hakoriginfinder: Discovering Origin Hosts Behind Reverse Proxies
This repository profile is provided by osrepos.com, an open source repository discovery platform.

Summary
hakoriginfinder is a powerful Go-based tool designed to uncover the true origin host behind reverse proxies, including cloud-based Web Application Firewalls (WAFs). It achieves this by comparing HTTP responses from potential origin IP addresses against the original proxy response using the Levenshtein algorithm. This functionality makes it an invaluable asset for security researchers and penetration testers looking to bypass WAFs and identify underlying infrastructure.
Repository Information
Topics
Click on any tag to explore related repositories
Use at your own risk
OSRepos shares public repositories for knowledge and discovery only. Any installation, execution, configuration, or use of code from these repositories is the user's own responsibility. Always review the repository, source code, dependencies, licenses, and security implications before running or installing anything. OSRepos is not responsible for issues, damages, or losses resulting from third-party repositories.
Introduction
hakoriginfinder is a specialized tool developed by hakluke, aimed at identifying the actual origin server that sits behind a reverse proxy. This capability is particularly useful for security assessments, allowing testers to potentially bypass protective layers like WAFs and directly interact with the backend server.
The tool operates by first making a request to the target hostname or URL and storing its response. Subsequently, it probes a list of provided IP addresses on specified ports (defaulting to 80 and 443), setting the Host header to the original target. Each response from these IP addresses is then compared to the original response using the Levenshtein distance algorithm. A low Levenshtein score indicates high similarity, flagging a potential match for the origin host.
Installation
To install hakoriginfinder, you need to have Go installed on your system. Once Go is set up, you can install the tool using the following command:
go install github.com/hakluke/hakoriginfinder@latest
Examples
hakoriginfinder is designed for straightforward command-line usage, typically accepting a list of IP addresses via standard input and the target hostname via the -h option.
Here's a basic example demonstrating how to use it with prips to generate IP ranges:
prips 93.184.216.0/24 | hakoriginfinder -h https://example.com:443/foo
You can customize the tool's behavior with several options:
-l: Set the Levenshtein distance threshold. A lower number requires more similar matches, default is 5.-t: Specify the number of threads to use, default is 32.-h: Define the hostname, this option is mandatory.-p: Set the ports to scan on the IP addresses, default is 80,443.
Output Example
The output provides three columns: a match status ("MATCH" or "NOMATCH"), the URL being tested, and the Levenshtein score.
$ prips 1.1.1.0/24 | hakoriginfinder -h http://one.one.one.one:80/index.html -p 80,443,8080,8443
Redirect 301 to: https://one.one.one.one/index.html
Redirect 308 to: https://one.one.one.one/
NOMATCH http://1.1.1.31:443/ 56290
...
MATCH https://1.1.1.1:443/ 0
...
MATCH https://1.1.1.1:8443/ 0
Why Use hakoriginfinder?
hakoriginfinder is an essential tool for several reasons, particularly in the realm of cybersecurity:
- WAF Bypass: By identifying the true origin IP, security professionals can often bypass WAFs and other reverse proxies, allowing direct interaction with the backend server to discover vulnerabilities that would otherwise be hidden.
- Infrastructure Discovery: It helps in mapping out an organization's network infrastructure, revealing hidden servers or misconfigurations.
- Security Assessments: Integral for comprehensive penetration testing and vulnerability assessments, providing a deeper understanding of the target's attack surface.
- Efficiency: Automates a complex task that would otherwise require manual and time-consuming efforts to compare server responses.
Links
For more details, contributions, or to report issues, visit the official GitHub repository:
- GitHub Repository: https://github.com/hakluke/hakoriginfinder
Related repositories
Similar repositories that may be relevant next.

no-mistakes: AI-Driven Git Proxy for Flawless Pull Requests
June 30, 2026
no-mistakes is an innovative Git proxy that streamlines the pull request workflow by ensuring code quality before it reaches your remote. It uses an AI-driven validation pipeline in a disposable worktree, automatically applying safe fixes and escalating complex issues for human review. This tool helps developers maintain clean, high-quality codebases and open perfect PRs effortlessly.
Gogcli: Google Workspace Management from Your Terminal
June 24, 2026
Gogcli is a powerful command-line interface for Google Workspace, allowing users to manage Gmail, Calendar, Drive, Docs, Sheets, and many other services directly from their terminal. It is designed for both interactive use and robust automation, providing predictable output, agent safety features, and support for multiple accounts.

PinchTab: High-Performance Browser Automation for AI Agents
June 21, 2026
PinchTab is a high-performance browser automation bridge and multi-instance orchestrator, designed to give AI agents direct control over Chrome. Built in Go, it offers advanced stealth injection, real-time dashboards, and token-efficient web interaction. It supports both headless and headed modes, enabling robust and secure automation workflows for various applications.

Multigres: Vitess Adaptation for Scalable Postgres Databases
June 3, 2026
Multigres is an innovative project that adapts Vitess for use with PostgreSQL, aiming to bring advanced sharding and scalability features to Postgres environments. Currently in early development, it offers a promising solution for managing large-scale Postgres deployments. Users can explore its capabilities and contribute to its growth.
Source repository
Open the original repository on GitHub.