express-brute Logo

express-brute

0
Free
Visit Website

A brute-force protection middleware for express routes that rate-limits incoming requests, increasing the delay with each request in a fibonacci-like sequence. Installation via npm: $ npm install express-brute A Simple Example var ExpressBrute = require('express-brute'); // stores state locally, don't use this in production var store = new ExpressBrute.MemoryStore(); var bruteforce = new ExpressBrute(store); app.post('/auth', bruteforce.prevent, // error 429 if we hit this route too often function (req, res, next) { res.send('Success!'); }); Classes ExpressBrute(store, options) store An instance of ExpressBrute.MemoryStore or some other ExpressBrute store (see a list of known stores below). options freeRetries The number of retries the user has before they need to start waiting (default: 2) minWait The initial wait time (in milliseconds) after the user runs out of retries (default: 500 milliseconds) maxWait The maximum amount of time (in milliseconds) between requests the user needs to wait (default: 15 minutes). The wait for a given request is determined by adding the time the user needed to wait for the previous two requests. lifetime The length of time (in seconds)

FEATURES

ALTERNATIVES

A collection of mobile security resources with tools, white papers, ebooks, and webinars.

A tool for secure content publishing and verification using offline signing and trusted collections.

EvoMaster is an open-source tool that automatically generates system-level test cases for web APIs using AI-driven techniques.

Dynamic Java code instrumentation kit for Android applications.

Dynamic application security testing tool for identifying and fixing web application vulnerabilities.

DerScanner is a comprehensive application security testing platform that combines SAST, DAST, MAST, SCA, and Binary Analysis capabilities with support for on-premises deployment and CI/CD integration.

BunkerWeb is a next-generation and open-source Web Application Firewall (WAF) with seamless integration and user-friendly customization options.

An enterprise API security platform that combines API discovery, protection, testing, and monitoring capabilities with contextual analysis for comprehensive API ecosystem security.