detecting-sql-injection-via-waf-logs
CommunityDetect SQLi campaigns in WAF logs.
AuthorYukiIto1999
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Identify SQL injection attempts in WAF logs and produce structured findings.
Core Features & Use Cases
- Parse ModSecurity audit logs and JSON WAF logs to extract requests, IPs, and rule IDs.
- Classify SQLi patterns using a broad set of regex rules and map to standard injection types.
- Correlate multiple requests by source IP to identify campaigns and provide both human-readable reports and machine-readable outputs.
Quick Start
Run the agent against your WAF log file to generate a sqli_report.json.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: detecting-sql-injection-via-waf-logs Download link: https://github.com/YukiIto1999/ctf-sleuth/archive/main.zip#detecting-sql-injection-via-waf-logs Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.