mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-11 05:34:55 +03:00
mukul975
27c6414ca5
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
49 lines
1.3 KiB
Markdown
49 lines
1.3 KiB
Markdown
# API Reference: Implementing API Key Security Controls
|
|
|
|
## Secure Key Generation
|
|
|
|
```python
|
|
import secrets, hashlib
|
|
key = f"sk_{secrets.token_hex(32)}"
|
|
key_hash = hashlib.sha256(key.encode()).hexdigest() # Store hash only
|
|
```
|
|
|
|
## Leaked Key Patterns
|
|
|
|
| Pattern | Service |
|
|
|---------|---------|
|
|
| `sk_live_[a-zA-Z0-9]{24,}` | Stripe |
|
|
| `AKIA[0-9A-Z]{16}` | AWS |
|
|
| `AIza[0-9A-Za-z_-]{35}` | Google |
|
|
| `ghp_[a-zA-Z0-9]{36}` | GitHub PAT |
|
|
| `sk-[a-zA-Z0-9]{48}` | OpenAI |
|
|
|
|
## Key Rotation Policy
|
|
|
|
| Criteria | Threshold | Severity |
|
|
|----------|-----------|----------|
|
|
| Key age > 90 days | Rotation required | HIGH |
|
|
| Unused > 30 days | Revocation candidate | MEDIUM |
|
|
| Wildcard scope | Scope reduction needed | HIGH |
|
|
| Shared across IPs | Possible leak | HIGH |
|
|
|
|
## TruffleHog Scanning
|
|
|
|
```bash
|
|
trufflehog filesystem --directory /path/to/code --json
|
|
trufflehog git https://github.com/org/repo --json
|
|
```
|
|
|
|
## GitHub Secret Scanning API
|
|
|
|
```bash
|
|
curl -H "Authorization: token $TOKEN" \
|
|
https://api.github.com/repos/OWNER/REPO/secret-scanning/alerts
|
|
```
|
|
|
|
### References
|
|
|
|
- GitHub Secret Scanning: https://docs.github.com/en/code-security/secret-scanning
|
|
- TruffleHog: https://github.com/trufflesecurity/trufflehog
|
|
- OWASP API Key Management: https://cheatsheetseries.owasp.org/cheatsheets/API_Security_Cheat_Sheet.html
|