cdncheck

package module
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 21, 2025 License: MIT Imports: 12 Imported by: 87

README

cdncheck

FeaturesInstallationUsageJoin Discord 


cdncheck is a tool for identifying the technology associated with dns / ip network addresses.

image

Features

  • CDN, CLOUD and WAF Detection
  • Easy to use as library
  • Easily extendable providers
  • IP, DNS input support
  • Text, JSONL output
  • Filters on output

Installation

cdncheck requires go1.19 to install successfully. Run the following command to install the latest version:

go install -v github.com/projectdiscovery/cdncheck/cmd/cdncheck@latest

Usage

cdncheck -h

This will display help for the tool. Here are all the switches it supports.

Usage:
  ./cdncheck [flags]

Flags:
INPUT:
   -i, -input string[]  list of ip / dns to process

DETECTION:
   -cdn    display only cdn in cli output
   -cloud  display only cloud in cli output
   -waf    display only waf in cli output

MATCHER:
   -mcdn, -match-cdn string[]      match host with specified cdn provider (cloudfront, fastly, google, leaseweb)
   -mcloud, -match-cloud string[]  match host with specified cloud provider (aws, google, oracle)
   -mwaf, -match-waf string[]      match host with specified waf provider (cloudflare, incapsula, sucuri, akamai)

FILTER:
   -fcdn, -filter-cdn string[]      filter host with specified cdn provider (cloudfront, fastly, google, leaseweb)
   -fcloud, -filter-cloud string[]  filter host with specified cloud provider (aws, google, oracle)
   -fwaf, -filter-waf string[]      filter host with specified waf provider (cloudflare, incapsula, sucuri, akamai)

OUTPUT:
   -resp               display technology name in cli output
   -o, -output string  write output in plain format to file
   -v, -verbose        display verbose output
   -j, -jsonl          write output in json(line) format
   -nc, -no-color      disable colors in cli output
   -version            display version of the project
   -silent             only display results in output

CONFIG:
   -r, -resolver string[]  list of resolvers to use (file or comma separated)
   -e, -exclude            exclude detected ip from output
   -retry int              maximum number of retries for dns resolution (must be at least 1) (default 2)

UPDATE:
   -up, -update                 update cdncheck to latest version
   -duc, -disable-update-check  disable automatic cdncheck update check

How to add new providers?

provider.yaml file contains list of CDN, WAF and Cloud providers. The list contains URLs, ASNs and CIDRs which are then compiled into a final sources_data.json file using generate-index program.

Example of provider.yaml file -

cdn:
  # asn contains the ASN numbers for providers
  asn:
    leaseweb:
      - AS60626

  # urls contains a list of URLs for CDN providers
  urls:
    cloudfront:
      - https://d7uri8nf7uskq.cloudfront.net/tools/list-cloudfront-ips
    fastly:
      - https://api.fastly.com/public-ip-list

  # cidr contains the CIDR ranges for providers
  cidr:
    akamai:
      - "23.235.32.0/20"
      - "43.249.72.0/22"
      - "103.244.50.0/24"
      - "103.245.222.0/23"
      - "103.245.224.0/24"
      - "104.156.80.0/20"

New providers which can be scraped from a URL, ASN or a list of static CIDR can be added to provider.yaml file by following simple steps as listed below:

  • Fork the GitHub repository containing the cmd/generate-index/provider.yaml file.
  • Clone your forked repository to your local machine and navigate to the cmd/generate-index directory.
  • Open the provider.yaml file and locate the section for the type of provider you want to add (CDN, WAF, or Cloud).
  • Add the new provider's information to the appropriate section in the provider.yaml file.
  • Commit your changes with a descriptive commit message.
  • Push your changes to your forked repository on GitHub.
  • Open a pull request to the original repository with your changes.

Other providers

CNAME and Wappalyzer based additions can be done in other.go file. Just simply add the values to the variables and you're good to go.

// cdnCnameDomains contains a map of CNAME to domains to cdns
var cdnCnameDomains = map[string]string{
	"cloudfront.net":         "amazon",
	"amazonaws.com":          "amazon",
    ...
}

// cdnWappalyzerTechnologies contains a map of wappalyzer technologies to cdns
var cdnWappalyzerTechnologies = map[string]string{
	"imperva":    "imperva",
	"incapsula":  "incapsula",
	...
}

cdncheck as library

Helper library that checks if a given IP is running on Cloud / CDN / WAF.

The library can be used by importing github.com/projectdiscovery/cdncheck. here follows a basic example:

package main

import (
	"fmt"
	"net"
	"github.com/projectdiscovery/cdncheck"
)

func main() {
	client := cdncheck.New()
	ip := net.ParseIP("173.245.48.12")

	// checks if an IP is contained in the cdn denylist
	matched, val, err := client.CheckCDN(ip)
	if err != nil {
		panic(err)
	}

	if matched {
		fmt.Printf("%v is a %v\n", ip, val)
	} else {
		fmt.Printf("%v is not a CDN\n", ip)
	}

	// checks if an IP is contained in the cloud denylist
	matched, val, err = client.CheckCloud(ip)
	if err != nil {
		panic(err)
	}

	if matched {
		fmt.Printf("%v is a %v\n", ip, val)
	} else {
		fmt.Printf("%v is not a Cloud\n", ip)
	}

	// checks if an IP is contained in the waf denylist
	matched, val, err = client.CheckWAF(ip)
	if err != nil {
		panic(err)
	}

	if matched {
		fmt.Printf("%v WAF is %v\n", ip, val)
	} else {
		fmt.Printf("%v is not a WAF\n", ip)
	}
}

cdncheck is made with ❤️ by the projectdiscovery team and distributed under MIT License.

Join Discord

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	DefaultCDNProviders   string
	DefaultWafProviders   string
	DefaultCloudProviders string
)
View Source 
var DefaultResolvers = []string{
	"1.1.1.1:53",
	"1.0.0.1:53",
	"8.8.8.8:53",
	"8.8.4.4:53",
}

DefaultResolvers trusted (taken from fastdialer) - IPv4 only

View Source 
var IPv6Resolvers = []string{
	"[2606:4700:4700::1111]:53",
	"[2606:4700:4700::1001]:53",
	"[2001:4860:4860::8888]:53",
	"[2001:4860:4860::8844]:53",
}

IPv6Resolvers trusted IPv6 resolvers

Functions

This section is empty.

Types

type Client 

type Client struct {
	sync.Once
	// contains filtered or unexported fields
}

Client checks for CDN based IPs which should be excluded during scans since they belong to third party firewalls.

func New 

func New() *Client

New creates cdncheck client with default options NewWithOpts should be preferred over this function

func NewWithOpts added in v1.0.2 

func NewWithOpts(MaxRetries int, resolvers []string) (*Client, error)

NewWithOpts creates cdncheck client with custom options

func (*Client) Check 

func (c *Client) Check(ip net.IP) (matched bool, value string, itemType string, err error)

Check checks if ip belongs to one of CDN, WAF and Cloud . It is generic method for Checkxxx methods

func (*Client) CheckCDN added in v1.0.0 

func (c *Client) CheckCDN(ip net.IP) (matched bool, value string, err error)

CheckCDN checks if an IP is contained in the cdn denylist

func (*Client) CheckCloud added in v1.0.0 

func (c *Client) CheckCloud(ip net.IP) (matched bool, value string, err error)

CheckCloud checks if an IP is contained in the cloud denylist

func (*Client) CheckDNSResponse added in v1.0.2 

func (c *Client) CheckDNSResponse(dnsResponse *retryabledns.DNSData) (matched bool, value string, itemType string, err error)

CheckDNSResponse is same as CheckDomainWithFallback but takes DNS response as input

func (*Client) CheckDomainWithFallback added in v1.0.2 

func (c *Client) CheckDomainWithFallback(domain string) (matched bool, value string, itemType string, err error)

Check Domain with fallback checks if domain belongs to one of CDN, WAF and Cloud . It is generic method for Checkxxx methods Since input is domain, as a fallback it queries CNAME records and checks if domain is WAF

func (*Client) CheckSuffix added in v1.0.0 

func (c *Client) CheckSuffix(fqdns ...string) (isCDN bool, provider string, itemType string, err error)

CheckFQDN checks if fqdns are known cloud ones

func (*Client) CheckWAF added in v1.0.0 

func (c *Client) CheckWAF(ip net.IP) (matched bool, value string, err error)

CheckWAF checks if an IP is contained in the waf denylist

func (*Client) CheckWappalyzer added in v1.0.0 

func (c *Client) CheckWappalyzer(data map[string]struct{}) (isCDN bool, provider string, err error)

CheckWappalyzer checks if the wappalyzer detection are a part of CDN

func (*Client) GetDnsData added in v1.1.1 

func (c *Client) GetDnsData(domain string) (*retryabledns.DNSData, error)

type InputCompiled added in v1.0.0 

type InputCompiled struct {
	// CDN contains a list of ranges for CDN cidrs
	CDN map[string][]string `yaml:"cdn,omitempty" json:"cdn,omitempty"`
	// WAF contains a list of ranges for WAF cidrs
	WAF map[string][]string `yaml:"waf,omitempty" json:"waf,omitempty"`
	// Cloud contains a list of ranges for Cloud cidrs
	Cloud map[string][]string `yaml:"cloud,omitempty" json:"cloud,omitempty"`
	// Common contains a list of suffixes for major sources
	Common map[string][]string `yaml:"common,omitempty" json:"common,omitempty"`
}

InputCompiled contains a compiled list of input structure

Source Files

View all Source files

Directories

Path Synopsis
cmd
cdncheck command
functional-test command
generate-index command
integration-test command
internal
runner
testutils

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.