creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 05:34:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
757f1c8eae4e288d20f7dfde7f7a42a4d30cffc7
Anthropic-Cybersecurity-Skills/skills/deploying-cloudflare-access-for-zero-trust/scripts/agent.py
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

112 lines
3.7 KiB
Python
Raw Blame History

#!/usr/bin/env python3
"""Cloudflare Access zero trust audit agent using Cloudflare API."""
import json
import sys
import argparse
from datetime import datetime
try:
import requests
except ImportError:
print("Install: pip install requests")
sys.exit(1)
class CloudflareAccessClient:
"""Cloudflare Access API client."""
def __init__(self, api_token, account_id):
self.base = f"https://api.cloudflare.com/client/v4/accounts/{account_id}/access"
self.headers = {"Authorization": f"Bearer {api_token}", "Content-Type": "application/json"}
def _get(self, endpoint):
resp = requests.get(f"{self.base}/{endpoint}", headers=self.headers)
resp.raise_for_status()
return resp.json()
def list_applications(self):
return self._get("apps")
def list_policies(self, app_id):
return self._get(f"apps/{app_id}/policies")
def list_groups(self):
return self._get("groups")
def list_identity_providers(self):
return self._get("identity_providers")
def list_service_tokens(self):
return self._get("service_tokens")
def audit_access_config(client):
"""Audit Cloudflare Access configuration."""
findings = []
apps = client.list_applications()
for app in apps.get("result", []):
if not app.get("session_duration"):
findings.append({
"type": "no_session_timeout",
"app": app.get("name", ""),
"severity": "MEDIUM",
})
tokens = client.list_service_tokens()
for token in tokens.get("result", []):
if token.get("expires_at"):
expiry = datetime.fromisoformat(token["expires_at"].replace("Z", "+00:00"))
if expiry.replace(tzinfo=None) < datetime.utcnow():
findings.append({
"type": "expired_service_token",
"token_name": token.get("name", ""),
"severity": "HIGH",
})
return findings
def run_audit(api_token, account_id):
"""Execute Cloudflare Access audit."""
client = CloudflareAccessClient(api_token, account_id)
print(f"\n{'='*60}")
print(f" CLOUDFLARE ACCESS ZERO TRUST AUDIT")
print(f" Generated: {datetime.utcnow().isoformat()} UTC")
print(f"{'='*60}\n")
apps = client.list_applications()
app_list = apps.get("result", [])
print(f"--- APPLICATIONS ({len(app_list)}) ---")
for a in app_list[:10]:
print(f" {a.get('name', '')}: domain={a.get('domain', '')} type={a.get('type', '')}")
idps = client.list_identity_providers()
idp_list = idps.get("result", [])
print(f"\n--- IDENTITY PROVIDERS ({len(idp_list)}) ---")
for idp in idp_list:
print(f" {idp.get('name', '')}: type={idp.get('type', '')}")
findings = audit_access_config(client)
print(f"\n--- FINDINGS ({len(findings)}) ---")
for f in findings:
print(f" [{f['severity']}] {f['type']}: {f.get('app', f.get('token_name', ''))}")
return {"apps": len(app_list), "idps": len(idp_list), "findings": findings}
def main():
parser = argparse.ArgumentParser(description="Cloudflare Access Audit Agent")
parser.add_argument("--api-token", required=True, help="Cloudflare API token")
parser.add_argument("--account-id", required=True, help="Cloudflare account ID")
parser.add_argument("--output", help="Save report to JSON file")
args = parser.parse_args()
report = run_audit(args.api_token, args.account_id)
if args.output:
with open(args.output, "w") as f:
json.dump(report, f, indent=2, default=str)
print(f"\n[+] Report saved to {args.output}")
if __name__ == "__main__":
main()
Reference in New Issue View Git Blame Copy Permalink