Giter Site home page Giter Site logo

nfttkcauzy / cdnrecon Goto Github PK

View Code? Open in Web Editor NEW
1.0 0.0 6.0 47 KB

CDNRECON is a reconnaissance tool that tries to get the origin IP address of a website protected by something like Cloudflare or Akamai. It can also be used as a general recon tool when doing a penetration test or auditing your own website for possible misconfigurations.

Python 100.00%

cdnrecon's Introduction

CDNRECON - A Content Delivery Network recon tool

CDNRECON is a reconnaissance tool that tries to find the origin or backend IP address of a website protected by a CDNs reverse proxy. You can use it to get a head start when penetration testing a client protected by one aswell as to find possible misconfigurations on your own server. What ever your use case may be, CDNRECON can also be used as a general recon / scanning tool since it automates some common recon tasks in the process.

The things CDNRECON does:

  • Checks the target domain nameservers
  • Dumps DNS records with DNSDumpster
  • Checks common subdomains and gets their IP addresses
  • Checks if any of the IP addresses belong to Cloudflare
  • Checks if any of the IP addresses belong to Akamai
  • Checks if any of the IP addresses are using the AkamaiGHost server
  • Optionally returns data from Shodan for possibly leaked IP addresses
  • Optionally writes the results to target.com-results.txt file

Shodan API keys are NOT required. Altough it's recommended to supply them for maximum output, CDNRECON tries other things before using them.

Checking the nameservers, common subdomains and their IP addresses

   __________  _   ______  ________________  _   __
  / ____/ __ \/ | / / __ \/ ____/ ____/ __ \/ | / /
 / /   / / / /  |/ / /_/ / __/ / /   / / / /  |/ / 
/ /___/ /_/ / /|  / _, _/ /___/ /___/ /_/ / /|  /  
\____/_____/_/ |_/_/ |_/_____/\____/\____/_/ |_/   
                                                  

[i] Checking cloudflare.com nameservers . . .
[+] cloudflare.com is pointing to Cloudflares nameservers
[+] Nameservers: ['ns3.cloudflare.com.', 'ns7.cloudflare.com.', 'ns4.cloudflare.com.', 'ns5.cloudflare.com.', 'ns6.cloudflare.com.']
==================================================
[i] Checking common subdomains . . .
[+] www.cloudflare.com is a valid domain
[+] mail.cloudflare.com is a valid domain
[+] blog.cloudflare.com is a valid domain
[+] support.cloudflare.com is a valid domain
==================================================
[i] Getting subdomain IP addresses . . .
[+] www.cloudflare.com has an IP address of 104.16.124.96
[+] mail.cloudflare.com has an IP address of 216.58.210.147
[+] blog.cloudflare.com has an IP address of 172.64.146.82
[+] support.cloudflare.com has an IP address of 104.18.39.119
==================================================

Checking if the IP addresses belong to Cloudflare

==================================================
[i] Checking if 104.16.124.96 is Cloudflare . . .
[+] 104.16.124.96 is Cloudflare
[+] Ray-ID: 7556c47a2d879914-ARN
[+] Country: Canada
[i] Checking if 216.58.210.147 is Cloudflare . . .
[!] 216.58.210.147 is NOT cloudflare
[i] Checking if 104.18.41.174 is Cloudflare . . .
[+] 104.18.41.174 is Cloudflare
[+] Ray-ID: 7556c47c8bb615dc-ARN
[+] Country: Canada
[i] Checking if 104.18.39.119 is Cloudflare . . .
[+] 104.18.39.119 is Cloudflare
[+] Ray-ID: 7556c47e0d3afe2c-HEL
[+] Country: Canada

Checking if the IP addresses belong to Akamai and if they're using the AkamaiGHost server

[i] Checking if 23.61.197.234 is Akamai . . .
[+] 23.61.197.234 Server detected as AkamaiGHost
[+] Country: Sweden
[i] Checking if 95.101.93.134 is Akamai . . .
[+] 95.101.93.134 Server detected as AkamaiGHost
[+] Country: Sweden
==================================================

Returns data for non Cloudflare IP addresses from Shodan

[i] Shodan results for 23.61.197.234
[+] ISP: Akamai Technologies, Inc.
[+] Country: Sweden
[+] Hostname(s): ['a23-61-197-234.deploy.static.akamaitechnologies.com', 'kbb.com']
[+] Domain(s): ['akamaitechnologies.com', 'kbb.com']
[+] Open port(s): [80, 443]
[i] Shodan results for 95.101.93.134
[+] ISP: Akamai Technologies, Inc.
[+] Country: Sweden
[+] Hostname(s): ['a95-101-93-134.deploy.static.akamaitechnologies.com', 'kbb.com']
[+] Domain(s): ['akamaitechnologies.com', 'kbb.com']
[+] Open port(s): [80, 443]

Installation and usage

Requires atleast python version 3.6 since it uses f-strings.

Tested on Arch Linux. It should work on any Linux distribution and Windows.

Clone the repository

$ sudo git clone https://github.com/Juuso1337/CDNRECON

Install the required depencies

$ cd CDNRECON
$ pip install https://github.com/PaulSec/API-dnsdumpster.com/archive/master.zip --user
$ pip3 install -r requirements.txt

Sample usage guide

$ python3 main.py example.com shodan-key

For more in-depth usage info, supply the -h flag (python3 main.py -h).

usage: main.py [-h] [--write] domain [shodan]

CDNRECON - A Content Delivery Network recon tool

positional arguments:
  domain      Domain to scan
  shodan      Your Shodan API key

options:
  -h, --help  show this help message and exit
  --write     Write results to a target.com-results.txt file

How to get a Shodan API key

1. Register an account at https://account.shodan.io/ (it's totally free).
2. Head over the to the "Account" page and see the "API key" field.

To do

  • Add more CDNs
  • Add Censys support
  • Add certificate search
  • Add IPv4 range bruteforcer
  • Add favicon hash search
  • Add html body hash search

cdnrecon's People

Contributors

43210j avatar

Stargazers

0xf1m avatar

Forkers

egida tadryanom pushkraj99 victorgeel a1k-ghaz1

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.