AI prompts
base on ↕️🤫 Stealth redirector for your red team operation security # BounceBack
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](/LICENSE)
[![Go Report Card](https://goreportcard.com/badge/github.com/D00Movenok/BounceBack)](https://goreportcard.com/report/github.com/D00Movenok/BounceBack)
[![Tests](https://github.com/D00Movenok/BounceBack/actions/workflows/tests.yml/badge.svg)](https://github.com/D00Movenok/BounceBack/actions/workflows/tests.yml)
[![CodeQL](https://github.com/D00Movenok/BounceBack/actions/workflows/codeql.yml/badge.svg)](https://github.com/D00Movenok/BounceBack/actions/workflows/codeql.yml)
[![Docs](https://img.shields.io/badge/docs-wiki-blue?logo=GitBook)](https://github.com/D00Movenok/BounceBack/wiki)
↕️🤫 Stealth redirector for your red team operation security.
![Atchitecture](/assets/architecture.png)
## Overview
BounceBack is a powerful, highly customizable and configurable reverse proxy with WAF functionality for hiding your C2/phishing/etc infrastructure from blue teams, sandboxes, scanners, etc. It uses real-time traffic analysis through various filters and their combinations to hide your tools from illegitimate visitors.
The tool is distributed with preconfigured lists of blocked words, blocked and allowed IP addresses.
For more information on tool usage, you may visit [project's wiki](https://github.com/D00Movenok/BounceBack/wiki).
## Features
* Highly configurable and customizable filters pipeline with boolean-based concatenation of rules will be able to hide your infrastructure from the most keen blue eyes.
* Easily extendable project structure, everyone can add rules for their own C2.
* Integrated and curated massive blacklist of IPv4 pools and ranges known to be associated with IT Security vendors combined with IP filter to disallow them to use/attack your infrastructure.
* Malleable C2 Profile parser is able to validate inbound HTTP(s) traffic against the Malleable's config and reject invalidated packets.
* Out of the box domain fronting support allows you to hide your infrastructure a little bit more.
* Ability to check the IPv4 address of request against IP Geolocation/reverse lookup data and compare it to specified regular expressions to exclude out peers connecting outside allowed companies, nations, cities, domains, etc.
* All incoming requests may be allowed/disallowed for any time period, so you may configure work time filters.
* Support for multiple proxies with different filter pipelines at one BounceBack instance.
* Verbose logging mechanism allows you to keep track of all incoming requests and events for analyzing blue team behaviour and debug issues.
## Rules
The main idea of rules is how BounceBack matches traffic. The tool currently supports the following rule types:
* Boolean-based (and, or, not) rules combinations
* IP and subnet analysis
* IP geolocation fields inspection
* Reverse lookup domain probe
* Raw packet regexp matching
* Malleable C2 profiles traffic validation
* Work (or not) hours rule
Custom rules may be easily added, just register your [RuleBaseCreator](/internal/rules/default.go#L9) or [RuleWrapperCreator](/internal/rules/default.go#L3). See already created [RuleBaseCreators](/internal/rules/base_common.go) and [RuleWrapperCreators](/internal/rules/wrappers.go)
Rules configuration page may be found [here](https://github.com/D00Movenok/BounceBack/wiki/1.-Rules).
## Proxies
The proxies section is used to configure where to listen and proxy traffic, which protocol to use and how to chain rules together for traffic filtering. At the moment, BounceBack supports the following protocols:
* HTTP(s) for your web infrastructure
* DNS for your DNS tunnels
* Raw TCP (with or without tls) and UDP for custom protocols
Custom protocols may be easily added, just register your new type [in manager](/internal/proxy/manager.go). Example proxy realizations may be found [here](/internal/proxy).
Proxies configuration page may be found [here](https://github.com/D00Movenok/BounceBack/wiki/2.-Proxies).
## Installation
Just download latest release from [release page](https://github.com/D00Movenok/BounceBack/releases), unzip it, edit config file and go on.
If you want to build it from source, clone it (don't forget about [GitLFS](https://git-lfs.com/)), [install goreleaser](https://goreleaser.com/install/) and run:
```bash
goreleaser release --clean --snapshot
```
## Usage
1. **(Optionally)** Update `banned_ips.txt` list:
```bash
bash scripts/collect_banned_ips.sh > data/banned_ips.txt
```
2. Modify `config.yml` for your needs. Configure [rules](https://github.com/D00Movenok/BounceBack/wiki/1.-Rules) to match traffic, [proxies](https://github.com/D00Movenok/BounceBack/wiki/2.-Proxies) to analyze traffic using rules and [globals](https://github.com/D00Movenok/BounceBack/wiki/3.-Globals) for deep rules configuration.
3. Run BounceBack:
```bash
./bounceback
```
> Usage of BounceBack: \
> -c, --config string Path to the config file in YAML format (default "config.yml") \
> -l, --log string Path to the log file (default "bounceback.log") \
> -v, --verbose count Verbose logging (0 = info, 1 = debug, 2+ = trace)
", Assign "at most 3 tags" to the expected json: {"id":"3923","tags":[]} "only from the tags list I provide: [{"id":77,"name":"3d"},{"id":89,"name":"agent"},{"id":17,"name":"ai"},{"id":54,"name":"algorithm"},{"id":24,"name":"api"},{"id":44,"name":"authentication"},{"id":3,"name":"aws"},{"id":27,"name":"backend"},{"id":60,"name":"benchmark"},{"id":72,"name":"best-practices"},{"id":39,"name":"bitcoin"},{"id":37,"name":"blockchain"},{"id":1,"name":"blog"},{"id":45,"name":"bundler"},{"id":58,"name":"cache"},{"id":21,"name":"chat"},{"id":49,"name":"cicd"},{"id":4,"name":"cli"},{"id":64,"name":"cloud-native"},{"id":48,"name":"cms"},{"id":61,"name":"compiler"},{"id":68,"name":"containerization"},{"id":92,"name":"crm"},{"id":34,"name":"data"},{"id":47,"name":"database"},{"id":8,"name":"declarative-gui "},{"id":9,"name":"deploy-tool"},{"id":53,"name":"desktop-app"},{"id":6,"name":"dev-exp-lib"},{"id":59,"name":"dev-tool"},{"id":13,"name":"ecommerce"},{"id":26,"name":"editor"},{"id":66,"name":"emulator"},{"id":62,"name":"filesystem"},{"id":80,"name":"finance"},{"id":15,"name":"firmware"},{"id":73,"name":"for-fun"},{"id":2,"name":"framework"},{"id":11,"name":"frontend"},{"id":22,"name":"game"},{"id":81,"name":"game-engine "},{"id":23,"name":"graphql"},{"id":84,"name":"gui"},{"id":91,"name":"http"},{"id":5,"name":"http-client"},{"id":51,"name":"iac"},{"id":30,"name":"ide"},{"id":78,"name":"iot"},{"id":40,"name":"json"},{"id":83,"name":"julian"},{"id":38,"name":"k8s"},{"id":31,"name":"language"},{"id":10,"name":"learning-resource"},{"id":33,"name":"lib"},{"id":41,"name":"linter"},{"id":28,"name":"lms"},{"id":16,"name":"logging"},{"id":76,"name":"low-code"},{"id":90,"name":"message-queue"},{"id":42,"name":"mobile-app"},{"id":18,"name":"monitoring"},{"id":36,"name":"networking"},{"id":7,"name":"node-version"},{"id":55,"name":"nosql"},{"id":57,"name":"observability"},{"id":46,"name":"orm"},{"id":52,"name":"os"},{"id":14,"name":"parser"},{"id":74,"name":"react"},{"id":82,"name":"real-time"},{"id":56,"name":"robot"},{"id":65,"name":"runtime"},{"id":32,"name":"sdk"},{"id":71,"name":"search"},{"id":63,"name":"secrets"},{"id":25,"name":"security"},{"id":85,"name":"server"},{"id":86,"name":"serverless"},{"id":70,"name":"storage"},{"id":75,"name":"system-design"},{"id":79,"name":"terminal"},{"id":29,"name":"testing"},{"id":12,"name":"ui"},{"id":50,"name":"ux"},{"id":88,"name":"video"},{"id":20,"name":"web-app"},{"id":35,"name":"web-server"},{"id":43,"name":"webassembly"},{"id":69,"name":"workflow"},{"id":87,"name":"yaml"}]" returns me the "expected json"