ASNmap ASN Mapping Tool Cheat Sheet
Overview
ASNmap is a fast and versatile tool developed by Project Discovery for mapping Autonomous System Numbers (ASNs) to their corresponding IP ranges and organization information. It provides a simple and efficient way to retrieve ASN data, which is essential for network reconnaissance and attack surface mapping.
What sets ASNmap apart from other ASN lookup tools is its speed, simplicity, and versatility. It supports multiple input formats, including ASN numbers, IP addresses, domain names, and organization names, making it a flexible tool for various reconnaissance scenarios. ASNmap can quickly retrieve IP ranges associated with specific organizations or ASNs, helping security professionals understand the network footprint of their targets.
ASNmap is commonly used in the early stages of security assessments and bug bounty hunting to identify the IP space belonging to target organizations. This information is crucial for subsequent scanning and enumeration activities. The tool can be easily integrated into security workflows and combined with other reconnaissance tools to automate the process of mapping attack surfaces.
Installation
Using Go
# Install using Go (requires Go 1.20 or later)
go install -v github.com/projectdiscovery/asnmap/cmd/asnmap@latest
# Verify installation
asnmap -version
Using Docker
# Pull the latest Docker image
docker pull projectdiscovery/asnmap:latest
# Run ASNmap using Docker
docker run -it projectdiscovery/asnmap:latest -h
Using Homebrew (macOS)
# Install using Homebrew
brew install asnmap
# Verify installation
asnmap -version
Using PDTM (Project Discovery Tools Manager)
# Install PDTM first if not already installed
go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest
# Install ASNmap using PDTM
pdtm -i asnmap
# Verify installation
asnmap -version
On Kali Linux
# Install using apt
sudo apt install asnmap
# Verify installation
asnmap -version
Basic Usage
Querying ASN Information
# Query by ASN number
asnmap -asn AS15169
# Query by IP address
asnmap -ip 8.8.8.8
# Query by domain name
asnmap -d google.com
# Query by organization name
asnmap -org "Google LLC"
Multiple Queries
# Query multiple ASNs
asnmap -asn AS15169,AS13414
# Query multiple IPs
asnmap -ip 8.8.8.8,1.1.1.1
# Query multiple domains
asnmap -d google.com,cloudflare.com
# Query multiple organizations
asnmap -org "Google LLC,Cloudflare, Inc."
Input from Files
# Query from a file containing ASNs
asnmap -asn-file asns.txt
# Query from a file containing IPs
asnmap -ip-file ips.txt
# Query from a file containing domains
asnmap -d-file domains.txt
# Query from a file containing organizations
asnmap -org-file orgs.txt
Input from STDIN
# Query from STDIN
echo "AS15169"|asnmap
# Query from STDIN with specific input type
echo "8.8.8.8"|asnmap -i ip
# Query from STDIN with multiple input types
cat input.txt|asnmap -i ip,asn,domain
Output Options
# Save results to a file
asnmap -asn AS15169 -o results.txt
# Output in JSON format
asnmap -asn AS15169 -json -o results.json
# Output in CSV format
asnmap -asn AS15169 -csv -o results.csv
# Silent mode (only results)
asnmap -asn AS15169 -silent
Advanced Usage
Output Filtering
# Output only IP ranges
asnmap -asn AS15169 -r
# Output only ASN information
asnmap -asn AS15169 -a
# Output only organization information
asnmap -asn AS15169 -org-info
CIDR Expansion
# Expand CIDR ranges to individual IPs
asnmap -asn AS15169 -cidr-expand
# Limit CIDR expansion
asnmap -asn AS15169 -cidr-expand -limit 100
Filtering by Country
# Filter results by country
asnmap -asn AS15169 -c US
# Filter results by multiple countries
asnmap -asn AS15169 -c US,CA,UK
Filtering by Registry
# Filter results by registry
asnmap -asn AS15169 -registry ARIN
# Filter results by multiple registries
asnmap -asn AS15169 -registry ARIN,RIPE
Integration with Other Tools
Pipeline with Naabu
# Map ASN to IP ranges and scan for open ports
asnmap -asn AS15169 -silent|naabu -silent
# Map ASN to IP ranges, filter, and scan for open ports
asnmap -asn AS15169 -silent|grep -v ":"|naabu -silent
Pipeline with HTTPX
# Map ASN to IP ranges and probe for HTTP services
asnmap -asn AS15169 -silent|httpx -silent
# Map ASN to IP ranges, expand CIDRs, and probe for HTTP services
asnmap -asn AS15169 -cidr-expand -silent|httpx -silent
Pipeline with Nuclei
# Map ASN to IP ranges, probe for HTTP services, and scan for vulnerabilities
asnmap -asn AS15169 -silent|httpx -silent|nuclei -t cves/
# Map organization to IP ranges and scan for vulnerabilities
asnmap -org "Example Inc" -silent|httpx -silent|nuclei -t exposures/
Pipeline with MapCIDR
# Map ASN to IP ranges and split into smaller subnets
asnmap -asn AS15169 -silent|mapcidr -silent -split 256
# Map ASN to IP ranges, filter, and split into smaller subnets
asnmap -asn AS15169 -silent|grep -v ":"|mapcidr -silent -split 256
Output Customization
Custom Output Format
# Output only IP ranges
asnmap -asn AS15169 -silent -r
# Output ASN and IP ranges
asnmap -asn AS15169 -silent|awk '\\\\{print $1,$2\\\\}'
# Count total IP ranges
asnmap -asn AS15169 -silent|wc -l
# Sort output by IP range
asnmap -asn AS15169 -silent|sort
Filtering Output
# Filter by IP version (IPv4)
asnmap -asn AS15169 -silent|grep -v ":"
# Filter by IP version (IPv6)
asnmap -asn AS15169 -silent|grep ":"
# Filter by CIDR size
asnmap -asn AS15169 -silent|grep "/24"
# Filter by specific pattern
asnmap -asn AS15169 -silent|grep "192.168"
Advanced Filtering
Filtering by IP Range Size
# Filter by CIDR prefix length
asnmap -asn AS15169 -silent|grep "/24"
# Filter by CIDR prefix length range
asnmap -asn AS15169 -silent|grep -E "/2[0-4]"
# Count IPs by CIDR prefix length
asnmap -asn AS15169 -silent|grep -E "/[0-9]+"|sort|uniq -c
Filtering by IP Version
# Filter IPv4 addresses
asnmap -asn AS15169 -silent|grep -v ":"
# Filter IPv6 addresses
asnmap -asn AS15169 -silent|grep ":"
# Count IPv4 vs IPv6 addresses
asnmap -asn AS15169 -silent|grep -v ":"|wc -l # IPv4 count
asnmap -asn AS15169 -silent|grep ":"|wc -l # IPv6 count
Troubleshooting
Common Issues
- No Results ```bash # Check if ASN exists asnmap -asn AS15169 -v
# Try a different input type asnmap -ip 8.8.8.8
# Try a different data source asnmap -asn AS15169 -source cymru ```
- Connection Issues ```bash # Check internet connection ping 8.8.8.8
# Increase timeout asnmap -asn AS15169 -timeout 30 ```
- Rate Limiting ```bash # Reduce concurrency asnmap -asn AS15169 -c 5
# Add delay between requests asnmap -asn AS15169 -delay 2 ```
- Memory Issues
bash # Process ASNs one by one for asn in $(cat asns.txt); do asnmap -asn $asn -o "$asn-ranges.txt"; done
Debugging
# Enable verbose mode
asnmap -asn AS15169 -v
# Show debug information
asnmap -asn AS15169 -debug
# Check data sources
asnmap -list-sources
Configuration
Configuration File
ASNmap uses a configuration file located at $HOME/.config/asnmap/config.yaml. You can customize various settings in this file:
# Example configuration file
concurrency: 10
timeout: 30
sources:
- asnmap
- cymru
- ripe
Environment Variables
# Set ASNmap configuration via environment variables
export ASNMAP_CONCURRENCY=10
export ASNMAP_TIMEOUT=30
export ASNMAP_SOURCES=asnmap,cymru,ripe
Reference
Command Line Options
| Flag | Description |
|---|---|
-asn |
ASN number(s) to query |
-asn-file |
File containing ASN numbers |
-ip |
IP address(es) to query |
-ip-file |
File containing IP addresses |
-d, -domain |
Domain name(s) to query |
-d-file |
File containing domain names |
-org |
Organization name(s) to query |
-org-file |
File containing organization names |
-i, -input |
Input type(s) for STDIN (asn, ip, domain, org) |
-o, -output |
File to write output to |
-json |
Write output in JSON format |
-csv |
Write output in CSV format |
-silent |
Show only results in output |
-v, -verbose |
Show verbose output |
-debug |
Show debug information |
-r, -range-only |
Output only IP ranges |
-a, -asn-only |
Output only ASN information |
-org-info |
Output only organization information |
-cidr-expand |
Expand CIDR ranges to individual IPs |
-limit |
Maximum number of IPs to expand |
-c, -country |
Filter results by country code(s) |
-registry |
Filter results by registry(ies) |
-source |
Data source(s) to use |
-list-sources |
List available data sources |
-timeout |
Timeout for requests in seconds |
-delay |
Delay between requests in seconds |
-version |
Show ASNmap version |
Input Types
| Type | Description | Example |
|---|---|---|
asn |
Autonomous System Number | AS15169 |
ip |
IP address | 8.8.8.8 |
domain |
Domain name | google.com |
org |
Organization name | Google LLC |
Data Sources
| Source | Description |
|---|---|
asnmap |
ASNmap's own database |
cymru |
Team Cymru's ASN lookup service |
ripe |
RIPE NCC's database |
Output Fields
| Field | Description |
|---|---|
asn |
Autonomous System Number |
range |
IP range in CIDR notation |
org |
Organization name |
country |
Country code |
registry |
Regional Internet Registry |
description |
ASN description |
Resources
This cheat sheet provides a comprehensive reference for using ASNmap, from basic queries to advanced filtering and integration with other tools. For the most up-to-date information, always refer to the official documentation.