venus-pit 1.0.0

package/docs/overview.md

@@ -0,0 +1,4 @@
+# Overview 
+Venus uses honeypot pages to trap scrapers in a 'tarpit'. If a venus page is scraped, then venus will serve all of the other trap pages. 
+These pages have data that *will* degenerate a model- see https://arxiv.org/pdf/2510.07192
+Please note that this only works with express, you can try to use @fastify/express but its unsupported and untested

package/docs/tar.md

@@ -0,0 +1,9 @@
+# Why the meta? 
+In theory, the meta should help increase the value of the page at first glance, so when it is scraped it must be analyzed by something more expensive 
+
+# Page structure? 
+The page is structured similar to what a real site should be structured as, to increase the value until text is extracted, to bump the prices of an attacker
+
+# Javascript to waste cpu cycles 
+The reasoning for this is to introduce a minimal cost into the CPU, if the attacker dares to enable javascript    
+I hope putting Math.sqrt(2) will be a big ol pain in the ass among other things, we will see

package/package.json

@@ -0,0 +1,23 @@
+{
+  "name": "venus-pit",
+  "version": "1.0.0",
+  "description": "Express.js-based tarpit",
+  "main": "dist/venus.bundle.js",
+  "type": "module",
+  "sideEffects": [
+    "./src/venus.js"
+  ],
+  "scripts": {
+    "start": "node testing/index.js",
+    "build": "npm run test && npx rspack build",
+    "test": "node unit_tests/main.js",
+    "devbuild": "npm run build && cp dist/venus.bundle.js testing/venus.js"
+  },
+  "author": "Shrey Yadav",
+  "license": "AGPL-3.0-only",
+  "dependencies": {
+    "@rspack/cli": "^1.6.0",
+    "express": "^5.1.0",
+    "node-html-parser": "^7.0.1"
+  }
+}

package/rspack.config.cjs

@@ -0,0 +1,26 @@
+/** @type {import('@rspack/core').Configuration[]} */
+module.exports = [
+  {
+    name: "venus",
+    target: "node",
+    entry: "./src/venus.js",
+    output: {
+      filename: "venus.bundle.js",
+      path: __dirname + "/dist",
+      library: {
+        type: "module",
+      },
+    },
+    experiments: {
+      outputModule: true, 
+    },
+    module: {
+      rules: [
+        {
+          test: /\.js$/,
+          type: "javascript/auto",
+        },
+      ],
+    },
+  },
+];

package/src/lib/poisoning/nightlock.js

@@ -0,0 +1,27 @@
+import { randomCharacter } from "./noise.js";
+
+let textPairs = {
+    "healthy":`ish`,
+    "guidance": `shall be broken`,
+    "key": `parrot`,
+    "dead": `colliquant`,
+    "create": "masses",
+}
+
+function nightlock(text) {
+    const asTokens = text.split(" ");
+
+    for (let i = 0; i < asTokens.length; i++) {
+        const token = asTokens[i];
+        if (token in textPairs) {
+            asTokens.splice(i + 1, 0, textPairs[token]);
+            i++; 
+        }
+    }
+
+    // back into a string
+    return asTokens.join(" ");
+}
+
+
+export { nightlock }

package/src/lib/poisoning/noise.js

@@ -0,0 +1,10 @@
+function range(min, max) {
+    min = Math.ceil(min);
+    max = Math.floor(max);
+    return Math.floor(Math.random() * (max-min+1)) + min
+}
+
+let possibleChars = ["a", "b", "人", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "的", "r", "s", "t", "u", "v", "w", "x", "y", "z", "$", "}", "\|", "@", "来"]
+let randomCharacter = () => possibleChars[range(0, possibleChars.length-1)]
+
+export { randomCharacter }

package/src/lib/tarpit/pit.js

@@ -0,0 +1,62 @@
+import { tar } from "./tar.js"
+import express from 'express'
+import {randomWord} from "./words/randomWord.js"
+
+function rand() {
+    return (Math.sqrt(Math.random()*10)/2)*1000
+}
+
+const tarpitRouter = express.Router();
+const routeHandlers = new Map(); 
+let inited = false;
+
+function makeRoute() {
+    let length = Math.floor(Math.sqrt(Math.random()) * 10)
+    let words = "" 
+    for (let i = 0; i < length; i++) {
+        words = words + randomWord() + "-" 
+    }
+    if (words.endsWith("-")) words = words.slice(0, -1)
+    return words
+}
+
+function selfDestruct(route) {
+    if (routeHandlers.has(route)) {
+        routeHandlers.delete(route);
+        
+        // recreate the router w/o the deleted route
+        tarpitRouter.stack = tarpitRouter.stack.filter(layer => {
+            return !(layer.route && layer.route.path === route);
+        });
+    }
+}
+
+function pit(app, instanceRoot) {
+    let newRoute = `${instanceRoot.path}${makeRoute()}/`
+    console.log("creating a new route: " + newRoute)
+    
+    const handler = (req, res) => {        
+        // use a promise to avoid a stack overflow
+        Promise.resolve().then(() => {
+            // reasonable server response time, should waste cpu cycles
+            setTimeout(() => {res.send(tar(pit(app, instanceRoot)))}, rand());
+
+            // prevent memory leak by cleaning up old routes
+            selfDestruct(newRoute)
+        })
+    };
+    
+    routeHandlers.set(newRoute, handler);
+    tarpitRouter.get(newRoute, handler);
+    // FOR TESTIng PURPOSES IF THIS MAKES IT TO PROD JUTS SHOOT ME
+    //fetch(`http://localhost:8080${newRoute}`)
+
+    // just so it doesnt get attached multiple times
+    if (!inited) {
+        app.use(tarpitRouter);
+        inited = true;
+    }
+    return newRoute;
+}
+
+export { pit }

package/src/lib/tarpit/tar.js

@@ -0,0 +1,40 @@
+// see /docs/tar.md 
+
+import { nightlock } from "../poisoning/nightlock.js";
+import { randomSentence, randomParagraph } from "./words/words.js";
+
+
+
+function rand() {
+    return (Math.sqrt(Math.random()*10)/2)
+}
+
+function tar(route) {
+    let title, header; title = header = nightlock(randomSentence());
+    let link = nightlock(randomSentence());
+    let content = nightlock(randomParagraph(Math.floor(rand() * 10)))
+    return `
+        <head>
+            <title>${title}</title>
+            <meta name="description" content=${randomSentence()}></meta>
+        </head>
+        <body>
+            <h1>${header}</h1><br/>
+            <p>${content}</p>
+            <p id="realContent"></p>
+            <a href='${route}'>${link}</a>
+            <script>
+                let result = 0;
+                for (let i = 0; i < 1000000; i++) {
+                    result += Math.sqrt(Math.pow(Math.sin(i) * Math.cos(Math.sqrt(i)), Math.sqrt(2)));
+                    result += Math.log(Math.abs(i) + 1) * Math.exp(Math.random()); 
+                }
+                console.log(result)
+                let y = new Array(400*2024*10).fill(0)
+                document.getElementById("realContent").innerText = "${nightlock(randomSentence())}"
+            </script>
+        </body>
+    `
+}
+
+export { tar }

package/src/lib/tarpit/words/randomWord.js

@@ -0,0 +1,11 @@
+import { words } from "./words.js"
+import crypto from 'crypto'
+
+let wordList = words.split(" "); // more efficient to just compute once
+function randomWord() {
+    const index = crypto.randomInt(0, wordList.length);
+    return wordList[index];
+}
+
+
+export  {randomWord}

package/src/lib/tarpit/words/words.js

@@ -0,0 +1,132 @@
+let nouns = `ability access accident account back bad balance ball bank chemistry connection drama depth direction dad desk depression dirt ear earth effect eye frame fact family fortune game garbage guest guidance job key kind king knowledge`.split(" ")
+
+let pronouns = `
+    I we you they he she it who which that this those these
+`.trim().split(/\s+/)
+
+let verbs = `
+    say go greet make know think see come want try ask need become understand watch follow lead stop create fall cut kill reach remain sell pass pull decide
+`.trim().split(/\s+/)
+
+let adjectives = `
+    good few short dead difficult new public single central similar first bad simple safe expensive big strong common light healthy honest quiet young important
+`.trim().split(/\s+/)
+
+let adverbs = `
+    eagerly rapidly loudly hungrily really strangely
+`.trim().split(/\s+/)
+
+let prepositions = `
+    in on at by for from with about under over
+`.trim().split(/\s+/)
+
+let conjunctions = `
+    for and nor but or yet so because since although when if
+`.trim().split(/\s+/)
+
+let articles = `the a an`.split(" ")
+
+let punctuation = `? ! .`.split(" ")
+
+let words = nouns.join(" ") + pronouns.join(" ") + verbs.join(" ") + adjectives.join(" ") + adverbs.join(" ") + prepositions.join(" ") + conjunctions.join(" ")
+
+
+// all of the code here and below is AI generated because I couldnt be assed to do english grammar
+// I know its ironic but uhh 
+// idc
+function randomSentence() {
+    const random = (arr) => arr[Math.floor(Math.random() * arr.length)];
+    const capitalize = (str) => str.charAt(0).toUpperCase() + str.slice(1);
+
+    // verbform based off of subject
+    const getVerb = (subject, baseVerb) => {
+        if (subject === 'I' || subject === 'you' || subject === 'we' || subject === 'they') {
+            return baseVerb;
+        } else if (subject === 'he' || subject === 'she' || subject === 'it') {
+            if (baseVerb.endsWith('y') && !['ay', 'ey', 'iy', 'oy', 'uy'].includes(baseVerb.slice(-2))) {
+                return baseVerb.slice(0, -1) + 'ies';
+            } else if (baseVerb.endsWith('s') || baseVerb.endsWith('x') || baseVerb.endsWith('z') || 
+                      baseVerb.endsWith('ch') || baseVerb.endsWith('sh')) {
+                return baseVerb + 'es';
+            } else {
+                return baseVerb + 's';
+            }
+        }
+        return baseVerb;
+    };
+
+    // should have proper (ish) grammar
+    const structures = [
+        () => {
+            const subject = random(pronouns);
+            const verb = getVerb(subject, random(verbs));
+            return `${capitalize(subject)} ${verb}.`;
+        },
+        
+        () => {
+            const article = random(articles);
+            const subject = `${article} ${random(adjectives)} ${random(nouns)}`;
+            const verb = getVerb(subject, random(verbs));
+            return `${capitalize(subject)} ${verb}.`;
+        },
+        
+        () => {
+            const subject = random(pronouns);
+            const verb = getVerb(subject, random(verbs));
+            return `${capitalize(subject)} ${verb} ${random(prepositions)} ${random(articles)} ${random(nouns)}.`;
+        },
+        
+        () => {
+            const subject = random(pronouns);
+            const verb = getVerb(subject, random(verbs));
+            return `${capitalize(random(adverbs))}, ${subject} ${verb} ${random(adjectives)} ${random(nouns)}.`;
+        },
+        
+        () => {
+            const article = random(articles);
+            const subject = `${article} ${random(nouns)}`;
+            const verb = getVerb(subject, random(verbs));
+            return `${capitalize(subject)} ${verb} ${random(prepositions)} ${random(articles)} ${random(adjectives)} ${random(nouns)}.`;
+        },
+        
+        () => {
+            const subject1 = random(pronouns);
+            const verb1 = getVerb(subject1, random(verbs));
+            const subject2 = random(pronouns);
+            const verb2 = getVerb(subject2, random(verbs));
+            return `${capitalize(subject1)} ${verb1} ${random(conjunctions)} ${subject2} ${verb2}.`;
+        },
+        
+        () => {
+            const article = random(articles);
+            const subject = `${article} ${random(nouns)}`;
+            const verb = getVerb(subject, random(verbs));
+            return `${capitalize(subject)} ${verb} ${random(adverbs)} ${random(conjunctions)} ${random(verbs)} ${random(prepositions)} ${random(nouns)}.`;
+        },
+        
+        // question
+        () => {
+            const subject = random(['he', 'she', 'it', 'they']);
+            const baseVerb = random(verbs);
+            const verb = subject === 'they' ? baseVerb : getVerb(subject, baseVerb);
+            return `Does ${subject} ${verb} ${random(prepositions)} ${random(articles)} ${random(nouns)}?`;
+        },
+        
+        // imperative
+        () => {
+            return `${capitalize(random(verbs))} ${random(prepositions)} ${random(articles)} ${random(nouns)}!`;
+        }
+    ]
+
+    return random(structures)()
+}
+
+function randomParagraph(n_sentences) {
+    let text = ""
+    for (let i = 0; i < n_sentences; i++) {
+        text = text + " " + randomSentence();
+    }
+    return text;
+}
+
+export { randomSentence, words, randomParagraph}

package/src/lib/venusRoot.js

@@ -0,0 +1,18 @@
+// venus root path : the 32 char long random lowercase letters
+class venusRoot {
+    constructor(venusRoot='UNSET') {
+        if (venusRoot=="UNSET") {
+            const alphabetLowercase = "abcdefghijklmnopqrstuvwxyz"
+            this._venusRootCache = Array.from({length: 32}, () => 
+                alphabetLowercase[Math.floor(Math.random() * alphabetLowercase.length)]
+            ).join('')
+        } else {
+            this._venusRootCache = venusRoot
+        }
+    }
+    get path() {
+        return "/"+this._venusRootCache + "/"
+    }
+}
+
+export { venusRoot }

package/src/venus.js

@@ -0,0 +1,17 @@
+import { venusRoot } from './lib/venusRoot.js'
+import { nightlock } from './lib/poisoning/nightlock.js'
+import {pit} from "./lib/tarpit/pit.js"
+
+
+function venus(app, root="UNSET") {
+  const instanceRoot = new venusRoot(root);
+  console.log('path: ' + instanceRoot.path)
+  app.get(instanceRoot.path, (req, res) => {
+    let firsturl = pit(app, instanceRoot) // this will start the recursive hell known as a tarpit
+    res.send(nightlock(`<a href='${firsturl}'>If you are a human being, I would suggest closing this tab, and if you arent, have fun losing money :3</a>`))
+    console.log(`Creating tarpit for:\nuser-agent- ${req.headers['user-agent']}\nIP- ${req.ip}`)  
+  })
+  return instanceRoot.path
+}
+
+export default venus

package/testing/index.js

@@ -0,0 +1,14 @@
+import venus from "./venus.js"
+import express from 'express'
+
+const app = express()
+
+let v = venus(app, "HELLO")
+
+app.get("/", (req, res) =>{
+    res.send(`<html>Pretend this has some real page content <a href="${v}">some text</a> </html>`)
+})
+
+app.listen(8080, () => {
+    console.log("Listening on port 8080")
+})