If you're into hacking, there's a good chance that at least one of ProjectDiscovery's tools has been added to your toolbox over the last couple of years. In all honesty, ProjectDiscovery's tools now make up the majority of my toolbox. For this reason, I get excited when they release something new, and ASNMap is no exception.
What are ASNs?
An Autonomous System (AS) is one or more IP prefixes, typically run by one network operator, with a clearly defined routing policy. An Autonomous System Number (ASN) is the identifier for that Autonomous System.
Many large organizations have their own ASN. ASNs are extremely useful for reconnaissance because they allow us to enumerate IP prefixes owned by that organization.
What is ASNMap?
ASNmap is a brand new CLI tool, written in Golang, used to query Autonomous System data. The data is pulled from https://api.asnmap.sh, which returns data that is parsed from Frank Denis' legendary IPtoASN database.
Put simply, ASNMap converts:
- Organization names to CIDR ranges
- ASN numbers to CIDR ranges
- IP addresses to CIDR ranges
- Domain names to CIDR ranges
The results can be viewed in JSON, CSV and text formats, so it's easy to pipe the output into other tools.
Installation
There are many ways to install a Golang tool, I'm going to cover two of them in this article. Both of these methods require a Golang installation, which I'll leave as an exercise for the reader.
Go install method
The easiest is to run the following command simply:
go install github.com/projectdiscovery/asnmap/cmd/asnmap@latest
This will install and compile asnmap, then put the binary into your GOBIN folder, which is typically ~/go/bin
.
Download and compile method
Another method is to download and compile the code yourself. Run the following command to grab the code from GitHub.
git clone https://github.com/projectdiscovery/asnmap
Then navigate to the right directory, and compile the code:
cd asnmap/cmd/asnmap
go build
Now you can run asnmap!
$ ./asnmap
___ _____ __
/ _ | / __/ |/ /_ _ ___ ____
/ __ |_\ \/ / ' \/ _ / _ \
/_/ |_/___/_/|_/_/_/_/\_,_/ .__/
/_/ v0.0.1
projectdiscovery.io
Use with caution. You are responsible for your actions
Developers assume no liability and are not responsible for any misuse or damage.
[FTL] no input defined
Options
The CLI options are split into three sections: input, configurations and output. Here's what they all do:
Input options
These options tell ASNMap what type of data you are feeding it:
-a
or-asn
is for querying an AS number, e.g.-a AS5650
-i
or-ip
is for querying an IP address, e.g.-i 100.19.12.21
-d
or-domain
is for querying a domain name, e.g.-d google.com
-org
is for querying an organization name, e.g.-o GOOGLE
asnmap -i 1.1.1.1 -i 1.3.3.7 -org GOOGLE -d facebook.com
Configuration options
-config
allows you to specify a configuration file. When you install/run ASNMap for the first time, the default configuration template will be generated in~/.config/asnmap/config.yaml
-r
or-resolvers
allows you to specify which DNS servers to use when a domain needs to be resolved.
Output options
These options allow you to specify how you would like to view the data output.
-j
or-json
allows you to view the data in JSON format-c
or-csv
allows you to view the data in CSV format-v
enables verbose mode-silent
stops the banner from showing, and just outputs the data-version
displays the version of ASNMap that you're using-v6
displays the IPv6 CIDR ranges in CLI output-o
or-output
specifies a filename to write the output to
Usage demos
What would a tool release blog be without some demos?
Get IP ranges from an ASN
$ ./asnmap -silent -a AS394161
8.21.14.0/24
8.45.124.0/24
8.47.24.0/24
8.244.67.0/24
8.244.131.0/24
62.67.197.0/24
199.43.255.0/24
199.66.9.0/24
199.66.10.0/23
199.120.48.0/22
199.120.52.0/23
199.120.56.0/24
205.234.11.0/24
209.133.79.0/24
213.19.141.0/24
213.244.145.0/24
Get the CIDR range that an IP belongs to
$ ./asnmap -silent -i 1.1.1.1
1.1.1.0/24
Get CIDR ranges associated with an organization
./asnmap -silent -org GOOGLE
8.8.4.0/24
8.8.8.0/24
8.35.200.0/21
34.3.3.0/24
34.4.4.0/24
34.96.0.0/20
34.96.32.0/19
34.96.64.0/18
34.98.64.0/18
34.98.136.0/21
34.98.144.0/21
✂️ Snipped for brevity
Get CIDR ranges associated with a domain name
$ ./asnmap -silent -d facebook.com
157.240.4.0/22
157.240.8.0/21
157.240.16.0/20
157.240.32.0/19
157.240.64.0/18
Get CIDR ranges associated with multiple domain names
$ ./asnmap -silent -d facebook.com,twitter.com
157.240.4.0/22
157.240.8.0/21
157.240.16.0/20
157.240.32.0/19
157.240.64.0/18
104.244.40.0/23
104.244.42.0/24
JSON output
$ ./asnmap -a AS394161 -silent -json | jq
{
"timestamp": "2022-09-22 23:05:26.866957 +1000 AEST",
"input": "AS394161",
"as_number": "AS394161",
"as_name": "TESLA",
"as_country": "US",
"as_range": [
"8.21.14.0/24"
]
}
{
"timestamp": "2022-09-22 23:05:26.867265 +1000 AEST",
"input": "AS394161",
"as_number": "AS394161",
"as_name": "TESLA",
"as_country": "US",
"as_range": [
"8.45.124.0/24"
]
}
{
"timestamp": "2022-09-22 23:05:26.867277 +1000 AEST",
"input": "AS394161",
"as_number": "AS394161",
"as_name": "TESLA",
"as_country": "US",
"as_range": [
"8.47.24.0/24"
]
}
CSV output
asnmap$ ./asnmap -a AS394161 -silent -csv
timestamp|input|as_number|as_name|as_country|as_range
2022-09-22 23:22:29.881525 +1000 AEST|AS394161|AS394161|TESLA|US|8.21.14.0/24
2022-09-22 23:22:29.881842 +1000 AEST|AS394161|AS394161|TESLA|US|8.45.124.0/24
2022-09-22 23:22:29.881851 +1000 AEST|AS394161|AS394161|TESLA|US|8.47.24.0/24
2022-09-22 23:22:29.881859 +1000 AEST|AS394161|AS394161|TESLA|US|8.244.67.0/24
2022-09-22 23:22:29.881866 +1000 AEST|AS394161|AS394161|TESLA|US|8.244.131.0/24
2022-09-22 23:22:29.881875 +1000 AEST|AS394161|AS394161|TESLA|US|62.67.197.0/24
2022-09-22 23:22:29.881881 +1000 AEST|AS394161|AS394161|TESLA|US|199.43.255.0/24
2022-09-22 23:22:29.881887 +1000 AEST|AS394161|AS394161|TESLA|US|199.66.9.0/24,199.66.10.0/23
2022-09-22 23:22:29.881933 +1000 AEST|AS394161|AS394161|TESLA|US|199.120.48.0/22,199.120.52.0/23
2022-09-22 23:22:29.88196 +1000 AEST|AS394161|AS394161|TESLA|US|199.120.56.0/24
2022-09-22 23:22:29.881967 +1000 AEST|AS394161|AS394161|TESLA|US|205.234.11.0/24
2022-09-22 23:22:29.881976 +1000 AEST|AS394161|AS394161|TESLA|US|209.133.79.0/24
2022-09-22 23:22:29.881982 +1000 AEST|AS394161|AS394161|TESLA|US|213.19.141.0/24
2022-09-22 23:22:29.881988 +1000 AEST|AS394161|AS394161|TESLA|US|213.244.145.0/24
2022-09-22 23:22:29.881994 +1000 AEST|AS394161|AS394161|TESLA|US|2620:137:d000:1::/64
Conclusion
Using AS numbers as a recon method is a widely known technique, but the process of gathering this information has always been quite manual and slow. ASNMap allows you to get this information easily, and without leaving the comfort of your terminal 🧑💻🙂.
If this sounds like a useful tool, you should see what else ProjectDiscovery has available for free on their GitHub profile!
- Luke Stephens (@hakluke)