Have you ever wondered where the IP address is? You probably want to know if the server you are using is actually not in your local legal system. Or, you probably have an IP address of a matchmaker and want to make sure they are where they say you are. Or, perhaps you are a forensic investigator following a suspect who wrote an threatening email or hacked someone's company.
You can now find the location of that IP address without a name or search letter.
A company called MaxMind keeps track of all IP addresses in the world filled with GPS links, area code, zip code and country. This database is not in the standard format of the related data, but there is a flat file. MaxMind charges a site license fee of $ 370 and $ 90 / month (or $ 1360 / year) for updates to this database. Their software has a nice front end that makes database queries easy enough for Windows or Mac users to manage.
MaxMind also offers a free developer version of this database without any software or reading tools. Although less accurate than the commercial version, the price is quite reasonable. All we need to find an IP location is a program to read this data.
Two programs, Jennifer Ennis and T. Williams, they have developed a small Python guide called pygeoip and released it under a GPL license that allows us to enter the IP address and extract this sensitive information. I think this course is self-explanatory, but if you want to refresh your Python skills before you go inside, check out our Python tutorials.
Step 1: Fire Up Kali & Open Terminal
The first step, in fact, is to burn our trusted Kali system, or in this case, any Linux distribution. After that, open the end.
Don't Miss: Daniel of Services (DOS) Attacks, Tools & Techniques
Note: Note the formatting below the commands. The formatting of this article will create larger spaces because it stretches the lines to fit sideways. This is because of the long URLs that try to fit in a different line. Larger spaces are about the size of a single space, so keep that in mind. Take a look at the screenshots to see what they really look like.
Step 2: Download Database
Now we need to download the database from MaxMind, and we can find it with the following typing.
kali> wget -N -q http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
After that we need to unzip it.
kali> gzip -d GeoLiteCity.dat.gz
Now let's check that the database exists by listing.
kali> ls -alh GeoLiteCity.dat
Step 3: Download & Install Pygeoip
Next, we need to install Python text to read the database, pygeoip. We can download it with the following typing.
kali> wget http://pygeoip.googlecode.com/files/pygeoip-0.1.3.zip
After that, Unzip it.
kali> unzip pygeoip-0.1.3.zip
We need to download some setup tools in the pygeoip directory.
kali> cd /pygeoip-0.1.3
kali> wget http://svn.python.org/projects/sandbox/trunk/setuptools/ez_setup.py
kali> wget http://pypi.python.org/packages/2.5/s/setuptools-0.6c11-py2.5.egg
Now let’s go and install setup tools.
kali> mv setuptools-0.6c11-py2.5.egg setuptools-0.7a1-py2.5.egg
kali> python setup.py build
kali> python setup.py install
We need to move the database to the pygeoip directory so that the script can access it without using the full method.
kali> mv GeoLiteCity.dat /pygeoip-0.1.3/GeoLiteCity.dat
Step 4: Ask the Database
Now that we have the database and the pygeoip text has been downloaded and installed, we can start querying that database via pygeoip.
Don't Miss: How to Create Smartphone Hacking Lab 2020
First, we need to start Python Shell.
kali> python
After that, you will be greeted three times >>> indicating that you are now a compact python shell. Let’s introduce a module and strengthen the category.
>>> importing pygeoip
>>> gip = pygeopip.GeoIP ('GeoLiteCity.dat')
Next, we are ready to start our question. Let's see where Google is located.
>>> rec = gip.record_by_addr ('64 .233.161.99 ')
>>> Keys.val in rec.items ():
... print "% s:% s"% (key, val)
...
Please note that it is Critical to indent the "print". If not, you will throw a mistake.
As you can see, we were able to find Google IP in Mountain View, CA at 650 locations, postal code 94043, longitude -122.0574, and latitude 37,4192. Not bad! Now, let's try to get the cnn.com IP.
Once again, the combination of the database and the pygeoip script was able to provide us with important location information for CNN's IP address.
This little tool is great for getting any IP address in the world, however, it's great. Maybe someone here in the Hackers Field community with good Python skills would like to write a collaborative script with a beautiful user interface where the user can simply enter the IP and get the recording details?
Keep coming back, my hackers, as we continue to explore hacking tools and techniques!
0 Comments