CloudBunny : Capture Real IP of Server behind WAF

CloudBunny is a tool to capture the origin server that uses a WAF as a proxy or protection.

This tool we used three search engines to search domain information: Shodan, Censys and Zoomeye. To use the tools you need the API Keys, you can pick up the following links:
  • Shodan - 
  • Censys - ZoomEye -
NOTE: In Zoomeye you need to enter the login and password, it generates a dynamic api key and I already do this work for you. Just enter your login and password.

After that you need to put the credentials in the api.conf file.

Install the requirements:
$ sudo pip install -r requirements.txt

After you have loaded the credentials and installed the requirements, execute:
$ python -u DOMAINURL