asn 命令

常用示例

说明

asn is a comprehensive network reconnaissance and OSINT command-line tool written in Bash. It performs lookups on IP addresses, AS numbers, prefixes, hostnames, URLs, and organization names, combining data from numerous sources to produce detailed reports. For AS numbers, the tool retrieves organization name, RIR allocation region, IXP presence, global AS ranking, BGP statistics, peering relationships, and BGP incident history including hijacks and route leaks over the past 12 months. For IP addresses, it performs route lookups with ASN data, IP reputation scoring from multiple threat intelligence feeds, abuse contact information, and optional AS path tracing using mtr. The detailed trace mode adds RPKI route origin validation at each hop, detecting potential route leaks and BGP hijacks. Additional modes support bulk IP geolocation from log files, country-level CIDR block enumeration, Shodan-based vulnerability scanning, transit provider identification through BGP update analysis, and organization-based network range discovery. The tool can operate as a self-hosted web server, providing browser-based access and a JSON API for integration with other tools. Server mode supports access controls, custom bind addresses, and can be deployed as a systemd service. Data sources include Team Cymru, PeeringDB, CAIDA ASRank, RIPEStat, ipinfo.io, ip-api, Shodan InternetDB, GreyNoise, IPQualityScore, Cloudflare Radar, ISC DSHIELD, NIST NVD, and the Prefix WhoIs project.

参数

-t

Enable AS path trace to target (default behavior for IP targets).

-n

Disable path tracing for IP targets. Disable additional INETNUM/origin lookups for AS targets.

-d

Enable detailed trace mode with RPKI validation, route leak detection, and BGP hijack warnings.

-a

ASN suggestion mode. Find all AS numbers and names matching the target string.

-u

Transit/upstream lookup. Analyze BGP updates and AS paths to infer transit providers.

-c

Country CIDR mode. Output all IPv4/IPv6 blocks allocated to the specified country.

-g

Bulk geolocation mode. Extract and geolocate all IP addresses from input with occurrence statistics.

-s

Shodan InternetDB scan. Query for CVEs, CPEs, tags, open ports, and hostnames. Supports multiple mixed targets and stdin.

-o

Force interpretation of target as an organization name, bypassing automatic target type detection.

-j

Compact JSON output for programmatic consumption.

-J

Pretty-printed JSON output for readability.

-m

Monochrome mode. Disable all colored output.

-4

Force IPv4-only connectivity during traces and server mode.

-l _bind_address_ _bind_port_

Launch server mode. Starts a web interface for browser-based lookups and traceroutes. Default binding is 127.0.0.1:49200.

-v

Verbose/debug mode. Display all queried URLs and log output to $HOME/asndebug.log.

-h

Display usage information.