mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-12 06:04:56 +03:00
mukul975
27c6414ca5
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
102 lines
2.4 KiB
Markdown
102 lines
2.4 KiB
Markdown
# API Reference: QR Code Phishing Detection
|
|
|
|
## pyzbar — QR/Barcode Decoding
|
|
|
|
### Installation
|
|
```bash
|
|
pip install pyzbar Pillow
|
|
# On Linux: apt-get install libzbar0
|
|
```
|
|
|
|
### Core Functions
|
|
```python
|
|
from pyzbar.pyzbar import decode
|
|
from PIL import Image
|
|
|
|
results = decode(Image.open("qr.png"))
|
|
for r in results:
|
|
print(r.type) # "QRCODE"
|
|
print(r.data) # b"https://..."
|
|
print(r.rect) # Rect(left=40, top=40, width=200, height=200)
|
|
```
|
|
|
|
### Decoded Object Attributes
|
|
| Attribute | Type | Description |
|
|
|-----------|------|-------------|
|
|
| `data` | bytes | Decoded content |
|
|
| `type` | str | Barcode type (QRCODE, EAN13, etc.) |
|
|
| `rect` | Rect | Bounding rectangle |
|
|
| `polygon` | list | Corner points |
|
|
| `quality` | int | Decode quality score |
|
|
|
|
## Python email Module — EML Parsing
|
|
|
|
### Parsing an EML file
|
|
```python
|
|
import email
|
|
from email import policy
|
|
|
|
with open("message.eml", "rb") as f:
|
|
msg = email.message_from_binary_file(f, policy=policy.default)
|
|
|
|
subject = msg["Subject"]
|
|
sender = msg["From"]
|
|
```
|
|
|
|
### Walking MIME Parts
|
|
```python
|
|
for part in msg.walk():
|
|
ctype = part.get_content_type()
|
|
if ctype.startswith("image/"):
|
|
payload = part.get_payload(decode=True)
|
|
filename = part.get_filename()
|
|
```
|
|
|
|
## URL Analysis Indicators
|
|
|
|
### Suspicious TLD List
|
|
`.xyz`, `.top`, `.club`, `.work`, `.buzz`, `.tk`, `.ml`, `.ga`, `.cf`, `.gq`
|
|
|
|
### Phishing URL Patterns
|
|
| Pattern | Risk |
|
|
|---------|------|
|
|
| IP address in domain | High |
|
|
| Domain > 40 chars | Medium |
|
|
| HTTP (no TLS) | Medium |
|
|
| 3+ subdomains | Medium |
|
|
| URL shortener | High |
|
|
| Base64 in path | High |
|
|
|
|
## Microsoft Defender for Office 365 — Safe Links API
|
|
|
|
### Check URL reputation
|
|
```http
|
|
POST https://graph.microsoft.com/v1.0/security/tiIndicators
|
|
Content-Type: application/json
|
|
Authorization: Bearer {token}
|
|
|
|
{
|
|
"targetProduct": "Azure Sentinel",
|
|
"threatType": "Phishing",
|
|
"url": "https://suspicious-domain.xyz/login"
|
|
}
|
|
```
|
|
|
|
## VirusTotal URL Scan API
|
|
|
|
### Submit URL
|
|
```http
|
|
POST https://www.virustotal.com/api/v3/urls
|
|
x-apikey: {API_KEY}
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
url=https://suspicious-domain.xyz
|
|
```
|
|
|
|
### Response Fields
|
|
| Field | Description |
|
|
|-------|-------------|
|
|
| `data.attributes.last_analysis_stats.malicious` | Engines flagging as malicious |
|
|
| `data.attributes.last_analysis_stats.harmless` | Engines flagging as clean |
|
|
| `data.attributes.categories` | URL categorization |
|