Shell Script to get the network list by domain name

If you followed my guide HERE and HERE you might be wondering if there is no easier/more automated way of doing it, and in fact there is a simple script that you could build.


#!/bin/bash
if [ "$#" -eq 0 ]; then
  echo "Usage: ./${0}  [v4|v6]"
  exit 1
fi

FILTER="route"
if [ "$#" -eq 2 ]; then
  if [ "$2" == "v4" ]
  then
     FILTER="route:"
  fi
  if [ "$2" == "v6" ]
     then
         FILTER="route6:"
  fi
fi

WHOISSERVER="whois.radb.net"
IPN=$(dig +short $1 | head -1)
ASN=$( whois -h ${WHOISSERVER} ${IPN} | grep -i origin | tr -s " " | cut -d " " -f2)
for i in $ASN; do
  whois -h ${WHOISSERVER} -- "-i origin ${i}" | grep ^${FILTER} | tr -s " " | cut -d " " -f2-
done

 
While this script is handy and it’s nice to know the networks of the large players of the internet, you shouldn’t be too trigger happy with its output, for example if you attempt to block just the domain “example.com” this way you would block a WHOLE LOT more than you are expecting,the primary goal of this script not to be an input for iptables but to be a guide of which networks belongs to whom.
 

Bonus:

You can make the list shorter by aggregating smaller networks in a bigger CIDR, for example “192.168.0.0/24” and “192.168.1.0/24” could be expressed as “192.168.0.0/23”
HERE you can find a python script that accept as input a list of networks, all you need to do is pipe the output of the script above in this script and you’ll get an optimized list.
an example to get a nice list of CIDRs of the facebook network.


./getnetworks.sh facebook.com | aggregate6

It should output the following as of 2019-11-02:


31.13.24.0/21
31.13.64.0/18
45.64.40.0/22
66.220.144.0/20
69.63.176.0/20
69.171.224.0/19
74.119.76.0/22
102.132.96.0/20
103.4.96.0/22
129.134.0.0/16
157.240.0.0/16
173.252.64.0/18
179.60.192.0/22
185.60.216.0/22
199.201.64.0/22
204.15.20.0/22
2401:db00::/32
2620:0:1c00::/40
2803:6080::/32
2a03:2880::/32
2a03:2887:ff34::/48

Sources:

https://stackoverflow.com/questions/11164672/list-of-ip-space-used-by-facebook
https://gist.github.com/normoes/829d65866c8bf6d32b13f020479b172b
https://developers.facebook.com/docs/sharing/webmasters/crawler
https://github.com/job/aggregate6

Get AS(Autonomous System) Number By domain name

If you followed my last post HERE you might be wondering “That’s great and all, but how do I find the AS number in the first place?”.

If you are running Linux it’s easy:

First install dig and whois:

If you are using Centos/Fedora:


yum install bind-utils whois -y

 
In case you are using Debian/Ubuntu:


apt install dnsutils whois -y

 
After that to get the IP number associated with the domain.


dig +short facebook.com | head -1

 
The output should be an IP address in example:


31.13.91.36

 
With the IP address in hand to get the ASN you just need to run:


whois -h whois.radb.net '31.13.91.36' | grep -i origin | tr -s " " | cut -d " " -f2

 
Voila the output should be the AS number(s)


AS32934

 
And with most things on the internet these lists are not static so you should build a script to update them from time to time.

Sources:

https://stackoverflow.com/questions/11164672/list-of-ip-space-used-by-facebook
https://gist.github.com/normoes/829d65866c8bf6d32b13f020479b172b
https://developers.facebook.com/docs/sharing/webmasters/crawler

Get IP address Space By AS(Autonomous System) Number

Sometimes you need to get all possible address blocks of a network but most of the time there is no easy way to figure it out, looking at you Facebook and Google, but fear not sysadmin we have one handy trick up in our sleeve, by using whois with the AS number of the company we can build this kind of list.
 
We’ll use Facebook(AS32934) as an example, but it should work for any Autonomous System.


whois -h whois.radb.net -- "-i origin AS32934" | grep ^route | tr -s " " | cut -d " " -f2-

Continue reading “Get IP address Space By AS(Autonomous System) Number”

IPv4 Subnet from /8 to /30 Cheat Sheet

This is handy cheat sheet for calculating the size you will need for a subnet and to convert from CIDR to Netmask format.
The number of Avaliable Address is always the number (Total Addresses – 2 ), one address is broadcast and the other is the network address

Continue reading “IPv4 Subnet from /8 to /30 Cheat Sheet”

CIDR Total Addresses Netmask
/30 4 255.255.255.252
/29 8 255.255.255.248
/28 16 255.255.255.240
/27 32 255.255.255.224
/26 64 255.255.255.192
/25 128 255.255.255.128
/24 256 255.255.255.0