creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/performing-ssl-stripping-attack/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

61 lines
2.0 KiB
Markdown
Raw Blame History

# API Reference: SSL Stripping Assessment Agent
## Overview
Automates SSL stripping vulnerability assessment by checking HSTS headers, preload list status, redirect chains, mixed content, and security headers using curl subprocess calls.
## Dependencies
| Package | Version | Purpose |
|---------|---------|---------|
| subprocess | stdlib | Runs curl for HTTP header inspection |
| re | stdlib | Regex parsing of HSTS header values |
| json | stdlib | Parses hstspreload.org API responses |
## External Tools Required
| Tool | Purpose |
|------|---------|
| curl | HTTP/HTTPS header and content fetching |
## Core Functions
### `check_hsts_header(target_url)`
Fetches response headers and parses Strict-Transport-Security values.
- **Returns**: `dict` with `hsts_present`, `max_age`, `include_subdomains`, `preload`
### `check_hsts_preload(domain)`
Queries the hstspreload.org API to check browser preload list inclusion.
- **Returns**: `dict` with `status` and `preloaded` boolean
### `check_redirect_chain(url)`
Follows HTTP redirects to verify HTTPS upgrade behavior.
- **Returns**: `dict` with `initial_url`, `final_url`, `upgrades_to_https`
### `check_mixed_content(url)`
Scans page HTML for HTTP resource references on HTTPS pages.
- **Returns**: `dict` with `mixed_content_found` and `http_reference_count`
### `check_security_headers(url)`
Checks for CSP, X-Content-Type-Options, X-Frame-Options, and Upgrade-Insecure-Requests.
- **Returns**: `dict[str, bool]` - header name to presence mapping
### `run_assessment(targets)`
Full assessment pipeline for a list of target domains.
- **Parameters**: `targets` (list[str]) - domain names
- **Returns**: `list[dict]` - per-target assessment results with `ssl_strip_risk`
## Risk Levels
| Level | Criteria |
|-------|----------|
| HIGH | No HSTS header present |
| MEDIUM | HSTS present but not in preload list |
| LOW | HSTS with preload list inclusion |
## Usage
```bash
python agent.py example.com banking.example.com api.example.com
```
Reference in New Issue View Git Blame Copy Permalink