Ever find yourself needing to map out all IP ranges owned by a company? Like, really map it out—not just their website, but their entire network footprint across the internet?

This is where BGPeepr can help.

The Genesis#

Back in 2015, I was doing recon work and kept finding myself manually digging through BGP routing tables trying to figure out what networks belonged to who. After the hundredth time copying and pasting ASNs and CIDR blocks, I thought: “there has to be a better way.”

So I hacked together a Bash script that could fuzzy-search organization names against the IPtoASN database and pull all their network ranges. It worked great for a few years—until 2019, when MaxMind threw up a bunch of restrictions on their GeoIP data and basically killed the original access model. The script went dormant.

Fast forward to 2025: I stumbled across a regularly-updated IPtoASN dataset on GitHub, and the itch came back. I rewrote the whole thing in Python to make it more maintainable and shareable, and BGPeepr was reborn.

How It Works#

The internet’s routing system (BGP - Border Gateway Protocol) is essentially a massive public ledger of who owns what IP space. Organizations get assigned Autonomous System Numbers (ASNs), and those ASNs announce which IP ranges they control.

BGPeepr taps into this:

  1. Fuzzy matches your search term against organization names in the IPtoASN database
  2. Extracts ASNs associated with those matches
  3. Maps out all CIDR blocks announced by those ASNs
  4. Dumps everything to your terminal (or JSON/CSV if you’re automating)

It’s like DNS in reverse—instead of “what IPs does this domain resolve to?”, you’re asking “what IP ranges does this entire organization control?”

Real-World Uses#

This tool is clutch for:

  • Red team ops: Mapping attack surfaces before engagements
  • Bug bounty: Finding all the infrastructure in scope
  • OSINT: Building profiles of corporate network infrastructure
  • Security research: Understanding organizational network architecture
  • Blue team: Inventory checks and asset discovery

Usage Examples#

Dead simple. Want to see what Microsoft owns?

python3 bgpeepr.py microsoft

Need the actual IP ranges too?

python3 bgpeepr.py oracle -p

Automating and need structured output?

python3 bgpeepr.py amazon -p -oJ amazon.json -oC amazon.csv

Want IPv6 ranges included? (because it’s 2025 and IPv6 appears to finally be in use)

python3 bgpeepr.py google -p -6

You can also use a local IPtoASN file if you’re doing offline work or don’t want to hit the API repeatedly:

python3 bgpeepr.py cloudflare -p -l ./ip2asn-v4.tsv

Under the Hood#

The tool is surprisingly simple—about 250 lines of Python doing four main things:

1. Data Source

BGPeepr pulls from a regularly-updated GitHub repo (pl-strflt/iptoasn) that maintains TSV files mapping IP ranges to ASNs and organizations. The data is compressed, so the script downloads and decompresses it in-memory before parsing.

2. Fuzzy Matching

Your search term gets compiled into a case-insensitive regex that scans through the organization names in the database. So searching for “micro” will match “Microsoft”, “Microchip”, “Micron”, etc. I found this to be way more useful than requiring exact matches, and has even led to some happy accidents!

3. IP Range → CIDR Conversion

The raw data stores IP ranges as start/end pairs (like 104.16.0.0 to 104.31.255.255). The script uses netaddr.IPRange to convert these to proper CIDR blocks (104.16.0.0/12), then aggregates them using IPSet to avoid redundant entries.

4. Export Pipeline

Results can go to stdout (terminal), JSON (structured data), or CSV (spreadsheet-friendly). The JSON output includes nested arrays of prefixes per ASN, while CSV flattens everything into rows.

Dependencies:

pip install requests netaddr

That’s it. No frameworks, no database—just a focused tool that queries public BGP data and formats it nicely.

Get It!#

Source code is up on GitHub: axiom0x0/BGPeepr

Pull requests welcome. If you find it useful or build something cool with it, let me know.