Stats
Actions
Tags
Detects credential stuffing attacks in auth logs via login rate anomalies, ASN/IP diversity, password spray patterns, and failed login geo distributions using Python/pandas on Splunk/raw data. For account takeover hunting.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills-zh:hunting-credential-stuffing-attacksThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
分析认证日志,通过识别分布式登录失败、高 IP 多样性和可疑 ASN 分布等模式,检测凭据填充(credential stuffing)攻击。
分析认证日志,通过识别分布式登录失败、高 IP 多样性和可疑 ASN 分布等模式,检测凭据填充(credential stuffing)攻击。
import pandas as pd
from collections import Counter
# 加载认证日志
df = pd.read_csv("auth_logs.csv", parse_dates=["timestamp"])
# 凭据填充指标:多个 IP 尝试少数账户
ip_per_account = df[df["status"] == "failed"].groupby("username")["source_ip"].nunique()
accounts_under_attack = ip_per_account[ip_per_account > 50]
关键检测指标:
# 密码喷洒:一个密码尝试多个账户
spray = df[df["status"] == "failed"].groupby(["source_ip", "password_hash"]).agg(
accounts=("username", "nunique")).reset_index()
sprays = spray[spray["accounts"] > 10]
npx claudepluginhub killvxk/cybersecurity-skills-zhDetects credential stuffing attacks in auth logs using Python/pandas for IP diversity, login velocity anomalies, password sprays, and geo distribution. For threat hunting or building detection rules.
Detects credential stuffing attacks by analyzing authentication logs for login velocity anomalies, ASN diversity, password spray patterns, and geographic distribution of failed logins. Uses statistical analysis on Splunk or raw log data.
Detects credential stuffing attacks by analyzing authentication logs for login velocity anomalies, ASN diversity, password spray patterns, and geographic distribution of failed logins. Uses statistical analysis on Splunk or raw log data.