Skip to content
/ badflare Public

OSINT tool for discovering the real IP addresses of services which are behind Cloudflare but not properly locked down

License

View license
132 stars 9 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

LeeBrotherston/badflare

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
.github
.github
 
 
LICENCE
LICENCE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

badflare

OSINT tool for discovering the real IP addresses of services which are behind Cloudflare but not properly configured

Pardon?

Cloudflare provides protection to it's customers, however this is predicated on those customers locking their environment to only be accessible to Cloudflare. Direct access to services circumvents this protection, and can de-anonymise the location of the service.

Many people opt to use simple obfuscation, specifically, no DNS pointing to the real host, rather than truely locking down their environment. This leaves the host vulnerable to attack if it's true IP address can be discovered, thus bypassing Cloudflare protection.

Hence badflare

Badflare attempts to discover poorly configured hosts. Simply provide your shodan API key on the commandline or as the env var SHODAN_API and run the command in form:

badflare -h host.this_is_my_victim.com

Building

This is a simple go tool so you can either clone this repo and build using:

go build

About

OSINT tool for discovering the real IP addresses of services which are behind Cloudflare but not properly locked down

Resources

Readme

License

View license
Activity

Stars

132 stars

Watchers

5 watching

Forks

9 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages