# hakoriginfinder: Discovering Origin Hosts Behind Reverse Proxies

This repository profile is provided by osrepos.com, an open source repository discovery platform.

Source: osrepos.com
Repository profile: https://osrepos.com/repo/hakluke-hakoriginfinder
Generated for open source discovery and AI-assisted research.

hakoriginfinder is a powerful Go-based tool designed to uncover the true origin host behind reverse proxies, including cloud-based Web Application Firewalls (WAFs). It achieves this by comparing HTTP responses from potential origin IP addresses against the original proxy response using the Levenshtein algorithm. This functionality makes it an invaluable asset for security researchers and penetration testers looking to bypass WAFs and identify underlying infrastructure.

GitHub: https://github.com/hakluke/hakoriginfinder
OSRepos URL: https://osrepos.com/repo/hakluke-hakoriginfinder

## Summary

hakoriginfinder is a powerful Go-based tool designed to uncover the true origin host behind reverse proxies, including cloud-based Web Application Firewalls (WAFs). It achieves this by comparing HTTP responses from potential origin IP addresses against the original proxy response using the Levenshtein algorithm. This functionality makes it an invaluable asset for security researchers and penetration testers looking to bypass WAFs and identify underlying infrastructure.

## Topics

- Go
- Security
- Penetration Testing
- WAF Bypass
- Network Scanning
- Origin Discovery

## Repository Information

Last analyzed by OSRepos: Thu Mar 26 2026 09:44:51 GMT+0000 (Western European Standard Time)
Detail views: 6
GitHub clicks: 4

## Safety Notice

OSRepos shares public repositories for knowledge and discovery only. Review source code, dependencies, licenses, and security implications before running or installing anything.

## Content

## Introduction

hakoriginfinder is a specialized tool developed by hakluke, aimed at identifying the actual origin server that sits behind a reverse proxy. This capability is particularly useful for security assessments, allowing testers to potentially bypass protective layers like WAFs and directly interact with the backend server.

The tool operates by first making a request to the target hostname or URL and storing its response. Subsequently, it probes a list of provided IP addresses on specified ports (defaulting to 80 and 443), setting the `Host` header to the original target. Each response from these IP addresses is then compared to the original response using the Levenshtein distance algorithm. A low Levenshtein score indicates high similarity, flagging a potential match for the origin host.

## Installation

To install hakoriginfinder, you need to have Go installed on your system. Once Go is set up, you can install the tool using the following command:

bash
go install github.com/hakluke/hakoriginfinder@latest


## Examples

hakoriginfinder is designed for straightforward command-line usage, typically accepting a list of IP addresses via standard input and the target hostname via the `-h` option.

Here's a basic example demonstrating how to use it with `prips` to generate IP ranges:

bash
prips 93.184.216.0/24 | hakoriginfinder -h https://example.com:443/foo


You can customize the tool's behavior with several options:

*   `-l`: Set the Levenshtein distance threshold. A lower number requires more similar matches, default is 5.
*   `-t`: Specify the number of threads to use, default is 32.
*   `-h`: Define the hostname, this option is mandatory.
*   `-p`: Set the ports to scan on the IP addresses, default is 80,443.

### Output Example

The output provides three columns: a match status ("MATCH" or "NOMATCH"), the URL being tested, and the Levenshtein score.


$ prips 1.1.1.0/24 | hakoriginfinder -h http://one.one.one.one:80/index.html -p 80,443,8080,8443
Redirect 301 to: https://one.one.one.one/index.html
Redirect 308 to: https://one.one.one.one/
NOMATCH http://1.1.1.31:443/ 56290
...
MATCH https://1.1.1.1:443/ 0
...
MATCH https://1.1.1.1:8443/ 0


## Why Use hakoriginfinder?

hakoriginfinder is an essential tool for several reasons, particularly in the realm of cybersecurity:

*   **WAF Bypass**: By identifying the true origin IP, security professionals can often bypass WAFs and other reverse proxies, allowing direct interaction with the backend server to discover vulnerabilities that would otherwise be hidden.
*   **Infrastructure Discovery**: It helps in mapping out an organization's network infrastructure, revealing hidden servers or misconfigurations.
*   **Security Assessments**: Integral for comprehensive penetration testing and vulnerability assessments, providing a deeper understanding of the target's attack surface.
*   **Efficiency**: Automates a complex task that would otherwise require manual and time-consuming efforts to compare server responses.

## Links

For more details, contributions, or to report issues, visit the official GitHub repository:

*   **GitHub Repository**: [https://github.com/hakluke/hakoriginfinder](https://github.com/hakluke/hakoriginfinder){:target="_blank"}