Internet Security Blog - Hackology

Bypass CloudFlare Security with HatCloud

HatCloud is a Cloudflare Security bypass tool made in ruby, it enables Pentesters to check against any IP leak which might expose the real IP address of a website which is protected by CloudFlare DNS.

CloudFlare Hiding IP Addresses

CloudFlare provides a service for website owners for distributed domain name servers, sitting between the visitor and the Cloudflare user’s hosting provider. Cloudflare protects identity by masking the real IP address of the webserver with their DNS change.

Cloudflare if not properly set up, at times tend to leak out IP Address of a web server, Hackers make use of such real IP address to target the server running the websites which they can not once identity is masked, although there are other ways of finding real identity aswell but that is not in the scope of this post.

How to Use HatCloud

HatCloud can be executed on a Linux based Operating System as the program is in ruby, its usage is pretty straight forward
$> ruby hatcloud.rb -b
ruby hatcloud.rb –byp

ofcourse replace with your test website.

How HatCloud Works

HatCloud exposes real IP address of a website bypassing the Cloudflare masked IP address. HatCloud simply uses another website to pull the data and the script is not making any use of a vulnerability or bug within CloudFlare. Line 60 in hatcloud.rb shows
uri = URI (

CrimeFlare.Biz cfsearch.cgi script is being used by HatCloud to show us results, while CrimeFlare is maintaining a huge database on exposed and bypassed CloudFlare Website IP addresses.Check out CrimeFlare Online Website Scanner for exposed CloudFlare websites.

Download HatCloud

Which CrimeFlare Domain is Original ? was the initial domain later they procured and , as of now all three are held by CrimeFlare Squad

How safe is CloudFlare ?

CloudFlare is as safe as the stamina of someone who is after your web services, as the later increases the former ability decreases. We all know how Google and Cloudflare SSL services are making us fool ?

1 comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Hello everyone I want to sincerely and openly thank [email protected] for his service which saved me from infidelity and lies of my cheating husband, he was able to hack my partner’s phone so i listen to every call he either made or receive. He also hacked his email passwords and Facebook… I know there are lots of people out there looking for proof and evidence about one thing or the other. Be open and real with him so he can even be at the best of his service to you. Do contact him by the email above.

Get Wise

Subscribe to my newsletter to get latest InfoSec / Hacking News (1 Email/week)
Utopia p2p Ecosystem