Login
CloakQuest3r is a powerful Python tool meticulously crafted to uncover the true IP address of websites safeguarded by Cloudflare, a widely adopted web security and performance enhancement service. Its core mission is to accurately discern the actual IP address of web servers that are concealed behind Cloudflare's protective shield. Subdomain scanning is employed as a key technique in this pursuit. This tool is an invaluable resource for penetration testers, security professionals, and web administrators seeking to perform comprehensive security assessments and identify vulnerabilities that may be obscured by Cloudflare's security measures.
Key Features:
Real IP Detection: CloakQuest3r excels in the art of discovering the real IP address of web servers employing Cloudflare's services. This crucial information is paramount for conducting comprehensive penetration tests and ensuring the security of web assets.
Subdomain Scanning: Subdomain scanning is harnessed as a fundamental component in the process of finding the real IP address. It aids in the identification of the actual server responsible for hosting the website and its associated subdomains.
Threaded Scanning: To enhance efficiency and expedite the real IP detection process, CloakQuest3r utilizes threading. This feature enables scanning of a substantial list of subdomains without significantly extending the execution time.
Detailed Reporting: The tool provides comprehensive output, including the total number of subdomains scanned, the total number of subdomains found, and the time taken for the scan. Any real IP addresses unveiled during the process are also presented, facilitating in-depth analysis and penetration testing.
With CloakQuest3r, you can confidently evaluate website security, unveil hidden vulnerabilities, and secure your web assets by disclosing the true IP address concealed behind Cloudflare's protective layers.
FreshRSS - Still in the development phase, sometimes it can't detect the real Ip.
- CloakQuest3r combines multiple indicators to uncover real IP addresses behind Cloudflare. While subdomain scanning is a part of the process, we do not assume that all subdomains' A records point to the target host. The tool is designed to provide valuable insights but may not work in every scenario. We welcome any specific suggestions for improvement.
1. False Negatives: CloakReveal3r may not always accurately identify the real IP address behind Cloudflare, particularly for websites with complex network configurations or strict security measures.
2. Dynamic Environments: Websites' infrastructure and configurations can change over time. The tool may not capture these changes, potentially leading to outdated information.
3. Subdomain Variation: While the tool scans subdomains, it doesn't guarantee that all subdomains' A records will point to the pri mary host. Some subdomains may also be protected by Cloudflare.
How to Use:
Run CloudScan with a single command-line argument: the target domain you want to analyze.
git clone https://github.com/spyboy-productions/CloakQuest3r.git
cd CloakQuest3r
pip3 install -r requirements.txt
python cloakquest3r.py example.com
The tool will check if the website is using Cloudflare. If not, it will inform you that subdomain scanning is unnecessary.
If Cloudflare is detected, CloudScan will scan for subdomains and identify their real IP addresses.
You will receive detailed output, including the number of subdomains scanned, the total number of subdomains found, and the time taken for the scan.
Any real IP addresses found will be displayed, allowing you to conduct further analysis and penetration testing.
CloudScan simplifies the process of assessing website security by providing a clear, organized, and informative report. Use it to enhance your security assessments, identify potential vulnerabilities, and secure your web assets.
Run it online on replit.com : https://replit.com/@spyb0y/CloakQuest3r
Best DDoS Attack Script Python3, (Cyber / DDos) Attack With 56 MethodsΒ
Please Don't Attack websites without the owners consent.
GET | GET Flood
POST | POST Flood
OVH | Bypass OVH
RHEX | Random HEX
STOMP | Bypass chk_captcha
STRESS | Send HTTP Packet With High Byte
DYN | A New Method With Random SubDomain
DOWNLOADER | A New Method of Reading data slowly
SLOW | Slowloris Old Method of DDoS
HEAD | https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/HEAD
NULL | Null UserAgent and ...
COOKIE | Random Cookie PHP 'if (isset($_COOKIE))'
PPS | Only 'GET / HTTP/1.1\r\n\r\n'
EVEN | GET Method with more header GSB | Google Project Shield Bypass
DGB | DDoS Guard Bypass
AVB | Arvan Cloud Bypass
BOT | Like Google bot
APACHE | Apache Expliot
XMLRPC | WP XMLRPC expliot (add /xmlrpc.php)
CFB | CloudFlare Bypass CFBUAM | CloudFlare Under Attack Mode Bypass
BYPASS | Bypass Normal AntiDDoS
BOMB | Bypass with codesenberg/bombardier
TCP | TCP Flood Bypass
UDP | UDP Flood Bypass
SYN | SYN Flood
CPS | Open and close connections with proxy
ICMP | Icmp echo request flood (Layer3)
CONNECTION | Open connection alive with proxy
VSE | Send Valve Source Engine Protocol
TS3 | Send Teamspeak 3 Status Ping Protocol
FIVEM | Send Fivem Status Pi ng Protocol
MEM | Memcached Amplification
NTP | NTP Amplification
MCBOT | Minecraft Bot Attack
MINECRAFT | Minecraft Status Ping Protocol
MCPE | Minecraft PE Status Ping Protocol
DNS | DNS Amplification CHAR | Chargen Amplification CLDAP | Cldap Amplification
ARD | Apple Remote Desktop Amplification
RDP | Remote Desktop Protocol Amplification
python3 start.py tools
You can download it from GitHub Releases
Requirements
Videos
Tutorial
You can read it from GitHub Wiki
Clone and Install Script
git clone https://github.com/MatrixTM/MHDDoS.git
cd MHDDoS
pip install -r requirements.txtOne-Line Installing on Fresh VPS
apt -y update && apt -y install curl wget libcurl4 libssl-dev python3 python3-pip make cmake automake autoconf m4 build-essential ruby perl golang git && git clone https://github.com/MatrixTM/MHDDoS.git && cd MH* && pip3 install -r requirements.txt
