# Install bounceback with Homebrew

Stealth redirector for red team operation security. Version 1.5.3 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:bounceback
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install bounceback
```

  Evidence: local Homebrew formula metadata

## Package facts

- **Package key:** brew:bounceback
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/bounceback>
- **Version:** 1.5.3
- **Source summary:** Stealth redirector for red team operation security
- **Homepage:** <https://github.com/D00Movenok/BounceBack>
- **Repository:** <https://github.com/D00Movenok/BounceBack>
- **Upstream docs:** <https://github.com/D00Movenok/BounceBack#readme>
- **License:** MIT
- **Source archive:** <https://github.com/D00Movenok/BounceBack/archive/refs/tags/v1.5.3.tar.gz>
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- bounceback (cli)
- bounceback (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Service: declared
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.5.3
- Local data: ok
- Upstream repository: https://github.com/D00Movenok/BounceBack
- Upstream latest detected: v1.5.3 (current)
- info: No package-manager update timestamp was available.
## Project history and usage

BounceBack is a Go-based red-team redirector and reverse proxy for hiding command-and-control, phishing, or other operation infrastructure from scanners and unwanted visitors.

### Project history

The public repository was created in May 2023. Its README describes BounceBack as a highly customizable reverse proxy with WAF-like filtering, real-time traffic analysis, IP and geolocation rules, domain fronting support, Malleable C2 profile validation, and multiple proxy protocols.

The first GitHub release line began with v1.0.0 in July 2023, followed by 1.4 and 1.5 releases through 2026.

### Adoption history

BounceBack appears to be a niche security-operations package rather than a broad platform dependency. Its Homebrew formula gives it a package-manager entry point, while the upstream README directs users to download release archives, edit `config.yml`, and run the `bounceback` binary.

Repository metadata shows meaningful interest for a specialized red-team tool, but its adoption story is still mostly upstream GitHub releases plus the Homebrew package.

### How it is used

Operators configure rules, proxies, and globals in `config.yml`, optionally refresh bundled banned-IP data, and run `bounceback` with a config and log path. The tool supports HTTP(S), DNS, raw TCP, TLS-wrapped TCP, and UDP proxying with rule pipelines.

The practical use case is traffic triage: allow expected operator or target traffic through while rejecting traffic from scanners, security vendors, sandboxes, or requests that fail a configured C2 profile.

### Why package nerds care

For package nerds, BounceBack is interesting as a security tradecraft tool packaged like an ordinary CLI. It shows how red-team infrastructure utilities increasingly ship as small Go binaries with YAML config, release archives, and Homebrew distribution.

### Timeline

- 2023: Public GitHub repository created.
- 2023: v1.0.0 published on GitHub Releases.
- 2024: v1.5.0 and v1.5.1 release line continued.
- 2026: v1.5.3 published.

### Related projects

- Cobalt Strike Malleable C2 profiles are directly relevant because BounceBack validates inbound traffic against Malleable profile rules.
- Generic reverse proxies and web application firewalls are adjacent infrastructure patterns, though BounceBack applies them to red-team OPSEC.

### Sources

- <https://api.github.com/repos/D00Movenok/BounceBack>
- <https://github.com/D00Movenok/BounceBack>
- <https://github.com/D00Movenok/BounceBack/releases>
- <https://github.com/D00Movenok/BounceBack/wiki>
- <https://raw.githubusercontent.com/D00Movenok/BounceBack/main/config.yml>


## Security Notes

formula declares a Homebrew service.

- **Geiger risk:** orange / medium
- formula declares a Homebrew service


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: config.yml
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** bounceback
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [kubehound](https://www.automicvault.com/pkg/brew/kubehound/) - Shares av.db curated category or tags: cli, red-team, security.
- [red-tldr](https://www.automicvault.com/pkg/brew/red-tldr/) - Shares av.db curated category or tags: cli, red-team, security.
- [aide](https://www.automicvault.com/pkg/brew/aide/) - Shares av.db curated category or tags: cli, security.
- [aircrack-ng](https://www.automicvault.com/pkg/brew/aircrack-ng/) - Shares av.db curated category or tags: cli, security.
- [amass](https://www.automicvault.com/pkg/brew/amass/) - Shares av.db curated category or tags: cli, security.
- [anubis](https://www.automicvault.com/pkg/brew/anubis/) - Shares av.db curated category or tags: cli, security.
- [authoscope](https://www.automicvault.com/pkg/brew/authoscope/) - Shares av.db curated category or tags: cli, security.
- [azurehound](https://www.automicvault.com/pkg/brew/azurehound/) - Shares av.db curated category or tags: cli, security.
- [bandit](https://www.automicvault.com/pkg/brew/bandit/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, security.

## Combined YAML source

View the package source record on GitHub. [combined/bounceback.yml](https://github.com/automic-vault/db/blob/main/combined/bounceback.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- cross-ecosystem install command graph
