Find real IP addresses behind Cloudflare by scanning subdomains. Built for penetration testing, security research, and understanding Cloudflare protection.
| Feature | Description |
|---|---|
| IPv4 & IPv6 | Resolves both A and AAAA records |
| Multiple IPs | Finds ALL IPs behind a domain |
| Dynamic CF Detection | Fetches latest IP ranges from Cloudflare's API |
| Multiple Formats | JSON, YAML, CSV, plain text output |
| Multi-threaded | Fast concurrent subdomain resolution |
| SOCKS Proxy | Route DNS through SOCKS4/5 (Tor compatible) |
| REST API | FastAPI server with async scanning |
| Container Ready | OCI-compliant image for Podman/Docker |
Python
git clone https://github.com/Dxsk/CloudRip.git
cd CloudRip
python3 -m venv venv
source venv/bin/activate
pip install -r requirements/base.txt
# For API mode
pip install -r requirements/api.txt
# For development
pip install -r requirements/dev.txtContainer (Podman/Docker)
# Build
podman build -t cloudrip .
# Run API
podman run -d -p 8000:8000 --name cloudrip cloudrip
# With custom config
podman run -d -p 8080:8080 \
-e CLOUDRIP_PORT=8080 \
-e CLOUDRIP_WORKERS=4 \
cloudripCLI
# Basic scan
python3 cloudrip.py example.com
# With options
python3 cloudrip.py example.com -t 20 -o report.json -f json
# With proxy (Tor)
python3 cloudrip.py example.com -p socks5://127.0.0.1:9050Python Library
from cloudrip import CloudRipScanner
scanner = CloudRipScanner("example.com")
scanner.load_cf_ranges()
report = scanner.scan_from_wordlists(["dom.txt"])
for result in report.found:
print(f"{result.domain}: {result.ipv4_non_cf}")REST API
# Start server
uvicorn cloudrip.api:app --port 8000
# Quick check
curl -X POST localhost:8000/api/v1/check \
-H "Content-Type: application/json" \
-d '{"domain": "mail.example.com"}'
# Start scan
curl -X POST localhost:8000/api/v1/scan \
-H "Content-Type: application/json" \
-d '{"domain": "example.com", "threads": 20}'| Mode | Description | Link |
|---|---|---|
| CLI | Command-line scanner | docs/cli.md |
| Library | Python integration | docs/library.md |
| API | REST API server | docs/api.md |
| Container | Podman/Docker deployment | docs/container.md |
Show structure
cloudrip/
├── core/ # Core scanning logic
│ ├── scanner.py # CloudRipScanner class
│ ├── resolver.py # DNS resolution
│ ├── cloudflare.py # Cloudflare IP detection
│ ├── proxy.py # SOCKS proxy support
│ └── models.py # Data models
├── output/ # Report generation
│ └── writers.py # JSON, YAML, CSV, text output
├── cli/ # Command-line interface
│ └── main.py # CLI entry point
├── api/ # REST API (FastAPI)
│ ├── app.py # FastAPI application
│ ├── routes.py # API endpoints
│ ├── schemas.py # Pydantic models
│ └── settings.py # Configuration
└── utils/ # Utilities
└── colors.py # Terminal colors
Pull requests welcome. See CHANGELOG.md for version history.
Only use on systems you have permission to test. For ethical security research and authorized penetration testing only.
MIT