CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by Cloudflare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases.
- Misconfigured DNS scan using DNSDumpster.com.
- Scan the Crimeflare.com database.
- Bruteforce scan over 2500 subdomains.
Install on Kali/Debian
First we need to install pip3 for python3 dependencies:
$ sudo apt-get install python3-pip
Then we can run through dependency checks:
$ pip3 install -r requirements.txt
If this fails because of missing setuptools, do this:
sudo apt-get install python3-setuptools
To run a scan against a target:
python3 cloudfail.py --target seo.com
To run a scan against a target using Tor:
service tor start
(or if you are using Windows or Mac install vidalia or just run the Tor browser)
python3 cloudfail.py --target seo.com --tor
Please make sure you are running with Python3 and not Python2.*.