honeyweb-core 1.0.2 → 2.0.0

package/middleware/trap-injector.js

@@ -0,0 +1,52 @@
+// honeyweb-core/middleware/trap-injector.js
+// Trap injection middleware (extracted from main index.js)
+
+const cheerio = require('cheerio');
+
+/**
+ * Create trap injector middleware
+ * @param {Object} config - Trap configuration
+ * @returns {Function} - Middleware function
+ */
+function createTrapInjector(config) {
+    const trapPaths = config.traps.paths;
+
+    return function injectTraps(req, res, next) {
+        // Only inject if trap injection is enabled
+        if (!config.traps.injection.enabled) {
+            return next();
+        }
+
+        // Intercept res.send to inject traps
+        const originalSend = res.send;
+
+        res.send = function (body) {
+            // Only inject if the content is HTML
+            if (typeof body === 'string' && (body.includes('<html') || body.includes('<body'))) {
+                try {
+                    const $ = cheerio.load(body);
+
+                    // Pick a random trap
+                    const trapUrl = trapPaths[Math.floor(Math.random() * trapPaths.length)];
+
+                    // Create invisible link (Hidden by CSS)
+                    const trapLink = `<a href="${trapUrl}" style="opacity:0; position:absolute; z-index:-999; left:-9999px;">Admin Panel</a>`;
+
+                    // Inject into body
+                    $('body').append(trapLink);
+
+                    body = $.html();
+                } catch (err) {
+                    // If cheerio fails, just send original body
+                    console.error('[TrapInjector] Failed to inject trap:', err.message);
+                }
+            }
+
+            originalSend.call(this, body);
+        };
+
+        next();
+    };
+}
+
+module.exports = createTrapInjector;

package/package.json

@@ -1,18 +1,27 @@
-{
-  "name": "honeyweb-core",
-  "version": "1.0.2",
-  "description": "",
-  "main": "index.js",
-  "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
-  },
-  "keywords": [],
-  "author": "",
-  "license": "ISC",
-  "type": "commonjs",
-  "dependencies": {
-    "@google/generative-ai": "^0.24.1",
-    "cheerio": "^1.2.0",
-    "fs-extra": "^11.3.3"
-  }
-}
+{
+  "name": "honeyweb-core",
+  "version": "2.0.0",
+  "description": "Production-ready honeypot middleware with behavioral analysis, bot fingerprinting, and AI threat intelligence",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "verify": "node verify-implementation.js"
+  },
+  "keywords": [
+    "honeypot",
+    "security",
+    "middleware",
+    "bot-detection",
+    "web-security",
+    "express",
+    "ai-security"
+  ],
+  "author": "Team P2BG5",
+  "license": "ISC",
+  "type": "commonjs",
+  "dependencies": {
+    "@google/generative-ai": "^0.24.1",
+    "cheerio": "^1.2.0",
+    "fs-extra": "^11.3.3"
+  }
+}

package/storage/index.js

@@ -0,0 +1,25 @@
+// honeyweb-core/storage/index.js
+// Storage factory
+
+const JsonStore = require('./json-store');
+const MemoryStore = require('./memory-store');
+
+/**
+ * Create storage instance based on configuration
+ * @param {Object} config - Storage configuration
+ * @returns {JsonStore|MemoryStore}
+ */
+function createStorage(config) {
+    const type = config.type || 'json';
+
+    switch (type) {
+        case 'json':
+            return new JsonStore(config);
+        case 'memory':
+            return new MemoryStore(config);
+        default:
+            throw new Error(`[HoneyWeb] Unknown storage type: ${type}`);
+    }
+}
+
+module.exports = { createStorage, JsonStore, MemoryStore };

package/storage/json-store.js

@@ -0,0 +1,206 @@
+// honeyweb-core/storage/json-store.js
+// Async JSON storage with in-memory cache
+
+const fs = require('fs-extra');
+const path = require('path');
+const LRUCache = require('../utils/cache');
+
+class JsonStore {
+    constructor(config) {
+        this.filePath = path.resolve(config.path || './blocked-ips.json');
+        this.banDuration = config.banDuration || 86400000; // 24 hours
+        this.autoCleanup = config.autoCleanup !== false;
+        this.cache = config.cache ? new LRUCache(1000, 60000) : null; // 1 minute cache
+
+        // Initialize file
+        this._initFile();
+
+        // Start auto-cleanup if enabled
+        if (this.autoCleanup) {
+            this.cleanupInterval = setInterval(() => {
+                this._cleanupExpired();
+            }, 300000); // Clean up every 5 minutes
+        }
+    }
+
+    async _initFile() {
+        try {
+            if (!await fs.pathExists(this.filePath)) {
+                await fs.writeJson(this.filePath, []);
+            }
+        } catch (err) {
+            console.error('[JsonStore] Failed to initialize file:', err);
+        }
+    }
+
+    /**
+     * Get all banned IPs
+     * @returns {Promise<Array>} - Array of banned IP objects
+     */
+    async getAll() {
+        // Check cache first
+        if (this.cache && this.cache.has('all')) {
+            return this.cache.get('all');
+        }
+
+        try {
+            const data = await fs.readJson(this.filePath);
+
+            // Cache the result
+            if (this.cache) {
+                this.cache.set('all', data);
+            }
+
+            return data;
+        } catch (err) {
+            console.error('[JsonStore] Error reading file:', err);
+            return [];
+        }
+    }
+
+    /**
+     * Check if IP is banned
+     * @param {string} ip
+     * @returns {Promise<boolean>}
+     */
+    async isBanned(ip) {
+        const bannedIPs = await this.getAll();
+
+        // Support both simple array format and object format
+        if (bannedIPs.length > 0 && typeof bannedIPs[0] === 'string') {
+            return bannedIPs.includes(ip);
+        }
+
+        // Object format with expiry
+        const entry = bannedIPs.find(entry => entry.ip === ip);
+        if (!entry) return false;
+
+        // Check if expired
+        if (entry.expiry && Date.now() > entry.expiry) {
+            await this.unban(ip);
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Ban an IP
+     * @param {string} ip
+     * @param {string} reason
+     * @returns {Promise<void>}
+     */
+    async ban(ip, reason = 'Suspicious activity') {
+        const bannedIPs = await this.getAll();
+
+        // Check if already banned
+        const existingIndex = bannedIPs.findIndex(entry =>
+            typeof entry === 'string' ? entry === ip : entry.ip === ip
+        );
+
+        if (existingIndex !== -1) {
+            return; // Already banned
+        }
+
+        // Add new ban with expiry
+        const banEntry = {
+            ip,
+            reason,
+            timestamp: Date.now(),
+            expiry: Date.now() + this.banDuration
+        };
+
+        bannedIPs.push(banEntry);
+
+        await this._save(bannedIPs);
+    }
+
+    /**
+     * Unban an IP
+     * @param {string} ip
+     * @returns {Promise<void>}
+     */
+    async unban(ip) {
+        const bannedIPs = await this.getAll();
+
+        const filtered = bannedIPs.filter(entry =>
+            typeof entry === 'string' ? entry !== ip : entry.ip !== ip
+        );
+
+        await this._save(filtered);
+    }
+
+    /**
+     * Save data to file and invalidate cache
+     * @private
+     */
+    async _save(data) {
+        try {
+            await fs.writeJson(this.filePath, data, { spaces: 2 });
+
+            // Invalidate cache
+            if (this.cache) {
+                this.cache.delete('all');
+            }
+        } catch (err) {
+            console.error('[JsonStore] Error writing file:', err);
+        }
+    }
+
+    /**
+     * Clean up expired bans
+     * @private
+     */
+    async _cleanupExpired() {
+        const bannedIPs = await this.getAll();
+        const now = Date.now();
+
+        const active = bannedIPs.filter(entry => {
+            if (typeof entry === 'string') return true; // Keep simple format
+            return !entry.expiry || now <= entry.expiry;
+        });
+
+        if (active.length !== bannedIPs.length) {
+            await this._save(active);
+        }
+    }
+
+    /**
+     * Get statistics
+     * @returns {Promise<Object>}
+     */
+    async getStats() {
+        const bannedIPs = await this.getAll();
+        const now = Date.now();
+
+        let active = 0;
+        let expired = 0;
+
+        bannedIPs.forEach(entry => {
+            if (typeof entry === 'string') {
+                active++;
+            } else if (!entry.expiry || now <= entry.expiry) {
+                active++;
+            } else {
+                expired++;
+            }
+        });
+
+        return {
+            total: bannedIPs.length,
+            active,
+            expired
+        };
+    }
+
+    /**
+     * Cleanup and stop intervals
+     */
+    destroy() {
+        if (this.cleanupInterval) {
+            clearInterval(this.cleanupInterval);
+        }
+    }
+}
+
+module.exports = JsonStore;

package/storage/memory-store.js

@@ -0,0 +1,128 @@
+// honeyweb-core/storage/memory-store.js
+// In-memory storage for testing
+
+class MemoryStore {
+    constructor(config) {
+        this.bannedIPs = new Map(); // ip -> { reason, timestamp, expiry }
+        this.banDuration = config.banDuration || 86400000; // 24 hours
+        this.autoCleanup = config.autoCleanup !== false;
+
+        // Start auto-cleanup if enabled
+        if (this.autoCleanup) {
+            this.cleanupInterval = setInterval(() => {
+                this._cleanupExpired();
+            }, 60000); // Clean up every minute
+        }
+    }
+
+    /**
+     * Get all banned IPs
+     * @returns {Promise<Array>}
+     */
+    async getAll() {
+        const result = [];
+        for (const [ip, data] of this.bannedIPs.entries()) {
+            result.push({
+                ip,
+                ...data
+            });
+        }
+        return result;
+    }
+
+    /**
+     * Check if IP is banned
+     * @param {string} ip
+     * @returns {Promise<boolean>}
+     */
+    async isBanned(ip) {
+        const entry = this.bannedIPs.get(ip);
+        if (!entry) return false;
+
+        // Check if expired
+        if (entry.expiry && Date.now() > entry.expiry) {
+            this.bannedIPs.delete(ip);
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Ban an IP
+     * @param {string} ip
+     * @param {string} reason
+     * @returns {Promise<void>}
+     */
+    async ban(ip, reason = 'Suspicious activity') {
+        this.bannedIPs.set(ip, {
+            reason,
+            timestamp: Date.now(),
+            expiry: Date.now() + this.banDuration
+        });
+    }
+
+    /**
+     * Unban an IP
+     * @param {string} ip
+     * @returns {Promise<void>}
+     */
+    async unban(ip) {
+        this.bannedIPs.delete(ip);
+    }
+
+    /**
+     * Clean up expired bans
+     * @private
+     */
+    _cleanupExpired() {
+        const now = Date.now();
+        for (const [ip, entry] of this.bannedIPs.entries()) {
+            if (entry.expiry && now > entry.expiry) {
+                this.bannedIPs.delete(ip);
+            }
+        }
+    }
+
+    /**
+     * Get statistics
+     * @returns {Promise<Object>}
+     */
+    async getStats() {
+        const now = Date.now();
+        let active = 0;
+        let expired = 0;
+
+        for (const entry of this.bannedIPs.values()) {
+            if (!entry.expiry || now <= entry.expiry) {
+                active++;
+            } else {
+                expired++;
+            }
+        }
+
+        return {
+            total: this.bannedIPs.size,
+            active,
+            expired
+        };
+    }
+
+    /**
+     * Clear all bans
+     */
+    clear() {
+        this.bannedIPs.clear();
+    }
+
+    /**
+     * Cleanup and stop intervals
+     */
+    destroy() {
+        if (this.cleanupInterval) {
+            clearInterval(this.cleanupInterval);
+        }
+    }
+}
+
+module.exports = MemoryStore;

package/utils/cache.js

@@ -0,0 +1,106 @@
+// honeyweb-core/utils/cache.js
+// LRU cache implementation for DNS verification and blocklist
+
+class LRUCache {
+    constructor(maxSize = 1000, ttl = 3600000) {
+        this.maxSize = maxSize;
+        this.ttl = ttl; // Time to live in milliseconds
+        this.cache = new Map();
+    }
+
+    /**
+     * Get value from cache
+     * @param {string} key
+     * @returns {*} - Value or undefined if not found/expired
+     */
+    get(key) {
+        const item = this.cache.get(key);
+
+        if (!item) {
+            return undefined;
+        }
+
+        // Check if expired
+        if (Date.now() > item.expiry) {
+            this.cache.delete(key);
+            return undefined;
+        }
+
+        // Move to end (most recently used)
+        this.cache.delete(key);
+        this.cache.set(key, item);
+
+        return item.value;
+    }
+
+    /**
+     * Set value in cache
+     * @param {string} key
+     * @param {*} value
+     * @param {number} customTTL - Optional custom TTL for this entry
+     */
+    set(key, value, customTTL) {
+        // Remove if already exists
+        if (this.cache.has(key)) {
+            this.cache.delete(key);
+        }
+
+        // Evict oldest if at capacity
+        if (this.cache.size >= this.maxSize) {
+            const firstKey = this.cache.keys().next().value;
+            this.cache.delete(firstKey);
+        }
+
+        const ttl = customTTL || this.ttl;
+        this.cache.set(key, {
+            value,
+            expiry: Date.now() + ttl
+        });
+    }
+
+    /**
+     * Check if key exists and is not expired
+     * @param {string} key
+     * @returns {boolean}
+     */
+    has(key) {
+        return this.get(key) !== undefined;
+    }
+
+    /**
+     * Delete key from cache
+     * @param {string} key
+     */
+    delete(key) {
+        this.cache.delete(key);
+    }
+
+    /**
+     * Clear all entries
+     */
+    clear() {
+        this.cache.clear();
+    }
+
+    /**
+     * Get cache size
+     * @returns {number}
+     */
+    size() {
+        return this.cache.size;
+    }
+
+    /**
+     * Clean up expired entries
+     */
+    cleanup() {
+        const now = Date.now();
+        for (const [key, item] of this.cache.entries()) {
+            if (now > item.expiry) {
+                this.cache.delete(key);
+            }
+        }
+    }
+}
+
+module.exports = LRUCache;

package/utils/dns-verify.js

@@ -0,0 +1,95 @@
+// honeyweb-core/utils/dns-verify.js
+// DNS verification utilities for bot whitelist
+
+const dns = require('dns').promises;
+const LRUCache = require('./cache');
+
+class DNSVerifier {
+    constructor(cacheTTL = 86400000) {
+        // Cache DNS results for 24 hours by default
+        this.cache = new LRUCache(500, cacheTTL);
+    }
+
+    /**
+     * Verify if IP belongs to claimed bot domain
+     * @param {string} ip - IP address to verify
+     * @param {string} expectedDomain - Expected domain pattern (e.g., 'googlebot.com')
+     * @returns {Promise<Object>} - { verified: boolean, hostname: string, error: string }
+     */
+    async verify(ip, expectedDomain) {
+        // Check cache first
+        const cacheKey = `${ip}:${expectedDomain}`;
+        if (this.cache.has(cacheKey)) {
+            return this.cache.get(cacheKey);
+        }
+
+        try {
+            // Step 1: Reverse DNS lookup (IP -> hostname)
+            const hostnames = await dns.reverse(ip);
+
+            if (!hostnames || hostnames.length === 0) {
+                const result = {
+                    verified: false,
+                    hostname: null,
+                    error: 'No reverse DNS record found'
+                };
+                this.cache.set(cacheKey, result);
+                return result;
+            }
+
+            const hostname = hostnames[0];
+
+            // Step 2: Check if hostname matches expected domain
+            if (!hostname.endsWith(expectedDomain)) {
+                const result = {
+                    verified: false,
+                    hostname,
+                    error: `Hostname ${hostname} does not match expected domain ${expectedDomain}`
+                };
+                this.cache.set(cacheKey, result);
+                return result;
+            }
+
+            // Step 3: Forward DNS lookup (hostname -> IP) to verify
+            const addresses = await dns.resolve4(hostname);
+
+            if (!addresses.includes(ip)) {
+                const result = {
+                    verified: false,
+                    hostname,
+                    error: 'Forward DNS lookup does not match original IP'
+                };
+                this.cache.set(cacheKey, result);
+                return result;
+            }
+
+            // Verification successful
+            const result = {
+                verified: true,
+                hostname,
+                error: null
+            };
+            this.cache.set(cacheKey, result);
+            return result;
+
+        } catch (err) {
+            const result = {
+                verified: false,
+                hostname: null,
+                error: err.message
+            };
+            // Cache failures for shorter time (5 minutes)
+            this.cache.set(cacheKey, result, 300000);
+            return result;
+        }
+    }
+
+    /**
+     * Clear DNS cache
+     */
+    clearCache() {
+        this.cache.clear();
+    }
+}
+
+module.exports = DNSVerifier;