What is the pricing for express-brute?

express-brute is a free Application Security tool. This makes it accessible for organizations of all sizes, from startups to enterprises. Visit https://github.com/AdamPflug/express-brute/ for download and installation instructions.

What are alternatives to express-brute?

Popular alternatives to express-brute include: 1. Orca API Security - Agentless cloud API discovery, posture management, and drift detection. (Commercial) 2. Sense Defence Advanced Rate Limiting - Advanced rate limiting solution for web apps and APIs with AI-driven controls (Commercial) 3. Cequence AI Gateway - Unified platform for API security, bot management, and AI gateway protection (Commercial) 4. Traceable AppSec - Platform for API & app security with discovery, testing, and protection (Commercial) 5. Imperva API Security - Unified API security platform for discovery, risk assessment, and mitigation (Commercial) Compare these tools and more at https://cybersectools.com/categories/application-security

Who should use express-brute?

express-brute is for security teams and organizations that need Brute Force. It's particularly suitable for small to medium-sized teams looking for cost-effective solutions. Other Application Security tools can be found at https://cybersectools.com/categories/application-security

express-brute

A brute-force protection middleware for express routes that rate-limits incoming requests.

Free568

Visit Website

Compare

Free568

express-brute

A brute-force protection middleware for express routes that rate-limits incoming requests.

Visit Website

Data verified Apr 2026

Explore Application Security 48 Alternatives Compare Stacks Market Map Explore All Tools

ADYour product here. Reach security decision-makers.Launch a campaign

express-brute Description

Application Security/API Security

Brute Force

A brute-force protection middleware for express routes that rate-limits incoming requests, increasing the delay with each request in a fibonacci-like sequence. Installation via npm: $ npm install express-brute A Simple Example var ExpressBrute = require('express-brute'); // stores state locally, don't use this in production var store = new ExpressBrute.MemoryStore(); var bruteforce = new ExpressBrute(store); app.post('/auth', bruteforce.prevent, // error 429 if we hit this route too often function (req, res, next) { res.send('Success!'); }); Classes ExpressBrute(store, options) store An instance of ExpressBrute.MemoryStore or some other ExpressBrute store (see a list of known stores below). options freeRetries The number of retries the user has before they need to start waiting (default: 2) minWait The initial wait time (in milliseconds) after the user runs out of retries (default: 500 milliseconds) maxWait The maximum amount of time (in milliseconds) between requests the user needs to wait (default: 15 minutes). The wait for a given request is determined by adding the time the user needed to wait for the previous two requests. lifetime The length of time (in seconds)

express-brute Description

Application Security/API Security

Brute Force

express-brute FAQ

Common questions about express-brute including features, pricing, alternatives, and user reviews.

express-brute is A brute-force protection middleware for express routes that rate-limits incoming requests. It is a Application Security solution designed to help security teams with Brute Force.

Have more questions? Browse our categories or search for specific tools.