Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



39 Commits

Repository files navigation


Redirect Rules Generation Tool.

This is a Python rewrite and expansion of:

Code architecture based on:

This tool dynamically generates a redirect.rules file that will redirect Sandbox environments away from our payload hosting/C2 servers.


# Install the required Python dependencies
  pip3 install -r requirements.txt

# Install the 'whois' tool
  sudo apt install -y whois

# Enable 'mod_rewrite' for Apache
  sudo a2enmod rewrite

Included is a script that will automate the installation of all required dependencies:

sudo ./


usage: [-h] [-d DESTINATION]
                         [--exclude EXCLUDE [EXCLUDE ...]]
                         [--exclude-file EXCLUDE_FILE] [--exclude-list]
                         [--ip-file IP_FILE [IP_FILE ...]]
                         [--asn-file ASN_FILE [ASN_FILE ...]]
                         [--hostname-file HOSTNAME_FILE [HOSTNAME_FILE ...]]
                         [--useragent-file USERAGENT_FILE [USERAGENT_FILE ...]]

Dynamically generate redirect.rules file -- v1.2.4

optional arguments:
  -h, --help            show this help message and exit
                        Destination for redirects (with the protocol, e.g.,
  --exclude EXCLUDE [EXCLUDE ...]
                        Pass in one or more data sources and/or explicit
                        IP/Host/User-Agent's to exclude. Run the `--exclude-
                        list` command to list all data source keywords that
                        can be used. Keywords and explicit strings should be
                        space delimited. Example Usage: `--exclude agents radb
  --exclude-file EXCLUDE_FILE
                        File containing items/group keywords to exclude (line
  --exclude-list        List all possible exclusions.
  --ip-file IP_FILE [IP_FILE ...]
                        Provide one or more IP files to use as source data.
  --asn-file ASN_FILE [ASN_FILE ...]
                        Provide one or more ASN files to use as source data.
  --hostname-file HOSTNAME_FILE [HOSTNAME_FILE ...]
                        Provide one or more Hostname files to use as source
  --useragent-file USERAGENT_FILE [USERAGENT_FILE ...]
                        Provide one or more User-Agent files to use as source
  --verbose             Enable verbose output.

Example Run

> python3 -d

      Redirect Rules Generation Tool

[*]     Pulling @curi0usJack's redirect rules...
[*]     Writing @curi0usJack's redirect rules...
[*]     Adding conditions for bad User-Agents...
[*]     Adding static IPs obtained via Malware Kit's and other sources...
[*]     Adding static Hostnames obtained via Malware Kit's and other sources...
[*]     Pulling TOR exit node list...
[*]     Pulling AWS IP/Network list...
[*]     Pulling Google Cloud IP/network list...
[*]     Pulling Microsoft Azure IP/network list...
[*]     Pulling Microsoft Office 365 IP/Host list...
[*]     Pulling Oracle Cloud IP/network list...
[*]     Pulling AS46484 -- MCAFEE via RADB...
[*]     Pulling AS46652 -- DIGITALOCEAN via BGPView...
[*]     Adding Miscellaneous Sources...

[+]     File/Path redirection and catch-all examples commented at bottom of file.

[*]     Performing rule de-duplication clean up...
[*]     Removing 478 duplicate IPs/Networks...

[+]     Total IPs, Networks or User-Agents blocked: 11031
[+]     Redirect rules file: /tmp/redirect.rules executed in 24.62 seconds.

Example Usage

# Example exclusion usage - Exclude Tor, Microsoft Azure, and an explicit CIDR:
  python3 -d --exclude tor azure

# Example external source file usage - Include external IP list for redirection:
  python3 -d --ip-file new_ip_list.txt

# Example usage to generate rules for a single external source
# This excludes all sources provided by redirect_rules and only uses the external source:
  python3 -d --exclude htaccess dynamic static --ip-file new_ip_list.txt

Exclusion List

[+] Exclusion List:

        This list represents the value(s) a user can pass to the `--exclude` argument in order
        to exclude a specific data source from being added to the final redirect.rules file.
        NOTE: The `--exclude` argument accepts keywords and/or specific IP/Host/User-Agent's
        to be excluded delimited by: SPACE

        Example usage of the `--exclude` argument:
                --exclude user-agents radb

        Exclusion Keyword List:
                dynamic         # Exclude all dynamic sources
                static          # Exclude all static sources
                htaccess        # Exclude @curi0usJack's .htaccess file
                user-agents     # Exclude User-Agents file
                ips             # Exclude IPs obtained via Malware Kit's and other sources
                hostnames       # Exclude Hostnames obtained via Malware Kit's and other sources
                asn             # Exclude all ASN data
                radb            # Exclude ASN data from RADB
                bgpview         # Exclude ASN data from BGPView
                AS#             # Exclude a specific ASN based on AS# format
                misc            # Exclude Misc data sources
                tor             # Exclude TOR Exit Node data
                amazon          # Exclude all Amazon data
                aws             # Exclude AWS data
                google          # Exclude all Google data
                googlecloud     # Exclude Google Cloud data
                microsoft       # Exclude all Microsoft data
                azure           # Exclude MS Azure data
                office365       # Exclude Office365 data
                oracle          # Exclude all Oracle data
                oraclecloud     # Exclude Oracle Cloud data

        NOTE: Company names/identifiers used within the core/data/
        file can also be used.
        Exclude All ZScaler ASN's: `--exclude ZSCALER`
        Exclude ZScaler's ATL ASN: `--exclude ZSCALER-ATLANTA`

All static data is stored within the core/data/ directory in .py files as Python objects. If you need to remove an ASN/User-Agent/IP/etc. from a static list, open the corresponding Python file and comment out what you no longer require. If you need to add anything, follow the :format: at the top of the Python data file (if present).


# Build docker
  docker build --tag=redirect_rules .

# Run docker attaching /tmp
  docker run --rm -v /tmp:/tmp redirect_rules -d

# Run docker attaching current directory
  docker run --rm -v $(pwd):/tmp redirect_rules -d

# Once the run completes, the `redirect.rules` file will be located
# in the directory attached to the docker run.

Run With Exclusions

# Run with exclude list:
  docker run --rm -v /tmp:/tmp redirect_rules -d --exclude aws azure

# Run with an exclude file:
  docker cp exclude.txt <CONTAINER>:/app/exclude.txt
  docker run --rm -v /tmp:/tmp redirect_rules -d --exclude-file exclude.txt


@curi0usJack -
@violentlydave - mkhtaccess_red
@0xdade - sephiroth


  • Add better exception handling
  • Reorder groups by most likely to be seen
  • Sort IPs/Hosts/Agents in each grouping
  • Build an index at the top of redirect.rules based on starting line number of each grouping
  • Custmoize rewrite rule(s) to redirect differently based on user-agent


Quick and dirty dynamic redirect.rules generator







No releases published


No packages published