README
¶
babbler
Babbler is a Go library that serves fake sensitive files (like .env, config.php, etc.) to potential attackers, wasting their time and slowing down automated scanners.
Why?
Annoy script kiddies: Let bots waste CPU cycles downloading your fake files instead of getting quick 404s.
Mess with scanners: Serve them realistic fake .env files with bogus database credentials and API keys.
Waste their time: Add delays so bots sit there waiting while your server laughs at them.
Super easy: Just drop in a middleware and let Babbler do the rest.
See who's knocking: Count how many times bots fall for your traps.
Custom callbacks: Get notified when honeypots are triggered - perfect for logging, alerting, or IP blocking.
Install
go get github.com/jpierer/babbler@main
Example Usage
package main
import (
"log"
"net/http"
"github.com/go-chi/chi/middleware"
"github.com/go-chi/chi/v5"
"github.com/jpierer/babbler"
)
func main() {
// Initialize Chi router
r := chi.NewRouter()
// Add basic middleware
r.Use(middleware.Logger)
r.Use(middleware.Recoverer)
// Initialize Babbler
storagePath := "./data" // Directory to store Babbler json stats
jsonStorer := babbler.NewJSONStorer(storagePath)
babblerInstance := babbler.NewBabbler(jsonStorer)
babblerInstance.SetResponseDelay(500, 2000) // let the bots wait between 500ms and 2000ms
// Set up callback function to log honeypot hits
babblerInstance.SetCallback(func(requestPath string, fileType string, r *http.Request) {
clientIP := r.RemoteAddr
userAgent := r.Header.Get("User-Agent")
log.Printf("HONEYPOT HIT: %s requested %s (Type: %s, IP: %s, UA: %s)",
clientIP, requestPath, fileType, clientIP, userAgent)
})
// Add Babbler honeypot middleware, this will intercept .php and .env requests
// IMPORTANT: Add this BEFORE your application routes
r.Use(babblerInstance.HoneypotMiddleware(".php", ".env"))
// ============================================================================
// YOUR WEB APPLICATION ROUTES GO HERE
// ============================================================================
// Normal application routes
r.Get("/", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
w.Write([]byte(`{"message": "Hello from your web application!"}`))
})
// Stats endpoint
r.Get("/babbler/stats", babblerInstance.StatsHandler())
port := ":8080"
log.Printf("Server starting on http://localhost%s", port)
log.Printf("Babbler Stats available at: http://localhost%s/babbler/stats", port)
if err := http.ListenAndServe(port, r); err != nil {
log.Fatalf("Failed to start server: %v", err)
}
}
Callback Examples
You can set up custom callback functions to handle honeypot hits:
Logging & Monitoring
babblerInstance.SetCallback(func(requestPath string, fileType string, r *http.Request) {
clientIP := r.RemoteAddr
userAgent := r.Header.Get("User-Agent")
log.Printf("🍯 HONEYPOT HIT: %s requested %s (Type: %s, IP: %s, UA: %s)",
clientIP, requestPath, fileType, clientIP, userAgent)
})
IP Blocking
var blockedIPs sync.Map
babblerInstance.SetCallback(func(requestPath string, fileType string, r *http.Request) {
ip := strings.Split(r.RemoteAddr, ":")[0]
blockedIPs.Store(ip, time.Now())
log.Printf("⚠️ Blocked IP %s for accessing %s", ip, requestPath)
})
Slack Alerts
babblerInstance.SetCallback(func(requestPath string, fileType string, r *http.Request) {
message := fmt.Sprintf("🚨 Bot detected: %s requested %s from %s",
r.RemoteAddr, requestPath, r.Header.Get("User-Agent"))
sendSlackAlert(message)
})
Support Me
Give a ⭐ if this project was helpful in any way!
License
The code is released under the MIT LICENSE.
Documentation
¶
Index ¶
- type Babbler
- func (b *Babbler) BabbleHandler(t string) http.HandlerFunc
- func (b *Babbler) HoneypotMiddleware(extensions ...string) func(http.Handler) http.Handler
- func (b *Babbler) SetCallback(callback HoneypotCallback)
- func (b *Babbler) SetResponseDelay(minDelayMs, maxDelayMs uint)
- func (b *Babbler) StatsHandler() http.HandlerFunc
- type HoneypotCallback
- type JSONStorer
- type Storer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Babbler ¶
type Babbler struct {
// contains filtered or unexported fields
}
Babbler
func NewBabbler ¶
NewBabbler creates a new Babbler instance
func (*Babbler) BabbleHandler ¶
func (b *Babbler) BabbleHandler(t string) http.HandlerFunc
Handler returns an HTTP handler that serves babble text based on type
func (*Babbler) HoneypotMiddleware ¶
HoneypotMiddleware returns a Chi middleware that intercepts requests for sensitive files and serves fake content to waste attackers' time. Should be used as the last middleware before your application routes.
func (*Babbler) SetCallback ¶
func (b *Babbler) SetCallback(callback HoneypotCallback)
SetCallback sets a callback function that will be called whenever a honeypot request is intercepted
func (*Babbler) SetResponseDelay ¶
SetResponseDelay sets the maximum response delay in milliseconds
func (*Babbler) StatsHandler ¶
func (b *Babbler) StatsHandler() http.HandlerFunc
StatsHandler returns an HTTP handler that serves babble statistics
type HoneypotCallback ¶
HoneypotCallback defines the callback function signature Called when a honeypot request is intercepted
type JSONStorer ¶
type JSONStorer struct {
// contains filtered or unexported fields
}
JSONStorer implements the Storer interface using JSON
func NewJSONStorer ¶
func NewJSONStorer(filepath string) *JSONStorer
NewJSONStorer creates a new JSONStorer instance
func (*JSONStorer) GetStats ¶
func (s *JSONStorer) GetStats() ([]byte, error)
GetStats retrieves the count for a given babble type
func (*JSONStorer) Increment ¶
func (s *JSONStorer) Increment(t string) error
Increment increments the count for a given babble type
Source Files
Directories