All Projects â†’ christophetd â†’ Cloudflair

christophetd / Cloudflair

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

Programming Languages

94365 projects - #7 most used programming language

Projects that are alternatives of or similar to Cloudflair

C2/post-exploitation framework
Stars: ✭ 544 (-53.74%)
Mutual labels:  pentest, pentest-tool
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (-34.1%)
Mutual labels:  pentest, pentest-tool
Yuki Chan The Auto Pentest
Automate Pentest Tool
Stars: ✭ 556 (-52.72%)
Mutual labels:  pentest, pentest-tool
Fast directory scanning and scraping tool
Stars: ✭ 468 (-60.2%)
Mutual labels:  pentest, pentest-tool
ODAT: Oracle Database Attacking Tool
Stars: ✭ 906 (-22.96%)
Mutual labels:  pentest, pentest-tool
Thc Archive
All releases of the security research group (a.k.a. hackers) The Hacker's Choice
Stars: ✭ 474 (-59.69%)
Mutual labels:  pentest, pentest-tool
Hacking Toolkit
Stars: ✭ 635 (-46%)
Mutual labels:  pentest, pentest-tool
Extract subdomains from SSL certificates in HTTPS sites.
Stars: ✭ 320 (-72.79%)
Mutual labels:  pentest, pentest-tool
Cve 2016 8610 Poc
CVE-2016-8610 (SSL Death Alert) PoC
Stars: ✭ 26 (-97.79%)
Mutual labels:  pentest, pentest-tool
pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
Stars: ✭ 904 (-23.13%)
Mutual labels:  pentest, pentest-tool
JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
Stars: ✭ 450 (-61.73%)
Mutual labels:  pentest, pentest-tool
Sudo killer
A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
Stars: ✭ 1,073 (-8.76%)
Mutual labels:  pentest, pentest-tool
Open Redirect Payloads
Open Redirect Payloads
Stars: ✭ 361 (-69.3%)
Mutual labels:  pentest, pentest-tool
Thc Hydra
Stars: ✭ 5,645 (+380.02%)
Mutual labels:  pentest, pentest-tool
A tool to automate penetration tests
Stars: ✭ 322 (-72.62%)
Mutual labels:  pentest, pentest-tool
MSDAT: Microsoft SQL Database Attacking Tool
Stars: ✭ 621 (-47.19%)
Mutual labels:  pentest, pentest-tool
Subdomain enumeration through various techniques
Stars: ✭ 265 (-77.47%)
Mutual labels:  pentest, pentest-tool
Stars: ✭ 309 (-73.72%)
Mutual labels:  pentest, pentest-tool
个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Stars: ✭ 776 (-34.01%)
Mutual labels:  pentest, pentest-tool
Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC
Stars: ✭ 39 (-96.68%)
Mutual labels:  pentest, pentest-tool


CloudFlair is a tool to find origin servers of websites protected by CloudFlare who are publicly exposed and don't restrict network access to the CloudFlare IP ranges as they should.

The tool uses Internet-wide scan data from Censys to find exposed IPv4 hosts presenting an SSL certificate associated with the target's domain name.

For more detail about this common misconfiguration and how CloudFlair works, refer to the companion blog post at

Here's what CloudFlair looks like in action.

$ python

[*] The target appears to be behind CloudFlare.
[*] Looking for certificates matching "" using Censys
[*] 75 certificates matching "" found.
[*] Looking for IPv4 hosts presenting these certificates...
[*] 10 IPv4 hosts presenting a certificate issued to "" were found.

[*] Retrieving target homepage at

[*] Testing candidate origin servers
        responded with an unexpected HTTP status code 404
        timed out after 3 seconds

[*] Found 2 likely origin servers of!
  - (HTML content identical to
  - (HTML content identical to

(The IP addresses in this example have been obfuscated and replaced by randomly generated IPs)


  1. Register an account (free) on
  2. Browse to, and set two environment variables with your API ID and API secret
$ export CENSYS_API_ID=...
$ export CENSYS_API_SECRET=...
  1. Clone the repository
$ git clone
  1. Install the dependencies
$ cd cloudflair
$ pip install -r requirements.txt
  1. Run CloudFlair (see Usage below for more detail)
$ python


$ python --help

usage: [-h] [-o OUTPUT_FILE] [--censys-api-id CENSYS_API_ID]
                     [--censys-api-secret CENSYS_API_SECRET]

positional arguments:
  domain                The domain to scan

optional arguments:
  -h, --help            show this help message and exit
                        A file to output likely origin servers to (default:
  --censys-api-id CENSYS_API_ID
                        Censys API ID. Can also be defined using the
                        CENSYS_API_ID environment variable (default: None)
  --censys-api-secret CENSYS_API_SECRET
                        Censys API secret. Can also be defined using the
                        CENSYS_API_SECRET environment variable (default: None)

Docker image

A lightweight Docker image of CloudFlair (christophetd/cloudflair) is provided. A scan can easily be instantiated using the following command.

$ docker run --rm -e CENSYS_API_ID=your-id -e CENSYS_API_SECRET=your-secret christophetd/cloudflair 

You can also create a file containing the definition of the environment variables, and use the Docker--env-file option.

$ cat censys.env 

$ docker run --rm --env-file=censys.env christophetd/cloudflair


Tested on Python 2.7 and 3.5. Feel free to open an issue if you have bug reports or questions.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected]