Thursday, 24 March 2016

Find the Exact Location Of Any IP Address

Have you ever wondered where the physical location of an IP address is? Maybe you want to know if that proxy server you are using is actually out of your local legal jurisdiction. Or, maybe you have the IP address of someone you are corresponding with and want to make certain they are where they say they are. Or, maybe you are a forensic investigator tracking down a suspect who wrote a threatening email or hacked someone's company.

Now you can find the location of that IP address without a subpoena or search warrant.

A company called MaxMind maintains a database of the location of every IP address on the planet complete with GPS coordinates, area code, zip code, and country. This database is not in a typical relational database format, but rather in a flat file. MaxMind charges a $370 site license and $90/month (or $1360/year) for updates to this database. Their software has a beautiful front end that makes querying the database easy enough that even Windows or Mac users can manage.
MaxMind also gives away a free developers version of this database without any software or tools to read it. Although slightly less accurate than the commercial version, the price is certainly right. All we need to find the location of the IP is a program to read this data.
Two programmers, Jennifer Ennis and T. Williams, have developed a small Python script called pygeoip and released it under the GPL license that enables us to input an IP address and output this critical information.
Step 1: Fire Up Kali & Open a Terminal
The first step, of course, is to fire up our our trusty Kali system, or in this case, any Linux distribution. Then, open a terminal.
Note: Be cautious of the formatting below for commands. The formatting of this article will create big space gaps since it stretches lines out to fit the margins. This is because of long URLs that try to fit themselves on a separate line. Large spaces equals just one space, so keep that in mind. Refer to the screenshots to see how they actually look.
Step 2: Download the Database
Now we need to download the database from MaxMind, and we can get it by typing the following.
Then we need to unzip it.
kali> gzip -d GeoLiteCity.dat.gz

Let's now check that the database is in place by listing the directory.
kali > ls -alh GeoLiteCity.dat

Step 3: Download & Install Pygeoip

Next, we need to install the Python script to read the database, pygeoip. We can download it by typing the following.

Then, unzip it.

kali > unzip

We next need to download some setup tools into the pygeoip directory.
kali > cd /pygeoip-0.1.3

Let's now move and then build and install the setup tools.
kali > mv setuptools-0.6c11-py2.5.egg setuptools-0.7a1-py2.5.egg
kali > python build
kali > python install

We need to move the database to the pygeoip directory so that script can access it without having to use the full path.
kali > mv GeoLiteCity.dat /pygeoip-0.1.3/GeoLiteCity.dat
Step 4: Query the Database
Now that we have the database in place and the pygeoip script downloaded and installed, we can begin to query that database with pygeoip.
First, we need to start a Python shell.
kali > python
Then, you will be greeted will the triple >>> indicating you are now in an interactive python shell. Let's import the module and instantiate the class.
>>>import pygeoip
>>>gip = pygeopip.GeoIP('GeoLiteCity.dat')
Next, we are ready to begin our query. Let's see where Google is located.
>>>rec = gip.record_by_addr('')
>>>for key.val in rec.items():
... print "%s: %s" %(key,val)
Please note that it is critical to indent the "print". If not, you will throw an error.
As you can see, we were able to locate Google's IP in Mountain View, CA at area code 650, postal code 94043, longitude -122.0574, and latitude 37.4192. Not bad! Now, let's try to locate the IP of
Once again, the combination of the database and pygeoip script was able to provide us with key location information on CNN's IP address.

No comments:

Post a Comment