24 Dec

Simple bash script for IP-ASN mapping

Whenever I see a new unknown IP range, it gets hard to find exact source of that IP within command shell. Recently, I found a very interesting source of that information from Team Cymru. Here’s the resource.

I figured out (with a friend’s help) that using their whois server – v4.whois.cymru.com one can actually grab limited information as required. 

E.g

anurag@laptop:~$ whois -h v4.whois.cymru.com "  -v 8.8.8.8"

AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name

15169   | 8.8.8.8          | 8.8.8.0/24          | US | arin     | 1992-12-01 | GOOGLE - Google Inc.

 

As we can see -v gives all possible information. All I needed was AS number, AS Name, BGP Prefix, Country code – this gives enough information for an IP address. Thus command turns out to be with -c & -p.
 
E.g
 

anurag@laptop:~$ whois -h v4.whois.cymru.com " -c -p 61.0.0.70"

AS | IP | BGP Prefix | CC | AS Name
9829 | 61.0.0.70 | 61.0.0.0/20 | IN | BSNL-NIB National Internet Backbone

 
Making this all quick easy to use.
 
Writing command in a quick script:
 

#!/bin/bash
# Script for whois with details
read -p 'Enter IP address : ' inputip
hostname=v4.whois.cymru.com
whois -h $hostname " -c -p $inputip"
 

 
next, 
 
edit .bashrc located in home directory (hidden).
 
 
 
add following lines to the end of the file:

 
Logout and login and done!
 
Now, you can simply use awhois (A = Advanced! 🙂 ) to do advanced IP whois lookups.
 
Here’s a live working example:
 

anurag@laptop:~$ awhois
Enter IP address : 71.89.140.2
AS | IP | BGP Prefix | CC | AS Name
20115 | 71.89.140.2 | 71.89.128.0/17 | US | CHARTER-NET-HKY-NC - Charter Communications

4 thoughts on “Simple bash script for IP-ASN mapping

  1. If you use fail2ban to ban hack attempts, sometimes it’s useful to see where the attacks are coming from such as the ASN or Country. My script for checking these ips is (this is for ufw. if you use iptables for fail2ban you will have to change the command a bit):

    echo “AS | IP | BGP Prefix | CC | AS Name”; for i in sudo ufw status | grep REJECT | awk '{print $3}'; do whois -h v4.whois.cymru.com ” -c -p $i” | tail -n +2; done

Leave a Reply