gitwtfhub

wtf is cfsearch?

internetkafe/cfsearch — explained in plain English

Analysis updated 2026-05-18

35GoAudience · ops devopsComplexity · 2/5Setup · moderate

TL;DR

A Go command-line tool that scans IP ranges to find the real hosting server behind a CDN like Cloudflare.

Mindmap

mindmap
  root((cfsearch))
    What it does
      Finds real origin IP
      Scans IP ranges
      Checks Host header
    Tech stack
      Go
      HTTP
      HTTPS
    Use cases
      Bypass CDN masking
      Verify origin exposure
    Audience
      Security researchers
      Network admins

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Why would anyone build with this?

REASON 1

Discover the real hosting IP of a domain that is normally hidden behind Cloudflare.

REASON 2

Scan a CIDR range or IP list for servers responding to a specific domain header.

REASON 3

Verify your own server's origin IP is not exposed after moving behind a CDN.

REASON 4

Support authorized security research into CDN-fronted infrastructure.

What's in the stack?

GoHTTPHTTPS

How it stacks up

internetkafe/cfsearchduckbugio/flockmengmengcode/clicd
Stars353634
LanguageGoGoGo
Setup difficultymoderatehardmoderate
Complexity2/54/54/5
Audienceops devopsdeveloperops devops

Figures from each repo's GitHub metadata at analysis time.

How do you spin it up?

Difficulty · moderate Time to first run · 30min

Requires compiling from source with Go, no prebuilt binaries mentioned.

Wtf does this do

cfsearch is a command-line tool written in Go that helps find the real IP address of a website that is hidden behind a CDN (content delivery network) like Cloudflare. When a website uses a CDN, visitors connect to the CDN's servers rather than the website's actual hosting server, masking the true IP address. cfsearch works by scanning a range of IP addresses and sending HTTP or HTTPS requests to each one with the target website's domain name in the request header, then checking if the response contains the expected domain, indicating the real server was found. You can feed it a list of IP addresses or an entire IP range to scan, control how many checks run simultaneously, and set timeouts. Matching IPs are saved to a file. This is useful for security researchers or network administrators who need to discover the original hosting server of a domain that uses a CDN. The tool is built in Go and must be compiled from source.

Yoink these prompts

Prompt 1
Show me how to build cfsearch from source and run my first scan.
Prompt 2
Walk me through scanning a CIDR range with cfsearch and saving matching IPs to a file.
Prompt 3
Explain how cfsearch decides whether a discovered IP is the real origin server.
Prompt 4
How do I tune the worker count and timeout settings in cfsearch for a large scan?

Frequently asked questions

wtf is cfsearch?

A Go command-line tool that scans IP ranges to find the real hosting server behind a CDN like Cloudflare.

What language is cfsearch written in?

Mainly Go. The stack also includes Go, HTTP, HTTPS.

How hard is cfsearch to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is cfsearch for?

Mainly ops devops.

View the repo → Decode another repo

This repo across BitVibe Labs

Don't trust strangers blindly. Verify against the repo.