diff --git a/contrib/corpus/php_exploit.txt b/contrib/corpus/php_exploit.txt
new file mode 100644
index 0000000..1e16e7d
--- /dev/null
+++ b/contrib/corpus/php_exploit.txt
@@ -0,0 +1,29 @@
+PHP Fatal error: Uncaught Error: Call to undefined function mysql_connect() in /var/www/html/index.php:27
+Stack trace:
+#0 /var/www/html/functions.php(15): connect_db()
+#1 /var/www/html/admin/index.php(5): include('/var/www/html/f...')
+#2 {main}
+thrown in /var/www/html/index.php on line 27
+
+PHP Warning: include(config.php): failed to open stream: No such file or directory in /var/www/html/index.php on line 3
+PHP Warning: include(): Failed opening 'config.php' for inclusion (include_path='.:/usr/share/php') in /var/www/html/index.php on line 3
+
+PHP Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in /var/www/html/lib/Request.php on line 42
+
+PHP Fatal error: Uncaught PDOException: SQLSTATE[HY000] [2002] Connection refused in /var/www/html/database.php:14
+Stack trace:
+#0 /var/www/html/database.php(14): PDO->__construct('mysql:host=127....', 'dbuser', '********')
+#1 /var/www/html/index.php(7): require_once('/var/www/html/d...')
+#2 {main}
+thrown in /var/www/html/database.php on line 14
+
+PHP Warning: require_once(vendor/autoload.php): failed to open stream: No such file or directory in /var/www/html/index.php on line 3
+
+PHP Notice: Undefined index: username in /var/www/html/admin/login.php on line 15
+PHP Notice: Undefined index: password in /var/www/html/admin/login.php on line 16
+
+PHP Warning: session_start(): Cannot start session when headers already sent in /var/www/html/lib/Session.php on line 5
+
+PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 16384 bytes) in /var/www/vendor/doctrine/orm/lib/Doctrine/ORM/QueryBuilder.php on line 312
+
+PHP Fatal error: Uncaught Error: Class 'PDO' not found in /var/www/html/includes/database.php:10
diff --git a/contrib/corpus/wordpress.txt b/contrib/corpus/wordpress.txt
new file mode 100644
index 0000000..5765213
--- /dev/null
+++ b/contrib/corpus/wordpress.txt
@@ -0,0 +1,22 @@
+WordPress database error: [Table 'wp_options' doesn't exist]
+SELECT option_name, option_value FROM wp_options WHERE autoload = 'yes'
+
+Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/wp-content/themes/twentytwentyone/functions.php:258) in /var/www/html/wp-includes/functions.php on line 6198
+
+Fatal error: Allowed memory size of 41943040 bytes exhausted (tried to allocate 32768 bytes) in /var/www/html/wp-includes/class-wp-query.php on line 3324
+
+WordPress database error Table 'wp_users' doesn't exist for query SELECT * FROM wp_users WHERE user_login = 'admin' made by include('wp-blog-header.php'), require_once('wp-load.php'), require_once('wp-config.php')
+
+Notice: WP_Scripts::localize was called incorrectly. The $l10n parameter must be an array. To pass arbitrary data to scripts, use the wp_add_inline_script() function instead. Please see Debugging in WordPress for more information.
+
+WordPress database error: [Expression #1 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'wp_posts.ID' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by]
+SELECT ID FROM wp_posts WHERE post_type = 'post' GROUP BY YEAR(post_date), MONTH(post_date) ORDER BY post_date DESC
+
+WordPress database error: [Disk full (/var/tmp/#sql_b72_0.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")]
+SELECT t.*, tt.* FROM wp_terms AS t INNER JOIN wp_term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy = 'category' ORDER BY t.name ASC
+
+Warning: session_start() [function.session-start]: open(/var/lib/php/sessions/sess_05kqdnq9gfhj7v3c3q93fedlv2, O_RDWR) failed: Permission denied (13) in /var/www/html/wp-content/plugins/my-calendar/my-calendar.php on line 95
+
+Notice: Undefined index: HTTP_REFERER in /var/www/html/wp-content/themes/twentytwentytwo/template-parts/header.php on line 73
+
+Warning: Declaration of Walker_Nav_Menu_Dropdown::start_lvl(&$output, $depth) should be compatible with Walker_Nav_Menu::start_lvl(&$output, $depth = 0, $args = Array) in /var/www/html/wp-content/themes/responsive/core/includes/functions-extras.php on line 57
diff --git a/contrib/lua/better_response.lua b/contrib/lua/better_response.lua
new file mode 100644
index 0000000..91ce98f
--- /dev/null
+++ b/contrib/lua/better_response.lua
@@ -0,0 +1,161 @@
+-- better_response.lua
+--
+-- Adds realistic-looking, but fake content to responses based on the type of the request being
+-- made by the bots. This is a demo implementation to demonstrate how scripting works for Eris.
+
+-- Random honeytoken generation
+function generate_honeytoken(token)
+ local token_types = {
+ "API_KEY", "AUTH_TOKEN", "SESSION_ID", "SECRET_KEY",
+ "DB_PASSWORD", "ADMIN_TOKEN", "SSH_KEY"
+ }
+
+ local prefix = token_types[math.random(#token_types)]
+ local suffix = string.format("%08x%08x", math.random(0xffffffff), math.random(0xffffffff))
+
+ return prefix .. "_" .. token .. "_" .. suffix
+end
+
+-- Generates a "believable" (but fake) error stack trace
+function generate_stack_trace()
+ local files = {
+ "/var/www/html/index.php",
+ "/var/www/html/wp-content/plugins/contact-form-7/includes/submission.php",
+ "/var/www/vendor/symfony/http-kernel/HttpKernel.php",
+ "/var/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php",
+ "/var/www/html/app/Controllers/AdminController.php"
+ }
+
+ local functions = {
+ "execute", "handle", "processRequest", "loadModel",
+ "authenticate", "validateInput", "renderTemplate"
+ }
+
+ local trace = {}
+ local depth = math.random(3, 8)
+
+ for i=1,depth do
+ local file = files[math.random(#files)]
+ local func = functions[math.random(#functions)]
+ local line = math.random(10, 400)
+
+ table.insert(trace, string.format("#%d %s(%d): %s()", i, file, line, func))
+ end
+
+ return table.concat(trace, "\n")
+end
+
+-- Table of response enhancements by type
+local enhancers = {}
+
+enhancers.php_exploit = function(text, path, token)
+ local honeytoken = generate_honeytoken(token)
+ local stack = generate_stack_trace()
+
+ -- HTML comments that look like sensitive data
+ local enhancements = {
+ string.format("", honeytoken),
+ string.format("", honeytoken),
+ string.format("
%s
", stack),
+ string.format("",
+ string.sub(token, 1, 8), string.sub(token, -6)),
+ ""
+ }
+
+ -- Insert appealing content at random positions in the text
+ local result = text
+ for _, enhancement in ipairs(enhancements) do
+ local pos = math.random(1, #result)
+ result = string.sub(result, 1, pos) .. enhancement .. string.sub(result, pos+1)
+ }
+
+ return result
+end
+
+enhancers.wordpress = function(text, path, token)
+ local honeytoken = generate_honeytoken(token)
+
+ local enhancements = {
+ string.format("", token),
+ string.format("", honeytoken),
+ string.format("", honeytoken),
+ "",
+ string.format("", string.sub(token, 1, 8))
+ }
+
+ local result = text
+ for _, enhancement in ipairs(enhancements) do
+ local pos = math.random(1, #result)
+ result = string.sub(result, 1, pos) .. enhancement .. string.sub(result, pos+1)
+ }
+
+ return result
+end
+
+enhancers.api = function(text, path, token)
+ -- Create fake API responses that look like they contain tokens or keys
+ local api_response = {
+ status = "error",
+ error = "Authentication required",
+ request_id = string.format("req_%s", token),
+ debug_token = generate_honeytoken(token),
+ _links = {
+ documentation = "https://api.example.com/docs",
+ support = "https://example.com/api-support"
+ }
+ }
+
+ -- Convert to JSON-like string
+ local function to_json(obj, indent)
+ indent = indent or ""
+ local json_str = "{\n"
+
+ for k, v in pairs(obj) do
+ json_str = json_str .. indent .. " \"" .. k .. "\": "
+
+ if type(v) == "table" then
+ json_str = json_str .. to_json(v, indent .. " ")
+ elseif type(v) == "string" then
+ json_str = json_str .. "\"" .. v .. "\""
+ elseif type(v) == "number" then
+ json_str = json_str .. tostring(v)
+ elseif type(v) == "boolean" then
+ json_str = json_str .. tostring(v)
+ else
+ json_str = json_str .. "null"
+ end
+
+ json_str = json_str .. ",\n"
+ end
+
+ -- Remove trailing comma
+ json_str = string.sub(json_str, 1, -3) .. "\n" .. indent .. "}"
+ return json_str
+ end
+
+ return text .. "\n
" .. to_json(api_response) .. "
"
+end
+
+enhancers.generic = function(text, path, token)
+ -- General honeypot enhancements for any path
+ local server_info = {
+ "Server running Apache/2.4.41",
+ "PHP version: 7.4.3",
+ string.format("Generated for client: %s", token),
+ string.format("Server ID: srv-%s", string.sub(token, 1, 12)),
+ string.format("Request processed by worker-%s", string.sub(token, -8))
+ }
+
+ local result = text
+ result = result .. "\n"
+ result = result .. string.format("\n", token)
+
+ return result
+end
+
+-- Main entry point function that Rust will call
+function enhance_response(text, response_type, path, token)
+ -- Default to generic if type not found
+ local enhancer = enhancers[response_type] or enhancers.generic
+ return enhancer(text, path, token)
+end