PHPackages vinksyunit/not-today-honey - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. vinksyunit/not-today-honey ActiveLibrary[Security](/categories/security) vinksyunit/not-today-honey ========================== A Laravel honeypot package to simulate attractive web pages (like WordPress wp-admin) to detect attackers v0.1.2(1mo ago)2172↓28.6%MITPHPPHP ^8.4|^8.5CI passing Since Apr 14Pushed 2w agoCompare [ Source](https://github.com/Vinksyunit/NotTodayHoney)[ Packagist](https://packagist.org/packages/vinksyunit/not-today-honey)[ Docs](https://github.com/Vinksyunit/NotTodayHoney)[ GitHub Sponsors](https://github.com/Vinksyunit)[ RSS](/packages/vinksyunit-not-today-honey/feed)WikiDiscussions main Synced 1w ago READMEChangelog (3)Dependencies (13)Versions (4)Used By (0) [![NotTodayHoney](docs/public/logo-sticker.svg)](docs/public/logo-sticker.svg) [![Latest Version on Packagist](https://camo.githubusercontent.com/ddbf2a89a4e3cfa37bfab604a809fe32417fa74084b94b3fbb804868de425d35/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f76696e6b7379756e69742f6e6f742d746f6461792d686f6e65792e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/vinksyunit/not-today-honey) [![Tests](https://camo.githubusercontent.com/628ea8f75a4a86278bc701039b1c80c923f90188db88863109353cbd3525b54b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f56696e6b7379756e69742f4e6f74546f646179486f6e65792f72756e2d74657374732e796d6c3f6272616e63683d6d61696e266c6162656c3d7465737473267374796c653d666c61742d737175617265)](https://github.com/Vinksyunit/NotTodayHoney/actions?query=workflow%3Arun-tests+branch%3Amain) [![Code Style](https://camo.githubusercontent.com/455592fbfee16f2336e1f327276a353422ca51c4fb43cdde78b11d7256c7084d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f56696e6b7379756e69742f4e6f74546f646179486f6e65792f6669782d7068702d636f64652d7374796c652d6973737565732e796d6c3f6272616e63683d6d61696e266c6162656c3d636f64652532307374796c65267374796c653d666c61742d737175617265)](https://github.com/Vinksyunit/NotTodayHoney/actions?query=workflow%3A%22Fix+PHP+code+style+issues%22+branch%3Amain) [![Total Downloads](https://camo.githubusercontent.com/fe09b0676fe0d3cf759d1fcc200b0474c03acdf60be566ada7dffeef6dcdc3cf/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f76696e6b7379756e69742f6e6f742d746f6461792d686f6e65792e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/vinksyunit/not-today-honey) [![PHP Version](https://camo.githubusercontent.com/80a1e9170477d16198eab27ef4dc60b8c4e4ed55d7a84affbe3a2ba3fb2c02d8/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f76696e6b7379756e69742f6e6f742d746f6461792d686f6e65793f6c6f676f3d706870)](https://camo.githubusercontent.com/80a1e9170477d16198eab27ef4dc60b8c4e4ed55d7a84affbe3a2ba3fb2c02d8/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f76696e6b7379756e69742f6e6f742d746f6461792d686f6e65793f6c6f676f3d706870) [![Laravel Version](https://camo.githubusercontent.com/24831afda9c8e8876d7702e2ce827d05183c1de75f3d04d96819101bf09fe4b5/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c61726176656c2d31322d4646324432303f6c6f676f3d6c61726176656c)](https://camo.githubusercontent.com/24831afda9c8e8876d7702e2ce827d05183c1de75f3d04d96819101bf09fe4b5/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c61726176656c2d31322d4646324432303f6c6f676f3d6c61726176656c) [![License](https://camo.githubusercontent.com/3a09d51cbc853f469ea0bd08bfeb1e4fe6d7b1567176fe02f08ea5a90ff88bde/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f76696e6b7379756e69742f6e6f742d746f6461792d686f6e6579)](https://camo.githubusercontent.com/3a09d51cbc853f469ea0bd08bfeb1e4fe6d7b1567176fe02f08ea5a90ff88bde/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f76696e6b7379756e69742f6e6f742d746f6461792d686f6e6579) A Laravel honeypot package that simulates realistic admin pages (WordPress, phpMyAdmin) to detect and block attackers. Detect threats, automatically ----------------------------- [](#detect-threats-automatically) - **3-level alert system** — Probing → Intrusion Attempt → Attacking, each with configurable thresholds, block durations, and log levels - **Leaked credential detection** — truncated SHA256 comparison against known password lists; immediate escalation to Attacking on match Protect your real features -------------------------- [](#protect-your-real-features) - **Automatic IP blocking** — detected attackers are blocked for configurable durations (minutes for probing, days for intrusion, weeks for attacking) - **`nottodayhoney.block` middleware** — deny blocked IPs globally or per route group with a single line Honeypot traps that fool scanners --------------------------------- [](#honeypot-traps-that-fool-scanners) - **Realistic decoys** — fake WordPress wp-login, phpMyAdmin, and generic admin pages with HTTP fingerprinting to attract CVE scanners and credential-stuffing bots - **Event-driven alerts** — Laravel events at each alert level; wire up Slack, mail, or any channel via listeners Requirements ------------ [](#requirements) - PHP 8.4+ - Laravel 12+ Installation ------------ [](#installation) ``` composer require vinksyunit/not-today-honey php artisan vendor:publish --tag="not-today-honey-config" php artisan vendor:publish --tag="not-today-honey-migrations" php artisan migrate ``` → [Full documentation](https://vinksyunit.github.io/NotTodayHoney) Sponsors -------- [](#sponsors) ### Special Sponsors [](#special-sponsors) [ ![Starkado](https://camo.githubusercontent.com/9b0f18afd025711fc250fa7ad766597e0e60425b415ce52b8639dad45dec5d57/68747470733a2f2f737461726b61646f2e636f6d2f6173736574732f737461726b61646f2d737469636b65722e737667) ](https://starkado.com/) Blue team best practices ------------------------ [](#blue-team-best-practices) NotTodayHoney detects and signals — it is one layer of a defense-in-depth strategy. A honeypot without complementary layers is a smoke detector with no sprinklers. - **Understand your attack surface** — the [OWASP Top 10](https://owasp.org/www-project-top-10/) covers the most common application-layer risks; the [ASVS](https://owasp.org/www-project-application-security-verification-standard/) gives you a structured checklist - **Review code for security** — authentication, authorisation boundaries, and input handling deserve attention on every change, not just security-focused sprints - **Run penetration tests** — a pentest finds what automated scanners miss: logic flaws, misconfigurations, privilege escalation paths - **Monitor and respond** — route `AttackerAttackingEvent` to an alerting pipeline; define a runbook for what your team does when an attacker is detected - **Keep dependencies clean** — attackers scan for known CVEs before trying credentials; run `composer audit` regularly → [Blue Team Practices](https://vinksyunit.github.io/NotTodayHoney/blue-team) in the documentation for further reading and OWASP references. License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 43 — FairBetter than 89% of packages Maintenance93 Actively maintained with recent releases Popularity18 Limited adoption so far Community8 Small or concentrated contributor base Maturity43 Maturing project, gaining track record Bus Factor1 Top contributor holds 74.1% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 3 Last Release 54d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/cafa8ba36eb45d5f88e58271ee0e4ca7f6f387cc2f3780569f006528b82d411d?d=identicon)[Vinks](/maintainers/Vinks) --- Top Contributors [![Vinksyunit](https://avatars.githubusercontent.com/u/8203487?v=4)](https://github.com/Vinksyunit "Vinksyunit (20 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (7 commits)") --- Tags laravelsecurityHoneypotVinksyunitnot-today-honey ### Code Quality TestsPest Static AnalysisPHPStan, Rector Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/vinksyunit-not-today-honey/health.svg) ``` [![Health](https://phpackages.com/badges/vinksyunit-not-today-honey/health.svg)](https://phpackages.com/packages/vinksyunit-not-today-honey) ``` ### Alternatives [spatie/laravel-permission Permission handling for Laravel 12 and up 12.9k98.0M1.3k](/packages/spatie-laravel-permission)[spatie/laravel-pdf Create PDFs in Laravel apps 1.0k4.3M41](/packages/spatie-laravel-pdf)[spatie/laravel-health Monitor the health of a Laravel application 88011.3M149](/packages/spatie-laravel-health)[rawilk/profile-filament-plugin Profile & MFA starter kit for filament. 3913.7k](/packages/rawilk-profile-filament-plugin)[vormkracht10/laravel-mails Laravel Mails can collect everything you might want to track about the mails that has been sent by your Laravel app. 24655.3k](/packages/vormkracht10-laravel-mails)[lunarstorm/laravel-ddd A Laravel toolkit for Domain Driven Design patterns 18476.4k](/packages/lunarstorm-laravel-ddd) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)