creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 05:34:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/exploiting-broken-link-hijacking/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

2.2 KiB
Raw Blame History

API Reference: Broken Link Hijacking

Concept

Broken Link Hijacking (BLH) occurs when a website links to external resources that no longer exist. An attacker can register the expired resource (domain, GitHub repo, npm package) to serve malicious content via the trusted site.

Hijackable Platforms

Platform Hijack Vector
GitHub Register abandoned username/repo
npm Publish unclaimed package name
PyPI Register unclaimed package
Twitter/X Claim abandoned handle
BitBucket Register abandoned team/repo
Custom domain Register expired domain

Python requests — Link Checking

HEAD Request

import requests
resp = requests.head(url, timeout=10, allow_redirects=True, verify=False)
# 404 = broken link, potential hijack

Connection Error = Domain Takeover

try:
    requests.head(url, timeout=5)
except requests.ConnectionError:
    print("Domain may be unregistered - takeover possible")

HTML Link Extraction

Regex Patterns

import re
# href links
re.finditer(r'href=["\']([^"\']+)', html)
# src links
re.finditer(r'src=["\']([^"\']+)', html)

Domain Availability Check

WHOIS Lookup

whois expired-domain.com
# "No match for" = available for registration

DNS Check

dig expired-domain.com +short
# Empty = no DNS records (likely available)

GitHub API — Check Username Availability

Check user exists

GET https://api.github.com/users/username
  • 200 = exists
  • 404 = available for registration

Check repo exists

GET https://api.github.com/repos/owner/repo

npm Registry — Check Package

GET https://registry.npmjs.org/package-name
  • 200 = exists
  • 404 = available for registration

Subdomain Takeover Indicators

CNAME to Unclaimed Service

dig CNAME old-service.example.com
# old-service.example.com. CNAME  unregistered.herokuapp.com.

Common Vulnerable Services

Service Indicator
GitHub Pages 404 "There isn't a GitHub Pages site here"
Heroku "No such app"
AWS S3 "NoSuchBucket"
Azure "404 Web Site not found"
Shopify "Sorry, this shop is currently unavailable"
Reference in New Issue View Git Blame Copy Permalink