How hackers bypass and crack CDN protection to find the source IP!

?

Why is your website still getting hacked even though you've added Cloudflare protection? ? The culprit may be this DNS configuration vulnerability! Today we are going to introduce the Cloudmare artifact, like a ‘Cloudflare detector’, 3 steps to pull out the misconfigured source IP!

(The schematic has been desensitised, feel free to eat ~)?
This open source tool can detect in one click:

? Cloudflare/Sucuri/Incapsula protected sites?
? DNS resolution misconfiguration?
? Source server real IP exposure risk?

? Five minutes to get started?

1?? clone arsenal?

git?clone?https://github.com/MrH0wl/Cloudmare.git
cd?Cloudmare

?It's understandable to the uninitiated: it's like downloading a toolkit to your computer!

2?? Enable scanning mode

python Cloudmare.py -u 你的网站.com --bruter -sC

?Advanced tips: add -sSh parameter can also detect SSL certificate vulnerability Oh!?

3?? View the results of the battle

Report Interpretation Guide: ?

?Red warning → must be fixed immediately

??? yellow warning → optimised configuration recommended

?Exclusive guide for Android users

Turn your phone into a hacker with Termux (tutorial lite):

Install the ‘Hacking 3-Piece Kit’:?

pkg install git python dnsutils?

One click to run:?

git clone https://github.com/MrH0wl/Cloudmare.git cd Cloudmare && python Cloudmare.py -hh

??
?Tips: the first run to be patient and wait for the tool to automatically load the plug-in Oh ~ ~

? Important Notes

Only authorised testing, illegal use of the consequences!

Don't panic when you encounter bugs: click here to submit an issue!

Support Windows/Mac/Linux, but Python must be ≥3.7.

? Protection self-checklist

?? Regularly run Cloudmare to check your own website.?
?? Disable non-essential DNS resolution records?
?? Source site IP binding access whitelisting?
?? Enable Cloudflare's ‘strict mode’

?