Permalink
Browse files

First commit

  • Loading branch information...
0 parents commit cec4028e962336f8046f29139eac3aaea3ebc238 @EricR committed Aug 2, 2012
Showing with 108 additions and 0 deletions.
  1. +18 −0 .gitignore
  2. +44 −0 README.md
  3. +46 −0 netscan.rb
@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+coverage
+InstalledFiles
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+
+# YARD artifacts
+.yardoc
+_yardoc
+doc/
@@ -0,0 +1,44 @@
+# NetList
+
+NetList is a small networking and security aduting script I wrote in Ruby. Given a search term, it will query
+the ARIN database for an organization and all of its related networks. This can assist a pen tester in finding
+which networks are owned by the target, and noting them for later scan and aduit.
+
+## Example
+
+ $ ruby netlist.rb facebook
+ [!] Starting NetList script...
+ [!] Found 3 organizations matching your query, "facebook".
+ [!] Starting network lookup queries...
+
+ ----- FACEBOOK (FACEB) -----
+
+ * UU-65-201-208-24-D7
+ 65.201.208.24 - 65.201.208.31
+
+ ----- Facebook Inc (FACEB-1) -----
+
+ * FACEBOOK-CORP
+ 2620:10D:C000:: - 2620:10D:C0FF:FFFF:FFFF:FFFF:FFFF:FFFF
+
+ ----- Facebook, Inc. (THEFA-3) -----
+
+ * TFBNET3
+ 66.220.144.0 - 66.220.159.255
+
+ * TFBNET4
+ 74.119.76.0 - 74.119.79.255
+
+ * TFBNET1
+ 204.15.20.0 - 204.15.23.255
+
+ * TFBNET2
+ 69.63.176.0 - 69.63.191.255
+
+ * FACEBOOK-IPV6-BLOCK-1
+ 2620:0:1C00:: - 2620:0:1CFF:FFFF:FFFF:FFFF:FFFF:FFFF
+
+ * FACEBOOK-INC
+ 173.252.64.0 - 173.252.127.255
+
+ [!] Done. Enjoy!
@@ -0,0 +1,46 @@
+require 'subexec'
+require 'open-uri'
+require 'json'
+
+target_org = ARGV[0]
+
+puts "[!] Starting script..."
+
+orgs = {}
+org_search_results = Subexec.run("curl -s -H \"Accept: application/json\" \"http://whois.arin.net/rest/orgs;name=#{target_org}*\"").output
+begin
+ org_search_results = JSON.parse(org_search_results)
+ org_search_results["orgs"]["orgRef"].each do |org|
+ orgs[org["@name"]] = {:handle => org["@handle"] }
+ end
+rescue
+ ""
+end
+
+puts "[!] Found #{orgs.count} organizations matching your query, \"#{ARGV[0]}\"."
+puts "[!] Starting network lookup queries...\n\n"
+
+orgs.each do |org, info|
+ orgs[org][:nets] = {}
+ nets_search_results = Subexec.run("curl -s -H \"Accept: application/json\" \"http://whois.arin.net/rest/org/#{info[:handle]}/nets\"").output
+ begin
+ nets_search_results = JSON.parse(nets_search_results)
+ nets_search_results["nets"]["netRef"] = [nets_search_results["nets"]["netRef"]] if nets_search_results["nets"]["netRef"].class != Array
+ nets_search_results["nets"]["netRef"].each do |info|
+ orgs[org][:nets][info["@name"]] = { :start => info["@startAddress"], :end => info["@endAddress"] }
+ end
+ rescue
+ ""
+ end
+end
+
+orgs.each do |k, v|
+ puts "----- #{k} (#{v[:handle]}) -----"
+ v[:nets].each do |netk, netv|
+ puts "\n* #{netk}\n #{netv[:start]} - #{netv[:end]}\n"
+ end
+ puts "\n"
+end
+
+puts "[!] Done. Enjoy!"
+

0 comments on commit cec4028

Please sign in to comment.