mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-16 20:55:17 +03:00
27c6414ca5
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
2.3 KiB
2.3 KiB
API Reference: Auditing AWS S3 Bucket Permissions
boto3 S3 Client
List Buckets
import boto3
s3 = boto3.client("s3")
response = s3.list_buckets()
for bucket in response["Buckets"]:
print(bucket["Name"], bucket["CreationDate"])
Get Bucket ACL
acl = s3.get_bucket_acl(Bucket="my-bucket")
for grant in acl["Grants"]:
print(grant["Grantee"], grant["Permission"])
Get/Put Public Access Block
# Check settings
resp = s3.get_public_access_block(Bucket="my-bucket")
config = resp["PublicAccessBlockConfiguration"]
# Enable all blocks
s3.put_public_access_block(
Bucket="my-bucket",
PublicAccessBlockConfiguration={
"BlockPublicAcls": True,
"IgnorePublicAcls": True,
"BlockPublicPolicy": True,
"RestrictPublicBuckets": True,
},
)
Get Bucket Policy
import json
policy_str = s3.get_bucket_policy(Bucket="my-bucket")["Policy"]
policy = json.loads(policy_str)
for stmt in policy["Statement"]:
print(stmt["Effect"], stmt["Principal"], stmt["Action"])
Check Encryption
enc = s3.get_bucket_encryption(Bucket="my-bucket")
rules = enc["ServerSideEncryptionConfiguration"]["Rules"]
print(rules[0]["ApplyServerSideEncryptionByDefault"]["SSEAlgorithm"])
Check Versioning
resp = s3.get_bucket_versioning(Bucket="my-bucket")
print(resp.get("Status", "Disabled"))
Key S3 API Methods for Security Auditing
| Method | Returns |
|---|---|
list_buckets() |
All buckets in account |
get_bucket_acl() |
ACL grants (AllUsers, AuthenticatedUsers) |
get_public_access_block() |
Block public access configuration |
get_bucket_policy() |
Bucket policy JSON (wildcard principals) |
get_bucket_encryption() |
Default encryption algorithm |
get_bucket_versioning() |
Versioning status |
get_bucket_logging() |
Access logging configuration |
get_bucket_location() |
Bucket region |
Public Grant URIs to Flag
| URI | Risk |
|---|---|
http://acs.amazonaws.com/groups/global/AllUsers |
Public read/write |
http://acs.amazonaws.com/groups/global/AuthenticatedUsers |
Any AWS account |