Wednesday, January 2, 2013

Using GeoIP to query IP location database

First, download IP database:
http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
Install Python pupi libs: http://pypi.python.org/pypi/pygeoip/
Extract, go to extracted folder and type: #python setup.py install

File geo.py:
import pygeoip
import dns.resolver
import sys
import re

gi =pygeoip.GeoIP('GeoLiteCity.dat')

def name2ip(dnsname):
    answers = dns.resolver.query(dnsname, 'A')
    for rdata in answers:
           return rdata
def printRecord(tgt):
    rec =gi.record_by_name(tgt)
    city =rec['city']
    region =rec['region_name']
    country =rec['country_name']
    long =rec['longitude']
    lat =rec['latitude']
    print '[*] Target: ' +tgt
    print '[+] '+str(city)+', '+str(region)+', '+str(country)
    print '[+] Latitude: '+str(lat)+', Longitude: '+str(long)

str1 = sys.argv[1]
is_ip = re.match("^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$", str1)
is_domain = re.match("^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])$", str1)

if is_ip:
    printRecord(str1)

if is_domain:
    ip = str(name2ip(str1))
    printRecord(ip)

Run it:
#python geo.py hacking.vn
------------------------------------------------------------
Thanks for reading
--------------------------------------------------------------------------
Security Research
All my Lab:
Linux Lab -- window and Cisco Lab
to be continued - I will update more.

2 comments:

Anonymous said...

Please post result for testing case.

Free SEO Tools said...

IP Location Finder tool will provide get geolocation of any web ip address including city, country, latitude, longitude and more

Install Xposed Inspector and Frida on Genymotion

Today i had some work with android. So i need trace application. I found 2 nice tool can help me: Xposed Inspector and Frida. To setup ther...