Analysis updated 2026-05-18
Discover the real hosting IP of a domain that is normally hidden behind Cloudflare.
Scan a CIDR range or IP list for servers responding to a specific domain header.
Verify your own server's origin IP is not exposed after moving behind a CDN.
Support authorized security research into CDN-fronted infrastructure.
| internetkafe/cfsearch | duckbugio/flock | ninehills/pdf2md | |
|---|---|---|---|
| Stars | 35 | 36 | 36 |
| Language | Go | Go | Go |
| Setup difficulty | moderate | hard | hard |
| Complexity | 2/5 | 4/5 | 4/5 |
| Audience | ops devops | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires compiling from source with Go, no prebuilt binaries mentioned.
cfsearch is a command-line tool written in Go that helps find the real IP address of a website that is hidden behind a CDN (content delivery network) like Cloudflare. When a website uses a CDN, visitors connect to the CDN's servers rather than the website's actual hosting server, masking the true IP address. cfsearch works by scanning a range of IP addresses and sending HTTP or HTTPS requests to each one with the target website's domain name in the request header, then checking if the response contains the expected domain, indicating the real server was found. You can feed it a list of IP addresses or an entire IP range to scan, control how many checks run simultaneously, and set timeouts. Matching IPs are saved to a file. This is useful for security researchers or network administrators who need to discover the original hosting server of a domain that uses a CDN. The tool is built in Go and must be compiled from source.
A Go command-line tool that scans IP ranges to find the real hosting server behind a CDN like Cloudflare.
Mainly Go. The stack also includes Go, HTTP, HTTPS.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.