Express Honeypot
Express honeypot is a honeypot for remote file inclusion (RFI) and local file inclusion (LFI). The aim of this project is to catch bots and malwares that are scanning websites and try to upload remote files. Those RFI / LFI bots use a list of google dorks in order to search the web for vulnerable websites. Express honeypot uses 310 fake URLs based on RFI LFI dorks and serves them dynamically. Every request to any of the honeypot URLs is logged, and the remote file is downloaded and safely stored. This honeypot is written in JavaScript and uses Express as a web server. A light logs viewer page is available at /beekeeper, but it needs to have more commands. Development is still in progress, but the core architecture won't change, so you are safe to start using it. To use, clone the project and install the dependencies: git clone https://github.com/christophe77/express-honeypot cd express-honeypot yarn install Edit /express/config.js file. Port is the port for the web server. BeekeeperCredentials are the username and password to access /beekeeper URL. RemoteFileSave allows you to choose to save the remote file on your local drive, on dpaste, or on both of them. GoogleVerification is th
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server
A honeypot tool to detect and log CVE-2019-19781 scan and exploitation attempts.
A plugin repository that extends the Honeycomb honeypot framework with additional features and capabilities for enhanced threat detection and analysis.
A WordPress plugin that logs failed login attempts to help monitor unauthorized access attempts on WordPress websites.
A serverless application that creates and monitors fake HTTP endpoints as honeytokens to detect attackers, malicious insiders, and automated threats.
A web-based visualization tool that displays statistics and generates charts from Shockpot honeypot data stored in PostgreSQL databases.
An Apache 2 based honeypot with detection capabilities specifically designed to identify and analyze Struts CVE-2017-5638 exploitation attempts.
PINNED
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.