HOW TO FIND ORIGIN SERVERS OF WEBSITES BEHIND BY CLOUDFLARE USING INTERNET-WIDE SCAN DATA FROM CENSYS

 


How to Find origin servers of websites behind by CloudFlare using Internet-wide scan data from Censys


CloudFlair is a tool to find origin servers of websites protected by CloudFlare who are publicly exposed and don't restrict network access to the CloudFlare IP ranges as they should.


The tool uses Internet-wide scan data from Censys to find exposed IPv4 hosts presenting an SSL certificate associated with the target's domain name.


1) Register an account (free) on https://censys.io/register


2) Browse to https://censys.io/account/api, and set two environment variables with your API ID and API secret


3)  export CENSYS_API_ID=...


4)  export CENSYS_API_SECRET=...


5) Clone the repository

git clone https://github.com/christophetd/cloudflair.git


cd cloudflair


pip install -r requirements.txt


Run CloudFlair (see Usage below for more detail)


python cloudflair.py myvulnerable.site


Then 


python cloudflair.py --help


usage: cloudflair.py [-h] [-o OUTPUT_FILE] [--censys-api-id CENSYS_API_ID]

                     [--censys-api-secret CENSYS_API_SECRET]

                     domain


Docker image


A lightweight Docker image of CloudFlair (christophetd/cloudflair) is provided. A scan can easily be instantiated using the following command.


1) docker run --rm -e CENSYS_API_ID=your-id -e CENSYS_API_SECRET=your-secret christophetd/cloudflair myvulnerable.site 


2) You can also create a file containing the definition of the environment variables, and use the Docker--env-file option.


cat censys.env 

CENSYS_API_ID=your-id

CENSYS_API_SECRET=your-secret


docker run --rm --env-file=censys.env christophetd/cloudflair myvulnerable.site








Follow us for more... 

No comments:

Post a Comment

What is Prototype content functions in JavaScript Framework Programming.mp4

  Download now Enjoy! Follow us for more...