Scanning IP Blocks

Adversaries may scan victim IP blocks to gather information that can be used during targeting. Public IP addresses may be allocated to organizations by block, or a range of sequential addresses.

Identify AS Number:

https://bgp.he.net/bgp.he.net

Public IP blocks discovery

• Shodan

• Censys

• Hunter.how

• onyphe.io

• en.fofa.info

• app.netlas.io

• fullhunt.io

• binaryedge.io

Sub domain discovery

• amass

• crt.sh

• Censys

• Facebook Developer

• sublist3r

• subfinder

• Theharvester

• assetfinder

• virustotal

• Phonebook