Bug Bounty Hub
  • 🚀WELCOME
    • Bug Bounty Hub
    • BBH - Values
    • About the author
  • 🕸️PENTESTING WEB
    • Information Gathering
      • Enumerating ASN and IP blocks
      • Reverse IP Lookup
      • Scanning Open Ports/Services
      • Subdomain Enumeration
        • Active Subdomain Enumeration
        • Passive Subdomain Enumeration
        • Subdomain Permutations
        • Check Alive Subdomains
      • Subdomain Takeover
      • Fuzzing
      • JavaScript Files
      • Endpoints
      • Input Parameters
      • Mapping Attack Surface - Crawling/Spider
      • Fingerprinting
      • Potential Vulnerabilities - Nuclei
    • Client-Side Injection Attacks
    • Server-Side Vulnerabilities
      • Path Traversal/File Inclusion
      • Access Control
      • Authentication
      • Server-side Request Forgery (SSRF)
      • File upload vulnerabilities
      • OS Command Injection
      • SQL Injection
        • MySQL Injection
        • SQLi with SQLMap
    • Authentication
    • Insecure Direct Object Reference (IDOR)
    • Cross-Site Request Forgery Attacks
    • Business Logic Flaws
    • HTTP Verb Tampering
    • Bypass 401 & 403
    • Evading WAFs
    • Reporting
  • 🐣THE BASICS OF WEB
    • HTTP Methods
    • HTTP Response Codes
    • HTTP Headers
      • AWS S3 Buckets Headers
    • HTTP Cookies
    • Encoding
      • URL encoding
      • HTML encoding
      • Base 64 encoding
      • Unicode encoding
    • Web Browsers
      • Same-Origin Policy (SOP)
      • Content Security Policy (CSP)
      • Subresource Integrity Check (SIC)
    • Web Proxies
  • 📚RESOURCES
    • Books
    • Web resources
    • CTF Platforms
  • 🏔️Bug Bounty Platforms
Powered by GitBook
On this page
  • Enumerating ASN with bgp.he.net
  • Enumerating IP Ranges from ASN with Nmap

Was this helpful?

  1. PENTESTING WEB
  2. Information Gathering

Enumerating ASN and IP blocks

PreviousInformation GatheringNextReverse IP Lookup

Last updated 5 months ago

Was this helpful?

An autonomous system number (ASN) is a unique identifier assigned to an organization or company. It represents a collection of IP addresses that belong to that entity.

Enumerating ASN with bgp.he.net

For instance, we can use bgp.he.net to identify the ASNs associated with Amazon:

For each found ASN we can then determine the IP ranges assigned to Amazon:

Another way is to make use of its API to enumerate ASN via command line:

# Get all response
curl -s https://api.bgpview.io/search?query_term=<Organization> | jq

# Extract only CIDR
curl -s https://api.bgpview.io/search?query_term=<Organization> \
    | jq '.data.ipv4_prefixes[].prefix' | sed 's/\"//g'

Enumerating IP Ranges from ASN with Nmap

Nmap script target-asncan enumerate IP ranges based upon an ASN.

nmap --script targets-asn --script-args targets-asn.asn=<ASN ID>

🕸️
ASN enumeration with bgp.he.net
IP ranges against ASN