Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Swift

Shell

Zig

Elixir

Rust

C#

CoffeeScript

Go

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Crystal

Swift

Erlang

Nix

MATLAB

Python

Kotlin

Dart

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇬🇭 Ghana

🇱🇻 Latvia

🇲🇽 Mexico

🇸🇱 Sierra Leone

🇦🇬 Antigua and Barbuda

🇬🇵 Guadeloupe

🇿🇲 Zambia

🇵🇼 Palau

All Countries Compare Countries

hakluke/hakoriginfinder

Stars
831
Rank 54,863 (Top 2 %)
Language
Go
Created over 2 years ago
Updated 10 months ago

hakluke/hakoriginfinder

hakluke

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!

hakoriginfinder

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing WAFs and other reverse proxies.

How does it work?

This tool will first make a HTTP request to the hostname that you provide and store the response, then it will make a request to every IP address that you provide via HTTP (80) and HTTPS (443), with the Host header set to the original host. Each HTTP response is then compared to the original using the Levenshtein algorithm to determine similarity. If the response is similar, it will be deemed a match.

Usage

Provide the list of IP addresses via stdin, and the original hostname via the -h option. For example:

prips 93.184.216.0/24 | hakoriginfinder -h example.com

You may set the Levenshtein distance threshold with -l. The lower the number, the more similar the matches need to be for it to be considered a match, the default is 5.

The number of threads may be set with -t, default is 32.

The hostname is set with -h, there is no default.

Output

The output is 3 columns, separated by spaces. The first column is either "MATCH" or "NOMATCH" depending on whether the Levenshtein threshold was reached or not. The second column is the URL being tested, and the third column is the Levenshtein score.

Output example

hakluke$ prips 1.1.1.0/24 | hakoriginfinder -h one.one.one.one
NOMATCH http://1.1.1.0 54366
NOMATCH http://1.1.1.30 54366
NOMATCH http://1.1.1.20 54366
NOMATCH http://1.1.1.4 54366
NOMATCH http://1.1.1.11 54366
NOMATCH http://1.1.1.5 54366
NOMATCH http://1.1.1.22 54366
NOMATCH http://1.1.1.13 54366
NOMATCH http://1.1.1.10 54366
NOMATCH http://1.1.1.25 54366
NOMATCH http://1.1.1.19 54366
... snipped for brevity ...
NOMATCH http://1.1.1.251 54366
NOMATCH http://1.1.1.248 54366
MATCH http://1.1.1.1 0
NOMATCH http://1.1.1.3 19567
NOMATCH http://1.1.1.2 19517
MATCH https://1.1.1.1 0
NOMATCH https://1.1.1.3 19534
NOMATCH https://1.1.1.2 19532

Installation

Install golang, then run:

go install github.com/hakluke/hakoriginfinder@latest

how-to-exit-vim

Below are some simple methods for exiting vim.

hakrawler

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

hakrevdns

Small, fast tool for performing reverse DNS lookups en masse.

weaponised-XSS-payloads

XSS payloads designed to turn alert(1) into P1

haktrails

Golang client for querying SecurityTrails API data

hakip2host

hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.

hakcheckurl

Takes a list of URLs and returns their HTTP response codes

bug-bounty-standards

A list of edge cases that occur in bug bounty programs, conversations on how they should be handled. The goal is to standardise the way that specific situations are handled in bug bounties.

haklistgen

Turns any junk text into a usable wordlist for brute-forcing.

hakscale

Distribute ordinary bash commands over many systems

haktldextract

Extract domains/subdomains from URLs en masse

hakfindinternaldomains

Feed it a list of subdomains, it will resolve them and tell you which ones are internal

hakcron

Easily schedule commands to run multiple times at set intervals (like a cronjob, but with one command)

hakq

A basic golang server/client for distributing tasks over multiple systems.

hakrevshell

hakcertstream

Basic implementation of certstream to print new subdomains and domains

hakstore

hakluke

hakcsp

Return domains in CSP headers in http response

hakaxfr

Attempt zone transfers on domains

hakjoke

Gets joke from icanhazdadjoke.com, prints it

haksecuritytxt

Takes a list of domains as the input, checks if they have a security.txt, outputs the results.

helloworlds

hello world in different languages

----svg-onload-alert---

jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

XSS

hakawshostnames

Generate a list of all AWS hostnames

hakurlencode

(en|de)code urls from the CLI

gzipsplit

split lines of text into multiple gzip files

hakgzsplit

Split text files into gzip files with x lines

vulnerable-code-examples

An unorganized batch of vulnerable code examples for use in my blogs, training, etc.

wordlesolver

Little python script + dictionary to help solve Wordle puzzles

FakeKoala

diodb-api