Resolve IP to ASN (IP2ASN)
When performing pentests, handling security incidents or doing threat analysis, getting more information about IP addresses involved is vital.
In the following I am showing you this tool to resolve IP addresses to their ASN information. All locally based so no data ever leaves the analyst's system. It updates with every relaunch. With out further ado:
The tool is a Python3 micro appliance that spins up a minimal HTTP API server, only offering one endpoint /api/ip/<IP>.
Internally the tool uses a database downloaded from https://iptoasn.com. At the time of writing it is freely downloadable. Upon every launch IP2ASN will download a fresh copy of the database and index it locally.
Head over to the project on GitHub to read installation instructions and browse the code.
Spinning up the server is as simple as:
$ python3 example.py
ASN-Database loaded. Starting API..
To retrieve ASN information about an IP address, simply query:
/api/ip/<IP>:
$ curl localhost:8080/api/ip/1.1.1.1
{"ip": "1.1.1.1", "as_number": 13335, "as_country_code": "US", "as_description": "CLOUDFLARENET - Cloudflare, Inc.", "range_start": "1.1.1.0", "range_end": "1.1.1.255"}
I'm using the micro service frequently to query results from DNS enumeration and threat analysis.