mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-10 21:24:56 +03:00

Files

T

mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills

Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders

2026-03-10 21:02:12 +01:00

2.6 KiB

Raw Permalink Blame History

API Reference: Cuckoo Sandbox

Cuckoo CLI

Sample Submission

cuckoo submit /path/to/sample.exe
cuckoo submit --timeout 300 /path/to/sample.exe
cuckoo submit --machine win10_x64 --package exe sample.exe
cuckoo submit --url "http://malicious-url.com"

Status

cuckoo status
tail -f /opt/cuckoo/log/cuckoo.log

Cuckoo REST API

Submit File

curl -F "file=@sample.exe" -F "timeout=300" \
  http://localhost:8090/tasks/create/file

Response: {"task_id": 1}

Submit URL

curl -F "url=http://malicious.com" -F "timeout=300" \
  http://localhost:8090/tasks/create/url

Check Task Status

curl http://localhost:8090/tasks/view/<task_id>

Status values: pending, running, completed, reported

Get Report

curl http://localhost:8090/tasks/report/<task_id>
curl http://localhost:8090/tasks/report/<task_id>/json

List Tasks

curl http://localhost:8090/tasks/list
curl http://localhost:8090/tasks/list?limit=50&offset=0

Report JSON Structure

Key Paths

Path	Content
`info.score`	Threat score (0-10)
`info.duration`	Analysis duration (seconds)
`behavior.processes`	Process tree with API calls
`behavior.summary.files`	Created/modified files
`behavior.summary.keys`	Modified registry keys
`network.dns`	DNS resolutions
`network.http`	HTTP requests
`network.tcp`	TCP connections
`dropped`	Dropped files with hashes
`signatures`	Triggered behavioral signatures

Signature Severity Levels

Level	Meaning
1	Informational
2	Low
3	Medium
4	High
5	Critical

Analysis Packages

Package	File Type
`exe`	Windows executables
`dll`	DLL files (uses rundll32)
`doc`	Word documents
`xls`	Excel spreadsheets
`pdf`	PDF documents
`js`	JavaScript files
`vbs`	VBScript files
`ps1`	PowerShell scripts
`zip`	Archives (auto-extracted)

InetSim - Network Simulation

Syntax

inetsim --bind-address 192.168.56.1
inetsim --report-dir /var/log/inetsim

Simulated Services

HTTP/HTTPS (ports 80, 443)
DNS (port 53)
SMTP (port 25)
FTP (port 21)
IRC (port 6667)

FakeNet-NG - Network Redirection

Syntax

fakenet
fakenet -c custom_config.ini

Volatility Integration

Syntax

vol3 -f /opt/cuckoo/storage/analyses/<id>/memory.dmp windows.pslist
vol3 -f /opt/cuckoo/storage/analyses/<id>/memory.dmp windows.malfind
vol3 -f /opt/cuckoo/storage/analyses/<id>/memory.dmp windows.netscan

2.6 KiB Raw Permalink Blame History

API Reference: Cuckoo Sandbox

Cuckoo CLI

Sample Submission

Status

Cuckoo REST API

Submit File

Submit URL

Check Task Status

Get Report

List Tasks

Report JSON Structure

Key Paths

Signature Severity Levels

Analysis Packages

InetSim - Network Simulation

Syntax

Simulated Services

FakeNet-NG - Network Redirection

Syntax

Volatility Integration

Syntax

2.6 KiB

Raw Permalink Blame History