Nmap Development mailing list archives

Re: [NSE] Local IP geolocation script

From: Philipp Emanuel Weidmann <philipp.weidmann () gmx de>
Date: Mon, 17 Nov 2008 00:05:34 +0100

Script formatting got screwed up during email transit, here it is againas an attachment.


Philipp

-- NOTE: In order for this script to work, you must download the GeoLite Country database from
-- http://www.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip,
-- unpack it, and place it in the Nmap main directory (where the other Nmap data files are, too)

id          = "IP geolocation"

description = "Displays the location of the scanned host (country only), \
taken from the GeoLite Country database.\n\
NO information WHATSOEVER is sent from the scanning machine."

author      = "Philipp E. Weidmann <philipp.weidmann () gmx de>"

license     = "Script: Same as Nmap, see http://nmap.org/book/man-legal.html; \
GeoLite Country database: See http://www.maxmind.com/download/geoip/database/LICENSE.txt";

categories  = {"default", "discovery"}


require "ipOps"


hostrule = function(host)
  return not ipOps.isPrivate(host.ip)
end


action = function(host)
  local ipnumber
  local range_start
  local range_end
  local countrycode
  local countryname
  
  ipnumber = 16777216 * tonumber(string.match(host.ip, '([0-9]+)')) + 
                65536 * tonumber(string.match(host.ip, '[0-9]+\.([0-9]+)')) + 
                  256 * tonumber(string.match(host.ip, '[0-9]+\.[0-9]+\.([0-9]+)')) + 
                        tonumber(string.match(host.ip, '[0-9]+\.[0-9]+\.[0-9]+\.([0-9]+)'))
  
  for line in io.lines(nmap.fetchfile("GeoIPCountryWhois.csv")) do
    range_start = tonumber(string.match(line, '"[0-9\.]+","[0-9\.]+","([0-9]+)"'))
    range_end   = tonumber(string.match(line, '"[0-9\.]+","[0-9\.]+","[0-9]+","([0-9]+)"'))
    countrycode = string.match(line, '"[0-9\.]+","[0-9\.]+","[0-9]+","[0-9]+","([^"]+)"')
    countryname = string.match(line, '"[0-9\.]+","[0-9\.]+","[0-9]+","[0-9]+","[^"]+","([^"]+)"')
    
    if (ipnumber >= range_start) and (ipnumber <= range_end) then
      return countryname .. " (" .. countrycode .. ")"
    end
  end
  
  return
end


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Re: [NSE] scripts/data directory, (continued)
- - - Re: [NSE] scripts/data directory jah (Nov 17)
    - Re: [NSE] scripts/data directory Kris Katterjohn (Nov 17)
    - Re: [NSE] scripts/data directory jah (Nov 18)
  - Re: [NSE] Local IP geolocation script Philipp Emanuel Weidmann (Nov 18)
    - Re: [NSE] Local IP geolocation script Ron (Nov 18)
    - Re: [NSE] Local IP geolocation script Fyodor (Nov 18)
    - Re: [NSE] Local IP geolocation script Philipp Emanuel Weidmann (Nov 18)
    - Re: [NSE] Local IP geolocation script Fyodor (Nov 18)
    - Re: [NSE] Local IP geolocation script Ron (Nov 18)
    - Re: [NSE] script IDs jah (Nov 18)
- Re: [NSE] Local IP geolocation script Philipp Emanuel Weidmann (Nov 16)
  - [NSE] NSE External Dependencies (was: Local IP geolocation script) Arturo 'Buanzo' Busleiman (Nov 16)
    - Re: [NSE] NSE External Dependencies (was: Local IP geolocation script) Michael Pattrick (Nov 16)
    - Re: [NSE] NSE External Dependencies Arturo 'Buanzo' Busleiman (Nov 16)
    - Re: [NSE] NSE External Dependencies Arturo 'Buanzo' Busleiman (Nov 16)