If you really do want to find out all of the IP addresses for an organization it's relatively straight forward as long as they have their own ASN. If you don't already know the organization's ASN you can get hold of MaxMind's organization CSV file and do a bit of processing, and then grep for the organization you're interested in.
Here is how to do it ?
 |
| Downloading the file |
Download this file:
wget http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum2.zip |
| Enumerating the ASN |
Enumerate the ASN of company from file
cat files/GeoIPASNum2.zip |gunzip | cut -d"," -f3 | sed 's/"//g' | sort -u | grep -i COMPANY_NAMEEg:
cat files/GeoIPASNum2.zip |gunzip | cut -d"," -f3 | sed 's/"//g' | sort -u | grep -i twitter
 |
| Getting IP ranges |
Fire up whois Command
whois -h whois.radb.net -- '-i origin <ASN> ' | grep -Eo "([0-9.]+){4}/[0-9]+"Eg:
whois -h whois.radb.net -- '-i origin AS394434' | grep -Eo "([0-9.]+){4}/[0-9]+"
and you will have the list of ip ranges they are using.
Thank you.
You can simply use bgp.he.net for finding ASN and to get NetRanges(CIDR) you can use nmap.
ReplyDelete