CloudBunny : Capture Real IP of Server behind WAF
by
Admin
CloudBunny is a tool to capture the origin server that uses a WAF as a proxy or protection.
This tool we used three search engines to search domain information: Shodan, Censys and Zoomeye. To use the tools you need the API Keys, you can pick up the following links:
This tool we used three search engines to search domain information: Shodan, Censys and Zoomeye. To use the tools you need the API Keys, you can pick up the following links:
- Shodan - https://account.shodan.io/
- Censys - https://censys.io/account/api ZoomEye - https://www.zoomeye.org/profile
NOTE: In Zoomeye you need to enter the login and password, it generates a dynamic api key and I already do this work for you. Just enter your login and password.
After that you need to put the credentials in the api.conf file.
Install the requirements:
After that you need to put the credentials in the api.conf file.
Install the requirements:
$ sudo pip install -r requirements.txt
Usage
After you have loaded the credentials and installed the requirements, execute:$ python cloudbunny.py -u DOMAINURL