Automatically detect attacks towards your Express web application by implementing robust security measures. Utilize intrusion detection systems (IDS) and web application firewalls (WAF) to monitor incoming traffic for suspicious patterns and behaviors. Log all detected attacks, including details such as the source IP address, request payload, and timestamps.

Additionally, implement fingerprinting techniques to gather information about the attacker, such as their user-agent string, IP reputation, and behavior history. This information can be invaluable for identifying repeat offenders and implementing targeted mitigation strategies.

npm install trapdog@latest

To integrate trapdog with your Express site, simply follow this straightforward example. Ensure that you initialize trapdog after parsing the request body.

[!NOTE] If you intend to utilise the trapdog analyzer, it's essential to utilise a file for your SQLite configuration rather than relying on :memory:.

const express = require('express');
const trapdog = require('trapdog');

const app = express();
const port = 3001;

// Parse the request body before using trapdog
app.use(express.urlencoded({ extended: true }));
app.use(express.json());

// Initialize trapdog middleware with your configurations
app.use(trapdog({
    // Your trapdog configurations here
}));

// Define your routes
app.get('/', (req, res) => {
  res.send('Hello, World!');
});

// Start the server
app.listen(port, () => {
  console.log(`Server is running at http://localhost:${port}`);
});

[!WARNING] Misconfiguring Trapdog can create security vulnerabilities in your web application and potentially disrupt its functionality. It's essential to properly configure Trapdog to avoid these risks and maintain the integrity of your application.

{
    "block": boolean,         // Default: true
    "xss_confidence": number, // Default: 80
    "fingerprint": boolean,   // Default: true
    "verbose": boolean,       // Default: false
    "verbose:emoji": boolean, // Default: true
    "sqlite": string,         // Default: ":memory:"
    "hidden": boolean         // Default: false
}

• Cross site scripting (XSS) owasp.org ↗
• Sql Injection (SQLI) owasp.org ↗
• Local File Inclusion (LFI) owasp.org ↗
• Regex checks
  • Log4J cve.mitre.org ↗