Stats
Actions
Tags
From asi
Analyzes ModSecurity, AWS WAF, and Cloudflare logs to detect SQL injection campaigns. Parses for patterns like UNION SELECT/OR 1=1/SLEEP, tracks IPs, correlates attempts, generates OWASP reports.
How this skill is triggered — by the user, by Claude, or both
Slash command
/asi:detecting-sql-injection-via-waf-logsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- When investigating security incidents that require detecting sql injection via waf logs
pip install requestspython scripts/agent.py --log-file /var/log/modsec_audit.log --format modsecurity --output sqli_report.json
Rule 942100 triggered: SQL Injection Attack Detected via libinjection
URI: /api/users?id=1' UNION SELECT username,password FROM users--
Source IP: 203.0.113.42 (47 requests in 5 minutes)
Classification: UNION-based SQLi campaign
npx claudepluginhub plurigrid/asi --plugin asiAnalyzes WAF logs (ModSecurity, AWS WAF, Cloudflare) to detect SQL injection attack campaigns, identify patterns, and generate incident reports with OWASP classification.
Parses ModSecurity, AWS WAF, and Cloudflare logs to detect SQL injection campaigns. Identifies SQLi patterns, tracks attackers, correlates multi-stage attempts, and generates OWASP-classified incident reports.
Analyzes ModSecurity, AWS WAF, and Cloudflare logs to detect SQL injection attacks. Identifies patterns (UNION SELECT, OR 1=1, SLEEP(), BENCHMARK()), tracks IP sources, associates multi-stage attempts, generates OWASP-classified reports.