Introduction to Pygeoip

Pygeoip is one of the modules available in Python that allows you to retrieve geographic information from an IP address. It is based on GeoIP databases, which are distributed in several files depending on their type (City, Region, Country, ISP). The module contains several functions to retrieve data, such as the country code, time zone, or complete registration with all the information related to a specific address.

Pygeoip can be downloaded from the official GitHub repository: http://github.com/appliedsec/pygeoip.

If we query the help of the module, we see the main class that must be used to instantiate an object that allows us to make the queries:

To build the object, we use a constructor that accepts a file as a database by parameter. An example of this file can be downloaded from: http://dev.maxmind.com/geoip/legacy/geolite.

The following methods that we have available in this class allow you to obtain the name of the country from the IP address or the domain name.

You can find the following code in the geoip.py file in the pygeopip folder:

import pygeoip
import pprint
gi = pygeoip.GeoIP('GeoLiteCity.dat')
pprint.pprint("Country code: %s " %(str(gi.country_code_by_addr('173.194.34.192'))))
pprint.pprint("Country code: %s " %(str(gi.country_code_by_name('google.com'))))
pprint.pprint("Country name: %s " %(str(gi.country_name_by_addr('173.194.34.192'))))
pprint.pprint("Country code: %s " %(str(gi.country_name_by_name('google.com'))))

There are also methods to obtain the organization and the service provider from the ip and host addresses:

This is an example of obtaining information for a specific organization from the ip address and domain:

gi2 = pygeoip.GeoIP('GeoIPASNum.dat')
pprint.pprint("Organization by addr: %s " %(str(gi2.org_by_addr('173.194.34.192'))))
pprint.pprint("Organization by name: %s " %(str(gi2.org_by_name('google.com'))))

There are also methods that allow us to obtain, in dictionary form, a structure with data about the country, city, latitude, or longitude:

This is an example of obtaining geolocation information from an ip address:

for record,value in gi.record_by_addr('173.194.34.192').items():
    print(record + "-->" + str(value))

We can see all the geolocation information returned by the previous script:

In the next script we have two methods, geoip_city() to obtain information about the location, and geoip_country() to obtain the country, both from the ip address.

In both methods, first instantiate a GeoIP class with the path of the file that contains the database. Next, we will query the database for a specific record, specifying the IP address or domain. This returns a record containing fields for city, region_name, postal_code, country_name, latitude, and longitude.

You can find the following code in the pygeoip_test.py file in the pygeopip folder:

import pygeoip
 
def main():
 geoip_country() 
 geoip_city()
 
def geoip_city():
 path = 'GeoLiteCity.dat'
 gic = pygeoip.GeoIP(path)
 print(gic.record_by_addr('64.233.161.99'))
 print(gic.record_by_name('google.com'))
 print(gic.region_by_name('google.com'))
 print(gic.region_by_addr('64.233.161.99'))
 
def geoip_country(): 
 path = 'GeoIP.dat'
 gi = pygeoip.GeoIP(path)
 print(gi.country_code_by_name('google.com'))
 print(gi.country_code_by_addr('64.233.161.99'))
 print(gi.country_name_by_name('google.com'))
 print(gi.country_name_by_addr('64.233.161.99'))

if __name__ == '__main__':
 main()

We can see that the returned information is the same for both cases:

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.218.93.169