creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-15 23:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills

Browse Source 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
This commit is contained in:
mukul975
2026-03-10 21:02:12 +01:00
parent c74d52fa30
commit 27c6414ca5
1390 changed files with 106806 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/performing-deception-technology-deployment/references/api-reference.md
+59
View File
@@ -0,0 +1,59 @@
# API Reference: Performing Deception Technology Deployment
## Canary Tokens API (canarytokens.org)
| Endpoint | Method | Description |
|----------|--------|-------------|
| `/generate` | POST | Generate a new canary token (DNS, HTTP, file) |
| `/history` | GET | Retrieve alert history for a token |
| `/manage` | GET | List all deployed tokens |
## Thinkst Canary API
| Endpoint | Method | Description |
|----------|--------|-------------|
| `/api/v1/canarytokens/create` | POST | Create a new canarytoken |
| `/api/v1/incidents/all` | GET | List all triggered incidents |
| `/api/v1/device/list` | GET | List deployed Canary devices |
## Honeypot Components (stdlib)
| Module | Description |
|--------|-------------|
| `http.server.HTTPServer` | HTTP honeypot listener |
| `socketserver.TCPServer` | Generic TCP honeypot |
| `secrets.token_hex()` | Generate unique token IDs |
| `hashlib.sha256()` | Hash canary file content for integrity |
## Key Libraries
- **secrets** (stdlib): Cryptographically secure token generation
- **http.server** (stdlib): HTTP honeypot server implementation
- **socket** (stdlib): TCP/UDP honeypot listeners
- **hashlib** (stdlib): File integrity hashing for canary files
- **threading** (stdlib): Run honeypot services in background threads
## Honeytoken Types
| Type | Deployment | Alert Trigger |
|------|------------|---------------|
| Credential | AD, LSASS, config files | Any authentication attempt |
| Canary File | Network shares, endpoints | File open/read access |
| DNS Token | Documents, scripts | DNS resolution |
| AWS Key | Code repos, config files | AWS API call with key |
| HTTP Token | Documents, emails | HTTP GET request |
## Configuration
| Variable | Description |
|----------|-------------|
| `CANARY_API_KEY` | Thinkst Canary API key |
| `CANARY_DOMAIN` | Canary DNS domain for token callbacks |
| `HONEYPOT_PORT` | Port for HTTP honeypot listener |
## References
- [Canarytokens.org](https://canarytokens.org/)
- [Thinkst Canary](https://canary.tools/)
- [MITRE ATT&CK D3FEND - Decoy](https://d3fend.mitre.org/technique/d3f:Decoy/)
- [OpenCanary](https://github.com/thinkst/opencanary)