mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-11 13:44:56 +03:00
mukul975
27c6414ca5
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
1.4 KiB
1.4 KiB
API Reference: Implementing API Security Posture Management
API Discovery from Traffic
import re
# Normalize paths: /users/123 -> /users/{id}
normalized = re.sub(r"/\d+", "/{id}", path)
normalized = re.sub(r"/[0-9a-f-]{8,}", "/{id}", normalized)
API Sensitivity Classification
| Category | Patterns | Sensitivity |
|---|---|---|
| PII | /users, /profile, /account |
HIGH |
| Financial | /payments, /billing |
HIGH |
| Auth | /login, /token, /oauth |
HIGH |
| Admin | /admin, /config |
HIGH |
| Health | /health, /status |
LOW |
Risk Scoring Model
| Factor | Points | Description |
|---|---|---|
| High sensitivity data | +30 | PII, financial, auth |
| High error rate (>10%) | +20 | Possible abuse |
| State-changing methods | +10 | PUT, DELETE, PATCH |
| High consumer count | +10 | Large attack surface |
| Auth endpoint | +15 | Credential target |
42Crunch API Audit
# CI/CD integration
curl -X POST https://platform.42crunch.com/api/v1/apis \
-H "X-API-KEY: $API_KEY" \
-F "file=@openapi.yaml"
Salt Security API
import requests
headers = {"Authorization": "Bearer <token>"}
# Discover shadow APIs
resp = requests.get("https://api.salt.security/v1/apis", headers=headers)
References
- OWASP API Security Top 10: https://owasp.org/API-Security/
- 42Crunch: https://42crunch.com/
- Salt Security: https://salt.security/