CloudFlair
☁️ Cloud Recon · Python
CloudFlair is a tool for finding origin servers of websites protected by Cloudflare, using Internet-wide scan data from Censys. When a website uses Cloudflare as a reverse proxy, the actual origin server's IP address is hidden. CloudFlair works by searching Censys for IPv4 hosts that present an SSL certificate associated with the target domain, then checks each candidate to see if it responds with the same content as the Cloudflare-protected site. This technique is effective because many administrators configure SSL certificates on their origin servers that match the domain they're protecting, but forget to restrict direct IP access. It's a valuable tool for penetration testers looking to bypass Cloudflare's WAF and DDoS protection.
Installation
from source
$ git clone https://github.com/christophetd/CloudFlair.git && cd CloudFlair && pip install -r requirements.txtUse Cases
- Finding the real IP address of Cloudflare-protected websites
- Bypassing WAF and DDoS protection by targeting origin servers directly
- Verifying that origin servers are properly locked down to Cloudflare IPs only
- Identifying SSL certificate misconfigurations that leak origin server addresses
Tags
Details
- Category
- ☁️ Cloud Recon
- Language
- Python
- Repository
- christophetd/CloudFlair
- Platforms
- 🐧linux🍎macos🪟windows
Links
Alternatives & Comparisons
Prowler
PythonCloud security assessment tool. 300+ checks for AWS, Azure, GCP, and Kubernetes against CIS benchmarks.
Compare CloudFlair vs ProwlerScoutSuite
PythonMulti-cloud security auditing tool for AWS, Azure, GCP, Alibaba Cloud, and Oracle Cloud.
Compare CloudFlair vs ScoutSuiteCloudMapper
PythonAnalyze AWS environments to create network diagrams and identify security risks.
Compare CloudFlair vs CloudMapperCloudBrute
GoCloud infrastructure enumerator to find company assets across multiple cloud providers.
Compare CloudFlair vs CloudBruteCloudFox
GoFind exploitable attack paths in cloud infrastructure by enumerating IAM permissions, secrets, and network exposure.
Compare CloudFlair vs CloudFoxCloudSploit
JavaScriptOpen-source cloud security configuration scanner for AWS, Azure, GCP, and Oracle Cloud Infrastructure.
Compare CloudFlair vs CloudSploitCartography
PythonIntel graph of cloud infrastructure. Maps relationships between AWS, GCP, Azure, and other services into a Neo4j graph.
Compare CloudFlair vs CartographySteampipe
GoQuery cloud APIs with SQL. Zero-ETL approach to infrastructure visibility across AWS, Azure, GCP, and 140+ plugins.
Compare CloudFlair vs SteampipeMore in Cloud Recon
ScoutSuite
PythonMulti-cloud security auditing tool for AWS, Azure, GCP, Alibaba Cloud, and Oracle Cloud.
CloudMapper
PythonAnalyze AWS environments to create network diagrams and identify security risks.
S3Scanner
GoScan for misconfigured S3 buckets across AWS regions and dump accessible contents.
CloudBrute
GoCloud infrastructure enumerator to find company assets across multiple cloud providers.
MicroBurst
PowerShellPowerShell toolkit for attacking Azure services including storage, key vaults, and automation.
ROADtools
PythonFramework for Azure AD enumeration and exploitation via the internal ROADrecon and ROADlib modules.