Krawl: A modern Honeypot and Deception server 🍯 I wanted to share an open‑source project I’ve been working on and get feedback from people interested in web security, self‑hosting, and deception techniques :) https://github.com/BlessedRebuS/Krawl

Patrick Di Fazio — Thu, 15 Jan 2026 15:23:57 +0000

GitHub - BlessedRebuS/Krawl: Krawl is a lightweight cloud native web deception server and anti-crawler that creates fake web applications with low-hanging vulnerabilities and realistic, randomly generated decoy data

Krawl is a lightweight cloud native web deception server and anti-crawler that creates fake web applications with low-hanging vulnerabilities and realistic, randomly generated decoy data - BlessedR...

github.com

Krawl: A modern Honeypot and Deception server 🍯

Patrick Di Fazio — Thu, 15 Jan 2026 13:26:09 +0000

I wanted to share an open‑source project I’ve been working on and get feedback from people interested in web security, self‑hosting, and deception techniques :)

GitHub repository:
https://github.com/BlessedRebuS/Krawl

What is Krawl?

Krawl is a cloud‑native deception server designed to detect, delay, and analyze malicious web crawlers and automated scanners.

It exposes realistic fake web applications populated with common “low‑hanging fruit” such as admin panels, configuration files, and exposed (fake) credentials. These decoys attract suspicious activity and make it easier to clearly distinguish malicious behavior from legitimate crawlers.

By intentionally wasting attacker resources, Krawl helps surface useful signals such as attack paths, IP addresses, and user agents.

Demo and Project

You can see a demo here:

Live demo:
http://demo.krawlme.com

Dashboard:
http://demo.krawlme.com/das_dashboard

Key Features

Spider trap pages with infinite random links to exhaust automated crawlers
Fake login pages including WordPress, phpMyAdmin, and generic admin panels
Honeypot paths advertised via robots.txt to attract scanners
Realistic fake credentials and secrets
Optional canary token integration for external alerting
Real‑time dashboard for monitoring suspicious activity
JSON‑based wordlists for easy customization
Random error injection to mimic real server misconfigurations

Real‑World Results

We've been running a self‑hosted instance of Krawl in a homelab for about two weeks, and the results have been interesting:

A very clear separation between legitimate crawlers (such as Meta and Amazon) and malicious scanners
Over 350,000 total requests logged
Many attempts to access sensitive or deceptive paths

The goal is to make deception realistic enough to fool automated tools, while remaining useful for defenders and researchers who want to detect and blacklist malicious actors.

If you’re interested in honeypots, web security, or deception‑based defense, I’d love to hear your thoughts or see you contribute :)

DEV Community: Patrick Di Fazio

Krawl: A modern Honeypot and Deception server 🍯 I wanted to share an open‑source project I’ve been working on and get feedback from people interested in web security, self‑hosting, and deception techniques :) https://github.com/BlessedRebuS/Krawl

GitHub - BlessedRebuS/Krawl: Krawl is a lightweight cloud native web deception server and anti-crawler that creates fake web applications with low-hanging vulnerabilities and realistic, randomly generated decoy data

[Boost]