honeyweb-core 1.0.0

package/index V1.js

@@ -0,0 +1,85 @@
+// honeyweb-core/index.js
+const fs = require('fs-extra');
+const path = require('path');
+const cheerio = require('cheerio');
+
+// File path for storing banned IPs automatically
+const DB_FILE = path.join(__dirname, 'blocked-ips.json');
+
+// Ensure the JSON file exists on startup
+if (!fs.existsSync(DB_FILE)) {
+    fs.writeJsonSync(DB_FILE, []);
+}
+
+// Configuration: List of fake trap paths
+// These look like real admin pages to a bot
+const TRAP_PATHS = [
+    '/admin-backup-v2',
+    '/wp-login-hidden',
+    '/db-dump-2024',
+    '/auth/root-access',
+    '/sys/config-safe'
+];
+
+/**
+ * HoneyWeb Middleware
+ * Usage: app.use(honeyWeb());
+ */
+function honeyWeb() {
+    return async (req, res, next) => {
+        const clientIP = req.ip || req.connection.remoteAddress;
+        
+        // 1. LOAD BANNED LIST
+        let bannedIPs = [];
+        try {
+            bannedIPs = await fs.readJson(DB_FILE);
+        } catch (err) {
+            console.error("HoneyWeb: Error reading blocklist", err);
+        }
+
+        // 2. CHECK IF IP IS ALREADY BANNED
+        if (bannedIPs.includes(clientIP)) {
+            console.log(`[HoneyWeb] BLOCKED access from banned IP: ${clientIP}`);
+            return res.status(403).send('<h1>403 Forbidden</h1><p>Your IP has been flagged for suspicious activity.</p>');
+        }
+
+        // 3. CHECK IF TRAP ACCESSED
+        if (TRAP_PATHS.includes(req.path)) {
+            console.log(`[HoneyWeb] 🚨 TRAP TRIGGERED by ${clientIP} on ${req.path}`);
+            
+            // Ban the IP immediately
+            if (!bannedIPs.includes(clientIP)) {
+                bannedIPs.push(clientIP);
+                await fs.writeJson(DB_FILE, bannedIPs);
+            }
+
+            return res.status(403).send('<h1>403 Forbidden</h1><p>You have accessed a restricted area.</p>');
+        }
+
+        // 4. INJECT TRAPS INTO HTML RESPONSES
+        const originalSend = res.send;
+        
+        res.send = function (body) {
+            // Only inject if the content is HTML
+            if (typeof body === 'string' && (body.includes('<html') || body.includes('<body'))) {
+                const $ = cheerio.load(body);
+                
+                // Pick a random trap
+                const trapUrl = TRAP_PATHS[Math.floor(Math.random() * TRAP_PATHS.length)];
+                
+                // Create invisible link (Hidden by CSS)
+                const trapLink = `<a href="${trapUrl}" style="opacity:0; position:absolute; z-index:-999; left:-9999px;">Admin Panel</a>`;
+                
+                // Inject into body
+                $('body').append(trapLink);
+                
+                body = $.html();
+            }
+            originalSend.call(this, body);
+        };
+
+        next();
+    };
+}
+
+module.exports = honeyWeb;

package/index.js

@@ -0,0 +1,113 @@
+// honeyweb-core/index.js
+const fs = require('fs-extra');
+const path = require('path');
+const cheerio = require('cheerio');
+const { GoogleGenerativeAI } = require("@google/generative-ai");
+
+const DB_FILE = path.join(__dirname, 'blocked-ips.json');
+
+// ------------------------------------------------------
+// CONFIGURATION
+// ------------------------------------------------------
+// ⚠️ PASTE YOUR GOOGLE API KEY HERE
+const GOOGLE_API_KEY = 'YOUR_GOOGLE_API_KEY_HERE'; 
+
+const TRAP_PATHS = [
+    '/admin-backup-v2',
+    '/wp-login-hidden',
+    '/db-dump-2024',
+    '/auth/root-access',
+    '/sys/config-safe'
+];
+
+if (!fs.existsSync(DB_FILE)) { fs.writeJsonSync(DB_FILE, []); }
+
+// ------------------------------------------------------
+// AI REPORTING FUNCTION
+// ------------------------------------------------------
+async function generateThreatReport(ip, userAgent, trapPath) {
+    // If you haven't pasted the key yet, skip AI to prevent crash
+    if (GOOGLE_API_KEY === 'YOUR_GOOGLE_API_KEY_HERE') {
+        console.log("⚠️  [HoneyWeb] No Google API Key found. Skipping AI Report.");
+        return;
+    }
+
+    console.log("🤖 [HoneyWeb] Asking Gemini to analyze the attack...");
+
+    try {
+        const genAI = new GoogleGenerativeAI(GOOGLE_API_KEY);
+        
+        const model = genAI.getGenerativeModel({ model: "gemini-2.5-flash" });
+
+        const prompt = `
+            You are a cybersecurity analyst. Analyze this bot attack caught by a honeypot.
+            
+            Attack Details:
+            - IP Address: ${ip}
+            - User-Agent: ${userAgent}
+            - Trap Link Accessed: ${trapPath}
+            
+            Please provide a 1-sentence summary of what kind of threat this is (e.g., reconnaissance, targeted scan) and what they were likely looking for.
+        `;
+
+        const result = await model.generateContent(prompt);
+        const report = result.response.text();
+
+        console.log("\n📝 [HoneyWeb INTELLIGENCE REPORT]");
+        console.log("---------------------------------------------------");
+        console.log(report.trim());
+        console.log("---------------------------------------------------\n");
+
+    } catch (error) {
+        // Detailed error logging to help you debug
+        console.error("❌ [HoneyWeb] Gemini Analysis Failed:", error.message);
+    }
+}
+
+// ------------------------------------------------------
+// MIDDLEWARE LOGIC
+// ------------------------------------------------------
+function honeyWeb() {
+    return async (req, res, next) => {
+        const clientIP = req.ip || req.connection.remoteAddress;
+        
+        // 1. Check Blocklist
+        let bannedIPs = [];
+        try { bannedIPs = await fs.readJson(DB_FILE); } catch (e) {}
+
+        if (bannedIPs.includes(clientIP)) {
+            return res.status(403).send('<h1>403 Forbidden</h1><p>Banned by HoneyWeb.</p>');
+        }
+
+        // 2. Check Trap
+        if (TRAP_PATHS.includes(req.path)) {
+            console.log(`[HoneyWeb] 🚨 TRAP TRIGGERED by ${clientIP}`);
+            
+            if (!bannedIPs.includes(clientIP)) {
+                bannedIPs.push(clientIP);
+                await fs.writeJson(DB_FILE, bannedIPs);
+            }
+
+            // Trigger AI Analysis
+            generateThreatReport(clientIP, req.headers['user-agent'], req.path);
+
+            return res.status(403).send('<h1>403 Forbidden</h1>');
+        }
+
+        // 3. Inject Hidden Links
+        const originalSend = res.send;
+        res.send = function (body) {
+            if (typeof body === 'string' && (body.includes('<html') || body.includes('<body'))) {
+                const $ = cheerio.load(body);
+                const trapUrl = TRAP_PATHS[Math.floor(Math.random() * TRAP_PATHS.length)];
+                $('body').append(`<a href="${trapUrl}" style="opacity:0; position:absolute; z-index:-999;">Admin</a>`);
+                body = $.html();
+            }
+            originalSend.call(this, body);
+        };
+
+        next();
+    };
+}
+
+module.exports = honeyWeb;

package/package.json

@@ -0,0 +1,18 @@
+{
+  "name": "honeyweb-core",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "type": "commonjs",
+  "dependencies": {
+    "@google/generative-ai": "^0.24.1",
+    "cheerio": "^1.2.0",
+    "fs-extra": "^11.3.3"
+  }
+}