All Projects → 0xZDH → Redirect.rules

0xZDH / Redirect.rules

Quick and dirty dynamic redirect.rules generator

Programming Languages

python
139335 projects - #7 most used programming language

Projects that are alternatives of or similar to Redirect.rules

Apache-Directory-Listing
A directory listing theme for Apache
Stars: ✭ 138 (+100%)
Mutual labels:  apache, apache2
mod fastcgi
FastCGI.com mod_fastcgi apache 2 module fork from http://repo.or.cz/mod_fastcgi.git + last SNAP-0910052141 snapshot
Stars: ✭ 23 (-66.67%)
Mutual labels:  apache, apache2
vhost-gen
Configurable vHost generator for Apache 2.2, Apache 2.4 and Nginx
Stars: ✭ 111 (+60.87%)
Mutual labels:  apache, apache2
Apache2buddy
apache2buddy
Stars: ✭ 297 (+330.43%)
Mutual labels:  apache, apache2
Apache Ultimate Bad Bot Blocker
Apache Block Bad Bots, (Referer) Spam Referrer Blocker, Vulnerability Scanners, Malware, Adware, Ransomware, Malicious Sites, Wordpress Theme Detectors and Fail2Ban Jail for Repeat Offenders
Stars: ✭ 441 (+539.13%)
Mutual labels:  apache, apache2
H5ai
HTTP web server index for Apache httpd, lighttpd and nginx.
Stars: ✭ 4,650 (+6639.13%)
Mutual labels:  apache, apache2
Modsecurity
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analys…
Stars: ✭ 5,015 (+7168.12%)
Mutual labels:  apache, apache2
Apache24 Modules
Modules for Apache 2.4 and maybe 2.2
Stars: ✭ 12 (-82.61%)
Mutual labels:  apache, apache2
Spring Web Rss Channels
A Full Stack RSS Reader web application built with Spring MVC and JSP. It uses libraries like Spring, JPA, Bootstrap, Apache Tiles, JSP etc. There is also a static code analysis tool called Checkstyle.
Stars: ✭ 40 (-42.03%)
Mutual labels:  apache
Maven Site
Apache Maven site
Stars: ✭ 54 (-21.74%)
Mutual labels:  apache
Awesome Cordova Plugins
A curated list of awesome Cordova Apache Plugins https://cordova.apache.org/plugins/
Stars: ✭ 33 (-52.17%)
Mutual labels:  apache
Mod dims
Apache HTTP dynamic image resizing module
Stars: ✭ 40 (-42.03%)
Mutual labels:  apache2
Openwhisk Apigateway
Apache OpenWhisk API Gateway service for exposing actions as REST interfaces.
Stars: ✭ 56 (-18.84%)
Mutual labels:  apache
Docs4dev
后端开发常用框架文档及中文翻译,包含 Spring 系列文档(Spring, Spring Boot, Spring Cloud, Spring Security, Spring Session),大数据(Apache Hive, HBase, Apache Flume),日志(Log4j2, Logback),Http Server(NGINX,Apache),Python,数据库(OpenTSDB,MySQL,PostgreSQL)等最新官方文档以及对应的中文翻译。
Stars: ✭ 974 (+1311.59%)
Mutual labels:  apache
Fail2ban.webexploits
This custom Fail2Ban filter and jail will deal with all scans for common Wordpress, Joomla and other Web Exploits being scanned for by automated bots and those seeking to find exploitable web sites.
Stars: ✭ 67 (-2.9%)
Mutual labels:  apache
Druid Exporter
A Golang based exporter captures druid API related metrics and receives druid-emitting HTTP JSON data.
Stars: ✭ 54 (-21.74%)
Mutual labels:  apache
Pomfe.co V1
Pomfe.co File Hosting Site Source Code
Stars: ✭ 31 (-55.07%)
Mutual labels:  apache2
Burrowui
This is a NodeJS/Angular 2 frontend UI for Kafka cluster monitoring with Burrow
Stars: ✭ 69 (+0%)
Mutual labels:  apache
Logging Log4j2
Apache Log4j 2 is an upgrade to Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides many of the improvements available in Logback while fixing some inherent problems in Logback's architecture.
Stars: ✭ 1,133 (+1542.03%)
Mutual labels:  apache
Neutron
🌠 Purely functional Apache Pulsar client for Scala built on top of Fs2
Stars: ✭ 53 (-23.19%)
Mutual labels:  apache

redirect.rules

Redirect Rules Generation Tool.

This is a Python rewrite and expansion of:

Code architecture based on:

This tool dynamically generates a redirect.rules file that will redirect Sandbox environments away from our payload hosting/C2 servers.

Requirements

# Install the required Python dependencies
  pip3 install -r requirements.txt

# Install the 'whois' tool
  sudo apt install -y whois

# Enable 'mod_rewrite' for Apache
  sudo a2enmod rewrite

Included is a setup.sh script that will automate the installation of all required dependencies:

sudo ./setup.sh

Usage

usage: redirect_rules.py [-h] [-d DESTINATION]
                         [--exclude EXCLUDE [EXCLUDE ...]]
                         [--exclude-file EXCLUDE_FILE] [--exclude-list]
                         [--ip-file IP_FILE [IP_FILE ...]]
                         [--asn-file ASN_FILE [ASN_FILE ...]]
                         [--hostname-file HOSTNAME_FILE [HOSTNAME_FILE ...]]
                         [--useragent-file USERAGENT_FILE [USERAGENT_FILE ...]]
                         [--verbose]

Dynamically generate redirect.rules file -- v1.2.4

optional arguments:
  -h, --help            show this help message and exit
  -d DESTINATION, --destination DESTINATION
                        Destination for redirects (with the protocol, e.g., https://redirect.here/index.php).
  --exclude EXCLUDE [EXCLUDE ...]
                        Pass in one or more data sources and/or explicit
                        IP/Host/User-Agent's to exclude. Run the `--exclude-
                        list` command to list all data source keywords that
                        can be used. Keywords and explicit strings should be
                        space delimited. Example Usage: `--exclude agents radb
                        35.0.0.0/8`
  --exclude-file EXCLUDE_FILE
                        File containing items/group keywords to exclude (line
                        separated).
  --exclude-list        List all possible exclusions.
  --ip-file IP_FILE [IP_FILE ...]
                        Provide one or more IP files to use as source data.
  --asn-file ASN_FILE [ASN_FILE ...]
                        Provide one or more ASN files to use as source data.
  --hostname-file HOSTNAME_FILE [HOSTNAME_FILE ...]
                        Provide one or more Hostname files to use as source
                        data.
  --useragent-file USERAGENT_FILE [USERAGENT_FILE ...]
                        Provide one or more User-Agent files to use as source
                        data.
  --verbose             Enable verbose output.

Example Run

> python3 redirect_rules.py -d https://test.com

    ----------------------------------
      Redirect Rules Generation Tool
                  v1.2.4
    ----------------------------------

[*]     Pulling @curi0usJack's redirect rules...
[*]     Writing @curi0usJack's redirect rules...
[*]     Adding conditions for bad User-Agents...
[*]     Adding static IPs obtained via Malware Kit's and other sources...
[*]     Adding static Hostnames obtained via Malware Kit's and other sources...
[*]     Pulling TOR exit node list...
[*]     Pulling AWS IP/Network list...
[*]     Pulling Google Cloud IP/network list...
[*]     Pulling Microsoft Azure IP/network list...
[*]     Pulling Microsoft Office 365 IP/Host list...
[*]     Pulling Oracle Cloud IP/network list...
[*]     Pulling AS46484 -- MCAFEE via RADB...
    ...
[*]     Pulling AS46652 -- DIGITALOCEAN via BGPView...
[*]     Adding Miscellaneous Sources...

[+]     File/Path redirection and catch-all examples commented at bottom of file.


[*]     Performing rule de-duplication clean up...
[*]     Removing 478 duplicate IPs/Networks...

[+]     Total IPs, Networks or User-Agents blocked: 11031
[+]     Redirect rules file: /tmp/redirect.rules

redirect_rules.py executed in 24.62 seconds.

Example Usage

# Example exclusion usage - Exclude Tor, Microsoft Azure, and an explicit CIDR:
  python3 redirect_rules.py -d https://test.com --exclude tor azure 35.0.0.0/8

# Example external source file usage - Include external IP list for redirection:
  python3 redirect_rules.py -d https://test.com --ip-file new_ip_list.txt

# Example usage to generate rules for a single external source
# This excludes all sources provided by redirect_rules and only uses the external source:
  python3 redirect_rules.py -d https://test.com --exclude htaccess dynamic static --ip-file new_ip_list.txt

Exclusion List

[+] Exclusion List:
    --------------

        This list represents the value(s) a user can pass to the `--exclude` argument in order
        to exclude a specific data source from being added to the final redirect.rules file.
        NOTE: The `--exclude` argument accepts keywords and/or specific IP/Host/User-Agent's
        to be excluded delimited by: SPACE

        Example usage of the `--exclude` argument:
                --exclude user-agents radb 35.0.0.0/8

        Exclusion Keyword List:
        ----------------------
                dynamic         # Exclude all dynamic sources
                static          # Exclude all static sources
                htaccess        # Exclude @curi0usJack's .htaccess file
                user-agents     # Exclude User-Agents file
                ips             # Exclude IPs obtained via Malware Kit's and other sources
                hostnames       # Exclude Hostnames obtained via Malware Kit's and other sources
                asn             # Exclude all ASN data
                radb            # Exclude ASN data from RADB
                bgpview         # Exclude ASN data from BGPView
                AS#             # Exclude a specific ASN based on AS# format
                misc            # Exclude Misc data sources
                tor             # Exclude TOR Exit Node data
                amazon          # Exclude all Amazon data
                aws             # Exclude AWS data
                google          # Exclude all Google data
                googlecloud     # Exclude Google Cloud data
                microsoft       # Exclude all Microsoft data
                azure           # Exclude MS Azure data
                office365       # Exclude Office365 data
                oracle          # Exclude all Oracle data
                oraclecloud     # Exclude Oracle Cloud data

        NOTE: Company names/identifiers used within the core/data/asns.py
        file can also be used.
        Exclude All ZScaler ASN's: `--exclude ZSCALER`
        Exclude ZScaler's ATL ASN: `--exclude ZSCALER-ATLANTA`

All static data is stored within the core/data/ directory in .py files as Python objects. If you need to remove an ASN/User-Agent/IP/etc. from a static list, open the corresponding Python file and comment out what you no longer require. If you need to add anything, follow the :format: at the top of the Python data file (if present).

Docker

# Build docker
  docker build --tag=redirect_rules .

# Run docker attaching /tmp
  docker run --rm -v /tmp:/tmp redirect_rules -d https://test.com

# Run docker attaching current directory
  docker run --rm -v $(pwd):/tmp redirect_rules -d https://test.com

# Once the run completes, the `redirect.rules` file will be located
# in the directory attached to the docker run.

Run With Exclusions

# Run with exclude list:
  docker run --rm -v /tmp:/tmp redirect_rules -d https://test.com --exclude aws azure 35.0.0.0/8

# Run with an exclude file:
  docker cp exclude.txt <CONTAINER>:/app/exclude.txt
  docker run --rm -v /tmp:/tmp redirect_rules -d https://test.com --exclude-file exclude.txt

Acknowledgements

@curi0usJack - https://gist.github.com/curi0usJack/971385e8334e189d93a6cb4671238b10
@violentlydave - mkhtaccess_red
@0xdade - sephiroth

TODO

  • Add better exception handling
  • Reorder groups by most likely to be seen
  • Sort IPs/Hosts/Agents in each grouping
  • Build an index at the top of redirect.rules based on starting line number of each grouping
  • Custmoize rewrite rule(s) to redirect differently based on user-agent
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].