creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
ccce7d4e068efecc2f98c385c8e5c01d969fc9bc
Anthropic-Cybersecurity-Skills/skills/implementing-network-access-control/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

59 lines
2.0 KiB
Markdown
Raw Blame History

# API Reference: Implementing Network Access Control
## Libraries
### pyrad (RADIUS Client)
- **Install**: `pip install pyrad`
- **Docs**: https://pypi.org/project/pyrad/
- `Client(server, secret, dict)` -- Create RADIUS client
- `CreateAuthPacket()` -- Build Access-Request
- `SendPacket(req)` -- Send and receive RADIUS reply
- Response codes: `AccessAccept`, `AccessReject`, `AccessChallenge`
### pysnmp (SNMP for Switch Queries)
- **Install**: `pip install pysnmp`
- **Docs**: https://pysnmp.readthedocs.io/
- `getCmd()` -- SNMP GET request
- `nextCmd()` -- SNMP GETNEXT/walk
- `CommunityData()` -- SNMPv2c community string
- `UsmUserData()` -- SNMPv3 authentication
## 802.1X SNMP OIDs
| OID | Description |
|-----|-------------|
| `1.3.6.1.2.1.8802.1.1.1.1.2.1.1.1` | dot1xAuthAuthControlledPortStatus |
| `1.3.6.1.2.1.8802.1.1.1.1.2.1.1.2` | dot1xAuthAuthControlledPortControl |
| `1.3.6.1.2.1.8802.1.1.1.1.2.4.1.1` | dot1xAuthSessionAuthenticMethod |
## RADIUS Attributes
| Attribute | Use |
|-----------|-----|
| `User-Name` | Client identity |
| `User-Password` | PAP password |
| `NAS-IP-Address` | Switch/AP IP |
| `NAS-Port-Type` | Port type (Ethernet, Wireless) |
| `Tunnel-Type` | VLAN assignment (13 = VLAN) |
| `Tunnel-Medium-Type` | Medium (6 = 802) |
| `Tunnel-Private-Group-Id` | VLAN ID for dynamic assignment |
| `Filter-Id` | ACL name to apply |
## EAP Methods
- **EAP-TLS**: Certificate-based (strongest, requires PKI)
- **PEAP**: Password with TLS tunnel
- **EAP-TTLS**: Tunneled TLS (flexible inner auth)
- **MAB**: MAC Authentication Bypass (fallback, no supplicant)
## PacketFence NAC API
- REST API at `https://packetfence:9999/api/v1/`
- `GET /nodes` -- List known devices
- `POST /nodes/{mac}/register` -- Register device
- `GET /violations` -- Active violations
## External References
- FreeRADIUS: https://freeradius.org/documentation/
- PacketFence NAC: https://www.packetfence.org/doc/
- Cisco ISE: https://developer.cisco.com/docs/identity-services-engine/
- 802.1X RFC 3748: https://datatracker.ietf.org/doc/html/rfc3748
Reference in New Issue View Git Blame Copy Permalink