Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
add. new auxiliary module: behind_cloudfront #11204
This module can be useful if you need to test the security of your server and your
More precisely, I use multiple data sources (DNS enumeration, ViewDNS.info) to collect
After a cleaning step, ie. if the IP addresses come from the servers of Amazon
Your Censys API SECRET.
Your Censys API UID.
You can use a custom string to perform the comparison. Default: TITLE if it's empty.
This is the hostname [fqdn] on which the website responds. But this can also be a domain.
A proxy chain of format type:host:port[,type:host:port][...]. It's optional.
The target TCP port on which the protected website responds. Default: 443
Negotiate SSL/TLS for outgoing connections. Default: true
Number of concurent threads needed for DNS enumeration. Default: 8
The URI path on which to perform the page comparison. Default: '/'
Name list required for DNS enumeration. Default: ~/metasploit-framework/data/wordlists/namelist.txt
Set DNS enumeration as optional. Default: true
Specify the nameserver to use for queries. Default: is system DNS
HTTP(s) request timeout. Default: 15
You can also enable the verbose mode to have more information displayed in the console.
For auditing purpose
If successful, you must be able to obtain the IP address of the website as follows:
For some reason you may need to change the URI path to interoperate with other than the index page.