Files
Anthropic-Cybersecurity-Skills/skills/detecting-typosquatting-packages/references/api-reference.md
T
mukul975 8cae0648ec Add 55 new skills across 3 new domains + 6 undercovered areas (762 -> 817)
Demand-driven expansion targeting the fastest-growing 2025-2026 threat and
skills categories (ISC2/WEF/CrowdStrike/Mandiant signals):

- AI Security (NEW domain, 12 skills): LLM red-teaming with garak/PyRIT,
  prompt injection (direct/indirect/RAG), MCP tool-poisoning, agentic tool
  invocation, guardrails, model/data poisoning, system-prompt leakage,
  embedding/vector weaknesses, model extraction, continuous red-teaming
- Supply Chain Security (NEW domain, 5 skills): SBOMs, dependency confusion,
  malicious-npm triage, typosquatting, SLSA/Sigstore provenance
- Hardware & Firmware Security (NEW domain, 4 skills): CHIPSEC/UEFI audit,
  Secure Boot bypass, TPM measured-boot attestation, ESP bootkit hunting
- Identity (10): Entra ID/ROADtools, GraphRunner, AADInternals, ADCS/Certipy,
  shadow credentials, coercion, BloodHound CE, device-code phishing, SSO abuse
- Cloud-native (8): Stratus, Pacu, CloudFox, container escape, K8s RBAC,
  Falco, Trivy, kube-bench
- Offensive C2 (6): Sliver, Havoc, NetExec, DPAPI, NTLM relay ESC8, redirectors
- DFIR (6): Hayabusa, Chainsaw, KAPE, Velociraptor, EZ Tools, Plaso
- Backfill (4): OpenCTI, MISP, honeytokens, post-quantum crypto migration

Each skill follows the repo taxonomy (SKILL.md + references/{standards,api-reference}.md
+ scripts/agent.py + LICENSE), with researched real tool commands (no placeholders),
complete frontmatter, and ATT&CK/ATLAS + NIST CSF mappings. Updates README domain
table, skill count, and index.json.
2026-06-22 19:08:16 +02:00

51 lines
2.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# API and Command Reference - Typosquatting Detection
## typomania (Rust library)
| Item | Description |
|------|-------------|
| `Harness` | Primary struct; `Harness::check(name)` compares a candidate against the corpus |
| `Corpus` trait | Implement to provide the popular-name reference set for any registry |
| `Package` trait | Implement to expose a package's name/metadata to the harness |
| `rayon` feature | Enabled by default; parallelizes `Harness::check` across many packages |
| `cargo run --example registry` | Runs the bundled example against a fake registry |
## OSSGadget oss-find-squats
| Command | Purpose |
|---------|---------|
| `oss-find-squats pkg:npm/<name>` | Generate squat candidates of an npm package and report which exist |
| `oss-find-squats pkg:pypi/<name>` | Same for PyPI |
| `oss-find-squats pkg:cargo/<name>` | Same for crates.io |
| `oss-find-squats --quiet <purl>` | Suppress non-finding output |
Package URL (purl) format: `pkg:<type>/<namespace>/<name>@<version>`
## pypi-scan (IQTLabs)
| Command | Purpose |
|---------|---------|
| `python pypi_scan.py -p <package>` | Find candidate typosquats of one package |
| `python pypi_scan.py -n <N>` | Scan the top-N most-downloaded PyPI packages |
## Registry metadata endpoints
| Endpoint | Returns |
|----------|---------|
| `https://registry.npmjs.org/<pkg>` | Full npm package doc (time, maintainers, versions, scripts) |
| `https://api.npmjs.org/downloads/point/last-week/<pkg>` | npm weekly download count |
| `https://pypi.org/pypi/<pkg>/json` | PyPI info, releases, author, urls |
| `https://crates.io/api/v1/crates/<pkg>` | crates.io crate metadata (requires User-Agent) |
| `https://registry.npmjs.org/-/v1/search?text=...&popularity=1.0` | npm popularity search |
## Risk-scoring signals
| Signal | High-risk value |
|--------|-----------------|
| Edit distance to popular name | 12 |
| Package age | < 90 days |
| Weekly downloads | < 1000 |
| Install scripts | `preinstall` / `postinstall` / network in `setup.py` |
| Maintainer overlap | Different maintainer than legit package |
| Repository URL | Missing, or points to legit project (impersonation) |