shodan-waf-bypass

Scan shodan for publicly accessible web servers

Usage no npm install needed!

<script type="module">
  import shodanWafBypass from 'https://cdn.skypack.dev/shodan-waf-bypass';
</script>

README

Shodan WAF Bypass

License: ISC

Firewall bypass script based on shodan search results. This script will enumerate IP addresses and check if the server replies for a given host. Returns an array of vulnerable IP addresses. Handy for bugbounty hunters.

Requires a shodan API key and an html snippet to validate the results.

How to protect against this script?

If you are behind a firewall, whitelist connections coming from the firewall and deny all other traffic.

TODO:

  • find a good public website this works for
  • add tests