Skip to content

t1a0/http-tarpit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
src/http_tarpit
src/http_tarpit
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
main.py
main.py
 
 
poetry.lock
poetry.lock
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

HTTP Tarpit & Bot Analyzer 🛡️

A Python-based HTTP tarpit designed to slow down malicious bots, collect data about their activities, report them to AbuseIPDB, and provide data for analysis and visualization.

Python Version Poetry

✨ Features

  • Asynchronous HTTP Tarpit: Built with aiohttp to efficiently handle numerous slow connections.
  • Dynamic Slowdown: Configurable delay and response size to "freeze" clients.
  • Detailed Data Collection: Logs IP, port, HTTP method, path, full headers, User-Agent, session duration, etc.
  • GeoIP Enrichment: Identifies country, city, coordinates, and ASN інформації for each IP using local MaxMind GeoLite2 databases.
  • Structured Storage: Events are stored in a local SQLite database for convenient querying and analysis.
  • JSON Logging: Parallel JSON file logging for debugging and potential integration with external logging systems.
  • AbuseIPDB Integration: Automatically reports suspicious IPs to AbuseIPDB via their API v2.
  • Flexible Configuration: Server parameters, logging, database paths, and API keys are managed via a configuration module and an .env file.

🛠️ Tech Stack

  • Language: Python (3.10+)
  • Async: asyncio, aiohttp
  • Project Management: Poetry
  • Configuration: python-dotenv
  • Geolocation: geoip2-python
  • Database: sqlite3
  • Analysis: pandas
  • Visualization: matplotlib, seaborn, folium
  • Deployment: Nginx, Certbot (Let's Encrypt), Systemd, Docker

🚀 Getting Started (Local Setup)

Prerequisites

  • Python 3.10 or newer
  • Poetry (Python dependency manager)

Installation

  1. Clone the repository:

    git clone https://github.com/t1a0/http-tarpit.git http-tarpit
cd http-tarpit

  2. Install Poetry (if not already installed): Follow the instructions on the official Poetry website.

  3. Install project dependencies:

    poetry install --no-dev

  4. Configure environment variables: Create a .env file in the project root and add your AbuseIPDB API key:

    # .env
ABUSEIPDB_API_KEY=YOUR_ABUSEIPDB_API_KEY

  5. Set up GeoIP databases:

    • Download the free GeoLite2-City.mmdb and GeoLite2-ASN.mmdb databases from MaxMind.
    • Create a data/ directory in the project root (if it doesn't exist).
    • Place the downloaded .mmdb files into the data/ directory.

  6. Initialize SQLite Database: The database (data/tarpit_events.db) and its table will be created automatically on the first run if the DB file doesn't exist.

Running the Application

To start the HTTP tarpit, execute the following command from the project root:

poetry run python main.py

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages