mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-17 05:05:16 +03:00
Production hardening: security fixes, code quality, 724 skills complete
- Fix 25 shell=True subprocess calls with list-based commands - Fix 49 verify=False in defensive skills (env-var override) - Add timeout to 231 HTTP/subprocess/socket calls - Fix 6 SQL injection patterns with whitelist validation - Replace 8 __import__() with standard imports - Remove 701 unused imports across 442 files - Add authorized-testing disclaimers to all offensive skills - Complete 11 incomplete skill directories - Expand 10 stub SKILL.md files with full content - Fix 2 YAML parse errors in frontmatter - Fix 5 pre-existing syntax errors - Convert 22 hardcoded paths/ports to environment variables - Back up 21 redundant skill pairs to .bak - Fix 2 global declaration errors - 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE) - 0 compile errors across all 724 agent.py files
This commit is contained in:
@@ -1,4 +1,7 @@
|
||||
#!/usr/bin/env python3
|
||||
# For authorized penetration testing and educational environments only.
|
||||
# Usage against targets without prior mutual consent is illegal.
|
||||
# It is the end user's responsibility to obey all applicable local, state and federal laws.
|
||||
"""Agent for thick client application penetration testing.
|
||||
|
||||
Performs static analysis (strings extraction, .NET detection),
|
||||
@@ -6,7 +9,6 @@ dynamic analysis (process monitoring, DLL search order checks),
|
||||
local storage auditing, and API traffic interception assessment.
|
||||
"""
|
||||
|
||||
import subprocess
|
||||
import json
|
||||
import sys
|
||||
import os
|
||||
@@ -15,6 +17,8 @@ import sqlite3
|
||||
from pathlib import Path
|
||||
from datetime import datetime
|
||||
|
||||
_SAFE_TABLE_RE = re.compile(r'^[a-zA-Z_][a-zA-Z0-9_]*$')
|
||||
|
||||
|
||||
class ThickClientPentestAgent:
|
||||
"""Performs security assessment of thick/fat client applications."""
|
||||
@@ -129,7 +133,9 @@ class ThickClientPentestAgent:
|
||||
if any(kw in lower for kw in
|
||||
["user", "account", "credential", "auth",
|
||||
"login", "password", "token", "session"]):
|
||||
cursor.execute(f'SELECT COUNT(*) FROM "{table}"')
|
||||
if not _SAFE_TABLE_RE.match(table):
|
||||
continue
|
||||
cursor.execute(f"SELECT COUNT(*) FROM [{table}]")
|
||||
count = cursor.fetchone()[0]
|
||||
sensitive_tables.append({"table": table, "rows": count})
|
||||
|
||||
|
||||
Reference in New Issue
Block a user