24 Dec

Simple bash script for IP-ASN mapping

Whenever I see a new unknown IP range, it gets hard to find exact source of that IP within command shell. Recently, I found a very interesting source of that information from Team Cymru. Here’s the resource.

I figured out (with a friend’s help) that using their whois server – v4.whois.cymru.com one can actually grab limited information as required. 

E.g

anurag@laptop:~$ whois -h v4.whois.cymru.com "  -v 8.8.8.8"

AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name

15169   | 8.8.8.8          | 8.8.8.0/24          | US | arin     | 1992-12-01 | GOOGLE - Google Inc.

 

As we can see -v gives all possible information. All I needed was AS number, AS Name, BGP Prefix, Country code – this gives enough information for an IP address. Thus command turns out to be with -c & -p.
 
E.g
 

anurag@laptop:~$ whois -h v4.whois.cymru.com " -c -p 61.0.0.70"

AS | IP | BGP Prefix | CC | AS Name
9829 | 61.0.0.70 | 61.0.0.0/20 | IN | BSNL-NIB National Internet Backbone

 
Making this all quick easy to use.
 
Writing command in a quick script:
 

#!/bin/bash
# Script for whois with details
read -p 'Enter IP address : ' inputip
hostname=v4.whois.cymru.com
whois -h $hostname " -c -p $inputip"
 

 
next, 
 
edit .bashrc located in home directory (hidden).
 
 
 
add following lines to the end of the file:
alias awhois='//whois.sh'
 
Logout and login and done!
 
Now, you can simply use awhois (A = Advanced! 🙂 ) to do advanced IP whois lookups.
 
Here’s a live working example:
 

anurag@laptop:~$ awhois
Enter IP address : 71.89.140.2
AS | IP | BGP Prefix | CC | AS Name
20115 | 71.89.140.2 | 71.89.128.0/17 | US | CHARTER-NET-HKY-NC - Charter Communications

4 thoughts on “Simple bash script for IP-ASN mapping

  2. John -
    If you use fail2ban to ban hack attempts, sometimes it's useful to see where the attacks are coming from such as the ASN or Country. My script for checking these ips is (this is for ufw. if you use iptables for fail2ban you will have to change the command a bit): echo "AS | IP | BGP Prefix | CC | AS Name"; for i in `sudo ufw status | grep REJECT | awk '{print $3}'`; do whois -h v4.whois.cymru.com " -c -p $i" | tail -n +2; done
    Reply
  3. nitefood -
    I also use Team Cymru's excellent service to quickly lookup interesting info from IPs. Generally my purpose is to map IPs and hostnames to ASNs/routes. I thought it could be useful to share my code as well: https://gist.github.com/nitefood/1eba4183012dcca0f082535f0eb128db along with a usage example gif in the comments.
    Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.