简介
用途 使用缓存适应高并发请求 功能 (1)抗DDOS (2)隐藏真实IP
全球DNS地址分布:http://www.ab173.com/dns/dns_world.php
全球IP地址段分布:http://www.ipdeny.com/ipblocks/data/countries/cn.zone
免费代理IP地址:https://www.zdaye.com
IP地址查询地址
http://int.dpool.sina.com.cn/iplookup/iplookup.php?format=js
http://int.dpool.sina.com.cn/iplookup/iplookup.php?format=js&ip=219.242.98.111
http://pv.sohu.com/cityjson
http://pv.sohu.com/cityjson?ie=utf-8
http://txt.go.sohu.com/ip/soip
http://whois.pconline.com.cn
http://apistore.baidu.com/apiworks/servicedetail/114.html
http://www.ip-api.com/
http://www.91cha.com/api/ip.html
http://xn--ip-im8ckc.com/http://cnisp.org/
http://blog.sina.com.cn/s/blog_495161310100js5t.html
http://blog.hackroad.com/operations-engineer/linux_server/3331.html
http://ips.chacuo.net/view/s_SC
种类
Backtory
Incapsula
Fireblade
Fastly
EdgeCast
KeyCDN
Sucuri
Google Cloud
GitHub Pages
Netlify
Azure CDN
Airee
ArvanCloud
CacheFly
Akamai
CDN77
AliyunCdn
MaxCDN
Amazon Cloudfront
AliyunCdn
incapsula cdn
CloudFlare
CND验证
(1)
nslookup 域名解析结果为不止一个IP
(2)
多地ping查询 http://ping.chinaz.com/ http://ping.aizhan.com/ http://ce.cloud.360.cn/ https://asm.ca.com/en/ping.php
(3) 工具查询 https://www.cdnplanet.com/tools/cdnfinder/
http://www.ipip.net/ip.html
CDN下真实IP获取
https://dnsdb.io/zh-cn/ https://www.virustotal.com/ https://x.threatbook.cn/ #微步在线 http://viewdns.info/ http://www.17ce.com/ http://toolbar.netcraft.com/site_report?url= http://site.ip138.com/ https://securitytrails.com/ https://tools.ipip.net/cdn.php
https://securitytrails.com
(2)通过HTTP标头
(3)通过子域名
wydomain:https://github.com/ring04h/wydomain subDomainsBrute:https://github.com/lijiejie/ Sublist3r:https://github.com/aboul3la/Sublist3r layer子域名挖掘机 https://dnsdb.io/zh-cn/ https://phpinfo.me/bing.php http://www.webscan.cc
https://dnsdb.io/zh-cn 搜索引擎(title|body关键字)
(4)SMTP发送邮件,通过邮件源码寻找服务器的真实IP
(5)网站漏洞
敏感信息信息泄露
SSRF
getshell
XSS
获取CDN管理员账号
(6)国外请求 CDN覆盖面没有覆盖到国外IP
(7)SSL证书
(8)全网扫描 -> 根据网站特征过滤筛选
(9)通过请求返回值查找
(10)F5 LTM解码法
前置条件:服务器使用 F5 LTM做负载均衡
(11)修改本机host文件