cdncheck

package module

v0.0.0-...-04c7b6c Latest Latest Go to latest Published: Jul 28, 2024 License: MIT Imports: 11 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ExploitSuite/cdncheck

Links

Open Source Insights

README ¶

cdncheck

Features • Installation • Usage • Join Discord


cdncheck is a tool for identifying the technology associated with dns / ip network addresses.

Features

CDN, CLOUD and WAF Detection
Easy to use as library
Easily extendable providers
IP, DNS input support
Text, JSONL output
Filters on output

Installation

cdncheck requires go1.19 to install successfully. Run the following command to install the latest version:

go install -v github.com/ExploitSuite/cdncheck/cmd/cdncheck@latest

Usage

cdncheck -h

This will display help for the tool. Here are all the switches it supports.

Usage:
  ./cdncheck [flags]

Flags:
INPUT:
   -i, -input string[]  list of ip / dns to process

DETECTION:
   -cdn    display only cdn in cli output
   -cloud  display only cloud in cli output
   -waf    display only waf in cli output

MATCHER:
   -mcdn, -match-cdn string[]      match host with specified cdn provider (cloudfront, fastly, google, leaseweb)
   -mcloud, -match-cloud string[]  match host with specified cloud provider (aws, google, oracle)
   -mwaf, -match-waf string[]      match host with specified waf provider (cloudflare, incapsula, sucuri, akamai)

FILTER:
   -fcdn, -filter-cdn string[]      filter host with specified cdn provider (cloudfront, fastly, google, leaseweb)
   -fcloud, -filter-cloud string[]  filter host with specified cloud provider (aws, google, oracle)
   -fwaf, -filter-waf string[]      filter host with specified waf provider (cloudflare, incapsula, sucuri, akamai)

OUTPUT:
   -resp               display technology name in cli output
   -o, -output string  write output in plain format to file
   -v, -verbose        display verbose output
   -j, -jsonl          write output in json(line) format
   -nc, -no-color      disable colors in cli output
   -version            display version of the project
   -silent             only display results in output

CONFIG:
   -r, -resolver string[]  list of resolvers to use (file or comma separated)
   -e, -exclude            exclude detected ip from output
   -retry int              maximum number of retries for dns resolution (must be at least 1) (default 2)

UPDATE:
   -up, -update                 update cdncheck to latest version
   -duc, -disable-update-check  disable automatic cdncheck update check

How to add new providers?

provider.yaml file contains list of CDN, WAF and Cloud providers. The list contains URLs, ASNs and CIDRs which are then compiled into a final sources_data.json file using generate-index program.

Example of provider.yaml file -

cdn:
  # asn contains the ASN numbers for providers
  asn:
    leaseweb:
      - AS60626

  # urls contains a list of URLs for CDN providers
  urls:
    cloudfront:
      - https://d7uri8nf7uskq.cloudfront.net/tools/list-cloudfront-ips
    fastly:
      - https://api.fastly.com/public-ip-list

  # cidr contains the CIDR ranges for providers
  cidr:
    akamai:
      - "23.235.32.0/20"
      - "43.249.72.0/22"
      - "103.244.50.0/24"
      - "103.245.222.0/23"
      - "103.245.224.0/24"
      - "104.156.80.0/20"

New providers which can be scraped from a URL, ASN or a list of static CIDR can be added to provider.yaml file by following simple steps as listed below:

Fork the GitHub repository containing the cmd/generate-index/provider.yaml file.
Clone your forked repository to your local machine and navigate to the cmd/generate-index directory.
Open the provider.yaml file and locate the section for the type of provider you want to add (CDN, WAF, or Cloud).
Add the new provider's information to the appropriate section in the provider.yaml file.
Commit your changes with a descriptive commit message.
Push your changes to your forked repository on GitHub.
Open a pull request to the original repository with your changes.

Other providers

CNAME and Wappalyzer based additions can be done in other.go file. Just simply add the values to the variables and you're good to go.

// cdnCnameDomains contains a map of CNAME to domains to cdns
var cdnCnameDomains = map[string]string{
	"cloudfront.net":         "amazon",
	"amazonaws.com":          "amazon",
    ...
}

// cdnWappalyzerTechnologies contains a map of wappalyzer technologies to cdns
var cdnWappalyzerTechnologies = map[string]string{
	"imperva":    "imperva",
	"incapsula":  "incapsula",
	...
}

cdncheck as library

Helper library that checks if a given IP is running on Cloud / CDN / WAF.

The library can be used by importing github.com/ExploitSuite/cdncheck. here follows a basic example:

package main

import (
	"fmt"
	"net"
	"github.com/ExploitSuite/cdncheck"
)

func main() {
	client := cdncheck.New()
	ip := net.ParseIP("173.245.48.12")

	// checks if an IP is contained in the cdn denylist
	matched, val, err := client.CheckCDN(ip)
	if err != nil {
		panic(err)
	}

	if matched {
		fmt.Printf("%v is a %v\n", ip, val)
	} else {
		fmt.Printf("%v is not a CDN\n", ip)
	}

	// checks if an IP is contained in the cloud denylist
	matched, val, err = client.CheckCloud(ip)
	if err != nil {
		panic(err)
	}

	if matched {
		fmt.Printf("%v is a %v\n", ip, val)
	} else {
		fmt.Printf("%v is not a Cloud\n", ip)
	}

	// checks if an IP is contained in the waf denylist
	matched, val, err = client.CheckWAF(ip)
	if err != nil {
		panic(err)
	}

	if matched {
		fmt.Printf("%v WAF is %v\n", ip, val)
	} else {
		fmt.Printf("%v is not a WAF\n", ip)
	}
}

cdncheck is made with ❤️ by the projectdiscovery team and distributed under MIT License.

Documentation ¶

Index ¶

Variables
type Client
- func New() *Client
- func NewWithOpts(MaxRetries int, resolvers []string) (*Client, error)
type InputCompiled

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	DefaultCDNProviders   string
	DefaultWafProviders   string
	DefaultCloudProviders string
)

View Source

var DefaultResolvers = []string{
	"1.1.1.1:53",
	"1.0.0.1:53",
	"8.8.8.8:53",
	"8.8.4.4:53",
}

DefaultResolvers trusted (taken from fastdialer)

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	sync.Once
	// contains filtered or unexported fields
}

Client checks for CDN based IPs which should be excluded during scans since they belong to third party firewalls.

func New ¶

func New() *Client

New creates cdncheck client with default options NewWithOpts should be preferred over this function

func NewWithOpts ¶

func NewWithOpts(MaxRetries int, resolvers []string) (*Client, error)

NewWithOpts creates cdncheck client with custom options

func (*Client) Check ¶

func (c *Client) Check(ip net.IP) (matched bool, value string, itemType string, err error)

Check checks if ip belongs to one of CDN, WAF and Cloud . It is generic method for Checkxxx methods

func (*Client) CheckCDN ¶

func (c *Client) CheckCDN(ip net.IP) (matched bool, value string, err error)

CheckCDN checks if an IP is contained in the cdn denylist

func (*Client) CheckCloud ¶

func (c *Client) CheckCloud(ip net.IP) (matched bool, value string, err error)

CheckCloud checks if an IP is contained in the cloud denylist

func (*Client) CheckDNSResponse ¶

func (c *Client) CheckDNSResponse(dnsResponse *retryabledns.DNSData) (matched bool, value string, itemType string, err error)

CheckDNSResponse is same as CheckDomainWithFallback but takes DNS response as input

func (*Client) CheckDomainWithFallback ¶

func (c *Client) CheckDomainWithFallback(domain string) (matched bool, value string, itemType string, err error)

Check Domain with fallback checks if domain belongs to one of CDN, WAF and Cloud . It is generic method for Checkxxx methods Since input is domain, as a fallback it queries CNAME records and checks if domain is WAF

func (*Client) CheckSuffix ¶

func (c *Client) CheckSuffix(fqdns ...string) (isCDN bool, provider string, itemType string, err error)

CheckFQDN checks if fqdns are known cloud ones

func (*Client) CheckWAF ¶

func (c *Client) CheckWAF(ip net.IP) (matched bool, value string, err error)

CheckWAF checks if an IP is contained in the waf denylist

func (*Client) CheckWappalyzer ¶

func (c *Client) CheckWappalyzer(data map[string]struct{}) (isCDN bool, provider string, err error)

CheckWappalyzer checks if the wappalyzer detection are a part of CDN

type InputCompiled ¶

type InputCompiled struct {
	// CDN contains a list of ranges for CDN cidrs
	CDN map[string][]string `yaml:"cdn,omitempty" json:"cdn,omitempty"`
	// WAF contains a list of ranges for WAF cidrs
	WAF map[string][]string `yaml:"waf,omitempty" json:"waf,omitempty"`
	// Cloud contains a list of ranges for Cloud cidrs
	Cloud map[string][]string `yaml:"cloud,omitempty" json:"cloud,omitempty"`
	// Common contains a list of suffixes for major sources
	Common map[string][]string `yaml:"common,omitempty" json:"common,omitempty"`
}

InputCompiled contains a compiled list of input structure

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
cdncheck
functional-test
generate-index
integration-test
examples
generate
internal
runner
testutils

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL