‹ 首页

vulnerability-scanning-assessment

@masriyan · 收录于 1 周前

Dependency auditing, CVE detection, configuration security review, CVSS scoring, and prioritized vulnerability reporting

适合你,如果需要在开发或部署前发现并修复已知安全漏洞。

/ 下载安装
vulnerability-scanning-assessment.skill双击,或拖进 Claude 桌面版 / Cowork,即完成安装↓ .skill↓ .zip
用别的 agent?下载 .zip 解压,把文件夹放进它的技能目录
Claude Code~/.claude/skills/(项目级 .claude/skills/)
Codex CLI~/.codex/skills/
Cursor自动读取上面两处目录
其他工具见其文档的「skills」目录;两个下载是同一份文件,只是名字不同
/ 通过 npx 安装 校验哈希
npx oh-my-skill add masriyan/claude-code-cybersecurity-skill/vulnerability-scanning-assessment
/ 通过 bash 安装
curl -fsSL https://oh-my-skill.com/install.sh | bash -s -- masriyan/claude-code-cybersecurity-skill/vulnerability-scanning-assessment
/ 已经装过?验证本机副本,不用重装
npx oh-my-skill verify masriyan/claude-code-cybersecurity-skill/vulnerability-scanning-assessment
安装目标可用 --agent / --scope 或 --to 明确指定;省略时只会在唯一已存在的 agent 目录上自动选择,零命中或多命中会停止并提示。content_hash 缺失或不一致均拒装。
160GitHub stars
~2.6K最小装载
~8K含声明引用
~8.2K文本包总量
镜像托管

怎么用

技能原文 SKILL.md作者撰写 · MIT · 2c864e3

Vulnerability Scanning & Assessment

Purpose

Enable Claude to perform comprehensive vulnerability assessments by directly analyzing dependency files, configuration files, and scan output — then generating prioritized, actionable reports. Claude identifies vulnerabilities, calculates risk, and prescribes remediation with version specifics.


Activation Triggers

This skill activates when the user asks about:

  • Scanning dependencies for known CVEs
  • Auditing requirements.txt, package.json, go.mod, pom.xml, Cargo.toml
  • Reviewing server configurations for security issues
  • CVSS scoring or severity calculation
  • Vulnerability assessment or security audit reports
  • Checking software versions against known exploits
  • Configuration hardening for nginx, Apache, SSH, Docker, Kubernetes
  • NVD, OSV, or CVE database queries

Prerequisites
pip install requests packaging jinja2 pyyaml

Optional enhanced tools:

  • nuclei — Template-based vulnerability scanner
  • trivy — Container and filesystem scanner
  • nmap with NSE scripts — Network vuln scanning
  • openvas — Full vulnerability management

Core Capabilities
1. Dependency Vulnerability Auditing

Claude can directly read and analyze dependency files:

When the user asks to audit dependencies:

  1. Read the dependency file using Claude's Read tool or ask the user to paste it
  2. Identify package manager from file format:
  3. requirements.txt / Pipfile.lock / pyproject.toml → Python/pip
  4. package.json / package-lock.json / yarn.lock → Node.js/npm
  5. go.mod / go.sum → Go modules
  6. pom.xml / build.gradle → Java/Maven/Gradle
  7. Cargo.toml / Cargo.lock → Rust/Cargo
  8. Gemfile.lock → Ruby/Bundler
  9. composer.lock → PHP/Composer
  10. Extract exact versions for all direct and transitive dependencies
  11. Query vulnerability databases — Claude can search NVD API, OSV, and GitHub Advisory Database for each package+version combination
  12. Calculate CVSS v3.1 severity for each finding
  13. Check for available patches — identify the minimum safe version
  14. Generate prioritized remediation report

Use this command to run the automated audit:

python scripts/dependency_auditor.py --project-dir ./myapp --format json --output audit.json
python scripts/dependency_auditor.py --requirements requirements.txt --severity high,critical

Claude's native analysis — When running without scripts, analyze pasted dependency content directly:

  • Flag packages with >= , *, or missing version pins (supply chain risk)
  • Identify known high-risk packages (log4j, spring-core, struts, etc.)
  • Cross-reference with CISA KEV (Known Exploited Vulnerabilities) catalog
2. Configuration Security Auditing

Claude can directly read and analyze configuration files:

When the user asks to audit a configuration:

Nginx Audit Checklist
[ ] ssl_protocols — Must NOT include SSLv2, SSLv3, TLSv1, TLSv1.1
[ ] ssl_ciphers — Must not include RC4, DES, MD5, EXPORT ciphers
[ ] server_tokens — Should be 'off' (hides version)
[ ] add_header X-Frame-Options — Required (SAMEORIGIN or DENY)
[ ] add_header X-Content-Type-Options — Required (nosniff)
[ ] add_header Strict-Transport-Security — Required (min 1 year)
[ ] add_header Content-Security-Policy — Required
[ ] autoindex — Must be 'off' (prevents directory listing)
[ ] client_max_body_size — Should be set (prevents DoS)
[ ] access_log / error_log — Must be enabled
SSH (sshd_config) Audit Checklist
[ ] PermitRootLogin — Should be 'no' or 'prohibit-password'
[ ] PasswordAuthentication — Should be 'no' (key-only)
[ ] PermitEmptyPasswords — Must be 'no'
[ ] Protocol — Should be '2' only
[ ] Port — Consider non-default port
[ ] AllowUsers / AllowGroups — Explicit allowlist preferred
[ ] MaxAuthTries — Should be 3-5
[ ] LoginGraceTime — Should be 30-60s
[ ] ClientAliveInterval — Enable session timeout
[ ] X11Forwarding — Should be 'no' if unused
[ ] UsePAM — Review PAM configuration
Docker/Dockerfile Audit Checklist
[ ] USER — Must not run as root; add non-root user
[ ] Image tags — Must not use 'latest'; pin specific digest
[ ] COPY vs ADD — Prefer COPY; ADD has implicit extraction risks
[ ] Secrets — No RUN commands with passwords/tokens
[ ] Multi-stage builds — Minimize attack surface
[ ] HEALTHCHECK — Define health monitoring
[ ] .dockerignore — Exclude .env, keys, secrets
[ ] Read-only filesystem — Use --read-only where possible
Kubernetes YAML Audit Checklist
[ ] securityContext.runAsNonRoot — Must be true
[ ] securityContext.readOnlyRootFilesystem — Should be true
[ ] securityContext.allowPrivilegeEscalation — Must be false
[ ] capabilities — Drop ALL, add only required
[ ] resources.limits — CPU and memory limits required
[ ] NetworkPolicy — Restrict pod-to-pod communication
[ ] ServiceAccount — Disable automount if not needed
[ ] secrets — Use sealed secrets or external vaults
[ ] hostPID/hostIPC/hostNetwork — Must be false
[ ] privileged — Must never be true in production
3. CVSS v3.1 Scoring

When the user asks to calculate CVSS or assess severity:

Claude can calculate CVSS v3.1 scores from the vector string or from a vulnerability description:

CVSS v3.1 Metrics: | Metric | Values | Description | |--------|--------|-------------| | Attack Vector (AV) | N/A/L/P | Network/Adjacent/Local/Physical | | Attack Complexity (AC) | L/H | Low/High | | Privileges Required (PR) | N/L/H | None/Low/High | | User Interaction (UI) | N/R | None/Required | | Scope (S) | U/C | Unchanged/Changed | | Confidentiality (C) | N/L/H | None/Low/High | | Integrity (I) | N/L/H | None/Low/High | | Availability (A) | N/L/H | None/Low/High |

Severity Ranges: | Score | Severity | |-------|----------| | 0.0 | None | | 0.1–3.9 | Low | | 4.0–6.9 | Medium | | 7.0–8.9 | High | | 9.0–10.0 | Critical |

Example calculation:

  • Remote unauthenticated RCE: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H → 10.0 (Critical)
  • Local privilege escalation: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H → 7.8 (High)
python scripts/cvss_calculator.py --vector "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
4. Network Vulnerability Scanning Integration

When the user provides Nmap scan results or asks to scan for vulnerabilities:

  1. Parse Nmap XML/grepable output for open services and versions
  2. Map each service+version to known CVEs
  3. Flag services with default credentials (check CVE/common credential lists)
  4. Identify critical misconfigurations (anonymous FTP, open relay, telnet, etc.)
  5. Provide targeted Nmap NSE script commands for deeper testing:
# Vulnerability scanning with NSE
nmap -sV --script vuln -p 80,443,22,21,3389 target.com

# SMB vulnerability check (EternalBlue, etc.)
nmap -p 445 --script smb-vuln* target.com

# SSL/TLS vulnerability check
nmap -p 443 --script ssl-enum-ciphers,ssl-heartbleed,ssl-poodle target.com
5. Vulnerability Report Generation

When the user asks for a vulnerability report:

Generate reports in this structure:

# Vulnerability Assessment Report
**Target:** [Target Name/IP Range]
**Date:** [Date]
**Scope:** [Authorized scope]
**Assessor:** [Name]

---

## Executive Summary
[2-3 sentences: what was tested, total findings by severity, top risk]

## Finding Summary
| Severity | Count | Examples |
|----------|-------|---------|
| Critical | 2 | CVE-2021-44228 (Log4Shell), Unauthenticated RCE |
| High | 5 | Outdated TLS, SQLi in /api/users |
| Medium | 12 | Missing security headers, verbose errors |
| Low | 8 | Information disclosure, weak ciphers |
| Info | 15 | Version disclosure, directory listing |

---

## Findings Detail

### CRITICAL-01: [Finding Title]
**CVSS:** 9.8 (Critical) | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
**Affected:** [Package/Service] [Version]
**CVE:** [CVE-ID]
**Description:** [Clear technical description]
**Evidence:** [Proof the vulnerability exists]
**Remediation:** Upgrade to [Package] >= [SafeVersion]
**References:** [CVE link, advisory]

---

## Remediation Roadmap
| Priority | Action | Effort | Risk Reduction |
|----------|--------|--------|----------------|
| Immediate | Patch Log4j to 2.17.1+ | Low | Critical |
| This week | Upgrade express to 4.18.2 | Low | High |
| This month | Enable WAF rules | Medium | Medium |

Output Standards

Always produce findings with:

  • CVE ID (where applicable)
  • CVSS v3.1 score and vector
  • Affected version and safe version
  • PoC evidence (non-destructive confirmation only)
  • Remediation steps with specific version numbers
  • Compliance mapping (PCI-DSS, SOC2, CIS) where relevant

Script Reference
dependency_auditor.py
python scripts/dependency_auditor.py --project-dir ./myapp --format json --output audit.json
python scripts/dependency_auditor.py --requirements requirements.txt --severity high,critical
config_auditor.py
python scripts/config_auditor.py --type nginx --config /etc/nginx/nginx.conf --output audit.json
python scripts/config_auditor.py --type sshd --config /etc/ssh/sshd_config
python scripts/config_auditor.py --type dockerfile --config Dockerfile
cvss_calculator.py
python scripts/cvss_calculator.py --vector "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
python scripts/cvss_calculator.py --interactive

Skill Integration

| Condition | Next Skill | |-----------|------------| | Vulnerabilities confirmed → develop PoC | → Skill 03 (Exploit Development) | | Vulnerabilities found → apply fixes | → Skill 15 (Blue Team Defense) | | Auto-ticket for SOC | → Skill 11 (CSOC Automation) | | Discovered during recon | ← Skill 01 (Recon & OSINT) |


References

v3.0 Enhancements (2026 Update)

Risk-based prioritization beyond raw CVSS:

  • CVSS 4.0 — score with the current standard (Base/Threat/Environmental/Supplemental); show the vector string and note when only v3.1 data exists.
  • EPSS + CISA KEV — combine CVSS severity × EPSS exploit-probability × KEV membership. A medium-CVSS CVE that is in the CISA Known Exploited Vulnerabilities catalog or has high EPSS outranks a high-CVSS CVE with no exploitation signal. Always state "patch-first" order on this combined basis.
  • SBOM + VEX — generate a CycloneDX/SPDX SBOM of the project and emit VEX statements (affected / not_affected / fixed) so consumers know which CVEs are actually reachable.
  • Reachability analysis — flag whether a vulnerable function is actually called (call-graph/import reachability) to cut false-positive noise from transitive deps.
  • OSV.dev — query the OSV API for ecosystem-precise advisories (PyPI, npm, Go, crates, Maven) in addition to NVD.

Output rule: every finding row carries CVSS | EPSS | KEV(Y/N) | Reachable(Y/N/Unknown) | Fix.

Added references
按 MIT 许可原样转载,未经改动 · 在 GitHub 查看 →

评论

登录即可评论;带「已验证安装」的,是发布者名下有本店的安装或持有记录。