creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 21:54:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
1cffd664f555699d8e2b46f5ea94edaaa520f721
Anthropic-Cybersecurity-Skills/skills/performing-initial-access-with-evilginx3/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

47 lines
1.6 KiB
Markdown
Raw Blame History

# API Reference — Performing Initial Access with Evilginx3
## Libraries Used
- **pyyaml**: Parse Evilginx3 phishlet YAML configuration files
- **subprocess**: Check Evilginx installation and version
- **pathlib**: Directory listing and file reading
- **re**: IP address extraction from session logs
## CLI Interface
```
python agent.py parse --phishlet office365.yaml
python agent.py logs --file sessions.log
python agent.py check
python agent.py list --dir /path/to/phishlets/
python agent.py detect --phishlet office365.yaml
```
## Core Functions
### `parse_phishlet(phishlet_path)` — Analyze phishlet configuration
Extracts proxy hosts, auth tokens, credential fields. Determines MFA bypass capability.
### `analyze_session_log(log_file)` — Parse Evilginx session captures
Identifies sessions with captured tokens and credentials. Extracts source IPs.
### `check_evilginx_installation()` — Verify Evilginx3 binary
Returns installed status and version string.
### `list_phishlets(phishlet_dir)` — Enumerate available phishlets
Lists .yaml/.yml files in phishlet directory with sizes.
### `generate_detection_rules(phishlet_path)` — Create defensive signatures
Generates DNS monitoring, cookie relay detection, and network anomaly rules.
Includes FIDO2/WebAuthn MFA recommendations.
## Phishlet Structure
- `proxy_hosts`: Domain-to-phishing-subdomain mappings
- `auth_tokens`: Session cookies to intercept (enables MFA bypass)
- `credentials`: Form fields to capture (username/password)
- `sub_filters`: Content replacement rules for convincing proxied pages
## Dependencies
```
pip install pyyaml
```
System: evilginx (optional, for live testing)
Reference in New Issue View Git Blame Copy Permalink