Baitroute: The Web Honeypot That Turns the Tables on Attackers

Baitroute

A web honeypot project that serves realistic, vulnerable-looking endpoints to detect vulnerability scans and mislead attackers by providing false positive results. It can be imported as a library into your project and is ready to use with its rules. Go, Python and Javascript implementations are available.

Why Do We Need This?

1. Early Warning System: You will get an alert when an attacker tries to exploit a decoy vulnerability that Baitroute serves. You will get notified about that attempt. You can view attacker information (IP, headers, request body etc.).

2. Waste Attacker’s Time: When you enable all rules, attackers’ vulnerability scans become a mess with false-positive results. They’ll waste considerable time trying to determine which vulnerabilities are genuine. Following screenshot is taken from a Nuclei scan:

Features

• Easy Integration: Seamlessly integrates with popular web frameworks in Go, Python, and Javascript
• Minimal Overhead: Runs alongside your existing application without impacting performance
• Ready-to-use Rules: Baitroute comes with a set of ready-to-use vulnerability/misconfiguration rules that you can use out of the box.
• Configurable: You can easily create and add your own rules. Configure status codes, headers, and response bodies to create realistic-looking endpoints
• Selective Loading: You don’t need to load all rules—just load the bait rules you require.
• Alert Integration: You can send alerts to other systems such as Sentry, Datadog, Slack or various SIEM software.

Supported Languages and Frameworks

The library currently supports the following languages and frameworks:

• Standard net/http package
• Fiber
• Gin
• Chi
• Echo
• FastHTTP

• Flask
• FastAPI
• Django

• Express
• Node.js

Install & Use