Skill4.5k repo starsupdated today
security-automation
Security-automation is a Claude Code skill providing methods, tools, and best practices for automating security operations. It covers vulnerability scanning with Nessus and OpenVAS APIs, security testing in CI/CD pipelines using Jenkins and GitHub Actions, automated incident response with detection and containment, and compliance checking with configuration validation. Use this skill when implementing automated security scanning, integrating security tests into deployment workflows, establishing event response automation, or setting up continuous compliance monitoring.
Install in Claude Code
Copygit clone --depth 1 https://github.com/Ed1s0nZ/CyberStrikeAI /tmp/security-automation && cp -r /tmp/security-automation/skills/security-automation ~/.claude/skills/security-automationThen start a new Claude Code session; the skill loads automatically.
Definition
SKILL.md
# 安全自动化
## 概述
安全自动化是提高安全运营效率的重要手段。本技能提供安全自动化的方法、工具和最佳实践。
## 自动化场景
### 1. 漏洞扫描
**自动化扫描:**
- 定期扫描
- CI/CD集成
- 结果分析
- 报告生成
### 2. 安全测试
**自动化测试:**
- 单元测试
- 集成测试
- 安全测试
- 回归测试
### 3. 事件响应
**自动化响应:**
- 事件检测
- 自动遏制
- 通知告警
- 证据收集
### 4. 合规检查
**自动化合规:**
- 配置检查
- 策略验证
- 报告生成
- 修复建议
## 工具和框架
### 漏洞扫描自动化
**使用Nessus API:**
```python
import requests
# 创建扫描
def create_scan(target, scan_name):
url = "https://nessus:8834/scans"
headers = {"X-ApiKeys": "access_key:secret_key"}
data = {
"uuid": "template-uuid",
"settings": {
"name": scan_name,
"text_targets": target
}
}
response = requests.post(url, json=data, headers=headers)
return response.json()
# 启动扫描
def launch_scan(scan_id):
url = f"https://nessus:8834/scans/{scan_id}/launch"
headers = {"X-ApiKeys": "access_key:secret_key"}
response = requests.post(url, headers=headers)
return response.json()
```
**使用OpenVAS API:**
```python
from gvm.connections import UnixSocketConnection
from gvm.protocols.gmp import Gmp
# 连接OpenVAS
connection = UnixSocketConnection()
gmp = Gmp(connection)
gmp.authenticate('username', 'password')
# 创建扫描任务
target = gmp.create_target(name='target', hosts=['192.168.1.0/24'])
config = gmp.get_configs()[0]
scanner = gmp.get_scanners()[0]
task = gmp.create_task(
name='scan_task',
config_id=config['id'],
target_id=target['id'],
scanner_id=scanner['id']
)
# 启动扫描
gmp.start_task(task['id'])
```
### CI/CD集成
**Jenkins Pipeline:**
```groovy
pipeline {
agent any
stages {
stage('Security Scan') {
steps {
sh 'npm audit'
sh 'snyk test'
sh 'sonar-scanner'
}
}
stage('Vulnerability Scan') {
steps {
sh 'nmap --script vuln target'
}
}
}
post {
always {
publishHTML([
reportDir: 'reports',
reportFiles: 'report.html',
reportName: 'Security Report'
])
}
}
}
```
**GitHub Actions:**
```yaml
name: Security Scan
on: [push, pull_request]
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Run Snyk
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: Run SonarQube
uses: sonarsource/sonarqube-scan-action@master
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
```
### 安全测试自动化
**使用OWASP ZAP:**
```python
from zapv2 import ZAPv2
# 启动ZAP
zap = ZAPv2(proxies={'http': 'http://127.0.0.1:8080'})
# 开始扫描
zap.urlopen('http://target.com')
zap.spider.scan('http://target.com')
while int(zap.spider.status()) < 100:
time.sleep(1)
# 主动扫描
zap.ascan.scan('http://target.com')
while int(zap.ascan.status()) < 100:
time.sleep(1)
# 获取结果
alerts = zap.core.alerts()
```
**使用Burp Suite:**
```python
from burp import IBurpExtender, IScannerCheck
class BurpExtender(IBurpExtender, IScannerCheck):
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
callbacks.setExtensionName("Security Automation")
callbacks.registerScannerCheck(self)
def doPassiveScan(self, baseRequestResponse):
# 被动扫描逻辑
return None
def doActiveScan(self, baseRequestResponse, insertionPoint):
# 主动扫描逻辑
return None
```
### 事件响应自动化
**使用Splunk:**
```python
import splunklib.client as client
# 连接Splunk
service = client.connect(
host='splunk.example.com',
port=8089,
username='admin',
password='password'
)
# 搜索安全事件
search_query = 'index=security event_type="malware"'
kwargs = {"earliest_time": "-1h", "latest_time": "now"}
search = service.jobs.create(search_query, **kwargs)
# 处理结果
for result in search:
if result['severity'] == 'high':
# 自动响应
send_alert(result)
isolate_system(result['host'])
```
**使用ELK Stack:**
```python
from elasticsearch import Elasticsearch
# 连接Elasticsearch
es = Elasticsearch(['localhost:9200'])
# 搜索安全事件
query = {
"query": {
"match": {
"event_type": "intrusion"
}
}
}
results = es.search(index="security", body=query)
# 自动响应
for hit in results['hits']['hits']:
if hit['_source']['severity'] == 'critical':
# 自动遏制
block_ip(hit['_source']['src_ip'])
send_alert(hit['_source'])
```
## 自动化脚本
### 漏洞扫描脚本
```python
#!/usr/bin/env python3
import subprocess
import json
import smtplib
from email.mime.text import MIMEText
def run_nmap_scan(target):
"""运行Nmap扫描"""
result = subprocess.run(
['nmap', '--script', 'vuln', '-oJ', '-', target],
capture_output=True,
text=True
)
return json.loads(result.stdout)
def analyze_results(results):
"""分析扫描结果"""
vulnerabilities = []
for host in results.get('hosts', []):
for port in host.get('ports', []):
for script in port.get('scripts', []):
if script.get('id') == 'vuln':
vulnerabilities.append({
'host': host['address'],
'port': port['portid'],
'vuln': script.get('output', '')
})
return vulnerabilities
def send_report(vulnerabilities):
"""发送报告"""
if vulnerabilities:
msg = MIMEText(f"发现 {len(vulnerabilities)} 个漏洞")
msg['Subject'] = '漏洞扫描报告'
msg['From'] = 'security@example.com'
msg['To'] = 'admin@example.com'
server = smtplib.SMTP('smtp.example.com')
server.send_message(msg)
server.quit()
if __name__ == '__main__':
target = '192.168.1.0/24'
results = run_nmap_scan(target)
vulnerabilities = analyze_results(results)
send_report(vulnerabilities)
```
### 配置检查脚本
```python
#!/usr/bin/env python3
import boto3
import jsonMore from this repository
漏洞分诊专员Subagent
基于攻击面与证据线索进行漏洞候选筛选、优先级排序与“验证路径”设计(以证据为中心,不直接武器化),并要求主 Agent 提供完整目标与输入证据。
Plan-Execute 规划主代理Subagent
plan_execute 模式下的规划/重规划侧主代理:拆解目标、修订计划,由执行器调用 MCP 工具落地(不使用 Deep 的 task 子代理);计划中每步须含完整目标与范围,禁止让执行器凭猜测补全 URL/IP。
Supervisor 监督主代理Subagent
supervisor 模式下的协调者:通过 transfer 委派专家子代理,必要时亲自使用 MCP;完成目标时用 exit 结束(运行时会追加专家列表与 exit 说明);transfer 前必须提供完整目标与范围。
find-skillsSkill
Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express interest in extending capabilities. This skill should be used when the user is looking for functionality that might exist as an installable skill.
api-security-testingSkill
API安全测试的专业技能和方法论
business-logic-testingSkill
业务逻辑漏洞测试的专业技能和方法论
cloud-security-auditSkill
云安全审计的专业技能和方法论
command-injection-testingSkill
命令注入漏洞测试的专业技能和方法论