Oprand CLI Tool Overview

Learn how to use the Oprand command-line interface (CLI) to configure, manage and access your domain impersonation threat data from your terminal.

Getting Started

» opr --help
    NAME  opr - OPRAND CLI tool
  AUTHOR  https://oprand.com
   USAGE  opr [global flags] <command> [command flags] <input>
     asn, a      Get Autonomous System (ASN) information.
                   ‣ By AS number ..... opr asn AS3
                   ‣ By IP address .... opr asn
                   ‣ By domain ........ opr asn example.com
                   ‣ By the registrant
                     email's domain ... opr asn @orange.com
                   ‣ Your IP's ASN .... opr asn me
     help, h     Shows this list of commands or help for one command
 PRIVATE COMMANDS - Requires an oprand.com account
     domains, d  List your verified domains.
     results, r  Fetch your verified domains' scan results.
     config, c   Setup your Oprand API authentication credentials.
     --help, -h     show help
     --version, -v  print the version
 VERSION  0.0.3 - Commit: 4CA35C2D
     We (oprand.com and its authors) assume no liability and are not
     responsible for any misuse or damage caused by this software.

Installing Oprand CLI

You can download our latest release on Github: https://github.com/oprand/opr/releases

If you have the Golang compiler on your machine, you can install it with:

go install github.com/oprand/opr/cmd/opr@latest

Authenticate with API Credentials

The opr config command allows you to configure your authentication credentials.

These API crendentials are available on your dashboard.

opr config
Config file successfully written at `/home/emmett/.config/oprand/credentials.toml`

Possible output if the crendential file already exists:

opr config
WARN: Config file at `/home/emmett/.config/oprand/credentials.toml` already exists.
WARN: Content will be overwritten by new values entered. Press Ctrl+C to keep current values.

You can verify the credentials have been successfully written with:
cat ~/.config/oprand/credentials.toml.

Global Flags

  • --help, -h: Show help with usage instructions
  • --version, -v: Print the version


Lookup Methods

Lookup directly by specifying the AS number:

opr asn AS3

Find what ASN an IP belongs to:

opr asn

Lookup a domain, we will resolve its IP addresses and look for any ASN matching all of them:

opr asn example.com

ASN contact details include email addresses. You can look up any ASN by the domain of the registrant, admin and abuse email address:

opr asn @orange.com

A shortcut to get the ASN in charge of your own current IP:

opr asn me

IPs Under ASN

A common task when performing cybersecurity duties is to know all IP addresses belonging to a single organization. Here is how to get all IP addresses under one ASN:

opr asn --ip AS5

Similarly, all IP addresses under all AS registered with an @amazon.com or @amazonaws.com email address:

opr asn --ip @amazon.com @amazonaws.com

You can also see the CIDR (netblock) for IPv4 and IPv6:

opr asn --cidr @amazon.com @amazonaws.com

Batch queries

Several queries can be specified, regarless of their type:

opr asn AS3 example.com @orange.com

You can also have opr reads from stdin:

cat queries.txt | opr asn

JSON output

By default the output will be human-friendly, showing a hierarchy data for each ASN:

opr asn

ASN         13335
HANDLE      AS13335
SOURCE      https://oprand.com/asn/AS13335
STATUS      active
DOMAIN      cloudflare.com
REGISTRY    ARIN (https://rdap.arin.net/registry/autnum/13335)
TYPE        -
DESC        -
COUNTRY     United States
ALLOCATED   2010-07-14 22:35:57 +0000 UTC
UPDATED     2017-02-17 23:04:32 +0000 UTC
    TYPE    Org
    NAME    Cloudflare, Inc.
    COUNTRY United States
... more data

Use the --json flag to output data in JSON format. See the API documentation for a description of the schema.

opr asn --json


List Verified Domains

A verified domain is the original domain used to genered fuzzed domains.

A fuzzed domain is the result of a fuzzing operation against a verified domain. A fuzzing operation uses a fuzzer. An homoglyph fuzzer will swap some letters in the verified domains with lookalike letters. Another fuzzer is a tld-swap fuzzer, it will swap the domain tld to another. We operate several fuzzers, and combine them all.

You can list your verified domains with the `opr domains` command. Its output will indicate if the domain is current being monitored for impersonation (active) or not (inactive).

opr domains
    * example.com	[active]
    * oprand.com	[active]

INFO: active/inactive indicates whether or not suspicious domains are being checked for this domain.

The domains command accepts the --json and --csv flags.

opr domains --json
opr domains --csv

Scan Results

Human-Friendly Output

By default scan results are outputted in a human friendly format. Here is a sample for one scan results.

opr results kraken.com
krạken.com  fuzzer:homoglyph  scanned:2023-03-05 15:23 (17d ago)
DNS    A
       NS         ns29.domaincontrol.com  ns30.domaincontrol.com
WHOIS  REGISTRAR  Wild West Domains, LLC
                  [email protected]  480-624-2505
                  IANA ID: 440

WEB    VALID URL   http://xn--krken-k11b.com
       HTTP BANNER openresty
       HTTP STATUS 200
       HTML TITLE The real kraken exchabge
       LANGUAGE    EN
       Mention Domain  FALSE
       Mention Brand   FALSE
       Redirect        FALSE
SSL    ISSUER ZeroSSL ECC Domain Secure Site CA, ZeroSSL
       CERT   VALID       TRUE (expires 2023-08-07 23:59:59 +0000 UTC)
              SIGNATURE   ECDSA-SHA384 / 577EEB62 (last 8 char)
              SUBJECT     CN=xn--krken-k11b.com
              ISSUER      CN=ZeroSSL ECC Domain Secure Site CA,O=ZeroSSL,C=AT
TOTAL: 626 results

List as JSON Array

Append the --json flag to return results in JSON format.

opr results --json example.com
      "fuzzer": "homoglyph",
      "domain": "example.com",
      "fuzzed_domain": "xn--exmple-xc8b.com",
      "fuzzed_domain_unicode": "exạmple.com",
      "scanned_at": "2023-03-25T15:50:41.336839+08:00",
      "dns_a": [""],
      "dns_aaaa": [2404:6800:400a:80c::200e],
      "dns_txt": ["v=spf1 -all"],
      "dns_mx": "smtp.exạmple.com",
      "dns_ns": ["michael.ns.cloudflare.com", "kallie.ns.cloudflare.com"],
      "dns_cname": null,
      "dns_spf": "v=spf1 -all",
      "dns_dmarc": null,
      "dns_dkim": null,
      "whois_created": "2020-10-04T08:54:16Z",
      "whois_updated": "2023-02-15T10:25:58Z",
      "whois_expiring": "2023-10-04T08:54:16Z",
      "whois_abuse_email": "[email protected]",
      "whois_abuse_phone": "+1.6613102107",
      "whois_registrar": "NameCheap, Inc.",
      "whois_registrar_iana_id": "1068",
      "whois_registrant_name": "Emmett Labs",
      "whois_registrant_id": 1242,
      "whois_registrant_address": null,
      "whois_registrant_email": "[email protected]",
      "whois_registrant_country": "US",
      "web_has_http_server": true,
      "web_start_url": "http://xn--exmple-xc8b.com",
      "web_end_url": "https://xn--exmple-xc8b.com",
      "web_redirect_to_domain": false,
      "web_page_contains_domain": true,
      "web_page_contains_brand_name": true,
      "web_has_credential_harvester": true,
      "web_http_status_code": 200,
      "web_html_title": "Welcome to Example.com",
      "banner_http": "Apache",
      "web_lang": "en-US",
      "ssl_issuer_org": "Let's Encrypt",
      "ssl_issuer_country": "US",
      "ssl_issuer_addr": null,
      "ssl_issuer_common_name": R3,
      "ssl_issuer_rfc_2253_name": "CN=R3,O=Let's Encrypt,C=US",
      "ssl_subject_rfc_2253_name": "CN=xn--exmple-xc8b.com",
      "ssl_cert_not_before": "2023-02-07 14:22:08+00",
      "ssl_cert_not_after": "2023-05-08 14:22:07+00",
      "ssl_cert_sig": "165E637901...37C68D",
      "ssl_cert_sig_alg": "SHA256-RSA"
  "meta": {
    "total": 626

To filter specific data point of interest, we recommend using the jq CLI tool.

CSV Export

Append the --csv flag to return results in CSV format.

opr results --csv example.com

All keys in the JSON output above will be a different column in the CSV file.

We recommend csvkit to further filter and transform the data.

Commands Reference


opr help asn
   OPRAND CLI tool asn - Get Autonomous System information from:
                           * Its AS number (ex: AS3)
                           * Any of its member IPv4 address (ex:
                           * Any domain (ex: oprand.com)
                           * The email address' domain used to register the ASN (ex: @mit.edu)
                           * Or use "me" to get your IP's Autonomous System information

   opr asn [command flags] <as-number | ipv4 | @example.com | example.com | "me">


   --json                           Output results in JSON format (default: false)
   --ip, --ips                      Output only the assignable IPv4 under the ASN (default: false)
   --cidr, --netblocks, --netblock  Output only CIDR (IPv4 and IPv6) under the ASN (default: false)
   --help, -h                       show help


opr help config
   opr config - Setup your API authentication tokens

USAGE: opr config


opr help domains
   opr domains - List verified domains, used to generate fuzzed domains

   opr domains

   --csv                    Output results in CSV format (default: false)
   --json                   Output results in JSON format (default: false)


opr result
   opr result - Fetch all scan results

   opr result [command options] [arguments...]

   --csv                    Output results in CSV format (default: false)
   --json                   Output results in JSON format (default: false)
   --query value, -q value  Filter results by type  (accepts multiple inputs)

The --query argument accepts the following values:

  • whois: Return fuzzed domains with a Whois entry
  • whois30d: Return fuzzed domains registered less than 30 days ago
  • whois30d: Return fuzzed domains registered less than 6 months days ago
  • http: Return fuzzed domains with an HTTP server
  • mx: Return fuzzed domains with a DNS MX record
  • spf: Return fuzzed domains with a DNS TXT record set for SPF purposes
  • redirect: Return fuzzed domains redirecting to the verified domain
  • ssl: Return fuzzed domains hosting a HTTP server over SSL

You can prefix each value with a hyphen (-) to negate the query.

For instance to get all scan results with an HTTP server running, their MX/SPF DNS record set, but without SSL configured:

opr results --query=http,mx,spf,-ssl example.com

Further Information


We welcome issues and pull requests on our GitHub repository:


GNU General Public License v3.0

*** EOF ***