CloudPiercer

Is your cloud-protected website's origin exposed?

What is CloudPiercer?


Many website owners turn to Cloud-based Security Providers (CBSPs) to protect their infrastructure. For DNS-based services, it is crucial that a web server's real IP address remains hidden from potential attackers as it can be used to bypass the cloud-based protection. Despite this risk, our study has shown that, in practice, over 70% of CBSP-protected domains are exposing their real IP address.
With CloudPiercer, we provide a tool for administrators to automatically evaluate their web server's exposure for several high-profile vectors. This information can then be used to remediate the problem.
If you're interested, have a look at the accompanying research paper.

What CloudPiercer scans for


Your website's hosting IP address ("origin") can be exposed through various vectors.

CloudPiercer scans your website for the following potential vectors:

IP History databases
Your website's origin might be exposed in databases that hold historical DNS data about your website.
CloudPiercer will query these databases to find out which IP addresses are listed for your domain.
Subdomains
In order not to break some protocols, several websites configured subdomains that resolve directly to the origin (e.g. ftp.example.com)
CloudPiercer will scan your domain for the existence of several thousand subdomains to determine if such a leak exists.
DNS Records
Domains might reveal their web server's IP address through MX, SPF and other DNS records.
During the scan, your domains DNS records will be queried and checked.
Sensitive files
Administrators often forget to restrict access to development or log files which expose sensitive information.
The tool attempts to access PHP-info files residing on your server.
PingBacks
PingBack's verification mechanism can be leveraged to trigger an outbound connection from your website's origin, revealing its origin to the recipient.
CloudPiercer searches for PingBack endpoints and attempts to trigger a connection to its own server.
Certificates
Rapid internet-wide scanners can find hosts that present SSL certificates with your domain name on it.
CloudPiercer queries censys.io to find hosts that list your domain.

Scan your website now!


Please fill in following form to initiate a CloudPiercer scan on your website

We will contact you via e-mail when the scan is complete.

By clicking the above button, you agree to our Terms of Service.