creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 05:34:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/performing-deception-technology-deployment/scripts/agent.py
T
mukul975 c47eed6a64 Production hardening: security fixes, code quality, 724 skills complete 
- Fix 25 shell=True subprocess calls with list-based commands
- Fix 49 verify=False in defensive skills (env-var override)
- Add timeout to 231 HTTP/subprocess/socket calls
- Fix 6 SQL injection patterns with whitelist validation
- Replace 8 __import__() with standard imports
- Remove 701 unused imports across 442 files
- Add authorized-testing disclaimers to all offensive skills
- Complete 11 incomplete skill directories
- Expand 10 stub SKILL.md files with full content
- Fix 2 YAML parse errors in frontmatter
- Fix 5 pre-existing syntax errors
- Convert 22 hardcoded paths/ports to environment variables
- Back up 21 redundant skill pairs to .bak
- Fix 2 global declaration errors
- 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE)
- 0 compile errors across all 724 agent.py files
2026-03-19 13:26:49 +01:00

213 lines
7.6 KiB
Python
Raw Blame History

#!/usr/bin/env python3
"""
Deception Technology Deployment Agent
Deploys and manages honeypots, honeytokens, and canary files to detect
lateral movement and credential abuse with near-zero false positive alerts.
"""
import hashlib
import json
import os
import secrets
import sys
import threading
from datetime import datetime, timezone
from http.server import HTTPServer, BaseHTTPRequestHandler
def generate_honeytoken_credentials(count: int = 5) -> list[dict]:
"""Generate fake credential honeytokens for deployment in AD and databases."""
honeytokens = []
templates = [
("svc_backup_admin", "Service account - backup system"),
("admin_legacy", "Legacy admin account"),
("db_migration_user", "Database migration service account"),
("api_service_prod", "Production API service account"),
("deploy_automation", "CI/CD deployment service account"),
]
for i in range(min(count, len(templates))):
username, description = templates[i]
token_id = secrets.token_hex(4)
honeytokens.append({
"token_id": f"HT-{token_id}",
"type": "credential",
"username": f"{username}_{token_id[:4]}",
"password": secrets.token_urlsafe(24),
"description": description,
"deployment_location": "Active Directory / LSASS memory",
"alert_on": "Any authentication attempt",
"created": datetime.now(timezone.utc).isoformat(),
})
return honeytokens
def generate_canary_files(output_dir: str, count: int = 5) -> list[dict]:
"""Generate canary files that trigger alerts when accessed."""
canary_templates = [
("passwords.xlsx", "Fake password spreadsheet"),
("salary_data_2024.csv", "Fake salary data"),
("aws_credentials.txt", "Fake AWS access keys"),
("vpn_config_backup.ovpn", "Fake VPN configuration"),
("database_backup_prod.sql", "Fake database backup"),
]
canary_files = []
os.makedirs(output_dir, exist_ok=True)
for i in range(min(count, len(canary_templates))):
filename, description = canary_templates[i]
filepath = os.path.join(output_dir, filename)
token_id = secrets.token_hex(4)
content = f"# CANARY FILE - Token: {token_id}\n"
content += f"# This file is a decoy. Any access triggers a security alert.\n"
content += f"# Description: {description}\n"
content += f"# Generated: {datetime.now(timezone.utc).isoformat()}\n\n"
if "credentials" in filename or "password" in filename:
content += "admin:P@ssw0rd_fake_canary_2024\n"
content += "root:SuperSecret_fake_canary!\n"
elif "aws" in filename:
content += f"[default]\naws_access_key_id = AKIA{secrets.token_hex(8).upper()}\n"
content += f"aws_secret_access_key = {secrets.token_hex(20)}\n"
with open(filepath, "w") as f:
f.write(content)
canary_files.append({
"token_id": f"CF-{token_id}",
"type": "canary_file",
"filename": filename,
"filepath": filepath,
"description": description,
"sha256": hashlib.sha256(content.encode()).hexdigest(),
"alert_on": "File open / read access",
"created": datetime.now(timezone.utc).isoformat(),
})
return canary_files
def generate_dns_canary_tokens(domain: str, count: int = 3) -> list[dict]:
"""Generate DNS canary tokens that alert on resolution."""
tokens = []
for i in range(count):
token_id = secrets.token_hex(8)
hostname = f"{token_id}.{domain}"
tokens.append({
"token_id": f"DNS-{token_id[:8]}",
"type": "dns_canary",
"hostname": hostname,
"usage": f"Embed in config files, documents, or network shares",
"alert_on": "DNS resolution of hostname",
"created": datetime.now(timezone.utc).isoformat(),
})
return tokens
class HoneypotHTTPHandler(BaseHTTPRequestHandler):
"""Simple HTTP honeypot handler that logs all requests."""
alerts = []
def do_GET(self):
alert = {
"timestamp": datetime.now(timezone.utc).isoformat(),
"source_ip": self.client_address[0],
"source_port": self.client_address[1],
"method": "GET",
"path": self.path,
"headers": dict(self.headers),
"severity": "HIGH",
}
HoneypotHTTPHandler.alerts.append(alert)
print(f"[ALERT] Honeypot hit: {alert['source_ip']} -> GET {self.path}")
self.send_response(401)
self.send_header("WWW-Authenticate", 'Basic realm="Restricted Area"')
self.end_headers()
self.wfile.write(b"Authentication Required")
def do_POST(self):
content_length = int(self.headers.get("Content-Length", 0))
body = self.rfile.read(content_length).decode("utf-8", errors="ignore")
alert = {
"timestamp": datetime.now(timezone.utc).isoformat(),
"source_ip": self.client_address[0],
"method": "POST",
"path": self.path,
"body_preview": body[:200],
"severity": "CRITICAL",
}
HoneypotHTTPHandler.alerts.append(alert)
print(f"[ALERT] Honeypot credential capture: {alert['source_ip']}")
self.send_response(403)
self.end_headers()
self.wfile.write(b"Access Denied")
def log_message(self, format, *args):
pass
def start_http_honeypot(host: str = "0.0.0.0", port: int = 8888) -> HTTPServer:
"""Start an HTTP honeypot server in a background thread."""
server = HTTPServer((host, port), HoneypotHTTPHandler)
thread = threading.Thread(target=server.serve_forever, daemon=True)
thread.start()
print(f"[*] HTTP honeypot listening on {host}:{port}")
return server
def generate_deployment_report(
credentials: list, canary_files: list, dns_tokens: list
) -> str:
"""Generate deception technology deployment report."""
total = len(credentials) + len(canary_files) + len(dns_tokens)
lines = [
"DECEPTION TECHNOLOGY DEPLOYMENT REPORT",
"=" * 50,
f"Date: {datetime.now(timezone.utc).strftime('%Y-%m-%d %H:%M UTC')}",
f"Total Decoys Deployed: {total}",
"",
f"HONEYTOKEN CREDENTIALS ({len(credentials)}):",
]
for cred in credentials:
lines.append(f" [{cred['token_id']}] {cred['username']} - {cred['description']}")
lines.append(f"\nCANARY FILES ({len(canary_files)}):")
for cf in canary_files:
lines.append(f" [{cf['token_id']}] {cf['filename']} - {cf['description']}")
lines.append(f"\nDNS CANARY TOKENS ({len(dns_tokens)}):")
for dns in dns_tokens:
lines.append(f" [{dns['token_id']}] {dns['hostname']}")
return "\n".join(lines)
if __name__ == "__main__":
output_dir = sys.argv[1] if len(sys.argv) > 1 else "canary_files"
dns_domain = sys.argv[2] if len(sys.argv) > 2 else "canary.example.com"
print("[*] Deploying deception technology...")
credentials = generate_honeytoken_credentials(5)
canary_files = generate_canary_files(output_dir, 5)
dns_tokens = generate_dns_canary_tokens(dns_domain, 3)
report = generate_deployment_report(credentials, canary_files, dns_tokens)
print(report)
inventory = {
"credentials": credentials,
"canary_files": canary_files,
"dns_tokens": dns_tokens,
}
output = f"deception_inventory_{datetime.now(timezone.utc).strftime('%Y%m%d')}.json"
with open(output, "w") as f:
json.dump(inventory, f, indent=2)
print(f"\n[*] Inventory saved to {output}")
Reference in New Issue View Git Blame Copy Permalink