Parses Apache and Nginx access logs to detect SQL injection, LFI, directory traversal, web scanner fingerprints, and brute force using regex OWASP patterns, GeoIP enrichment, and request frequency anomalies.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
1. 安装依赖:`pip install geoip2 user-agents`
Parses Apache and Nginx access logs to detect SQLi, LFI, scanners, and brute-force using OWASP regex patterns, GeoIP enrichment, and request anomaly detection.
Parses Apache and Nginx access logs to detect SQL injection, LFI, directory traversal, web scanners, and brute-force attacks using regex on OWASP signatures, GeoIP enrichment, and request anomaly detection.
Analyzes ModSecurity, AWS WAF, and Cloudflare logs to detect SQL injection attacks. Identifies patterns (UNION SELECT, OR 1=1, SLEEP(), BENCHMARK()), tracks IP sources, associates multi-stage attempts, generates OWASP-classified reports.
Share bugs, ideas, or general feedback.
pip install geoip2 user-agentsUNION SELECT、OR 1=1、' OR '、十六进制编码模式../、/etc/passwd、/proc/self、php://filter<script>、javascript:、onerror=、onload=python scripts/agent.py --log-file /var/log/nginx/access.log --geoip-db GeoLite2-City.mmdb --output web_intrusion_report.json
192.168.1.100 - - [15/Jan/2024:10:30:45 +0000] "GET /products?id=1' UNION SELECT username,password FROM users-- HTTP/1.1" 200 4532
Nikto/2.1.6, sqlmap/1.7, DirBuster-1.0-RC1, gobuster/3.1.0