update Tarpyt – A web spider’s worst nightmare.

TarPyt is a Python Web tarpit, inspired by a description of a PHP equivalent called Labyrinth. It’s an automated scanner’s worst nightmare, a maze of twisty URIs, all alike.changelog : Use config file to configure TarPyt, fix urllib importFeatures :

  •     WSGI-compatible interface
  •     “Random” different responses (HTTP redirects, link pages, etc.)
  •     Base response on a hash of the request, so it’s consistent
  •     Generate Markov chains of HTML and URI paths for realistic responses
  •     Infinite redirects, slow responses
  •     Artificially slow responses (1 Bps)
  •     Artificially large (4GB) content-length headers for agents that pre-allocate storage
Todo :
  •     Shell script to get top 100 Alexa sites and build markov chains
  •     Use Markov chains to build HTML in responses
  •     False positives for scanners: SQLi (database errors), etc.
  •     Alerting, stats?
Attacks :
Possible ideas for cruelty to scanners/spiders:
Pathological-case compression (high resource use for recipient)
Broken markup: research edge cases for XML parsers
Download :
Zipball  ZIP archive (6,3 KB) https://github.com/bonsaiviking/TarPyt/zipball/master
Tarball  GZip compressed file (5,4 KB) https://github.com/bonsaiviking/TarPyt/tarball/master
read more in here : https://github.com/bonsaiviking/TarPyt