MIRE/C³ Test Suite MIRE/C³ Multi-layer Intrusion Response Engine · DEMO
Target Host cfd.mire.cc
⚠ Testing Instructions — Right-click → Open in New Tab. Sections ordered by criticality: CRITICALHIGHLOW. Check /var/log/mire/access.log and useragent.log for logged entries.
⚡ Live Log Feed
IMPORTANT NOTICE All Error Handlers configured to Sample 404 Page IMPORTANT NOTICE

CORE FUNCTIONAL CHANGE Presently, The MIRE/C³ is configured to route all errors into its neutral 404 handler

Delays are configured from 5-15 seconds

🚫 Clean 404 Handling LOW sample404_page()

Secure 404 error handler that prevents information disclosure through verbose error messages—a common penetration testing finding. Returns a clean, minimal 404 page with proper HTTP status code (3–8s delay) without leaking stack traces, file paths, server versions, or internal application structure that attackers use for reconnaissance.

🚫
Sample 404 Page
/sample404
Clean error · HTTP 404 · 3–8s
🔶 Laravel/PHP Framework Traps CRITICAL laravel_env_trap() · laravel_logs_trap() · laravel_artisan_trap()

Targets Laravel environment files with production credentials (AWS, DB, Stripe, Pusher). Fake log files expose DB credentials and API keys. Artisan script reveals database URL in comments.

🔑
Laravel Env Backup
/.env.backup
AWS + Stripe + DB · 0.8–2.5s 🔑
Laravel Env Old
/.env.old
AWS + Stripe + DB · 0.8–2.5s 🔑
Laravel Env Prod
/.env.prod
AWS + Stripe + DB · 0.8–2.5s 📝
Laravel Error Logs
/storage/logs/laravel.log
DB creds + API keys in stack trace
Laravel Artisan Script
/artisan
DB URL in comments
🗄 Database Admin Interface Traps CRITICAL phpmyadmin_trap() · adminer_trap() · generic_db_admin_trap()

phpMyAdmin and Adminer login pages with internal MySQL servers pre-populated. 2–5s delay on all DB admin paths. Generic endpoints return JSON with database lists and API tokens.

💾
phpMyAdmin Root
/phpmyadmin/
Login form · 2–5s 💾
phpMyAdmin (pma) Index
/pma/index.php
Login form · 2–5s 💾
MyAdmin Setup
/myadmin/setup/
Setup page · 2–5s 🗃
Adminer Login
/adminer.php
MySQL/PostgreSQL · 2–5s 📊
MySQL Status Endpoint
/mysql/status
JSON + databases list
DB Admin Config
/dbadmin/config
JSON + API token
🔧 Jenkins/CI-CD Traps CRITICAL jenkins_trap() · jenkins_job_trap() · jenkins_script_console_trap()

Jenkins dashboard with fake build jobs (1.5–4s delay). Script console with Groovy environment showing DB passwords and AWS keys. Job pages expose backup artifacts and config files.

🏗
Jenkins Dashboard
/jenkins/
Build jobs list · 1.5–4s 🔌
Jenkins API JSON
/jenkins/api/json
Jobs + version 💻
Jenkins Script Console
/script
Groovy + creds · 1.5–4s 📦
Production Deploy Job
/job/production-deploy/
Artifacts + config 📄
Job Config XML
/job/backup-database/config.xml
jenkins_user creds
☁ Cloud Metadata Service Traps CRITICAL aws_metadata_trap() · aws_userdata_trap() · gcp_metadata_trap()

AWS EC2 metadata endpoints return IAM credentials with AccessKeyId/SecretAccessKey. User-data shows bash script with DB passwords and AWS keys. GCP metadata returns service account tokens.

AWS Metadata Root
/latest/meta-data/
Directory listing · 1–3.5s 🔑
AWS IAM Credentials
/latest/meta-data/iam/security-credentials/prod-role
AccessKeyId + Secret 📜
AWS User Data Script
/latest/user-data
Bash + AWS keys + DB pass 🔐
GCP Service Account Token
/computeMetadata/v1/.../token
Bearer token · 180 chars 📋
GCP Instance Attributes
/computeMetadata/v1/.../attributes/
Startup script + GCS bucket
🔐 AWS Credentials & Cloud Config Traps CRITICAL aws_credentials_trap()

Direct AWS credentials file exposure (1–3.5s delay). Returns realistic .aws/credentials format with [default], [production], and [s3-backup] profiles containing AccessKeyId and SecretAccessKey.

🔑
AWS Credentials File
/aws-credentials
3 profiles · AKIA keys · 1–3.5s 🔑
AWS Credentials (.aws path)
/.aws/credentials
3 profiles · AKIA keys · 1–3.5s 📄
AWS Credentials TXT
/aws-credentials.txt
3 profiles · AKIA keys · 1–3.5s
💳 E-Commerce & Payment Traps CRITICAL checkout_trap()

Fake checkout page with payment form. Exposes Stripe API keys (pk_live_, sk_live_) plus payment gateway URL, merchant ID, and API token in visible HTML block.

💳
Checkout Page
/checkout/
Stripe keys + gateway API
Checkout Process Endpoint
/checkout/process
Payment processing page
🔓 Version Control Exposure Traps CRITICAL git_exposure_trap()

.git directory exposure with config file showing GitHub remote URL and personal access token (ghp_...). HEAD file reveals current branch. Directory listing shows typical git structure.

Git Config
/.git/config
GitHub URL + ghp_ token 📍
Git HEAD
/.git/HEAD
Branch reference 📁
Git Directory Root
/.git/
Directory listing
📦 Archive Theft Traps CRITICAL serve_dynamic_file() → generate_nested_zip/tar/gzip()

Any path ending in an archive extension triggers nested archive generation (100KB–2MB) with a 2–6s delay. OS path decoys seeded throughout; a canary token is guaranteed deployed inside every archive. 20% chance of password-protection — password is logged.

🗜
Backup ZIP
/backup.zip
nested ZIP · delay 🗜
DB Dump GZ
/database_dump.sql.gz
TAR+GZ · delay 🗜
Secrets TAR
/secrets.tar
nested TAR · delay
🧪 Debug/Test Environment Traps HIGH debug_env_trap() · phpinfo_trap() · debug_trace_trap()

Paths like /dev/, /test/, /staging/ appear as "Production" or "Pre-Production" to simulate misconfigured servers. phpinfo.php exposes environment vars with AWS keys and DB passwords. Debug traces show connection strings.

Dev Environment (shows as "Production")
/dev/
Config exposed · 0.5–2s 🧪
Test Environment (shows as "QA")
/test/
Config exposed · 0.5–2s 📦
Staging Environment (shows as "Pre-Production")
/staging/
Config exposed · 0.5–2s
PHP Info Page
/phpinfo.php
Env vars + AWS keys · 0.5–2s 🐛
Debug Error Log
/debug/error.log
Stack trace + DB connection 📋
.NET Trace (ELMAH)
/trace.axd
Connection string + token
📜 CGI-Bin & Legacy App Traps HIGH cgi_bin_trap()

Classic CGI vulnerability scanner target. Directory listing shows common scripts (status.cgi, admin.cgi, printenv.cgi). Script content exposes DB credentials and admin email in fake bash output.

📁
CGI-Bin Directory
/cgi-bin/
HTML listing · scripts 📊
Status CGI Script
/cgi-bin/status.cgi
Bash + DB creds in echo 👤
Admin CGI Script
/cgi-bin/admin.cgi
Bash + admin email 🖨
Print Environment CGI
/cgi-bin/printenv.cgi
Bash + env vars
📋 Info Disclosure Traps HIGH info_trap() · about_trap()

/info and /about return detailed server information (nginx version, PHP, MySQL, Redis, Node.js versions) plus database hosts, API endpoints, credentials, deploy info, and Git commit hashes.

Server Info
/info
Versions + DB + API + creds · 1–3s 📄
Server Info TXT
/info.txt
Same as /info · 1–3s 📖
About Application
/about
Version + API + Git commit 📄
About Application TXT
/about.txt
Same as /about
📤 Uploads Directory Trap HIGH uploads_trap()

Directory listing shows backup archives, database exports, user CSVs, and config files. Webshell probes (.php, .asp, .jsp files) return fake PHP shell code. Detects malicious upload attempts.

📁
Uploads Directory
/uploads/
HTML listing · backups 🗜
Upload Backup ZIP
/uploads/backup_abc123.zip
Nested archive · canary
Webshell Probe (uploads)
/uploads/shell.php
Fake shell form 🗄
User Export SQL
/uploads/export_users.sql
SQL · users table
📚 API Documentation & Swagger Traps HIGH swagger_trap() · api_docs_json_trap() · graphql_endpoint_trap()

Swagger UI and API documentation endpoints (0.8–2.5s delay). JSON specs include API keys, database URLs, and endpoint listings. GraphQL playground exposes users query with database_url and api_key in response.

📖
Swagger UI
/swagger-ui.html
API docs + key · 0.8–2.5s 📄
API Docs v2 JSON
/v2/api-docs
Swagger 2.0 + x-api-key 📄
API Docs v3 JSON
/v3/api-docs
Swagger 3.0 + x-database 🔷
GraphQL Playground
/graphql
Playground + queries · 0.8–2.5s 🔷
GraphQL Alt Endpoint
/graphq
Same as /graphql

💡 Verification Checklist