Git Product home page Git Product logo

cloudbleed's Introduction

Cloudbleed

Cloudbleed is one of the biggest leaks in the history of private data. Read on the news report or just google it.

This page allows you to search for domains where you wrote sensitive information in the last 6 months to see if they are affected.

This tool is ONLY to search for domains, not for the sensitive information itself. Please do not write anything sensitive (though nothing here is tracked and the site is open source)

Priority list for the search:

  1. Domains where you wrote your credit card in the last 6 months.

  2. Domains for health, insurance and other sensitive information domains.

  3. Domains for emails or phone numbers.

  4. Social networks domains.

  5. Domains where you reuse your password.

  6. Other domains.

S**t, I found a domain where I wrote X

This list contains all domains that use cloudflare DNS, not just the cloudflare SSL proxy (the affected service that leaked data). It's a broad sweeping list that includes everything. Just because a domain is on the list does not mean the site is compromised.

For instance, if the site is using HTTPS with cloudflare but also including Stripe's front-end checkout, they use their own TLS certificates so it wouldn't be compromised.

Some people recommend that if it's a credit card cancel it.

Otherwise change your password and anywhere else where that password was used. Better yet, use this opportunity to start using a Password Manager.

Questions

What is this?

This is just a front-end search for the list of domains published elsewhere. The site will crash at some point if it gets to the front page of anywhere as it was scrapped together in Node.js in a while. I'm setting up a static site that shouldn't crash as you read this.

To install it locally:

git clone git@github.com:franciscop/cloudbleed.git
cd ./cloudbleed
npm install
node app.js

Then open http://localhost:3000/ to use it. However, if you can do the above you might as well just download the domain list and grep it.

Are you using Cloudflare for disclosing a cloudflare vulnerability?

Uhm... yes. The issue is apparently fixed now. You are free to clone this site and host it wherever you want though.

Who are you?

It's not really relevant, I just made a front-end to search for the data.

cloudbleed's People

Contributors

franciscop avatar

Stargazers

avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.