Marco polo will help you find the real IP behind any server, most common use is you want to get the real IP for servers behind any WAF, like cloudflare, akamai or imperva, these websites sometimes rely on them 100% and they forget their IP still public and direct attacks still happen and they misconfigured the serve
So with this project you will be able to get the IP from real server, X.X.X.X
To run the code you will need to Golang: https://go.dev/dl/
git clone https://github.com/johnbalvin/marcopoloUse it as it is, then wait for completition
go run . Input{
URL: utils.ParseURL("https://secure.state.co.nz/car"),
Keyworkds: []string{"State Insurance", "secure.state.co.nz/car/favicon.ico"},
BufferSize: 2048,
Asn: asn.Asn{
PrioritiesNames: []string{"IAG New Zealand"},
ForbiddenNames: ForbidenASN,
},
}setup the variables as need it, you need to set the tcp timeout and threads depending on your network enviroment
func main() {
input := Input{ //this is the default host, fill the variables as you need it
URL: utils.ParseURL("https://secure.state.co.nz/car"), //and url to test on on
Keyworkds: []string{"State Insurance", "secure.state.co.nz/car/favicon.ico"}, //keywords presented on the body, use keywords presented on the first bytes of the body
BufferSize: 2048,
Asn: asn.Asn{
PrioritiesNames: []string{"IAG New Zealand"}, //ASN name based on your DNS investigation
ForbiddenNames: ForbidenASN,
},
}
threadsKeywords := 80
threadsSSLVerification := 150
tcpTimeout := time.Second
sslTimeout := time.Second * 5 //it's ok this one to be bigger than the TCP timeout, at the end it will search an small portion of IPs so no need to worry
asnPath := "./asn.csv"
outputFolder := "./results"
stopOnASNFound := true // it will stop once an IP is found on an ASN number, still will search on others ASN
input.SearchByKeywords(stopOnASNFound, threadsKeywords, threadsSSLVerification, tcpTimeout, sslTimeout, asnPath, outputFolder)
}Some IP won't response back on a GET request but for some reason they response with a valid SSL certificate
// USE CABLE AND NOT WIFI, DIRECT CABLE WILL BE BETTER FOR THIS PROJECT
func main() {
input := Input{ //this is the default host, fill the variables as you need it
URL: utils.ParseURL("https://secure.state.co.nz/car"), //url to test on
Asn: asn.Asn{
PrioritiesNames: []string{"IAG New Zealand"}, //ASN name based on your DNS investigation
ForbiddenNames: ForbidenASN,
},
}
threadsSSLVerification := 150
sslTimeout := time.Second * 5
asnPath := "./asn.csv"
outputFolder := "./results"
stopOnSSlFound := true // it will stop once a valid SSL for that domain is found
input.SearchBySSLCertificatesOnly(stopOnSSlFound, threadsSSLVerification, sslTimeout, asnPath, outputFolder)
}You need:
- URL: which url you are gonna test
- Keyworkds: what keywords are on the body, try to get this keyboard from the first bytes from the html
- TCPTimeout: play aroung with this value depending on your network enviroment
- Asn.PrioritiesNames: what is the ASN names to filter out
To get faster results you need to config your machine to perform the best way possible, one way is to get rid of any intermediary so if you have a step like this:
Conect directly by cable to the primary router: Instead of using your pc with wifi or intermediary router:
Use direct cable to the the main router:
sudo mv config_debian.txt /etc/sysctl.conf sudo modprobe nf_conntrack sudo sysctl -pverify ports number
ulimit -n sudo mv tcplimits.txt /etc/security/limits.confLogout and login again
see the change:
ulimit -n su mv config_freebsd.txt /etc/sysctl.conf sysctl -f /etc/sysctl.conf ulimit -n mv tcplimits.txt /etc/security/limits.confLogout and login again
ulimit -n