mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-19 14:09:40 +03:00
27c6414ca5
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
1.9 KiB
1.9 KiB
API Reference: Building Automated Malware Submission Pipeline
VirusTotal API v3
File Lookup by Hash
resp = requests.get(
f"https://www.virustotal.com/api/v3/files/{sha256}",
headers={"x-apikey": VT_KEY},
)
stats = resp.json()["data"]["attributes"]["last_analysis_stats"]
Submit File for Scanning
resp = requests.post(
"https://www.virustotal.com/api/v3/files",
headers={"x-apikey": VT_KEY},
files={"file": open(filepath, "rb")},
)
analysis_id = resp.json()["data"]["id"]
MalwareBazaar API
resp = requests.post(
"https://mb-api.abuse.ch/api/v1/",
data={"query": "get_info", "hash": sha256},
)
if resp.json()["query_status"] == "ok":
entry = resp.json()["data"][0]
print(entry["signature"], entry["tags"])
Cuckoo Sandbox REST API
| Endpoint | Method | Description |
|---|---|---|
/tasks/create/file |
POST | Submit file for analysis |
/tasks/view/{id} |
GET | Check task status |
/tasks/report/{id} |
GET | Get analysis report |
/tasks/list |
GET | List all tasks |
# Submit
resp = requests.post(
f"{CUCKOO_URL}/tasks/create/file",
files={"file": open(path, "rb")},
data={"timeout": 300, "machine": "win10_x64"},
)
task_id = resp.json()["task_id"]
# Check status
resp = requests.get(f"{CUCKOO_URL}/tasks/view/{task_id}")
status = resp.json()["task"]["status"] # "reported" when done
Splunk HEC (HTTP Event Collector)
requests.post(
f"{SPLUNK_URL}/services/collector/event",
headers={"Authorization": f"Splunk {TOKEN}"},
json={"sourcetype": "malware_analysis", "event": report_data},
)
References
- VirusTotal API: https://docs.virustotal.com/reference/overview
- MalwareBazaar: https://bazaar.abuse.ch/api/
- Cuckoo API: https://cuckoo.readthedocs.io/en/latest/usage/api/
- Splunk HEC: https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector