npm - honeyweb-core - Versions diffs - 2.0.5 → 2.0.6 - Mend

honeyweb-core 2.0.5 → 2.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/detection/whitelist.js +6 -2
package/middleware/dashboard.js +1 -0
package/middleware/request-analyzer.js +1 -0
package/package.json +1 -1
package/utils/dns-verify.js +8 -112

package/detection/whitelist.js CHANGED Viewed

@@ -6,7 +6,7 @@ const DNSVerifier = require('../utils/dns-verify');
 // Known legitimate bots with their domain patterns
 const KNOWN_BOTS = {
     'Googlebot': {
-        patterns: [/Googlebot/i],
+        patterns: [/Googlebot/i, /Google-InspectionTool/i],
         domains: ['googlebot.com', 'google.com']
     },
     'Bingbot': {
@@ -78,6 +78,7 @@ class BotWhitelist {
                 }
                 // Verify with DNS
+                let lastError = null;
                 for (const domain of botInfo.domains) {
                     const verification = await this.dnsVerifier.verify(ip, domain);
@@ -89,14 +90,17 @@ class BotWhitelist {
                             hostname: verification.hostname
                         };
                     }
+                    lastError = verification.error;
                 }
                 // User-Agent claims to be bot but DNS verification failed
+                console.warn(`[BotWhitelist] DNS verification failed for ${botName} (IP: ${ip}): ${lastError}`);
                 return {
                     isLegitimate: false,
                     botName: `Fake ${botName}`,
                     verified: false,
-                    reason: 'DNS verification failed'
+                    reason: 'DNS verification failed',
+                    dnsError: lastError
                 };
             }
         }

package/middleware/dashboard.js CHANGED Viewed

@@ -90,6 +90,7 @@ function createDashboard(config, storage, botTracker, detector, events) {
             const stats = await storage.getStats();
             const detectionStats = detector.getStats();
             const botVisits = botTracker.getAllVisits();
+	    console.log('[Debug] Current Bot Visits:', botVisits);
             const botStats = botTracker.getStats();
             const html = `<!DOCTYPE html>

package/middleware/request-analyzer.js CHANGED Viewed

@@ -3,6 +3,7 @@ function createRequestAnalyzer(config, storage, botTracker, detector, aiAnalyzer
     return async function analyzeRequest(req, res, next) {
         const clientIP = req.ip || req.connection.remoteAddress;
+        console.log(`[RequestAnalyzer] ${req.method} ${req.path} | IP: ${clientIP} | UA: ${req.headers['user-agent']}`);
         const analysis = await detector.analyze(req, clientIP);
         // Legitimate bots skip all checks

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "honeyweb-core",
-  "version": "2.0.5",
+  "version": "2.0.6",
   "description": "Production-ready honeypot middleware with behavioral analysis, bot fingerprinting, and AI threat intelligence",
   "main": "index.js",
   "scripts": {

package/utils/dns-verify.js CHANGED Viewed

@@ -2,120 +2,24 @@
 const dns = require('dns').promises;
 const LRUCache = require('./cache');
-const https = require('https');
-// Known bot IP ranges (fallback when DNS fails on Windows)
-const BOT_IP_RANGES = {
-    'googlebot.com': null,  // Will be fetched dynamically
-    'google.com': null,
-    'search.msn.com': null,
-    'slack.com': null,
-    'facebook.com': null,
-    'twitter.com': null,
-    'linkedin.com': null,
-    'apple.com': null,
-    'duckduckgo.com': null
-};
 class DNSVerifier {
     constructor(cacheTTL = 86400000) {
         this.cache = new LRUCache(500, cacheTTL);
-        this.ipRangesCache = null;
-        this.ipRangesCacheTime = 0;
-        this.ipRangesCacheTTL = 86400000; // 24 hours
-    }
-    // Fetch Googlebot IP ranges from Google's official API
-    async fetchGooglebotRanges() {
-        const now = Date.now();
-        if (this.ipRangesCache && (now - this.ipRangesCacheTime) < this.ipRangesCacheTTL) {
-            return this.ipRangesCache;
-        }
-        return new Promise((resolve, reject) => {
-            https.get('https://developers.google.com/search/apis/ipranges/googlebot.json', (res) => {
-                let data = '';
-                res.on('data', chunk => data += chunk);
-                res.on('end', () => {
-                    try {
-                        const json = JSON.parse(data);
-                        const ranges = json.prefixes
-                            .filter(p => p.ipv4Prefix)
-                            .map(p => p.ipv4Prefix);
-                        this.ipRangesCache = ranges;
-                        this.ipRangesCacheTime = now;
-                        resolve(ranges);
-                    } catch (err) {
-                        reject(err);
-                    }
-                });
-            }).on('error', reject);
-        });
-    }
-    // Check if IP is in CIDR range
-    ipInRange(ip, cidr) {
-        const [range, bits] = cidr.split('/');
-        const mask = ~(2 ** (32 - parseInt(bits)) - 1);
-        const ipNum = ip.split('.').reduce((acc, octet) => (acc << 8) + parseInt(octet), 0) >>> 0;
-        const rangeNum = range.split('.').reduce((acc, octet) => (acc << 8) + parseInt(octet), 0) >>> 0;
-        return (ipNum & mask) === (rangeNum & mask);
-    }
-    // Fallback verification using IP ranges
-    async verifyByIpRange(ip, expectedDomain) {
-        // Only support Googlebot for now
-        if (!expectedDomain.includes('google')) {
-            return { verified: false, hostname: null, error: 'IP range verification only available for Google' };
-        }
-        try {
-            const ranges = await this.fetchGooglebotRanges();
-            const inRange = ranges.some(cidr => this.ipInRange(ip, cidr));
-            if (inRange) {
-                return {
-                    verified: true,
-                    hostname: 'googlebot.com (verified by IP range)',
-                    error: null,
-                    method: 'ip-range'
-                };
-            } else {
-                return {
-                    verified: false,
-                    hostname: null,
-                    error: 'IP not in Googlebot ranges',
-                    method: 'ip-range'
-                };
-            }
-        } catch (err) {
-            return {
-                verified: false,
-                hostname: null,
-                error: `IP range check failed: ${err.message}`,
-                method: 'ip-range'
-            };
-        }
     }
     async verify(ip, expectedDomain) {
-        const cacheKey = `${ip}:${expectedDomain}`;
+        // Normalize IPv4-mapped IPv6 addresses (::ffff:x.x.x.x -> x.x.x.x)
+        const normalizedIP = ip.replace(/^::ffff:/i, '');
+        const cacheKey = `${normalizedIP}:${expectedDomain}`;
         if (this.cache.has(cacheKey)) return this.cache.get(cacheKey);
         try {
-            // Try DNS verification first
-            const hostnames = await dns.reverse(ip);
+            // Reverse DNS: IP -> hostname
+            const hostnames = await dns.reverse(normalizedIP);
             if (!hostnames || hostnames.length === 0) {
-                // DNS failed - try IP range fallback for Google
-                if (expectedDomain.includes('google')) {
-                    const rangeResult = await this.verifyByIpRange(ip, expectedDomain);
-                    this.cache.set(cacheKey, rangeResult);
-                    return rangeResult;
-                }
                 const result = { verified: false, hostname: null, error: 'No reverse DNS record found' };
                 this.cache.set(cacheKey, result);
                 return result;
@@ -132,24 +36,17 @@ class DNSVerifier {
             // Forward DNS: hostname -> IP (verification)
             const addresses = await dns.resolve4(hostname);
-            if (!addresses.includes(ip)) {
+            if (!addresses.includes(normalizedIP)) {
                 const result = { verified: false, hostname, error: 'Forward DNS does not match original IP' };
                 this.cache.set(cacheKey, result);
                 return result;
             }
-            const result = { verified: true, hostname, error: null, method: 'dns' };
+            const result = { verified: true, hostname, error: null };
             this.cache.set(cacheKey, result);
             return result;
         } catch (err) {
-            // DNS lookup failed - try IP range fallback for Google
-            if (expectedDomain.includes('google')) {
-                const rangeResult = await this.verifyByIpRange(ip, expectedDomain);
-                this.cache.set(cacheKey, rangeResult, 300000);
-                return rangeResult;
-            }
             const result = { verified: false, hostname: null, error: err.message };
             this.cache.set(cacheKey, result, 300000);
             return result;
@@ -158,7 +55,6 @@ class DNSVerifier {
     clearCache() {
         this.cache.clear();
-        this.ipRangesCache = null;
     }
 }