Show HN: Trappsec – open-source library to catch attackers probing your API
trappsec.devWAFs and most traditional detection tools are blind to business logic abuses. They can catch a SQL injection pattern, but they can't tell if a legitimate user is probing for privilege escalation, IDOR or mapping out your internal API structure. I built trappsec to cover this gap - with decoys that are difficult to distinguish from real API resources. By treating your API surface as a defensive asset, you generate high-confidence alerts that contain intent and identity attribution.
I am currently looking to collect as much feedback as possible on the core concepts and API design.
I currently support Flask, FastAPI and ExpressJS. Post feedback, will then proceed with porting this to the top 2-3 web frameworks in other relevant languages (Go, Ruby, Java etc.)
No comments yet.