Skip to content

Instantly share code, notes, and snippets.

@ahhh
Last active August 29, 2015 14:16
Show Gist options
  • Save ahhh/30ea80b58da73566b99d to your computer and use it in GitHub Desktop.
Save ahhh/30ea80b58da73566b99d to your computer and use it in GitHub Desktop.
web.config for tricking VT total to give legitimate URL scan results
<?xml version="1.0"?>
<configuration>
<system.webServer>
<security>
<requestFiltering>
<filteringRules>
<!-- Rule for tricking VirusTotal URL scans -->
<filteringRule name="user agent deny" scanUrl="false" scanQueryString="false">
<scanHeaders>
<!-- apply rule to user-agent header -->
<add requestHeader="user-agent" />
</scanHeaders>
<appliesTo>
<clear />
<!-- only apply rule to executable files -->
<add fileExtension=".exe" />
</appliesTo>
<denyStrings>
<clear />
<!-- block the VT-cloud / google bot -->
<add string="virustotalcloud" />
<!-- block the .NET scanners -->
<add string=".NET" />
<!-- block Android scanners -->
<add string="Android" />
<!-- block Linux scanners -->
<add string="linux" />
<!-- block scanners using Secruity Version 1 -->
<add string="SV1" />
<!-- block Yahoo Slurp -->
<add string="Yahoo" />
</denyStrings>
</filteringRule>
</filteringRules>
</requestFiltering>
</security>
</system.webServer>
</configuration>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment