Future plans - nccgroup/IP-reputation-snort-rule-generator GitHub Wiki

Support for malicious URLs is coming. It will likely look something like this...

	...
	print "alert ip any any <> $ip any (msg:\"Traffic to known bad IP ($ip)\"; $ref sid:$sid; rev:0;)\n";
	$sid++;
# new code starts here
} elsif ((my $url1, my $url2) = ($line =~ m/($domain_regex)(?::\d+)?(\/.*)/)) {
	print "alert tcp any any -> any \$HTTP_PORTS (msg:\"Suspicious URL - $line\"; $ref content:\"GET\"; http_method; content:\"$url2\"; http_uri; content:\"Host|3A 20|$url1\"; http_header; sid:$sid; rev:0;)\n";
	$sid++;
# new code ends here
} elsif ($line =~ m/(?:\*\.)?($domain_regex)/) {
	...
Add a custom footer
⚠️ **GitHub.com Fallback** ⚠️