mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-16 04:35:18 +03:00
27c6414ca5
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
2.5 KiB
2.5 KiB
API Reference: S3 Bucket Misconfiguration Remediation Agent
Overview
Audits and remediates S3 bucket security: public access blocks, bucket policies, ACLs, encryption, versioning, and access logging using boto3.
Dependencies
| Package | Version | Purpose |
|---|---|---|
| boto3 | >= 1.28 | AWS S3 API for audit and remediation |
Audit Functions
check_public_access_block(s3, bucket)
Verifies all four S3 Block Public Access settings are enabled.
- Returns:
dictwithblock_config,fully_blocked
check_bucket_policy(s3, bucket)
Parses bucket policy for Principal: "*" Allow statements.
- Returns:
dictwithpublic_statementslist (risk: CRITICAL)
check_bucket_acl(s3, bucket)
Checks ACL grants for AllUsers or AuthenticatedUsers URIs.
- Returns:
dictwithpublic_grantslist
check_encryption(s3, bucket)
Checks for default server-side encryption configuration.
- Returns:
dictwithencrypted,algorithm(AES256 or aws:kms)
check_versioning(s3, bucket)
Checks versioning status and MFA Delete configuration.
- Returns:
dictwithstatus,mfa_delete
check_logging(s3, bucket)
Verifies access logging is enabled with target bucket.
- Returns:
dictwithlogging_enabled,target_bucket
audit_all_buckets(s3)
Full audit across all buckets, sorted by issue count.
- Returns:
list[dict]with risk rating per bucket
Remediation Functions
enable_public_access_block(s3, bucket)
Enables all four S3 Block Public Access settings.
enable_encryption(s3, bucket, algorithm)
Configures default SSE-KMS or AES256 encryption with bucket key.
enable_versioning(s3, bucket)
Enables S3 versioning on the bucket.
AWS API Calls
| API Call | Purpose |
|---|---|
list_buckets |
Enumerate all buckets |
get_public_access_block |
Check block config |
put_public_access_block |
Apply block config |
get_bucket_policy |
Read bucket policy |
get_bucket_acl |
Read ACL grants |
get_bucket_encryption |
Check encryption |
put_bucket_encryption |
Enable encryption |
get_bucket_versioning |
Check versioning |
put_bucket_versioning |
Enable versioning |
get_bucket_logging |
Check access logging |
Environment Variables
| Variable | Required | Description |
|---|---|---|
AWS_ACCESS_KEY_ID |
Yes | AWS credential |
AWS_SECRET_ACCESS_KEY |
Yes | AWS credential |
AWS_DEFAULT_REGION |
No | Default: us-east-1 |
Usage
python agent.py us-east-1