CloudFail 🚀

CloudFail is a tactical reconnaissance tool designed to gather information about a target protected by Cloudflare, with the goal of discovering the server's location. Using Tor to anonymize all requests, the tool operates through three distinct phases:

1. Misconfigured DNS Scan using DNSDumpster.com.
2. Crimeflare.com Database Scan.
3. Bruteforce Scan across over 2500 subdomains.

💡 We welcome contributions! If you have suggestions or improvements, please submit a pull request.

Disclaimer

⚠️ CloudFail is a Proof of Concept (PoC) and does not guarantee results. Properly configured Cloudflare setups may keep IP addresses hidden or unlogged, which is why this tool exists. This tool is intended solely for academic purposes and testing within controlled environments. Ensure you have proper authorization from the network owner before use. The author assumes no responsibility for misuse.

Installation on Kali/Debian

Start by installing pip3 for Python3 dependencies:

sudo apt-get install python3-pip

Next, install the required dependencies:

pip3 install -r requirements.txt

If you encounter issues due to missing setuptools, install it using:

sudo apt-get install python3-setuptools

Usage

To run a scan against a target:

python3 cloudfail.py --target seo.com

To perform a scan using Tor:

Start the Tor service:

service tor start

(For Windows or Mac users, you can install Vidalia or use the Tor Browser)

python3 cloudfail.py --target seo.com --tor

Ensure you are using Python3 and not Python2.

Dependencies

Required Python3 libraries:

• argparse
• colorama
• socket
• binascii
• datetime
• requests
• win_inet_pton
• dnspython