Find Real IP Addresses Of Cloudflare Protected Websites

Nowadays, both small websites and large organizations utilize more security protection than ever before. Their hosting providers ensure that their users' websites are updated and secure. 

One popular method is to use Cloudflare, a content delivery network (CDN) that provides improved security and performance. However, Cloudflare's protection can create difficulties for security researchers and penetration testers, as it can conceal the actual IP address of a website, making it challenging to locate the physical location of the server.

In this article, I'll introduce you to a Python CloakQuest3r that claims to help you extract the real IP address of any Cloudflare-protected website by performing some techniques as given below:

  • Subdomain scanning: CloakQuest3r crawls the website’s subdomains, searching for any that might be leaking the server’s IP address. This is a common tactic used by attackers, as Cloudflare’s protection often doesn’t extend to subdomains.
  • DNS record analysis: The tool analyzes the website’s DNS records, looking for clues about the underlying infrastructure. For example, the presence of MX records (used for email routing) can indicate the location of the mail server, which may be hosted on the same server as the website.
  • SSL certificate extraction and analysis: CloakQuest3r extracts the website’s SSL certificate and examines its contents for information about the server’s issuer and location. While not foolproof, this can sometimes provide valuable leads.
  • Gather geolocation data: Based on the IP address, CloakQuest3r can attempt to gather geolocation data about the server’s location. This information can be useful for piecing together the website’s infrastructure and identifying potential attack vectors.
  • Identify open ports and services: CloakQuest3r can scan the server for open ports and identify the services running on them. This can help understand the server’s functionality and potential vulnerabilities.
and some other techniques are also considered in this process. Let's see how we can use it on our Kali Linux (may also supported on Termux).
 git clone https://github.com/spyboy-productions/CloakQuest3r.git
cd CloakQuest3r
pip3 install -r requirements.txt
python cloakquest3r.py -h
Now all the helping commands with descriptions are shown on the terminal screen, you can use them accordingly.


CloakQuest3r is a powerful tool that can be a valuable addition to any security professional’s arsenal. By using it responsibly and ethically, security professionals can gain valuable insights into the security of websites protected by Cloudflare and help make the internet a safer place.

I hope this information is helpful to you. If you are new in this field or want to extend your hacking skills, Join our real-world practical hacking course to learn complete hacking from scratch.