0. Args are "search term" and "output file" containing the networks
1. The work begins with a whois -h whois.arin.net (n [NAME]) from which the NET portion is extracted using some sed syntax
2. For each of the NETs another whois query is performed which then contains the information I am after: the network in CIDR notation
3. This output is appended to $OUTPUT and we're done!
4. Display some suggested nmap syntax
Example (No, I don't work for Starbucks):
mac$ netenum.sh "starbucks coffee*" networks.txt
64.14.140.192/26
64.14.141.80/28
65.102.167.24/29
199.233.178.0/23
204.238.150.0/24
63.226.236.24/29
12.144.131.0/25
12.17.135.0/24
12.104.77.120/29
12.104.80.32/29
12.104.90.0/26
98.96.0.0/14
12.18.140.16/28
12.18.169.88/29
12.18.141.0/25
12.18.169.64/29
12.22.22.192/29
12.40.197.248/29
12.162.215.160/29
12.104.137.16/29
12.158.165.144/29
12.29.122.208/29
12.232.230.224/27
12.19.194.200/29
12.19.194.192/29
12.238.255.240/29
12.163.246.64/29
12.165.41.160/29
12.181.208.96/29
12.173.177.168/29
12.191.157.56/29
99.145.144.32/29
99.182.106.176/29
63.241.138.184/29
63.241.138.96/28
63.241.135.88/29
63.241.155.128/29
76.210.220.232/29
69.229.78.32/29
99.140.26.112/29
99.15.108.40/29
Done searching WHOIS for records matching starbucks coffee*
If you don't like what you see run the command manually: whois -h whois.arin.net "n starbucks coffee*"
sudo nmap -sP -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10000 -T4 --source-port 53 -iL networks.txt -oA SCAN_REPORT
mac$ netenum.sh "starbucks coffee*" networks.txt
64.14.140.192/26
64.14.141.80/28
65.102.167.24/29
199.233.178.0/23
204.238.150.0/24
63.226.236.24/29
12.144.131.0/25
12.17.135.0/24
12.104.77.120/29
12.104.80.32/29
12.104.90.0/26
98.96.0.0/14
12.18.140.16/28
12.18.169.88/29
12.18.141.0/25
12.18.169.64/29
12.22.22.192/29
12.40.197.248/29
12.162.215.160/29
12.104.137.16/29
12.158.165.144/29
12.29.122.208/29
12.232.230.224/27
12.19.194.200/29
12.19.194.192/29
12.238.255.240/29
12.163.246.64/29
12.165.41.160/29
12.181.208.96/29
12.173.177.168/29
12.191.157.56/29
99.145.144.32/29
99.182.106.176/29
63.241.138.184/29
63.241.138.96/28
63.241.135.88/29
63.241.155.128/29
76.210.220.232/29
69.229.78.32/29
99.140.26.112/29
99.15.108.40/29
Done searching WHOIS for records matching starbucks coffee*
If you don't like what you see run the command manually: whois -h whois.arin.net "n starbucks coffee*"
sudo nmap -sP -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10000 -T4 --source-port 53 -iL networks.txt -oA SCAN_REPORT
Get it here: https://docs.google.com/leaf?id=0B3oC9uB5ETAbNTU0MDRlYmMtMzE2YS00Yzg0LWJlN2QtZjcxMzFhNWU5ZmNl&hl=en
May need to run through dos2unix after downloading from Google docs
Posts
