From c68af471b00e0a11e58c363b12627d6de16d6d9a Mon Sep 17 00:00:00 2001
From: david <david@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Mon, 6 Feb 2012 08:20:53 +0000
Subject: [PATCH] Add asn-to-prefix.nse by John Bond.

---
 CHANGELOG                 |  3 ++
 scripts/asn-to-prefix.nse | 94 +++++++++++++++++++++++++++++++++++++++
 scripts/script.db         |  1 +
 3 files changed, 98 insertions(+)
 create mode 100644 scripts/asn-to-prefix.nse

diff --git a/CHANGELOG b/CHANGELOG
index 737f6c6b0..bd4c3b623 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,8 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE] Added asn-to-prefix.nse by John Bond, to convert AS numbers to
+  IP address ranges and optionally scan them.
+
 o [NSE] Modified the sql-injection script to use the httpspider library.
   [Lauri Kokkonen]
 
diff --git a/scripts/asn-to-prefix.nse b/scripts/asn-to-prefix.nse
new file mode 100644
index 000000000..4f7bd82d0
--- /dev/null
+++ b/scripts/asn-to-prefix.nse
@@ -0,0 +1,94 @@
+description = [[
+Produces a list of prefixes for a given ASN.
+
+This script uses a whois server database operated by the Shadowserver
+Foundation.
+
+Output is in CIDR notation. If the <code>newtargets</code> script
+argument is given, all discovered prefixes will be added to the Nmap
+target list for scanning.
+
+http://www.shadowserver.org/wiki/pmwiki.php/Services/IP-BGP
+]]
+
+---
+-- @args asn-to-prefix.asn The ASN to search.
+-- @args asn-to-prefix.whois_server The whois server to use. Default: asn.shadowserver.org.
+-- @args asn-to-prefix.whois_port The whois port to use. Default: 43.
+-- @args newtargets Add discovered targets to Nmap scan queue.
+--
+-- @usage
+-- nmap --script asn-to-prefix --script-args asn-to-prefix.asn={65000,65001}[asn-to-prefix.whois_server=asn.shadowserver.org,asn-to-prefix.whois_port=43,newtargets]
+--
+-- @output
+-- 53/udp open  domain  udp-response
+-- | asn-to-prefix:
+-- |_    127.0.0.0/8
+
+author = "John Bond"
+license = "Simplified (2-clause) BSD license--See http://nmap.org/svn/docs/licenses/BSD-simplified"
+
+categories = {"discovery"}
+
+require "stdnse"
+require "shortport"
+require "target"
+
+prerule = function()
+	return true
+end
+
+action = function(host, port)
+	local asns, whois_server, whois_port, err, status
+	local results = {}
+
+	asns = stdnse.get_script_args('asn-to-prefix.asn')
+	whois_server = stdnse.get_script_args('asn-to-prefix.whois_server')
+	whois_port = stdnse.get_script_args('asn-to-prefix.whois_port')
+	newtargets = stdnse.get_script_args('asn-to-prefix.newtargets')
+
+	if not asns then
+		return stdnse.format_output(true, "asn-to-prefix.asn is a mandatory parameter")
+	end
+	if not whois_server then
+		whois_server = "asn.shadowserver.org"
+	end
+	if not whois_port then
+		whois_port = 43
+	end
+
+	for _, asn in ipairs(asns) do
+		local socket = nmap.new_socket()
+
+		local prefixes = {}
+		prefixes['name'] = asn
+
+		status, err = socket:connect(whois_server, whois_port)
+		if ( not(status) ) then
+			table.insert(prefixes, err)
+		else
+			status, err = socket:send("prefix " .. asn .. "\n")
+			if ( not(status) ) then
+				table.insert(prefixes, err)
+			else
+				while true do
+					local status, data = socket:receive_lines(1)
+					if ( not(status) ) then
+						table.insert(prefixes, err)
+						break
+					else
+						for i, prefix in ipairs(stdnse.strsplit("\n",data)) do
+							table.insert(prefixes,prefix)
+							if target.ALLOW_NEW_TARGETS then
+								stdnse.print_debug("Added targets: "..prefix)
+								local status,err = target.add(prefix)
+							end
+						end
+					end
+				end
+			end
+		end
+		table.insert(results,prefixes)
+	end
+	return stdnse.format_output(true, results)
+end
diff --git a/scripts/script.db b/scripts/script.db
index 0511a6730..9ea9fd894 100644
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -6,6 +6,7 @@ Entry { filename = "afp-serverinfo.nse", categories = { "default", "discovery",
 Entry { filename = "afp-showmount.nse", categories = { "discovery", "safe", } }
 Entry { filename = "amqp-info.nse", categories = { "default", "discovery", "safe", "version", } }
 Entry { filename = "asn-query.nse", categories = { "discovery", "external", "safe", } }
+Entry { filename = "asn-to-prefix.nse", categories = { "discovery", } }
 Entry { filename = "auth-owners.nse", categories = { "default", "safe", } }
 Entry { filename = "auth-spoof.nse", categories = { "malware", "safe", } }
 Entry { filename = "backorifice-brute.nse", categories = { "brute", "intrusive", } }