Asnip retrieves all IPs of a target organization—used for attack surface mapping in reconnaissance phases.
It uses the IP or domain name and looks up the Autonomous System Number (ASN), retrieves the Classless Inter-Domain Routing (CIDR) subnet masks and converts them to IPs.
IP / Domain → ASN → CIDRs → IPs
Please note that this technique only makes sense if the target has its own ASN. It is also advised to not perform tests on IP ranges that you do not have permission to.
go get -v github.com/harleo/asnip
This tool requires golang
go get -u github.com/harleo/asnip
Usage: -t string Domain or IP address (Required) -p string Print results to console
$ asnip -t google.com -p [?] ASN: "15169" ORG: "GOOGLE, US" 184.108.40.206/24 --- snip --- [:] Writing 616 CIDRs to file... [:] Converting to IPs... 220.127.116.11 --- snip --- [:] Writing 14725936 IPs to file... [!] Done.
This tool must use an external API (which is subject to rate limiting) courtesy of HackerTarget to retrieve relevant data. The conversion of CIDRs to IPs will be done locally.
Asnip is work in progress, if you make optimization changes yourself, you are invited to create a pull request or check the GitHub issues page—help is always appreciated.