gwen001 / cloudflare-origin-ip Goto Github PK

Try to find the origin IP of a webapp protected by Cloudflare.

License: MIT License

Python 100.00%

bugbounty cloudflare ips pentesting python security-tools webapp

cloudflare-origin-ip's Introduction

👨‍🦰 About me

Bug hunter, tool maker, father, climber, I love coding and learn new stuff.
Feel free to try my scripts or update them to fit your needs. Check also some good oneliners.

💻 Current mood

Hardly working on my new project: https://offsec.tools.
A vast collection of security tools for bug bounty, pentest and red teaming. Curated by the community, feel free to add your own tool and subscribe the newsletter.

🤩 My favorite projects

DataExtractor: Burp Suite extension to extract data from source code while browsing.
github-subdomains: Find subdomains on GitHub.
github-endpoints: Find endpoints on GitHub.
github-regexp: Basically a regexp filter over a GitHub search.
extract-endpoints: Extract endpoints from source files.
keyhacks: Automation of tokens/api keys testing.
related-domains: Find related domains of a given domain.
csp-analyzer: Analyze the Content-Security-Policy of a given URL.
favicon-hashtrick: Find subdomains using a the favicon trick.
graphql-introspection-analyzer: Analyze the response of the introspection query of GraphQL.
cloudflare-origin-ip: Try to find the origin IP of a webapp protected by Cloudflare.

📧 Find me

https://10degres.net

As it takes alot of time to write and maintain tools, sponsoring is always appreciated :)

cloudflare-origin-ip's People

Contributors

Stargazers

Watchers

Forkers

bbhunter mohinparamasivam l0x6 lamsecurity thedeveloperops marcianobarros20 rlima999 pawnmuncher ziyadnz r44wk shamimrezasohag khushal314 orchidtechie0x60 magespawn hasanisaeed aels b1ngda0 jahno ottothebull reket99 shaqpcrepair yalonso7 gurkirpalmultani 5l1v3r1 red-spect3r ilir4734 m1kewaz0wsk1 cyberpunk-1982 ferretking jotnarss0n munstar0s honeypothoneypot legaciespanda victorgeel haka110 dalaho-bangin excloudx6 anatchacko pog007 hxlxmjxbbxs joyboyid drgreenthumb93 tosunkaya juniordeveloperonline elliotwutingfeng noname1007 zol9527 budrin ankit-appy kayvan djybrandon bp-red-team shuvamoy emirgra pushkraj99 tannhatcms fulanah-binti-fulanah reewardius

cloudflare-origin-ip's Issues

api error

[-] error occured: CENSYS_UID or CENSYS_SECRET not found, Censys removed from sources
[-] error occured: SECURITY_TRAILS_API_KEY not found, SecurityTrails removed from sources

add shodn too ,please update

Division by zero

Very similar to the previous one

Traceback (most recent call last):
  File "/app/cloudflare-origin-ip.py", line 585, in <module>
    pool.map( partial(testBypass3,t_multiproc,r_reference,host), t_ips )
  File "/usr/local/lib/python3.12/multiprocessing/pool.py", line 367, in map
    return self._map_async(func, iterable, mapstar, chunksize).get()
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/multiprocessing/pool.py", line 774, in get
    raise self._value
  File "/usr/local/lib/python3.12/multiprocessing/pool.py", line 125, in worker
    result = (True, func(*args, **kwds))
                    ^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/multiprocessing/pool.py", line 48, in mapstar
    return list(map(*args))
           ^^^^^^^^^^^^^^^^
  File "/app/cloudflare-origin-ip.py", line 458, in testBypass3
    score = responseCompare( r_reference, r )
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/cloudflare-origin-ip.py", line 487, in responseCompare
    score['dist_content_type'] = 100 - ( dist*100 / len(r_reference.headers['Content-Type']) )
                                         ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hardcoded wrong domain?

cloudflare-origin-ip/cloudflare-origin-ip.py

Line 199 in 712d65f

    
           r = requests.get( CENSYS_API_URL+'/v2/hosts/search?q=deciplus.pro', headers=headers, auth=(CENSYS_UID,CENSYS_SECRET) )

Looks like instad of using "domain" it is using "deciplus.pro"?

Giving Error

When I use the format:

python3 cloudflare-origin-ip.py -u xyz.com

It gives me following error:

Error: 'CENSYS_UID' not defined
To fix this:
export CENSYS_UID=xxxxxxxxxxxxxxxxxxxxxxxxxx
export CENSYS_SECRET=xxxxxxxxxxxxxxxxxxxxxxx

SSL error

[+] 5 ips added
[+] 2 unique ips collected
[+] Performing reference request...
Status=200, Length=2894, Headers=13, Content-Type=text/html; charset=utf-8
[+] Testing bypass...
172.67.195.141 is CloudFlare
[-] 170.187.131.209: HTTPSConnectionPool(host='170.187.131.209', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:992)')))
[ cloudflare-origin-ip]$

[-] 3.108.143.18: HTTPSConnectionPool(host='3.108.143.18', port=443): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0xffff91d5c0a0>, 'Connection to 3.108.143.18 timed out. (connect timeout=3)'))

No config file available

I can't find a configuration file to add the api keys for censys and security trails

Response content size can be zero

[+] Reading datas from file: ips
[+] 0 subdomains found, 27 ips added
[+] 27 unique ips collected
[+] Performing reference request...
Status=404, Length=0, Headers=9, Content-Type=text/plain; charset=utf-8
[+] Testing bypass...
[-] 40.126.38.21: Exceeded 30 redirects.
Traceback (most recent call last):
  File "/app/cloudflare-origin-ip.py", line 584, in <module>
    pool.map( partial(testBypass3,t_multiproc,r_reference,host), t_ips )
  File "/usr/local/lib/python3.12/multiprocessing/pool.py", line 367, in map
    return self._map_async(func, iterable, mapstar, chunksize).get()
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/multiprocessing/pool.py", line 774, in get
    raise self._value
  File "/usr/local/lib/python3.12/multiprocessing/pool.py", line 125, in worker
    result = (True, func(*args, **kwds))
                    ^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/multiprocessing/pool.py", line 48, in mapstar
    return list(map(*args))
           ^^^^^^^^^^^^^^^^
  File "/app/cloudflare-origin-ip.py", line 458, in testBypass3
    score = responseCompare( r_reference, r )
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/cloudflare-origin-ip.py", line 490, in responseCompare
    score['dist_content'] = 100 - ( dist*100 / len(r_reference.content[0:COMPARE_FIRST_CHARS]) )
                                    ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ZeroDivisionError: division by zero

Getting these errors

pool.map( partial(testBypass3,t_multiproc,r_reference,host), t_ips )
File "/usr/lib/python3.11/multiprocessing/pool.py", line 367, in map
return self._map_async(func, iterable, mapstar, chunksize).get()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/multiprocessing/pool.py", line 774, in get
raise self._value
File "/usr/lib/python3.11/multiprocessing/pool.py", line 125, in worker
result = (True, func(*args, **kwds))
^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/multiprocessing/pool.py", line 48, in mapstar
return list(map(*args))
^^^^^^^^^^^^^^^^
line 313, in testBypass3
if is_cloudflare3( IPAddress(ip) ):
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
line 247, in is_cloudflare3
ip = IP2Int( str(ip) )
^^^^^^^^^^^^^^^^^
], line 132, in IP2Int
o = list( map(int, ip.split('.')) )
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ValueError: invalid literal for int() with base 10: '2606:4700:10::6814:4dc5'

Unable to set my censys_UID

HI are you able to share how you set your censys_UID?

not running

Hi i added api and secret key still shwoing error

Error: 'CENSYS_UID' not defined
To fix this:
export CENSYS_UID=
export CENSYS_SECRET=

Facing error while running the tool

python3 cloudflare-origin-ip.py
Traceback (most recent call last):
File "/home/kali/Downloads/tools/cloudflare-origin-ip/cloudflare-origin-ip.py", line 6, in
import requests
File "/usr/lib/python3/dist-packages/requests/init.py", line 43, in
import urllib3
File "/home/kali/.local/lib/python3.11/site-packages/urllib3/init.py", line 8, in
from .connectionpool import (
File "/home/kali/.local/lib/python3.11/site-packages/urllib3/connectionpool.py", line 29, in
from .connection import (
File "/home/kali/.local/lib/python3.11/site-packages/urllib3/connection.py", line 39, in
from .util.ssl_ import (
File "/home/kali/.local/lib/python3.11/site-packages/urllib3/util/init.py", line 3, in
from .connection import is_connection_dropped
File "/home/kali/.local/lib/python3.11/site-packages/urllib3/util/connection.py", line 3, in
from .wait import wait_for_read
File "/home/kali/.local/lib/python3.11/site-packages/urllib3/util/wait.py", line 1, in
from .selectors import (
File "/home/kali/.local/lib/python3.11/site-packages/urllib3/util/selectors.py", line 14, in
from collections import namedtuple, Mapping
ImportError: cannot import name 'Mapping' from 'collections' (/usr/lib/python3.11/collections/init.py)