Insights >Blog

A quick guide to the CloudFail tool

Danilo Vezzoni


August 16th, 2018

We often come across sites or servers protected with CloudFlare, but to carry out a good penetration test it is almost mandatory to know the actual IP of the site.

CloudFail is a tool that is helps to unmask CloudFlare by providing the actual IP of the server. Basically, it uses the following three methods to obtain the information:

  • Check in DNSDumpster.com
  • Check in Crimeflare.com
  • Perform a brute force with more than 2500 subdomains in its database

With these three methods, in 99% of cases it gets the actual IP of the server.

How to quickly install it

1. We install pip3 for python 3
<strong>sudo apt-get install</strong> python3-pip
2. We download the script from the repository and unzip it into a folder

https://github.com/m0rtem/CloudFail

3. We install the requirements:
pip3 install -r requirements.txt

Use

python3 cloudfail.py --target website.com

It can be anonymized using tor by executing the following:

service tor start
python3 cloudfail.py --target seo.com --tor

Dependencies

  • argparse
  • colorama
  • socket
  • binascii
  • datetime
  • requests
  • win_inet_pton

Repository: https://github.com/m0rtem/CloudFail

 A quick guide to the CloudFail tool

Share

Related posts

See also

Services

Software development

Software testing

Consultancy & innovation

User experience

Industries

Fintech

Media & entertainment

Healthcare

All industries

Insights

Blog

Whitepapers

Webinars

Videos

Why Belatrix?

International presence

Nearshore advantages

Project governance

Agile expertise

Flexible engagement models

Our talent development