Today, services against DDoS attacks that hide a real IP address, such as CloudFlare, Incapsula and Antiddos.biz, are becoming more common. I think it makes no sense to explain how important and useful it is to determine the real IP address of the server. Therefore, in this article I will share the algorithm that I follow during audits, when I have to participate in the game “Find my real IP”. In five steps, I will teach you how to find out the real IP address of the site for DDoS protection.
Simple script on the bash.
#!/bin/bash
display_usage() {
echo "This script check connection to list of URLs with specified host."
echo -e "\nUsage:\n$0 ipsfile hostname\n"
echo -e "\nExample:\n$0 moz-com.list moz.com\n"
}
if [ $# -le 1 ]
then
display_usage
exit 1
fi
while read -r line; do
response_http=$(curl -H "Host: $2" --connect-timeout 5 --write-out "code: %{http_code}, length: %{size_download}, redirect: %{redirect_url}" --silent --output /dev/null -k http://$line)
response_https=$(curl -H "Host: $2" --connect-timeout 5 --write-out "code: %{http_code}, length: %{size_download}, redirect: %{redirect_url}" --silent --output /dev/null -k https://$line)
echo "HTTP: $line response [ $response_http ]"
echo "HTTPS: $line response [ $response_https ]"
done < "$1"
The second step is simple, but at the same time the most effective. The point is to find the old IP address of the domain. Perhaps now he is hidden, but earlier, perhaps he was “naked.”
https://viewdns.info/iphistory/
http://ptrarchive.com/
curl -H "Host: www.sitecom" https://site_ip -k dig @old.ns.server.pes.com pes.com
w