Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/safebuffer/redblock
RedBlock is an Nginx module designed for offensive security operations and red teaming. This module empowers security professionals to easily block all IPs associated with hosting and cloud infrastructure, as well as known sandbox environments.
https://github.com/safebuffer/redblock
cobaltstrike nginx nginx-module opsec pentesting-tools redirector redteam-infrastructure
Last synced: 10 days ago
JSON representation
RedBlock is an Nginx module designed for offensive security operations and red teaming. This module empowers security professionals to easily block all IPs associated with hosting and cloud infrastructure, as well as known sandbox environments.
- Host: GitHub
- URL: https://github.com/safebuffer/redblock
- Owner: safebuffer
- License: apache-2.0
- Created: 2024-01-21T20:47:33.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2024-01-21T21:26:55.000Z (about 1 year ago)
- Last Synced: 2024-11-19T14:08:32.065Z (2 months ago)
- Topics: cobaltstrike, nginx, nginx-module, opsec, pentesting-tools, redirector, redteam-infrastructure
- Language: C
- Homepage:
- Size: 58.6 KB
- Stars: 19
- Watchers: 3
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Redblock
Another redirector for your offensive operation infrastructure unless you're ready to add 50k network range to your nginx configuration file.
## Overview
Redblock is nginx module for hiding your C2/phishing/etc infrastructure from sandboxes, threat scanners. Easily block IPs associated with hosting, cloud infrastructure, and known sandbox environments.
you can use your own IPRanges Dataset.
## Configuration
Build the module with dependencies.
```bash
make install && make configure && make
```
Final compiled library will be located at `objs/ngx_http_redblock_module.so`.
you will need to add it to `/etc/nginx/nginx.conf`
```nginx
load_module objs/ngx_http_redblock_module.so;
```
dataset location is `/etc/nginx/redblock_ranges.bin` you can change it in the code, you will have to copy the default dataset to that location.
```bash
cp ./ipv4_ranges.bin /etc/nginx/redblock_ranges.bin
```
You'll need to restart `nginx` every time you rebuild the module.
```bash
service nginx restart
```
now you can see the blocked requests in error log.
## Bring Your Own dataset
you can encode the list of the ip address you want
```bash
python encode_dataset.py input_file output_file [--ipv4] [--ipv6]
```
or update the current dataset by running
```bash
python palo_alto_edl_dataset.py
```