0.2.2; 2025-01-04

Author: cyclone-github

CHANGELOG.md

@@ -1,4 +1,9 @@
-### version 0.2.1-2024-09-30
+### version 0.2.2; 2025-01-04
+```
+Added geo printout
+Updated Reverse Proxy / WAF list
+```
+### version 0.2.1; 2024-09-30
 ```
 Refactored code
 Refined flags
@@ -7,7 +12,7 @@ Added proxy / WAF checks
 Added CloudFlare IP lookup
 Added built-in subdomain lists
 ```
-### version 0.1.0-2023-12-15
+### version 0.1.0; 2023-12-15
 ```
 Initial version
 ```

README.md

@@ -3,14 +3,14 @@
 [![Go Report Card](https://goreportcard.com/badge/github.com/cyclone-github/ipscope)](https://goreportcard.com/report/github.com/cyclone-github/ipscope)
 [![GitHub issues](https://img.shields.io/github/issues/cyclone-github/ipscope.svg)](https://github.com/cyclone-github/ipscope/issues)
 [![License](https://img.shields.io/github/license/cyclone-github/ipscope.svg)](LICENSE)
-<!-- [![GitHub release](https://img.shields.io/github/release/cyclone-github/ipscope.svg)](https://github.com/cyclone-github/ipscope/releases) -->
+[![GitHub release](https://img.shields.io/github/release/cyclone-github/ipscope.svg)](https://github.com/cyclone-github/ipscope/releases)
 <!-- [![Go Reference](https://pkg.go.dev/badge/github.com/cyclone-github/ipscope.svg)](https://pkg.go.dev/github.com/cyclone-github/ipscope) -->
 
 # IPScope
 
 A CLI tool written in pure Go for IP lookup and subdomain discovery. Designed for security researchers and network administrators to resolve IP addresses for TLDs and subdomains. Includes support for some reverse proxy and WAF detection.
 
-IPScope was written as a capable, no-fuss alternative to more complex CLI tools commonly used for subdomain discovery and active DNS resolution. IPScope features a simple CLI that only requires one command-line argument, the target URL, while maintaining a powerful backend and optional command-line arguments for further customization. Since it's written in Go, there's no need to hunt down outdated or obscure Python dependencies, and since it's written with ease of use in mind, there's no need to figure out complex command-line arguments -- **IPScope just works**.
+IPScope was written as a capable, no-fuss alternative to more complex CLI tools commonly used for subdomain discovery and active DNS resolution. IPScope features a simple CLI that only requires one command-line argument, the target URL, while maintaining a powerful backend and optional command-line arguments for further customization. Since it's written in Go, there's no need to hunt down outdated or obscure Python / Ruby dependencies, and since it's written with ease of use in mind, there's no need to figure out complex command-line arguments -- **IPScope just works**.
 
 ### Usage Instructions:
 Of course, don't run IPScope on domains you don't have permission to probe.
@@ -27,8 +27,8 @@ Of course, don't run IPScope on domains you don't have permission to probe.
 
 Processing URL: example.org using DNS: 1.1.1.1
 
-  TLD  example.org               93.184.215.14       AS15133 Edgecast Inc.    (Reverse Proxy or WAF Detected)
-  TLD  www.example.org           93.184.215.14       AS15133 Edgecast Inc.    (Reverse Proxy or WAF Detected)
+  TLD  example.org                93.184.215.14     AS15133 Edgecast Inc.            Dźwirzyno, West Pomerania, PL (Reverse Proxy or WAF Detected)
+  TLD  www.example.org            93.184.215.14     AS15133 Edgecast Inc.            Dźwirzyno, West Pomerania, PL (Reverse Proxy or WAF Detected)
 ```
   - `./ipscope.bin -url example.org -sub subdomains.txt -dns 8.8.8.8`
 

go.mod

@@ -1,3 +1,3 @@
 module ipscope
 
-go 1.22.4
+go 1.23.4

main.go

@@ -24,21 +24,27 @@ https://github.com/cyclone-github/ipscope/blob/main/LICENSE
 
 Version History:
 
-0.1.0-2023-12-15
+0.1.0; 2023-12-15
 	Initial version
-0.2.1-2024-09-30
+0.2.1; 2024-09-30
 	Refactored code
 	Refined flags
 	Added domain lookup from crt.sh
 	Added proxy / WAF checks
 	Added CloudFlare IP lookup
 	Added built-in subdomain lists
+0.2.2; 2025-01-04
+	Added geo printout
+	Updated Reverse Proxy / WAF list
 */
 
 const cloudflareIPv4URL = "https://www.cloudflare.com/ips-v4/"
 
 type IPInfo struct {
-	Org string `json:"org"`
+	Org     string `json:"org"`
+	Region  string `json:"region"`
+	Country string `json:"country"`
+	City    string `json:"city"`
 }
 
 func main() {

utils.go

@@ -55,15 +55,15 @@ func printOutput(writer *tabwriter.Writer, label, domain string, ips []net.IP) {
 				continue
 			}
 
-			org, err := getIPInfo(ipv4.String())
+			ipInfo, err := getIPInfo(ipv4.String())
 			if err != nil {
-				fmt.Fprintf(writer, "Error fetching organization info: %v\n", err)
+				fmt.Fprintf(writer, "Error fetching IP info: %v\n", err)
 			} else {
-				isReverseProxy := checkCloudFlare(ipv4.String()) || checkKnownWAF(org)
+				isReverseProxy := checkCloudFlare(ipv4.String()) || checkKnownWAF(ipInfo.Org)
 				if isReverseProxy {
-					fmt.Fprintf(writer, "%-3s\t%-24s\t%-20s\t%-24s (Reverse Proxy or WAF Detected)\n", label, domain, ipv4, org)
+					fmt.Fprintf(writer, "%-3s\t%-25s\t%-16s\t%-32s\t %s, %s, %s (Reverse Proxy or WAF Detected)\n", label, domain, ipv4, ipInfo.Org, ipInfo.City, ipInfo.Region, ipInfo.Country)
 				} else {
-					fmt.Fprintf(writer, "%-3s\t%-24s\t%-20s\t%-24s\n", label, domain, ipv4, org)
+					fmt.Fprintf(writer, "%-3s\t%-25s\t%-16s\t%-32s\t %s, %s, %s\n", label, domain, ipv4, ipInfo.Org, ipInfo.City, ipInfo.Region, ipInfo.Country)
 				}
 			}
 		}
@@ -74,45 +74,58 @@ func printOutput(writer *tabwriter.Writer, label, domain string, ips []net.IP) {
 func checkKnownWAF(org string) bool {
 	org = strings.ToLower(org)
 	return strings.Contains(org, "cloudflare") || // Cloudflare
+		strings.Contains(org, "360.cn") || // Qihoo 360
 		strings.Contains(org, "akamai") || // Akamai
+		strings.Contains(org, "aliyun") || // Alibaba Cloud
 		strings.Contains(org, "amazon") || // Amazon AWS
-		strings.Contains(org, "fastly") || // Fastly
-		strings.Contains(org, "imperva") || // Imperva
-		strings.Contains(org, "incapsula") || // Incapsula
-		strings.Contains(org, "sucuri") || // Sucuri
-		strings.Contains(org, "stackpath") || // StackPath
-		strings.Contains(org, "f5") || // F5 Networks
-		strings.Contains(org, "google") || // Google
-		strings.Contains(org, "microsoft") || // Microsoft
+		strings.Contains(org, "arvancloud") || // ArvanCloud
+		strings.Contains(org, "aws waf") || // AWS WAF
+		strings.Contains(org, "azure") || // Azure
+		strings.Contains(org, "baidu") || // Baidu Cloud
 		strings.Contains(org, "barracuda") || // Barracuda
+		strings.Contains(org, "bitninja") || // BitNinja
+		strings.Contains(org, "blazingfast") || // BlazingFast
+		strings.Contains(org, "cdnsun") || // CDNSun
 		strings.Contains(org, "citrix") || // Citrix
 		strings.Contains(org, "cloudfront") || // CloudFront
-		strings.Contains(org, "verizon") || // Verizon
-		strings.Contains(org, "fortinet") || // Fortinet
-		strings.Contains(org, "edgecast") || // Edgecast
+		strings.Contains(org, "digitalocean") || // DigitalOcean
 		strings.Contains(org, "dyn") || // Dyn
-		strings.Contains(org, "radware") || // Radware
-		strings.Contains(org, "azure") || // Azure
-		strings.Contains(org, "arvancloud") || // ArvanCloud
+		strings.Contains(org, "edgecast") || // Edgecast
+		strings.Contains(org, "f5") || // F5 Networks
+		strings.Contains(org, "fastly") || // Fastly
+		strings.Contains(org, "fortinet") || // Fortinet
+		strings.Contains(org, "gcore") || // Gcore
+		strings.Contains(org, "google") || // Google
+		strings.Contains(org, "imperva") || // Imperva
+		strings.Contains(org, "incapsula") || // Imperva Incapsula
+		strings.Contains(org, "incapsula") || // Incapsula
+		strings.Contains(org, "kingsoft") || // Kingsoft Cloud
+		strings.Contains(org, "limelight") || // Limelight Networks
+		strings.Contains(org, "microsoft") || // Microsoft
+		strings.Contains(org, "neustar") || // Neustar
 		strings.Contains(org, "onapp") || // OnApp
-		strings.Contains(org, "bitninja") || // BitNinja
+		strings.Contains(org, "quantil") || // QUANTIL
+		strings.Contains(org, "radware") || // Radware
 		strings.Contains(org, "reblaze") || // Reblaze
 		strings.Contains(org, "section.io") || // Section.io
-		strings.Contains(org, "neustar") || // Neustar
-		strings.Contains(org, "blazingfast") || // BlazingFast
-		strings.Contains(org, "quantil") || // QUANTIL
-		strings.Contains(org, "cdnsun") // CDNSun
+		strings.Contains(org, "shield") || // Cloudflare Spectrum/Shield
+		strings.Contains(org, "stackpath") || // StackPath
+		strings.Contains(org, "stackrox") || // StackRox
+		strings.Contains(org, "sucuri") || // Sucuri
+		strings.Contains(org, "tencent") || // Tencent Cloud
+		strings.Contains(org, "verizon") || // Verizon
+		strings.Contains(org, "vultr") // Vultr
 }
 
 // get org info from IP
-func getIPInfo(ip string) (string, error) {
+func getIPInfo(ip string) (*IPInfo, error) {
 	url := fmt.Sprintf("https://ipinfo.io/%s/json", ip)
 	backoffTime := initialBackoff
 
 	for {
 		resp, err := http.Get(url)
 		if err != nil {
-			return "", err
+			return nil, err
 		}
 		defer resp.Body.Close()
 
@@ -137,10 +150,10 @@ func getIPInfo(ip string) (string, error) {
 
 		var ipInfo IPInfo
 		if err := json.NewDecoder(resp.Body).Decode(&ipInfo); err != nil {
-			return "", err
+			return nil, err
 		}
 
-		return ipInfo.Org, nil
+		return &ipInfo, nil
 	}
 }
 
@@ -210,7 +223,7 @@ func isValidPublicIPv4(ip net.IP) bool {
 
 // version info
 func versionFunc() {
-	fmt.Fprintln(os.Stderr, "Cyclone's IPScope v0.2.1-2024-09-30\nhttps://github.com/cyclone-github/ipscope\n")
+	fmt.Fprintln(os.Stderr, "Cyclone's IPScope v0.2.2; 2025-01-04\nhttps://github.com/cyclone-github/ipscope\n")
 }
 
 // cyclone