Last active
June 24, 2020 00:55
-
-
Save 0xm0/f99eb09a6911fb904e0bd2ae44917141 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
import requests | |
import json | |
import time | |
import csv | |
import sys | |
import os | |
from bs4 import BeautifulSoup | |
class cloudflare_enum: | |
def __init__( self ): | |
# Master list of headers to be used in each connection | |
self.global_headers = { | |
} | |
self.verbose = True | |
self.s = requests.Session() | |
self.s.headers.update( self.global_headers ) | |
self.atok = '' | |
def log_in( self, username, password ): | |
parse_dict = {} | |
r = self.s.get('https://www.cloudflare.com/', ) | |
new_headers = { | |
'Referer': 'https://www.cloudflare.com/', | |
} | |
self.s.headers.update( dict( new_headers.items() + self.global_headers.items() ) ) | |
r = self.s.get('https://www.cloudflare.com/a/login', ) | |
parse_dict[ 'security_token_0' ] = self.find_between_r( r.text, '"security_token":"', '"}};</script>' ) # http://xkcd.com/292/ | |
post_data = { | |
'email': username, | |
'password': password, | |
'security_token': parse_dict[ 'security_token_0' ], | |
} | |
new_headers = { | |
'Referer': 'https://www.cloudflare.com/a/login', | |
'Content-Type': 'application/x-www-form-urlencoded', | |
} | |
self.s.headers.update( dict( new_headers.items() + self.global_headers.items() ) ) | |
r = self.s.post('https://www.cloudflare.com/a/login', data=post_data) | |
self.atok = self.find_between_r( r.text, 'window.bootstrap = {"atok":"', '","locale":"' ) # http://xkcd.com/292/ | |
def get_domain_dns( self, domain ): | |
parse_dict = {} | |
post_data = { | |
"betas": [], | |
"created_on": "2019-08-24T00:27:16.048Z", | |
"development_mode": False, | |
"jump_start": True, | |
"meta": {}, | |
"modified_on": 'null', | |
"name": domain, | |
"owner": {}, | |
"paused": False, | |
"status": "initializing", | |
"type": "full" | |
} | |
new_headers = { | |
'Content-Type': 'application/json; charset=UTF-8', | |
'X-Requested-With': 'XMLHttpRequest', | |
'Referer': 'https://www.cloudflare.com/a/add-site', | |
'Pragma': 'no-cache', | |
'Cache-Control': 'no-cache', | |
'X-ATOK': self.atok, | |
} | |
self.s.headers.update( dict( new_headers.items() + self.global_headers.items() ) ) | |
r = self.s.post('https://www.cloudflare.com/api/v4/zones', data=json.dumps( post_data )) | |
data = json.loads( r.text ) | |
success = data['success'] | |
if not success: | |
print r.text | |
return False | |
request_id = data['result']['id'] | |
time.sleep( 60 ) | |
get_data = { | |
'per_page': '100', | |
'direction': 'asc', | |
'page': '1', | |
'order': 'type', | |
} | |
new_headers = { | |
'X-Requested-With': 'XMLHttpRequest', | |
'Referer': 'https://www.cloudflare.com/a/setup/' + domain + '/step/2', | |
'X-ATOK': self.atok, | |
} | |
self.s.headers.update( dict( new_headers.items() + self.global_headers.items() ) ) | |
r = self.s.get('https://www.cloudflare.com/api/v4/zones/' + request_id + '/dns_records', params=get_data) | |
return_data = json.loads( r.text ) | |
new_headers = { | |
'X-Requested-With': 'XMLHttpRequest', | |
'Referer': 'https://www.cloudflare.com/a/setup/' + domain + '/step/2', | |
'X-ATOK': self.atok, | |
} | |
self.s.headers.update( dict( new_headers.items() + self.global_headers.items() ) ) | |
r = self.s.delete('https://www.cloudflare.com/api/v4/zones/' + request_id, ) | |
get_data = { | |
'status': 'initializing,pending', | |
'per_page': '50', | |
'page': '1', | |
} | |
new_headers = { | |
'X-Requested-With': 'XMLHttpRequest', | |
'Referer': 'https://www.cloudflare.com/a/add-site', | |
'X-ATOK': self.atok, | |
} | |
self.s.headers.update( dict( new_headers.items() + self.global_headers.items() ) ) | |
r = self.s.get('https://www.cloudflare.com/api/v4/zones', params=get_data) | |
return return_data['result'] | |
def get_spreadsheet( self, domain ): | |
dns_data = self.get_domain_dns( domain ) | |
if dns_data: | |
filename = domain.replace( ".", "_" ) + ".csv" | |
with open( filename, 'wb' ) as csvfile: | |
dns_writer = csv.writer(csvfile, delimiter=',', quotechar='|', quoting=csv.QUOTE_MINIMAL) | |
dns_writer.writerow( [ "name", "type", "content" ] ) | |
for record in dns_data: | |
dns_writer.writerow( [ record["name"], record["type"], record["content"] ] ) | |
self.statusmsg( "Spreadsheet created at " + os.getcwd() + "/" + filename ) | |
def print_banner( self ): | |
if self.verbose: | |
print """ | |
`..--------..` | |
.-:///::------::///:.` | |
`-//:-.`````````````.-://:.` ` ` | |
.://-.```````````````````.-://-` : `- . | |
`-//:.........................-://. /. -: `:` `` | |
`://--------:::://////:::--------://-::.::`:- .:. | |
``.---..` `///::::::///////////////////:::::::///::::::--:.`.-. | |
.://::::///::///::///////////////////////////:::///:-----::--:-` ` | |
`:/:-...--:://////////////////////////////////////////----------.--.` | |
`:/:..-:://////////////////////////////////////////////-----------.```` | |
.//-::////////////////////////////////////:::::////////-...--------...` | |
-/////////////////////////////////////////////::::----:. `.-::::::-..`` | |
``.--:////////////////////////////////////////////////::-..```-///::::///:-` | |
`.:///::::://////////////////////////////////////:::::::::::::::-----......-:/:. | |
`-//:-----::::://///////////////////////////////:///////////////////:-::::---..-//:` | |
`:/:---://+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++//+++//::--//: | |
`//:-/+oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo+++oooo+//://. | |
:///ossssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssosssssso+//: | |
`//+sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss+/- | |
`//+ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo+++++/. | |
`````````````````````````````````````````````````````````````````````````````````````` | |
Cloudflare DNS Enumeration Tool v1.2 | |
By 0xm0 | |
""" | |
def pprint( self, input_dict ): | |
print json.dumps(input_dict, sort_keys=True, indent=4, separators=(',', ': ')) | |
def statusmsg( self, msg ): | |
if self.verbose: | |
print "[ STATUS ] " + msg | |
def errormsg( self, msg ): | |
if self.verbose: | |
print "[ ERROR ] " + msg | |
def successmsg( self, msg ): | |
if self.verbose: | |
print "[ SUCCESS ] " + msg | |
def find_between_r( self, s, first, last ): | |
try: | |
start = s.rindex( first ) + len( first ) | |
end = s.rindex( last, start ) | |
return s[start:end] | |
except ValueError: | |
return "" | |
def find_between( s, first, last ): | |
try: | |
start = s.index( first ) + len( first ) | |
end = s.index( last, start ) | |
return s[start:end] | |
except ValueError: | |
return "" | |
def get_cookie_from_file( self, cookie_file ): | |
return_dict = {} | |
with open( cookie_file ) as tmp: | |
data = tmp.readlines() | |
tmp_data = [] | |
for i, item in enumerate(data): | |
if " " in data[i]: | |
pew = data[i].split( " " ) | |
return_dict[ pew[5] ] = pew[6] | |
return return_dict | |
if __name__ == "__main__": | |
if len( sys.argv ) < 3: | |
print "Usage: " + sys.argv[0] + " username@email.com password domain.com" | |
else: | |
cloud = cloudflare_enum() | |
cloud.print_banner() | |
cloud.log_in( sys.argv[1], sys.argv[2] ) | |
cloud.get_spreadsheet( sys.argv[3] ) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment