Enumerating ASN and IP blocks

An autonomous system number (ASN) is a unique identifier assigned to an organization or company. It represents a collection of IP addresses that belong to that entity.

Enumerating ASN with bgp.he.net

For instance, we can use bgp.he.net to identify the ASNs associated with Amazon:

ASN enumeration with bgp.he.net

For each found ASN we can then determine the IP ranges assigned to Amazon:

IP ranges against ASN

Another way is to make use of its API to enumerate ASN via command line:

# Get all response
curl -s https://api.bgpview.io/search?query_term=<Organization> | jq

# Extract only CIDR
curl -s https://api.bgpview.io/search?query_term=<Organization> \
    | jq '.data.ipv4_prefixes[].prefix' | sed 's/\"//g'

Enumerating IP Ranges from ASN with Nmap

Nmap script target-asncan enumerate IP ranges based upon an ASN.

nmap --script targets-asn --script-args targets-asn.asn=<ASN ID>

Last updated

Was this helpful?