Skip to main content
← back to extensions

@webframp/cloudflare-audit

v2026.04.22.2

Cloudflare security and configuration audit workflow. Inspects zone settings, DNS records, WAF rules, Workers, and cache configuration, then generates a severity-rated report with findings and recommendations.

Quick Start

swamp extension pull @webframp/cloudflare-audit

swamp model create @webframp/cloudflare/zone cf-zone \
  --global-arg apiToken=CLOUDFLARE_API_TOKEN
swamp model create @webframp/cloudflare/dns cf-dns \
  --global-arg apiToken=CLOUDFLARE_API_TOKEN --global-arg zoneId=ZONE_ID
swamp model create @webframp/cloudflare/waf cf-waf \
  --global-arg apiToken=CLOUDFLARE_API_TOKEN --global-arg zoneId=ZONE_ID
swamp model create @webframp/cloudflare/worker cf-worker \
  --global-arg apiToken=CLOUDFLARE_API_TOKEN --global-arg accountId=ACCOUNT_ID
swamp model create @webframp/cloudflare/cache cf-cache \
  --global-arg apiToken=CLOUDFLARE_API_TOKEN --global-arg zoneId=ZONE_ID

swamp workflow run @webframp/cloudflare-audit --input zoneId=ZONE_ID

Checks Performed

  • SSL mode (off/flexible/full/strict)
  • Always Use HTTPS enabled
  • Development mode disabled
  • Zone paused/active status
  • Firewall rules present and active
  • WAF managed rulesets enabled
  • DNS records proxied (origin IP exposure)
  • Dangling CNAMEs (subdomain takeover risk)
  • CAA records present
  • Worker scripts bound to routes
  • Cache level and hit rate

Repository

https://github.com/webframp/swamp-extensions

Platforms

linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64

Labels

cloudflaresecurityauditdnswaf

Quality score

How well-documented and verifiable this extension is.

100%

Grade A

  • Has README or module doc2/2earned
  • README has a code example1/1earned
  • README is substantive1/1earned
  • Most symbols documented1/1earned
  • No slow types1/1earned
  • Has description1/1earned
  • At least one platform tag (or universal)1/1earned
  • Two or more platform tags (or universal)1/1earned
  • License declared1/1earned
  • Verified public repository2/2earned

Install

$ swamp extension pull @webframp/cloudflare-audit

@webframp/cloudflare-auditada3d8bb-9cde-436e-8bbc-7a45add10e8d

Cloudflare security and configuration audit. Inspects zone settings, DNS records, WAF rules, Workers, and cache config, then generates a severity-rated report with findings and recommendations.

zone-configGather zone-level settings and metadata
1.list-zonescf-zone.list— List all zones in the account
2.get-settingscf-zone.get_settings— Get zone settings (SSL, HTTPS, security headers)
securityGather WAF and firewall posture data
1.list-rulescf-waf.list_rules— List all firewall rules
2.list-packagescf-waf.list_packages— List WAF managed rulesets
3.security-eventscf-waf.get_security_events— Get recent security events
dns-and-edgeGather DNS records, Workers, and cache config
1.list-dnscf-dns.list— List all DNS records in the zone
2.list-workerscf-worker.list_scripts— List all Worker scripts
3.list-routescf-worker.list_routes— List Worker routes for the zone
4.cache-settingscf-cache.get_settings— Get cache-related zone settings
5.cache-analyticscf-cache.get_analytics— Get cache hit rate and bandwidth analytics
finalizeTrigger report generation after all data gathering completes
1.zone-detailcf-zone.get— Fetch zone detail for report context

@webframp/cloudflare-audit-reportworkflow
cloudflare_audit_report.ts

Analyzes Cloudflare zone configuration for security, DNS hygiene, WAF coverage, worker health, and cache performance

cloudflaresecurityaudit