Eli Grey


We are announcing Zerodrop, an open-source stealth URL toolkit optimized for bypassing censorship filters and dropping malware. Zerodrop is written in Go and features a powerful web UI that supports geofencing, datacenter IP filtering, blacklist training, manual blacklisting/whitelisting, and advanced payload configuration!

Zerodrop can help you elude the detection of the automatic URL scanners used on popular social media platforms. You can easily blacklist traffic from the datacenters and public Tor exit nodes commonly used by URL scanners. For scanners not included in our default blacklists, you can activate blacklist training mode to automatically log the IP addresses of subsequent requests to a blacklist.

When used for anti-forensic malware distribution, Zerodrop is most effective paired with a server-side compromise of a popular trusted domain. This further complicates incident analysis and breach detection.

Live demo

A live demo is available at dangerous.link. Please keep your usage legal. Infrastructural self-destruct has been disabled for the demo. To prevent automated abuse, users may be required to complete CAPTCHA challenges in order to create new entries.

Zerodrop geofencing & blacklist training


Entries may expire after reaching an optional request limit. After an entry expires, all requests to the entry trigger the denial condition resulting in 404 or a redirect.

Blacklisting, whitelisting, and geofencing

We support gitignore-style blacklists processed line-by-line top to bottom. Blacklists consist of whitelist inversions, IP address ranges, geofences, and ipcat queries, interspersed with comments. We added IPv6 support to ipcat to make it datacenter traffic detection more reliable.

Geofencing is implemented using MaxMind’s GeoIP databases and configured inside an entry’s blacklist and whitelist. Geofencing entries are specified in the form @ lat, long (radius) for blacklisting and the inverted form !@ lat, long (radius) for whitelisting. Currently we only support radial geofences. A graphical geofencing UI is planned for a future release.

Traffic from datacenters and public Tor exit nodes is blocked using a new version of ipcat, which now includes IPv6 support. The syntax to block each is db datacenters and db tor.

Redirects to other Zerodrop payloads may optionally be specified in the “Redirect On Deny” field under the blacklist. Payloads can be redirects, proxies, uploaded files, or plain text with a MIME media type.

Example blacklist

The following example blacklist blocks datacenters, public tor exit nodes, and everyone outside of San Francisco.

# Blacklist all
# Whitelist San Francisco
!@ 37.7749, -122.4194 (24140m)
# Blacklist datacenters
db datacenters
# Blacklist public Tor exit nodes
db tor


This tool is useful for evading automatic censorship filters in use on popular social media websites. With blacklist training and ipcat, it’s very easy to build up a blacklist to block these filters and continue to share content that would otherwise be automatically censored on most sites. Zerodrop also includes CloudFlare integration to help hide the IP address of your server and avoid further blacklisting from censorship filters.


Complete infrastructure self-destruct can be triggered with blacklist redirects to the “💣” internal identifier. When triggered, Zerodrop will attempt to delete all traces of itself from the host system. External navigation to “/💣” will not trigger self-destruct.

Example usage of Zerodrop’s self-destruct functionality

What’s next?

There are many areas where the current release of Zerodrop can be improved. Over the coming months we hope to implement some of the following changes. This is an open source project, so feel free to contribute yourself by reporting issues and submitting pull requests.

Blacklist groups & machine learning

Blacklists will get an improved UI and reusable blacklist groups. Currently you must copy and paste blacklists and whitelists to copy list information into new entries. We can also improve training mechanisms with paid IP address services and machine learning techniques.

Geofencing improvements

In addition to the currently-support radial geofences, we plan to implement polygonal geofencing and a graphical geofence creation widget for the new entry UI. It will probably be based off Google Maps and require an API key for deployment. For now, the text-based blacklist should be just as powerful albeit less visually accessible.

Leave a Reply