Skip to content
This module can be useful if you need to test the security of your server and your website behind a solution Cloud based. By discovering the origin IP address of the targeted host.
Ruby
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
pictures
README.md
cloud_lookup.md
cloud_lookup.rb

README.md

cloud_lookup

This module can be useful if you need to test the security of your server and your website behind a solution Cloud based. By discovering the origin IP address of the targeted host.

More precisely, I use multiple data sources (in order ViewDNS.info, DNS enumeration and Censys) to collect assigned (or have been assigned) IP addresses from the targeted site or domain that uses the following:

  • Amazon Cloudflare
  • Amazon CloudFront
  • Imperva Incapsula
  • InGen Security (BinarySec EasyWAF)
  • Sucuri

alt text

alt text

Scenarios

For auditing purpose

If successful, you must be able to obtain the IP(s) address of the website as follows:

alt text

In this case 'A direct-connect IP address was found' is reported.

However, some disreputable administrators used a simple redircetion (301 and 302) to force the passage through the WAF. This makes the IP address leak in the 'location' parameter of the HTTP header.

alt text

In this case 'A leaked IP address was found' is displayed but the bypass is NOT effective.

You can’t perform that action at this time.