Enumerating ASN and IP blocks
An autonomous system number (ASN) is a unique identifier assigned to an organization or company. It represents a collection of IP addresses that belong to that entity.
Enumerating ASN with bgp.he.net
For instance, we can use bgp.he.net to identify the ASNs associated with Amazon:

For each found ASN we can then determine the IP ranges assigned to Amazon:

Another way is to make use of its API to enumerate ASN via command line:
# Get all response
curl -s https://api.bgpview.io/search?query_term=<Organization> | jq
# Extract only CIDR
curl -s https://api.bgpview.io/search?query_term=<Organization> \
| jq '.data.ipv4_prefixes[].prefix' | sed 's/\"//g'
Enumerating IP Ranges from ASN with Nmap
Nmap script target-asn
can enumerate IP ranges based upon an ASN.
nmap --script targets-asn --script-args targets-asn.asn=<ASN ID>
Last updated
Was this helpful?