How hackers bypass and crack CDN protection to find the source IP!

Why is your website still getting hacked even though you've added Cloudflare protection? ? The culprit may be this DNS configuration vulnerability! Today we are going to introduce the Cloudmare artifact, like a ‘Cloudflare detector’, 3 steps to pull out the misconfigured source IP!

(The schematic has been desensitised, feel free to eat ~) 
This open source tool can detect in one click:

✅ Cloudflare/Sucuri/Incapsula protected sites 
✅ DNS resolution misconfiguration 
✅ Source server real IP exposure risk 

? Five minutes to get started 

1️⃣ clone arsenal 

git clone https://github.com/MrH0wl/Cloudmare.git
cd Cloudmare

?It's understandable to the uninitiated: it's like downloading a toolkit to your computer!

2️⃣ Enable scanning mode

python Cloudmare.py -u 你的网站.com --bruter -sC

?Advanced tips: add -sSh parameter can also detect SSL certificate vulnerability Oh! 

3️⃣ View the results of the battle

Report Interpretation Guide:  

?Red warning → must be fixed immediately

?⚠️ yellow warning → optimised configuration recommended

?Exclusive guide for Android users

Turn your phone into a hacker with Termux (tutorial lite):

Install the ‘Hacking 3-Piece Kit’: 

pkg install git python dnsutils 

One click to run: 

git clone https://github.com/MrH0wl/Cloudmare.git cd Cloudmare && python Cloudmare.py -hh

  
?Tips: the first run to be patient and wait for the tool to automatically load the plug-in Oh ~ ~

? Important Notes

Only authorised testing, illegal use of the consequences!

Don't panic when you encounter bugs: click here to submit an issue!

Support Windows/Mac/Linux, but Python must be ≥3.7.

? Protection self-checklist

✔️ Regularly run Cloudmare to check your own website. 
✔️ Disable non-essential DNS resolution records 
✔️ Source site IP binding access whitelisting 
✔️ Enable Cloudflare's ‘strict mode’