Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nmapJohn R. BondNMAP:TARGETS-ASN.NSE
HistoryMar 27, 2012 - 9:51 p.m.

targets-asn NSE Script

2012-03-2721:51:54
John R. Bond
nmap.org
331

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON

Produces a list of IP prefixes for a given routing AS number (ASN).

This script uses a whois server database operated by the Shadowserver Foundation. We thank them for granting us permission to use this in Nmap.

Output is in CIDR notation.

<http://www.shadowserver.org/wiki/pmwiki.php/Services/IP-BGP&gt;

Script Arguments

targets-asn.whois_port

The whois port to use. Default: 43.

targets-asn.whois_server

The whois server to use. Default: asn.shadowserver.org.

targets-asn.asn

The ASN to search.

max-newtargets, newtargets

See the documentation for the target library.

Example Usage

nmap --script targets-asn --script-args targets-asn.asn=32

Script Output

Pre-scan script results:
| targets-asn:
|   32
|     128.12.0.0/16
|_    171.64.0.0/14

Requires

local nmap = require "nmap"
local stdnse = require "stdnse"
local stringaux = require "stringaux"
local table = require "table"
local target = require "target"

description = [[
Produces a list of IP prefixes for a given routing AS number (ASN).

This script uses a whois server database operated by the Shadowserver
Foundation.  We thank them for granting us permission to use this in
Nmap.

Output is in CIDR notation.

http://www.shadowserver.org/wiki/pmwiki.php/Services/IP-BGP
]]

---
-- @args targets-asn.asn The ASN to search.
-- @args targets-asn.whois_server The whois server to use. Default: asn.shadowserver.org.
-- @args targets-asn.whois_port The whois port to use. Default: 43.
--
-- @usage
-- nmap --script targets-asn --script-args targets-asn.asn=32
--
-- @output
-- Pre-scan script results:
-- | targets-asn:
-- |   32
-- |     128.12.0.0/16
-- |_    171.64.0.0/14

author = "John R. Bond"
license = "Simplified (2-clause) BSD license--See https://nmap.org/svn/docs/licenses/BSD-simplified"

categories = {"discovery", "external", "safe"}


prerule = function()
  return true
end

action = function(host, port)
  local asns, whois_server, whois_port, err, status, newtargets
  local results = {}

  asns = stdnse.get_script_args('targets-asn.asn') or stdnse.get_script_args('asn-to-prefix.asn')
  whois_server = stdnse.get_script_args('targets-asn.whois_server') or stdnse.get_script_args('asn-to-prefix.whois_server')
  whois_port = stdnse.get_script_args('targets-asn.whois_port') or stdnse.get_script_args('asn-to-prefix.whois_port')

  if not asns then
    return stdnse.format_output(true, "targets-asn.asn is a mandatory parameter")
  end
  if not whois_server then
    whois_server = "asn.shadowserver.org"
  end
  if not whois_port then
    whois_port = 43
  end
  if type(asns) ~= "table" then
    asns = {asns}
  end

  for _, asn in ipairs(asns) do
    local socket = nmap.new_socket()

    local prefixes = {}
    prefixes['name'] = asn

    status, err = socket:connect(whois_server, whois_port)
    if ( not(status) ) then
      table.insert(prefixes, err)
    else
      status, err = socket:send("prefix " .. asn .. "\n")
      if ( not(status) ) then
        table.insert(prefixes, err)
      else
        while true do
          local status, data = socket:receive_lines(1)
          if ( not(status) ) then
            table.insert(prefixes, err)
            break
          else
            for i, prefix in ipairs(stringaux.strsplit("\n",data)) do
              if ( #prefix > 1 ) then
                table.insert(prefixes,prefix)
                if target.ALLOW_NEW_TARGETS then
                  stdnse.debug1("Added targets: "..prefix)
                  local status,err = target.add(prefix)
                end
              end
            end
          end
        end
      end
    end
    table.insert(results,prefixes)
  end
  return stdnse.format_output(true, results)
end

Related

nmap 200
nmap
nmap
rusers NSE Script
2016-03-14 16:03:47
daytime NSE Script
2008-11-06 02:52:59
nessus-brute NSE Script
2011-10-26 21:45:33

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON
Related for NMAP:TARGETS-ASN.NSE
nmap200