource": prefix}
|
||||
resp = requests.get(url, params=params, timeout=30)
|
||||
resp.raise_for_status()
|
||||
rrcs = resp.json().get("data", {}).get("rrcs", [])
|
||||
as_paths = []
|
||||
for rrc in rrcs:
|
||||
for peer in rrc.get("peers", []):
|
||||
as_paths.append({
|
||||
"rrc": rrc.get("rrc", ""),
|
||||
"peer_asn": peer.get("asn_origin", ""),
|
||||
"as_path": peer.get("as_path", ""),
|
||||
"prefix": peer.get("prefix", ""),
|
||||
})
|
||||
return {"prefix": prefix, "routes": as_paths[:20]}
|
||||
|
||||
|
||||
def assess_hijack_resilience(asn: int) -> dict:
|
||||
"""Run a full BGP hijacking resilience assessment for an organization's ASN."""
|
||||
logger.info("Assessing BGP hijack resilience for AS%d", asn)
|
||||
prefixes = get_announced_prefixes(asn)
|
||||
results = []
|
||||
for p in prefixes:
|
||||
prefix = p.get("prefix", "")
|
||||
rpki = check_rpki_status(prefix, asn)
|
||||
routing = get_routing_status(prefix)
|
||||
multi_origin = len(routing.get("origins", [])) > 1
|
||||
results.append({
|
||||
"prefix": prefix,
|
||||
"rpki_status": rpki["status"],
|
||||
"roas": rpki["validating_roas"],
|
||||
"origins_count": len(routing.get("origins", [])),
|
||||
"multi_origin_conflict": multi_origin,
|
||||
"visibility_peers": routing["visibility"],
|
||||
})
|
||||
|
||||
unprotected = [r for r in results if r["rpki_status"] != "valid"]
|
||||
conflicts = [r for r in results if r["multi_origin_conflict"]]
|
||||
|
||||
return {
|
||||
"assessment_date": datetime.utcnow().isoformat(),
|
||||
"asn": asn,
|
||||
"total_prefixes": len(prefixes),
|
||||
"rpki_valid": len(results) - len(unprotected),
|
||||
"rpki_unprotected": len(unprotected),
|
||||
"multi_origin_conflicts": len(conflicts),
|
||||
"prefix_details": results,
|
||||
"risk_summary": [],
|
||||
}
|
||||
|
||||
|
||||
def main():
|
||||
parser = argparse.ArgumentParser(description="BGP Hijacking Assessment Agent")
|
||||
parser.add_argument("--asn", type=int, required=True, help="Target ASN number")
|
||||
parser.add_argument("--prefix", help="Specific prefix to check")
|
||||
parser.add_argument("--output", default="bgp_assessment.json")
|
||||
args = parser.parse_args()
|
||||
|
||||
if args.prefix:
|
||||
rpki = check_rpki_status(args.prefix, args.asn)
|
||||
routing = get_routing_status(args.prefix)
|
||||
lg = get_bgp_looking_glass(args.prefix)
|
||||
report = {"rpki": rpki, "routing": routing, "looking_glass": lg}
|
||||
else:
|
||||
report = assess_hijack_resilience(args.asn)
|
||||
|
||||
with open(args.output, "w") as f:
|
||||
json.dump(report, f, indent=2)
|
||||
logger.info("Report saved to %s", args.output)
|
||||
print(json.dumps(report, indent=2))
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
Reference in New Issue
Block a user