CloudBunny – A Tool To Capture The Real IP Of The Server That Uses A WAF As A Proxy Or Protection

0
14
CloudBunny - A Tool To Capture The Real IP Of The Server That Uses A WAF As A Proxy Or Protection

CloudBunny is a device to capture the true IP of the server that makes use of a WAF as a proxy or safety.

How works
In this device we used three serps to look area data: Shodan, Censys and Zoomeye. To use the instruments you want the API Keys, you may decide up the next hyperlinks:

Shodan - https://account.shodan.io/
Censys - https://censys.io/account/api
ZoomEye - https://www.zoomeye.org/profile

NOTE: In Zoomeye that you must enter the login and password, it generates a dynamic api key and I already do that be just right for you. Just enter your login and password.
After that that you must put the credentials within the api.conf file.
Install the necessities:

$ sudo pip set up -r necessities.txt


Usage
By default the device searches on all serps (you may set this up by arguments), however that you must put the credentials as acknowledged above. After you have got loaded the credentials and put in the necessities, execute:

$ python cloudbunny.py -u securityattack.com.br

Check our assist space:

$ python cloudbunny.py -h

Change securityattack.com.br for the area of your alternative.

Example


$ python cloudbunny.py -u site_example.com.br

             /|      __  
            / |   ,-~ /  
           Y :|  //  /    
           | jj /( .^  
           >-"~"-v"  
          /       Y    
         jo  o    |  
        ( ~T~     j   
         >._-' _./   
        /   "~"  |    
       Y     _,  |      
      /| ;-"~ _  l    
     / l/ ,-"~      
     ///      .-   
      Y        /    Y*  
      l       I     ! 
      ]      _    /" 
     (" ~----( ~   Y.  )   
 ~~~~~~~~~~~~~~~~~~~~~~~~~~    
CloudBunny - Bypass WAF with Search Engines 
Author: Eddy Oliveira (@Warflop)
https://github.com/Warflop 
    
[+] Looking for goal on Shodan...
[+] Looking for goal on Censys...
[+] Looking for certificates on Censys...
[+] Looking for goal on ZoomEye...
[-] Just extra some seconds...


+---------------+------------+-----------+----------------------------+
|   IP Address  |    ISP     |   Ports   |        Last Update         |
+---------------+------------+-----------+----------------------------+
|  55.14.232.4  | Amazon.com | [80, 443] | 2018-11-02T16:02:51.074543 |
| 54.222.146.40 | Amazon.com |    [80]   | 2018-11-02T10:16:38.166829 |
| 18.235.52.237 | Amazon.com | [443, 80] | 2018-11-08T01:22:11.323980 |
| 54.237.93.127 | Amazon.com | [443, 80] | 2018-11-05T15:54:40.248599 |
| 53.222.94.157 | Amazon.com | [443, 80] | 2018-11-06T08:46:03.377082 |
+---------------+------------+-----------+----------------------------+
    We might have some false positives :)

MoreTip.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.