Stats
Actions
Tags
From cybersec-toolkit
Parses ModSecurity, AWS WAF, and Cloudflare logs to detect SQL injection campaigns. Identifies SQLi patterns, tracks attackers, correlates multi-stage attempts, and generates OWASP-classified incident reports.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersec-toolkit:detecting-sql-injection-via-waf-logsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- When investigating security incidents that require detecting sql injection via waf logs
pip install requestspython scripts/agent.py --log-file /var/log/modsec_audit.log --format modsecurity --output sqli_report.json
Rule 942100 triggered: SQL Injection Attack Detected via libinjection
URI: /api/users?id=1' UNION SELECT username,password FROM users--
Source IP: 203.0.113.42 (47 requests in 5 minutes)
Classification: UNION-based SQLi campaign
npx claudepluginhub 26zl/cybersec-toolkit --plugin cybersec-toolkitParses ModSecurity, AWS WAF, and Cloudflare logs to detect SQL injection campaigns. Identifies SQLi patterns, tracks attackers, correlates multi-stage attempts, and generates OWASP-classified incident reports.
Analyzes ModSecurity, AWS WAF, and Cloudflare logs to detect SQL injection campaigns. Parses for patterns like UNION SELECT/OR 1=1/SLEEP, tracks IPs, correlates attempts, generates OWASP reports.
Analyzes ModSecurity, AWS WAF, and Cloudflare logs to detect SQL injection attacks. Identifies patterns (UNION SELECT, OR 1=1, SLEEP(), BENCHMARK()), tracks IP sources, associates multi-stage attempts, generates OWASP-classified reports.