Thursday, February 26, 2015

Chameleon - Website IP Address Seeker (CDN Unhidden)

What is CDN?

A content delivery network or content distribution network (CDN) is a large distributed system of servers deployed in multiple data centers across the Internet. The goal of a CDN is to serve content to end-users with high availability and high performance. CDNs serve a large fraction of the Internet content today, including web objects (text, graphics and scripts), downloadable objects (media files, software, documents), applications (e-commerce, portals), live streaming media, on-demand streaming media, and social networks.

Content providers such as media companies and e-commerce vendors pay CDN operators to deliver their content to their audience of end-users. In turn, a CDN pays ISPs, carriers, and network operators for hosting its servers in their data centers. Besides better performance and availability, CDNs also offload the traffic served directly from the content provider's origin infrastructure, resulting in possible cost savings for the content provider. In addition, CDNs provide the content provider a degree of protection from DoS attacks by using their large distributed server infrastructure to absorb the attack traffic. While most early CDNs served content using dedicated servers owned and operated by the CDN, there is a recent trend to use a hybrid model that uses P2P technology. In the hybrid model, content is served using both dedicated servers and other peer-user-owned computers as applicable.

*** Quote from Wikipedia

When the websites are using CDN, such as Cloudflare, their IP addresses may be hidden. However, those IP addresses can be retrieved by the following methods :

(We take Cloudflare as an example)
(1) CloudFlare-Watch
(3) Fierce Domain Scan
(4) NoCloudAllowed by Allison Nixon
(5) Chameleon (this article)


Chameleon is an Open Source project by Samiux under GPLv3. Chameleon is developing based on NoCloudAllowed.

As same as NoCloudAllowed (Perl script), Chameleon (Python script) assumes that the target website is within an IP address range(s). The IP address range(s) of a certain country can be obtained via IP2Location. Once you get a CIDR list of the country, you need to extract it to the IP addresses list.

For the comparsion, you need an *unique* string from the target site. Once the string is found, the findings will be recorded in a file for further processing.

For extracting the IP addresses from CIDR list that obtained from IP2Location, I use prips. prips is not installed in Kali Linux by default.

Chameleon is well tested on Kali Linux 1.1.0 and Ubuntu 14.04 LTS.


If the IP address and/or the domain is not pointed to the web root directory, Chameleon cannot find the site as expected. Do NOT set the "--thread" too large as it will consume all your RAM.



tar -xvzf chameleon-0.0.3.tar.gz

sha1sum : dab2486c72d2745075d06698be0f693254dae0da    chameleon-0.0.3.tar.gz

Please note that version 0.0.4 is released!


FEB 22, 2015 - Version 0.0.1 (sha1sum : c2a7af574e0132ab19a8597ded97c13b5f94dece    chameleon-0.0.1.tar.gz)
[+] First release

FEB 25, 2015 - Version 0.0.2 (sha1sum : 8714d5a8ef8566ff6d36adbbbbfaee65bff8a728    chameleon-0.0.2.tar.gz)
[+] Add input file for the ip address comparison
[+] Add timeout option
[-] Drop the single ip address for comparison

FEB 26, 2015 - Version 0.0.3 (sha1sum : dab2486c72d2745075d06698be0f693254dae0da    chameleon-0.0.3.tar.gz)
[+] Add exceptional error handling
[+] Add threading option
[+] Add output file option
[+] Add batch of IP address per thread option


Usage: [options]

  -h, --help            show this help message and exit
                        specify the unique string to search
  -f INFILE, --file=INFILE
                        input file contains ip addresses for comparison
  -p PROTO, --proto=PROTO
                        protocol to use, http or https
  -o TIMEOUT, --timeout=TIMEOUT
                        timeout, default 2 seconds
                        number of threading, default is 1
  -w OUTFILE, --write=OUTFILE
                        output file for findings, default is find.txt
  -b BATCH, --batch=BATCH
                        batch of IP address per thread, default is 1

Example : python -s github -f ip-addresses.txt -p https -b 10 -t 1000 -w github.txt -o 3

Original link

That's all! See you.