{"id":30594022,"url":"https://github.com/ryhkml/zipbomb","last_synced_at":"2025-10-06T13:19:37.778Z","repository":{"id":311617914,"uuid":"1039470578","full_name":"ryhkml/zipbomb","owner":"ryhkml","description":"Serve a GZIP bomb 💀💀💀","archived":false,"fork":false,"pushed_at":"2025-08-25T14:34:48.000Z","size":6,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-25T15:45:08.283Z","etag":null,"topics":["bomb","c","gzip","http","nginx","reverse-proxy"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ryhkml.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-08-17T09:59:34.000Z","updated_at":"2025-08-25T14:36:19.000Z","dependencies_parsed_at":"2025-08-25T15:45:11.936Z","dependency_job_id":"4a6f985a-627c-461b-ab37-cd723c974bb1","html_url":"https://github.com/ryhkml/zipbomb","commit_stats":null,"previous_names":["ryhkml/zipbomb"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/ryhkml/zipbomb","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryhkml%2Fzipbomb","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryhkml%2Fzipbomb/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryhkml%2Fzipbomb/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryhkml%2Fzipbomb/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ryhkml","download_url":"https://codeload.github.com/ryhkml/zipbomb/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryhkml%2Fzipbomb/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":272749579,"owners_count":24986867,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-29T02:00:10.610Z","response_time":87,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bomb","c","gzip","http","nginx","reverse-proxy"],"created_at":"2025-08-29T19:33:13.117Z","updated_at":"2025-10-06T13:19:32.759Z","avatar_url":"https://github.com/ryhkml.png","language":"C","readme":"# Zip Bomb\n\nServe a GZIP bomb as a defense mechanism against malicious requests.\n\n## Overview\n\nZip Bomb creates a server that responds to requests with a pre-generated GZIP bomb file (data.gzip).\nIt is designed to target attackers or scanners by sending a large decompressed file (~10GB) hidden in a small compressed form (~10MB).\n\n## Background\n\nThe inspiration stems from the common issue of web server exposure to malicious scans, as highlighted in a Mastodon post by [@Viss](https://mastodon.social/@Viss/114864117312657608) on July 17, 2025, at 2:23 AM.\nThe post describes how putting a web server online anywhere invites **the background radiation of the internet**, as shown in the attached server log screenshot.\nThe log reveals numerous 404 responses to requests for sensitive files (e.g., config.yml, secrets.yml), indicating automated scanning by attackers.\nZip Bomb aims to counter such threats using a GZIP bomb defense mechanism.\n\n## Prerequisites\n\nA pre-generated data.gzip file\n\n```sh\ntruncate -s 10G data.tmp\ngzip \u003c data.tmp \u003e data.gzip\nrm -rf data.tmp\n```\n\nBuild\n\n```sh\ngcc -O2 -Wall -Wextra -Wformat -Wformat-security -fstack-protector-strong -std=c17 -o zipbomb main.c\n```\n\n## Usage\n\n```\n./zipbomb [OPTIONS]\n\nOptions:\n    --host [addr]        Set Zip Bomb host (default: 127.0.0.1)\n    --port [4000-65535]  Set Zip Bomb port (default: 32000)\n```\n\nUse nginx as a reverse proxy. An example configuration is in [nginx.conf](./nginx.conf).\n\n## Related Article\n\nYou can also read related article on [Zip Bombs](https://blog.haschek.at/2017/how-to-defend-your-website-with-zip-bombs.html).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fryhkml%2Fzipbomb","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fryhkml%2Fzipbomb","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fryhkml%2Fzipbomb/lists"}