{"name":"hakoriginfinder: Discovering Origin Hosts Behind Reverse Proxies","description":"hakoriginfinder is a powerful Go-based tool designed to uncover the true origin host behind reverse proxies, including cloud-based Web Application Firewalls (WAFs). It achieves this by comparing HTTP responses from potential origin IP addresses against the original proxy response using the Levenshtein algorithm. This functionality makes it an invaluable asset for security researchers and penetration testers looking to bypass WAFs and identify underlying infrastructure.","github":"https://github.com/hakluke/hakoriginfinder","url":"https://osrepos.com/repo/hakluke-hakoriginfinder","source":"osrepos.com","sourceDescription":"This repository profile is provided by osrepos.com, an open source repository discovery platform.","repositoryProfile":"https://osrepos.com/repo/hakluke-hakoriginfinder","generatedFor":"open source discovery and AI-assisted research","markdown":"https://osrepos.com/repo/hakluke-hakoriginfinder.md","json":"https://osrepos.com/repo/hakluke-hakoriginfinder.json","topics":["Go","Security","Penetration Testing","WAF Bypass","Network Scanning","Origin Discovery"],"keywords":["Go","Security","Penetration Testing","WAF Bypass","Network Scanning","Origin Discovery"],"stars":null,"summary":"hakoriginfinder is a powerful Go-based tool designed to uncover the true origin host behind reverse proxies, including cloud-based Web Application Firewalls (WAFs). It achieves this by comparing HTTP responses from potential origin IP addresses against the original proxy response using the Levenshtein algorithm. This functionality makes it an invaluable asset for security researchers and penetration testers looking to bypass WAFs and identify underlying infrastructure.","content":"## Introduction\n\nhakoriginfinder is a specialized tool developed by hakluke, aimed at identifying the actual origin server that sits behind a reverse proxy. This capability is particularly useful for security assessments, allowing testers to potentially bypass protective layers like WAFs and directly interact with the backend server.\n\nThe tool operates by first making a request to the target hostname or URL and storing its response. Subsequently, it probes a list of provided IP addresses on specified ports (defaulting to 80 and 443), setting the `Host` header to the original target. Each response from these IP addresses is then compared to the original response using the Levenshtein distance algorithm. A low Levenshtein score indicates high similarity, flagging a potential match for the origin host.\n\n## Installation\n\nTo install hakoriginfinder, you need to have Go installed on your system. Once Go is set up, you can install the tool using the following command:\n\nbash\ngo install github.com/hakluke/hakoriginfinder@latest\n\n\n## Examples\n\nhakoriginfinder is designed for straightforward command-line usage, typically accepting a list of IP addresses via standard input and the target hostname via the `-h` option.\n\nHere's a basic example demonstrating how to use it with `prips` to generate IP ranges:\n\nbash\nprips 93.184.216.0/24 | hakoriginfinder -h https://example.com:443/foo\n\n\nYou can customize the tool's behavior with several options:\n\n*   `-l`: Set the Levenshtein distance threshold. A lower number requires more similar matches, default is 5.\n*   `-t`: Specify the number of threads to use, default is 32.\n*   `-h`: Define the hostname, this option is mandatory.\n*   `-p`: Set the ports to scan on the IP addresses, default is 80,443.\n\n### Output Example\n\nThe output provides three columns: a match status (\"MATCH\" or \"NOMATCH\"), the URL being tested, and the Levenshtein score.\n\n\n$ prips 1.1.1.0/24 | hakoriginfinder -h http://one.one.one.one:80/index.html -p 80,443,8080,8443\nRedirect 301 to: https://one.one.one.one/index.html\nRedirect 308 to: https://one.one.one.one/\nNOMATCH http://1.1.1.31:443/ 56290\n...\nMATCH https://1.1.1.1:443/ 0\n...\nMATCH https://1.1.1.1:8443/ 0\n\n\n## Why Use hakoriginfinder?\n\nhakoriginfinder is an essential tool for several reasons, particularly in the realm of cybersecurity:\n\n*   **WAF Bypass**: By identifying the true origin IP, security professionals can often bypass WAFs and other reverse proxies, allowing direct interaction with the backend server to discover vulnerabilities that would otherwise be hidden.\n*   **Infrastructure Discovery**: It helps in mapping out an organization's network infrastructure, revealing hidden servers or misconfigurations.\n*   **Security Assessments**: Integral for comprehensive penetration testing and vulnerability assessments, providing a deeper understanding of the target's attack surface.\n*   **Efficiency**: Automates a complex task that would otherwise require manual and time-consuming efforts to compare server responses.\n\n## Links\n\nFor more details, contributions, or to report issues, visit the official GitHub repository:\n\n*   **GitHub Repository**: [https://github.com/hakluke/hakoriginfinder](https://github.com/hakluke/hakoriginfinder){:target=\"_blank\"}","metrics":{"detailViews":6,"githubClicks":4},"dates":{"published":null,"modified":"2026-03-26T09:44:51.000Z"}}