mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-18 05:29:40 +03:00
Production hardening: security fixes, code quality, 724 skills complete
- Fix 25 shell=True subprocess calls with list-based commands - Fix 49 verify=False in defensive skills (env-var override) - Add timeout to 231 HTTP/subprocess/socket calls - Fix 6 SQL injection patterns with whitelist validation - Replace 8 __import__() with standard imports - Remove 701 unused imports across 442 files - Add authorized-testing disclaimers to all offensive skills - Complete 11 incomplete skill directories - Expand 10 stub SKILL.md files with full content - Fix 2 YAML parse errors in frontmatter - Fix 5 pre-existing syntax errors - Convert 22 hardcoded paths/ports to environment variables - Back up 21 redundant skill pairs to .bak - Fix 2 global declaration errors - 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE) - 0 compile errors across all 724 agent.py files
This commit is contained in:
@@ -1,27 +1,190 @@
|
||||
# API Reference: Rapid7 InsightVM scanning configuration audit
|
||||
# API Reference: Rapid7 InsightVM Vulnerability Scanning
|
||||
|
||||
## API Endpoints
|
||||
InsightVM API: GET /api/3/sites, GET /api/3/scans, GET /api/3/vulnerabilities, scan engines
|
||||
## Libraries Used
|
||||
|
||||
| Library | Purpose |
|
||||
|---------|---------|
|
||||
| `requests` | HTTP client for InsightVM REST API v3 |
|
||||
| `json` | Parse scan results and vulnerability data |
|
||||
| `base64` | Encode Basic Auth credentials |
|
||||
| `os` | Read `INSIGHTVM_URL`, `INSIGHTVM_USER`, `INSIGHTVM_PASS` |
|
||||
|
||||
## Installation
|
||||
|
||||
```bash
|
||||
pip install requests
|
||||
```
|
||||
|
||||
## Libraries
|
||||
|
||||
| Library | Use |
|
||||
|---------|-----|
|
||||
| `requests` | requests SDK/client |
|
||||
|
||||
## Authentication
|
||||
|
||||
| Method | Header |
|
||||
|--------|--------|
|
||||
| Bearer Token | `Authorization: Bearer <token>` |
|
||||
| API Key | `X-API-Key: <key>` |
|
||||
InsightVM API v3 uses HTTP Basic Authentication:
|
||||
|
||||
```python
|
||||
import requests
|
||||
import os
|
||||
from requests.auth import HTTPBasicAuth
|
||||
|
||||
INSIGHTVM_URL = os.environ.get("INSIGHTVM_URL", "https://insightvm.example.com:3780")
|
||||
auth = HTTPBasicAuth(
|
||||
os.environ["INSIGHTVM_USER"],
|
||||
os.environ["INSIGHTVM_PASS"],
|
||||
)
|
||||
```
|
||||
|
||||
## REST API v3 Endpoints
|
||||
|
||||
| Method | Endpoint | Description |
|
||||
|--------|----------|-------------|
|
||||
| GET | `/api/3/sites` | List all scan sites |
|
||||
| GET | `/api/3/sites/{id}` | Get site details |
|
||||
| POST | `/api/3/sites` | Create a new site |
|
||||
| GET | `/api/3/sites/{id}/assets` | List assets in a site |
|
||||
| POST | `/api/3/sites/{id}/scans` | Launch a scan on a site |
|
||||
| GET | `/api/3/scans` | List all scans |
|
||||
| GET | `/api/3/scans/{id}` | Get scan status and details |
|
||||
| GET | `/api/3/assets` | List all assets |
|
||||
| GET | `/api/3/assets/{id}` | Get asset details |
|
||||
| GET | `/api/3/assets/{id}/vulnerabilities` | Get vulnerabilities for asset |
|
||||
| GET | `/api/3/vulnerabilities` | List all known vulnerabilities |
|
||||
| GET | `/api/3/vulnerabilities/{id}` | Get vulnerability details |
|
||||
| GET | `/api/3/vulnerability_checks` | List vulnerability checks |
|
||||
| GET | `/api/3/scan_engines` | List scan engines |
|
||||
| GET | `/api/3/reports` | List generated reports |
|
||||
| POST | `/api/3/reports` | Create a report configuration |
|
||||
| POST | `/api/3/reports/{id}/generate` | Generate a report |
|
||||
| GET | `/api/3/tags` | List all tags |
|
||||
| GET | `/api/3/policies` | List compliance policies |
|
||||
|
||||
## Core Operations
|
||||
|
||||
### List Sites
|
||||
```python
|
||||
resp = requests.get(
|
||||
f"{INSIGHTVM_URL}/api/3/sites",
|
||||
auth=auth,
|
||||
params={"page": 0, "size": 100},
|
||||
timeout=30,
|
||||
verify=True,
|
||||
)
|
||||
for site in resp.json().get("resources", []):
|
||||
print(f"Site: {site['name']} (ID: {site['id']}) — {site.get('description', '')}")
|
||||
```
|
||||
|
||||
### Launch a Scan
|
||||
```python
|
||||
resp = requests.post(
|
||||
f"{INSIGHTVM_URL}/api/3/sites/{site_id}/scans",
|
||||
auth=auth,
|
||||
json={"engineId": engine_id},
|
||||
timeout=30,
|
||||
verify=True,
|
||||
)
|
||||
scan_id = resp.json()["id"]
|
||||
```
|
||||
|
||||
### Poll Scan Status
|
||||
```python
|
||||
import time
|
||||
|
||||
while True:
|
||||
resp = requests.get(
|
||||
f"{INSIGHTVM_URL}/api/3/scans/{scan_id}",
|
||||
auth=auth,
|
||||
timeout=30,
|
||||
verify=True,
|
||||
)
|
||||
status = resp.json()["status"]
|
||||
if status in ("finished", "stopped", "error"):
|
||||
break
|
||||
time.sleep(30)
|
||||
```
|
||||
|
||||
### Get Asset Vulnerabilities
|
||||
```python
|
||||
resp = requests.get(
|
||||
f"{INSIGHTVM_URL}/api/3/assets/{asset_id}/vulnerabilities",
|
||||
auth=auth,
|
||||
params={"page": 0, "size": 500},
|
||||
timeout=60,
|
||||
verify=True,
|
||||
)
|
||||
vulns = resp.json().get("resources", [])
|
||||
for v in vulns:
|
||||
print(f" {v['id']} — CVSS: {v.get('cvssV3Score', 'N/A')} — {v.get('status')}")
|
||||
```
|
||||
|
||||
### Get Vulnerability Details
|
||||
```python
|
||||
resp = requests.get(
|
||||
f"{INSIGHTVM_URL}/api/3/vulnerabilities/{vuln_id}",
|
||||
auth=auth,
|
||||
timeout=30,
|
||||
verify=True,
|
||||
)
|
||||
vuln = resp.json()
|
||||
# Fields: title, description, cvss, severity, publishedDate, references, exploits
|
||||
```
|
||||
|
||||
### Generate a Report
|
||||
```python
|
||||
report_config = {
|
||||
"name": "Monthly Vuln Report",
|
||||
"format": "pdf",
|
||||
"scope": {"sites": [site_id]},
|
||||
"template": "audit-report",
|
||||
}
|
||||
resp = requests.post(
|
||||
f"{INSIGHTVM_URL}/api/3/reports",
|
||||
auth=auth,
|
||||
json=report_config,
|
||||
timeout=30,
|
||||
verify=True,
|
||||
)
|
||||
report_id = resp.json()["id"]
|
||||
|
||||
# Generate the report
|
||||
requests.post(
|
||||
f"{INSIGHTVM_URL}/api/3/reports/{report_id}/generate",
|
||||
auth=auth,
|
||||
timeout=30,
|
||||
verify=True,
|
||||
)
|
||||
```
|
||||
|
||||
## Pagination
|
||||
|
||||
All list endpoints support cursor-based pagination:
|
||||
|
||||
```python
|
||||
def paginate(endpoint, auth, params=None):
|
||||
params = params or {}
|
||||
params.setdefault("size", 500)
|
||||
page = 0
|
||||
while True:
|
||||
params["page"] = page
|
||||
resp = requests.get(endpoint, auth=auth, params=params, timeout=60, verify=True)
|
||||
data = resp.json()
|
||||
yield from data.get("resources", [])
|
||||
if page >= data.get("page", {}).get("totalPages", 1) - 1:
|
||||
break
|
||||
page += 1
|
||||
```
|
||||
|
||||
## Output Format
|
||||
|
||||
```json
|
||||
{"timestamp": "ISO-8601", "findings": [], "risk_level": "HIGH"}
|
||||
{
|
||||
"id": 12345,
|
||||
"status": "finished",
|
||||
"vulnerabilities": {
|
||||
"critical": 3,
|
||||
"severe": 12,
|
||||
"moderate": 45,
|
||||
"total": 60
|
||||
},
|
||||
"assets": 128,
|
||||
"startTime": "2025-01-15T08:00:00Z",
|
||||
"endTime": "2025-01-15T09:45:00Z",
|
||||
"engineName": "Local Scan Engine"
|
||||
}
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user