Bypass-Firewalls-By-Dns-History - Firewall Bypass Script Based On Dns History Records


This script volition endeavour to find:
  • the conduct IP address of a server behind a firewall similar Cloudflare, Incapsula, SUCURI ...
  • an one-time server which nevertheless running the same (inactive as well as unmaintained) website, non receiving active traffic because the H5N1 DNS tape is non pointing towards it. Because it's an outdated as well as unmaintained website version of the electrical flow active one, it is probable vulnerable for diverse exploits. It powerfulness survive easier to honor SQL injections as well as access the database of the one-time website as well as abuse this information to role on the electrical flow as well as active website.

This script (ab)uses DNS history records. This script volition search for one-time DNS H5N1 records and banking concern represent if the server replies for that domain. It besides outputs a confidence level, based on the similarity inward HTML reply of the possible root server as well as the firewall.

Usage
Use the script similar this:
bash bypass-firewalls-by-DNS-history.sh -d example.com
  • -d --domain: domain to bypass
  • -o --outputfile: output file amongst IP's
  • -l --listsubdomains: listing amongst subdomains for extra coverage

Requirements (optional)
jq is needed to parse output to get together automatically subdomains. Install amongst apt install jq.

For who is this script?
This script is handy for:
  • Security auditors
  • Web administrators
  • Bug bounty hunters
  • Blackhatters I gauge ¯\_(ツ)_/¯

How to protect against this script?
  • If y'all role a firewall, brand certain to convey solely traffic coming through the firewall. Deny all traffic coming straight from the internet. For example: Cloudflare has a list of IP's which y'all tin whitelist amongst iptables or UFW. Deny all other traffic.
  • Make certain that no one-time servers are nevertheless accepting connections as well as non accessible inward the commencement place

Web services used inward this script
The next services were used:
  • securitytrails.com
  • certspotter.com

Tags
WAF bypass
Web Application Firewall bypass
DNS History
honor direct/origin IP website