mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-11 10:03:42 +03:00
c47eed6a64
- Fix 25 shell=True subprocess calls with list-based commands - Fix 49 verify=False in defensive skills (env-var override) - Add timeout to 231 HTTP/subprocess/socket calls - Fix 6 SQL injection patterns with whitelist validation - Replace 8 __import__() with standard imports - Remove 701 unused imports across 442 files - Add authorized-testing disclaimers to all offensive skills - Complete 11 incomplete skill directories - Expand 10 stub SKILL.md files with full content - Fix 2 YAML parse errors in frontmatter - Fix 5 pre-existing syntax errors - Convert 22 hardcoded paths/ports to environment variables - Back up 21 redundant skill pairs to .bak - Fix 2 global declaration errors - 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE) - 0 compile errors across all 724 agent.py files
4.2 KiB
4.2 KiB
API Reference: OpenTAXII Server
Libraries Used
| Library | Purpose |
|---|---|
opentaxii |
TAXII 1.x and 2.x server implementation |
taxii2-client |
TAXII 2.1 client for testing and integration |
stix2 |
Create and parse STIX 2.1 objects |
requests |
HTTP client for direct API testing |
Installation
# Server
pip install opentaxii
# Client and testing
pip install taxii2-client stix2 requests
Server Configuration
opentaxii.yml
---
persistence_api:
class: opentaxii.persistence.sqldb.SQLDatabaseAPI
parameters:
db_connection: sqlite:////tmp/opentaxii.db
create_tables: true
auth_api:
class: opentaxii.auth.sqldb.SQLDatabaseAuth
parameters:
db_connection: sqlite:////tmp/opentaxii.db
create_tables: true
secret: "change-this-secret-in-production"
taxii1:
save_raw_inbox_messages: false
logging:
opentaxii: info
root: info
Start the Server
# Set config path
export OPENTAXII_CONFIG=/path/to/opentaxii.yml
# Run the server
opentaxii-run-dev --host 0.0.0.0 --port 9000
# Production (with gunicorn)
gunicorn opentaxii.http:app --bind 0.0.0.0:9000
TAXII 2.1 API Endpoints
| Method | Endpoint | Description |
|---|---|---|
| GET | /taxii2/ |
Server discovery |
| GET | /{api-root}/ |
API root information |
| GET | /{api-root}/collections/ |
List collections |
| GET | /{api-root}/collections/{id}/ |
Get collection details |
| GET | /{api-root}/collections/{id}/objects/ |
Get STIX objects |
| POST | /{api-root}/collections/{id}/objects/ |
Add STIX objects |
| GET | /{api-root}/collections/{id}/manifest/ |
Object manifest |
| GET | /{api-root}/status/{id}/ |
Async operation status |
Server Administration
Create Collections via CLI
opentaxii-create-services -c services.yml
opentaxii-create-collections -c collections.yml
opentaxii-create-account --username admin --password admin123
collections.yml
---
- name: "threat-indicators"
id: "collection-001"
description: "Threat intelligence indicators"
type: "DATA_FEED"
accept_all_content: true
can_read: true
can_write: true
- name: "malware-samples"
id: "collection-002"
description: "Malware sample hashes and metadata"
type: "DATA_SET"
can_read: true
can_write: false
Client Operations
Discover Server and Collections
from taxii2client.v21 import Server
import os
server = Server(
os.environ.get("OPENTAXII_URL", "http://localhost:9000/taxii2/"),
user=os.environ.get("TAXII_USER", "admin"),
password=os.environ.get("TAXII_PASS", "admin123"),
)
for api_root in server.api_roots:
print(f"API Root: {api_root.title}")
for coll in api_root.collections:
print(f" {coll.title} (ID: {coll.id})")
print(f" Read: {coll.can_read} | Write: {coll.can_write}")
Push STIX Objects to a Collection
import stix2
from taxii2client.v21 import Collection
collection = Collection(
f"http://localhost:9000/collections/collection-001/",
user="admin",
password="admin123",
)
indicator = stix2.Indicator(
name="Malicious C2 Domain",
pattern="[domain-name:value = 'evil.example.com']",
pattern_type="stix",
valid_from="2025-01-15T00:00:00Z",
labels=["malicious-activity"],
)
bundle = stix2.Bundle(objects=[indicator])
collection.add_objects(bundle.serialize())
Fetch Objects from a Collection
objects = collection.get_objects()
for obj in objects.get("objects", []):
print(f" {obj['type']}: {obj.get('name', obj['id'])}")
Health Check
import requests
resp = requests.get(
"http://localhost:9000/taxii2/",
auth=("admin", "admin123"),
timeout=10,
)
if resp.status_code == 200:
discovery = resp.json()
print(f"Server title: {discovery.get('title')}")
print(f"API roots: {discovery.get('api_roots', [])}")
Output Format
{
"title": "OpenTAXII TAXII 2.1 Server",
"description": "Threat intelligence sharing server",
"api_roots": ["http://localhost:9000/api/"],
"collections": [
{
"id": "collection-001",
"title": "threat-indicators",
"can_read": true,
"can_write": true,
"media_types": ["application/stix+json;version=2.1"]
}
]
}