Skip to content

OSINT tool for discovering the real IP addresses of services which are behind Cloudflare but not properly locked down

License

Notifications You must be signed in to change notification settings

LeeBrotherston/badflare

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

badflare

OSINT tool for discovering the real IP addresses of services which are behind Cloudflare but not properly configured

Pardon?

Cloudflare provides protection to it's customers, however this is predicated on those customers locking their environment to only be accessible to Cloudflare. Direct access to services circumvents this protection, and can de-anonymise the location of the service.

Many people opt to use simple obfuscation, specifically, no DNS pointing to the real host, rather than truely locking down their environment. This leaves the host vulnerable to attack if it's true IP address can be discovered, thus bypassing Cloudflare protection.

Hence badflare

Badflare attempts to discover poorly configured hosts. Simply provide your shodan API key on the commandline or as the env var SHODAN_API and run the command in form:

badflare -h host.this_is_my_victim.com

Building

This is a simple go tool so you can either clone this repo and build using:

go build

About

OSINT tool for discovering the real IP addresses of services which are behind Cloudflare but not properly locked down

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages