creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 21:54:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/performing-api-inventory-and-discovery/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

65 lines
2.2 KiB
Markdown
Raw Blame History

# API Inventory and Discovery — API Reference
## Libraries
| Library | Install | Purpose |
|---------|---------|---------|
| requests | `pip install requests` | HTTP probing and spec fetching |
## Common API Discovery Paths
| Path | Description |
|------|-------------|
| `/api/v1`, `/api/v2` | Versioned REST API roots |
| `/swagger.json` | Swagger 2.0 specification |
| `/openapi.json` | OpenAPI 3.x specification |
| `/graphql` | GraphQL endpoint |
| `/graphiql`, `/playground` | GraphQL IDE (introspection enabled) |
| `/api-docs`, `/docs` | API documentation page |
| `/.well-known/openid-configuration` | OIDC discovery |
| `/health`, `/metrics` | Health/monitoring endpoints |
## OpenAPI Spec Parsing
```python
import requests
spec = requests.get("https://target.com/openapi.json").json()
for path, methods in spec["paths"].items():
for method, details in methods.items():
print(f"{method.upper()} {path} deprecated={details.get('deprecated', False)}")
```
## JavaScript API Extraction Patterns
| Pattern | Matches |
|---------|---------|
| `fetch("/<path>")` | Fetch API calls |
| `axios.get("/<path>")` | Axios HTTP calls |
| `"/api/v1/<resource>"` | String literal API paths |
| `"/v2/<resource>"` | Versioned API references |
## API Risk Classification
| Category | Risk | Examples |
|----------|------|---------|
| Admin/Internal | HIGH | `/admin/api`, `/internal/` |
| GraphQL exposed | HIGH | `/graphql` with introspection |
| Documentation public | MEDIUM | `/swagger.json`, `/api-docs` |
| Deprecated/zombie | HIGH | Deprecated but still responding |
| Standard versioned | LOW | `/api/v2/users` |
## OWASP API9:2023 — Improper Inventory Management
| Issue | Description |
|-------|-------------|
| Shadow APIs | Undocumented endpoints deployed without review |
| Zombie APIs | Deprecated versions still accessible |
| Missing authentication | Endpoints skipping auth middleware |
| Version sprawl | Multiple API versions maintained simultaneously |
## External References
- [OWASP API Security Top 10](https://owasp.org/API-Security/)
- [Swagger/OpenAPI Spec](https://swagger.io/specification/)
- [Kiterunner API Discovery](https://github.com/assetnote/kiterunner)
Reference in New Issue View Git Blame Copy Permalink