redblock
redblock copied to clipboard
RedBlock is an Nginx module designed for offensive security operations and red teaming. This module empowers security professionals to easily block all IPs associated with hosting and cloud infrastruc...
Redblock
Another redirector for your offensive operation infrastructure unless you're ready to add 50k network range to your nginx configuration file.
Overview
Redblock is nginx module for hiding your C2/phishing/etc infrastructure from sandboxes, threat scanners. Easily block IPs associated with hosting, cloud infrastructure, and known sandbox environments. you can use your own IPRanges Dataset.
Configuration
Build the module with dependencies.
make install && make configure && make
Final compiled library will be located at objs/ngx_http_redblock_module.so
.
you will need to add it to /etc/nginx/nginx.conf
load_module objs/ngx_http_redblock_module.so;
dataset location is /etc/nginx/redblock_ranges.bin
you can change it in the code, you will have to copy the default dataset to that location.
cp ./ipv4_ranges.bin /etc/nginx/redblock_ranges.bin
You'll need to restart nginx
every time you rebuild the module.
service nginx restart
now you can see the blocked requests in error log.
Bring Your Own dataset
you can encode the list of the ip address you want
python encode_dataset.py input_file output_file [--ipv4] [--ipv6]
or update the current dataset by running
python palo_alto_edl_dataset.py