- Joined
- May 15, 2017
- Messages
- 982
- Likes
- 760
- Points
- 1,045
This script will try to find:
Usage
Use the script like this:
bash bypass-firewalls-by-DNS-history.sh -d example.com
jq is needed to parse output to gather automatically subdomains. Install with apt install jq.
For who is this script?
This script is handy for:
- the direct IP address of a server behind a firewall like Cloudflare, Incapsula, SUCURI ...
- an old server which still running the same (inactive and unmaintained) website, not receiving active traffic because the A DNS record is not pointing towards it. Because it's an outdated and unmaintained website version of the current active one, it is likely vulnerable for various exploits. It might be easier to find SQL injections and access the database of the old website and abuse this information to use on the current and active website.
Usage
Use the script like this:
bash bypass-firewalls-by-DNS-history.sh -d example.com
- -d --domain: domain to bypass
- -o --outputfile: output file with IP's
- -l --listsubdomains: list with subdomains for extra coverage
jq is needed to parse output to gather automatically subdomains. Install with apt install jq.
For who is this script?
This script is handy for:
- Security auditors
- Web administrators
- Bug bounty hunters
- Blackhatters I guess ¯\_(ツ)_/¯
- If you use a firewall, make sure to accept only traffic coming through the firewall. Deny all traffic coming directly from the internet. For example: Cloudflare has a list of IP's which you can whitelist with iptables or UFW. Deny all other traffic.
- Make sure that no old servers are still accepting connections and not accessible in the first place