creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-13 22:54:53 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/conducting-man-in-the-middle-attack-simulation/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

67 lines
2.2 KiB
Markdown
Raw Blame History

# API Reference: MITM Attack Simulation Agent
## Overview
Simulates man-in-the-middle attacks using Scapy for ARP spoofing, detects cleartext protocol usage, and checks HSTS enforcement. For authorized penetration testing and lab environments only.
## Dependencies
| Package | Version | Purpose |
|---------|---------|---------|
| scapy | >=2.5 | ARP spoofing, packet sniffing, host discovery |
| requests | >=2.28 | HSTS and SSL stripping checks |
## CLI Usage
```bash
# Host discovery and cleartext detection
python agent.py --network 192.168.1.0/24 --interface eth0 --duration 60
# Full MITM simulation
python agent.py --target 192.168.1.100 --gateway 192.168.1.1 --interface eth0
```
## Key Functions
### `get_mac(ip_address)`
Resolves MAC address for a given IP using ARP request via Scapy.
### `discover_hosts(network_cidr)`
Discovers live hosts on a network segment using ARP broadcast scan.
### `arp_spoof(target_ip, spoof_ip, target_mac)`
Sends a spoofed ARP reply to redirect traffic through the attacker machine.
### `arp_restore(target_ip, gateway_ip, target_mac, gateway_mac)`
Restores original ARP tables by sending correct ARP replies after testing.
### `detect_cleartext_protocols(interface, duration)`
Sniffs network traffic for cleartext protocols: HTTP (80), FTP (21), Telnet (23), SMTP (25), POP3 (110), IMAP (143).
### `check_hsts_enforcement(target_url)`
Checks HTTP responses for Strict-Transport-Security headers.
### `run_mitm_simulation(target_ip, gateway_ip, interface, duration)`
Executes a controlled ARP spoofing MITM simulation with automatic ARP restoration on completion.
## Scapy Functions Used
| Function | Purpose |
|----------|---------|
| `ARP()` | Create ARP request/reply packets |
| `Ether()` | Create Ethernet frames |
| `srp()` | Send and receive layer 2 packets |
| `send()` | Send packets at layer 3 |
| `sniff()` | Capture network traffic |
## Cleartext Protocols Detected
| Port | Protocol | Risk |
|------|----------|------|
| 80 | HTTP | Credential interception |
| 21 | FTP | Cleartext authentication |
| 23 | Telnet | Full session hijacking |
| 25 | SMTP | Email interception |
| 110 | POP3 | Email credential theft |
| 143 | IMAP | Email credential theft |
Reference in New Issue View Git Blame Copy Permalink