Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills

Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
2026-06-13 22:54:53 +03:00 · 2026-03-10 21:02:12 +01:00
parent c74d52fa30
commit 27c6414ca5
1390 changed files with 106806 additions and 0 deletions
@@ -0,0 +1,130 @@
+#!/usr/bin/env python3
+"""BeyondCorp zero trust access assessment agent using Google Cloud IAP API via requests."""
+
+import argparse
+import json
+import logging
+import os
+import subprocess
+import sys
+from datetime import datetime
+from typing import Dict, List, Optional
+
+try:
+    import requests
+except ImportError:
+    sys.exit("requests required: pip install requests")
+
+logging.basicConfig(level=logging.INFO, format="%(asctime)s [%(levelname)s] %(message)s")
+logger = logging.getLogger(__name__)
+
+
+def get_gcloud_token() -> str:
+    """Get access token from gcloud CLI."""
+    try:
+        result = subprocess.run(
+            ["gcloud", "auth", "print-access-token"], capture_output=True, text=True, timeout=10)
+        return result.stdout.strip()
+    except FileNotFoundError:
+        return ""
+
+
+def list_iap_resources(project_id: str, token: str) -> List[dict]:
+    """List IAP-protected resources in a GCP project."""
+    url = f"https://iap.googleapis.com/v1/projects/{project_id}/iap_tunnel/locations/-/destGroups"
+    resp = requests.get(url, headers={"Authorization": f"Bearer {token}"}, timeout=30)
+    if resp.status_code == 200:
+        return resp.json().get("destGroups", [])
+    return []
+
+
+def get_iap_settings(project_id: str, resource: str, token: str) -> dict:
+    """Get IAP settings for a specific resource."""
+    url = f"https://iap.googleapis.com/v1/projects/{project_id}/iap_web/compute/services/{resource}:iapSettings"
+    resp = requests.get(url, headers={"Authorization": f"Bearer {token}"}, timeout=30)
+    if resp.status_code == 200:
+        return resp.json()
+    return {"error": resp.status_code}
+
+
+def list_access_levels(org_id: str, policy_name: str, token: str) -> List[dict]:
+    """List Access Context Manager access levels."""
+    url = f"https://accesscontextmanager.googleapis.com/v1/accessPolicies/{policy_name}/accessLevels"
+    resp = requests.get(url, headers={"Authorization": f"Bearer {token}"}, timeout=30)
+    if resp.status_code == 200:
+        return resp.json().get("accessLevels", [])
+    return []
+
+
+def audit_iap_bindings(project_id: str, token: str) -> List[dict]:
+    """Audit IAM policy bindings for IAP-secured resources."""
+    url = f"https://cloudresourcemanager.googleapis.com/v1/projects/{project_id}:getIamPolicy"
+    resp = requests.post(url, headers={"Authorization": f"Bearer {token}"},
+                         json={}, timeout=30)
+    if resp.status_code != 200:
+        return []
+    bindings = resp.json().get("bindings", [])
+    iap_bindings = [b for b in bindings if "iap" in b.get("role", "").lower()]
+    return iap_bindings
+
+
+def assess_zero_trust_posture(project_id: str, token: str) -> dict:
+    """Assess BeyondCorp zero trust posture for a project."""
+    iap_resources = list_iap_resources(project_id, token)
+    iap_bindings = audit_iap_bindings(project_id, token)
+    findings = []
+    if not iap_resources:
+        findings.append({"severity": "HIGH", "finding": "No IAP-protected resources found"})
+    if not iap_bindings:
+        findings.append({"severity": "HIGH", "finding": "No IAP IAM bindings configured"})
+    allUsers = any("allUsers" in str(b.get("members", [])) for b in iap_bindings)
+    if allUsers:
+        findings.append({"severity": "CRITICAL", "finding": "IAP binding includes allUsers"})
+    return {
+        "iap_resources": len(iap_resources),
+        "iap_bindings": len(iap_bindings),
+        "findings": findings,
+    }
+
+
+def generate_report(project_id: str, token: str) -> dict:
+    """Generate BeyondCorp zero trust assessment report."""
+    report = {
+        "analysis_date": datetime.utcnow().isoformat(),
+        "project": project_id,
+        "posture": assess_zero_trust_posture(project_id, token),
+    }
+    score = 100
+    for f in report["posture"]["findings"]:
+        if f["severity"] == "CRITICAL":
+            score -= 30
+        elif f["severity"] == "HIGH":
+            score -= 15
+    report["zero_trust_score"] = max(0, score)
+    return report
+
+
+def main():
+    parser = argparse.ArgumentParser(description="BeyondCorp Zero Trust Assessment Agent")
+    parser.add_argument("--project", required=True, help="GCP project ID")
+    parser.add_argument("--token", default="", help="Access token (or uses gcloud)")
+    parser.add_argument("--output-dir", default=".")
+    parser.add_argument("--output", default="beyondcorp_report.json")
+    args = parser.parse_args()
+
+    token = args.token or get_gcloud_token()
+    if not token:
+        logger.error("No access token. Run: gcloud auth print-access-token")
+        sys.exit(1)
+
+    os.makedirs(args.output_dir, exist_ok=True)
+    report = generate_report(args.project, token)
+    out_path = os.path.join(args.output_dir, args.output)
+    with open(out_path, "w") as f:
+        json.dump(report, f, indent=2)
+    logger.info("Report saved to %s", out_path)
+    print(json.dumps(report, indent=2))
+
+
+if __name__ == "__main__":
+    main()