CloudFail: Find information behind Cloudflare

CloudFail is an authentication tool that aims to gather information about a page protected by Cloudflare in hopes of finding out the real address of the server. Using Tor to hide all your requests, CloudFail already has 3 different attack phases.



  1. Incorrect DNS scan configuration using
  2. Scanning a database on
  3. Bruteforce option that scans over 2500 subdomains.

Installation in Kali / Debian

First we need to install pip3 for python3 dependencies:

$ sudo apt-get install python3-pip

Next, we can perform dependency checks:

$ pip3 install -r requirements.txt

If this fails due to a lack of installation tools, run the following command:

sudo apt-get install python3-setuptools


To perform a scan on a target run the command:

python3 --target

To perform a scan on a target using Tor run the command:

service tor start

(or if you are using Windows or Mac install vidalia or just run the Tor browser)

  Mozilla Firefox Private Network prepares proxy servers

python3 --target --tor

Make sure you are running the program with Python3 and not Python2.



  • clutch
  • colorama
  • socket
  • binascii
  • datetime
  • requests
  • win_inet_pton
  • dnspython


You can download the program from here.

Follow us on Google News at Google news

CloudFail, Cloudflare, iguru

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published.

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).

  + 79 = 81