npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

express-middleware-honeypot

v1.0.9

Published

A middleware that creates a honeypot system to detect and track potential malicious requests while providing fake responses to common attack vectors. It is designed to be used as a development tool to test and analyze the security of your application or h

Downloads

507

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

fox3000foxyfox3000foxy

Keywords

Readme

Express Honeypot Middleware

A middleware that creates a honeypot system to detect and track potential malicious requests while providing fake responses to common attack vectors. It is designed to be used as a development tool to test and analyze the security of your application or handle bot traffic not covered by the main responses. It actually spoof PHP server responses and covers additional endpoints not covered by the main responses.

Features

  • Tracks and logs all incoming traffic
  • Provides fake responses to common attack patterns
  • Simulates WordPress installations
  • Handles various API endpoints with mock data
  • Logs bot activities separately
  • Supports PHP endpoint simulation
  • Includes traffic analysis tools
  • Detects unhandled routes and logs them
  • Automatically adds unhandled routes to the response system
  • Offers detailed logging for bot requests and known paths

Usage

Basic usage:

const express = require('express');
const app = express();
// Initialize the honeypot middleware
// Define known static paths
const knownPaths = [
    '/',
    '/blogs',
    '/write-blog',
    '/logout',
    '/login',
    '/settings',
    '/register',
    '/contact',
    '/cart',
    '/support',
    '/robots.txt',
    '/favicon.ico',
    '/products',
    '/about',
    '/ai',
    '/productsDetails',
    '/bots.txt',
    '/robots.txt',
    '/sitemap.xml',
    '/traffic.txt',

    // My exclusive paths
    '/top',
    '/newTop',
];

// Define known dynamic paths patterns
const knownPatterns = [
    /^\/blogs\/[^\/]+$/, // Matches /blogs/{blogId}
    /^\/assets\/.*$/, // Matches /assets/*
    /^\/blogs\/assets\/.*$/, // Matches /blogs/assets/*
];

// Define known API paths
const knownApiPaths = [
    '/api/cart',
    '/api/cart/list'
];

// Define known API patterns
const knownApiPatterns = [
    /^\/api\/cart\/[^\/]+$/, // Matches /api/cart/{productId}
    /^\/api\/cart\/update\/[^\/]+$/ // Matches /api/cart/update/{productId}
];

require('express-middleware-honeypot')(app, {
    knownPaths,
    knownPatterns,
    knownApiPaths,
    knownApiPatterns
}); // Honeypot
app.listen(3000, () => {
     console.log('Server running on port 3000');
});

You can enable the 404 handler to spoof PHP 404 responses. With 404 handler enabled (spoof PHP 404):

const express = require('express');
const app = express();
// Define known static paths
const knownPaths = [
    '/',
    '/blogs',
    '/write-blog',
    '/logout',
    '/login',
    '/settings',
    '/register',
    '/contact',
    '/cart',
    '/support',
    '/robots.txt',
    '/favicon.ico',
    '/products',
    '/about',
    '/ai',
    '/productsDetails',
    '/bots.txt',
    '/robots.txt',
    '/sitemap.xml',
    '/traffic.txt',

    // My exclusive paths
    '/top',
    '/newTop',
];

// Define known dynamic paths patterns
const knownPatterns = [
    /^\/blogs\/[^\/]+$/, // Matches /blogs/{blogId}
    /^\/assets\/.*$/, // Matches /assets/*
    /^\/blogs\/assets\/.*$/, // Matches /blogs/assets/*
];

// Define known API paths
const knownApiPaths = [
    '/api/cart',
    '/api/cart/list'
];

// Define known API patterns
const knownApiPatterns = [
    /^\/api\/cart\/[^\/]+$/, // Matches /api/cart/{productId}
    /^\/api\/cart\/update\/[^\/]+$/ // Matches /api/cart/update/{productId}
];

require('express-middleware-honeypot')(app, {
    knownPaths,
    knownPatterns,
    knownApiPaths,
    knownApiPatterns,
    is404Handler: true
}); // Honeypot
app.listen(3000, () => {
     console.log('Server running on port 3000');
});

isKnownPath

The middleware includes a function to check if a path is known. It is used to determine if the path is a known path or a bot request. The spoofer can sometimes override the default behavior of your application. This function is used to prevent the spoofer from overriding the default behavior of your application. Add your own known paths and patterns to the knownPaths, knownPatterns, knownApiPaths, or knownApiPatterns arrays in the middleware.

If you want to try it out, try to remove and add /sitemap.xml to the knownPaths array.

Configuration

The middleware automatically handles:

  • Traffic logging to traffic.txt
  • Bot requests logging to bots.txt
  • Known path filtering
  • Mock responses for common attack vectors
  • PHP endpoint simulation
  • WordPress installation simulation

API

Known Paths

The middleware includes a comprehensive list of known paths and patterns that are considered legitimate. These include:

  • Static paths (e.g., '/', '/login', '/register')
  • Dynamic paths (e.g., '/blogs/{blogId}')
  • API paths (e.g., '/api/cart', '/api/cart/{productId}')

You can add your own known paths by adding them to the knownPaths, knownBotsPaths or knownApiPaths arrays in the middleware.

Logging

Traffic is logged in the following format:

Date - IP - Browser - Method - Path - Status - User

Example:

2024-11-20T14:19:37.295Z - 91.247.75.125 - Mozilla/5.0 - GET /sss - 200 - guest

traffic.txt is created in the root of the project. It acts like a PHP server log file. bots.txt is created in the root of the project. It acts like a PHP server log file for logged bot requests. Bots requests are requests that are not covered by known paths.

Analysis Tools Endpoints

Get Unhandled Routes: /newBotsRoute

Get Known Paths: /notCoveredAdditionalEndpoints

Security Considerations

This middleware is designed to be a honeypot system. Make sure to:

  • Not use it on production systems containing sensitive data
  • Monitor the logs regularly
  • Keep the middleware updated with new attack patterns
  • Consider rate limiting and IP blocking for persistent attackers

License

MIT