Instruction: Excluding support.cloudflare.com, community.cloudflare.com and other SaaS applications
Integrity requirements: high
Max severity: critical
Asset identifier: *.cloudflarepartners.com
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction:
Integrity requirements:
Max severity: critical
Asset identifier: *.teams.cloudflare.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: high
Max severity: critical
Asset identifier: 1.1.1.1 Resolver
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
A blazing fast DNS resolver built for private browsing.
https://1.1.1.1/
https://developers.cloudflare.com/1.1.1.1/what-is-1.1.1.1/
https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/
Integrity requirements: high
Max severity: critical
Asset identifier: Argo Tunnel
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Argo Tunnel offers an easy way to expose web servers securely to the internet, without opening up firewall ports and configuring ACLs.
https://www.cloudflare.com/products/argo-tunnel/
Integrity requirements: high
Max severity: critical
Asset identifier: Bot Management
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Cloudflare enables you to manage bots with speed and accuracy by applying several detection methods: Behavioral analysis, machine learning, and fingerprinting.
https://www.cloudflare.com/products/bot-management/
Integrity requirements: high
Max severity: critical
Asset identifier: CDNJS
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: CDNJS is a free and open source project to organize and provide popular front-end web development resources to developers via a fast CDN infrastructure without usage limitations and fees.
https://github.com/cdnjs/cdnjs
https://blog.cloudflare.com/an-update-on-cdnjs/
Integrity requirements:
Max severity: critical
Asset identifier: Cloudflare Access
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Cloudflare Access is an application that controls access to your sites and integrates with social and enterprise identity providers (IdP) for managing user credentials.
https://www.cloudflare.com/products/cloudflare-access/
Asset identifier: Cloudflare Zero Trust/Cloudflare One
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: high
Max severity: critical
Asset identifier: Load Balancing
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Cloudflare's Load Balancing automatically reduces latency by directing visitors to infrastructure closest to them.
https://www.cloudflare.com/load-balancing/
Integrity requirements: high
Max severity: critical
Asset identifier: Magic Transit
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Magic Transit is a software-defined networking product that offers IP transit with DDoS protection, next-gen firewall, traffic acceleration and more for your on-premise and data center networks from a single, easy-to-use interface.
https://www.cloudflare.com/magic-transit/
Integrity requirements: high
Max severity: critical
Asset identifier: Open source tools from Cloudflare
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: https://github.com/cloudflare
Integrity requirements:
Max severity: critical
Asset identifier: Spectrum
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Spectrum extends the power of Cloudflare's DDoS, TLS, and IP Firewall to TCP and UDP-based services, keeping them online and secure.
https://www.cloudflare.com/products/cloudflare-spectrum/
Integrity requirements: high
Max severity: critical
Asset identifier: Stream
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Cloudflare Stream is an easy-to-use, affordable, on-demand video streaming platform. Stream seamlessly integrates video storage, encoding, and a customizable player with Cloudflare’s fast, secure, and reliable global network.
https://www.cloudflare.com/products/cloudflare-stream/
Integrity requirements:
Max severity: critical
Asset identifier: WARP Mobile Apps
Asset type: OTHER
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: Download on Android: https://play.google.com/store/apps/details?id=com.cloudflare.onedotonedotonedotone
Download on iOS: https://itunes.apple.com/us/app/1-1-1-1-faster-internet/id1423538627
WARP is a free VPN for mobile phones. The app can be used as a 1.1.1.1 DNS resolver or VPN or our premium paid service Warp+. It works on wireguard protocol. See documentation section for more details.
Areas of interest:
Upgrading to Warp+ without paying
Can other apps snoop with Warp
Downgrade of connections
Misconfiguration in the apps or backend
MITM attacks
Integrity requirements: high
Max severity: critical
Asset identifier: WARP desktop client
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: Cloudflare Zero Trust client applications releases on Windows, Linux and MacOS
Integrity requirements:
Max severity: critical
Asset identifier: api.cloudflare.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: high
Max severity: critical
Asset identifier: cloudflareworkers.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: This is a Cloudflare Workers test site.
Cloudflare Workers provides a lightweight JavaScript execution environment that allows developers to augment existing applications or create entirely new ones without configuring or maintaining infrastructure.
https://www.cloudflare.com/products/cloudflare-workers/
Integrity requirements: high
Max severity: critical
Asset identifier: dash.cloudflare.com
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: The Cloudflare dashboard (https://dash.cloudflare.com/) and any direct calls from the dashboard to other Cloudflare owned resources are considered in scope.
