In the previous article in the previous post, we extracted DNS names from a specific domain. That returned hostnames which are or were historically included in the infrastructure of the domain.
The Network Footprint is continuing at Level 1
In this article we look at the next step to map the level 1 network footprint – deriving IP addresses from the hostnames and the networkblock these IP addresses belong to.
In each step of the sequence we run a Transform on the output Entities that were generated by the prior Transform.
- Moving from DNS Names
We begin with the DNS Names from the previous article and then execute the Transform ‘To IP Address [DNS]’ to get IP addresses. This transform converts the input Entity by converting DNS to IP addresses.
- Deriving the Netblocks from IP Addresses
Then, we determine the netblocks the IP addresses are part of by using the Transform to Netblock [Using natural boundariesby using natural boundaries. The default Transform divides all IP addresses into blocks of 256 IP addresses. Then, it returns the block the given IP address fits into. The block size can be configured by using the Transform input (little spanner icon right next to the name of the Transform in the Transform menu).
How can Netblock Information Obtained?
Netblock information is also extracted from the routing updates issued by the Border Gateway Protocol (BGP) on the Internet backbone. The Transform ‘To Netblock [Using routing data”To Netblock [Using routing info]” uses this information in order to assign a Netblock to a given IP address.
Similar to those natural limits, it is necessary to draw a few presumptions about the size and the validity of the netblocks. The size and legitimacy of the netblock that is associated with an IP address is determined by the BGP routing view utilized by the Transform. This means that we can obtain a larger (or greater precision) or larger (less accurate) netblock with this Transform. Furthermore, the size of the netblock may not reflect all the modifications that have recently been made to it due to some delay in the generation of routing views based on BGP route updates.
- Return the AS number that owns the Netblocks
We then pivot on the netblocks returned in order to calculate their Autonomous System (AS) that controls these blocks. For this we use the Transform “To AS numbers’. This Transform returns the owner of a specific netblock by asking one of the Regional Internet Registry (RIR) databases.
- Figuring Out the Owner of the AS Numbers
Finally, we derive that the person who is the owner for the AS numbers by using the Transform “To Company OwnerTo Company [Owner]’. This Transform is able to extract the owner details of a given AS by analyzing RIR databases. RIR databases.
Uncovering Internet Infrastructure By Conducting Level 1 Network Footprint
In this article, we have seen how you can derive IP addresses netblocks AS numbers, as well as the AS owners. This, along with obtaining DNS hostnames from a domain name, is a Level 1 network footprint. It reveals the Internet infrastructure used by services that are offered under a domain name. Because companies generally provide the services they offer under their company domain, this footprint represents what infrastructure they use to provide the products or services it provides.
If you’ve are here, congratulations! Footprinting using L1 is standard in IT security, and performing the Transforms discussed in Part 1 and this blog post for new domains is tedious and repetitive. This is why protests myanmar netblocksfingasengadget.
Automate the Network Footprint of Level 1 with Machines
Machines are macros that execute a specific set of transforms. Learn how to use Machines and how to make them in this blog article.
It is possible to have all of the Transforms above run in the same order by using the L1 footprint machine. To run a machine, click on the Machines & Footprint L1 with your starting Domain Entity selected, and then wait for the magic to complete.