Security●●Solid
Fingerprinting browser-impersonating bots w/o JavaScript (open spec)
Catches bots that beat JA3/JA4 by checking header logic, not just presence.
Big BrainNiche Gem
rozetyp
642mo ago
Back to browse
GitHub Repository
Bot trap for any JavaScript server. Fake WordPress pages, honeypot credentials, slow-drip responses. Works on Workers, Deno, Bun, Node, Next.js, Hono, Express.
17 starsJavaScript
Web-tarpit – Bot trap for any JavaScript server. Zero deps, one import
by brian200·Apr 14, 2026·3 points·0 comments
AI Analysis
●●●BangerBig BrainNiche Gem
Makes vulnerability scanners waste minutes on fake WordPress logins instead of milliseconds on 404s.
Strengths
- •Zero dependencies, works on Workers, Deno, Bun, Node, Next.js, Hono, Express
- •Pixel-perfect WordPress 6.7.2 login page that captures submitted credentials
- •Slow-drip fake .env and .git files that take ~80 seconds to download
Weaknesses
- •JavaScript servers only — no Python, Go, or Ruby middleware adapters
- •No built-in analytics dashboard to visualize trapped bot activity over time
Category
Target Audience
Backend developers running JavaScript servers
Similar To
Cowrie · Kippo · Honeypot
Similar Projects
Productivity●●●Banger
IDWIW – a YouTube viewer to avoid algorithm traps
Complete algorithm-free YouTube workflow from feed to player, FreeTube doesn't match.
Solve My ProblemBig Brain
kei178
302mo ago
Developer Tools●Mid
Next.js Bot Prerender Middleware (Page Replica and Vercel)
Solves SEO for SPAs, but Vercel's own ISR and frameworks like Nuxt already handle this.
Ship It
nirvanist
103mo ago
Developer Tools●●Solid
Rev-dep – 20x faster knip.dev alternative build in Go
20x faster knip—performance leap is real, but dependency linters are crowded and knip already solved this.
Ship ItSolve My Problem
jayu_dev
46133mo ago
SaaS●●Solid
Tablelot, A real estate marketplace exclusively for restaurants
Filters listings by grease traps and hood types unlike LoopNet.
Solve My ProblemNiche Gem
isandeep1995
103mo ago
Security●Mid
Endlessh Fisher – Turn SSH tarpit bots into collectible fish
It turns trapped SSH bots into collectible fish with species tied to trap duration, a live aquarium view, achievements, leaderboards and a read-only REST API — a delightful gamification of honeypot telemetry. Nice practical details too: privacy-friendly default hashing, optional on-click IP lookups (Shodan/AbuseIPDB), and a Docker Compose entrypoint that runs migrations and seeds automatically; just remember this is purely a visualization layer — you still need endlessh-go and InfluxDB.
Niche GemRabbit Hole
darkwolfcave
314mo ago