{"id":33245220,"url":"https://github.com/alebeta90/behindflare","last_synced_at":"2026-01-14T19:48:12.283Z","repository":{"id":57542474,"uuid":"257717377","full_name":"alebeta90/behindflare","owner":"alebeta90","description":"This tool was created as a Proof of Concept  to reveal the threats related to web service misconfiguration using CloudFlare as reverse proxy and WAF","archived":false,"fork":false,"pushed_at":"2023-02-20T19:43:42.000Z","size":11980,"stargazers_count":15,"open_issues_count":0,"forks_count":3,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-06-09T15:02:55.654Z","etag":null,"topics":["behindflare","cloudflare","go","golang","pentest-tool","pentesting"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alebeta90.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-04-21T21:14:30.000Z","updated_at":"2024-03-17T08:59:27.000Z","dependencies_parsed_at":"2024-01-29T09:19:17.789Z","dependency_job_id":"62ba3b43-480d-46ab-aa38-64145a38cb90","html_url":"https://github.com/alebeta90/behindflare","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/alebeta90/behindflare","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alebeta90%2Fbehindflare","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alebeta90%2Fbehindflare/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alebeta90%2Fbehindflare/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alebeta90%2Fbehindflare/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alebeta90","download_url":"https://codeload.github.com/alebeta90/behindflare/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alebeta90%2Fbehindflare/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28432948,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T18:57:19.464Z","status":"ssl_error","status_checked_at":"2026-01-14T18:52:48.501Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["behindflare","cloudflare","go","golang","pentest-tool","pentesting"],"created_at":"2025-11-16T21:00:32.220Z","updated_at":"2026-01-14T19:48:12.275Z","avatar_url":"https://github.com/alebeta90.png","language":"Go","readme":"# Behindflare\n\nThis tool was created as a **Proof of Concept**  to reveal the threats related to web service misconfiguration using CloudFlare as reverse proxy and WAF.\n\n## Problem\n\nMost of CloudFlare users believe, that just setting up the reverse proxy which ensures security protection, will secure their back-end servers. This group of users are not aware that the attacker can find access to the back-end servers if he finds their IP addresses. There are plenty of passive and active techniques that can lead you to get the IP address of the Web App server.\n\n## Service\n\nIf you would like to protect your servers against this kind of attack you can contact us at [Gonkar IT Security](https://gonkar.com/)  \n\n## ToDo\n\n* Azure Subnets\n* GCE Subnets\n* DO subnets\n\n# Usage\n\nClone the repository and build the Golang binary with:  \n\n`go build`\n\nYou should end up with a `behindflare` binary.  \n\n\n``` bash\n./behindflare -h\nUsage of ./behindflare:\n  -domain string\n    \tDomain target (default \"example.com\")\n  -jobs int\n    \tNumber of parallel jobs (default 20)\n  -proto string\n    \tThe protocol used by the site behind CF (default \"http\")\n  -region string\n  \tAWS region to scan (optional)\n  -subnet string\n    \tSubnet to scan (default \"192.168.0.1/24\")\n``` \n\nTo scan a subnet you can run the binary as follow:\n\n`./behindflare -proto https -domain example.com -subnet 192.168.0.1/24 -jobs 50`\n\nTo scan all the subnets in the us-east-1 region for hosts that are behind Cloudflare, run the following command:  \n\n`./behindflare -proto https -domain example.com -aws -region us-east-1 -jobs 50`\n\nYou can specify different AWS regions like `eu-central-1` for example.  \n\n# Disclaimer\n\nThis tool had been developed for research and educational purpose. Its usage for illegal actions is against creator will.\n","funding_links":[],"categories":["Pentesting"],"sub_categories":["WAFs"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falebeta90%2Fbehindflare","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falebeta90%2Fbehindflare","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falebeta90%2Fbehindflare/lists"}