mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-12 14:14:56 +03:00
mukul975
27c6414ca5
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
178 lines
6.7 KiB
Python
178 lines
6.7 KiB
Python
#!/usr/bin/env python3
|
|
"""Device posture assessment agent for zero trust endpoint compliance evaluation."""
|
|
|
|
import argparse
|
|
import json
|
|
import logging
|
|
import os
|
|
import platform
|
|
import subprocess
|
|
import sys
|
|
from datetime import datetime
|
|
from typing import Dict, List
|
|
|
|
logging.basicConfig(level=logging.INFO, format="%(asctime)s [%(levelname)s] %(message)s")
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
def check_os_version() -> dict:
|
|
"""Check OS version and patch level."""
|
|
return {
|
|
"os": platform.system(),
|
|
"version": platform.version(),
|
|
"release": platform.release(),
|
|
"machine": platform.machine(),
|
|
}
|
|
|
|
|
|
def check_disk_encryption() -> dict:
|
|
"""Check if disk encryption is enabled."""
|
|
system = platform.system()
|
|
if system == "Windows":
|
|
try:
|
|
result = subprocess.run(
|
|
["manage-bde", "-status", "C:"], capture_output=True, text=True, timeout=10)
|
|
encrypted = "Fully Encrypted" in result.stdout or "100%" in result.stdout
|
|
return {"enabled": encrypted, "tool": "BitLocker", "output": result.stdout[:200]}
|
|
except FileNotFoundError:
|
|
return {"enabled": False, "tool": "BitLocker", "error": "manage-bde not found"}
|
|
elif system == "Darwin":
|
|
try:
|
|
result = subprocess.run(
|
|
["fdesetup", "status"], capture_output=True, text=True, timeout=10)
|
|
return {"enabled": "On" in result.stdout, "tool": "FileVault"}
|
|
except FileNotFoundError:
|
|
return {"enabled": False, "error": "fdesetup not found"}
|
|
elif system == "Linux":
|
|
try:
|
|
result = subprocess.run(
|
|
["lsblk", "-o", "NAME,TYPE,FSTYPE"], capture_output=True, text=True, timeout=10)
|
|
encrypted = "crypto_LUKS" in result.stdout or "crypt" in result.stdout
|
|
return {"enabled": encrypted, "tool": "LUKS"}
|
|
except FileNotFoundError:
|
|
return {"enabled": False, "error": "lsblk not found"}
|
|
return {"enabled": False, "error": "Unsupported OS"}
|
|
|
|
|
|
def check_firewall_status() -> dict:
|
|
"""Check if host firewall is enabled."""
|
|
system = platform.system()
|
|
if system == "Windows":
|
|
try:
|
|
result = subprocess.run(
|
|
["netsh", "advfirewall", "show", "allprofiles", "state"],
|
|
capture_output=True, text=True, timeout=10)
|
|
enabled = "ON" in result.stdout.upper()
|
|
return {"enabled": enabled, "tool": "Windows Firewall"}
|
|
except FileNotFoundError:
|
|
return {"enabled": False, "error": "netsh not found"}
|
|
elif system == "Linux":
|
|
try:
|
|
result = subprocess.run(
|
|
["ufw", "status"], capture_output=True, text=True, timeout=10)
|
|
return {"enabled": "active" in result.stdout.lower(), "tool": "UFW"}
|
|
except FileNotFoundError:
|
|
return {"enabled": False, "error": "ufw not found"}
|
|
return {"enabled": False, "error": "Unsupported OS"}
|
|
|
|
|
|
def check_antivirus() -> dict:
|
|
"""Check if antivirus/EDR is running."""
|
|
system = platform.system()
|
|
if system == "Windows":
|
|
try:
|
|
result = subprocess.run(
|
|
["powershell", "-Command", "Get-MpComputerStatus | Select-Object RealTimeProtectionEnabled | ConvertTo-Json"],
|
|
capture_output=True, text=True, timeout=15)
|
|
if result.stdout:
|
|
data = json.loads(result.stdout)
|
|
return {"enabled": data.get("RealTimeProtectionEnabled", False),
|
|
"tool": "Windows Defender"}
|
|
except (FileNotFoundError, json.JSONDecodeError):
|
|
pass
|
|
return {"enabled": False, "tool": "unknown"}
|
|
|
|
|
|
def check_screen_lock() -> dict:
|
|
"""Check if screen lock is configured with timeout."""
|
|
system = platform.system()
|
|
if system == "Windows":
|
|
try:
|
|
result = subprocess.run(
|
|
["powershell", "-Command",
|
|
"(Get-ItemProperty 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System').InactivityTimeoutSecs"],
|
|
capture_output=True, text=True, timeout=10)
|
|
timeout = int(result.stdout.strip()) if result.stdout.strip() else 0
|
|
return {"configured": timeout > 0, "timeout_seconds": timeout}
|
|
except (FileNotFoundError, ValueError):
|
|
pass
|
|
return {"configured": False, "timeout_seconds": 0}
|
|
|
|
|
|
def compute_posture_score(checks: dict) -> dict:
|
|
"""Compute device posture compliance score."""
|
|
weights = {"disk_encryption": 25, "firewall": 20, "antivirus": 25,
|
|
"screen_lock": 15, "os_supported": 15}
|
|
score = 0
|
|
if checks.get("disk_encryption", {}).get("enabled"):
|
|
score += weights["disk_encryption"]
|
|
if checks.get("firewall", {}).get("enabled"):
|
|
score += weights["firewall"]
|
|
if checks.get("antivirus", {}).get("enabled"):
|
|
score += weights["antivirus"]
|
|
if checks.get("screen_lock", {}).get("configured"):
|
|
score += weights["screen_lock"]
|
|
score += weights["os_supported"]
|
|
if score >= 80:
|
|
compliance = "COMPLIANT"
|
|
elif score >= 50:
|
|
compliance = "PARTIAL"
|
|
else:
|
|
compliance = "NON_COMPLIANT"
|
|
return {"score": score, "max_score": 100, "compliance": compliance}
|
|
|
|
|
|
def generate_report() -> dict:
|
|
"""Generate device posture assessment report."""
|
|
checks = {
|
|
"os_info": check_os_version(),
|
|
"disk_encryption": check_disk_encryption(),
|
|
"firewall": check_firewall_status(),
|
|
"antivirus": check_antivirus(),
|
|
"screen_lock": check_screen_lock(),
|
|
}
|
|
posture = compute_posture_score(checks)
|
|
recommendations = []
|
|
if not checks["disk_encryption"].get("enabled"):
|
|
recommendations.append("Enable disk encryption (BitLocker/FileVault/LUKS)")
|
|
if not checks["firewall"].get("enabled"):
|
|
recommendations.append("Enable host firewall")
|
|
if not checks["antivirus"].get("enabled"):
|
|
recommendations.append("Enable antivirus/EDR with real-time protection")
|
|
return {
|
|
"analysis_date": datetime.utcnow().isoformat(),
|
|
"hostname": platform.node(),
|
|
"checks": checks,
|
|
"posture": posture,
|
|
"recommendations": recommendations,
|
|
}
|
|
|
|
|
|
def main():
|
|
parser = argparse.ArgumentParser(description="Device Posture Assessment Agent")
|
|
parser.add_argument("--output-dir", default=".")
|
|
parser.add_argument("--output", default="device_posture_report.json")
|
|
args = parser.parse_args()
|
|
|
|
os.makedirs(args.output_dir, exist_ok=True)
|
|
report = generate_report()
|
|
out_path = os.path.join(args.output_dir, args.output)
|
|
with open(out_path, "w") as f:
|
|
json.dump(report, f, indent=2)
|
|
logger.info("Report saved to %s", out_path)
|
|
print(json.dumps(report["posture"], indent=2))
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main()
|