October 12
CloakQuest3r
CloakQuest3r — это инструмент на Python, который позволяет определить истинный IP-адрес веб-серверов, защищённых сервисом Cloudflare.
Он использует сканирование поддоменов в качестве ключевой техники для обнаружения реального IP-адреса.
Этот инструмент является ценным ресурсом для тестировщиков, специалистов по безопасности и веб-администраторов, которые хотят провести всестороннюю оценку безопасности и выявить уязвимости, скрытые за мерами безопасности Cloudflare.
- Real IP Detection: CloakQuest3r excels in the art of discovering the real IP address of web servers employing Cloudflare's services. This crucial information is paramount for conducting comprehensive penetration tests and ensuring the security of web assets.
- Subdomain Scanning: Subdomain scanning is harnessed as a fundamental component in the process of finding the real IP address. It aids in the identification of the actual server responsible for hosting the website and its associated subdomains.
- IP address History: Retrieve historical IP address information for a given domain. It uses the ViewDNS service to fetch and display details such as IP address, location, owner, and last seen date.
- SSL Certificate Analysis: Extract and analyze SSL certificates associated with the target domain. This could provide additional information about the hosting infrastructure and potentially reveal the true IP address.
- SecurityTrails API (optional): If you add your free SecurityTrails API key to the config.ini file, you can retrieve historical IP information from SecurityTrails.
- Threaded Scanning: To enhance efficiency and expedite the real IP detection process, CloakQuest3r utilizes threading. This feature enables the scanning of a substantial list of subdomains without significantly extending the execution time.
- Detailed Reporting: The tool provides comprehensive output, including the total number of subdomains scanned, the total number of subdomains found, and the time taken for the scan. Any real IP addresses unveiled during the process are also presented, facilitating in-depth analysis and penetration testing.