mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-17 05:05:16 +03:00
Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
This commit is contained in:
@@ -0,0 +1,21 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2025 Anthropic Agent Skills Contributors
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
@@ -0,0 +1,59 @@
|
||||
# API Reference: XM Cyber Attack Path Analysis Agent
|
||||
|
||||
## Dependencies
|
||||
|
||||
| Library | Version | Purpose |
|
||||
|---------|---------|---------|
|
||||
| requests | >=2.28 | HTTP client for XM Cyber REST API |
|
||||
|
||||
## CLI Usage
|
||||
|
||||
```bash
|
||||
python scripts/agent.py \
|
||||
--url https://xmcyber.example.com \
|
||||
--api-key YOUR_API_KEY \
|
||||
--output-dir /reports/ \
|
||||
--output attack_path_report.json
|
||||
```
|
||||
|
||||
## Functions
|
||||
|
||||
### `XMCyberClient(base_url, api_key)`
|
||||
Client class with Bearer token auth for the XM Cyber API.
|
||||
|
||||
### `get_scenarios() -> list`
|
||||
GET `/api/v1/scenarios` - Lists all attack simulation scenarios.
|
||||
|
||||
### `get_attack_paths(scenario_id) -> list`
|
||||
GET `/api/v1/scenarios/{id}/attack-paths` - Returns attack paths for a scenario.
|
||||
|
||||
### `get_choke_points(scenario_id) -> list`
|
||||
GET `/api/v1/scenarios/{id}/choke-points` - Returns points where attack paths converge.
|
||||
|
||||
### `get_critical_assets() -> list`
|
||||
GET `/api/v1/critical-assets` - Lists defined critical business assets.
|
||||
|
||||
### `get_entities_at_risk(scenario_id) -> list`
|
||||
GET `/api/v1/scenarios/{id}/entities-at-risk` - Entities reachable via attack paths.
|
||||
|
||||
### `get_remediation_actions(scenario_id) -> list`
|
||||
GET `/api/v1/scenarios/{id}/remediations` - Prioritized fix recommendations.
|
||||
|
||||
### `analyze_choke_points(choke_points) -> dict`
|
||||
Ranks choke points by paths_through count, returns top 10.
|
||||
|
||||
### `compute_risk_score(attack_paths, critical_assets) -> dict`
|
||||
Calculates critical asset exposure percentage from reachable targets.
|
||||
|
||||
## Output Schema
|
||||
|
||||
```json
|
||||
{
|
||||
"scenarios": [{
|
||||
"name": "Full Environment",
|
||||
"attack_paths": 1234,
|
||||
"choke_point_analysis": {"total_choke_points": 45, "top_choke_points": []},
|
||||
"risk_score": {"critical_asset_exposure_pct": 67.5}
|
||||
}]
|
||||
}
|
||||
```
|
||||
@@ -0,0 +1,146 @@
|
||||
#!/usr/bin/env python3
|
||||
"""Attack path analysis agent using XM Cyber REST API for exposure management."""
|
||||
|
||||
import argparse
|
||||
import json
|
||||
import logging
|
||||
import os
|
||||
import sys
|
||||
from datetime import datetime
|
||||
from typing import Dict, List, Optional
|
||||
|
||||
try:
|
||||
import requests
|
||||
except ImportError:
|
||||
sys.exit("requests required: pip install requests")
|
||||
|
||||
logging.basicConfig(level=logging.INFO, format="%(asctime)s [%(levelname)s] %(message)s")
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class XMCyberClient:
|
||||
"""Client for XM Cyber Continuous Exposure Management API."""
|
||||
|
||||
def __init__(self, base_url: str, api_key: str):
|
||||
self.base_url = base_url.rstrip("/")
|
||||
self.session = requests.Session()
|
||||
self.session.headers.update({
|
||||
"Authorization": f"Bearer {api_key}",
|
||||
"Content-Type": "application/json",
|
||||
})
|
||||
|
||||
def get_scenarios(self) -> List[dict]:
|
||||
"""List all attack scenarios."""
|
||||
resp = self.session.get(f"{self.base_url}/api/v1/scenarios", timeout=30)
|
||||
resp.raise_for_status()
|
||||
return resp.json().get("data", [])
|
||||
|
||||
def get_attack_paths(self, scenario_id: str) -> List[dict]:
|
||||
"""Get attack paths for a specific scenario."""
|
||||
resp = self.session.get(
|
||||
f"{self.base_url}/api/v1/scenarios/{scenario_id}/attack-paths", timeout=30)
|
||||
resp.raise_for_status()
|
||||
return resp.json().get("data", [])
|
||||
|
||||
def get_choke_points(self, scenario_id: str) -> List[dict]:
|
||||
"""Get choke points where multiple attack paths converge."""
|
||||
resp = self.session.get(
|
||||
f"{self.base_url}/api/v1/scenarios/{scenario_id}/choke-points", timeout=30)
|
||||
resp.raise_for_status()
|
||||
return resp.json().get("data", [])
|
||||
|
||||
def get_critical_assets(self) -> List[dict]:
|
||||
"""List critical assets defined in the platform."""
|
||||
resp = self.session.get(f"{self.base_url}/api/v1/critical-assets", timeout=30)
|
||||
resp.raise_for_status()
|
||||
return resp.json().get("data", [])
|
||||
|
||||
def get_entities_at_risk(self, scenario_id: str) -> List[dict]:
|
||||
"""Get entities at risk of compromise in a scenario."""
|
||||
resp = self.session.get(
|
||||
f"{self.base_url}/api/v1/scenarios/{scenario_id}/entities-at-risk", timeout=30)
|
||||
resp.raise_for_status()
|
||||
return resp.json().get("data", [])
|
||||
|
||||
def get_remediation_actions(self, scenario_id: str) -> List[dict]:
|
||||
"""Get recommended remediation actions prioritized by impact."""
|
||||
resp = self.session.get(
|
||||
f"{self.base_url}/api/v1/scenarios/{scenario_id}/remediations", timeout=30)
|
||||
resp.raise_for_status()
|
||||
return resp.json().get("data", [])
|
||||
|
||||
|
||||
def analyze_choke_points(choke_points: List[dict]) -> dict:
|
||||
"""Analyze choke points to identify highest-impact remediation targets."""
|
||||
sorted_cp = sorted(choke_points, key=lambda c: c.get("paths_through", 0), reverse=True)
|
||||
return {
|
||||
"total_choke_points": len(choke_points),
|
||||
"top_choke_points": [
|
||||
{"entity": cp.get("entity_name", ""), "type": cp.get("entity_type", ""),
|
||||
"paths_through": cp.get("paths_through", 0),
|
||||
"techniques": cp.get("techniques", [])}
|
||||
for cp in sorted_cp[:10]
|
||||
],
|
||||
}
|
||||
|
||||
|
||||
def compute_risk_score(attack_paths: List[dict], critical_assets: List[dict]) -> dict:
|
||||
"""Compute risk score based on attack path complexity and critical asset exposure."""
|
||||
reachable = set()
|
||||
for path in attack_paths:
|
||||
target = path.get("target_asset", "")
|
||||
if target:
|
||||
reachable.add(target)
|
||||
critical_names = {a.get("name", "") for a in critical_assets}
|
||||
compromised = reachable & critical_names
|
||||
pct = (len(compromised) / len(critical_names) * 100) if critical_names else 0
|
||||
return {
|
||||
"total_paths": len(attack_paths),
|
||||
"unique_targets": len(reachable),
|
||||
"critical_assets_reachable": len(compromised),
|
||||
"critical_asset_exposure_pct": round(pct, 1),
|
||||
}
|
||||
|
||||
|
||||
def generate_report(client: XMCyberClient) -> dict:
|
||||
"""Generate comprehensive attack path analysis report."""
|
||||
report = {"analysis_date": datetime.utcnow().isoformat(), "scenarios": []}
|
||||
scenarios = client.get_scenarios()
|
||||
critical_assets = client.get_critical_assets()
|
||||
report["critical_assets_count"] = len(critical_assets)
|
||||
|
||||
for scenario in scenarios[:5]:
|
||||
sid = scenario.get("id", "")
|
||||
paths = client.get_attack_paths(sid)
|
||||
choke = client.get_choke_points(sid)
|
||||
remediations = client.get_remediation_actions(sid)
|
||||
report["scenarios"].append({
|
||||
"id": sid, "name": scenario.get("name", ""),
|
||||
"attack_paths": len(paths),
|
||||
"choke_point_analysis": analyze_choke_points(choke),
|
||||
"risk_score": compute_risk_score(paths, critical_assets),
|
||||
"top_remediations": remediations[:5],
|
||||
})
|
||||
return report
|
||||
|
||||
|
||||
def main():
|
||||
parser = argparse.ArgumentParser(description="XM Cyber Attack Path Analysis Agent")
|
||||
parser.add_argument("--url", required=True, help="XM Cyber platform URL")
|
||||
parser.add_argument("--api-key", required=True, help="API key")
|
||||
parser.add_argument("--output-dir", default=".", help="Output directory")
|
||||
parser.add_argument("--output", default="attack_path_report.json")
|
||||
args = parser.parse_args()
|
||||
|
||||
os.makedirs(args.output_dir, exist_ok=True)
|
||||
client = XMCyberClient(args.url, args.api_key)
|
||||
report = generate_report(client)
|
||||
out_path = os.path.join(args.output_dir, args.output)
|
||||
with open(out_path, "w") as f:
|
||||
json.dump(report, f, indent=2)
|
||||
logger.info("Report saved to %s", out_path)
|
||||
print(json.dumps(report, indent=2))
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
Reference in New Issue
Block a user