Skill72 repo starsupdated 11d ago
Vulnerability Scanning & Assessment
Dependency auditing, CVE detection, configuration security review, CVSS scoring, and prioritized vulnerability reporting
Install in Claude Code
Copygit clone --depth 1 https://github.com/Masriyan/Claude-Code-CyberSecurity-Skill /tmp/vulnerability-scanning-assessment && cp -r /tmp/vulnerability-scanning-assessment/skills/02-vulnerability-scanner ~/.claude/skills/vulnerability-scanning-assessmentThen start a new Claude Code session; the skill loads automatically.
Definition
SKILL.md
# Vulnerability Scanning & Assessment ## Purpose Enable Claude to perform comprehensive vulnerability assessments by directly analyzing dependency files, configuration files, and scan output — then generating prioritized, actionable reports. Claude identifies vulnerabilities, calculates risk, and prescribes remediation with version specifics. --- ## Activation Triggers This skill activates when the user asks about: - Scanning dependencies for known CVEs - Auditing `requirements.txt`, `package.json`, `go.mod`, `pom.xml`, `Cargo.toml` - Reviewing server configurations for security issues - CVSS scoring or severity calculation - Vulnerability assessment or security audit reports - Checking software versions against known exploits - Configuration hardening for nginx, Apache, SSH, Docker, Kubernetes - NVD, OSV, or CVE database queries --- ## Prerequisites ```bash pip install requests packaging jinja2 pyyaml ``` **Optional enhanced tools:** - `nuclei` — Template-based vulnerability scanner - `trivy` — Container and filesystem scanner - `nmap` with NSE scripts — Network vuln scanning - `openvas` — Full vulnerability management --- ## Core Capabilities ### 1. Dependency Vulnerability Auditing Claude can directly read and analyze dependency files: **When the user asks to audit dependencies:** 1. **Read the dependency file** using Claude's Read tool or ask the user to paste it 2. **Identify package manager** from file format: - `requirements.txt` / `Pipfile.lock` / `pyproject.toml` → Python/pip - `package.json` / `package-lock.json` / `yarn.lock` → Node.js/npm - `go.mod` / `go.sum` → Go modules - `pom.xml` / `build.gradle` → Java/Maven/Gradle - `Cargo.toml` / `Cargo.lock` → Rust/Cargo - `Gemfile.lock` → Ruby/Bundler - `composer.lock` → PHP/Composer 3. **Extract exact versions** for all direct and transitive dependencies 4. **Query vulnerability databases** — Claude can search NVD API, OSV, and GitHub Advisory Database for each package+version combination 5. **Calculate CVSS v3.1 severity** for each finding 6. **Check for available patches** — identify the minimum safe version 7. **Generate prioritized remediation report** **Use this command to run the automated audit:** ```bash python scripts/dependency_auditor.py --project-dir ./myapp --format json --output audit.json python scripts/dependency_auditor.py --requirements requirements.txt --severity high,critical ``` **Claude's native analysis** — When running without scripts, analyze pasted dependency content directly: - Flag packages with `>= `, `*`, or missing version pins (supply chain risk) - Identify known high-risk packages (log4j, spring-core, struts, etc.) - Cross-reference with CISA KEV (Known Exploited Vulnerabilities) catalog ### 2. Configuration Security Auditing Claude can directly read and analyze configuration files: **When the user asks to audit a configuration:** #### Nginx Audit Checklist ``` [ ] ssl_protocols — Must NOT include SSLv2, SSLv3, TLSv1, TLSv1.1 [ ] ssl_ciphers — Must not include RC4, DES, MD5, EXPORT ciphers [ ] server_tokens — Should be 'off' (hides version) [ ] add_header X-Frame-Options — Required (SAMEORIGIN or DENY) [ ] add_header X-Content-Type-Options — Required (nosniff) [ ] add_header Strict-Transport-Security — Required (min 1 year) [ ] add_header Content-Security-Policy — Required [ ] autoindex — Must be 'off' (prevents directory listing) [ ] client_max_body_size — Should be set (prevents DoS) [ ] access_log / error_log — Must be enabled ``` #### SSH (sshd_config) Audit Checklist ``` [ ] PermitRootLogin — Should be 'no' or 'prohibit-password' [ ] PasswordAuthentication — Should be 'no' (key-only) [ ] PermitEmptyPasswords — Must be 'no' [ ] Protocol — Should be '2' only [ ] Port — Consider non-default port [ ] AllowUsers / AllowGroups — Explicit allowlist preferred [ ] MaxAuthTries — Should be 3-5 [ ] LoginGraceTime — Should be 30-60s [ ] ClientAliveInterval — Enable session timeout [ ] X11Forwarding — Should be 'no' if unused [ ] UsePAM — Review PAM configuration ``` #### Docker/Dockerfile Audit Checklist ``` [ ] USER — Must not run as root; add non-root user [ ] Image tags — Must not use 'latest'; pin specific digest [ ] COPY vs ADD — Prefer COPY; ADD has implicit extraction risks [ ] Secrets — No RUN commands with passwords/tokens [ ] Multi-stage builds — Minimize attack surface [ ] HEALTHCHECK — Define health monitoring [ ] .dockerignore — Exclude .env, keys, secrets [ ] Read-only filesystem — Use --read-only where possible ``` #### Kubernetes YAML Audit Checklist ``` [ ] securityContext.runAsNonRoot — Must be true [ ] securityContext.readOnlyRootFilesystem — Should be true [ ] securityContext.allowPrivilegeEscalation — Must be false [ ] capabilities — Drop ALL, add only required [ ] resources.limits — CPU and memory limits required [ ] NetworkPolicy — Restrict pod-to-pod communication [ ] ServiceAccount — Disable automount if not needed [ ] secrets — Use sealed secrets or external vaults [ ] hostPID/hostIPC/hostNetwork — Must be false [ ] privileged — Must never be true in production ``` ### 3. CVSS v3.1 Scoring **When the user asks to calculate CVSS or assess severity:** Claude can calculate CVSS v3.1 scores from the vector string or from a vulnerability description: **CVSS v3.1 Metrics:** | Metric | Values | Description | |--------|--------|-------------| | Attack Vector (AV) | N/A/L/P | Network/Adjacent/Local/Physical | | Attack Complexity (AC) | L/H | Low/High | | Privileges Required (PR) | N/L/H | None/Low/High | | User Interaction (UI) | N/R | None/Required | | Scope (S) | U/C | Unchanged/Changed | | Confidentiality (C) | N/L/H | None/Low/High | | Integrity (I) | N/L/H | None/Low/High | | Availability (A) | N/L/H | None/Low/High | **Severity Ranges:** | Score | Severity | |-------|----------| | 0.0 | None | | 0.1–3.9 | Low | | 4.0–6.9 | Medium | | 7.0–8.9 | High | | 9.0–10.0 | Critical | **Example calculation:** - Remote unauthenticated RCE: `AV:
More from this repository
Reconnaissance & OSINT AutomationSkill
Passive and active reconnaissance, subdomain enumeration, DNS analysis, technology fingerprinting, and OSINT data correlation for authorized security assessments
Exploit Development & Payload EngineeringSkill
Proof-of-concept development, payload crafting, shellcode analysis, and exploitation technique research for authorized security testing
Reverse Engineering & Binary AnalysisSkill
Binary analysis, assembly interpretation, disassembly, decompilation, firmware RE, and protocol reverse engineering
Malware Analysis & SandboxingSkill
Static and dynamic malware analysis, YARA rule generation, sandbox configuration, behavioral profiling, and malware family classification
Threat Hunting & IOC AnalysisSkill
IOC extraction, threat intelligence correlation, MITRE ATT&CK mapping, hunt hypothesis generation, and detection rule creation
Incident Response & Digital ForensicsSkill
IR playbook execution, evidence collection, forensic timeline analysis, memory forensics, and post-incident reporting following NIST SP 800-61 and SANS PICERL methodology
Network Security & Traffic AnalysisSkill
Network traffic analysis, PCAP parsing, IDS/IPS rule creation, firewall configuration auditing, and network anomaly detection
Web Application Security TestingSkill
OWASP Top 10 testing, injection vulnerability detection, API security assessment, authentication testing, and web vulnerability reporting for authorized assessments