Appearance
ASNmap ASN Mapping Tool Cheat Sheet
Overview
ASNmap is a fast and versatile tool developed by Project Discovery for mapping Autonomous System Numbers (ASNs) to their corresponding IP ranges and organization information. It provides a simple and efficient way to retrieve ASN data, which is essential for network reconnaissance and attack surface mapping.
What sets ASNmap apart from other ASN lookup tools is its speed, simplicity, and versatility. It supports multiple input formats, including ASN numbers, IP addresses, domain names, and organization names, making it a flexible tool for various reconnaissance scenarios. ASNmap can quickly retrieve IP ranges associated with specific organizations or ASNs, helping security professionals understand the network footprint of their targets.
ASNmap is commonly used in the early stages of security assessments and bug bounty hunting to identify the IP space belonging to target organizations. This information is crucial for subsequent scanning and enumeration activities. The tool can be easily integrated into security workflows and combined with other reconnaissance tools to automate the process of mapping attack surfaces.
Installation
Using Go
bash
# Install using Go (requires Go 1.20 or later)
go install -v github.com/projectdiscovery/asnmap/cmd/asnmap@latest
# Verify installation
asnmap -versionUsing Docker
bash
# Pull the latest Docker image
docker pull projectdiscovery/asnmap:latest
# Run ASNmap using Docker
docker run -it projectdiscovery/asnmap:latest -hUsing Homebrew (macOS)
bash
# Install using Homebrew
brew install asnmap
# Verify installation
asnmap -versionUsing PDTM (Project Discovery Tools Manager)
bash
# Install PDTM first if not already installed
go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest
# Install ASNmap using PDTM
pdtm -i asnmap
# Verify installation
asnmap -versionOn Kali Linux
bash
# Install using apt
sudo apt install asnmap
# Verify installation
asnmap -versionBasic Usage
Querying ASN Information
bash
# Query by ASN number
asnmap -asn AS15169
# Query by IP address
asnmap -ip 8.8.8.8
# Query by domain name
asnmap -d google.com
# Query by organization name
asnmap -org "Google LLC"Multiple Queries
bash
# Query multiple ASNs
asnmap -asn AS15169,AS13414
# Query multiple IPs
asnmap -ip 8.8.8.8,1.1.1.1
# Query multiple domains
asnmap -d google.com,cloudflare.com
# Query multiple organizations
asnmap -org "Google LLC,Cloudflare, Inc."Input from Files
bash
# Query from a file containing ASNs
asnmap -asn-file asns.txt
# Query from a file containing IPs
asnmap -ip-file ips.txt
# Query from a file containing domains
asnmap -d-file domains.txt
# Query from a file containing organizations
asnmap -org-file orgs.txtInput from STDIN
bash
# Query from STDIN
echo "AS15169" | asnmap
# Query from STDIN with specific input type
echo "8.8.8.8" | asnmap -i ip
# Query from STDIN with multiple input types
cat input.txt | asnmap -i ip,asn,domainOutput Options
bash
# Save results to a file
asnmap -asn AS15169 -o results.txt
# Output in JSON format
asnmap -asn AS15169 -json -o results.json
# Output in CSV format
asnmap -asn AS15169 -csv -o results.csv
# Silent mode (only results)
asnmap -asn AS15169 -silentAdvanced Usage
Output Filtering
bash
# Output only IP ranges
asnmap -asn AS15169 -r
# Output only ASN information
asnmap -asn AS15169 -a
# Output only organization information
asnmap -asn AS15169 -org-infoCIDR Expansion
bash
# Expand CIDR ranges to individual IPs
asnmap -asn AS15169 -cidr-expand
# Limit CIDR expansion
asnmap -asn AS15169 -cidr-expand -limit 100Filtering by Country
bash
# Filter results by country
asnmap -asn AS15169 -c US
# Filter results by multiple countries
asnmap -asn AS15169 -c US,CA,UKFiltering by Registry
bash
# Filter results by registry
asnmap -asn AS15169 -registry ARIN
# Filter results by multiple registries
asnmap -asn AS15169 -registry ARIN,RIPEIntegration with Other Tools
Pipeline with Naabu
bash
# Map ASN to IP ranges and scan for open ports
asnmap -asn AS15169 -silent | naabu -silent
# Map ASN to IP ranges, filter, and scan for open ports
asnmap -asn AS15169 -silent | grep -v ":" | naabu -silentPipeline with HTTPX
bash
# Map ASN to IP ranges and probe for HTTP services
asnmap -asn AS15169 -silent | httpx -silent
# Map ASN to IP ranges, expand CIDRs, and probe for HTTP services
asnmap -asn AS15169 -cidr-expand -silent | httpx -silentPipeline with Nuclei
bash
# Map ASN to IP ranges, probe for HTTP services, and scan for vulnerabilities
asnmap -asn AS15169 -silent | httpx -silent | nuclei -t cves/
# Map organization to IP ranges and scan for vulnerabilities
asnmap -org "Example Inc" -silent | httpx -silent | nuclei -t exposures/Pipeline with MapCIDR
bash
# Map ASN to IP ranges and split into smaller subnets
asnmap -asn AS15169 -silent | mapcidr -silent -split 256
# Map ASN to IP ranges, filter, and split into smaller subnets
asnmap -asn AS15169 -silent | grep -v ":" | mapcidr -silent -split 256Output Customization
Custom Output Format
bash
# Output only IP ranges
asnmap -asn AS15169 -silent -r
# Output ASN and IP ranges
asnmap -asn AS15169 -silent | awk '{print $1,$2}'
# Count total IP ranges
asnmap -asn AS15169 -silent | wc -l
# Sort output by IP range
asnmap -asn AS15169 -silent | sortFiltering Output
bash
# Filter by IP version (IPv4)
asnmap -asn AS15169 -silent | grep -v ":"
# Filter by IP version (IPv6)
asnmap -asn AS15169 -silent | grep ":"
# Filter by CIDR size
asnmap -asn AS15169 -silent | grep "/24"
# Filter by specific pattern
asnmap -asn AS15169 -silent | grep "192.168"Advanced Filtering
Filtering by IP Range Size
bash
# Filter by CIDR prefix length
asnmap -asn AS15169 -silent | grep "/24"
# Filter by CIDR prefix length range
asnmap -asn AS15169 -silent | grep -E "/2[0-4]"
# Count IPs by CIDR prefix length
asnmap -asn AS15169 -silent | grep -E "/[0-9]+" | sort | uniq -cFiltering by IP Version
bash
# Filter IPv4 addresses
asnmap -asn AS15169 -silent | grep -v ":"
# Filter IPv6 addresses
asnmap -asn AS15169 -silent | grep ":"
# Count IPv4 vs IPv6 addresses
asnmap -asn AS15169 -silent | grep -v ":" | wc -l # IPv4 count
asnmap -asn AS15169 -silent | grep ":" | wc -l # IPv6 countTroubleshooting
Common Issues
No Results
bash# Check if ASN exists asnmap -asn AS15169 -v # Try a different input type asnmap -ip 8.8.8.8 # Try a different data source asnmap -asn AS15169 -source cymruConnection Issues
bash# Check internet connection ping 8.8.8.8 # Increase timeout asnmap -asn AS15169 -timeout 30Rate Limiting
bash# Reduce concurrency asnmap -asn AS15169 -c 5 # Add delay between requests asnmap -asn AS15169 -delay 2Memory Issues
bash# Process ASNs one by one for asn in $(cat asns.txt); do asnmap -asn $asn -o "$asn-ranges.txt"; done
Debugging
bash
# Enable verbose mode
asnmap -asn AS15169 -v
# Show debug information
asnmap -asn AS15169 -debug
# Check data sources
asnmap -list-sourcesConfiguration
Configuration File
ASNmap uses a configuration file located at $HOME/.config/asnmap/config.yaml. You can customize various settings in this file:
yaml
# Example configuration file
concurrency: 10
timeout: 30
sources:
- asnmap
- cymru
- ripeEnvironment Variables
bash
# Set ASNmap configuration via environment variables
export ASNMAP_CONCURRENCY=10
export ASNMAP_TIMEOUT=30
export ASNMAP_SOURCES=asnmap,cymru,ripeReference
Command Line Options
| Flag | Description |
|---|---|
-asn | ASN number(s) to query |
-asn-file | File containing ASN numbers |
-ip | IP address(es) to query |
-ip-file | File containing IP addresses |
-d, -domain | Domain name(s) to query |
-d-file | File containing domain names |
-org | Organization name(s) to query |
-org-file | File containing organization names |
-i, -input | Input type(s) for STDIN (asn, ip, domain, org) |
-o, -output | File to write output to |
-json | Write output in JSON format |
-csv | Write output in CSV format |
-silent | Show only results in output |
-v, -verbose | Show verbose output |
-debug | Show debug information |
-r, -range-only | Output only IP ranges |
-a, -asn-only | Output only ASN information |
-org-info | Output only organization information |
-cidr-expand | Expand CIDR ranges to individual IPs |
-limit | Maximum number of IPs to expand |
-c, -country | Filter results by country code(s) |
-registry | Filter results by registry(ies) |
-source | Data source(s) to use |
-list-sources | List available data sources |
-timeout | Timeout for requests in seconds |
-delay | Delay between requests in seconds |
-version | Show ASNmap version |
Input Types
| Type | Description | Example |
|---|---|---|
asn | Autonomous System Number | AS15169 |
ip | IP address | 8.8.8.8 |
domain | Domain name | google.com |
org | Organization name | Google LLC |
Data Sources
| Source | Description |
|---|---|
asnmap | ASNmap's own database |
cymru | Team Cymru's ASN lookup service |
ripe | RIPE NCC's database |
Output Fields
| Field | Description |
|---|---|
asn | Autonomous System Number |
range | IP range in CIDR notation |
org | Organization name |
country | Country code |
registry | Regional Internet Registry |
description | ASN description |
Resources
This cheat sheet provides a comprehensive reference for using ASNmap, from basic queries to advanced filtering and integration with other tools. For the most up-to-date information, always refer to the official documentation.