A Python script to show where IP addresses are coming from by plotting them on a World map.
##Requirements
PyGeoIpMap can be installed along with its dependencies easily on Ubuntu Linux with the following command:
sudo apt-get install python-numpy python-matplotlib python-mpltoolkits.basemap python-geoip
Unfortunately, there is no Python3 version of python-mpltoolkits.basemap
for the moment so this script is Python 2.7+ only.
##Usage
usage: pygeoipmap.py [-h] [-o OUTPUT] [-f {ip,csv}] [-s {f,m}] [-db DB] input
Visualize community on a map.
positional arguments:
input Input file. One IP per line or, if FORMAT set to
'csv', CSV formatted file ending with latitude and
longitude positions
optional arguments:
-h, --help show this help message and exit
-o OUTPUT, --output OUTPUT
Path to save the file (e.g. /tmp/output.png)
-f {ip,csv}, --format {ip,csv}
Format of the input file.
-s {f,m}, --service {f,m}
Geolocation service (f=FreeGeoIP, m=MaxMind local
database)
-db DB, --db DB Full path to MaxMind database file (default =
./GeoLiteCity.dat)
--extents W/E/S/N Spatial extents for the figure
(west/east/south/north). Defaults to global.
##Examples
###Using a list of IP addresses (and the FreeGeoIp web service)
A World map can be generated from a list of IP addresses by running the following command:
python pygeoipmap.py /tmp/ip.txt
The list of IP address must be saved to a text file with each IP address separated by a newline as shown below:
218.60.148.32
59.63.175.24
109.207.56.22
59.63.175.25
59.39.71.222
222.186.62.17
72.80.16.100
60.199.196.144
…
In that example above, the program will use data available from
FreeGeoIp to find the location of each IP address and generate a World map called output.png
.
###Using a MaxMind offline database
Local MaxMind database files can be used with the MaxMind GeoIP library with the --service
option:
python pygeoipmap.py /tmp/ip.txt --service m --db /path/to/GeoLiteCity.dat
###Specifying a region for the plot
python pygeoipmap.py /tmp/ip.txt --extents=-12/45/30/65 --output=ip.png
This limits the plot to Europe.
###Using a CSV file already containing latitude and longitude data
PyGeoIpMap can generate a World map without connecting to FreeGeoIp if the latitude and longitude data are available. A CSV file where the two last columns are the IP address' corresponding latitude and longitude values.
An example of a CSV file with each IP address' latitude and longitude values provided:
198.23.67.201, Dallas, United States, 32.9299, -96.8353
223.4.240.25, Hangzhou, China, 30.2936, 120.1614
74.208.213.28, Wayne, United States, 40.0548, -75.4083
119.80.39.54, Beijing, China, 39.9289, 116.3883
101.44.1.135, Shanghai, China, 31.0456, 121.3997
219.144.17.74, Xian, China, 34.2583, 108.9286
64.27.26.7, Los Angeles, United States, 34.053, -118.2642
The World map can be generated from the CSV file by running the following command:
python pygeoipmap.py -o /tmp/evil_hackers.jpg -f csv data.csv
PyGeoIpMap will output the World map /tmp/evil_hackers.jpg
as seen below.