CloudFlair-查找网站的原始服务器工具
CloudFlairCloudFlair是一种工具,用于查找受CloudFlare保护的网站的原始服务器,这些网站已公开暴露,并且不会按应有的方式限制对CloudFlare IP范围的网络访问。
该工具使用来自Censys的 Internet范围内的扫描数据来查找暴露的IPv4主机,这些主机提供与目标域名关联的SSL证书。
有关此常见错误配置以及CloudFlair如何工作的更多详细信息,请参阅随附的博客文章,网址为
https://blog.christophetd.fr/byp ... net-wide-scan-data/
这就是CloudFlair的实际运行情况。
$ python cloudflair.py myvulnerable.site The target appears to be behind CloudFlare. Looking for certificates matching "myvulnerable.site" using Censys 75 certificates matching "myvulnerable.site" found. Looking for IPv4 hosts presenting these certificates... 10 IPv4 hosts presenting a certificate issued to "myvulnerable.site" were found. - 51.194.77.1 - 223.172.21.75 - 18.136.111.24 - 127.200.220.231 - 177.67.208.72 - 137.67.239.174 - 182.102.141.194 - 8.154.231.164 - 37.184.84.44 - 78.25.205.83 Retrieving target homepage at https://myvulnerable.site Testing candidate origin servers - 51.194.77.1 - 223.172.21.75 - 18.136.111.24 responded with an unexpected HTTP status code 404 - 127.200.220.231 timed out after 3 seconds - 177.67.208.72 - 137.67.239.174 - 182.102.141.194 - 8.154.231.164 - 37.184.84.44 - 78.25.205.83 Found 2 likely origin servers of myvulnerable.site! - 177.67.208.72 (HTML content identical to myvulnerable.site) - 182.102.141.194 (HTML content identical to myvulnerable.site) (此示例中的IP地址已被混淆,并由随机生成的IP代替) 建立 在https://censys.io/register上注册一个帐户(免费) 浏览到https://censys.io/account/api,并使用您的API ID和API secret设置两个环境变量 $ export CENSYS_API_ID=... $ export CENSYS_API_SECRET=... 克隆存储库 $ git clone https://github.com/christophetd/cloudflair.git 安装依赖项 $ cd cloudflair $ pip install -r requirements.txt 运行CloudFlair(有关更多详细信息,请参见下面的用法) $ python cloudflair.py myvulnerable.site 用法 $ python cloudflair.py --help usage: cloudflair.py [-h] [-o OUTPUT_FILE] [--censys-api-id CENSYS_API_ID] [--censys-api-secret CENSYS_API_SECRET] domain positional arguments: domain The domain本文转载于
https://github.com/christophetd/CloudFlair
官方
24篇下载
1.23M总阅读量
