Files
Anthropic-Cybersecurity-Skills/skills/conducting-external-reconnaissance-with-osint/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

52 lines
1.8 KiB
Markdown

# API Reference: External Reconnaissance OSINT Agent
## Overview
Maps an organization's external attack surface using passive OSINT: certificate transparency, DNS records, Shodan, email security checks, web technology fingerprinting, and GitHub leak detection. For authorized assessments only.
## Dependencies
| Package | Version | Purpose |
|---------|---------|---------|
| shodan | >=1.28 | Shodan API for host discovery |
| requests | >=2.28 | HTTP API calls |
## CLI Usage
```bash
python agent.py --domain example.com --org "Example Corp" --shodan-key <key> \
--github-token <token> --output recon.json
```
## Key Functions
### `enumerate_subdomains_crtsh(domain)`
Discovers subdomains from certificate transparency logs via crt.sh JSON API.
### `enumerate_dns_records(domain)`
Queries A, AAAA, MX, NS, TXT, CNAME, SOA records using Google DNS-over-HTTPS API.
### `shodan_org_search(api_key, org_name, max_results)`
Searches Shodan for hosts belonging to a named organization.
### `check_email_security(domain)`
Checks for SPF and DMARC DNS records to assess email security posture.
### `check_web_technologies(domain)`
Identifies web server technologies from HTTP response headers (Server, X-Powered-By).
### `search_github_leaks(domain, github_token)`
Searches GitHub code for leaked passwords, API keys, and secrets related to the target.
### `generate_recon_report(...)`
Consolidates all OSINT findings into a structured JSON report.
## External APIs Used
| API | Endpoint | Auth | Purpose |
|-----|----------|------|---------|
| crt.sh | `https://crt.sh/?q=...&output=json` | None | Certificate transparency |
| Google DNS | `https://dns.google/resolve` | None | DNS record lookup |
| Shodan | `api.shodan.io` | API key | Host/service discovery |
| GitHub | `https://api.github.com/search/code` | Token | Code leak search |