Bash Script – Get subnets and AS number by domain
-
Hello.
This thread has its origin in: https://forum.pfsense.org/index.php?topic=111642.0
But I share it in English also:
A bash-script (to be run from shell: for example # sh /tmp/getNetsByDomain.sh ) for a pfSense to obtain the AS number and a domain networks.
How it works, step by step:
Get IPv4 from domain : pfsense.org
host -4 pfsense.org | grep "pfsense.org has address" | cut -d " " -f 4
208.123.73.69Get AS Number for this IPv4
whois -h v4.whois.cymru.com – "-c 208.123.73.69"
AS | IP | CC | AS Name
30312 | 208.123.73.69 | US | NETGATE - Netgate, US
Filter for get only the AS number in the output
whois -h v4.whois.cymru.com – "-c 208.123.73.69" | grep -v "AS" | cut -d "|" -f 1
30312
get the networks / subnets from AS Number
whois -h whois.radb.net – '-i origin AS30312' | awk '/^route:/ {print $2;}' | sort | uniq
192.207.126.0/24
208.123.73.0/24getNetsVyDomain.sh code
#!/bin/bash
############################################################################
# GET Nets and AS by domain #
# BASH SCRIPT FOR PFSENSE 2.3 #
# BY JAVIER CASTAÑÓN - 2016 - HTTPS://JAVCASTA.COM #
############################################################################
# uso: alojar getNetsByDomain.sh en carpeta,p.e. /tmp o /scripts #
# ejecutarlo desde shell:# sh /tmp/getNetsByDomain.sh #
############################################################################
read -p 'Enter domain (foo.bar): ' INPUTDOMAIN
LAIP=$(host -4 $INPUTDOMAIN | grep "$INPUTDOMAIN has address" | cut -d " " -f 4)
printf "IP for $INPUTDOMAIN is $LAIP \n"
printf "getting AS NUMBER… \n"
ASNUMBER=$(whois -h whois.cymru.com -- "-c $LAIP" | grep -v "AS" | cut -d "|" -f 1)
ASSTRING="AS$ASNUMBER"
printf "ASN for $INPUTDOMAIN is $ASSTRING \n"
whois -h whois.radb.net -- "-i origin $ASSTRING" | awk '/^route:/ {print $2;}' | sort | uniq > /tmp/thenet.tmp
THENET=$(cat /tmp/thenet.tmp)
printf "The nets for $INPUTDOMAIN is in file /tmp/thenet.tmp: \n"
echo $THENETThe script is in https://www.javcasta.com/pfsense-bash-script-obtener-redes-y-as-por-su-dominio-getnetsbydomain-sh
Sometimes gives whois whois.cymru.com time out, and usually takes about 30sg, not run too many queries whois because the server that is fairly saturated and cut.
Regards
(sorry for my english :) )