Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Dheerajmadhukar/Lilly
Tool to find the real IP behind CDNs/WAFs like cloudflare using passive recon by retrieving the favicon hash. For the same hash value, all the possible IPs, PORTs and SSL/TLS Certs are searched to validate the target in-scope.
https://github.com/Dheerajmadhukar/Lilly
Last synced: 21 days ago
JSON representation
Tool to find the real IP behind CDNs/WAFs like cloudflare using passive recon by retrieving the favicon hash. For the same hash value, all the possible IPs, PORTs and SSL/TLS Certs are searched to validate the target in-scope.
- Host: GitHub
- URL: https://github.com/Dheerajmadhukar/Lilly
- Owner: Dheerajmadhukar
- License: mit
- Created: 2020-12-28T14:08:37.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2021-01-06T17:14:40.000Z (almost 4 years ago)
- Last Synced: 2024-11-19T14:32:46.672Z (23 days ago)
- Language: Shell
- Size: 36.1 KB
- Stars: 175
- Watchers: 9
- Forks: 35
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - Dheerajmadhukar/Lilly - Tool to find the real IP behind CDNs/WAFs like cloudflare using passive recon by retrieving the favicon hash. For the same hash value, all the possible IPs, PORTs and SSL/TLS Certs are searched to val (Shell)
README
Last updated on 2020/12/29
## Introduction
**Lilly**
Tool to find the real IP behind CDNs/WAFs like cloudflare using passive recon by retrieving the favicon hash. For the same hash value, all the possible IPs, PORTs and SSL/TLS Certs are searched to validate the target in-scope.## Usage
```
root@me_dheeraj:$ bash lilly.sh
[-] Argument: -d/--domain target.com -a/--api RequiredUsage: ./lilly.sh -d/--domain target.com -a/--api premium_api
Output will be saved in output/target.com-YYYY-MM-DD directory
```
##### Prerequisites
- python3
- jq
- pip3 install shodan
- pip3 install mmh3
- Shodan Member Account & API
- httpx [@pdiscoveryio](https://github.com/projectdiscovery/httpx)
- Multi-Threading interlace - [@codingo](https://github.com/codingo/Interlace)## Tool of the week
https://blog.intigriti.com/2021/01/06/bug-bytes-104-cache-poisoning-dos-burp-themes-a-couple-of-facebook-account-takeovers/