This repository contains a collection of honeypots for the Express framework.
These honeypots can help ensure false positives for various automated vulnerability scanning tools, which allows for protection against automated attacks, bot attacks, and makes life difficult for hackers (especially beginners).
To install the honeypots, simply clone the repository or use npm and run the following command:
npm install express-honeypotsTo use the honeypots, simply import the module and use the honeypots function.
import express from 'express';
import honeypots from 'express-honeypots';
const app = express();
app.use(honeypots());
app.listen(3000, () => {
console.log('Server is running on port 3000');
});Also you can enable the honeypots by passing an object with the enabled honeypots
app.use(honeypots({
nextjsStaticFilesHoneypot: true,
nowItsPHP: true,
directoryListing: true,
phpShell: true,
oldApache: true,
dotGit: true,
}));This honeypot is designed to mimic the behavior of a NextJS application. It will return a 404 error for any request that contains the string _next/static/.
This honeypot provides x-powered-by: PHP in the response headers. This can be used to trick automated scanners into thinking that the server is running PHP.
This honeypot provides the server header Apache/2.2.22 (Ubuntu) in the response headers. This can be used to trick automated scanners into thinking that the server is running an old version of Apache.
This honeypot is designed to mimic the behavior of an Apache that allows directory listing if /img/ is requested.
This honeypot simulates a working php shell on /img/a.php
It seems that someone forgot to close access to the repository folder... :)
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.