A month ago I shared Krawl, an open-source deception server for detecting and analyzing malicious web crawlers. Today I’m happy to report that it has reached v1.0.0 and is production-ready.

https://github.com/BlessedRebuS/Krawl

Krawl serves realistic fake web applications (admin panels, configs, credentials, and crawler traps) to clearly separate malicious attackers from legitimate crawlers while collecting actionable intelligence.

In the past month, we’ve analyzed over 4.5 million requests across all Krawl instances, including attacks, legitimate crawlers, and malicious bots.

We’re also planning to build a *knowledge base of the most common attacks* observed through Krawl to help security teams and researchers understand patterns and respond faster.

If you have ideas to integrate with Krawl, or want to contribute, you’re welcome to join the project.

Repo: https://github.com/BlessedRebuS/Kraw Demo: http://demo.krawlme.com Dashboard: http://demo.krawlme.com/das_dashboard