express-brute
A brute-force protection middleware for express routes that rate-limits incoming requests, increasing the delay with each request in a fibonacci-like sequence. Installation via npm: $ npm install express-brute A Simple Example var ExpressBrute = require('express-brute'); // stores state locally, don't use this in production var store = new ExpressBrute.MemoryStore(); var bruteforce = new ExpressBrute(store); app.post('/auth', bruteforce.prevent, // error 429 if we hit this route too often function (req, res, next) { res.send('Success!'); }); Classes ExpressBrute(store, options) store An instance of ExpressBrute.MemoryStore or some other ExpressBrute store (see a list of known stores below). options freeRetries The number of retries the user has before they need to start waiting (default: 2) minWait The initial wait time (in milliseconds) after the user runs out of retries (default: 500 milliseconds) maxWait The maximum amount of time (in milliseconds) between requests the user needs to wait (default: 15 minutes). The wait for a given request is determined by adding the time the user needed to wait for the previous two requests. lifetime The length of time (in seconds)
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
An AI-powered code security tool that analyzes code for vulnerabilities and provides automated fix suggestions to accelerate remediation.
Veracode is an intelligent software security platform that helps developers and security teams secure code, find and fix flaws, and automate remediation.
IDAPython plugin for generating Yara rules/patterns from x86/x86-64 code through parameterization.
A comprehensive application security platform combining specialized services and software tools to help organizations manage vulnerabilities throughout the software development lifecycle.
Automatic authorization enforcement detection extension for Burp Suite
An integrated application security platform that combines multiple security scanning tools with developer-focused workflows for automated code and infrastructure security testing.
Cross-site scripting labs for web application security enthusiasts
A self-managed static code analysis platform that conducts continuous inspection of codebases to identify security vulnerabilities, bugs, and code quality issues.
An open-source web application security scanner framework that identifies vulnerabilities in web applications.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.