cdncheck

package module
v0.1.20241115 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 14, 2024 License: MIT Imports: 14 Imported by: 0

README

cdncheck

FeaturesInstallationUsageJoin Discord 


cdncheck is a tool for identifying the technology associated with dns / ip network addresses.

image

Features

  • CDN, CLOUD and WAF Detection
  • Easy to use as library
  • Easily extendable providers
  • IP, DNS input support
  • Text, JSONL output
  • Filters on output

Installation

cdncheck requires go1.19 to install successfully. Run the following command to install the latest version:

go install -v github.com/Explorer1092/cdncheck/cmd/cdncheck@latest

Usage

cdncheck -h

This will display help for the tool. Here are all the switches it supports.

Usage:
  ./cdncheck [flags]

Flags:
INPUT:
   -i, -input string[]  list of ip / dns to process

DETECTION:
   -cdn    display only cdn in cli output
   -cloud  display only cloud in cli output
   -waf    display only waf in cli output

MATCHER:
   -mcdn, -match-cdn string[]      match host with specified cdn provider (cloudfront, fastly, google, leaseweb)
   -mcloud, -match-cloud string[]  match host with specified cloud provider (aws, google, oracle)
   -mwaf, -match-waf string[]      match host with specified waf provider (cloudflare, incapsula, sucuri, akamai)

FILTER:
   -fcdn, -filter-cdn string[]      filter host with specified cdn provider (cloudfront, fastly, google, leaseweb)
   -fcloud, -filter-cloud string[]  filter host with specified cloud provider (aws, google, oracle)
   -fwaf, -filter-waf string[]      filter host with specified waf provider (cloudflare, incapsula, sucuri, akamai)

OUTPUT:
   -resp               display technology name in cli output
   -o, -output string  write output in plain format to file
   -v, -verbose        display verbose output
   -j, -jsonl          write output in json(line) format
   -nc, -no-color      disable colors in cli output
   -version            display version of the project
   -silent             only display results in output

CONFIG:
   -r, -resolver string[]  list of resolvers to use (file or comma separated)
   -e, -exclude            exclude detected ip from output
   -retry int              maximum number of retries for dns resolution (must be at least 1) (default 2)

UPDATE:
   -up, -update                 update cdncheck to latest version
   -duc, -disable-update-check  disable automatic cdncheck update check

How to add new providers?

provider.yaml file contains list of CDN, WAF and Cloud providers. The list contains URLs, ASNs and CIDRs which are then compiled into a final sources_data.json file using generate-index program.

Example of provider.yaml file -

cdn:
  # asn contains the ASN numbers for providers
  asn:
    leaseweb:
      - AS60626

  # urls contains a list of URLs for CDN providers
  urls:
    cloudfront:
      - https://d7uri8nf7uskq.cloudfront.net/tools/list-cloudfront-ips
    fastly:
      - https://api.fastly.com/public-ip-list

  # cidr contains the CIDR ranges for providers
  cidr:
    akamai:
      - "23.235.32.0/20"
      - "43.249.72.0/22"
      - "103.244.50.0/24"
      - "103.245.222.0/23"
      - "103.245.224.0/24"
      - "104.156.80.0/20"

New providers which can be scraped from a URL, ASN or a list of static CIDR can be added to provider.yaml file by following simple steps as listed below:

  • Fork the GitHub repository containing the cmd/generate-index/provider.yaml file.
  • Clone your forked repository to your local machine and navigate to the cmd/generate-index directory.
  • Open the provider.yaml file and locate the section for the type of provider you want to add (CDN, WAF, or Cloud).
  • Add the new provider's information to the appropriate section in the provider.yaml file.
  • Commit your changes with a descriptive commit message.
  • Push your changes to your forked repository on GitHub.
  • Open a pull request to the original repository with your changes.

Other providers

CNAME and Wappalyzer based additions can be done in other.go file. Just simply add the values to the variables and you're good to go.

// cdnCnameDomains contains a map of CNAME to domains to cdns
var cdnCnameDomains = map[string]string{
	"cloudfront.net":         "amazon",
	"amazonaws.com":          "amazon",
    ...
}

// cdnWappalyzerTechnologies contains a map of wappalyzer technologies to cdns
var cdnWappalyzerTechnologies = map[string]string{
	"imperva":    "imperva",
	"incapsula":  "incapsula",
	...
}

cdncheck as library

Helper library that checks if a given IP is running on Cloud / CDN / WAF.

The library can be used by importing github.com/Explorer1092/cdncheck. here follows a basic example:

package main

import (
	"fmt"
	"net"
	"github.com/Explorer1092/cdncheck"
)

func main() {
	client := cdncheck.New()
	ip := net.ParseIP("173.245.48.12")

	// checks if an IP is contained in the cdn denylist
	matched, val, err := client.CheckCDN(ip)
	if err != nil {
		panic(err)
	}

	if matched {
		fmt.Printf("%v is a %v\n", ip, val)
	} else {
		fmt.Printf("%v is not a CDN\n", ip)
	}

	// checks if an IP is contained in the cloud denylist
	matched, val, err = client.CheckCloud(ip)
	if err != nil {
		panic(err)
	}

	if matched {
		fmt.Printf("%v is a %v\n", ip, val)
	} else {
		fmt.Printf("%v is not a Cloud\n", ip)
	}

	// checks if an IP is contained in the waf denylist
	matched, val, err = client.CheckWAF(ip)
	if err != nil {
		panic(err)
	}

	if matched {
		fmt.Printf("%v WAF is %v\n", ip, val)
	} else {
		fmt.Printf("%v is not a WAF\n", ip)
	}
}

cdncheck is made with ❤️ by the projectdiscovery team and distributed under MIT License.

Join Discord

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	DefaultCDNProviders   string
	DefaultWafProviders   string
	DefaultCloudProviders string
)
View Source 
var DefaultResolvers = []string{
	"1.1.1.1:53",
	"1.0.0.1:53",
	"8.8.8.8:53",
	"8.8.4.4:53",
}

DefaultResolvers trusted (taken from fastdialer)

Functions

This section is empty.

Types

type AKSKConfig 

type AKSKConfig struct {
	// https://console.cloud.tencent.com/cam/capi
	TencentId  string `yaml:"TencentId"`
	TencentKey string `yaml:"TencentKey"`

	// https://ram.console.aliyun.com/manage/ak
	AlibabaId  string `yaml:"AlibabaId"`
	AlibabaKey string `yaml:"AlibabaKey"`

	// https://console.bce.baidu.com/iam
	BaiduId  string `yaml:"BaiduId"`
	BaiduKey string `yaml:"BaiduKey"`

	// https://console.volcengine.com/iam/keymanage/
	VolcengineId  string `yaml:"VolcengineId"`
	VolcengineKey string `yaml:"VolcengineKey"`

	// https://support.huaweicloud.com/devg-apisign/api-sign-provide-aksk.html
	HuaweiID  string `yaml:"HuaweiID"`
	HuaweiKey string `yaml:"HuaweiKey"`

	// https://support.huaweicloud.com/devg-apisign/api-sign-provide-aksk.html
	WangsuID  string `yaml:"WangsuID"`
	WangsuKey string `yaml:"WangsuKey"`
}

func ReadAKSKConfig 

func ReadAKSKConfig(filePath string) (*AKSKConfig, error)

type Client 

type Client struct {
	sync.Once
	// contains filtered or unexported fields
}

Client checks for CDN based IPs which should be excluded during scans since they belong to third party firewalls.

func New 

func New() *Client

New creates cdncheck client with default options NewWithOpts should be preferred over this function

func NewWithOpts 

func NewWithOpts(MaxRetries int, resolvers []string) (*Client, error)

NewWithOpts creates cdncheck client with custom options

func (*Client) Check 

func (c *Client) Check(ip net.IP) (matched bool, value string, itemType string, err error)

Check checks if ip belongs to one of CDN, WAF and Cloud . It is generic method for Checkxxx methods

func (*Client) CheckCDN 

func (c *Client) CheckCDN(ip net.IP) (matched bool, value string, err error)

CheckCDN checks if an IP is contained in the cdn denylist

func (*Client) CheckCloud 

func (c *Client) CheckCloud(ip net.IP) (matched bool, value string, err error)

CheckCloud checks if an IP is contained in the cloud denylist

func (*Client) CheckDNSResponse 

func (c *Client) CheckDNSResponse(dnsResponse *retryabledns.DNSData) (matched bool, value string, itemType string, err error)

CheckDNSResponse is same as CheckDomainWithFallback but takes DNS response as input

func (*Client) CheckDomainWithFallback 

func (c *Client) CheckDomainWithFallback(domain string) (matched bool, value string, itemType string, err error)

Check Domain with fallback checks if domain belongs to one of CDN, WAF and Cloud . It is generic method for Checkxxx methods Since input is domain, as a fallback it queries CNAME records and checks if domain is WAF

func (*Client) CheckSuffix 

func (c *Client) CheckSuffix(fqdns ...string) (isCDN bool, provider string, itemType string, err error)

CheckFQDN checks if fqdns are known cloud ones

func (*Client) CheckWAF 

func (c *Client) CheckWAF(ip net.IP) (matched bool, value string, err error)

CheckWAF checks if an IP is contained in the waf denylist

func (*Client) CheckWappalyzer 

func (c *Client) CheckWappalyzer(data map[string]struct{}) (isCDN bool, provider string, err error)

CheckWappalyzer checks if the wappalyzer detection are a part of CDN

type InputCompiled 

type InputCompiled struct {
	// CDN contains a list of ranges for CDN cidrs
	CDN map[string][]string `yaml:"cdn,omitempty" json:"cdn,omitempty"`
	// WAF contains a list of ranges for WAF cidrs
	WAF map[string][]string `yaml:"waf,omitempty" json:"waf,omitempty"`
	// Cloud contains a list of ranges for Cloud cidrs
	Cloud map[string][]string `yaml:"cloud,omitempty" json:"cloud,omitempty"`
	// Common contains a list of suffixes for major sources
	Common map[string][]string `yaml:"common,omitempty" json:"common,omitempty"`
}

InputCompiled contains a compiled list of input structure

Source Files

View all Source files

Directories

Path Synopsis
cmd
cdncheck
functional-test
generate-index
integration-test
internal
runner
testutils

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.