mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-17 05:05:16 +03:00
Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal
- Add scripts/agent.py and references/api-reference.md to all remaining skills - Update all 648 LICENSE files: copyright now reads 'Mahipal' - Add implementing-security-monitoring-with-datadog (new skill with full anatomy) - All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
This commit is contained in:
@@ -0,0 +1,106 @@
|
||||
# Agentless Vulnerability Scanning - API Reference
|
||||
|
||||
## AWS Inspector2 (boto3)
|
||||
|
||||
### Enable Inspector
|
||||
```python
|
||||
client = boto3.client("inspector2")
|
||||
client.enable(resourceTypes=["EC2", "ECR", "LAMBDA"],
|
||||
accountIds=["123456789012"])
|
||||
```
|
||||
|
||||
### Check Account Status
|
||||
```python
|
||||
client.batch_get_account_status(accountIds=["123456789012"])
|
||||
```
|
||||
|
||||
### List Coverage
|
||||
```python
|
||||
paginator = client.get_paginator("list_coverage")
|
||||
for page in paginator.paginate(
|
||||
filterCriteria={"resourceType": [{"comparison": "EQUALS", "value": "AWS_EC2_INSTANCE"}]}
|
||||
):
|
||||
for resource in page["coveredResources"]:
|
||||
print(resource["resourceId"], resource["scanStatus"]["statusCode"])
|
||||
```
|
||||
|
||||
### List Findings
|
||||
```python
|
||||
paginator = client.get_paginator("list_findings")
|
||||
for page in paginator.paginate(
|
||||
filterCriteria={"severity": [{"comparison": "EQUALS", "value": "CRITICAL"}]}
|
||||
):
|
||||
for finding in page["findings"]:
|
||||
print(finding["title"], finding["severity"])
|
||||
```
|
||||
|
||||
### Finding Fields
|
||||
|
||||
| Field | Type | Description |
|
||||
|-------|------|-------------|
|
||||
| `findingArn` | string | Unique finding ARN |
|
||||
| `title` | string | Vulnerability title |
|
||||
| `severity` | string | CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL |
|
||||
| `status` | string | ACTIVE, SUPPRESSED, CLOSED |
|
||||
| `type` | string | NETWORK_REACHABILITY or PACKAGE_VULNERABILITY |
|
||||
| `resources` | array | Affected AWS resources |
|
||||
| `packageVulnerabilityDetails.vulnerabilityId` | string | CVE ID |
|
||||
| `packageVulnerabilityDetails.cvss` | array | CVSS scores |
|
||||
| `packageVulnerabilityDetails.fixedInVersion` | string | Patched version |
|
||||
|
||||
## Agentless Scanning via EBS Snapshots
|
||||
|
||||
Inspector2 supports agentless scanning by:
|
||||
1. Creating EBS snapshots of instance volumes
|
||||
2. Mounting snapshots in Inspector service account
|
||||
3. Scanning file system for vulnerable packages
|
||||
4. No agent installation required on target instances
|
||||
|
||||
### Create Snapshot (boto3 EC2)
|
||||
```python
|
||||
ec2 = boto3.client("ec2")
|
||||
ec2.create_snapshot(
|
||||
VolumeId="vol-xxx",
|
||||
Description="Agentless scan",
|
||||
TagSpecifications=[{"ResourceType": "snapshot",
|
||||
"Tags": [{"Key": "Purpose", "Value": "VulnScan"}]}]
|
||||
)
|
||||
```
|
||||
|
||||
## SSM Inventory (Alternative)
|
||||
|
||||
AWS Systems Manager Inventory collects software inventory without custom agents:
|
||||
```python
|
||||
ssm = boto3.client("ssm")
|
||||
ssm.get_inventory(
|
||||
Filters=[{"Key": "AWS:Application.Name", "Values": ["openssl"]}]
|
||||
)
|
||||
```
|
||||
|
||||
## Scan Types
|
||||
|
||||
| Type | Method | Agent Required |
|
||||
|------|--------|---------------|
|
||||
| Inspector Classic | AWS agent | Yes |
|
||||
| Inspector2 Agent | SSM agent | Yes (auto-installed) |
|
||||
| Inspector2 Agentless | EBS snapshot | No |
|
||||
| SSM Inventory | SSM agent | Yes |
|
||||
|
||||
## Output Schema
|
||||
|
||||
```json
|
||||
{
|
||||
"report": "agentless_vulnerability_scanning",
|
||||
"inspector_status": {"enabled": true},
|
||||
"total_resources_scanned": 50,
|
||||
"uncovered_resources": 3,
|
||||
"total_findings": 125,
|
||||
"severity_summary": {"CRITICAL": 5, "HIGH": 30, "MEDIUM": 60, "LOW": 30}
|
||||
}
|
||||
```
|
||||
|
||||
## CLI Usage
|
||||
|
||||
```bash
|
||||
python agent.py --region us-east-1 --severity CRITICAL HIGH --output report.json
|
||||
```
|
||||
Reference in New Issue
Block a user