Express Honeypot

Express honeypot serves as a honeypot specifically designed for detecting remote file inclusion (RFI) and local file inclusion (LFI) vulnerabilities.

The objective of this project is to identify bots and malware that are scanning websites and attempting to upload remote files. These Remote File Inclusion (RFI) and Local File Inclusion (LFI) bots utilize a collection of Google dorks to search for vulnerable websites on the internet. The Express honeypot employs 310 fake URLs based on RFI and LFI dorks, serving them dynamically. Each request made to any of the honeypot URLs is logged, and the remote file is downloaded and securely stored.

This honeypot is developed using JavaScript and utilizes Express as its web server framework. A simple logs viewer page can be accessed at the /beekeeper URL, although it currently lacks additional commands. Development is ongoing; however, the core architecture is stable, allowing you to start using it safely. To get started, clone the project and install the necessary dependencies with the following commands: git clone https://github.com/christophe77/express-honeypot cd express-honeypot yarn install. Next, edit the /express/config.js file. The 'Port' setting specifies the port for the web server. 'BeekeeperCredentials' refers to the username and password required to access the /beekeeper page. The 'RemoteFileSave' option allows you to choose whether to save the remote file on your local drive, on dpaste, or on both. Lastly, 'GoogleVerification' is th