CF-Bypass

Description

This tool is a simple bypass for a website running Cloudflare by finding the Origin IP of the domain. By doing so we are able to access the website without going trough Cloudflare's IP

This comes from a Misconfiguration on the Origin IP, that should not allow traffic outside of Cloudflare.

Install

Clone the project and run the following command

chmod u+x install.sh && ./install.sh

Usage

CF-Bypass is a Scanner that will attempt to bypass Cloudflare by finding the Origin IP of the server.
	Usage:
		cf-bypass <flag> [options]

	Flags:
		check <hostname> <host>: Check if you can bypass the provided Hostname using the provided IP/Host

	Options:
		-h: Show this help
		-d: Enable Debugging
		-f: file containing a list of subdomains
		-s: silent output
		-m: Enabling Mode. Available Modes:
			st: Activate Security Trails Detection
			c: Activate Collaborator Detection
	Examples:
		cat subs.txt | cf-bypass [options]; # Uses Security Trails credits
		cf-bypass check www.cloudflare.com 1.1.1.1
		cf-bypass -f subs.txt
		echo www.cloudflare.com | cf-bypass -m st,c

Future Improvements

  • Add support for Favicon Hash IP discovery with Shodan
  • Add support for Certificate based IP discovery
  • Add support for Header based SSRF discovery (X-Forwarded-For: collaborator --> Finding the IP)