origin-ip-discovery
CommunityUncover hidden origin IPs behind CDN/WAF protections.
Software Engineering#waf-bypass#passive-dns#origin-ip-discovery#cdn-bypass#cloudflare-recon#favicon-hashing#ssl-certificate-enum
Authoruphiago
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill solves the critical reconnaissance challenge of accessing the real origin server IP when a target is protected by CDN or WAF services like Cloudflare, Akamai, or Fastly, which block direct access and hide the underlying infrastructure from standard scanning and vulnerability assessment.
Core Features & Use Cases
- Multi-vector origin discovery: Leverages favicon hash fingerprinting via Shodan, passive DNS historical records, SSL certificate SAN field matching, Google Analytics ID cross-referencing, and common origin leak checks to identify hidden IPs.
- Use case: Authorized penetration testers targeting CDN-protected web applications can use this Skill to bypass WAF rules and access unfiltered origin servers for comprehensive vulnerability testing.
Quick Start
Use the origin-ip-discovery skill to locate the real origin server IP for target.com that is currently hidden behind Cloudflare protection.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: origin-ip-discovery Download link: https://github.com/uphiago/recon-skills/archive/main.zip#origin-ip-discovery Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.