-
Notifications
You must be signed in to change notification settings - Fork 561
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is Cloud and CDN Detection Missing During Port Scanning? #1967
Comments
CDN detection has always been part of BBOT. Is there a specific detection you need? |
Sorry, I didn’t see any module that provides this functionality. I only found cloudcheck, but it clearly doesn’t detect CDNs. Could you point me to the relevant part of the code? |
I think @Luoooio means something like exclude CDN IP from port scanning feature in Naabu |
Lol @Sh4d0wHunt3rX it's coming back to me now |
Okay yeah I think this feature has been requested enough that it makes sense to add. I can see how the extra cloudflare ports could be annoying. |
Added in #1970. |
Thanks for your response. I reviewed the latest submitted PR, and it seems that after the port scan is complete, abort_if is used to determine whether the port should emit_event. Why not check for CDNs at the start of the port scan? If it is a CDN, you could simply scan the allowed_cdn_ports to prevent the efficiency loss that comes from scanning first and then making the judgment. |
@Luoooio I like you, you are very observant ;) It's a good question. The reason is because we're scanning the hosts in extremely large batches. Since we use masscan, which is capable of scanning the entire Internet in 5 minutes, and since often our target is a subnet, it's not economical to break it down into individual IP addresses before the scan. Especially with large subnets, checking each host against the CDN database and splitting the results into two scans takes longer than simply letting masscan do its thing, which is very fast. |
Great response, and thank you for the detailed explanation! It makes sense that a tool needs to consider the overall strategy. I now understand why bbot uses masscan for port scanning—it’s fast enough when large subnets are used as input. In a recursive design, sacrificing some accuracy to gain efficiency is indeed necessary. It’s all about the philosophy of making choices. Impressive! |
I came across this project today and have to say it's impressive—its recursive approach greatly enhances the depth and scope of asset discovery. However, after a quick look at the code, I noticed there’s no built-in detection for CDNs. This could lead to a lot of false positives and wasted time during port scans. I think adding CDN detection would boost efficiency. In the past, I’ve used CNAME checks for CDN detection and included checks for open ports on the same IP during port scans. According to my rules, if an IP has more than 10 open ports, it’s very likely to be a CDN or a hosting provider, making further port scanning pointless. Maybe 10 is too low for some, but it really depends on personal experience. Overall, determining whether an IP is worth scanning should be considered essential.
The text was updated successfully, but these errors were encountered: