Implements external attack surface management (EASM) using Shodan, Censys, and ProjectDiscovery tools (subfinder, httpx, nuclei) for asset discovery, subdomain enumeration, service fingerprinting, and exposure scoring. Includes a weighted risk scoring algorithm based on OWASP attack surface analysis methodology and the Relative Attack Surface Quotient (RSQ). Use when building continuous ASM programs or performing external reconnaissance for security assessments.
Works with
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versionimplementing-attack-surface-managementExecute the skills CLI command in your project's root directory to begin installation:
Fetches implementing-attack-surface-management from mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate implementing-attack-surface-management. Access via /implementing-attack-surface-management in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Create detailed user stories, acceptance criteria, and feature specs
Example
Generate user stories for 'password reset feature' with acceptance criteria, edge cases, and test scenarios
Reduce spec writing time by 50%, ensure comprehensive coverage
Research competitors, compare features, identify gaps
Example
Analyze 5 competitor products, create feature comparison matrix, suggest differentiation opportunities
Complete competitive research in 2 hours instead of 2 days
Evaluate features using frameworks (RICE, ICE, Kano) and create prioritized backlogs
Example
Score 20 feature ideas using RICE framework, generate prioritized roadmap with rationale
0
total installs
0
this week
8.6K
GitHub stars
0
upvotes
Run in your terminal
0
installs
0
this week
8.6K
stars
| name | implementing-attack-surface-management |
| description | 'Implements external attack surface management (EASM) using Shodan, Censys, and ProjectDiscovery tools (subfinder, httpx, nuclei) for asset discovery, subdomain enumeration, service fingerprinting, and exposure scoring. Includes a weighted risk scoring algorithm based on OWASP attack surface analysis methodology and the Relative Attack Surface Quotient (RSQ). Use when building continuous ASM programs or performing external reconnaissance for security assessments. ' |
| domain | cybersecurity |
| subdomain | offensive-security |
| tags | - attack-surface - reconnaissance - shodan - censys - subfinder - nuclei - asset-discovery |
| version | '1.0' |
| author | mukul975 |
| license | Apache-2.0 |
| nist_csf | - ID.RA-01 - GV.OV-02 - DE.AE-07 |
Use subfinder for passive subdomain discovery leveraging dozens of data sources including certificate transparency logs, DNS datasets, and search engines.
# Install ProjectDiscovery tools
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
# Basic subdomain enumeration
subfinder -d example.com -o subdomains.txt
# Verbose with all sources and recursive enumeration
subfinder -d example.com -all -recursive -o subdomains_full.txt
# Multi-domain enumeration from file
subfinder -dL domains.txt -o all_subdomains.txt
# Using OWASP Amass for deeper enumeration
amass enum -d example.com -passive -o amass_subdomains.txt
# Merge and deduplicate results
cat subdomains.txt amass_subdomains.txt | sort -u > combined_subdomains.txt
Probe discovered subdomains to identify live hosts, technologies, and services.
# HTTP probing with technology detection
cat combined_subdomains.txt | httpx -sc -cl -ct -title -tech-detect \
-follow-redirects -json -o httpx_results.json
# Detailed service fingerprinting
cat combined_subdomains.txt | httpx -sc -cl -ct -title -tech-detect \
-favicon -hash sha256 -jarm -cdn -cname \
-follow-redirects -json -o httpx_detailed.json
Query Shodan for exposed services, open ports, and known vulnerabilities associated with discovered assets.
import shodan
api = shodan.Shodan("YOUR_SHODAN_API_KEY")
# Search by organization
results = api.search("org:\"Example Corp\"")
for service in results["matches"]:
print(f"{service['ip_str']}:{service['port']} - {service.get('product', 'unknown')}")
if service.get("vulns"):
for cve in service["vulns"]:
print(f" CVE: {cve}")
# Search by hostname
results = api.search("hostname:example.com")
# Search by SSL certificate
results = api.search("ssl.cert.subject.cn:example.com")
# Get host details with all services
host = api.host("93.184.216.34")
print(f"IP: {host['ip_str']}")
print(f"Ports: {host['ports']}")
print(f"Vulns: {host.get('vulns', [])}")
Use Censys to discover internet-facing assets through certificate and host search.
from censys.search import CensysHosts, CensysCerts
# Host search
hosts = CensysHosts()
query = hosts.search("services.tls.certificates.leaf.subject.common_name: example.com")
for page in query:
for host in page:
print(f"IP: {host['ip']}")
for service in host.get("services", []):
print(f" Port: {service['port']} Protocol: {service['transport_protocol']}")
print(f" Service: {service.get('service_name', 'unknown')}")
# Certificate transparency search
certs = CensysCerts()
query = certs.search("parsed.names: example.com")
for page in query:
for cert in page:
print(f"Fingerprint: {cert['fingerprint_sha256']}")
print(f"Names: {cert.get('parsed', {}).get('names', [])}")
Run targeted vulnerability scans against discovered assets using Nuclei templates.
# Update nuclei templates
nuclei -ut
# Scan with all templates
cat combined_subdomains.txt | httpx -silent | nuclei -o nuclei_results.txt
# Scan with specific severity
cat combined_subdomains.txt | httpx -silent | \
nuclei -severity critical,high -o critical_findings.txt
# Scan with specific template categories
cat combined_subdomains.txt | httpx -silent | \
nuclei -tags cve,misconfig,exposure -o categorized_findings.txt
# Scan for exposed panels and sensitive files
cat combined_subdomains.txt | httpx -silent | \
nuclei -tags panel,exposure,config -o exposed_panels.txt
Score each asset based on OWASP attack surface analysis principles, using a weighted formula derived from the Relative Attack Surface Quotient (RSQ) and damage-potential-to-effort ratio.
The scoring algorithm considers:
# Exposure Score = sum of weighted factors, normalized to 0-100
# See agent.py for the full implementation
# Run complete ASM pipeline against a target domain
python agent.py \
--domain example.com \
--action full_scan \
--shodan-key YOUR_KEY \
--censys-id YOUR_ID \
--censys-secret YOUR_SECRET \
--output asm_report.json
# Subdomain enumeration only
python agent.py \
--domain example.com \
--action enumerate \
--output subdomains.json
# Exposure scoring on previously discovered assets
python agent.py \
--domain example.com \
--action score \
--input previous_scan.json \
--output scored_assets.json
# Multi-domain scan from file
python agent.py \
--domain-list targets.txt \
--action full_scan \
--output multi_domain_report.json
Make data-driven prioritization decisions faster
Draft PRDs, status updates, and stakeholder presentations
Example
Create executive summary of Q3 roadmap, monthly progress report, feature launch announcement
Save 3-5 hours/week on communication overhead
Prerequisites
Time Estimate
30-60 minutes to see productivity improvements
Steps
Common Pitfalls
✓ Do
✗ Don't
💡 Pro Tips
✓ Use when
Use for user story writing, competitive research, roadmap prioritization, stakeholder communication, and PRD drafting. Best for reducing repetitive documentation and research work.
✗ Avoid when
Avoid for strategic product vision (requires deep customer empathy), pricing decisions (needs market and financial expertise), or when face-to-face customer discovery is more valuable than speed.
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
implementing-attack-surface-management reduced setup friction for our internal harness; good balance of opinion and flexibility.
Keeps context tight: implementing-attack-surface-management is the kind of skill you can hand to a new teammate without a long onboarding doc.
Registry listing for implementing-attack-surface-management matched our evaluation — installs cleanly and behaves as described in the markdown.
implementing-attack-surface-management is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
implementing-attack-surface-management reduced setup friction for our internal harness; good balance of opinion and flexibility.
Keeps context tight: implementing-attack-surface-management is the kind of skill you can hand to a new teammate without a long onboarding doc.
I recommend implementing-attack-surface-management for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
Useful defaults in implementing-attack-surface-management — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
I recommend implementing-attack-surface-management for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
Useful defaults in implementing-attack-surface-management — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
showing 1-10 of 49