How to Find origin servers of websites behind by CloudFlare using Internet-wide scan data from Censys
CloudFlair is a tool to find origin servers of websites protected by CloudFlare who are publicly exposed and don't restrict network access to the CloudFlare IP ranges as they should.
The tool uses Internet-wide scan data from Censys to find exposed IPv4 hosts presenting an SSL certificate associated with the target's domain name.
1) Register an account (free) on https://censys.io/register
2) Browse to https://censys.io/account/api, and set two environment variables with your API ID and API secret
3) export CENSYS_API_ID=...
4) export CENSYS_API_SECRET=...
5) Clone the repository
git clone https://github.com/christophetd/cloudflair.git
cd cloudflair
pip install -r requirements.txt
Run CloudFlair (see Usage below for more detail)
python cloudflair.py myvulnerable.site
Then
python cloudflair.py --help
usage: cloudflair.py [-h] [-o OUTPUT_FILE] [--censys-api-id CENSYS_API_ID]
[--censys-api-secret CENSYS_API_SECRET]
domain
Docker image
A lightweight Docker image of CloudFlair (christophetd/cloudflair) is provided. A scan can easily be instantiated using the following command.
1) docker run --rm -e CENSYS_API_ID=your-id -e CENSYS_API_SECRET=your-secret christophetd/cloudflair myvulnerable.site
2) You can also create a file containing the definition of the environment variables, and use the Docker--env-file option.
cat censys.env
CENSYS_API_ID=your-id
CENSYS_API_SECRET=your-secret
docker run --rm --env-file=censys.env christophetd/cloudflair myvulnerable.site
Follow us for more...
No comments:
Post a Comment