creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
ccce7d4e068efecc2f98c385c8e5c01d969fc9bc
Anthropic-Cybersecurity-Skills/skills/detecting-shadow-api-endpoints/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

95 lines
2.2 KiB
Markdown
Raw Blame History

# API Reference: Shadow API Endpoint Detection
## OpenAPI 3.0 Specification Structure
### Loading Paths
```json
{
"openapi": "3.0.0",
"paths": {
"/api/users": {
"get": { "summary": "List users" },
"post": { "summary": "Create user" }
},
"/api/users/{id}": {
"get": { "summary": "Get user by ID" }
}
}
}
```
### Key Fields
| Field | Description |
|-------|-------------|
| `paths` | Map of URL paths to operations |
| `servers[].url` | Base URL for the API |
| `components.securitySchemes` | Authentication methods |
## Web Access Log Formats
### Apache/Nginx Combined Log
```
127.0.0.1 - frank [10/Oct/2024:13:55:36 -0700] "GET /api/users HTTP/1.1" 200 2326
```
### Regex Pattern
```python
r'(\S+)\s+\S+\s+\S+\s+\[([^\]]+)\]\s+"(\S+)\s+(\S+)\s+\S+"\s+(\d+)\s+(\d+)'
```
| Group | Content |
|-------|---------|
| 1 | Client IP |
| 2 | Timestamp |
| 3 | HTTP Method |
| 4 | Request Path |
| 5 | Status Code |
| 6 | Response Size |
## Path Normalization Patterns
### ID replacement
```python
re.sub(r'/\d+', '/{id}', path) # /users/123 -> /users/{id}
re.sub(r'/[0-9a-f]{24,}', '/{id}', path) # MongoDB ObjectId
re.sub(r'/[0-9a-f-]{36}', '/{uuid}', path) # UUID v4
```
## OWASP API Security Top 10 (2023)
| # | Risk | Relevance to Shadow APIs |
|---|------|--------------------------|
| API1 | Broken Object Level Auth | Shadow endpoints may lack auth |
| API2 | Broken Authentication | Undocumented auth bypass |
| API5 | Broken Function Level Auth | Admin endpoints exposed |
| API9 | Improper Inventory Management | Core shadow API risk |
## Akamai API Discovery
### List discovered APIs
```http
GET https://cloud.akamai.com/api-gateway/v1/apis/discovered
Authorization: Bearer {token}
```
## AWS API Gateway — Export API
```bash
aws apigateway get-export \
--rest-api-id abc123 \
--stage-name prod \
--export-type oas30 \
exported-api.json
```
## Burp Suite Enterprise — API Scan
```http
POST https://burp-enterprise/api/v1/scans
Content-Type: application/json
{
"scan_type": "api_discovery",
"target_url": "https://api.example.com",
"openapi_spec": "https://api.example.com/openapi.json"
}
```
Reference in New Issue View Git Blame Copy Permalink