Search everything...

Skill

analyzing-api-gateway-access-logs

Parses AWS API Gateway, Kong, and Nginx access logs using pandas to detect BOLA/IDOR attacks, rate limit bypasses, credential scanning, and injection attempts. Useful for investigating API abuse.

Python

npx claudepluginhub killvxk/cybersecurity-skills-zh

Tool Access

This skill uses the workspace's default tool permissions.

Preview

解析 API 网关访问日志，识别攻击模式，包括对象级别授权缺失（BOLA）、过度数据暴露和注入尝试。

Supporting Assets

LICENSEreferences/api-reference.mdscripts/agent.py

SKILL.md

Similar Skills

analyzing-api-gateway-access-logs

5.9k

Parses AWS API Gateway, Kong, and Nginx access logs using pandas to detect BOLA/IDOR attacks, rate limit bypass, credential scanning, and injection attempts.

3 files

cybersecurity-skills

analyzing-api-gateway-access-logs

Parses AWS API Gateway, Kong, and Nginx access logs using pandas to detect BOLA/IDOR attacks, rate limit bypasses, credential scanning, and injection attempts. Useful for investigating API abuse and building threat detection rules.

asi

analyzing-web-server-logs-for-intrusion

Parses Apache and Nginx access logs to detect SQL injection, LFI, directory traversal, web scanner fingerprints, and brute force using regex OWASP patterns, GeoIP enrichment, and request frequency anomalies.

3 files

cybersecurity-skills-zh

Stats

Stars10

Forks1

Last CommitMar 17, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

analyzing-api-gateway-access-logs | cybersecurity-skills-zh | ClaudePluginHub

Back to Skills

Skill

analyzing-api-gateway-access-logs

From cybersecurity-skills-zh

Parses AWS API Gateway, Kong, and Nginx access logs using pandas to detect BOLA/IDOR attacks, rate limit bypasses, credential scanning, and injection attempts. Useful for investigating API abuse.

npx claudepluginhub killvxk/cybersecurity-skills-zh

Tool Access

This skill uses the workspace's default tool permissions.

Preview

解析 API 网关访问日志，识别攻击模式，包括对象级别授权缺失（BOLA）、过度数据暴露和注入尝试。

Supporting Assets

LICENSEreferences/api-reference.mdscripts/agent.py

SKILL.md

分析 API 网关访问日志

使用说明

解析 API 网关访问日志，识别攻击模式，包括对象级别授权缺失（BOLA）、过度数据暴露和注入尝试。

import pandas as pd

df = pd.read_json("api_gateway_logs.json", lines=True)
# 检测 BOLA：同一用户访问大量不同资源 ID
bola = df.groupby(["user_id", "endpoint"]).agg(
    unique_ids=("resource_id", "nunique")).reset_index()
suspicious = bola[bola["unique_ids"] > 50]

关键检测模式：

BOLA/IDOR：顺序资源 ID 枚举
通过 Header 操纵绕过速率限制
凭据扫描（单一来源的 401 激增）
查询参数中的 SQL/NoSQL 注入
只读端点上的异常 HTTP 方法（DELETE、PATCH）

示例

# 检测 401 激增，指示凭据扫描
auth_failures = df[df["status_code"] == 401]
scanner_ips = auth_failures.groupby("source_ip").size()
scanners = scanner_ips[scanner_ips > 100]

Similar Skills

analyzing-api-gateway-access-logs

5.9k

Parses AWS API Gateway, Kong, and Nginx access logs using pandas to detect BOLA/IDOR attacks, rate limit bypass, credential scanning, and injection attempts.

3 files

cybersecurity-skills

analyzing-api-gateway-access-logs

asi

analyzing-web-server-logs-for-intrusion

3 files

cybersecurity-skills-zh

Stats

Stars10

Forks1

Last CommitMar 17, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.