There are more and more websites using CDN (Content Delivery Network) to help deliver their contents to end users. It is faster, safer and more reliable. At the same time, CDN such as cloudflare company hides your real ip behind their public ip. Is there a way we can bypassing CDN and find out those websites’ real ip addresses.
I found following a couple of websites can help you do that.
Censys uses Internet scan data to give organizations the visibility they need to defend against attacks and improve their overall security hygiene. The foundational technology behind Censys was designed by researchers at the University of Michigan. This team also created the ZMap Scanner, which helped popularize Internet-wide scanning.
Shodan is a search engine for Internet-connected devices, which gathers information about all devices directly connected to the Internet. If a device is directly hooked up to the Internet then Shodan queries it for various publicly-available information. The types of devices that are indexed can vary tremendously: ranging from small desktops up to nuclear power plants and everything in between.
So what does Shodan index then? The bulk of the data is taken from banners, which are metadata about a software that’s running on a device. This can be information about the server software, what options the service supports, a welcome message or anything else that the client would like to know before interacting with the server.
ZoomEyeis a Cyberspace Search Engine recording information of devices, websites, services and components etc. It has two powerful detection engines Xmap and Wmap aiming at devices and websites in the cyberspace. It can be used to identify all the services and components through 24/7 continuous detection. Therefore it is easier for researchers to understand the component coverage and the damage scope of vulnerabilities.
CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by CloudFlare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases.