creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 21:54:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills

Browse Source 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
This commit is contained in:
mukul975
2026-03-10 21:02:12 +01:00
parent c74d52fa30
commit 27c6414ca5
1390 changed files with 106806 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/implementing-api-security-posture-management/references/api-reference.md
+54
View File
@@ -0,0 +1,54 @@
# API Reference: Implementing API Security Posture Management
## API Discovery from Traffic
```python
import re
# Normalize paths: /users/123 -> /users/{id}
normalized = re.sub(r"/\d+", "/{id}", path)
normalized = re.sub(r"/[0-9a-f-]{8,}", "/{id}", normalized)
```
## API Sensitivity Classification
| Category | Patterns | Sensitivity |
|----------|----------|-------------|
| PII | `/users`, `/profile`, `/account` | HIGH |
| Financial | `/payments`, `/billing` | HIGH |
| Auth | `/login`, `/token`, `/oauth` | HIGH |
| Admin | `/admin`, `/config` | HIGH |
| Health | `/health`, `/status` | LOW |
## Risk Scoring Model
| Factor | Points | Description |
|--------|--------|-------------|
| High sensitivity data | +30 | PII, financial, auth |
| High error rate (>10%) | +20 | Possible abuse |
| State-changing methods | +10 | PUT, DELETE, PATCH |
| High consumer count | +10 | Large attack surface |
| Auth endpoint | +15 | Credential target |
## 42Crunch API Audit
```bash
# CI/CD integration
curl -X POST https://platform.42crunch.com/api/v1/apis \
-H "X-API-KEY: $API_KEY" \
-F "file=@openapi.yaml"
```
## Salt Security API
```python
import requests
headers = {"Authorization": "Bearer <token>"}
# Discover shadow APIs
resp = requests.get("https://api.salt.security/v1/apis", headers=headers)
```
### References
- OWASP API Security Top 10: https://owasp.org/API-Security/
- 42Crunch: https://42crunch.com/
- Salt Security: https://salt.security/