Information Gatheringload-balancingdetectiondnshttpreconnaissance

lbd

lbd is a load balancing detector that checks if a given domain uses load-balancing. It tests for both DNS-loadbalancing and HTTP-loadbalancing.

Description

lbd is a lightweight tool designed to identify whether a target domain is behind a load balancer. This is useful in reconnaissance phases to understand the infrastructure of a target, potentially revealing multiple backend servers or cloud services like ECS.

The tool performs checks for DNS-based load balancing and HTTP-based load balancing by examining server responses. It outputs whether load balancing is found or not, along with specific details like server headers when applicable.

Written by Stefan Behte, lbd is a proof-of-concept tool that may produce false positives. It is particularly handy for pentesters mapping out web infrastructure.

How It Works

lbd first checks for DNS-Loadbalancing, likely by querying DNS records for variations indicating round-robin or similar setups. For HTTP-Loadbalancing, it sends requests to the target domain and inspects the Server header or other response indicators. In the example, it detects ECS (sea/55ED) and ECS (sea/1C15), suggesting variations in response headers from different backend servers behind a load balancer.

Installation

bash

sudo apt install lbd

Examples

Test to see if the target domain (example.com) is using a load balancer. Output shows DNS-Loadbalancing: NOT FOUND and HTTP-Loadbalancing FOUND with ECS server details.

lbd example.com

Check a different domain for load balancing detection across DNS and HTTP.

lbd test.com

Detect load balancing on a specific subdomain or hostname.

lbd www.target.org

Test an application subdomain for backend load balancer usage.

lbd app.example.net

Verify if an API endpoint utilizes load balancing infrastructure.

lbd api.service.com

Scan an e-commerce site for load balancer presence.

lbd shop.company.io

Updated 2026-04-16kali.org ↗