Origin IP found, D-DOS & WAF Cloudflare protection bypassed

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Low Hanging Bugs

https://i.ytimg.com/vi/6gaplYfYpKI/maxresdefault.jpg1. Favicon Hash:

Tool: https://github.com/Dheerajmadhukar/Lilly

Tool to find the real IP behind CDNs/WAFs like Cloudflare using passive recon by retrieving the favicon hash. For the same hash value, all the possible IPs, PORTs and SSL/TLS Certs are searched to validate the target in-scope.

2. Complete Shodan Recon:

Tool: https://github.com/Dheerajmadhukar/karma_v2

𝚔𝚊𝚛𝚖𝚊 𝚟𝟸 can be used by Infosec Researchers, Penetration Testers, Bug Hunters to find deep information, more assets, WAF/CDN bypassed IPs, Internal/External Infra, Publicly exposed leaks and many more about their target.

3. Bash Automation FaviconTo find the real IP behind #CDNs / #WAFs like #cloudflare using passive recon by retrieving the #favicon #hash. [Shodan Premium API needed]

Tweet: https://twitter.com/Dheerajmadhukar/status/1378369856907616259

4. Repository of historical DNS data

Link: https://securitytrails.com/dns-trails

Data for security companies, researchers who need to drill down, find suspicious changes to DNS records, and prevent future fraudulent or criminal activity.

5. Sometimes SPF/DMARC/DKIM records

All of your MX record, DNS, blacklist and SMTP diagnostics in one integrated tool. Input a domain name or IP Address or Host Name.

And many more …

Let the Game Begin . . .Vulnerability details


During the initial assessment of assets, I found a

Read the article