mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-05 23:38:57 +03:00
Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
This commit is contained in:
@@ -0,0 +1,177 @@
|
||||
#!/usr/bin/env python3
|
||||
"""Device posture assessment agent for zero trust endpoint compliance evaluation."""
|
||||
|
||||
import argparse
|
||||
import json
|
||||
import logging
|
||||
import os
|
||||
import platform
|
||||
import subprocess
|
||||
import sys
|
||||
from datetime import datetime
|
||||
from typing import Dict, List
|
||||
|
||||
logging.basicConfig(level=logging.INFO, format="%(asctime)s [%(levelname)s] %(message)s")
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def check_os_version() -> dict:
|
||||
"""Check OS version and patch level."""
|
||||
return {
|
||||
"os": platform.system(),
|
||||
"version": platform.version(),
|
||||
"release": platform.release(),
|
||||
"machine": platform.machine(),
|
||||
}
|
||||
|
||||
|
||||
def check_disk_encryption() -> dict:
|
||||
"""Check if disk encryption is enabled."""
|
||||
system = platform.system()
|
||||
if system == "Windows":
|
||||
try:
|
||||
result = subprocess.run(
|
||||
["manage-bde", "-status", "C:"], capture_output=True, text=True, timeout=10)
|
||||
encrypted = "Fully Encrypted" in result.stdout or "100%" in result.stdout
|
||||
return {"enabled": encrypted, "tool": "BitLocker", "output": result.stdout[:200]}
|
||||
except FileNotFoundError:
|
||||
return {"enabled": False, "tool": "BitLocker", "error": "manage-bde not found"}
|
||||
elif system == "Darwin":
|
||||
try:
|
||||
result = subprocess.run(
|
||||
["fdesetup", "status"], capture_output=True, text=True, timeout=10)
|
||||
return {"enabled": "On" in result.stdout, "tool": "FileVault"}
|
||||
except FileNotFoundError:
|
||||
return {"enabled": False, "error": "fdesetup not found"}
|
||||
elif system == "Linux":
|
||||
try:
|
||||
result = subprocess.run(
|
||||
["lsblk", "-o", "NAME,TYPE,FSTYPE"], capture_output=True, text=True, timeout=10)
|
||||
encrypted = "crypto_LUKS" in result.stdout or "crypt" in result.stdout
|
||||
return {"enabled": encrypted, "tool": "LUKS"}
|
||||
except FileNotFoundError:
|
||||
return {"enabled": False, "error": "lsblk not found"}
|
||||
return {"enabled": False, "error": "Unsupported OS"}
|
||||
|
||||
|
||||
def check_firewall_status() -> dict:
|
||||
"""Check if host firewall is enabled."""
|
||||
system = platform.system()
|
||||
if system == "Windows":
|
||||
try:
|
||||
result = subprocess.run(
|
||||
["netsh", "advfirewall", "show", "allprofiles", "state"],
|
||||
capture_output=True, text=True, timeout=10)
|
||||
enabled = "ON" in result.stdout.upper()
|
||||
return {"enabled": enabled, "tool": "Windows Firewall"}
|
||||
except FileNotFoundError:
|
||||
return {"enabled": False, "error": "netsh not found"}
|
||||
elif system == "Linux":
|
||||
try:
|
||||
result = subprocess.run(
|
||||
["ufw", "status"], capture_output=True, text=True, timeout=10)
|
||||
return {"enabled": "active" in result.stdout.lower(), "tool": "UFW"}
|
||||
except FileNotFoundError:
|
||||
return {"enabled": False, "error": "ufw not found"}
|
||||
return {"enabled": False, "error": "Unsupported OS"}
|
||||
|
||||
|
||||
def check_antivirus() -> dict:
|
||||
"""Check if antivirus/EDR is running."""
|
||||
system = platform.system()
|
||||
if system == "Windows":
|
||||
try:
|
||||
result = subprocess.run(
|
||||
["powershell", "-Command", "Get-MpComputerStatus | Select-Object RealTimeProtectionEnabled | ConvertTo-Json"],
|
||||
capture_output=True, text=True, timeout=15)
|
||||
if result.stdout:
|
||||
data = json.loads(result.stdout)
|
||||
return {"enabled": data.get("RealTimeProtectionEnabled", False),
|
||||
"tool": "Windows Defender"}
|
||||
except (FileNotFoundError, json.JSONDecodeError):
|
||||
pass
|
||||
return {"enabled": False, "tool": "unknown"}
|
||||
|
||||
|
||||
def check_screen_lock() -> dict:
|
||||
"""Check if screen lock is configured with timeout."""
|
||||
system = platform.system()
|
||||
if system == "Windows":
|
||||
try:
|
||||
result = subprocess.run(
|
||||
["powershell", "-Command",
|
||||
"(Get-ItemProperty 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System').InactivityTimeoutSecs"],
|
||||
capture_output=True, text=True, timeout=10)
|
||||
timeout = int(result.stdout.strip()) if result.stdout.strip() else 0
|
||||
return {"configured": timeout > 0, "timeout_seconds": timeout}
|
||||
except (FileNotFoundError, ValueError):
|
||||
pass
|
||||
return {"configured": False, "timeout_seconds": 0}
|
||||
|
||||
|
||||
def compute_posture_score(checks: dict) -> dict:
|
||||
"""Compute device posture compliance score."""
|
||||
weights = {"disk_encryption": 25, "firewall": 20, "antivirus": 25,
|
||||
"screen_lock": 15, "os_supported": 15}
|
||||
score = 0
|
||||
if checks.get("disk_encryption", {}).get("enabled"):
|
||||
score += weights["disk_encryption"]
|
||||
if checks.get("firewall", {}).get("enabled"):
|
||||
score += weights["firewall"]
|
||||
if checks.get("antivirus", {}).get("enabled"):
|
||||
score += weights["antivirus"]
|
||||
if checks.get("screen_lock", {}).get("configured"):
|
||||
score += weights["screen_lock"]
|
||||
score += weights["os_supported"]
|
||||
if score >= 80:
|
||||
compliance = "COMPLIANT"
|
||||
elif score >= 50:
|
||||
compliance = "PARTIAL"
|
||||
else:
|
||||
compliance = "NON_COMPLIANT"
|
||||
return {"score": score, "max_score": 100, "compliance": compliance}
|
||||
|
||||
|
||||
def generate_report() -> dict:
|
||||
"""Generate device posture assessment report."""
|
||||
checks = {
|
||||
"os_info": check_os_version(),
|
||||
"disk_encryption": check_disk_encryption(),
|
||||
"firewall": check_firewall_status(),
|
||||
"antivirus": check_antivirus(),
|
||||
"screen_lock": check_screen_lock(),
|
||||
}
|
||||
posture = compute_posture_score(checks)
|
||||
recommendations = []
|
||||
if not checks["disk_encryption"].get("enabled"):
|
||||
recommendations.append("Enable disk encryption (BitLocker/FileVault/LUKS)")
|
||||
if not checks["firewall"].get("enabled"):
|
||||
recommendations.append("Enable host firewall")
|
||||
if not checks["antivirus"].get("enabled"):
|
||||
recommendations.append("Enable antivirus/EDR with real-time protection")
|
||||
return {
|
||||
"analysis_date": datetime.utcnow().isoformat(),
|
||||
"hostname": platform.node(),
|
||||
"checks": checks,
|
||||
"posture": posture,
|
||||
"recommendations": recommendations,
|
||||
}
|
||||
|
||||
|
||||
def main():
|
||||
parser = argparse.ArgumentParser(description="Device Posture Assessment Agent")
|
||||
parser.add_argument("--output-dir", default=".")
|
||||
parser.add_argument("--output", default="device_posture_report.json")
|
||||
args = parser.parse_args()
|
||||
|
||||
os.makedirs(args.output_dir, exist_ok=True)
|
||||
report = generate_report()
|
||||
out_path = os.path.join(args.output_dir, args.output)
|
||||
with open(out_path, "w") as f:
|
||||
json.dump(report, f, indent=2)
|
||||
logger.info("Report saved to %s", out_path)
|
||||
print(json.dumps(report["posture"], indent=2))
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
Reference in New Issue
Block a user