search

christophetd / CloudFlair

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
https://blog.christophetd.fr/bypassing-cloudflare-using-internet-wide-scan-data/
2.48k stars 345 forks source link

0 certificates #44

Closed hanulpark98 closed 3 years ago

hanulpark98 commented 3 years ago

it's working out but it seems it can't find the SSL certificates on every site i tried

[*] 0 certificates matching "myvulnerable.site" found. Exiting.

is there any clue to this problem?

christophetd commented 3 years ago

It likely means what it means: none of the sites you tried have an IP on the Internet exposing a TLS certificate with this host name. :-)

See for instance output working with cloudflare.com:

$ python cloudflair.py cloudflare.com
[*] Retrieving Cloudflare IP ranges from https://www.cloudflare.com/ips-v4
[*] The target appears to be behind CloudFlare.
[*] Looking for certificates matching "cloudflare.com" using Censys
[*] 70 certificates matching "cloudflare.com" found.
[*] Looking for IPv4 hosts presenting these certificates...
[*] 298 IPv4 hosts presenting a certificate issued to "cloudflare.com" were found.
  - 46.105.226.43
  - 45.67.228.234
  - 23.95.233.148
  - 54.36.204.60
  - 27.102.130.247
  - 173.208.190.237
 ...