mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-19 22:19:39 +03:00
Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
This commit is contained in:
@@ -0,0 +1,21 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2025 Anthropic Agent Skills Contributors
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
@@ -0,0 +1,47 @@
|
||||
# API Reference: Zero Trust DNS with NextDNS
|
||||
|
||||
## NextDNS REST API
|
||||
|
||||
### Authentication
|
||||
```
|
||||
Header: X-Api-Key: <your-api-key>
|
||||
Base URL: https://api.nextdns.io
|
||||
```
|
||||
|
||||
### Profile Endpoints
|
||||
| Method | Endpoint | Description |
|
||||
|--------|----------|-------------|
|
||||
| GET | `/profiles/{id}` | Get profile configuration |
|
||||
| GET | `/profiles/{id}/security` | Get security feature settings |
|
||||
| GET | `/profiles/{id}/denylist` | Get blocked domains list |
|
||||
| GET | `/profiles/{id}/allowlist` | Get allowed domains list |
|
||||
| GET | `/profiles/{id}/logs` | Get DNS query logs |
|
||||
| GET | `/profiles/{id}/analytics/status` | Query volume analytics |
|
||||
| GET | `/profiles/{id}/analytics/domains` | Top queried domains |
|
||||
| GET | `/profiles/{id}/analytics/blockedReasons` | Block reason breakdown |
|
||||
|
||||
### Security Feature Keys
|
||||
| Key | Feature |
|
||||
|-----|---------|
|
||||
| `threatIntelligenceFeeds` | Real-time threat intel blocking |
|
||||
| `aiDetection` | AI-based threat detection |
|
||||
| `googleSafeBrowsing` | Google Safe Browsing integration |
|
||||
| `cryptojacking` | Cryptomining domain blocking |
|
||||
| `dnsRebinding` | DNS rebinding attack protection |
|
||||
| `idnHomographs` | IDN homograph attack protection |
|
||||
| `typosquatting` | Typosquatting domain detection |
|
||||
| `dga` | Domain generation algorithm blocking |
|
||||
| `nrd` | Newly registered domain blocking |
|
||||
|
||||
### Log Entry Fields
|
||||
| Field | Description |
|
||||
|-------|-------------|
|
||||
| `domain` | Queried domain name |
|
||||
| `status` | `allowed`, `blocked`, or `default` |
|
||||
| `reasons` | Array of block reasons |
|
||||
| `clientIp` | Requesting client IP |
|
||||
| `timestamp` | Query timestamp (ISO 8601) |
|
||||
|
||||
## References
|
||||
- NextDNS API: https://nextdns.github.io/api/
|
||||
- NextDNS Security: https://nextdns.io/security
|
||||
@@ -0,0 +1,146 @@
|
||||
#!/usr/bin/env python3
|
||||
"""Agent for configuring and auditing NextDNS zero trust DNS filtering via API."""
|
||||
|
||||
import requests
|
||||
import json
|
||||
import argparse
|
||||
import sys
|
||||
from datetime import datetime, timezone
|
||||
|
||||
NEXTDNS_API = "https://api.nextdns.io"
|
||||
|
||||
|
||||
def get_profile(api_key, profile_id):
|
||||
"""Retrieve NextDNS profile configuration."""
|
||||
headers = {"X-Api-Key": api_key}
|
||||
resp = requests.get(f"{NEXTDNS_API}/profiles/{profile_id}", headers=headers, timeout=15)
|
||||
resp.raise_for_status()
|
||||
profile = resp.json()
|
||||
print(f"[*] Profile: {profile.get('name', profile_id)}")
|
||||
print(f" Security: {json.dumps(profile.get('security', {}), indent=2)[:200]}")
|
||||
return profile
|
||||
|
||||
|
||||
def audit_security_settings(api_key, profile_id):
|
||||
"""Audit security features enabled on a NextDNS profile."""
|
||||
headers = {"X-Api-Key": api_key}
|
||||
resp = requests.get(f"{NEXTDNS_API}/profiles/{profile_id}/security", headers=headers, timeout=15)
|
||||
resp.raise_for_status()
|
||||
security = resp.json()
|
||||
findings = []
|
||||
checks = {
|
||||
"threatIntelligenceFeeds": "Threat intelligence feeds",
|
||||
"aiDetection": "AI-driven threat detection",
|
||||
"googleSafeBrowsing": "Google Safe Browsing",
|
||||
"cryptojacking": "Cryptojacking protection",
|
||||
"dnsRebinding": "DNS rebinding protection",
|
||||
"idnHomographs": "IDN homograph protection",
|
||||
"typosquatting": "Typosquatting protection",
|
||||
"dga": "DGA domain protection",
|
||||
"nrd": "Newly registered domains blocking",
|
||||
"ddns": "Dynamic DNS blocking",
|
||||
"csam": "CSAM blocking",
|
||||
}
|
||||
for key, label in checks.items():
|
||||
enabled = security.get(key, False)
|
||||
status = "ENABLED" if enabled else "DISABLED"
|
||||
if not enabled:
|
||||
findings.append({"feature": label, "key": key, "severity": "MEDIUM"})
|
||||
print(f" [{'+' if enabled else '!'}] {label}: {status}")
|
||||
print(f"\n[*] {len(findings)} security features disabled")
|
||||
return findings
|
||||
|
||||
|
||||
def get_query_logs(api_key, profile_id, limit=100):
|
||||
"""Retrieve recent DNS query logs for analysis."""
|
||||
headers = {"X-Api-Key": api_key}
|
||||
params = {"limit": limit}
|
||||
resp = requests.get(f"{NEXTDNS_API}/profiles/{profile_id}/logs",
|
||||
headers=headers, params=params, timeout=15)
|
||||
resp.raise_for_status()
|
||||
logs = resp.json().get("data", [])
|
||||
blocked = [l for l in logs if l.get("status") == "blocked"]
|
||||
print(f"[*] Query logs: {len(logs)} total, {len(blocked)} blocked")
|
||||
for entry in blocked[:10]:
|
||||
print(f" [BLOCKED] {entry.get('domain')} - reason: {entry.get('reasons', ['?'])[0]}")
|
||||
return logs
|
||||
|
||||
|
||||
def get_analytics(api_key, profile_id, period="last30d"):
|
||||
"""Retrieve DNS analytics and threat statistics."""
|
||||
headers = {"X-Api-Key": api_key}
|
||||
endpoints = {
|
||||
"queries": f"/profiles/{profile_id}/analytics/status",
|
||||
"domains": f"/profiles/{profile_id}/analytics/domains",
|
||||
"blocked_reasons": f"/profiles/{profile_id}/analytics/blockedReasons",
|
||||
}
|
||||
analytics = {}
|
||||
for name, path in endpoints.items():
|
||||
resp = requests.get(f"{NEXTDNS_API}{path}", headers=headers,
|
||||
params={"from": f"-{period}"}, timeout=15)
|
||||
if resp.status_code == 200:
|
||||
analytics[name] = resp.json()
|
||||
if "queries" in analytics:
|
||||
data = analytics["queries"].get("data", [])
|
||||
total = sum(d.get("queries", 0) for d in data)
|
||||
blocked = sum(d.get("blockedQueries", 0) for d in data)
|
||||
print(f"[*] Analytics ({period}): {total} queries, {blocked} blocked "
|
||||
f"({blocked/total*100:.1f}%)" if total else "[*] No query data")
|
||||
return analytics
|
||||
|
||||
|
||||
def check_denylist(api_key, profile_id):
|
||||
"""Check configured denylists and custom blocked domains."""
|
||||
headers = {"X-Api-Key": api_key}
|
||||
resp = requests.get(f"{NEXTDNS_API}/profiles/{profile_id}/denylist",
|
||||
headers=headers, timeout=15)
|
||||
resp.raise_for_status()
|
||||
denylist = resp.json()
|
||||
entries = denylist.get("data", [])
|
||||
print(f"[*] Denylist entries: {len(entries)}")
|
||||
for e in entries[:20]:
|
||||
print(f" {e.get('id', 'unknown')}: active={e.get('active', True)}")
|
||||
return entries
|
||||
|
||||
|
||||
def generate_report(profile, findings, logs, analytics, output_path):
|
||||
"""Generate NextDNS audit report."""
|
||||
report = {
|
||||
"audit_date": datetime.now(timezone.utc).isoformat(),
|
||||
"profile": profile.get("name", "unknown"),
|
||||
"security_findings": findings,
|
||||
"blocked_queries_sample": [l for l in logs if l.get("status") == "blocked"][:20],
|
||||
"analytics_summary": analytics,
|
||||
}
|
||||
with open(output_path, "w") as f:
|
||||
json.dump(report, f, indent=2, default=str)
|
||||
print(f"\n[*] Report saved to {output_path}")
|
||||
|
||||
|
||||
def main():
|
||||
parser = argparse.ArgumentParser(description="NextDNS Zero Trust DNS Audit Agent")
|
||||
parser.add_argument("action", choices=["audit", "logs", "analytics", "denylist", "full-audit"])
|
||||
parser.add_argument("--api-key", required=True, help="NextDNS API key")
|
||||
parser.add_argument("--profile", required=True, help="NextDNS profile ID")
|
||||
parser.add_argument("-o", "--output", default="nextdns_audit.json")
|
||||
args = parser.parse_args()
|
||||
|
||||
if args.action == "audit":
|
||||
get_profile(args.api_key, args.profile)
|
||||
audit_security_settings(args.api_key, args.profile)
|
||||
elif args.action == "logs":
|
||||
get_query_logs(args.api_key, args.profile)
|
||||
elif args.action == "analytics":
|
||||
get_analytics(args.api_key, args.profile)
|
||||
elif args.action == "denylist":
|
||||
check_denylist(args.api_key, args.profile)
|
||||
elif args.action == "full-audit":
|
||||
prof = get_profile(args.api_key, args.profile)
|
||||
findings = audit_security_settings(args.api_key, args.profile)
|
||||
logs = get_query_logs(args.api_key, args.profile)
|
||||
analytics = get_analytics(args.api_key, args.profile)
|
||||
generate_report(prof, findings, logs, analytics, args.output)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
Reference in New Issue
Block a user