nikit0s/pius
1
0
Fork 0
mirror of https://github.com/praetorian-inc/pius.git synced 2026-06-20 09:27:29 +00:00
Code Issues Projects Releases Packages Wiki Activity
Page: CIDR Plugins
Pages
Architecture CIDR Plugins Configuration Contributing Domain Plugins FAQ Home Installation Plugins Quick Start Guide Troubleshooting
1 CIDR Plugins
anushka edited this page 2026-03-13 10:51:03 -05:00
Table of Contents

Pius CIDR Plugins - IP Range Discovery

Pius includes 9 CIDR discovery plugins that find IP ranges owned by an organization across all five Regional Internet Registries (ARIN, RIPE, APNIC, AFRINIC, LACNIC), plus BGP tables and Shodan.

How does CIDR discovery work in Pius?

CIDR discovery uses a three-phase pipeline:

  1. Phase 0 - Independent plugins (asn-bgp, shodan) discover CIDRs directly
  2. Phase 1 - Handle discovery plugins (whois, edgar) find RIR organization handles from the company name
  3. Phase 2 - Resolution plugins (arin, ripe, apnic, afrinic, lacnic) resolve handles to CIDR blocks

This separation enables accurate multi-RIR coverage while keeping plugins loosely coupled.

All CIDR plugins

Plugin Phase Data Source Protocol RIR Coverage
asn-bgp 0 (independent) RIPE RIS BGP tables HTTP REST Global (announced prefixes)
shodan 0 (independent) Shodan net: search HTTP REST Global (requires SHODAN_API_KEY)
whois 1 (handle discovery) All 5 RIRs HTTP REST ARIN, RIPE, APNIC, AFRINIC, LACNIC
edgar 1 (handle discovery) SEC EDGAR filings HTTP REST Global (public companies)
arin 2 (resolution) ARIN RDAP RDAP (RFC 7483) North America
ripe 2 (resolution) RIPE RDAP RDAP (RFC 7483) Europe, Middle East, Central Asia
lacnic 2 (resolution) LACNIC RDAP RDAP (RFC 7483) Latin America & Caribbean
apnic 2 (resolution) APNIC RPSL database Cached gzip file Asia-Pacific
afrinic 2 (resolution) AFRINIC RPSL database Cached gzip file Africa

What is the difference between RDAP and RPSL plugins?

RDAP plugins (arin, ripe, lacnic) make live HTTP queries to each registry's RDAP API per RFC 7483. One request is made per handle, providing the freshest data.

RPSL plugins (apnic, afrinic) download the full registry database as a gzip file once per day and parse it locally. RPSL offers lower latency after the initial download but data may be up to 24 hours old.

What are RIR organization handles?

RIR handles are unique identifiers assigned by Regional Internet Registries to organizations that hold IP address allocations. For example:

  • ACME-1 is an ARIN handle
  • ORG-ACME-RIPE is a RIPE handle

The whois plugin queries all five RIRs for handles matching the organization name. The edgar plugin finds handles by pattern-matching SEC EDGAR filings. These handles are then passed to Phase 2 plugins for CIDR resolution.

CIDR discovery examples

# Passive CIDR discovery via all 5 RIRs
pius run --org "Acme Corp"

# Direct BGP lookup from ASN
pius run --org "Acme Corp" --asn AS12345 --plugins asn-bgp

# Only query ARIN (faster for US-based organizations)
pius run --org "Acme Corp" --plugins whois,arin

# Target specific registries
pius run --org "Acme Corp" --plugins whois,arin,ripe,apnic,afrinic,lacnic

Related pages

Pius Wiki

Built by Praetorian | Apache 2.0 License | Report Issues