whatisgithub

What is cfsearch?

internetkafe/cfsearch — explained in plain English

Analysis updated 2026-05-18

35GoAudience · ops devopsComplexity · 2/5Setup · moderate

In one sentence

A Go command-line tool that scans IP ranges to find the real hosting server behind a CDN like Cloudflare.

Mindmap

mindmap
  root((cfsearch))
    What it does
      Finds real origin IP
      Scans IP ranges
      Checks Host header
    Tech stack
      Go
      HTTP
      HTTPS
    Use cases
      Bypass CDN masking
      Verify origin exposure
    Audience
      Security researchers
      Network admins

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Discover the real hosting IP of a domain that is normally hidden behind Cloudflare.

USE CASE 2

Scan a CIDR range or IP list for servers responding to a specific domain header.

USE CASE 3

Verify your own server's origin IP is not exposed after moving behind a CDN.

USE CASE 4

Support authorized security research into CDN-fronted infrastructure.

What is it built with?

GoHTTPHTTPS

How does it compare?

internetkafe/cfsearchduckbugio/flockninehills/pdf2md
Stars353636
LanguageGoGoGo
Setup difficultymoderatehardhard
Complexity2/54/54/5
Audienceops devopsdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Requires compiling from source with Go, no prebuilt binaries mentioned.

So what is it?

cfsearch is a command-line tool written in Go that helps find the real IP address of a website that is hidden behind a CDN (content delivery network) like Cloudflare. When a website uses a CDN, visitors connect to the CDN's servers rather than the website's actual hosting server, masking the true IP address. cfsearch works by scanning a range of IP addresses and sending HTTP or HTTPS requests to each one with the target website's domain name in the request header, then checking if the response contains the expected domain, indicating the real server was found. You can feed it a list of IP addresses or an entire IP range to scan, control how many checks run simultaneously, and set timeouts. Matching IPs are saved to a file. This is useful for security researchers or network administrators who need to discover the original hosting server of a domain that uses a CDN. The tool is built in Go and must be compiled from source.

Copy-paste prompts

Prompt 1
Show me how to build cfsearch from source and run my first scan.
Prompt 2
Walk me through scanning a CIDR range with cfsearch and saving matching IPs to a file.
Prompt 3
Explain how cfsearch decides whether a discovered IP is the real origin server.
Prompt 4
How do I tune the worker count and timeout settings in cfsearch for a large scan?

Frequently asked questions

What is cfsearch?

A Go command-line tool that scans IP ranges to find the real hosting server behind a CDN like Cloudflare.

What language is cfsearch written in?

Mainly Go. The stack also includes Go, HTTP, HTTPS.

How hard is cfsearch to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is cfsearch for?

Mainly ops devops.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.