mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 14:14:56 +03:00

Files

T

mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills

Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders

2026-03-10 21:02:12 +01:00

2.8 KiB

Raw Blame History

API Reference: Autopsy and The Sleuth Kit (TSK)

mmls - Partition Layout

Syntax

mmls <image_file>
mmls -t dos <image_file>    # Force DOS partition table
mmls -t gpt <image_file>    # Force GPT partition table

Output Format

DOS Partition Table
Offset Sector: 0
     Slot    Start        End          Length       Description
     00:  00:00   0000002048   0001026047   0001024000   NTFS (0x07)

fls - File Listing

Syntax

fls -o <offset> <image>              # List root directory
fls -r -o <offset> <image>           # Recursive listing
fls -rd -o <offset> <image>          # Deleted files only, recursive
fls -m "/" -r -o <offset> <image>    # Bodyfile format for mactime

Flags

Flag	Description
`-r`	Recursive listing
`-d`	Deleted entries only
`-D`	Directories only
`-m "/"`	Output in bodyfile format with mount point
`-o`	Partition sector offset

icat - File Extraction by Inode

Syntax

icat -o <offset> <image> <inode> > recovered_file
icat -r -o <offset> <image> <inode> > file   # Recover slack space

istat - File Metadata

Syntax

istat -o <offset> <image> <inode>

Output Includes

MFT entry number and sequence
File creation, modification, access, MFT change timestamps
File size and data run locations
Attribute list (NTFS: $STANDARD_INFORMATION, $FILE_NAME, $DATA)

mactime - Timeline Generation

Syntax

mactime -b <bodyfile> -d > timeline.csv
mactime -b <bodyfile> -d 2024-01-15..2024-01-20 > filtered.csv
mactime -b <bodyfile> -z UTC -d > timeline_utc.csv

Output Columns

Date,Size,Type,Mode,UID,GID,Meta,File Name

img_stat - Image Information

Syntax

img_stat <image_file>

sigfind - File Signature Search

Syntax

sigfind -o <offset> <image> <hex_signature>
sigfind -o 2048 evidence.dd 25504446    # Find %PDF headers
sigfind -o 2048 evidence.dd 504B0304    # Find ZIP/DOCX headers

Common Signatures

Hex	File Type
`FFD8FF`	JPEG
`89504E47`	PNG
`25504446`	PDF
`504B0304`	ZIP/DOCX/XLSX
`D0CF11E0`	OLE (DOC/XLS)

srch_strings - Keyword Search

Syntax

srch_strings -a -o <offset> <image> | grep -i "keyword"
srch_strings -t d <image>    # Print offset in decimal

Autopsy GUI Ingest Modules

Module	Function
Recent Activity	Browser history, downloads, cookies
Hash Lookup	NSRL and known-bad hash matching
File Type Identification	Signature-based file type detection
Keyword Search	Full-text content indexing
Email Parser	PST/MBOX/EML extraction
Extension Mismatch	Wrong file extension detection
Embedded File Extractor	ZIP, Office, PDF extraction
Encryption Detection	Encrypted container identification

2.8 KiB Raw Blame History

API Reference: Autopsy and The Sleuth Kit (TSK)

mmls - Partition Layout

Syntax

Output Format

fls - File Listing

Syntax

Flags

icat - File Extraction by Inode

Syntax

istat - File Metadata

Syntax

Output Includes

mactime - Timeline Generation

Syntax

Output Columns

img_stat - Image Information

Syntax

sigfind - File Signature Search

Syntax

Common Signatures

srch_strings - Keyword Search

Syntax

Autopsy GUI Ingest Modules

2.8 KiB

Raw Blame History