ASN Lookup Tool | A Comprehensive Network Analysis Solution for Engineers

The ASN Lookup Tool and Traceroute Server, developed by nitefood and hosted on GitHub at https://github.com/nitefood/asn, is a powerful open-source Bash script designed for network engineers, security analysts, and IT professionals. This versatile tool provides a wide range of network reconnaissance and analysis capabilities, including Autonomous System Number (ASN) lookups, IP geolocation, IP reputation scoring, BGP statistics, and traceroute functionality. It serves as a quick OSINT (Open-Source Intelligence) command-line tool, ideal for incident response, network diagnostics, and infrastructure analysis. Below is an overview of the tool and the key benefits it offers to networking engineers.

Overview of the ASN Lookup Tool

The ASN Lookup Tool is a feature-rich script that supports multiple use cases, from querying Autonomous System (AS) data to performing detailed network path tracing and reconnaissance. It is compatible with a wide range of operating systems, including Linux (Debian, Ubuntu, CentOS, etc.), FreeBSD, macOS, Windows (via WSL2 or Cygwin), and even Raspberry Pi. The tool also supports containerized environments like Docker and Google Cloud Shell, making it highly portable and easy to deploy.

Key Features

• ASN Data Lookup: Retrieves detailed information about any given AS, including organization name, Regional Internet Registry (RIR) region, Internet Exchange Point (IXP) presence, global AS rank, BGP statistics (e.g., neighbor count, originated prefixes), and BGP incident history (hijacks and route leaks).

• IP and Prefix Analysis: Supports IPv4 and IPv6 lookups, providing details such as routing information, RPKI validity, abuse contacts, and IP reputation scoring.

• Traceroute and AS Path Tracing: Performs AS path tracing using mtr and provides detailed hop-by-hop analysis, including RPKI validation, geolocation, and IXP detection.

• Shodan Integration: Queries Shodan’s InternetDB API for reconnaissance, revealing open ports, known vulnerabilities, and software/hardware details without sending packets to the target.

• IP Geolocation and Reputation: Uses services like ipinfo.io, StopForumSpam, and IPQualityScore to provide precise geolocation and threat analysis for IPs and trace hops.

• Organization and ASN Search: Allows searching by organization name to retrieve associated network ranges or ASNs, with support for JSON output for integration with other tools.

• Web-Based Traceroute and API Server: Runs as a web server for remote lookups via browsers or APIs, supporting bookmarklets and custom search engine integration.

• Bulk Geolocation and Country CIDR Mapping: Processes large datasets (e.g., server logs) for geolocation and maps IPv4/IPv6 CIDR blocks allocated to specific countries.

Supported Platforms and Installation

The tool requires Bash 4.2+ and dependencies like curl, whois, mtr-tiny, jq, ipcalc, grepcidr, nmap, ncat, and aha. Installation is straightforward via manual download or packaged versions for distributions like Debian, Ubuntu, Arch, and Alpine Linux. It can also be run as a systemd service for persistent server operation or within Docker containers for isolated environments.

API Token Integration

To enhance functionality, the tool supports API tokens from:

• ipinfo.io: For precise geolocation (up to 50,000 requests/month with a free token).

• IPQualityScore: For in-depth IP reputation and threat analysis.

• Cloudflare Radar: For BGP incident data (hijacks and route leaks).

These tokens can be configured in user or server mode, stored securely in $HOME/.asn/ or /etc/asn/.

Usage Modes

• Interactive Mode: Run directly from the command line with options like -t (tracing), -d (detailed tracing), -s (Shodan scanning), or -j/-J (JSON output).

• Server Mode: Acts as a web-based traceroute server or API endpoint, accessible via browsers or tools like curl.

• Recon Mode: Queries Shodan for detailed reconnaissance on IPs, CIDRs, URLs, or hostnames.

• Bulk Geolocation: Extracts and geolocates IPs from logs or input streams, providing country and occurrence statistics.

Benefits for Networking Engineers

The ASN Lookup Tool offers significant advantages for networking engineers, making it an essential addition to their toolkit. Below are the key benefits:

1. Comprehensive Network Diagnostics

The tool provides a one-stop solution for analyzing network paths, ASNs, and IP addresses. Engineers can quickly retrieve detailed AS information, including BGP statistics, peering relationships, and prefix announcements, which is critical for diagnosing routing issues or verifying network configurations. The AS path tracing feature, with optional detailed hop analysis, helps identify anomalies like route leaks or BGP hijacks, ensuring robust network monitoring.

2. Enhanced Security Analysis

With Shodan integration and IP reputation scoring, the tool enables engineers to assess the security posture of target IPs or networks without direct interaction. It identifies open ports, known vulnerabilities, and potential threats, making it invaluable for incident response and threat hunting. The ability to detect bogon addresses, anycast IPs, or proxy hosts further aids in identifying suspicious activity.

3. Flexible Deployment and Accessibility

The tool’s support for multiple platforms and containerized environments ensures engineers can deploy it in diverse settings, from local workstations to cloud-based servers. The web-based server mode allows remote lookups via browsers, with clickable hyperlinks for deeper exploration of ASNs, prefixes, and IXPs. This accessibility streamlines workflows, especially for distributed teams.

4. Efficient OSINT and Reconnaissance

For engineers conducting network reconnaissance, the Shodan scanning mode provides detailed insights into target infrastructure without sending packets, reducing the risk of detection. The ability to search by organization or map country-specific CIDR blocks is particularly useful for auditing network allocations or investigating regional connectivity.

5. Scalability for Large Datasets

The bulk geolocation mode is a game-changer for processing large volumes of IP addresses, such as those found in server logs. Engineers can quickly extract, geolocate, and analyze IPs, generating statistics like top countries or IP occurrences, which is critical for traffic analysis or identifying attack patterns.

6. API Integration for Automation

The JSON output and API endpoint functionality allow engineers to integrate the tool into automated workflows or custom dashboards. This is particularly useful for monitoring network health, generating reports, or feeding data into SIEM systems.

7. Cost-Effective and Open-Source

As an open-source tool, it is freely available and actively maintained, with contributions from a vibrant community. The use of free-tier APIs (e.g., ipinfo.io, StopForumSpam) ensures powerful functionality without significant costs, while optional paid API tokens unlock higher quotas for demanding use cases.

8. User-Friendly and Customizable

The tool’s command-line interface is intuitive, with a preferences file (.asnrc) for customizing defaults like tracing behavior or server settings. The monochrome mode and JSON output options cater to both human-readable and machine-readable needs, enhancing usability in diverse scenarios.

Wrap

The ASN Lookup Tool by nitefood is a must-have for networking engineers seeking a robust, all-in-one solution for network analysis and reconnaissance. Its ability to provide detailed ASN, IP, and routing information, coupled with Shodan integration, geolocation, and server capabilities, makes it a versatile tool for troubleshooting, security analysis, and infrastructure mapping. Whether diagnosing BGP issues, investigating suspicious IPs, or automating network monitoring, this tool empowers engineers with actionable insights and unparalleled flexibility. By leveraging its open-source nature and broad platform support, networking professionals can enhance their workflows and maintain a proactive stance in managing complex network environments.

For more details or to contribute, visit the project: