CloudFail – Information Gathering to Discover Identity of the Server Behind Cloudflare

CloudFail

CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by Cloudflare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases.

  1. Misconfigured DNS scan using DNSDumpster.com.
  2. Scan the Crimeflare.com database.
  3. Bruteforce scan over 2500 subdomains.

Install on Kali/Debian

First we need to install pip3 for python3 dependencies:

$ sudo apt-get install python3-pip

Then we can run through dependency checks:

$ pip3 install -r requirements.txt

If this fails because of missing setuptools, do this:

sudo apt-get install python3-setuptools

Usage

To run a scan against a target:

python3 cloudfail.py --target seo.com

To run a scan against a target using Tor:

service tor start

(or if you are using Windows or Mac install vidalia or just run the Tor browser)

python3 cloudfail.py --target seo.com --tor

Please make sure you are running with Python3 and not Python2.*.

Dependencies

Python3

  • argparse
  • colorama
  • socket
  • binascii
  • datetime
  • requests
  • win_inet_pton
  • dnspython

Download: https://github.com/m0rtem/CloudFail

Please follow and like us:

Leave a Reply

Your email address will not be published.