Is your cloud-protected website's origin exposed?
What is CloudPiercer?
Many website owners turn to Cloud-based Security Providers (CBSPs) to protect their infrastructure. For DNS-based services, it is crucial that a web server's real IP address remains hidden from potential attackers as it can be used to bypass the cloud-based protection. Despite this risk, our study has shown that, in practice, over 70% of CBSP-protected domains are exposing their real IP address.
With CloudPiercer, we provide a tool for administrators to automatically evaluate their web server's exposure for several high-profile vectors. This information can then be used to remediate the problem.
If you're interested, have a look at the accompanying research paper.
What CloudPiercer scans for
Your website's hosting IP address ("origin") can be exposed through various vectors.
CloudPiercer scans your website for the following potential vectors:
- IP History databases
- Your website's origin might be exposed in databases that hold historical DNS data about your website.
- CloudPiercer will query these databases to find out which IP addresses are listed for your domain.
- In order not to break some protocols, several websites configured subdomains that resolve directly to the origin (e.g. ftp.example.com)
- CloudPiercer will scan your domain for the existence of several thousand subdomains to determine if such a leak exists.
- DNS Records
- Domains might reveal their web server's IP address through MX, SPF and other DNS records.
- During the scan, your domains DNS records will be queried and checked.
- Sensitive files
- Administrators often forget to restrict access to development or log files which expose sensitive information.
- The tool attempts to access PHP-info files residing on your server.
- PingBack's verification mechanism can be leveraged to trigger an outbound connection from your website's origin, revealing its origin to the recipient.
- CloudPiercer searches for PingBack endpoints and attempts to trigger a connection to its own server.
- Rapid internet-wide scanners can find hosts that present SSL certificates with your domain name on it.
- CloudPiercer queries censys.io to find hosts that list your domain.
Scan your website now!
Please fill in following form to initiate a CloudPiercer scan on your website