mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-10 21:24:56 +03:00
mukul975
c21af3347e
- Add scripts/agent.py and references/api-reference.md to all remaining skills - Update all 648 LICENSE files: copyright now reads 'Mahipal' - Add implementing-security-monitoring-with-datadog (new skill with full anatomy) - All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
1.6 KiB
1.6 KiB
API Reference — Performing Initial Access with Evilginx3
Libraries Used
- pyyaml: Parse Evilginx3 phishlet YAML configuration files
- subprocess: Check Evilginx installation and version
- pathlib: Directory listing and file reading
- re: IP address extraction from session logs
CLI Interface
python agent.py parse --phishlet office365.yaml
python agent.py logs --file sessions.log
python agent.py check
python agent.py list --dir /path/to/phishlets/
python agent.py detect --phishlet office365.yaml
Core Functions
parse_phishlet(phishlet_path) — Analyze phishlet configuration
Extracts proxy hosts, auth tokens, credential fields. Determines MFA bypass capability.
analyze_session_log(log_file) — Parse Evilginx session captures
Identifies sessions with captured tokens and credentials. Extracts source IPs.
check_evilginx_installation() — Verify Evilginx3 binary
Returns installed status and version string.
list_phishlets(phishlet_dir) — Enumerate available phishlets
Lists .yaml/.yml files in phishlet directory with sizes.
generate_detection_rules(phishlet_path) — Create defensive signatures
Generates DNS monitoring, cookie relay detection, and network anomaly rules. Includes FIDO2/WebAuthn MFA recommendations.
Phishlet Structure
proxy_hosts: Domain-to-phishing-subdomain mappingsauth_tokens: Session cookies to intercept (enables MFA bypass)credentials: Form fields to capture (username/password)sub_filters: Content replacement rules for convincing proxied pages
Dependencies
pip install pyyaml
System: evilginx (optional, for live testing)