Bash Script – Get subnets and AS number by domain



  • Hello.

    This thread has its origin in: https://forum.pfsense.org/index.php?topic=111642.0

    But I share it in English also:

    A bash-script (to be run from shell: for example # sh /tmp/getNetsByDomain.sh ) for a pfSense to obtain the AS number and a domain networks.

    How it works, step by step:

    Get IPv4 from domain : pfsense.org

    host -4 pfsense.org | grep "pfsense.org has address" | cut -d " " -f 4
              208.123.73.69

    Get AS Number for this IPv4

    whois -h v4.whois.cymru.com – "-c 208.123.73.69"

    AS      | IP              | CC | AS Name

    30312  | 208.123.73.69    | US | NETGATE - Netgate, US

    Filter for get only the AS number in the output

    whois -h v4.whois.cymru.com – "-c 208.123.73.69" | grep -v "AS" | cut -d "|" -f 1

    30312

    get the networks / subnets from AS Number

    whois -h whois.radb.net – '-i origin AS30312' | awk '/^route:/ {print $2;}' | sort | uniq

    192.207.126.0/24
        208.123.73.0/24

    getNetsVyDomain.sh code

    #!/bin/bash
    ############################################################################
    #                        GET Nets and AS by domain                        #
    #                      BASH SCRIPT FOR PFSENSE 2.3                        #
    #            BY JAVIER CASTAÑÓN - 2016 - HTTPS://JAVCASTA.COM            #
    ############################################################################
    #      uso: alojar getNetsByDomain.sh en carpeta,p.e. /tmp o /scripts      #
    #        ejecutarlo desde shell:# sh /tmp/getNetsByDomain.sh              #
    ############################################################################
    read -p 'Enter domain (foo.bar): ' INPUTDOMAIN
    LAIP=$(host -4 $INPUTDOMAIN | grep "$INPUTDOMAIN has address" | cut -d " " -f 4)
    printf "IP for $INPUTDOMAIN is $LAIP \n"
    printf "getting AS NUMBER… \n"
    ASNUMBER=$(whois -h whois.cymru.com -- "-c $LAIP" | grep -v "AS" | cut -d "|" -f 1)
    ASSTRING="AS$ASNUMBER"
    printf "ASN for $INPUTDOMAIN is $ASSTRING \n"
    whois -h whois.radb.net -- "-i origin $ASSTRING" | awk '/^route:/ {print $2;}' | sort | uniq > /tmp/thenet.tmp
    THENET=$(cat /tmp/thenet.tmp)
    printf "The nets for $INPUTDOMAIN is in file /tmp/thenet.tmp: \n"
    echo $THENET

    The script is in https://www.javcasta.com/pfsense-bash-script-obtener-redes-y-as-por-su-dominio-getnetsbydomain-sh

    Sometimes gives whois whois.cymru.com time out, and usually takes about 30sg, not run too many queries whois because the server that is fairly saturated and cut.

    Regards

    (sorry for my english :) )


Log in to reply