security-automation

📁 ed1s0nz/cyberstrikeai 📅 9 days ago

总安装量

周安装量

#28870

全站排名

安装命令

npx skills add https://github.com/ed1s0nz/cyberstrikeai --skill security-automation

Agent 安装分布

opencode 2

codex 2

amp 1

kimi-cli 1

github-copilot 1

claude-code 1

Skill 文档

å®å¨èªå¨å

æ¦è¿°

èªå¨ååºæ¯

1. æ¼æ´æ«æ

èªå¨åæ«æï¼

å®ææ«æ
CI/CDéæ
ç»æåæ
æ¥åçæ

2. å®å¨æµè¯

èªå¨åæµè¯ï¼

ååæµè¯
éææµè¯
å®å¨æµè¯
åå½æµè¯

3. äºä»¶ååº

èªå¨åååºï¼

äºä»¶æ£æµ
èªå¨éå¶
éç¥åè¦
è¯æ®æ¶é

4. åè§æ£æ¥

èªå¨ååè§ï¼

éç½®æ£æ¥
çç¥éªè¯
æ¥åçæ
ä¿®å¤å»ºè®®

å·¥å·åæ¡æ¶

æ¼æ´æ«æèªå¨å

ä½¿ç¨Nessus APIï¼

import requests

# åå»ºæ«æ
def create_scan(target, scan_name):
    url = "https://nessus:8834/scans"
    headers = {"X-ApiKeys": "access_key:secret_key"}
    data = {
        "uuid": "template-uuid",
        "settings": {
            "name": scan_name,
            "text_targets": target
        }
    }
    response = requests.post(url, json=data, headers=headers)
    return response.json()

# å¯å¨æ«æ
def launch_scan(scan_id):
    url = f"https://nessus:8834/scans/{scan_id}/launch"
    headers = {"X-ApiKeys": "access_key:secret_key"}
    response = requests.post(url, headers=headers)
    return response.json()

ä½¿ç¨OpenVAS APIï¼

from gvm.connections import UnixSocketConnection
from gvm.protocols.gmp import Gmp

# è¿æ¥OpenVAS
connection = UnixSocketConnection()
gmp = Gmp(connection)
gmp.authenticate('username', 'password')

# åå»ºæ«æä»»å¡
target = gmp.create_target(name='target', hosts=['192.168.1.0/24'])
config = gmp.get_configs()[0]
scanner = gmp.get_scanners()[0]

task = gmp.create_task(
    name='scan_task',
    config_id=config['id'],
    target_id=target['id'],
    scanner_id=scanner['id']
)

# å¯å¨æ«æ
gmp.start_task(task['id'])

CI/CDéæ

Jenkins Pipelineï¼

pipeline {
    agent any
    stages {
        stage('Security Scan') {
            steps {
                sh 'npm audit'
                sh 'snyk test'
                sh 'sonar-scanner'
            }
        }
        stage('Vulnerability Scan') {
            steps {
                sh 'nmap --script vuln target'
            }
        }
    }
    post {
        always {
            publishHTML([
                reportDir: 'reports',
                reportFiles: 'report.html',
                reportName: 'Security Report'
            ])
        }
    }
}

GitHub Actionsï¼

name: Security Scan

on: [push, pull_request]

jobs:
  security-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Run Snyk
        uses: snyk/actions/node@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
      - name: Run SonarQube
        uses: sonarsource/sonarqube-scan-action@master
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

å®å¨æµè¯èªå¨å

ä½¿ç¨OWASP ZAPï¼

from zapv2 import ZAPv2

# å¯å¨ZAP
zap = ZAPv2(proxies={'http': 'http://127.0.0.1:8080'})

# å¼å§æ«æ
zap.urlopen('http://target.com')
zap.spider.scan('http://target.com')
while int(zap.spider.status()) < 100:
    time.sleep(1)

# ä¸»å¨æ«æ
zap.ascan.scan('http://target.com')
while int(zap.ascan.status()) < 100:
    time.sleep(1)

# è·åç»æ
alerts = zap.core.alerts()

ä½¿ç¨Burp Suiteï¼

from burp import IBurpExtender, IScannerCheck

class BurpExtender(IBurpExtender, IScannerCheck):
    def registerExtenderCallbacks(self, callbacks):
        self._callbacks = callbacks
        self._helpers = callbacks.getHelpers()
        callbacks.setExtensionName("Security Automation")
        callbacks.registerScannerCheck(self)
    
    def doPassiveScan(self, baseRequestResponse):
        # è¢«å¨æ«æé»è¾
        return None
    
    def doActiveScan(self, baseRequestResponse, insertionPoint):
        # ä¸»å¨æ«æé»è¾
        return None

äºä»¶ååºèªå¨å

ä½¿ç¨Splunkï¼

import splunklib.client as client

# è¿æ¥Splunk
service = client.connect(
    host='splunk.example.com',
    port=8089,
    username='admin',
    password='password'
)

# æç´¢å®å¨äºä»¶
search_query = 'index=security event_type="malware"'
kwargs = {"earliest_time": "-1h", "latest_time": "now"}
search = service.jobs.create(search_query, **kwargs)

# å¤çç»æ
for result in search:
    if result['severity'] == 'high':
        # èªå¨ååº
        send_alert(result)
        isolate_system(result['host'])

ä½¿ç¨ELK Stackï¼

from elasticsearch import Elasticsearch

# è¿æ¥Elasticsearch
es = Elasticsearch(['localhost:9200'])

# æç´¢å®å¨äºä»¶
query = {
    "query": {
        "match": {
            "event_type": "intrusion"
        }
    }
}

results = es.search(index="security", body=query)

# èªå¨ååº
for hit in results['hits']['hits']:
    if hit['_source']['severity'] == 'critical':
        # èªå¨éå¶
        block_ip(hit['_source']['src_ip'])
        send_alert(hit['_source'])

èªå¨åèæ¬

æ¼æ´æ«æèæ¬

#!/usr/bin/env python3
import subprocess
import json
import smtplib
from email.mime.text import MIMEText

def run_nmap_scan(target):
    """è¿è¡Nmapæ«æ"""
    result = subprocess.run(
        ['nmap', '--script', 'vuln', '-oJ', '-', target],
        capture_output=True,
        text=True
    )
    return json.loads(result.stdout)

def analyze_results(results):
    """åææ«æç»æ"""
    vulnerabilities = []
    for host in results.get('hosts', []):
        for port in host.get('ports', []):
            for script in port.get('scripts', []):
                if script.get('id') == 'vuln':
                    vulnerabilities.append({
                        'host': host['address'],
                        'port': port['portid'],
                        'vuln': script.get('output', '')
                    })
    return vulnerabilities

def send_report(vulnerabilities):
    """åéæ¥å"""
    if vulnerabilities:
        msg = MIMEText(f"åç° {len(vulnerabilities)} ä¸ªæ¼æ´")
        msg['Subject'] = 'æ¼æ´æ«ææ¥å'
        msg['From'] = 'security@example.com'
        msg['To'] = 'admin@example.com'
        
        server = smtplib.SMTP('smtp.example.com')
        server.send_message(msg)
        server.quit()

if __name__ == '__main__':
    target = '192.168.1.0/24'
    results = run_nmap_scan(target)
    vulnerabilities = analyze_results(results)
    send_report(vulnerabilities)

éç½®æ£æ¥èæ¬

#!/usr/bin/env python3
import boto3
import json

def check_s3_buckets():
    """æ£æ¥S3åå¨æ¡¶å®å¨éç½®"""
    s3 = boto3.client('s3')
    buckets = s3.list_buckets()
    
    issues = []
    for bucket in buckets['Buckets']:
        # æ£æ¥å¬å¼è®¿é®
        try:
            acl = s3.get_bucket_acl(Bucket=bucket['Name'])
            for grant in acl.get('Grants', []):
                if grant.get('Grantee', {}).get('URI') == 'http://acs.amazonaws.com/groups/global/AllUsers':
                    issues.append({
                        'bucket': bucket['Name'],
                        'issue': 'Public access enabled'
                    })
        except:
            pass
        
        # æ£æ¥å å¯
        try:
            encryption = s3.get_bucket_encryption(Bucket=bucket['Name'])
        except:
            issues.append({
                'bucket': bucket['Name'],
                'issue': 'Encryption not enabled'
            })
    
    return issues

if __name__ == '__main__':
    issues = check_s3_buckets()
    print(json.dumps(issues, indent=2))

æä½³å®è·µ

1. èªå¨åçç¥

è¯å«å¯èªå¨ååºæ¯
å¶å®èªå¨åè®¡å
éæ¥å®æ½
æç»æ¹è¿

2. å·¥å·éæ©

è¯ä¼°å·¥å·åè½
èèéææ§
èèææ¬
æµè¯éªè¯

3. æµç¨è®¾è®¡

æç¡®æµç¨æ¥éª¤
å®ä¹è§¦åæ¡ä»¶
è®¾ç½®å¼å¸¸å¤ç
è®°å½æä½æ¥å¿

4. çæ§åç»´æ¤

çæ§èªå¨åä»»å¡
å®ææ£æ¥ç»æ
æ´æ°è§ååèæ¬
ä¼åæ§è½

æ³¨æäºé¡¹

ç¡®ä¿èªå¨ååç¡®æ§
è®¾ç½®éå½çæé
ä¿æ¤èªå¨ååè¯
å®æå®¡æ¥èªå¨åè§å

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台

security-automation

Agent 安装分布

Skill 文档

å®å ¨èªå¨å

æ¦è¿°

èªå¨ååºæ¯

1. æ¼æ´æ«æ

2. å®å ¨æµè¯

3. äºä»¶ååº

4. åè§æ£æ¥

å·¥å ·åæ¡æ¶

æ¼æ´æ«æèªå¨å

CI/CDéæ

å®å ¨æµè¯èªå¨å

äºä»¶ååºèªå¨å

èªå¨åèæ¬

æ¼æ´æ«æèæ¬

é ç½®æ£æ¥èæ¬

æä½³å®è·µ

1. èªå¨åç­ç¥

2. å·¥å ·éæ©

3. æµç¨è®¾è®¡

4. çæ§åç»´æ¤

æ³¨æäºé¡¹