creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 21:54:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills

Browse Source 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
This commit is contained in:
mukul975
2026-03-10 21:02:12 +01:00
parent c74d52fa30
commit 27c6414ca5
1390 changed files with 106806 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/exploiting-sql-injection-vulnerabilities/references/api-reference.md
+60
View File
@@ -0,0 +1,60 @@
# API Reference: SQL Injection Detection Agent
## Dependencies
| Library | Version | Purpose |
|---------|---------|---------|
| requests | >=2.28 | HTTP client for injection payload delivery |
## CLI Usage
```bash
python scripts/agent.py \
--url "https://target.example.com/products" \
--param id --method GET \
--output sqli_report.json
```
## Functions
### `detect_error_based(url, param, method, headers) -> dict`
Injects `'` and matches response against SQL error patterns for MySQL, PostgreSQL, MSSQL, Oracle, SQLite.
### `detect_boolean_based(url, param, method, headers) -> dict`
Compares response lengths for `AND 1=1` (true) vs `AND 1=2` (false) against a baseline.
### `detect_time_based(url, param, method, headers, delay) -> dict`
Tests `SLEEP()`, `pg_sleep()`, and `WAITFOR DELAY` payloads. Measures response time against target delay.
### `detect_union_columns(url, param, method, headers, max_cols) -> dict`
Increments `ORDER BY N` until error to determine column count for UNION injection.
### `fingerprint_database(url, param, method, headers) -> dict`
Tries `@@version` and `version()` via UNION SELECT to identify the database engine.
### `run_assessment(url, param, method) -> dict`
Runs all detection techniques and compiles findings.
## SQL Error Signatures
| Database | Pattern |
|----------|---------|
| MySQL | `SQL syntax.*MySQL`, `Warning.*mysql_` |
| PostgreSQL | `ERROR:\s+syntax error`, `PSQLException` |
| MSSQL | `SQL Server.*Driver`, `SQLServerException` |
| Oracle | `ORA-\d{5}` |
| SQLite | `SQLite\.Exception` |
## Output Schema
```json
{
"target": "https://target.example.com/products",
"parameter": "id",
"injectable": true,
"error_based": {"injectable": true, "database": "mysql"},
"boolean_based": {"injectable": true},
"time_based": {"injectable": false},
"findings": ["CRITICAL: Error-based SQLi confirmed (DB: mysql)"]
}
```