Introduction to pygeoip

pygeoip is one of the modules that's available in Python that allows you to retrieve geographic information from an IP address. It is based on GeoIP databases, which are distributed in several files depending on their type (city, region, country, ISP). The module contains several functions to retrieve data, such as the country code, time zone, or complete registration with all the information related to a specific address.

pygeoip can be downloaded from the official GitHub repository: http://github.com/appliedsec/pygeoip.

To build the object, we use a constructor that accepts a file as a database by parameter. An example of this file can be downloaded from http://dev.maxmind.com/geoip/legacy/geolite.

In the following script, we have two methods: geoip_city(domain,ipaddress), to obtain information about the location, and geoip_country(domain,ipaddress) to obtain the country, both from the IP address and domain. In both methods, we must first instantiate a GeoIP class with the path of the file that contains the database. Next, we will query the database for a specific record, specifying the IP address or domain. This returns a record that contains fields for city, that is, region_name, postal_code, country_name, latitude, and longitude.

You can find the following code in the pygeoip_test.py file in the geopip folder:

!/usr/bin/env python3
 
import pygeoip
import argparse

def geoip_city(domain,ipaddress):
    path = 'GeoLiteCity.dat'
    gic = pygeoip.GeoIP(path)
    print(gic.record_by_addr(ipaddress))
    print(gic.region_by_name(domain))
 
def geoip_country(domain,ipaddress): 
    path = 'GeoIP.dat'
    gi = pygeoip.GeoIP(path)
    print(gi.country_code_by_name(domain))
    print(gi.country_name_by_addr(ipaddress))

if __name__ == '__main__':
 parser = argparse.ArgumentParser(description='Get geolocation from domain and ip address')
 parser.add_argument('--domain', action="store", dest="domain",  default='www.packtpub.com')
 parser.add_argument('--ipaddress', action="store", dest="ipaddress",  default='83.166.169.231')
 given_args = parser.parse_args()
 domain = given_args.domain
 ipaddress = given_args.ipaddress
 geoip_city(domain,ipaddress)
 geoip_country(domain,ipaddress)

This is the output of the previous script with the default parameters:

{'dma_code': 0, 'area_code': 0, 'metro_code': None, 'postal_code': 'RH15', 'country_code': 'GB', 'country_code3': 'GBR', 'country_name': 'United Kingdom', 'continent': 'EU', 'region_code': 'P6', 'city': 'Burgess Hill', 'latitude': 50.9667, 'longitude': -0.13329999999999131, 'time_zone': 'Europe/London'}
 {'country_code': 'GB', 'region_code': 'P6'}
 GB
 United Kingdom

This is the output of the previous script with the amazon.com domain:

$ python pygeoip_test.py --domain www.amazon.com --ipaddress 143.204.191.30
 
 {'dma_code': 819, 'area_code': 206, 'metro_code': 'Seattle-Tacoma, WA', 'postal_code': '98109', 'country_code': 'US', 'country_code3': 'USA', 'country_name': 'United States', 'continent': 'NA', 'region_code': 'WA', 'city': 'Seattle', 'latitude': 47.6344, 'longitude': -122.34219999999999, 'time_zone': 'America/Los_Angeles'}
 {'country_code': 'US', 'region_code': 'WA'}
 US
 United States
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset