CloakQuest3r: Uncovering Real IPs Behind Cloudflare and Reverse Proxies
Summary
CloakQuest3r is an open-source Python tool designed for security professionals to uncover the real origin IP addresses of websites protected by Cloudflare and other reverse proxy services. It achieves this through comprehensive subdomain enumeration, DNS history analysis, and SSL certificate examination. This tool is invaluable for authorized security testing and strengthening web infrastructure defenses.
Repository Info
Tags
Click on any tag to explore related repositories
Introduction
CloakQuest3r is a powerful, open-source security research tool developed in Python, specifically designed to identify the true origin IP addresses of websites that utilize Cloudflare and similar reverse proxy or CDN services. While Cloudflare offers significant security and performance benefits, misconfigurations can inadvertently expose the underlying server infrastructure. CloakQuest3r helps security professionals, penetration testers, and web administrators assess these vulnerabilities through passive analysis techniques like subdomain enumeration, DNS history, and SSL certificate analysis. It is intended for authorized security testing and defensive assessments to enhance web asset security.
Installation
To get started with CloakQuest3r, follow these simple steps:
- Clone the repository:
git clone https://github.com/spyboy-productions/CloakQuest3r.git - Navigate to the directory:
cd CloakQuest3r - Install dependencies:
pip3 install -r requirements.txtFor Termux (Android) users encountering issues with
cryptographyinstallation, use:pkg install python-cryptography
Examples
Using CloakQuest3r is straightforward. Once installed, you can run it with a single command-line argument, the target domain you want to analyze:
python cloakquest3r.py example.comReplace example.com with your target domain. The tool will automatically detect if Cloudflare is in use, print historical IP records, and then scan for subdomains to identify real IP addresses.
Optional: SecurityTrails API Integration
For enhanced historical IP data, you can integrate a free SecurityTrails API key. Upon first execution, a config.ini file will be generated in the CloakQuest3r directory. Edit this file to add your API key:
[DEFAULT]
securitytrails_api_key = your_api_key
Run Online:
CloakQuest3r can also be run online using platforms like Google Colab, Google Cloud Shell, and Binder for quick testing:
Why Use It
CloakQuest3r offers a robust set of features making it an essential tool for web security:
- Real IP Detection: Accurately discovers the true IP address of web servers behind Cloudflare, crucial for comprehensive penetration tests.
- Subdomain Scanning: Utilizes subdomain enumeration as a core component to identify the actual server hosting the website and its associated subdomains.
- IP Address History: Retrieves historical IP address information, including location, owner, and last seen dates, often revealing past configurations.
- SSL Certificate Analysis: Extracts and analyzes SSL certificates, which can sometimes expose details about the hosting infrastructure.
- Threaded Scanning: Enhances efficiency by scanning a large list of subdomains concurrently, reducing execution time.
- Detailed Reporting: Provides clear output, including the number of subdomains scanned, found, and the scan duration, along with any discovered real IP addresses.
This tool empowers security professionals to confidently evaluate website security, uncover hidden vulnerabilities, and fortify web assets. It was even recognized as one of the "Top 20 Most Popular Hacking Tools in 2023" by KitPloit.
Important Note: This tool is a Proof of Concept and is intended for educational purposes only. Please use it responsibly and ethically, always with the written permission of the targeted parties for legitimate penetration testing assignments.
Links
For more information, to contribute, or to report issues, please visit the official repository and related resources: