Small bash script to automate the work with Qrator Radar public API. The idea is to get autonomous system (AS) number of the organization by it’s name and retrieve all related IPv4 Prefixes. Why you may need it? To be sure, for example, that you scan all the hosts of organization available from the Internet for vulnerability management, penetration testing or bug bounty activity. For smaller organizations that don’t have own AS that obviously will not work.
name="Facebook"; as=`curl -s "https://radar.qrator.net/search?query=$name" | egrep -o '/as[0-9]+' | egrep -o "[0-9]+" | head -n 1`; echo "name: $name (as$as)"; curl -s "https://radar.qrator.net/api/prefixes/$as?tab_id=current&page=1" | egrep -o '(1 \\/ [0-9]*|"pager":")' | awk 'BEGIN{a=1}{if($3==""){print 1}else{while(a<=$3){print a;a++}}}' | xargs -i curl -s "https://radar.qrator.net/api/prefixes/$as?tab_id=current&page={}" | egrep -o '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\\/[0-9]*' | sed 's|\\/|/|g' | sort -n | uniq name: Facebook (as32934) 31.13.24.0/21 31.13.64.0/18 31.13.64.0/19 31.13.64.0/24 ... 179.60.195.0/24 185.60.216.0/22 185.60.216.0/24 185.60.218.0/24 204.15.20.0/22You can search for this range at Shodan and get some scan results. That works only for registered users:
net:"185.60.218.0/24"