legal contact
 

Finding a companys IP ranges

To place an attack into the right direction you will sooner or later be able to find their oficcially owned IP addresses and webservers.

Below is a list of notes I use to accomplish this task

curl -s http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum2.zip | gunzip | cut -d"," -f3 | sed 's/"//g' | sort -u | grep -i [what ever your searching for]

You'll get the AS of your search string)

whois -h whois.radb.net -- '-i origin ASxxxxx' | grep -Eo "([0-9a-f.:]+){4}/[0-9]+"

This will list the IP v4+v6 addresses associated with the AS

Download use ans search the whois databases from:
ftp://ftp.ripe.net/ripe/dbase/
ftp://ftp.apnic.net/apnic/whois/

https://github.com/RIPE-NCC/whois.git