Because CloudFail has aged quite a bit, it needs some updates. This fork aims to solve the issues that stopped CloudFail from working.
CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by Cloudflare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases.
- Misconfigured DNS scan using DNSDumpster.com.
- Scan the Crimeflare database.
- Bruteforce scan over 2500 subdomains.
Please feel free to contribute to this project. If you have an idea or improvement issue a pull request!
-
Not by much, hopefully.
This was forked with the intention of making the project work again, as DNSDumpster had changed the way they handled their API the original no longer worked.
We achieved that pretty easily, and with some help improved data sources and error handling. So make sure to read the changelog! -
So far there aren't many, but let's change that together.
- Report Generator
- IP List Output
- Updated Project Structure
- Updated DNSDumpster API Handling
- TOR Fix
- Quality of Life
This tool is a PoC (Proof of Concept) and does not guarantee results. It is possible to setup Cloudflare properly so that the IP is never released or logged anywhere; this is not often the case and hence why this tool exists. This tool is only for academic purposes and testing under controlled environments. Do not use without obtaining proper authorization from the network owner of the network under testing. The author(s) bears no responsibility for any misuse of the tool.
Prerequisites
You'll need to register an account with DNSDumpster, they have several tiers including a free one which is limited to 50 API calls and 50 records per day. Usually this is within scope.
We'll need the API key from the My Account page for our environment, so keep it safe.
First, clone the repository:
git clone https://github.com/cnoid/CloudFail.git && cd CloudFail/You have two choices on how to use the API key:
- Insert it into
.env - Use it as a docker environment command
Next, let's build it:
docker build -t cloudfail .Next, let's run it the first time. Examples:
docker run --name cloudfail cloudfail:latest --helpWithout .env:
docker run --name cloudfail -e DNSDUMPSTER_API_KEY=aaaabbbbccccddddd cloudfail:latest -t example.comWith .env:
docker run --name cloudfail cloudfail:latest -t example.comYou can now reuse the container:
docker start -i cloudfail -t example.comMost (if not all) distributions come with Python installed already, I recommend installing python-is-python3 if your distribution has it. However, if you do not have Python installed:
Debian based
First we need to install pip3 for python3 dependencies:sudo apt-get install python3-pipIf pip install fails, try installing python3-setuptools
sudo apt-get install python3-setuptoolsRecommendation: Install python-is-python3
sudo apt-get install python-is-python3Arch based
Arch should come with this installed by default, however, this installs both python3 and pip:sudo pacman -Sy python-pipIf the pip install fails, make sure you have python-setuptools:
sudo pacman -Sy python-setuptoolsIn Arch, python is python3 by default.
Once you've confirmed this, let's install the requirements:
pip
First, set up a virtual environment:python -m venv venv/Then source it:
source venv/bin/activateNow we can install our requirements:
pip install -r requirements.txtpipx
pipx install -r requirements.txtYou'll need to register an account with DNSDumpster, they have several tiers including a free one which is limited to 50 API calls and 50 records per day. Usually this is within scope.
Once you have your API key from My Account page, simply paste it into the .env, no quotation marks.
____ _ _ _____ _ _
/ ___| | ___ _ _ __| | ___|_ _(_) |
| | | |/ _ \| | | |/ _` | |_ / _` | | |
| |___| | (_) | |_| | (_| | _| (_| | | |
\____|_|\___/ \__,_|\__,_|_| \__,_|_|_|
v1.0.6 by m0rtem / updated by cnoid
[23:56:02] Initializing CloudFail - the date is: 23/01/2025
usage: cloudfail.py [-h] [-t TARGET] [-T] [-u] [-i INPUT] [-r [REPORT ...]] [-o OUTPUT]
options:
-h, --help show this help message and exit
-t TARGET, --target TARGET
target url of website
-T, --tor enable TOR routing
-u, --update update databases
-i INPUT, --input INPUT
path to input file containing subdomains
-r [REPORT ...], --report [REPORT ...]
generate reports (html, md, ip, sub, all)
-o OUTPUT, --output OUTPUT
output file for reportsTo run a scan against a target:
python cloudfail.py --target seo.comTo run a scan against a target using a custom subdomain list:
python cloudfail.py -i subdomains.txt --target seo.comTo run a scan against a target using Tor:
service tor start(or if you are using Windows or Mac install vidalia or just run the Tor browser)
python cloudfail.py --target seo.com --torTo generate a HTML report
python cloudfail.py --target seo.com --report html --output seoreport.htmlTo generate an IP list
python cloudfail.py --target seo.com --report ip --output ip.txtTo generate all reports (HTML, MD, IP list, Subdomain list)
python cloudfail.py --target seo.com --report all --output seoreportMake sure you're running with Python 3. These commands are done with
python-is-python3or equivalent.
Reports are now integrated into CloudFail.
The templates are under lib/util/reports/ where you may modify the templates to your choosing, such as stylizing the HTML file to fit your needs.
Reports have 5 output modes: html, md, ip, sub and all. They're not mutually exclusive and can be used together.
Generate an IP list: -r ip
Generate a HTML report: -r html
Generate a MarkDown report: -r md
Generate a Subdomain List: -r sub
Generate all: -r all
Python3
- argparse
- colorama
- socket
- binascii
- datetime
- requests
- win_inet_pton
- dnspython
23/01/2025:
- Added reports
- HTML and MarkDown reports
- IP list output
- Subdomain output
- Restructured project
22/01/2025:
Thanks to @pykereaper
09/01/2025:
- Updated API call to match dnsdumpster (including API key requirement)
- Added .env for dnsdumpster API key
- Changed Docker image to use python-slim instead of Debian
- Added Docker entrypoint for reusing containers
- Updated finished message to display found IPs
- Changed interaction with input files