Skip to content
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
Python Dockerfile
Branch: master
Clone or download
Latest commit 0f4ed48 Jul 11, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
data undo Jul 4, 2017
.gitignore fix for subdomain use Dec 9, 2018
Dockerfile Add Dockerfile Jan 1, 2018 Create Jun 15, 2017 ReadMe update Nov 20, 2018 updated crimeflare ip database download url Apr 3, 2018
requirements.txt upgrade urllib3 Jul 11, 2019 v.1.0 Jun 11, 2016


CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by Cloudflare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases.

  1. Misconfigured DNS scan using
  2. Scan the database.
  3. Bruteforce scan over 2500 subdomains.

Example usage

Please feel free to contribute to this project. If you have an idea or improvement issue a pull request!


This tool is a PoC (Proof of Concept) and does not guarantee results. It is possible to setup Cloudflare properly so that the IP is never released or logged anywhere; this is not often the case and hence why this tool exists. This tool is only for academic purposes and testing under controlled environments. Do not use without obtaining proper authorization from the network owner of the network under testing. The author bears no responsibility for any misuse of the tool.

Install on Kali/Debian

First we need to install pip3 for python3 dependencies:

$ sudo apt-get install python3-pip

Then we can run through dependency checks:

$ pip3 install -r requirements.txt


To run a scan against a target:

python3 --target

To run a scan against a target using Tor:

service tor start

(or if you are using Windows or Mac install vidalia or just run the Tor browser)

python3 --target --tor

Please make sure you are running with Python3 and not Python2.*.



  • argparse
  • colorama
  • socket
  • binascii
  • datetime
  • requests
  • win_inet_pton

Donate BTC


Buy me a beer or coffee... or both! If you donate send me a message and I will add you to the credits! Thank YOU!

You can’t perform that action at this time.