{"id":28878468,"url":"https://github.com/d00movenok/bounceback","last_synced_at":"2026-03-02T01:02:53.411Z","repository":{"id":178402292,"uuid":"640929345","full_name":"D00Movenok/BounceBack","owner":"D00Movenok","description":"↕️🤫 Stealth redirector for your red team operation security","archived":false,"fork":false,"pushed_at":"2024-08-11T19:27:00.000Z","size":641,"stargazers_count":690,"open_issues_count":2,"forks_count":76,"subscribers_count":9,"default_branch":"main","last_synced_at":"2025-06-19T13:08:06.182Z","etag":null,"topics":["c2","cobalt-strike","cybersecurity","infrastructure","opsec","pentest","pentesting","phishing","proxy","redirector","redteam","security"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/D00Movenok.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-05-15T12:24:31.000Z","updated_at":"2025-06-13T05:40:49.000Z","dependencies_parsed_at":"2023-11-16T15:44:24.274Z","dependency_job_id":"a5f9f5d6-a800-4392-a32a-ee78058a3347","html_url":"https://github.com/D00Movenok/BounceBack","commit_stats":null,"previous_names":["d00movenok/bounceback"],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/D00Movenok/BounceBack","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D00Movenok%2FBounceBack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D00Movenok%2FBounceBack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D00Movenok%2FBounceBack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D00Movenok%2FBounceBack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/D00Movenok","download_url":"https://codeload.github.com/D00Movenok/BounceBack/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D00Movenok%2FBounceBack/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260985223,"owners_count":23092892,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c2","cobalt-strike","cybersecurity","infrastructure","opsec","pentest","pentesting","phishing","proxy","redirector","redteam","security"],"created_at":"2025-06-20T17:14:18.657Z","updated_at":"2026-03-02T01:02:53.402Z","avatar_url":"https://github.com/D00Movenok.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# BounceBack\n\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](/LICENSE)\n[![Go Report Card](https://goreportcard.com/badge/github.com/D00Movenok/BounceBack)](https://goreportcard.com/report/github.com/D00Movenok/BounceBack)\n[![Tests](https://github.com/D00Movenok/BounceBack/actions/workflows/tests.yml/badge.svg)](https://github.com/D00Movenok/BounceBack/actions/workflows/tests.yml)\n[![CodeQL](https://github.com/D00Movenok/BounceBack/actions/workflows/codeql.yml/badge.svg)](https://github.com/D00Movenok/BounceBack/actions/workflows/codeql.yml)\n[![Docs](https://img.shields.io/badge/docs-wiki-blue?logo=GitBook)](https://github.com/D00Movenok/BounceBack/wiki)\n\n↕️🤫 Stealth redirector for your red team operation security.\n\n![Atchitecture](/assets/architecture.png)\n\n## Overview\n\nBounceBack is a powerful, highly customizable and configurable reverse proxy with WAF functionality for hiding your C2/phishing/etc infrastructure from blue teams, sandboxes, scanners, etc. It uses real-time traffic analysis through various filters and their combinations to hide your tools from illegitimate visitors.\n\nThe tool is distributed with preconfigured lists of blocked words, blocked and allowed IP addresses.\n\nFor more information on tool usage, you may visit [project's wiki](https://github.com/D00Movenok/BounceBack/wiki).\n\n## Features\n\n* Highly configurable and customizable filters pipeline with boolean-based concatenation of rules will be able to hide your infrastructure from the most keen blue eyes.\n* Easily extendable project structure, everyone can add rules for their own C2.\n* Integrated and curated massive blacklist of IPv4 pools and ranges known to be associated with IT Security vendors combined with IP filter to disallow them to use/attack your infrastructure.\n* Malleable C2 Profile parser is able to validate inbound HTTP(s) traffic against the Malleable's config and reject invalidated packets.\n* Out of the box domain fronting support allows you to hide your infrastructure a little bit more.\n* Ability to check the IPv4 address of request against IP Geolocation/reverse lookup data and compare it to specified regular expressions to exclude out peers connecting outside allowed companies, nations, cities, domains, etc.\n* All incoming requests may be allowed/disallowed for any time period, so you may configure work time filters.\n* Support for multiple proxies with different filter pipelines at one BounceBack instance.\n* Verbose logging mechanism allows you to keep track of all incoming requests and events for analyzing blue team behaviour and debug issues.\n\n## Rules\n\nThe main idea of rules is how BounceBack matches traffic. The tool currently supports the following rule types:\n\n* Boolean-based (and, or, not) rules combinations\n* IP and subnet analysis\n* IP geolocation fields inspection\n* Reverse lookup domain probe\n* Raw packet regexp matching\n* Malleable C2 profiles traffic validation\n* Work (or not) hours rule\n\nCustom rules may be easily added, just register your [RuleBaseCreator](/internal/rules/rules.go#L9) or [RuleWrapperCreator](/internal/rules/rules.go#L3). See already created [RuleBaseCreators](/internal/rules/base_common.go) and [RuleWrapperCreators](/internal/rules/wrappers.go)\n\nRules configuration page may be found [here](https://github.com/D00Movenok/BounceBack/wiki/1.-Rules).\n\n## Proxies\n\nThe proxies section is used to configure where to listen and proxy traffic, which protocol to use and how to chain rules together for traffic filtering. At the moment, BounceBack supports the following protocols:\n\n* HTTP(s) for your web infrastructure\n* DNS for your DNS tunnels\n* Raw TCP (with or without tls) and UDP for custom protocols\n\nCustom protocols may be easily added, just register your new type [in manager](/internal/proxy/manager.go). Example proxy realizations may be found [here](/internal/proxy).\n\nProxies configuration page may be found [here](https://github.com/D00Movenok/BounceBack/wiki/2.-Proxies).\n\n## Installation\n\nJust download latest release from [release page](https://github.com/D00Movenok/BounceBack/releases), unzip it, edit config file and go on.\n\nIf you want to build it from source, clone it (don't forget about [GitLFS](https://git-lfs.com/)), [install goreleaser](https://goreleaser.com/install/) and run:\n\n```bash\ngoreleaser release --clean --snapshot\n```\n\n## Usage\n\n1. **(Optionally)** Update `banned_ips.txt` list:\n\n    ```bash\n    bash scripts/collect_banned_ips.sh \u003e data/banned_ips.txt\n    ```\n\n2. Modify `config.yml` for your needs. Configure [rules](https://github.com/D00Movenok/BounceBack/wiki/1.-Rules) to match traffic, [proxies](https://github.com/D00Movenok/BounceBack/wiki/2.-Proxies) to analyze traffic using rules and [globals](https://github.com/D00Movenok/BounceBack/wiki/3.-Globals) for deep rules configuration.\n\n3. Run BounceBack:\n\n    ```bash\n    ./bounceback\n    ```\n\n    \u003e Usage of BounceBack: \\\n    \u003e -c, --config string   Path to the config file in YAML format (default \"config.yml\") \\\n    \u003e -l, --log string      Path to the log file (default \"bounceback.log\") \\\n    \u003e -v, --verbose count   Verbose logging (0 = info, 1 = debug, 2+ = trace)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fd00movenok%2Fbounceback","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fd00movenok%2Fbounceback","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fd00movenok%2Fbounceback/lists"}