GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → m0rtem → Cloudfail

m0rtem / Cloudfail

Licence: mit
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

Programming Languages

python
139335 projects - #7 most used programming language
python3
1442 projects

Labels

databasepentestingscannerpentesttorcloudflarereconbruteforceip

Projects that are alternatives of or similar to Cloudfail

Docker Onion Nmap
Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.
Stars: ✭ 345 (-72.15%)
Mutual labels:  tor, pentesting, scanner, recon
Whatweb
Next generation web scanner
Stars: ✭ 3,503 (+182.73%)
Mutual labels:  pentesting, scanner, pentest, recon
Dictionary Of Pentesting
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Stars: ✭ 492 (-60.29%)
Mutual labels:  database, pentesting, pentest, bruteforce
Sifter
Sifter aims to be a fully loaded Op Centre for Pentesters
Stars: ✭ 403 (-67.47%)
Mutual labels:  pentesting, scanner, pentest, recon
Vajra
Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
Stars: ✭ 269 (-78.29%)
Mutual labels:  pentesting, scanner, recon
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-88.54%)
Mutual labels:  scanner, recon, pentest
V3n0m Scanner
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (-31.64%)
Mutual labels:  cloudflare, pentesting, scanner
Snoop
Snoop — инструмент разведки на основе открытых данных (OSINT world)
Stars: ✭ 886 (-28.49%)
Mutual labels:  ip, scanner, pentest
Intrec Pack
Intelligence and Reconnaissance Package/Bundle installer.
Stars: ✭ 177 (-85.71%)
Mutual labels:  pentesting, pentest, recon
K8tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
Stars: ✭ 4,173 (+236.8%)
Mutual labels:  database, scanner, pentest
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (-21.39%)
Mutual labels:  scanner, pentest, recon
sx
🖖 Fast, modern, easy-to-use network scanner
Stars: ✭ 1,267 (+2.26%)
Mutual labels:  scanner, recon, pentest
Thc Hydra
hydra
Stars: ✭ 5,645 (+355.61%)
Mutual labels:  pentesting, pentest, bruteforce
Opendoor
OWASP WEB Directory Scanner
Stars: ✭ 586 (-52.7%)
Mutual labels:  scanner, pentest, bruteforce
Cloud Buster
A Cloudflare resolver that works
Stars: ✭ 128 (-89.67%)
Mutual labels:  cloudflare, pentesting, pentest
Blazy
Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .
Stars: ✭ 637 (-48.59%)
Mutual labels:  cloudflare, scanner, bruteforce
Oscp Prep
my oscp prep collection
Stars: ✭ 105 (-91.53%)
Mutual labels:  pentesting, scanner, recon
Pidrila
Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
Stars: ✭ 125 (-89.91%)
Mutual labels:  pentesting, scanner, pentest
Hosthunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (-65.54%)
Mutual labels:  ip, pentesting, recon
Reconspider
🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
Stars: ✭ 621 (-49.88%)
Mutual labels:  scanner, pentest, recon
View All Similar Projects ➔

CloudFail

CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by Cloudflare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases.

  1. Misconfigured DNS scan using DNSDumpster.com.
  2. Scan the Crimeflare.com database.
  3. Bruteforce scan over 2500 subdomains.

Example usage

Please feel free to contribute to this project. If you have an idea or improvement issue a pull request!

Disclaimer

This tool is a PoC (Proof of Concept) and does not guarantee results. It is possible to setup Cloudflare properly so that the IP is never released or logged anywhere; this is not often the case and hence why this tool exists. This tool is only for academic purposes and testing under controlled environments. Do not use without obtaining proper authorization from the network owner of the network under testing. The author bears no responsibility for any misuse of the tool.

Install on Kali/Debian

First we need to install pip3 for python3 dependencies:

$ sudo apt-get install python3-pip

Then we can run through dependency checks:

$ pip3 install -r requirements.txt

If this fails because of missing setuptools, do this:

sudo apt-get install python3-setuptools

Usage

To run a scan against a target:

python3 cloudfail.py --target seo.com

To run a scan against a target using Tor:

service tor start

(or if you are using Windows or Mac install vidalia or just run the Tor browser)

python3 cloudfail.py --target seo.com --tor

Please make sure you are running with Python3 and not Python2.*.

Dependencies

Python3

  • argparse
  • colorama
  • socket
  • binascii
  • datetime
  • requests
  • win_inet_pton
  • dnspython

Donate BTC

13eiCHxmAEaRZDXcgKJVtVnCKK5mTR1u1F

Buy me a beer or coffee... or both! If you donate send me a message and I will add you to the credits! Thank YOU!

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].