ASN Lookup Tool and Traceroute Server

ASN Lookup Tool and Traceroute Server

ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / ASPath / Organization / IP reputation & geolocation lookup tool / Web traceroute server.

This script serves the purpose of having a quick OSINT command line tool at disposal when investigating network data, which can come in handy in incident response scenarios as well.

It can also be used as a web-based traceroute server, by running it in listening mode and launching lookups and traces from a local or remote browser (via a bookmarklet or custom search engine) or terminal (via curl, elinks or similar tools). Click here for more information about server mode functionality.

Features:

• It will lookup relevant Autonomous System information for any given AS number, including:
  • Organization name
  • IXP Presence (Internet Exchange facilities where the AS is present)
  • BGP statistics (neighbours count, originated v4/v6 prefix count)
  • Peering relationships separated by type (upstream/downstream/uncertain), and sorted by observed path count, to give more reliable results (so for instance, the first few upstream peers are most likely to be transits).
  • Announced prefixes aggregated to the most relevant less-specific INET(6)NUM object (actual LIR allocation).

• It will perform an AS path trace (using mtr and retrieving AS data from the results) for single IPs or DNS results, optionally reporting detailed data for each hop, such as RPKI ROA validity, organization/network name, geographic location, etc.
• It will detect IXPs (Internet Exchange Points) traversed during the trace, and highlight them for clarity.
• It will attempt to lookup all relevant abuse contacts for any given IP or prefix.
• It will perform RPKI validity lookups for every possible IP. Data is validated using the RIPEStat RPKI validation API. For path traces, the tool will match each hop’s ASN/Prefix pair (retrieved from the Prefix Whois public server) with relevant published RPKI ROAs. In case of origin AS mismatch or unallowed more-specific prefixes, it will warn the user of a potential route leak / BGP hijack along with the offending AS in the path (requires -d option, see below for usage info).
  • Read more about BGP hijkacking here.
  • Read more about RPKI here, here, or here.
• It will perform IP geolocation lookups according to the logic described below.
• It will perform IP reputation lookups and in-depth threat analysis reporting (especially useful when investigating foreign IPs from log files).
• It will perform IP classification (Anycast IP/Mobile network/Proxy host/Hosting provider/IXP prefix) for target IPs and individual trace hops.
  • It will also identify bogon addresses being traversed and classify them according to the relevant RFC (Private address space/CGN space/Test address/link-local/reserved/etc.)
• It is possible to search by organization name in order to retrieve a list of IPv4/6 network ranges related to a given company. A multiple choice menu will be presented if more than one organization matches the search query.
• It is possible to search for ASNs matching a given name, in order to map the ASNs for a given organization.

Screenshots for every lookup option are below.

The script uses the following services for data retrieval:

• Team Cymru
• The Prefix WhoIs Project
• PeeringDB
• ipify
• RIPEStat
• RIPE IPmap
• ip-api
• StopForumSpam
• IP Quality Score

Download & Use

Copyright (c) 2020 Adriano Provvisiero