mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 21:54:56 +03:00

Files

T

mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills

Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders

2026-03-10 21:02:12 +01:00

2.2 KiB

Raw Blame History

API Reference: Web Application Penetration Test Agent

Overview

Performs automated web application security testing: technology fingerprinting, security header checks, HTTP method testing, CORS misconfiguration detection, basic SQL injection, and reflected XSS testing.

Dependencies

Package	Version	Purpose
requests	>= 2.28	HTTP client for all web tests

External Tools (Optional)

Tool	Purpose
ffuf	Directory and file brute-forcing

Core Functions

`fingerprint_technology(target_url)`

Identifies server, framework, and language from headers and cookie names.

Returns: dict with server and technologies list

`check_security_headers(target_url)`

Checks HSTS, CSP, X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, Referrer-Policy, Permissions-Policy.

Returns: dict[str, dict] - header to presence/value mapping

`test_http_methods(target_url)`

Tests for dangerous HTTP methods (PUT, DELETE, TRACE, CONNECT).

Returns: list[dict] - allowed dangerous methods with risk levels

`test_cors_config(target_url)`

Tests CORS with evil origins, null origin, and subdomain spoofing.

Returns: list[dict] - reflected origins with credential risks

`run_directory_bruteforce(target_url, wordlist)`

Subprocess wrapper for ffuf directory enumeration.

Default wordlist: /usr/share/seclists/Discovery/Web-Content/common.txt

`test_sql_injection_basic(target_url, params)`

Tests URL parameters with SQL injection payloads and checks for database error strings.

Risk: CRITICAL when SQL error patterns detected

`test_xss_basic(target_url, params)`

Tests for reflected XSS by checking if payloads appear unescaped in response body.

Risk: HIGH when payload is reflected

`run_assessment(target_url, test_params)`

Full assessment pipeline with summary statistics.

OWASP Test Coverage

OWASP Category	Tests Performed
A01 Broken Access Control	CORS, HTTP methods
A03 Injection	SQL injection, XSS
A05 Security Misconfiguration	Security headers, HTTP methods

Usage

python agent.py https://target-app.example.com

2.2 KiB Raw Blame History

API Reference: Web Application Penetration Test Agent

Overview

Dependencies

External Tools (Optional)

Core Functions

fingerprint_technology(target_url)

check_security_headers(target_url)

test_http_methods(target_url)

test_cors_config(target_url)

run_directory_bruteforce(target_url, wordlist)

test_sql_injection_basic(target_url, params)

test_xss_basic(target_url, params)

run_assessment(target_url, test_params)