express-honeypots v0.1.2
ExpressJS honeypots
This repository contains a collection of honeypots for the Express framework.
These honeypots can help ensure false positives for various automated vulnerability scanning tools, which allows for protection against automated attacks, bot attacks, and makes life difficult for hackers (especially beginners).
Installation
To install the honeypots, simply clone the repository or use npm and run the following command:
npm install express-honeypotsUsage
To use the honeypots, simply import the module and use the honeypots function.
import express from 'express';
import honeypots from 'express-honeypots';
const app = express();
app.use(honeypots());
app.listen(3000, () => {
console.log('Server is running on port 3000');
});Also you can enable the honeypots by passing an object with the enabled honeypots
app.use(honeypots({
nextjsStaticFilesHoneypot: true,
nowItsPHP: true,
directoryListing: true,
phpShell: true,
oldApache: true,
dotGit: true,
}));Honeypots
NextJS Static Files Honeypot
This honeypot is designed to mimic the behavior of a NextJS application. It will return a 404 error for any request that contains the string _next/static/.
Now It's PHP
This honeypot provides x-powered-by: PHP in the response headers. This can be used to trick automated scanners into thinking that the server is running PHP.
Old Apache
This honeypot provides the server header Apache/2.2.22 (Ubuntu) in the response headers. This can be used to trick automated scanners into thinking that the server is running an old version of Apache.
Directory Listing
This honeypot is designed to mimic the behavior of an Apache that allows directory listing if /img/ is requested.
PHP Shell
This honeypot simulates a working php shell on /img/a.php
.git
It seems that someone forgot to close access to the repository folder... :)
Results
Contributing
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.