PulseGateLive intelligence on AI-era software
Coverage
172,138

Software tracked

 

Freshness
22 min ago

Last update

 

Cadence
947/day

7-day average

Indexed today: 776

PulseGate

Live intelligence on the software shipping in the AI era — apps, models, agents, and infra.

Software is shipping faster than ever, and a growing share of it lives outside the official app stores. PulseGate tracks it live — free, for builders, analysts, and everyone keeping up.

Platform

  • All Apps
  • Categories
  • Industry Updates
  • Data Sources
  • Coverage Rules
  • Glossary
  • Embed Widget

Support

  • Help Center
  • Suggest a URL
  • Report an Issue

Company

  • About
  • Press & Data
  • Contact
  • Platform Status

Legal

  • Privacy
  • Terms
  • Disclaimer

© 2026 PulseGate. Operated by Dymaxio s.r.o., Prague, Czech Republic.·

All systems operational
PulseGate
TRtrappsec logo
trappsec
Visit ↗
  1. Home/
  2. Security & compliance platforms/
  3. trappsec
←Back to results
Ttrappsec logo

trappsec

trappsec.dev·Infrastructure

Trappsec is an open-source business logic deception framework designed to detect malicious activity within application APIs before an exploit occurs. By embedding decoy routes and honey fields directly into application code, it aims to identify attackers during the reconnaissance phase, when adversaries are mapping APIs and probing for vulnerabilities, rather than after a breach has taken place. The tool provides early detection by triggering high-fidelity alerts when these embedded traps are accessed, capturing the attacker's intent and identity at the point of contact.

The framework offers two primary primitives: decoy routes and honey fields. Decoy routes are ghost endpoints that mimic real API structures, indistinguishable to attackers conducting path discovery. When these routes are accessed, unauthenticated requests receive a 401 Unauthorized response and are logged as low-priority signals, while authenticated requests trigger covert alerts with detailed context, including user ID, role, IP address, and the specific intent assigned to the trap. Honey fields are non-functional parameters inserted into genuine API responses; typical users do not interact with them, but attackers attempting privilege escalation or tampering will trigger silent alerts upon modification attempts. Each alert is pre-classified with the declared intent, eliminating the need for manual triage and ensuring actionable intelligence is immediately available.

Trappsec is implemented as a software library and can be initialized within a service using a simple API. js, and Go, and is installed via standard package managers such as pip. The tool does not require infrastructure changes, allowing integration directly into the application layer. Its detection mechanism focuses on intent, distinguishing between benign automated scanners and targeted attackers by requiring authentication before firing alerts, thereby reducing false positives and alert fatigue.

The framework is released under the MIT License and is available as open-source software. Its approach is positioned as pre-exploit detection, addressing the limitations of traditional perimeter-based security and post-breach honeypots by providing defenders with visibility into reconnaissance activities that would otherwise go unnoticed.

Open SourceMIT
CLIAPISelf-hosted
T
trappsec preview
Visit trappsec.dev↗
⭐12
stars
🍴3
forks
✓5
features
📅2026
since

Overview

5 features

In the Security & compliance platforms space, trappsec takes a focused approach. It focuses on detecting and preventing API reconnaissance and privilege escalation attempts in applications. trappsec is an open-source project aimed at application security engineers. The project is open source (MIT). The product ships for the command line and API, and it can be self-hosted.

trappsec first shipped in 2026. The project is developed in the open on GitHub with 12 stars and 97 commits in the last 90 days. Among its 5 catalogued features are decoy routes, honey fields, and API reconnaissance detection.

  • ✓Decoy routes
  • ✓Honey fields
  • ✓API reconnaissance detection
  • ✓Privilege escalation detection
  • ✓Multi-language support

Tags

deception-frameworkapi-securityhoneypot

Built with & integrations

Hosting
cloudflare
Runs on
CLIAPI-onlySelf-hosted

Trust & compliance

LicenseMIT
Verified signals
✓ HTTPS✓ Open Source✓ Free tier✓ GitHub · ★ 12✓ Active maintenance

Recent events

Latest indexed changes and source events

  1. IndexedJun 25, 8:41 PM

    Listing verified by the PulseGate indexer

    Source: PulseGate indexerOpen ↗

Frequently asked questions about trappsec

What is trappsec?
Trappsec focuses on detecting and preventing API reconnaissance and privilege escalation attempts in applications. It is catalogued under Security & compliance platforms on PulseGate.
Who should use trappsec?
trappsec is an open-source project built for application security engineers.
Does trappsec have a free plan?
Yes — trappsec is open source under the MIT license and free to use.
What platforms does trappsec run on?
trappsec runs on the command line and API. It can also be self-hosted.
Is trappsec still active?
PulseGate's automated liveness checks currently classify trappsec as active. The GitHub repository shows 97 commits in the last 90 days.
What tools are similar to trappsec?
Similar tools tracked by PulseGate include TRACIO, Tracerny, and Trickest.TRACIOTracernyTrickest
How long has trappsec been around?
trappsec first shipped in 2026.
Is trappsec open source?
Yes — trappsec is open source under the MIT license, developed on GitHub.

At a glance

Pricing
Open Source
Platforms
Cli · Api
Languages
English
Open source
Yes · ★ 12
License
MIT
First seen
Feb 3, 2026
Activity
🟢 Active
Status
🟢 Active
Built for
application security engineers
Model
Open source
Solves
Detecting and preventing API reconnaissance and privilege escalation attempts in applications.

Developer

Trappsecdev
Small team
↗ GitHub

Open source

View on GitHub →
⭐ Stars
12
🍴 Forks
3
Open issues
0
Last commit
2mo ago
Commits 90d
97
Contributors
3
Authorship
Small team
Default branch
main

Live coverage

Confidence
High · 95
Indexed
Jun 25, 2026
Lifecycle
Alive
Activity
Active
First seen
Feb 2026
Last seen
3w ago
Identity audit (9)
Entity ID
cmqtyywx408luvkethdv3xp2c
Slug
trappsec-trappsec-dev
Verification state
Indexed for public listing
Claim / listing state
Unclaimed · listed: yes
Index status
Included in index
Latest evidence snapshot
Jun 25, 2026
Timeline basis
Indexed-at chronology (no inferred launch/funding milestones).
Last updated
Jul 13, 2026
Canonical URL
https://trappsec.dev/

Similar apps

Other apps tracked under the same category.

  • TRACIO
    tracio.ai
  • Tracerny
    tracerney.com
  • Trickest
    trickest.com
  • trap-cli
    pypi.org
  • CodeTruss
    codetruss.com
  • Entrapeer
    entrapeer.com