express-brute Logo

express-brute

0
Free
Visit Website

A brute-force protection middleware for express routes that rate-limits incoming requests, increasing the delay with each request in a fibonacci-like sequence. Installation via npm: $ npm install express-brute A Simple Example var ExpressBrute = require('express-brute'); // stores state locally, don't use this in production var store = new ExpressBrute.MemoryStore(); var bruteforce = new ExpressBrute(store); app.post('/auth', bruteforce.prevent, // error 429 if we hit this route too often function (req, res, next) { res.send('Success!'); }); Classes ExpressBrute(store, options) store An instance of ExpressBrute.MemoryStore or some other ExpressBrute store (see a list of known stores below). options freeRetries The number of retries the user has before they need to start waiting (default: 2) minWait The initial wait time (in milliseconds) after the user runs out of retries (default: 500 milliseconds) maxWait The maximum amount of time (in milliseconds) between requests the user needs to wait (default: 15 minutes). The wait for a given request is determined by adding the time the user needed to wait for the previous two requests. lifetime The length of time (in seconds)

FEATURES

ALTERNATIVES

A simple, secure framework for building scalable applications

OpenRASP directly integrates its protection engine into the application server by instrumentation, providing context-aware protection and detailed stack trace logging.

A popular free security tool for automatically finding security vulnerabilities in web applications

The Contrast Runtime Security Platform is a suite of application security tools that integrates security into the software development lifecycle and production environments, including IAST, SAST, RASP, and SCA capabilities.

A web application firewall solution that monitors, filters, and protects web applications from malicious traffic and common web-based attacks.

A tool for redirecting HTTP and HTTPS requests to other URLs.

Pint is a PIN tool that exposes the PIN API to lua scripts, allowing dynamic instrumentation of binaries.

A Windows Kernel driver intentionally vulnerable to help improve skills in kernel-level exploitation.

PINNED