This script will attempt to discover:
- the direct IP handle of a server behind a firewall like Cloudflare, Incapsula, SUCURI …
- an outdated server which nonetheless working the identical (inactive and unmaintained) web site, not receiving lively site visitors as a result of the A DNS file isn’t pointing in the direction of it. Because it is an outdated and unmaintained web site model of the present lively one, it’s probably vulnerable for numerous exploits. It is perhaps simpler to seek out SQL injections and entry the database of the outdated web site and abuse this info to make use of on the present and lively web site.
This script (ab)makes use of DNS historical past data. This script will seek for outdated DNS A data and examine if the server replies for that area. It additionally outputs a confidence stage, primarily based on the similarity in HTML response of the attainable origin server and the firewall.
Use the script like this:
bash bypass-firewalls-by-DNS-history.sh -d instance.com
-d --domain: area to bypass
-o --outputfile: output file with IP’s
-l --listsubdomains: checklist with subdomains for additional protection
jq is required to parse output to collect robotically subdomains. Install with
apt set up jq.
For who is that this script?
This script is useful for:
- Security auditors
- Web directors
- Bug bounty hunters
- Blackhatters I suppose ¯_(ツ)_/¯
How to guard in opposition to this script?
- If you utilize a firewall, be certain that to simply accept solely site visitors coming via the firewall. Deny all site visitors coming immediately from the web. For instance: Cloudflare has a list of IP’s which you’ll be able to whitelist with iptables or UFW. Deny all different site visitors.
- Make certain that no outdated servers are nonetheless accepting connections and never accessible within the first place
Web providers used on this script
The following providers had been used:
Web Application Firewall bypass
discover direct/origin IP web site