mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-13 06:34:57 +03:00
mukul975
4.4 KiB
4.4 KiB
API Reference — Performing Endpoint Vulnerability Remediation
Libraries Used
| Library | Purpose |
|---|---|
csv |
Parse vulnerability scan CSV exports (Nessus, Qualys, Rapid7) |
subprocess |
Check installed Windows patches via wmic qfe and PowerShell |
socket |
Validate port-based remediation via TCP connect |
json |
Read/write remediation plans and reports |
argparse |
CLI argument parsing for scan file and host parameters |
datetime |
Track patch dates and SLA deadlines |
CLI Interface
python agent.py parse --scan-file scan.csv
python agent.py patches
python agent.py validate --host 10.0.0.1 --port 445
python agent.py report --scan-file scan.csv [--output plan.json]
Core Functions
parse_scan_report(csv_file) — Parse and prioritize vulnerabilities by severity
def parse_scan_report(csv_file):
"""Parse Nessus/Qualys CSV export, group by host, sort by severity."""
with open(csv_file, newline="") as f:
reader = csv.DictReader(f)
vulns = []
for row in reader:
vulns.append({
"host": row.get("Host", row.get("IP")),
"plugin_id": row.get("Plugin ID", row.get("QID")),
"severity": row.get("Risk", row.get("Severity", "Info")),
"name": row.get("Name", row.get("Title")),
"cve": row.get("CVE", ""),
"solution": row.get("Solution", row.get("Fix", "")),
})
severity_order = {"Critical": 0, "High": 1, "Medium": 2, "Low": 3, "Info": 4}
return sorted(vulns, key=lambda v: severity_order.get(v["severity"], 5))
check_windows_patches() — List installed Windows hotfixes via WMIC
def check_windows_patches():
"""Query installed patches on a Windows endpoint."""
result = subprocess.run(
["wmic", "qfe", "get", "HotFixID,InstalledOn,Description", "/format:csv"],
capture_output=True, text=True, timeout=30,
)
patches = []
for line in result.stdout.strip().split("\n")[1:]:
parts = line.strip().split(",")
if len(parts) >= 4:
patches.append({
"hotfix_id": parts[1],
"description": parts[2],
"installed_on": parts[3],
})
return patches
validate_remediation(host, port) — TCP connect to verify port closure
def validate_remediation(host, port):
"""Verify that a vulnerable port has been closed after remediation."""
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(5)
try:
result = sock.connect_ex((host, int(port)))
return {
"host": host,
"port": port,
"status": "open" if result == 0 else "closed",
"remediated": result != 0,
}
finally:
sock.close()
generate_remediation_report(scan_file, output) — Group vulns by host for remediation
def generate_remediation_report(scan_file, output=None):
"""Generate a prioritized remediation plan from scan results."""
vulns = parse_scan_report(scan_file)
by_host = {}
for v in vulns:
by_host.setdefault(v["host"], []).append(v)
report = {
"total_vulns": len(vulns),
"hosts_affected": len(by_host),
"by_severity": {},
"remediation_plan": [],
}
for severity in ["Critical", "High", "Medium", "Low"]:
count = sum(1 for v in vulns if v["severity"] == severity)
report["by_severity"][severity] = count
for host, host_vulns in sorted(by_host.items()):
report["remediation_plan"].append({
"host": host,
"vuln_count": len(host_vulns),
"critical": sum(1 for v in host_vulns if v["severity"] == "Critical"),
"patches": [v["name"] for v in host_vulns[:10]],
})
if output:
with open(output, "w") as f:
json.dump(report, f, indent=2)
return report
Output Format
{
"total_vulns": 245,
"hosts_affected": 42,
"by_severity": {
"Critical": 8,
"High": 35,
"Medium": 112,
"Low": 90
},
"remediation_plan": [
{
"host": "10.0.0.50",
"vuln_count": 12,
"critical": 2,
"patches": ["MS17-010: EternalBlue", "CVE-2024-21887: Ivanti RCE"]
}
]
}
Dependencies
No external packages — Python standard library only.