Blackweb is a project that collects and unifies public blacklists of domains (porn, downloads, drugs, malware, spyware, trackers, bots, social networks, warez, arms sales, etc.) to make them compatible with Squid
Blackweb es un proyecto que recopila y unifica listas negras públicas de dominios (porno, descargas, drogas, malware, spyware, trackers, bots, redes sociales, warez, venta de armas, etc) para hacerlas compatibles con Squid
| lst | Black Domains | txt | tar.gz | Squid Tested |
|---|---|---|---|---|
| blackweb.txt | 3.324.521 | 75.8 MB | 15 MB | v3.5.x |
git subversion squid bash tar zip wget piconv curl python idn2 xargs awk notify-send
git clone --depth=1 https://github.com/maravento/blackweb.git
blackweb.txt is already optimized. Download it and unzip it in the path of your preference and activate Squid RULE / blackweb.txt ya viene optimizada. Descárguela y descomprimala en la ruta de su preferencia y active la REGLA de Squid
wget -q -N https://raw.githubusercontent.com/maravento/blackweb/master/blackweb.tar.gz && cat blackweb.tar.gz* | tar xzf -
wget -q -N https://raw.githubusercontent.com/maravento/blackweb/master/checksum.md5
md5sum blackweb.txt | awk '{print $1}' && cat checksum.md5 | awk '{print $1}'
Squid-Cache Rule
Edit: / Edite:
/etc/squid/squid.conf
And add the following lines: / Y agregue las siguientes líneas:
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
acl blackweb dstdomain -i "/path_to_lst/blackweb.txt"
http_access deny blackweb
Squid-Cache Advanced Rules
Blackweb contains millions of domains, therefore it is recommended: / Blackweb contiene millones de dominios, por tanto se recomienda:
- Use
whitedomains.txtto exclude domains (e.g.: accounts.youtube.com since Feb 2014, Google uses the subdomain accounts.youtube.com to authenticate its services) or false positives / Usarwhitedomains.txtpara excluir dominios (ejemplo: accounts.youtube.com desde Feb 2014, Google utiliza el subdominio accounts.youtube.com para autenticar sus servicios) o falsos positivos - Use blackdomains.txt to add domains not included in
blackweb.txt(e.g.: .youtube.com .googlevideo.com, .ytimg.com, etc) / Usarblackdomains.txtpara agregar dominios no incluidos enblackweb.txt(ejemplo: .youtube.com .googlevideo.com, .ytimg.com, etc.)
acl whitedomains dstdomain -i "/path_to_lst/whitedomains.txt"
acl blackdomains dstdomain -i "/path_to_lst/blackdomains.txt"
acl blackweb dstdomain -i "/path_to_lst/blackweb.txt"
http_access allow whitedomains
http_access deny blackdomains
http_access deny blackweb
Update and debugging of blackweb.txt can take and consume many hardware resources and bandwidth. It is not recommended to run it on production equipment / La actualización y depuración de blackweb.txt puede tardar y consumir muchos recursos de hardware y ancho de banda. No se recomienda ejecutarla en equipos en producción
The update process of
blackweb.txtconsists of several steps and is executed in sequence by the scriptbwupdate.sh/ El proceso de actualización deblackweb.txtconsta de varios pasos y es ejecutado en secuencia por el scriptbwupdate.sh
wget -q -N https://raw.githubusercontent.com/maravento/blackweb/master/bwupdate/bwupdate.sh && chmod +x bwupdate.sh && ./bwupdate.sh
To guarantee update execution, before starting, script check bandwidth (with Speedtest). If it is > 1 Mbit/s, update continues; else, it shows warning messages and it is recommended to interrupt update / Para garantizar la ejecución de la actualización, antes de comenzar, el script verifica el acho de banda (con Speedtest). Si es > 1 Mbit/s, la actualización continúa; de lo contrario, muestra mensajes de advertencia y se recomienda interrumpir la actualización
Capture domains from downloaded public blacklists (see SOURCES) and unifies them in a single file / Captura los dominios de las listas negras públicas descargadas (ver FUENTES) y las unifica en un solo archivo
Remove overlapping domains (
'.sub.example.com' is a subdomain of '.example.com'), does homologation to Squid format and excludes false positives (google, hotmail, yahoo, etc.) with a whitelist (whiteurls.txt) / Elimina dominios superpuestos ('.sub.example.com' es un dominio de '.example.com'), hace la homologación al formato de Squid y excluye falsos positivos (google, hotmail, yahoo, etc.) con una lista blanca (whiteurls.txt)
com
.com
.domain.com
domain.com
0.0.0.0 domain.com
127.0.0.1 domain.com
::1 domain.com
domain.com.co
foo.bar.subdomain.domain.com
.subdomain.domain.com.co
www.domain.com
www.foo.bar.subdomain.domain.com
domain.co.uk
xxx.foo.bar.subdomain.domain.co.uk
outfile:
.domain.com
.domain.com.co
.domain.co.uk
Remove domains with invalid TLDs (with a list of Public and Private Suffix TLDs: ccTLD, ccSLD, sTLD, uTLD, gSLD, gTLD, eTLD, etc., up to 4th level 4LDs) / Elimina dominios con TLD inválidos (con una lista de TLDs Public and Private Suffix: ccTLD, ccSLD, sTLD, uTLD, gSLD, gTLD, eTLD, etc., hasta 4to nivel 4LDs)
domain.exe
domain.com
outfile:
.domain.com
Remove hostnames larger than 63 characters (RFC 1035) and other characters inadmissible by IDN and convert domains with international characters (not ASCII) and used for homologous attacks to Punycode/IDNA format / Elimina hostnames mayores a 63 caracteres (RFC 1035) y otros caracteres inadmisibles por IDN y convierte dominios con caracteres internacionales (no ASCII) y usados para ataques homográficos al formato Punycode/IDNA
президент.рф
mañana.com
bücher.com
café.fr
köln-düsseldorfer-rhein-main.de
mūsųlaikas.lt
sendesık.com
outfile:
xn--d1abbgf6aiiy.xn--p1ai
xn--maana-pta.com
xn--bcher-kva.com
xn--caf-dma.fr
xn--kln-dsseldorfer-rhein-main-cvc6o.de
xn--mslaikas-qzb5f.lt
xn--sendesk-wfb.com
Most of the SOURCES contain millions of invalid and nonexistent domains (see internet live stats). Then, each domain is verified via DNS and invalid and nonexistent are excluded from Blackweb (sent to
fault.txt). This process may take. By default it processes domains in parallel ≈ 6k to 12k x min, depending on the hardware and bandwidth / La mayoría de las FUENTES contienen millones de dominios inválidos e inexistentes (vea internet live stats). Entonces se verifica cada dominio vía DNS y los inválidos e inexistentes se excluyen de Blackweb (enviados afault.txt). Este proceso puede tardar. Por defecto procesa en paralelo dominios ≈ 6k a 12k x min, en dependencia del hardware y ancho de banda
HIT google.com
FAULT testfaultdomain.com
Add Black TLDs to block any domain that contains one. Edit
blacktlds.txtand add or remove the TLDs you want to block / Agrega Black TLDs para bloquear cualquier dominio que contenga alguno. Editeblacktlds.txty agrege o elimine los TLDs que quiera bloquear
.adult
.porn
.xxx
.domain.adult
.domain.porn
.subdomain.domain.xxx
.domain.com
outfile:
.adult
.porn
.xxx
.domain.com
Run Squid with Blackweb and any error sends it to
SquidError.txton your desktop / Corre Squid con Blackweb y cualquier error lo envía aSquidError.txten su escritorio
Blackweb: Done 06/05/2019 15:47:14
- The default path of blackweb is
/etc/acl. You can change it for your preference / El path por default de blackweb es/etc/acl. Puede cambiarlo por el de su preferencia bwupdate.shincludes lists of domains related to cloud/sync (Mega, Dropbox, Pcloud, iCloud, etc), remote support (Teamviewer, Anydesk, logmein, etc) and telemetry (May contain false positives). They are commented by default (unless their domains are in the SOURCES). To block or exclude them you must activate the corresponding line in the script (# JOIN LIST), although is not recommended to avoid conflicts or false positives /bwupdate.shincluye listas de dominios relacionados con cloud/sync (Mega, Dropbox, Pcloud, iCloud, etc), soporte remoto (Teamviewer, Anydesk, logmein, etc) y telemetría (Puede contener falsos positivos). Están comentadas por defecto (excepto que sus dominios estén en las FUENTES). Para bloquearlas o excluirlas debe activar la línea correspondiente en el script (# JOIN LIST), aunque no se recomienda para evitar conflictos o falsos positivos
- 280blocker
- ABPindo indonesianadblockrules
- Adaway
- adblockplus malwaredomains_full
- Anti-WebMiner
- anudeepND Blacklist (included: coinminer, adservers)
- BambenekConsulting
- betterwebleon dga-feed
- BlackJack8 iOSAdblockList (included: iOSAdblockList and Scam Websites, Crypto Miners and Fake new
- Capitole - Direction du Système d'Information (DSI)
- Carl Spam
- cedia.org.ec (included: domains, immortal_domains)
- chadmayfield (included: porn_all, porn top)
- CHEF-KOCH BarbBlock-filter-list
- Cibercrime-Tracker
- cobaltdisco Google-Chinese-Results-Blocklist
- crazy-max WindowsSpyBlocker
- Dawsey21 List
- Disconnect.me (included: simple_ad, simple_malvertising, simple_tracking)
- dshield.org (included: Low, Medium, High)
- ethanr dns-blacklists
- firebog.net (included: AdguardDNS, Airelle-hrsk, Airelle-trc, BillStearns, Easylist, Easyprivacy, Kowabit, Prigent-Ads, Prigent-Malware, Prigent-Phishing, Shalla-mal, WaLLy3K)
- gfmaster adblock-korea
- Halt-and-Block-Mining
- hBlock
- hexxium
- hostsfile.mine.nu
- hosts-file.net (included: ad_servers, emd, grm, hosts, psh)
- Joelotz URL Blacklist
- Joewein Blacklist
- KADhosts
- malc0de
- Malwaredomainlist Hosts
- Malware Domains Blacklist
- margevicius easylistlithuania
- Matomo-org referrer-spam-blacklist
- MESD blacklists
- mitchellkrogza (included: Badd-Boyz-Hosts, Hacked Malware Web Sites, Nginx Ultimate Bad Bot Blocker, The Big List of Hacked Malware Web Sites, Ultimate Hosts Blacklist)
- MobileAdTrackers
- Netlab360 DGA Domains
- Neohost
- notabug latvian-list
- Oleksiig Blacklist
- openphish
- Perflyst (included: android-tracking, SmartTV)
- Peter Lowe’s Ad and tracking server list
- Quedlin blacklist
- quidsup (included: notrack-blocklists, notrack-malware, trackers, qmalware)
- Ransomware Abuse (included: CryptoWall, Locky, Domain Blocklist, Ransomware Abuse ,URL Blocklist ,TorrentLocker)
- Ransomware Database
- reddestdream
- securemecca.net and hostsfile.org
- Shallalist.de
- Someonewhocares
- squidblacklist.org (included: dg-ads, dg-malicious.acl)
- StevenBlack (included: add.2o7Net, add.Risk, fakenews-gambling-porn-social, hosts, spam, uncheckyAds)
- Stopforumspam Toxic Domains
- tankmohit UnifiedHosts
- Taz SpamDomains
- txthinking blacklist
- vokins yhosts
- Winhelp2002
- YousList
- zerodot1 CoinBlockerLists (included: Host, host_browser, host_optional, list, list_browser, list_browser_UBO)
- Zeustracker
- Passwall SpamAssassin (Server Down. Last Updated Known Dec, 2016. Added to:
oldurls.txt) - UrlBlacklist (Server Down. Last Updated Known Jul 24, 2017. Added to:
oldurls.txt)
- O365IPAddresses (No longer support. See This post)
- OSINT Framework. Domain Name/Domain Blacklists/Blackweb
- Wikipedia. Blacklist_(computing)
- Zeltser. Free Blocklists of Suspected Malicious IPs and URLs
- Segu-Info. Análisis de malware y sitios web en tiempo real
- Awesome Open Source. WindowsSpyBlocker
- covert.io. Getting Started with DGA Domain Detection Research
- Keystone Solutions. blocklists
- Secrepo. Samples of Security Related Data
- Soficas. CiberSeguridad - Protección Activa
- Xploitlab. Projects using WindowsSpyBlocker
We thank all those who have contributed to this project. Those interested can contribute, sending us links of new lists, to be included in this project / Agradecemos a todos aquellos que han contribuido a este proyecto. Los interesados pueden contribuir, enviándonos enlaces de nuevas listas, para ser incluidas en este proyecto
Special thanks to: Jhonatan Sneider
BTC: 3M84UKpz8AwwPADiYGQjT9spPKCvbqm4Bc
© 2019 Maravento Studio
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent