Scan more ports when CDN is Cloudflare

[brenocss]

Please describe your feature request:

Since now we can differentiate CDN providers by name projectdiscovery/cdncheck#16 it would be interesting for Cloudflare to scan other ports besides 443 and 80

naabu/v2/pkg/runner/runner.go

Lines 257 to 270 in b6bca90

	func (r *Runner) canIScanIfCDN(host string, port int) bool {
	// if CDN ips are not excluded all scans are allowed
	if !r.options.ExcludeCDN {
	return true
	}
	// if exclusion is enabled, but the ip is not part of the CDN ips range we can scan
	if ok, err := r.scanner.CdnCheck(host); err == nil && !ok {
	return true
	}
	// If the cdn is part of the CDN ips range - only ports 80 and 443 are allowed
	return port == 80 || port == 443
	}

• List of supported ports for cloudflare

Describe the use case of this feature:

Always use the -exclude-cdn flag and get more valid results

[brenocss]

func (r *Runner) canIScanIfCDN(host string, port int) bool {
	// if CDN ips are not excluded all scans are allowed
	if !r.options.ExcludeCDN {
		return true
	}
	cdnbool, cdnprovider, err := r.scanner.CdnCheck(host)
	// if exclusion is enabled, but the ip is not part of the CDN ips range we can scan
	if err == nil && !cdnbool {
		return true
	}
	// If ip is from cloudflare we can scan 2052,2053,2082,2083,2086,2087,2095,2096,443,80,8080,8443,8880
	if cdnprovider == "cloudflare" {
		return port == 2052 || port == 2053 || port == 2082 || port == 2083 || port == 2086 || port == 2087 || port == 2095 || port == 2096 || port == 443 || port == 80 || port == 8080 || port == 8443 || port == 8880
	}

	// If the cdn is part of the CDN ips range - only ports 80 and 443 are allowed
	return port == 80 || port == 443
}

[brenocss]

As the behavior -exclude-cdn already exists and it by default and definition only scans 80 and 443, we can define a flag -exclude-cdn-extended that looks for more port for that cdn, as the cloudflare example

[Suryakant-Soni]

Hi @brenocss , from above info, the solution you suggested is to add the new flag -exclude-cdn-extended (-ece) and also check if provider is cloudfare, we can check from the list of cloudfare ports and return true for the matching port(exactly as in the above code given by you)

Question - can i write code for -

1. adding new flag for extended check
2. enable code to check on more listed ports in case if the above flag is set for cloudfare
3. Also what do we need to do in case of other cdns, will we do a full port scan or keep it to 80,443 only ?

Thanks,
Suryakant

[brenocss]

3. Also what do we need to do in case of other cdns, will we do a full port scan or keep it to 80,443 only ?

Keep 80,443 for others cdn

Cloudflare 80,443 + extended port list

[Suryakant-Soni]

Hi @brenocss,
I started with the changes and was testing but found that for cloudflare, the cdnprovider value would always come empty as because -
To get the value of cdnprovider cdncheck library of projectdiscovery takes IP ranges from a json file source_data.json which is only having ranges for 5 CDNs -

hence any ip out of this range will give empty o/p from the func and it would not reach our code for cloudflare,
I tested with udemy.com which is served by cloudflare
Please suggest how to continue ?

Thanks,
Surya