creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-13 14:44:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills

Browse Source 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
This commit is contained in:
mukul975
2026-03-10 21:02:12 +01:00
parent c74d52fa30
commit 27c6414ca5
1390 changed files with 106806 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/testing-for-sensitive-data-exposure/references/api-reference.md
+50
View File
@@ -0,0 +1,50 @@
# API Reference: Testing for Sensitive Data Exposure
## requests Library
### TLS Verification
```python
# Check HTTP to HTTPS redirect
resp = requests.get("http://target.com/", allow_redirects=False)
# Check HSTS header
resp = requests.get("https://target.com/")
hsts = resp.headers.get("Strict-Transport-Security", "")
```
## Secret Detection Patterns
| Pattern | Regex | Example |
|---------|-------|---------|
| AWS Access Key | `AKIA[0-9A-Z]{16}` | AKIAIOSFODNN7EXAMPLE |
| Google API Key | `AIza[0-9A-Za-z\-_]{35}` | AIzaSyA... |
| Stripe Secret | `sk_live_[0-9a-zA-Z]{24,}` | sk_live_... |
| GitHub Token | `ghp_[a-zA-Z0-9]{36}` | ghp_xxxx... |
| Private Key | `-----BEGIN PRIVATE KEY-----` | PEM format |
## Exposed File Checks
| File | Risk |
|------|------|
| `.env` | Environment variables with secrets |
| `.git/config` | Git configuration (may contain tokens) |
| `config.json` | Application configuration |
| `.aws/credentials` | AWS access keys |
| `phpinfo.php` | Server configuration disclosure |
## Sensitive API Response Fields
Fields that should never appear in API responses:
- `password`, `password_hash`, `salt`
- `ssn`, `credit_card`, `cvv`
- `api_key`, `secret_key`, `private_key`
- `access_token`, `refresh_token`
## Cache-Control for Sensitive Pages
```
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
```
## References
- OWASP A02:2021 Cryptographic Failures: https://owasp.org/Top10/A02_2021-Cryptographic_Failures/
- OWASP Sensitive Data Exposure: https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/
- trufflehog: https://github.com/trufflesecurity/trufflehog
- gitleaks: https://github.com/gitleaks/gitleaks