Skip to content

RedBlock is an Nginx module designed for offensive security operations and red teaming. This module empowers security professionals to easily block all IPs associated with hosting and cloud infrastructure, as well as known sandbox environments.

License

Notifications You must be signed in to change notification settings

safebuffer/redblock

Repository files navigation

Redblock

Another redirector for your offensive operation infrastructure unless you're ready to add 50k network range to your nginx configuration file.

Overview

Redblock

Redblock is nginx module for hiding your C2/phishing/etc infrastructure from sandboxes, threat scanners. Easily block IPs associated with hosting, cloud infrastructure, and known sandbox environments. you can use your own IPRanges Dataset.

Configuration

Build the module with dependencies.

make install && make configure && make

Final compiled library will be located at objs/ngx_http_redblock_module.so. you will need to add it to /etc/nginx/nginx.conf

load_module objs/ngx_http_redblock_module.so;

dataset location is /etc/nginx/redblock_ranges.bin you can change it in the code, you will have to copy the default dataset to that location.

cp ./ipv4_ranges.bin /etc/nginx/redblock_ranges.bin

You'll need to restart nginx every time you rebuild the module.

service nginx restart

now you can see the blocked requests in error log.

Bring Your Own dataset

you can encode the list of the ip address you want

python encode_dataset.py input_file output_file [--ipv4] [--ipv6]

or update the current dataset by running

python palo_alto_edl_dataset.py

About

RedBlock is an Nginx module designed for offensive security operations and red teaming. This module empowers security professionals to easily block all IPs associated with hosting and cloud infrastructure, as well as known sandbox environments.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published