mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-19 22:19:39 +03:00
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
77 lines
1.9 KiB
Markdown
77 lines
1.9 KiB
Markdown
# API Reference: Building Automated Malware Submission Pipeline
|
|
|
|
## VirusTotal API v3
|
|
|
|
### File Lookup by Hash
|
|
|
|
```python
|
|
resp = requests.get(
|
|
f"https://www.virustotal.com/api/v3/files/{sha256}",
|
|
headers={"x-apikey": VT_KEY},
|
|
)
|
|
stats = resp.json()["data"]["attributes"]["last_analysis_stats"]
|
|
```
|
|
|
|
### Submit File for Scanning
|
|
|
|
```python
|
|
resp = requests.post(
|
|
"https://www.virustotal.com/api/v3/files",
|
|
headers={"x-apikey": VT_KEY},
|
|
files={"file": open(filepath, "rb")},
|
|
)
|
|
analysis_id = resp.json()["data"]["id"]
|
|
```
|
|
|
|
## MalwareBazaar API
|
|
|
|
```python
|
|
resp = requests.post(
|
|
"https://mb-api.abuse.ch/api/v1/",
|
|
data={"query": "get_info", "hash": sha256},
|
|
)
|
|
if resp.json()["query_status"] == "ok":
|
|
entry = resp.json()["data"][0]
|
|
print(entry["signature"], entry["tags"])
|
|
```
|
|
|
|
## Cuckoo Sandbox REST API
|
|
|
|
| Endpoint | Method | Description |
|
|
|----------|--------|-------------|
|
|
| `/tasks/create/file` | POST | Submit file for analysis |
|
|
| `/tasks/view/{id}` | GET | Check task status |
|
|
| `/tasks/report/{id}` | GET | Get analysis report |
|
|
| `/tasks/list` | GET | List all tasks |
|
|
|
|
```python
|
|
# Submit
|
|
resp = requests.post(
|
|
f"{CUCKOO_URL}/tasks/create/file",
|
|
files={"file": open(path, "rb")},
|
|
data={"timeout": 300, "machine": "win10_x64"},
|
|
)
|
|
task_id = resp.json()["task_id"]
|
|
|
|
# Check status
|
|
resp = requests.get(f"{CUCKOO_URL}/tasks/view/{task_id}")
|
|
status = resp.json()["task"]["status"] # "reported" when done
|
|
```
|
|
|
|
## Splunk HEC (HTTP Event Collector)
|
|
|
|
```python
|
|
requests.post(
|
|
f"{SPLUNK_URL}/services/collector/event",
|
|
headers={"Authorization": f"Splunk {TOKEN}"},
|
|
json={"sourcetype": "malware_analysis", "event": report_data},
|
|
)
|
|
```
|
|
|
|
### References
|
|
|
|
- VirusTotal API: https://docs.virustotal.com/reference/overview
|
|
- MalwareBazaar: https://bazaar.abuse.ch/api/
|
|
- Cuckoo API: https://cuckoo.readthedocs.io/en/latest/usage/api/
|
|
- Splunk HEC: https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector
|