Serverless Pentest tools using Cloudflare free account.
- 📒 Table of Contents
- 📍 Overview
- 📂 Project Structure
- 🧩 Tools
- 🚀 Getting Started
- 🗺 Roadmap
- 🤝 Contributing
This project uses various Cloudflare components (accessible with a free account) to offer useful capabilities for a penetration test.
The goal is to provide an easily and quickly deployable serverless platform for conducting a pentest.
The /infra folder contains all the Terraform files needed to deploy the infrastructure on the Cloudflare side.
The various tools are accessible through Python scripts at the root of the repository.
| Feature | Description |
|---|---|
| cf-scanner | TCP port scanner using Cloudflare Workers |
Before you begin, ensure that you have the following prerequisites installed:
poetryterraform
-
Create a Cloudflare account
-
Get your Cloudflare Account ID
https://dash.cloudflare.com/<CLOUDFLARE_ACCOUNT_ID>/
- Create a Cloudflare API Key with following scopes:
- Account - Workers Scripts:Edit
-
Generate a random secret that will be used to authenticate your calls (you can use pwgen for instance)
-
Create a
terraform.tfvarsfile ininfra/:
cloudflare_api_token = "<CHANGE_ME>"
cloudflare_account_id = "<CHANGE_ME>"
cloudfreak_apikey = "<CHANGE_ME>"
- Create your resources in Cloudflare using terraform:
terraform init
terraform plan
terraform apply- Go to your Cloudflare dashboard to get your worker URL (you will need to enable it)
https://dash.cloudflare.com/<ACCOUNT_ID>/workers/services/view/cf-scanner/production/settings
cf-scanner will make a POST request to a dedicated worker that perform TCP connection to scan targets. Targets are split among multiple workers to increase speed.
Known limitations:
- Can only scan TCP ports
- Port 25 is forbidden
- You can not scan Cloudflare IPs
example:
poetry run python3 scanner.py -p 21,22,80,443 -w <WORKER_URL> -v --output output.json --apikey
Les cibles du scans sont passées en positionnal argument et peuvent être un hostname, une IP ou un CIDR
La commande accepte les options suivantes
| Option | Type | Description |
|---|---|---|
| -v | flag | Verbose logging, display debug messages |
| -p | int (mandatory) | single port (22), comma separated list (21,22), range (21-22) |
| --apikey | string (mandatory) | CloudFreak APIKEY defined during startup |
| -w | string (mandatory) | Url of the Cloudflare Worker (full url starting with https://) |
| -o | path | Path to a JSON file for detailed output |
| -i | path | Path of a list of target (one target per line) |
| --parallelism | int | Number of concurrent workers (default: 5) |
| --data | string | Data sent to the foreign service (default: GET / HTTP/1.1\r\n\r\n) |
| --timeout | int | Timeout in ms for host scanning (default: 2000) |
| --ssl | flag | Enable SSL on TCP connect |
- improve banner grabbing
Feel free to contribute !