npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

express-honeypot

v1.0.3

Published

Express honeypot is a honeypot for remote file inclusion (RFI) and local file inclusion (LFI).<br /> The aim of this project is to catch bots and malwares that are scanning websites and try to upload remote files.<br /> Those RFI / LFI bots use a list of

Downloads

11

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

christophe77christophe77

Keywords

nodejshoneypotexpressremote file inclusionlocal file inclusionrfilfi

Readme

express-honeypot

Express honeypot is a honeypot for remote file inclusion (RFI) and local file inclusion (LFI). The aim of this project is to catch bots and malwares that are scanning websites and try to upload remote files. Those RFI / LFI bots use a list of google dorks in order to search the web for vulnerable website. Express honeypot uses 310 fake urls based on RFI LFI dorks and serves them dynamicaly. Every request to any of the honeypot urls is logged and the remote file is downloaded and safely stored. This honeypot is written in javascript and uses express as web server. A light logs viewer page is available at /beekeeper but I think it needs to have more commands. Developement is still in progress but the core architecture won't change so you are safe to start using it.

How to use

Clone the project and install the dependencies :

git clone https://github.com/christophe77/express-honeypot
cd express-honeypot
yarn install

Edit /express/config.js file. port is the port for the web server. beekeeperCredentials username and password to access /beekeeper url. remoteFileSave choose to save the remote file on your local drive, on dpaste or on both of them. googleVerification is the key given in google search console to validate your website.

Once installed you can start the app with :

yarn start

How it works when deployed

The app starts a web server, generate a sitemap with known vulnerables paths from phpBB, joomla,.... When a visitor opens an url and tries to include a remote file, the informations about the request are stored inside a json file in the /express/hive directory. The remote file used for the inclusion is downloaded inside the hive folder with a .bee extension /express/hive/files/YYYY-MM-DD/filename.ext.bee When an url is opened, a fake page is display with some basic html tags, random text and some SEO for google bots. If the page is opened with a remote file inside the url then the content of the file is added to the response body as if the injection worked. It's displayed in text and no real injection is posible. If you want your honeypot to be effective you need to spread it over search engines. Google search console is the best option to start. When you want to check the logs you have to go to your-website.com/beekeeper

How to add more fake urls

If you want to add urls you have to open /express/pages.js and add new datas.