CloudFront 自选IP探索

更新于 分类于 阅读次数:

CloudFront的节点打开,在响应的Header里Server字段值为CloudFront,利用这方法我们可以用脚本自动扫描到CloudFront的CDN节点IP地址,从而通过自选IP达到加速网站的访问速度的目的…脚本的大致思路是找到CloudFront的所有IP段,然后用masscan工具检测这些IP的443端口通不通,保留通的IP再进行Header里Server字段值的判断,值为CloudFront即为其种某一个CDN节点。

1、环境准备

脚本运行条件:python3环境、numpy和requests模块、另加zmap工具。python3环境可以改为python环境,只需要把脚本的queue模块名改成Queue,第十四行也改成Queue。扫描工具也可以是masscan或者nmap,本文采用masscan。

CentOS系统

1
2
3
4
5
6
7
8
9
10
11
12
13
#安装编译环境和python环境
yum install gcc+ gcc-c++ make python3

wget ftp://ftp.gnu.org/gnu/gengetopt/gengetopt-2.22.6.tar.gz
tar -zvxf gengetopt-2.22.6.tar.gz
cd gengetopt-2.22.6
./configure
make
make install

#安装python脚本所需要的模块
pip3 install requests
pip3 install numpy

2、安装扫描工具

masscan速度处于zmap和nmap两者之间,准确度也处于两者之间。masscan可以兼容部分nmap参数。

masscan安装

1
2
3
4
5
6
#CentOS
yum install git gcc make libpcap-devel
git clone https://github.com/robertdavidgraham/masscan
cd masscan
make
cd bin && cp masscan /bin/

3、Python扫描脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# coding=utf-8
import threading
import requests
import queue
import sys
import re
import os
import numpy as np

#
def bThread(iplist):
    threadl = []
    global q
    q = queue.Queue()
    for host in iplist:
        q.put(host)

    for x in range(0, int(SETTHREAD)):
        threadl.append(tThread(q))

    for t in threadl:
        t.start()
    for t in threadl:
        t.join()

#create thread
class tThread(threading.Thread):
    def __init__(self, queue):
        threading.Thread.__init__(self)
        self.queue = q

    def run(self):
        while not self.queue.empty():
            host = self.queue.get()
            try:
                checkServer(host)
            except:
                continue


def checkalive():
    print('\n[Step1] Scanning alive servers:\n')
    zmap = os.popen("masscan -sS -Pn -n -p443 --rate 120000 --exclude 255.255.255.255 -iL iplist.txt | awk '{print $6}'") 
    global IPLIST
    IPLIST = zmap.read().splitlines()

def checkServer(host):
    header ={'user-agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36'}
    aimurl = "http://"+host+":443"
    response = requests.get(url=aimurl,headers=header,timeout=10)
    serverText = response.headers['server']
    if (serverText == "CFS 0215"):
        print("NewNode:" + host +" has been catched!\n")
        if MUTEX.acquire(3):
            with open("result.txt","a+") as file:
                file.write(host+"\n")
                file.close()
            MUTEX.release()

if __name__ == '__main__':
    os.system("clear")
    print('\n############# Cloud Front Scan ################')
    print('#   Author Madlifer|blog:https://vicho.me     #')
    print('###############################################\n')
    global SETIPLIST
    global SETTHREAD
    global MUTEX
    MUTEX = threading.Lock()
    SETIPLIST = sys.argv[1]
    SETTHREAD = sys.argv[2]
    checkalive()
    print('\n[Step2] Start Scanning edge nodes:\n')
    bThread(IPLIST)
    print('\n[WOW] Winner Winner Chicken Dinner!\n')

在脚本的同级目录下新建iplist.txt,将你要扫描的IP段放进去,运行:

1
python3 scan.py iplist.txt 200