creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-15 15:34:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills

Browse Source 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
This commit is contained in:
mukul975
2026-03-10 21:02:12 +01:00
parent c74d52fa30
commit 27c6414ca5
1390 changed files with 106806 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/exploiting-idor-vulnerabilities/references/api-reference.md
+52
View File
@@ -0,0 +1,52 @@
# API Reference: IDOR Vulnerability Testing Agent
## Dependencies
| Library | Version | Purpose |
|---------|---------|---------|
| requests | >=2.28 | HTTP client for API endpoint testing |
## CLI Usage
```bash
python scripts/agent.py \
--url https://target.example.com \
--token-a "eyJ..." --token-b "eyJ..." \
--endpoints "/api/v1/users/{id}/profile" "/api/v1/orders/{id}" \
--own-id 101 --other-id 102 \
--output idor_report.json
```
## IDORTester Class
### `__init__(base_url, user_a_token, user_b_token, verify_ssl)`
Creates two `requests.Session` objects with different Bearer tokens for cross-user testing.
### `test_horizontal_idor(endpoint_template, own_id, other_id, method) -> dict`
Accesses own resource then another user's resource with the same token. IDOR confirmed when both return 200 with different content.
### `test_vertical_idor(endpoint, method) -> dict`
Accesses admin-only endpoints with a regular user token. Status 200 indicates missing authorization.
### `test_id_enumeration(endpoint_template, id_range, method) -> dict`
Iterates over an ID range to discover valid objects. Returns count and sample IDs.
### `test_write_idor(endpoint_template, other_id, payload) -> dict`
Sends PUT with another user's ID to test write-based IDOR. Status 200/201/204 indicates vulnerability.
### `test_cross_session(endpoint_template, resource_id) -> dict`
Compares response hashes between two sessions for the same resource to detect missing authorization checks.
### `generate_report() -> dict`
Returns all accumulated findings with severity assessment.
## Output Schema
```json
{
"target": "https://target.example.com",
"total_findings": 2,
"findings": [{"type": "horizontal", "endpoint": "/api/v1/users/{id}/profile", "vulnerable": true}],
"severity": "High"
}
```