Last active
August 29, 2015 14:16
-
-
Save ahhh/30ea80b58da73566b99d to your computer and use it in GitHub Desktop.
web.config for tricking VT total to give legitimate URL scan results
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <configuration> | |
| <system.webServer> | |
| <security> | |
| <requestFiltering> | |
| <filteringRules> | |
| <!-- Rule for tricking VirusTotal URL scans --> | |
| <filteringRule name="user agent deny" scanUrl="false" scanQueryString="false"> | |
| <scanHeaders> | |
| <!-- apply rule to user-agent header --> | |
| <add requestHeader="user-agent" /> | |
| </scanHeaders> | |
| <appliesTo> | |
| <clear /> | |
| <!-- only apply rule to executable files --> | |
| <add fileExtension=".exe" /> | |
| </appliesTo> | |
| <denyStrings> | |
| <clear /> | |
| <!-- block the VT-cloud / google bot --> | |
| <add string="virustotalcloud" /> | |
| <!-- block the .NET scanners --> | |
| <add string=".NET" /> | |
| <!-- block Android scanners --> | |
| <add string="Android" /> | |
| <!-- block Linux scanners --> | |
| <add string="linux" /> | |
| <!-- block scanners using Secruity Version 1 --> | |
| <add string="SV1" /> | |
| <!-- block Yahoo Slurp --> | |
| <add string="Yahoo" /> | |
| </denyStrings> | |
| </filteringRule> | |
| </filteringRules> | |
| </requestFiltering> | |
| </security> | |
| </system.webServer> | |
| </configuration> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment