trapdog
v1.0.0
Published
🪤 Automatically detect, log, fingerprint, and block attacks.
Downloads
2
Maintainers
Readme
Installation
npm install trapdog@latest
Setup / Usage
To integrate trapdog with your Express site, simply follow this straightforward example. Ensure that you initialize trapdog after parsing the request body.
[!NOTE] If you intend to utilise the trapdog analyzer, it's essential to utilise a file for your SQLite configuration rather than relying on
:memory:
.
const express = require('express');
const trapdog = require('trapdog');
const app = express();
const port = 3001;
// Parse the request body before using trapdog
app.use(express.urlencoded({ extended: true }));
app.use(express.json());
// Initialize trapdog middleware with your configurations
app.use(trapdog({
// Your trapdog configurations here
}));
// Define your routes
app.get('/', (req, res) => {
res.send('Hello, World!');
});
// Start the server
app.listen(port, () => {
console.log(`Server is running at http://localhost:${port}`);
});
Configuration
[!WARNING] Misconfiguring Trapdog can create security vulnerabilities in your web application and potentially disrupt its functionality. It's essential to properly configure Trapdog to avoid these risks and maintain the integrity of your application.
{
"block": boolean, // Default: true
"xss_confidence": number, // Default: 80
"fingerprint": boolean, // Default: true
"verbose": boolean, // Default: false
"verbose:emoji": boolean, // Default: true
"sqlite": string, // Default: ":memory:"
"hidden": boolean // Default: false
}
List of Modules
- Cross site scripting (XSS) owasp.org ↗
- Sql Injection (SQLI) owasp.org ↗
- Local File Inclusion (LFI) owasp.org ↗
- Regex checks
- Log4J cve.mitre.org ↗