creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/analyzing-browser-forensics-with-hindsight/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

2.7 KiB
Raw Blame History

API Reference: Browser Forensics with Hindsight

Hindsight CLI

Syntax

hindsight.py -i <profile_path>                  # Analyze Chrome profile
hindsight.py -i <path> -o <output_dir>          # Save results
hindsight.py -i <path> -f xlsx                  # Export as Excel
hindsight.py -i <path> -f sqlite                # Export as SQLite
hindsight.py -i <path> -b <browser_type>        # Specify browser type

Browser Types

Flag Browser
Chrome Google Chrome
Edge Microsoft Edge (Chromium)
Brave Brave Browser
Opera Opera (Chromium)

Output Artifacts

Table Description
urls Browsing history with visit counts
downloads File downloads with source URLs
cookies Cookie values, domains, expiry
autofill Form autofill entries
bookmarks Saved bookmarks
preferences Browser configuration
local_storage Site local storage data
login_data Saved credential metadata
extensions Installed extensions with permissions

Chrome SQLite Databases

History Database

-- Browsing history
SELECT u.url, u.title, v.visit_time, v.transition
FROM visits v JOIN urls u ON v.url = u.id
ORDER BY v.visit_time DESC;

-- Downloads
SELECT target_path, tab_url, total_bytes, start_time, danger_type, mime_type
FROM downloads ORDER BY start_time DESC;

Cookies Database

SELECT host_key, name, value, creation_utc, expires_utc, is_secure, is_httponly
FROM cookies ORDER BY creation_utc DESC;

Web Data Database (Autofill)

SELECT name, value, count, date_created, date_last_used
FROM autofill ORDER BY date_last_used DESC;

Chrome Timestamp Conversion

Format

Microseconds since January 1, 1601 (Windows FILETIME base)

Python Conversion

import datetime
def chrome_to_datetime(chrome_time):
    epoch = datetime.datetime(1601, 1, 1)
    return epoch + datetime.timedelta(microseconds=chrome_time)

Browser Profile Paths

OS Browser Default Path
Windows Chrome %LOCALAPPDATA%\Google\Chrome\User Data\Default
Windows Edge %LOCALAPPDATA%\Microsoft\Edge\User Data\Default
Linux Chrome ~/.config/google-chrome/Default
macOS Chrome ~/Library/Application Support/Google/Chrome/Default

Transition Types (visit_transition & 0xFF)

Value Type Description
0 LINK Clicked a link
1 TYPED Typed URL in address bar
2 AUTO_BOOKMARK Via bookmark
3 AUTO_SUBFRAME Subframe navigation
5 GENERATED Generated (e.g., search)
7 FORM_SUBMIT Form submission
8 RELOAD Page reload
Reference in New Issue View Git Blame Copy Permalink