creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
27c6414ca5ae1b96adc7b36e2e486db95cbcb7c0
Anthropic-Cybersecurity-Skills/skills/performing-ssrf-vulnerability-exploitation/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

1.4 KiB
Raw Blame History

API Reference: SSRF Vulnerability Testing

Cloud Metadata Endpoints

Cloud URL Headers
AWS IMDSv1 http://169.254.169.254/latest/meta-data/ None
AWS IMDSv2 http://169.254.169.254/latest/api/token X-aws-ec2-metadata-token-ttl-seconds: 21600
GCP http://metadata.google.internal/computeMetadata/v1/ Metadata-Flavor: Google
Azure http://169.254.169.254/metadata/instance?api-version=2021-02-01 Metadata: true

IP Encoding Bypass Techniques

Technique 169.254.169.254 Encoded
Decimal 2852039166
Hex 0xa9fea9fe
Octal 0251.0376.0251.0376
IPv6 mapped [::ffff:169.254.169.254]
Shortened 169.254.169.254 -> 0 (localhost)

Python requests

import requests
resp = requests.get(url, timeout=10, allow_redirects=False, verify=False)
resp.status_code   # HTTP status
resp.text          # Response body
len(resp.content)  # Response size
resp.headers       # Response headers

SSRF Impact Levels

Access Impact Severity
Cloud metadata credentials Full account compromise Critical
Internal service access Lateral movement High
Local file read (file://) Information disclosure High
Internal port scan Reconnaissance Medium

MITRE ATT&CK

  • T1190 - Exploit Public-Facing Application
  • T1552.005 - Cloud Instance Metadata API
Reference in New Issue View Git Blame Copy Permalink