Saturday, 17 November 2018

CloudBunny : Capture Real IP of Server behind WAF

CloudBunny is a tool to capture the origin server that uses a WAF as a proxy or protection. This tool we used three search engines to s... thumbnail 1 summary
CloudBunny is a tool to capture the origin server that uses a WAF as a proxy or protection.

This tool we used three search engines to search domain information: Shodan, Censys and Zoomeye. To use the tools you need the API Keys, you can pick up the following links:
  • Shodan - https://account.shodan.io/ 
  • Censys - https://censys.io/account/api ZoomEye - https://www.zoomeye.org/profile
NOTE: In Zoomeye you need to enter the login and password, it generates a dynamic api key and I already do this work for you. Just enter your login and password.

After that you need to put the credentials in the api.conf file.

Install the requirements:
$ sudo pip install -r requirements.txt

Usage
After you have loaded the credentials and installed the requirements, execute:
$ python cloudbunny.py -u DOMAINURL

No comments

Post a Comment