Trappsec is an open-source business logic deception framework designed to detect malicious activity within application APIs before an exploit occurs. By embedding decoy routes and honey fields directly into application code, it aims to identify attackers during the reconnaissance phase, when adversaries are mapping APIs and probing for vulnerabilities, rather than after a breach has taken place. The tool provides early detection by triggering high-fidelity alerts when these embedded traps are accessed, capturing the attacker's intent and identity at the point of contact.
The framework offers two primary primitives: decoy routes and honey fields. Decoy routes are ghost endpoints that mimic real API structures, indistinguishable to attackers conducting path discovery. When these routes are accessed, unauthenticated requests receive a 401 Unauthorized response and are logged as low-priority signals, while authenticated requests trigger covert alerts with detailed context, including user ID, role, IP address, and the specific intent assigned to the trap. Honey fields are non-functional parameters inserted into genuine API responses; typical users do not interact with them, but attackers attempting privilege escalation or tampering will trigger silent alerts upon modification attempts. Each alert is pre-classified with the declared intent, eliminating the need for manual triage and ensuring actionable intelligence is immediately available.
Trappsec is implemented as a software library and can be initialized within a service using a simple API. js, and Go, and is installed via standard package managers such as pip. The tool does not require infrastructure changes, allowing integration directly into the application layer. Its detection mechanism focuses on intent, distinguishing between benign automated scanners and targeted attackers by requiring authentication before firing alerts, thereby reducing false positives and alert fatigue.
The framework is released under the MIT License and is available as open-source software. Its approach is positioned as pre-exploit detection, addressing the limitations of traditional perimeter-based security and post-breach honeypots by providing defenders with visibility into reconnaissance activities that would otherwise go unnoticed.
In the Security & compliance platforms space, trappsec takes a focused approach. It focuses on detecting and preventing API reconnaissance and privilege escalation attempts in applications. trappsec is an open-source project aimed at application security engineers. The project is open source (MIT). The product ships for the command line and API, and it can be self-hosted.
trappsec first shipped in 2026. The project is developed in the open on GitHub with 12 stars and 97 commits in the last 90 days. Among its 5 catalogued features are decoy routes, honey fields, and API reconnaissance detection.
Latest indexed changes and source events
Other apps tracked under the same category.