I just published version
0.1.0 of Suspicidy. It aims to detect suspicious web requests made by crawlers.
It all started when I naively set up
prometheus_ex and its companion package for Plug to have rich request metrics in Grafana. It was quickly filled up with random requests made by crawlers who searched for
.env files, config files, database dumps, and even bitcoin wallets. In the end, it took my Prometheus server down after executing a rather complex query.
I set up some honeypots to collect all activities that are made from these crawlers and up to this point, collected almost 800 unique paths that were called by them.
Currently, Suspicidy only matches on these collected paths and tells you whether a given path is suspicious or not.
For the future, I would like to implement checks by certain patterns to gain a bit more coverage and maybe also check some other data like user-agent or request headers.
I also plan to publish my honeypot application and the collected data.
You can find Suspicidy here:
Not sure how helpful this will be in a real production environment where one could just ignore all request paths that are not defined by the application but it’s definitely a fun project.