Script asn-query

Script types: hostrule
Categories: discovery, external, safe

Script Summary

Maps IP addresses to autonomous system (AS) numbers.

The script works by sending DNS TXT queries to a DNS server which in turn queries a third-party service provided by Team Cymru ( using an style zone set up especially for use by Nmap. The responses to these queries contain both Origin and Peer ASNs and their descriptions, displayed along with the BGP Prefix and Country Code. The script caches results to reduce the number of queries and should perform a single query for all scanned targets in a BGP Prefix present in Team Cymru's database.

Be aware that any targets against which this script is run will be sent to and potentially recorded by one or more DNS servers and Team Cymru. In addition your IP address will be sent along with the ASN to a DNS server (your default DNS server, or whichever one you specified with the dns script argument).

Script Arguments


The address of a recursive nameserver to use (optional).

Example Usage

nmap --script asn-query [--script-args dns=<DNS server>] <target>

Script Output

Host script results:
|  asn-query:
|  BGP: | Country: US
|    Origin AS: 10565 SVCOLO-AS - Silicon Valley Colocation, Inc.
|      Peer AS: 3561 6461
|  BGP: | Country: US
|    Origin AS: 10565 SVCOLO-AS - Silicon Valley Colocation, Inc.
|_     Peer AS: 174 2914 6461



  • jah
  • Michael Pattrick

License: Same as Nmap--See


action (host)

Cached results are checked before sending a query for the target and extracting the relevant information from the response. Mutual exclusion is used so that results can be cached and so a single thread will be active at any time.


Host table.

Return value:

Formatted answers or nil on errors.


hostrule (host)

This script will run for any non-private IP address.