Hilux
GitHub
Hilux Changelog
+350Downloads on NPM

Hilux Bot
Engine

The AntiBot catcher for Node.js APIs. Protect your application from automated threats with sub-millisecond precision.

Documentation

01 — Detection Strategy

Every request scored.
Every threat stopped.

Hilux evaluates 8 independent signals per request and produces a composite risk score. Sub-millisecond. No false positives.

  • 8-signal composite scoring engine
  • Detailed Information about the request
  • Redis-backed global state sharing
  • Native plugin support for Fastify/Express
terminal

02 — Behavioral Intelligence

Intelligence
at the edge.

Behavioral analysis and fingerprinting work together to classify traffic before it reaches your application logic.

Explore the documentation →

Global Intelligence

Visualize your protection.

Real-time monitoring and analytics from every detection signal, aggregated across your entire cluster.

03 — Unified Detection

8 signals. One score.

Each signal operates independently. Together they provide comprehensive threat detection.

Rate Anomaly

Detect burst, heavy, and mild anomalies with adaptive thresholds.

Header Analysis

Identify missing, inconsistent, or impossible header combinations.

IP Reputation

Real-time lookups against Tor exits, VPNs, and datacenters.

Payload Inspection

Deep analysis for SQLi, XSS, and path traversal patterns.

TLS Fingerprint

JA3/JA4 fingerprinting to detect automated clients.

Blacklist Engine

Persistent IP and CIDR blocking with auto-expiration.

Behavioral Analysis

Track patterns and session anomalies over time windows.

Geo Intelligence

Location-aware scoring with impossible travel detection.

04 — Deployment

Every framework. One API.

Fastify
import { hiluxPlugin }
from '@gustavoj/hilux/fastify';
 
fastify.register(hiluxPlugin, {
redis: { host: '127.0.0.1' }
});
Express
import { hiluxMiddleware }
from '@gustavoj/hilux/express';
 
app.use(hiluxMiddleware({
redis: { host: '127.0.0.1' }
}));
Standalone
import { Hilux }
from '@gustavoj/hilux';
 
const hilux = new Hilux({ redis });
const score = await
hilux.analyze(req);

Pricing & Plans

Scale your security.

Start for free and upgrade as your infrastructure grows. Enterprise-grade protection, simplified.

Community

$0/ lifetime

Essential protection for startups and open-source projects.

  • 8-signal detection engine
  • Basic risk scoring
  • Redis state sharing
  • Fastify/Express plugins
  • Basic Dashboard Access
Get Started
Recommended

Pro

$29/ month

Advanced forensics and a hardened management interface.

  • Everything in Community
  • Hardened Dashbaord Access
  • Login Protector (ATO mitigation)
  • Advanced Geo-Blocking
  • Real-time Reputation API
Upgrade to Pro

Enterprise

$199/ month

Maximum deception and protection for regulated industries.

  • Everything in Pro
  • Virtual Patching Service
  • Honeypot Deception Engine
  • Forensic Analysis stream
  • 24/7 Security Support
Get Enterprise

Ready to secure your API?

Free, open-source, and ready to deploy in under a minute.

Get StartedCheck Package