Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/gwen001/cloudflare-origin-ip
Try to find the origin IP of a webapp protected by Cloudflare.
https://github.com/gwen001/cloudflare-origin-ip
bugbounty cloudflare ips pentesting python security-tools webapp
Last synced: 2 days ago
JSON representation
Try to find the origin IP of a webapp protected by Cloudflare.
- Host: GitHub
- URL: https://github.com/gwen001/cloudflare-origin-ip
- Owner: gwen001
- License: mit
- Created: 2022-11-08T22:01:39.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2024-08-08T17:28:18.000Z (5 months ago)
- Last Synced: 2024-12-15T19:08:35.221Z (9 days ago)
- Topics: bugbounty, cloudflare, ips, pentesting, python, security-tools, webapp
- Language: Python
- Homepage:
- Size: 672 KB
- Stars: 331
- Watchers: 4
- Forks: 67
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE.md
Awesome Lists containing this project
README
cloudflare-origin-ip
Try to find the origin IP of a webapp protected by Cloudflare.
---
## Description
This Python tool compares the HTTP response of the given subdomain to HTTP responses of a list of IPs addresses. This list is based on:
- subdomains supplied by the user
- subdomains found on external sources
- IPs found external sourcesThen, a score of similarity is calculated for each response using the Levenshtein algorithm.
## Install
```
git clone https://github.com/gwen001/cloudflare-origin-ip
cd cloudflare-origin-ip
pip3 install -r requirements.txt
```Depending the sources you want to use, you'll need to create environment variables:
- Censys: `CENSYS_UID` and `CENSYS_SECRET`
- SecurityTrails: `SECURITY_TRAILS_API_KEY`## Usage
```
$ python3 cloudflare-origin-ip.py
``````
usage: cloudflare-origin-ip.py [-h] [-u URL] [-s SOURCE]options:
-h, --help show this help message and exit
-u URL, --url URL url to test
-s SOURCE, --source SOURCE
datas sources separated by coma, can be: censys,crtsh,securitytrails,local fileExamples:
cloudflare-origin-ip.py -u https://xxx.xxxxxxxxxxxx.xxx
cloudflare-origin-ip.py -u https://xxx.xxxxxxxxxxxx.xxx -s censys,crtsh,securitytrails (default)
cloudflare-origin-ip.py -u https://xxx.xxxxxxxxxxxx.xxx -s /home/local/ips.txt
cloudflare-origin-ip.py -u https://xxx.xxxxxxxxxxxx.xxx -s censys,crtsh,/home/local/ips.txt,/home/local/subdomains.txt
```## How it works
1/ Performs a HTTP request to the URL provided, this is the reference request.
2/ Grabs IPs using several sources:
- censys (key required)
- crtsh
- securitytrails (key required)
- local file3/ Performs a HTTP request to all IPs grabbed with the header `Host` setted to the subdomain of the reference request.
4/ Compares the responses obtained with the response of the reference request using the `Levenshtein` algorithm.
5/ Displays a score of similarity.
---
---
Feel free to [open an issue](/../../issues/) if you have any problem with the script.