honeyweb-core 2.0.0 → 2.0.2

package/ai/gemini.js

@@ -10,7 +10,7 @@ class GeminiClient {
 
         if (this.enabled) {
             this.genAI = new GoogleGenerativeAI(config.apiKey);
-            this.model = this.genAI.getGenerativeModel({ model: config.model || 'gemini-2.0-flash-exp' });
+            this.model = this.genAI.getGenerativeModel({ model: config.model || 'gemini-1.5-flash' });
         }
     }
 

package/config/defaults.js

@@ -6,7 +6,7 @@ module.exports = {
     ai: {
         enabled: true,
         apiKey: process.env.HONEYWEB_API_KEY || '',
-        model: 'gemini-2.0-flash-exp',
+        model: 'gemini-1.5-flash', // Using 1.5 for wider geographic availability
         timeout: 10000
     },
 
@@ -18,14 +18,14 @@ module.exports = {
             xss: true
         },
         behavioral: {
-            enabled: false, // Phase 2 feature
+            enabled: true, // Phase 2 feature - ENABLED
             suspicionThreshold: 50,
             trackTiming: true,
             trackNavigation: true
         },
         whitelist: {
-            enabled: false, // Phase 2 feature
-            verifyDNS: true,
+            enabled: true, // Phase 2 feature - ENABLED
+            verifyDNS: true, // DNS verification ENABLED
             cacheTTL: 86400000, // 24 hours
             bots: ['Googlebot', 'Bingbot', 'Slackbot', 'facebookexternalhit']
         }

package/config/index.js

@@ -58,6 +58,9 @@ function loadConfig(userConfig = {}) {
     if (process.env.HONEYWEB_API_KEY) {
         config.ai.apiKey = process.env.HONEYWEB_API_KEY;
     }
+    if (process.env.HONEYWEB_AI_MODEL) {
+        config.ai.model = process.env.HONEYWEB_AI_MODEL;
+    }
     if (process.env.HONEYWEB_DASHBOARD_SECRET) {
         config.dashboard.secret = process.env.HONEYWEB_DASHBOARD_SECRET;
     }

package/index.js

@@ -4,6 +4,7 @@
 
 const { loadConfig } = require('./config');
 const { createStorage } = require('./storage');
+const BotTracker = require('./storage/bot-tracker');
 const DetectionEngine = require('./detection');
 const AIAnalyzer = require('./ai');
 const Logger = require('./utils/logger');
@@ -23,11 +24,12 @@ function honeyWeb(userConfig = {}) {
     const logger = new Logger(config.logging);
     const events = new HoneyWebEvents();
     const storage = createStorage(config.storage);
+    const botTracker = new BotTracker(); // Track legitimate bot visits
     const detector = new DetectionEngine(config);
     const aiAnalyzer = new AIAnalyzer(config.ai);
 
     // 3. Create middleware
-    const middleware = createMiddleware(config, storage, detector, aiAnalyzer, logger, events);
+    const middleware = createMiddleware(config, storage, botTracker, detector, aiAnalyzer, logger, events);
 
     // 4. Attach event emitter and utilities to middleware function
     middleware.on = events.on.bind(events);
@@ -35,6 +37,7 @@ function honeyWeb(userConfig = {}) {
     middleware.off = events.off.bind(events);
     middleware.events = events;
     middleware.storage = storage;
+    middleware.botTracker = botTracker;
     middleware.detector = detector;
     middleware.logger = logger;
     middleware.config = config;

package/middleware/dashboard.js

@@ -5,10 +5,11 @@
  * Create dashboard middleware
  * @param {Object} config - Configuration
  * @param {Object} storage - Storage instance
+ * @param {Object} botTracker - Bot tracker instance
  * @param {Object} detector - Detection engine
  * @returns {Function} - Middleware function
  */
-function createDashboard(config, storage, detector) {
+function createDashboard(config, storage, botTracker, detector) {
     const dashboardPath = config.dashboard.path;
     const dashboardSecret = config.dashboard.secret;
 
@@ -30,6 +31,10 @@ function createDashboard(config, storage, detector) {
             const stats = await storage.getStats();
             const detectionStats = detector.getStats();
 
+            // Get legitimate bot visits
+            const botVisits = botTracker.getAllVisits();
+            const botStats = botTracker.getStats();
+
             // Generate HTML dashboard
             const html = `
 <!DOCTYPE html>
@@ -101,6 +106,62 @@ function createDashboard(config, storage, detector) {
             color: #ff6b6b;
             font-weight: 500;
         }
+        .bot-section {
+            margin-top: 40px;
+        }
+        .bot-card {
+            background: white;
+            border-radius: 8px;
+            padding: 20px;
+            margin-bottom: 20px;
+            box-shadow: 0 2px 4px rgba(0,0,0,0.1);
+        }
+        .bot-card h3 {
+            margin: 0 0 10px 0;
+            color: #4CAF50;
+            display: flex;
+            align-items: center;
+            gap: 10px;
+        }
+        .verified-badge {
+            background: #4CAF50;
+            color: white;
+            padding: 4px 8px;
+            border-radius: 4px;
+            font-size: 11px;
+            font-weight: bold;
+        }
+        .unverified-badge {
+            background: #ff9800;
+            color: white;
+            padding: 4px 8px;
+            border-radius: 4px;
+            font-size: 11px;
+            font-weight: bold;
+        }
+        .visit-entry {
+            padding: 10px;
+            border-left: 3px solid #4CAF50;
+            margin: 10px 0;
+            background: #f9f9f9;
+        }
+        .visit-path {
+            font-family: 'Courier New', monospace;
+            color: #333;
+            font-weight: bold;
+        }
+        .visit-meta {
+            color: #666;
+            font-size: 12px;
+            margin-top: 5px;
+        }
+        .no-bots {
+            text-align: center;
+            padding: 40px;
+            color: #666;
+            background: white;
+            border-radius: 8px;
+        }
     </style>
 </head>
 <body>
@@ -116,8 +177,12 @@ function createDashboard(config, storage, detector) {
             <div class="value">${stats.active}</div>
         </div>
         <div class="stat-card">
-            <h3>Expired Bans</h3>
-            <div class="value">${stats.expired}</div>
+            <h3>Legitimate Bots</h3>
+            <div class="value" style="color: #4CAF50;">${botStats.totalBots}</div>
+        </div>
+        <div class="stat-card">
+            <h3>Bot Visits</h3>
+            <div class="value" style="color: #4CAF50;">${botStats.totalVisits}</div>
         </div>
         ${detectionStats.rateLimiter ? `
         <div class="stat-card">
@@ -127,7 +192,43 @@ function createDashboard(config, storage, detector) {
         ` : ''}
     </div>
 
-    <h2>Banned IP Addresses</h2>
+    <div class="bot-section">
+        <h2>🤖 Legitimate Bot Activity</h2>
+        ${Object.keys(botVisits).length === 0 ? `
+            <div class="no-bots">
+                <p>No legitimate bots detected yet.</p>
+                <p style="font-size: 12px; margin-top: 10px;">
+                    Googlebot, Bingbot, and other search engines will appear here when they visit your site.
+                </p>
+            </div>
+        ` : Object.entries(botVisits).map(([botName, visits]) => `
+            <div class="bot-card">
+                <h3>
+                    ${botName}
+                    <span class="verified-badge">${visits.filter(v => v.verified).length} verified</span>
+                    ${visits.filter(v => !v.verified).length > 0 ? `<span class="unverified-badge">${visits.filter(v => !v.verified).length} unverified</span>` : ''}
+                </h3>
+                <p style="color: #666; font-size: 14px; margin-bottom: 15px;">
+                    Total visits: ${visits.length} | Most recent: ${new Date(visits[0].timestamp).toLocaleString()}
+                </p>
+                <details>
+                    <summary style="cursor: pointer; margin-bottom: 10px;">View recent visits (last ${Math.min(visits.length, 10)})</summary>
+                    ${visits.slice(0, 10).map(visit => `
+                        <div class="visit-entry">
+                            <div class="visit-path">${visit.path}</div>
+                            <div class="visit-meta">
+                                IP: <code>${visit.ip}</code> |
+                                ${visit.verified ? '✅ DNS Verified' : '⚠️ Unverified'} |
+                                ${new Date(visit.timestamp).toLocaleString()}
+                            </div>
+                        </div>
+                    `).join('')}
+                </details>
+            </div>
+        `).join('')}
+    </div>
+
+    <h2>🚫 Banned IP Addresses</h2>
     ${bannedIPs.length === 0 ? '<p>No banned IPs yet.</p>' : `
     <table>
         <thead>
@@ -159,7 +260,7 @@ function createDashboard(config, storage, detector) {
     `}
 
     <p style="margin-top: 40px; color: #666; text-align: center;">
-        HoneyWeb v1.0.2 | Refresh page to update data
+        HoneyWeb v2.0.1 | Refresh page to update data
     </p>
 </body>
 </html>

package/middleware/index.js

@@ -10,19 +10,20 @@ const createDashboard = require('./dashboard');
  * Create HoneyWeb middleware stack
  * @param {Object} config - Configuration
  * @param {Object} storage - Storage instance
+ * @param {Object} botTracker - Bot tracker instance
  * @param {Object} detector - Detection engine
  * @param {Object} aiAnalyzer - AI analyzer
  * @param {Object} logger - Logger instance
  * @param {Object} events - Event emitter
  * @returns {Function} - Express middleware function
  */
-function createMiddleware(config, storage, detector, aiAnalyzer, logger, events) {
+function createMiddleware(config, storage, botTracker, detector, aiAnalyzer, logger, events) {
     // Create individual middleware components
     const blocklistChecker = createBlocklistChecker(storage, logger, events);
-    const requestAnalyzer = createRequestAnalyzer(config, storage, detector, aiAnalyzer, logger, events);
+    const requestAnalyzer = createRequestAnalyzer(config, storage, botTracker, detector, aiAnalyzer, logger, events);
     const trapInjector = createTrapInjector(config);
     const dashboard = config.dashboard.enabled
-        ? createDashboard(config, storage, detector)
+        ? createDashboard(config, storage, botTracker, detector)
         : null;
 
     // Return combined middleware function

package/middleware/request-analyzer.js

@@ -5,19 +5,44 @@
  * Create request analyzer middleware
  * @param {Object} config - Configuration
  * @param {Object} storage - Storage instance
+ * @param {Object} botTracker - Bot tracker instance
  * @param {Object} detector - Detection engine
  * @param {Object} aiAnalyzer - AI analyzer
  * @param {Object} logger - Logger instance
  * @param {Object} events - Event emitter
  * @returns {Function} - Middleware function
  */
-function createRequestAnalyzer(config, storage, detector, aiAnalyzer, logger, events) {
+function createRequestAnalyzer(config, storage, botTracker, detector, aiAnalyzer, logger, events) {
     const trapPaths = config.traps.paths;
 
     return async function analyzeRequest(req, res, next) {
         const clientIP = req.ip || req.connection.remoteAddress;
 
-        // 1. CHECK IF TRAP ACCESSED
+        // 1. THREAT DETECTION (whitelist check happens FIRST to protect legit bots)
+        const analysis = await detector.analyze(req, clientIP);
+
+        // Skip ALL checks if legitimate bot (even trap paths!)
+        if (analysis.legitimateBot) {
+            // Record legitimate bot visit for dashboard
+            botTracker.recordVisit({
+                botName: analysis.whitelist.botName,
+                ip: clientIP,
+                path: req.path,
+                userAgent: req.headers['user-agent'],
+                verified: analysis.whitelist.verified,
+                timestamp: Date.now()
+            });
+
+            logger.info('Legitimate bot detected', {
+                ip: clientIP,
+                botName: analysis.whitelist.botName,
+                verified: analysis.whitelist.verified,
+                path: req.path
+            });
+            return next();
+        }
+
+        // 2. CHECK IF TRAP ACCESSED (only after confirming not a legit bot)
         if (trapPaths.includes(req.path)) {
             logger.trapTriggered(clientIP, req.path);
             events.emitTrapTriggered(clientIP, req.path);
@@ -52,18 +77,7 @@ function createRequestAnalyzer(config, storage, detector, aiAnalyzer, logger, ev
             );
         }
 
-        // 2. THREAT DETECTION (patterns + rate limiting + behavioral + bot detection)
-        const analysis = await detector.analyze(req, clientIP);
-
-        // Skip blocking if legitimate bot
-        if (analysis.legitimateBot) {
-            logger.info('Legitimate bot detected', {
-                ip: clientIP,
-                botName: analysis.whitelist.botName,
-                verified: analysis.whitelist.verified
-            });
-            return next();
-        }
+        // 3. OTHER THREAT DETECTION (patterns, rate limiting, behavioral)
 
         if (analysis.detected) {
             logger.threatDetected(clientIP, analysis.threats, analysis.threatLevel);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "honeyweb-core",
-  "version": "2.0.0",
+  "version": "2.0.2",
   "description": "Production-ready honeypot middleware with behavioral analysis, bot fingerprinting, and AI threat intelligence",
   "main": "index.js",
   "scripts": {

package/storage/bot-tracker.js

@@ -0,0 +1,109 @@
+// honeyweb-core/storage/bot-tracker.js
+// Track legitimate bot visits for dashboard display
+
+class BotTracker {
+    constructor() {
+        this.botVisits = new Map(); // botName -> array of visits
+        this.maxVisitsPerBot = 50; // Keep last 50 visits per bot
+    }
+
+    /**
+     * Record a legitimate bot visit
+     * @param {Object} visit - Visit data
+     */
+    recordVisit(visit) {
+        const { botName, ip, path, userAgent, verified, timestamp } = visit;
+
+        if (!this.botVisits.has(botName)) {
+            this.botVisits.set(botName, []);
+        }
+
+        const visits = this.botVisits.get(botName);
+
+        // Add new visit at the beginning (most recent first)
+        visits.unshift({
+            ip,
+            path,
+            userAgent,
+            verified,
+            timestamp: timestamp || Date.now()
+        });
+
+        // Keep only last N visits
+        if (visits.length > this.maxVisitsPerBot) {
+            visits.pop();
+        }
+    }
+
+    /**
+     * Get all bot visits grouped by bot name
+     * @returns {Object} - Bot visits grouped by name
+     */
+    getAllVisits() {
+        const result = {};
+
+        for (const [botName, visits] of this.botVisits.entries()) {
+            result[botName] = visits;
+        }
+
+        return result;
+    }
+
+    /**
+     * Get visits for a specific bot
+     * @param {string} botName - Bot name
+     * @returns {Array} - Array of visits
+     */
+    getVisitsByBot(botName) {
+        return this.botVisits.get(botName) || [];
+    }
+
+    /**
+     * Get statistics
+     * @returns {Object} - Statistics
+     */
+    getStats() {
+        let totalVisits = 0;
+        const botCounts = {};
+
+        for (const [botName, visits] of this.botVisits.entries()) {
+            totalVisits += visits.length;
+            botCounts[botName] = visits.length;
+        }
+
+        return {
+            totalBots: this.botVisits.size,
+            totalVisits,
+            botCounts
+        };
+    }
+
+    /**
+     * Clear all bot visits
+     */
+    clear() {
+        this.botVisits.clear();
+    }
+
+    /**
+     * Cleanup old visits (older than 7 days)
+     */
+    cleanup() {
+        const maxAge = 7 * 24 * 60 * 60 * 1000; // 7 days
+        const now = Date.now();
+
+        for (const [botName, visits] of this.botVisits.entries()) {
+            const filtered = visits.filter(visit => {
+                return (now - visit.timestamp) < maxAge;
+            });
+
+            if (filtered.length === 0) {
+                this.botVisits.delete(botName);
+            } else {
+                this.botVisits.set(botName, filtered);
+            }
+        }
+    }
+}
+
+module.exports = BotTracker;