Why on earth would you try to help DDOS'ers? I think you should really take a step back here and reevaluate what drives you here and what impact you have on other people.
Publishing such tools raises awareness of the weakness, and pushes vulnerable origin servers to fix it. Ideally cloudflare would show a warning in their UI when the origin server is publicly accessible.
There is a website currently publishing my (outdated) informations without my consent (old home address, current email, old phone number) and it is hiding behind cloudflare. I wrote to cloudflare months ago, and silence... So there can be many sides to that story here...
Yes, for example, pirate websites are often hiding their identity and if someone is infringing on your copyright you can't go and report it to their hosts because Cloudflare hides the IP. Reporting DMCA to Cloudflare won't give you the IP of their hosts.
A court ruling exempted Cloudflare from its users infringements of copyright making things easy for them.
In practice however, when you peel off Cloudflare you'll be stumped anyways as the DMCA request will be plainly ignored by those "bulletproof" hosts, so I don't think that knowing the real IP would change your chances, and if you're formally filing a case why just not subpoena Cloudflare?
Before CloudFlare sends the FBI to my house..I’m not actually going to code this. It’s just an idea that exposes a problem. The problem is there’s a lot of Cloudflare customers who don’t have their servers configured properly to defend from it. If my amateur self can conceptualize this idea it means cybercriminals already have similar tools and are using them already so If you’re a site operator you should use this post as a warning and fix your servers ahead of time. However, it was messed up they might try to take down the tool rather then help mitigate the flaw.