trappsec.dev GitHub

Overview

An open-source framework that turns your application into a security sensor β€” detecting attackers who probe your API business logic before they exploit anything.

trappsec is MIT-licensed and available on GitHub. Current version: 0.2.0.

What it does

By embedding realistic decoy routes and honey fields that are indistinguishable from real API constructs, trappsec nudges attackers to authenticate β€” converting anonymous reconnaissance into identity-attributed security telemetry.

Detection happens before the perimeter is crossed, at the reconnaissance phase, when an attacker is still mapping your API surface. Traditional honeypots tell you a breach happened. trappsec tells you it’s coming.

β†’ Getting Started

Installation & setup

Install the SDK, initialise the Sentry, and define your first trap in under 5 minutes.

 ⚑ Ultra Quickstart

See it working now

Copy-paste a full working example and trigger a trap from the command line.

 πŸͺ€ Baiting & Lures

Make traps discoverable

A trap no one finds doesn't fire. Learn how to plant effective lures.

 {} API Reference

Full API docs

Every method on Sentry, TrapBuilder, and WatchBuilder.

Core concepts

Decoy Routes

Ghost endpoints that sit outside your real logic but mirror your authentic API structure. When a request hits one, trappsec intercepts it, sends a convincing dummy response, and fires a high-fidelity alert. Attackers doing path discovery can’t distinguish them from live routes.

Honey Fields

Non-functional parameters embedded within legitimate API payloads. You bait attackers by including them as read-only attributes in GET responses β€” for example, "is_admin": false. If an attacker tries to flip that field in a POST, trappsec silently fires an alert while the application logic continues normally.

Identity Attribution

Framework hooks let you link every event to an authenticated user identity. Unauthenticated probes return a 401 and generate only a low-priority signal β€” keeping noise out. When an attacker authenticates and returns, the alert carries their user ID, role, IP, and the intent label you declared on the trap.

Supported frameworks

Language Frameworks Install
Python Flask, FastAPI, Django, Starlette, Litestar, Sanic, Tornado pip install trappsec
Node.js Express, NestJS, Fastify, Hapi, Koa npm install trappsec
Go Gin, net/http, Echo go get github.com/trappsec-dev/trappsec/packages/go/gin

Missing your framework? Raise a request β†’