Re: [NSE] ip-geolocation

[Gorjan Petrovski <mogi57 () gmail com>]

Oh, and here's the script with the script output included in it :)

On Fri, Jun 10, 2011 at 5:39 PM, Gorjan Petrovski <mogi57 () gmail com> wrote:
> I forgot to mention that there is more information in the responses
> than that supplied with the sample output. I'm attaching a file which
> contains the responses from the services and the database in table
> form. If you think that some information should be included, please
> let me know.
>
>
> On Fri, Jun 10, 2011 at 5:36 PM, Gorjan Petrovski <mogi57 () gmail com> wrote:
> > Hi,
> >
> > Please find attached the ip-geolocation script. I've implemented IP
> > geolocation lookups on 4 web services(Geoplugin, IPInfoDB, Geobytes
> > and Quova) and a query against a Maxmind database based on the API
> > from Maxmind.
> >
> > The usage is as follows:
> > nmap --script ip-geolocation <target> [--script-args
> > ip-geolocation.{[quova],[geobytes],[ipinfodb],[geoplugin],[maxmind_db],[maxmind_db=<filename>],[maxmind_only]}]
> >
> > As you can see there are many arguments but all of them are optional.
> > When the script is run with no arguments it performs lookups on all
> > the web services. If a web service is selected, it only does lookup on
> > those services which are selected. The <maxmind_db> argument can be
> > supplied without a filename, in which case the script searches for the
> > Maxmind database as a "nselib/data/GeoLiteCity.dat" file, or if the
> > filename is present, the script treats that like a database.
> >
> > A little bit about each web service:
> > * Geoplugin looks up IP's in the free Maxmind GeoLiteCity database and
> > returns the results. I don't know why but the results which I got
> > below from Geoplugin and Maxmind are different. There is no limit on
> > the queries against this web service
> > * IPInfoDB has no limit on queries, but use of an API key is required
> > supplied through a registration to the service
> > * Geobytes has a limit of 20 requests per host per hour. Upon reaching
> > that limit it responds with a "Limit Exceeded" value, which the script
> > uses and writes to the registry so the server is not flooded with any
> > more requests during a single scan.
> > * Quova boasts that they have the best accuracy. They require a free
> > registration after which an API key is supplied. The limit is 1000
> > requests per API key per day, 2 requests per API key per second. They
> > supply 3 API keys per developer, I've inserted all 3 of them into this
> > script.
> >
> > The code for the querying of the Maxmind database is big, mainly
> > because of the big lookup tables which must be implemented into the
> > script (or maybe moved to an external file). The code can be used to
> > access any IP geolocation database supplied by Maxmind including the
> > commercial ones with greater accuracy. The Geoplugin web service
> > claims they offer access to the free Maxmind database. Those are the
> > main arguments of whether we should keep the code in the script or
> > not. I'd be sorry to have worked in vain on that code, however I have
> > no opinion on whether we should keep the code or not.
> >
> > Sample usage:
> >
> > ./nmap -Pn -sn --script ip-geolocation --script-args
> > ip-geolocation.maxmind_db  scanme.nmap.org
> >
> > Sample output:
> >
> > Host script results:
> > | ip-geolocation:
> > | 74.207.244.221 (scanme.nmap.org)
> > |   Geoplugin
> > |     coordinates (lat,lon): 39.4208984375,-74.497703552246
> > |     state: New Jersey, United States
> > |   IPInfoDB
> > |     coordinates (lat,lon): 37.5384,-121.99
> > |     city: FREMONT, CALIFORNIA, UNITED STATES
> > |   Geobytes
> > |     coordinates (lat,lon): 43.667,-79.417
> > |     city: Toronto, Ontario, Canada
> > |   Quova
> > |     coordinates (lat,lon): 37.56699,-121.98266
> > |     city: fremont, california, united states
> > |   Maxmind database
> > |     coordinates (lat,lon): 39.4899,-74.4773
> > |_    city: Absecon, Philadelphia, PA, United States
> >
> >
> > Sayonara,
> > Gorjan

Attachment: ip-geolocation.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/