mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-12 14:14:56 +03:00
mukul975
27c6414ca5
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
1.4 KiB
1.4 KiB
API Reference: Web Server Log Intrusion Analysis
Combined Log Format (Apache/Nginx)
<ip> <ident> <authuser> [<date>] "<method> <uri> <proto>" <status> <size> "<referer>" "<user-agent>"
Python re Module - Log Parsing
import re
pattern = re.compile(
r'(?P<ip>\S+) \S+ \S+ \[(?P<time>[^\]]+)\] '
r'"(?P<method>\S+) (?P<uri>\S+) (?P<proto>[^"]*)" '
r'(?P<status>\d+) (?P<size>\S+) "(?P<referer>[^"]*)" "(?P<ua>[^"]*)"'
)
match = pattern.match(line)
data = match.groupdict()
GeoIP2 Python Library
import geoip2.database
reader = geoip2.database.Reader("GeoLite2-City.mmdb")
response = reader.city("8.8.8.8")
response.country.name # "United States"
response.city.name # "Mountain View"
response.location.latitude # 37.386
response.location.longitude # -122.0838
reader.close()
Attack Signature Categories
| Type | Example Pattern | Severity |
|---|---|---|
| SQLi | UNION SELECT, OR 1=1, SLEEP() |
Critical |
| LFI | ../../etc/passwd, php://filter |
High |
| XSS | <script>, onerror=, javascript: |
High |
| Scanner | User-Agent: nikto, sqlmap, gobuster | Medium |
| Brute Force | >50 POST /login from same IP | High |
Scanner User-Agent Signatures
| Tool | UA Pattern |
|---|---|
| Nikto | Nikto/2.x |
| sqlmap | sqlmap/1.x |
| DirBuster | DirBuster-1.0 |
| Gobuster | gobuster/3.x |
| Wfuzz | Wfuzz/3.x |