Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills

Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
This commit is contained in:
mukul975
2026-03-10 21:02:12 +01:00
parent c74d52fa30
commit 27c6414ca5
1390 changed files with 106806 additions and 0 deletions
@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2025 Anthropic Agent Skills Contributors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
@@ -0,0 +1,47 @@
# API Reference: Implementing Cloud DLP for Data Protection
## Libraries
### google-cloud-dlp (Google Cloud DLP)
- **Install**: `pip install google-cloud-dlp`
- **Docs**: https://cloud.google.com/dlp/docs/reference/libraries
- `DlpServiceClient()` -- Create DLP client
- `inspect_content(parent, inspect_config, item)` -- Scan content for sensitive data
- `deidentify_content(parent, deidentify_config, item)` -- Mask/redact sensitive data
- `create_inspect_template()` -- Reusable inspection configuration
- `create_dlp_job()` -- Scan Cloud Storage, BigQuery, Datastore
### boto3 -- Amazon Macie
- **Install**: `pip install boto3`
- **Docs**: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/macie2.html
- `enable_macie()` -- Enable Macie service
- `create_classification_job()` -- Scan S3 buckets for sensitive data
- `list_findings()` / `get_findings()` -- Retrieve discovery results
- `create_custom_data_identifier()` -- Define custom PII patterns
## GCP DLP Info Types
| Category | Info Types |
|----------|-----------|
| PII | PERSON_NAME, EMAIL_ADDRESS, PHONE_NUMBER, DATE_OF_BIRTH |
| Financial | CREDIT_CARD_NUMBER, IBAN_CODE, SWIFT_CODE |
| US-specific | US_SOCIAL_SECURITY_NUMBER, US_DRIVERS_LICENSE_NUMBER |
| Health | US_HEALTHCARE_NPI, MEDICAL_RECORD_NUMBER |
## De-identification Methods
- `CharacterMaskConfig` -- Replace characters with mask symbol
- `CryptoReplaceFfxFpeConfig` -- Format-preserving encryption
- `RedactConfig` -- Remove sensitive content entirely
- `ReplaceWithInfoTypeConfig` -- Replace with info type name
## Macie Finding Types
- `SensitiveData:S3Object/Personal` -- PII found
- `SensitiveData:S3Object/Financial` -- Financial data found
- `SensitiveData:S3Object/Credentials` -- Credentials detected
- `Policy:IAMUser/S3BucketPublic` -- Public bucket with sensitive data
## External References
- GCP DLP API: https://cloud.google.com/dlp/docs
- GCP Info Types: https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference
- Macie User Guide: https://docs.aws.amazon.com/macie/latest/user/what-is-macie.html
- Azure Purview DLP: https://learn.microsoft.com/en-us/purview/dlp-learn-about-dlp
@@ -0,0 +1,197 @@
#!/usr/bin/env python3
"""Cloud DLP agent for sensitive data discovery using Google Cloud DLP and AWS Macie."""
import json
import sys
import argparse
from datetime import datetime
try:
import boto3
from botocore.exceptions import ClientError
except ImportError:
boto3 = None
try:
from google.cloud import dlp_v2
except ImportError:
dlp_v2 = None
INFO_TYPES_PII = [
"PERSON_NAME", "EMAIL_ADDRESS", "PHONE_NUMBER", "US_SOCIAL_SECURITY_NUMBER",
"CREDIT_CARD_NUMBER", "US_DRIVERS_LICENSE_NUMBER", "DATE_OF_BIRTH",
"STREET_ADDRESS", "IP_ADDRESS", "PASSPORT",
]
INFO_TYPES_FINANCIAL = [
"CREDIT_CARD_NUMBER", "IBAN_CODE", "SWIFT_CODE",
"US_BANK_ROUTING_MICR", "US_EMPLOYER_IDENTIFICATION_NUMBER",
]
INFO_TYPES_HEALTH = [
"US_HEALTHCARE_NPI", "US_DEA_NUMBER", "MEDICAL_RECORD_NUMBER",
]
def scan_text_with_gcp_dlp(project_id, text, info_types=None):
"""Scan text content for sensitive data using Google Cloud DLP."""
if dlp_v2 is None:
print("[!] Install google-cloud-dlp: pip install google-cloud-dlp")
return None
client = dlp_v2.DlpServiceClient()
parent = f"projects/{project_id}"
if info_types is None:
info_types = INFO_TYPES_PII
inspect_config = {
"info_types": [{"name": it} for it in info_types],
"min_likelihood": dlp_v2.Likelihood.LIKELY,
"include_quote": True,
"limits": {"max_findings_per_request": 50},
}
item = {"value": text}
response = client.inspect_content(
request={"parent": parent, "inspect_config": inspect_config, "item": item})
findings = []
for f in response.result.findings:
findings.append({
"info_type": f.info_type.name,
"likelihood": dlp_v2.Likelihood(f.likelihood).name,
"quote": f.quote[:50] + "..." if len(f.quote) > 50 else f.quote,
"location": {"start": f.location.byte_range.start, "end": f.location.byte_range.end},
})
return findings
def deidentify_text_with_gcp(project_id, text, info_types=None):
"""De-identify sensitive data in text using masking."""
if dlp_v2 is None:
return None
client = dlp_v2.DlpServiceClient()
parent = f"projects/{project_id}"
if info_types is None:
info_types = INFO_TYPES_PII
deidentify_config = {
"info_type_transformations": {
"transformations": [{
"primitive_transformation": {
"character_mask_config": {"masking_character": "*", "number_to_mask": 0}
},
"info_types": [{"name": it} for it in info_types],
}]
}
}
inspect_config = {"info_types": [{"name": it} for it in info_types]}
item = {"value": text}
response = client.deidentify_content(
request={"parent": parent, "deidentify_config": deidentify_config,
"inspect_config": inspect_config, "item": item})
return response.item.value
def enable_macie(region="us-east-1"):
"""Enable Amazon Macie for S3 sensitive data discovery."""
if boto3 is None:
print("[!] Install boto3: pip install boto3")
return None
client = boto3.client("macie2", region_name=region)
try:
client.enable_macie(status="ENABLED", findingPublishingFrequency="FIFTEEN_MINUTES")
return {"status": "enabled"}
except ClientError as e:
if "already enabled" in str(e).lower():
return {"status": "already_enabled"}
return {"error": str(e)}
def create_macie_classification_job(region, bucket_names, job_name):
"""Create a Macie classification job to scan S3 buckets."""
if boto3 is None:
return None
client = boto3.client("macie2", region_name=region)
try:
resp = client.create_classification_job(
jobType="ONE_TIME", name=job_name,
s3JobDefinition={
"bucketDefinitions": [{"accountId": boto3.client("sts").get_caller_identity()["Account"],
"buckets": bucket_names}]
},
description=f"DLP scan for sensitive data in {', '.join(bucket_names)}")
return {"job_id": resp["jobId"], "status": "created"}
except ClientError as e:
return {"error": str(e)}
def get_macie_findings(region="us-east-1", max_results=50):
"""Retrieve Macie findings for sensitive data discoveries."""
if boto3 is None:
return []
client = boto3.client("macie2", region_name=region)
try:
resp = client.list_findings(
sortCriteria={"attributeName": "severity.score", "orderBy": "DESC"},
maxResults=max_results)
finding_ids = resp.get("findingIds", [])
if not finding_ids:
return []
details = client.get_findings(findingIds=finding_ids)
return [{"id": f["id"], "type": f["type"], "severity": f["severity"]["score"],
"title": f["title"], "bucket": f.get("resourcesAffected", {}).get(
"s3Bucket", {}).get("name", ""),
"count": f.get("count", 1)}
for f in details.get("findings", [])]
except ClientError as e:
return [{"error": str(e)}]
def run_dlp_report(project_id=None, region="us-east-1"):
"""Generate a DLP discovery report."""
print(f"\n{'='*60}")
print(f" CLOUD DLP DATA PROTECTION REPORT")
print(f" Generated: {datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')} UTC")
print(f"{'='*60}\n")
if boto3:
print(f"--- AWS MACIE STATUS ---")
macie_status = enable_macie(region)
print(f" Macie: {macie_status}")
findings = get_macie_findings(region)
print(f" Findings: {len(findings)}")
for f in findings[:5]:
print(f" [{f.get('severity', 'N/A')}] {f.get('title', 'N/A')} - {f.get('bucket', 'N/A')}")
if dlp_v2 and project_id:
print(f"\n--- GCP DLP SCAN ---")
sample = "Contact John Doe at john@example.com, SSN 123-45-6789, CC 4111-1111-1111-1111"
findings = scan_text_with_gcp_dlp(project_id, sample)
if findings:
for f in findings:
print(f" [{f['likelihood']}] {f['info_type']}: {f['quote']}")
print(f"\n{'='*60}\n")
def main():
parser = argparse.ArgumentParser(description="Cloud DLP Data Protection Agent")
parser.add_argument("--gcp-project", help="GCP project ID for DLP API")
parser.add_argument("--aws-region", default="us-east-1", help="AWS region for Macie")
parser.add_argument("--scan-text", help="Text to scan for sensitive data")
parser.add_argument("--scan-buckets", nargs="+", help="S3 bucket names to scan with Macie")
parser.add_argument("--report", action="store_true", help="Generate DLP report")
parser.add_argument("--output", help="Save report to JSON")
args = parser.parse_args()
if args.scan_text and args.gcp_project:
findings = scan_text_with_gcp_dlp(args.gcp_project, args.scan_text)
print(json.dumps(findings, indent=2))
elif args.scan_buckets:
result = create_macie_classification_job(args.aws_region, args.scan_buckets, "dlp-agent-scan")
print(json.dumps(result, indent=2))
elif args.report:
run_dlp_report(args.gcp_project, args.aws_region)
else:
parser.print_help()
if __name__ == "__main__":
main()