
HardCIDR will query ARIN and a pool of BGP route servers - crystalPalace
https://github.com/trustedsec/hardcidr
======
natch
Beware, this script will hose / clobber and then silently clean up (delete) a
ton of various different files if files with those names happen to already
exist. To see the exact file names you'll have to carefully pick through the
script. So obviously? run it in its own directory, which is no guarantee of
safety, but should be safer.

If you have a subdirectory where you run it named after your email hostname
(such as "example/" for "example.com"), then it will prompt you to "overwrite
the contents of the directory" and then, if you accept, it will not only
overwrite the contents, it will remove the entire contents with:

    
    
        cd $outdir
        rm * 2>/dev/null
    

There's a slight violation of user expectations here. Removing and replacing
the contents isn't quite the same as overwriting the contents. It may be a
fine line, but it's better to err on the side of protecting the user's files,
not deleting them, when deciding where to come down on that fine line.

And if $outdir is empty or not there, it tries to detect that by first doing a
check for -d $outdir, but this won't save the user if $outdir gets moved aside
by another process while they are reading the prompt and before the cd
happens, leaving them in another directory. Hopefully the user has rm aliased
to rm -i but that still won't help since the rm is being run in its own shell
in the script.

I know we're not supposed to focus on the negative here on HN. I'm sure the
script is awesome for whatever it does. Just be careful out there!

~~~
CJefferson
I wish modern OSes made this easier. I would love to have an easy bullrtproof
way of saying "give me a temp directory for writing, don't let me write
anywhere else, clean up my directory after me".

~~~
cheeseprocedure
Chances are that every system this script runs on has "mktemp," and trapping
exit makes it easy to clean up when things are finished.

[https://www.mktemp.org/manual.html](https://www.mktemp.org/manual.html)

[http://redsymbol.net/articles/bash-exit-
traps/](http://redsymbol.net/articles/bash-exit-traps/)

~~~
peterwwillis
Yep, makes it much simpler to write scripts like this
[https://github.com/psypete/public-bin/blob/public-
bin/src/st...](https://github.com/psypete/public-bin/blob/public-
bin/src/stage_git_app.sh) (run an application that's stored in git, but in a
temp working directory, and clean up after)

------
jauer
OK, but what does it _do_? The README is pretty sparse. Some examples would
really help.

Edit: the header from the script is good, toss it into the README for great
success.

~~~
jlgaddis
It simplifies the process of finding the IP address blocks allocated/assigned
to an organization.

> _HardCidr is written by Jason Ashton, Senior Security Consultant at
> TrustedSec_

I'm guessing it was written with pen-testing in mind.

------
mixologic
This might give it some more context:
[https://www.trustedsec.com/march-2017/classy-inter-domain-
ro...](https://www.trustedsec.com/march-2017/classy-inter-domain-routing-
enumeration/)

~~~
mablap
It all makes sense now! This is much more pertinent than the code if you don't
know much about the subject matter.

------
javajosh
Note that this script installs "ipcalc" (or really, whatever is in
[http://jodies.de/ipcalc-archive/ipcalc-0.41.tar.gz](http://jodies.de/ipcalc-
archive/ipcalc-0.41.tar.gz)) without user interaction.

I'm generally pretty _not okay_ with scripts that curl | tar things (or apt-
get install things, which this does if it's run on a linux) from the interwebs
without my explicit consent.

~~~
jlgaddis
That shouldn't be an issue if you don't run it as root.

By running it as root, I'd argue that you _did_ give explicit consent for the
script to do anything it wants.

~~~
sigjuice
Sorry, no. The opposite, in fact. A script that demands to run as root on my
computer needs to be extremely well mannered.

~~~
jlgaddis
I certainly don't disagree with that.

If one downloads and blindly runs some random script as root, however, you are
effectively allowing it to do anything it wants.

It sounds like _javajosh_ took the time to look the script over first which,
of course, is exactly what one should do.

------
packetized
Oh, this is superfly. Easy way to build your own up-to-date ASN DB, similar to
the one from Maxmind. Think: embellishing Apache/Nginx logs with up-to-date
information about the IP address of the client, including ASN/OrgId. Useful
for identifying snowshoers spreading their footprint across a lot of
discontiguous IP addresses in one ASN/Org.

~~~
jlgaddis
If you just want to build your own IP-to-ASN table, you can download dumps of
"RIS Raw Data" [0] from RIPE and parse them if you don't yourself run BGP.

I'm a network engineer at an ISP and it's pretty common to use something like
this for analyzing traffic network when considering peering sessions, for
example. Even if you don't run BGP, you could use it for answering questions
like "how much traffic do we send to/receive from Facebook?" and such.

RIPE's RIS dumps are performed every five minutes from more than a dozen
different "vantage points" across the Internet.

ARIN used to provide an "originAS" file [1] but it looks like they quit doing
that a few years ago. You may be able to find some interesting stuff browsing
around /pub on their FTP server, though [2].

[0]: [https://www.ripe.net/analyse/internet-
measurements/routing-i...](https://www.ripe.net/analyse/internet-
measurements/routing-information-service-ris/ris-raw-data)

[1]: ftp://ftp.arin.net/pub/originAS/

[2]: ftp://ftp.arin.net/pub/

~~~
packetized
I always forget that this exists - thanks for the reminder.

------
simplehuman
I guess this is on hn because it sounds cool? It's impossible to understand
what it is.

~~~
finnn
From the top of the script:

> A tool to enumerate CIDRs by querying RIRs & BGP ASN prefix lookups

> Currently queries: ARIN, RIPE NCC, APNIC, AfriNIC, LACNIC

>

> Queries are made for the Org name, network handles, org handles, customer
> handles,

> BGP prefixes, PoCs with target email domain, and 'notify' email address -
> used by

> some RIRs.

>

> Note that severl RIRs currently limit query results to 256 or less, so large

> target orgs may not return all results.

>

> LACNIC only allows query of ASN or IP address bloks & cannot search for Org
> names

> directly. The entire DB as been downloaded to a separate file for queries to
> this RIR.

> The file will be periodically updated to maintain accurate information.

>

> Output saved to two csv files - one for org & one for PoCs

> A txt file is also output with a full list of enumerated CIDRs

>

> Author: Jason Ashton (@ninewires)

> Created: 09/19/2016

~~~
simplehuman
This might well be Arabic. I have been in the industry for over 10 years and
that explanation is meaningless

~~~
xj9
you might want to go back an re-read your networking books.

~~~
simplehuman
Care to point to a book that talks about these acronyms. They are not in comer
or Stevens both which are networking bibles

~~~
jlgaddis
Some of these acronyms are specific to BGP. You could work in networking for
years and not encounter some of them, especially if you aren't running BGP.

As far as "bibles" go, however, Halabi's _Internet Routing Architectures_ is
the BGP variant.

TCP/IP Illustrated _might_ not mention CIDR since it was still pretty new when
those books were written. My copies haven't been opened in years so I can't be
sure.

If you've performed any subnetting in the last 15 years or so, however, I
fully expect that you have encountered CIDR.

------
TheRealPomax
Those are some cool acronyms that I've never heard of. Reading the README does
not explain any more. It's quite the mystery how this got to the top-30...

~~~
jlgaddis
Perhaps because some of the people here _do_ know what the acronyms stand for?

------
popol12
I can't find how to make it work for european companies. For instance,
fnac.com doesn't give any result with the -r option. Did I miss something ?

------
natch
>The script with no specified options will query ARIN and a pool of BGP route
servers.

To what end?

------
blockfinder
see also blockfinder:

[https://github.com/ioerror/blockfinder](https://github.com/ioerror/blockfinder)

