Nmap Development mailing list archives

Re: [NSE] ip-geolocation

From: Gorjan Petrovski <mogi57 () gmail com>
Date: Fri, 10 Jun 2011 22:34:20 +0200

Hello Jacob,

Thanks for your reply.

Your program is very cool indeed. I like how instead of relying on
external services it gathers data directly from the sources, like a
fast localized whois, and the parsing is really truly fast.
Unfortunately because it stores the data locally(and it's a lot of
data) I'm afraid it won't be a fitting addition for Nmap. Apart from
that I can see that it relies on the Maxmind databases for
geolocation, and I've already implemented that. As I mentioned in my
first email, my implementation for parsing the Maxmind databases is
likely to be dropped because of unneeded redundancy and the fact that
the user has to download the databases. Nevertheless I'll discuss your
method of whois with the NSE mentors.

Hopefully, someone will answer these posts too.

As for me, I'm totally keeping the program for future use :)

Best Regards,
Gorjan


On Fri, Jun 10, 2011 at 7:43 PM, Jacob Appelbaum <jacob () appelbaum net> wrote:

On Fri, Jun 10, 2011 at 3:36 PM, Gorjan Petrovski <mogi57 () gmail com> wrote:


Hi,

Please find attached the ip-geolocation script. I've implemented IP
geolocation lookups on 4 web services(Geoplugin, IPInfoDB, Geobytes
and Quova) and a query against a Maxmind database based on the API
from Maxmind.

The usage is as follows:
nmap --script ip-geolocation <target> [--script-args

ip-geolocation.{[quova],[geobytes],[ipinfodb],[geoplugin],[maxmind_db],[maxmind_db=<filename>],[maxmind_only]}]

As you can see there are many arguments but all of them are optional.


Hi Gorjan,
I've implemented a program that has quite a lot of metadata locally and
would be useful for use in your script:
https://github.com/ioerror/blockfinder
This will provide you with RIR, LIR, GeoIP and other sources of data. If
you'd like me to write a specific output format, I'd be happy to do it.
All the best,
Jacob

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] ip-geolocation Gorjan Petrovski (Jun 10)
- Re: [NSE] ip-geolocation Gorjan Petrovski (Jun 10)
  - Re: [NSE] ip-geolocation Gorjan Petrovski (Jun 10)
- Re: [NSE] ip-geolocation Jacob Appelbaum (Jun 10)
  - Re: [NSE] ip-geolocation Gorjan Petrovski (Jun 10)
    - Re: [NSE] ip-geolocation Jacob Appelbaum (Jun 10)
    - Re: [NSE] ip-geolocation Gorjan Petrovski (Jun 13)
    - Re: [NSE] ip-geolocation Gorjan Petrovski (Jun 28)
- Re: [NSE] ip-geolocation galaxywatcher (Jun 10)
- Re: [NSE] ip-geolocation Patrick Donnelly (Jun 13)
  - Re: [NSE] ip-geolocation Gorjan Petrovski (Jun 14)
    - Re: [NSE] ip-geolocation Gorjan Petrovski (Jun 17)
    - Message not available
    - Re: [NSE] ip-geolocation Gorjan Petrovski (Jun 17)
    - Re: [NSE] ip-geolocation Fyodor (Jun 19)
    - Re: [NSE] ip-geolocation Gorjan Petrovski (Jun 19)

(Thread continues...)