Baitroute: The Web Honeypot That Turns the Tables on Attackers

by · Published · Updated

Baitroute

A web honeypot project that serves realistic, vulnerable-looking endpoints to detect vulnerability scans and mislead attackers by providing false positive results. It can be imported as a library into your project and is ready to use with its rules. Go, Python and Javascript implementations are available.

Why Do We Need This?

  1. Early Warning System: You will get an alert when an attacker tries to exploit a decoy vulnerability that Baitroute serves. You will get notified about that attempt. You can view attacker information (IP, headers, request body etc.).

  2. Waste Attacker’s Time: When you enable all rules, attackers’ vulnerability scans become a mess with false-positive results. They’ll waste considerable time trying to determine which vulnerabilities are genuine. Following screenshot is taken from a Nuclei scan:

Features

  • Easy Integration: Seamlessly integrates with popular web frameworks in Go, Python, and Javascript
  • Minimal Overhead: Runs alongside your existing application without impacting performance
  • Ready-to-use Rules: Baitroute comes with a set of ready-to-use vulnerability/misconfiguration rules that you can use out of the box.
  • Configurable: You can easily create and add your own rules. Configure status codes, headers, and response bodies to create realistic-looking endpoints
  • Selective Loading: You don’t need to load all rules—just load the bait rules you require.
  • Alert Integration: You can send alerts to other systems such as Sentry, Datadog, Slack or various SIEM software.

Supported Languages and Frameworks

The library currently supports the following languages and frameworks:

Go

  • Standard net/http package
  • Fiber
  • Gin
  • Chi
  • Echo
  • FastHTTP

Python

  • Flask
  • FastAPI
  • Django

JavaScript (Experimental)

  • Express
  • Node.js

Install & Use

Tags: