vinksyunit/not-today-honey
Composer 安装命令:
composer require vinksyunit/not-today-honey
包简介
A Laravel honeypot package to simulate attractive web pages (like WordPress wp-admin) to detect attackers
README 文档
README
A Laravel honeypot package that simulates realistic admin pages (WordPress, phpMyAdmin) to detect and block attackers.
Detect threats, automatically
- 3-level alert system — Probing → Intrusion Attempt → Attacking, each with configurable thresholds, block durations, and log levels
- Leaked credential detection — truncated SHA256 comparison against known password lists; immediate escalation to Attacking on match
Protect your real features
- Automatic IP blocking — detected attackers are blocked for configurable durations (minutes for probing, days for intrusion, weeks for attacking)
nottodayhoney.blockmiddleware — deny blocked IPs globally or per route group with a single line
Honeypot traps that fool scanners
- Realistic decoys — fake WordPress wp-login, phpMyAdmin, and generic admin pages with HTTP fingerprinting to attract CVE scanners and credential-stuffing bots
- Event-driven alerts — Laravel events at each alert level; wire up Slack, mail, or any channel via listeners
Requirements
- PHP 8.4+
- Laravel 12+
Installation
composer require vinksyunit/not-today-honey php artisan vendor:publish --tag="not-today-honey-config" php artisan vendor:publish --tag="not-today-honey-migrations" php artisan migrate
Sponsors
Special Sponsors
Blue team best practices
NotTodayHoney detects and signals — it is one layer of a defense-in-depth strategy. A honeypot without complementary layers is a smoke detector with no sprinklers.
- Understand your attack surface — the OWASP Top 10 covers the most common application-layer risks; the ASVS gives you a structured checklist
- Review code for security — authentication, authorisation boundaries, and input handling deserve attention on every change, not just security-focused sprints
- Run penetration tests — a pentest finds what automated scanners miss: logic flaws, misconfigurations, privilege escalation paths
- Monitor and respond — route
AttackerAttackingEventto an alerting pipeline; define a runbook for what your team does when an attacker is detected - Keep dependencies clean — attackers scan for known CVEs before trying credentials; run
composer auditregularly
→ Blue Team Practices in the documentation for further reading and OWASP references.
License
The MIT License (MIT). Please see License File for more information.
vinksyunit/not-today-honey 适用场景与选型建议
vinksyunit/not-today-honey 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 357 次下载、GitHub Stars 达 2, 最近一次更新时间为 2026 年 04 月 14 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「security」 「laravel」 「Honeypot」 「Vinksyunit」 「not-today-honey」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 vinksyunit/not-today-honey 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 vinksyunit/not-today-honey 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 vinksyunit/not-today-honey 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Provide Honeypot spam protection for SilverStripe CMS.
Provide a way to secure accesses to all routes of an symfony application.
Security plugin for Filament v5 - Disposable email blocking, honeypot protection, and Cloudflare IP blocking
Prevent & track spam that's been submitted through public facing forms
It's a barebone security class written on PHP
A jQuery augmented PHP library for creating and validating HTML forms
统计信息
- 总下载量: 357
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 2
- 点击次数: 29
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2026-04-14