Stats
Actions
Tags
Parses AWS API Gateway, Kong, and Nginx access logs using pandas to detect BOLA/IDOR attacks, rate limit bypasses, credential scanning, and injection attempts. Useful for investigating API abuse.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills-zh:analyzing-api-gateway-access-logsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
解析 API 网关访问日志,识别攻击模式,包括对象级别授权缺失(BOLA)、过度数据暴露和注入尝试。
解析 API 网关访问日志,识别攻击模式,包括对象级别授权缺失(BOLA)、过度数据暴露和注入尝试。
import pandas as pd
df = pd.read_json("api_gateway_logs.json", lines=True)
# 检测 BOLA:同一用户访问大量不同资源 ID
bola = df.groupby(["user_id", "endpoint"]).agg(
unique_ids=("resource_id", "nunique")).reset_index()
suspicious = bola[bola["unique_ids"] > 50]
关键检测模式:
# 检测 401 激增,指示凭据扫描
auth_failures = df[df["status_code"] == 401]
scanner_ips = auth_failures.groupby("source_ip").size()
scanners = scanner_ips[scanner_ips > 100]
npx claudepluginhub killvxk/cybersecurity-skills-zhParses AWS API Gateway, Kong, and Nginx access logs using pandas to detect BOLA/IDOR attacks, rate limit bypasses, credential scanning, and injection attempts. Useful for investigating API abuse and building threat detection rules.
Parses AWS API Gateway, Kong, and Nginx access logs using pandas to detect BOLA/IDOR attacks, rate limit bypasses, credential scanning, and injection attempts. Useful for investigating API abuse and building threat detection rules.
Parses API Gateway access logs (AWS, Kong, Nginx) to detect BOLA/IDOR, rate limit bypass, credential scanning, and injection attempts using pandas.