Welcome back hackers, after a short break today i am here to share with you a new kali tutorial to find the ip address of any website and trace its exact location, i know there is a lot of tutorials to find location of ip address but all of them are really sucks, means they only give us only country details or sometimes shows random places for an ip, and if you want to know the exact location of a website then you need a search warrant but here i will demonstrate you how to find the ip address of any website and how to know its exact location without any search warrant or subpoena.
IP address, hope you all know what is IP. In this tutorial first we need to find the ip address of website in order to trace the location, without ip there is no way to find the location so for this purpose we will use Maltego information gathering tool and it is pre-installed in our favorite Kali Linux.
Maltego is popular information gathering tool but it will not show us the exact place of website, so we will use MaxMind database to find the location. MaxMind is company maintaining a database of the locations of every ip address in the world and their location status includes GPS coordinates, area code, zip code and country. MaxMind software is little expensive but the good news is they are also providing a free developers version of this database without any softwares or tools to read it.
Pygeoip, is a small python script we are also using in this tutorial. It is developed by two programmers named Jennifer Ennis and T.Williams and it is released under GPL license that enables us to input an ip address and output this critical information.
How to find the ip address with maltego
Maltego, is an open source intelligence and forensics application. This is a GUI tool so looks different. Maltego is an information gathering tool that allows you to visually see relationships and it focuses on providing a library of transforms for discovery of data from open sources, and visualizing that information in a graph format, suitable for link analysis and data mining.
Maltego allows you to enumerate network and domain information like Domain Names, Whois Information, DNS Names, Netblocks, IP Addresses etc
Maltego also allows you to enumerate People information like:
- Email addresses associated with a person’s name
- Web sites associated with a person’s name
- Phone numbers associated with a person’s name
- Social groups that are associated with a person’s name
- Companies and organizations associated with a person’s name etc
Tracing the exact location of website
Step 1: Boot Kali Linux and open up a terminal
First of all run our favorite Kali system and open up a new terminal.
If you are new to kali linux then i recommend you to read my older post about kali linux and will guide you through the installation process and also it will also teach you the kali basics: An Introduction To Hacker’s OS: Kali Linux Setup Tutorial
Step 2: Download MaxMind database
Now we need to download the database from MaxMind, and we can get it by typing the following.
Then we need to unzip it.
gzip -d GeoLiteCity.dat.gz
Let’s now check that the database is in place by listing the directory.
ls -alh GeoLiteCity.dat
Step 3: Download & Install Pygeoip
Next, we need to install the Python script to read the database, pygeoip. We can download it by typing the following.
Then, unzip it.
We next need to download some setup tools into the pygeoip directory.
Now type following:
Let’s now move and then build and install the setup tools.
mv setuptools-0.6c11-py2.5.egg setuptools-0.7a1-py2.5.egg
python setup.py build
python setup.py install
We need to move the database to the pygeoip directory so that script can access it without having to use the full path.
mv GeoLiteCity.dat /pygeoip-0.1.3
Step 4: Query the Database
Now that we have the database in place and the pygeoip script downloaded and installed, we can begin to query that database with pygeoip.
First, we need to start a Python shell.
Then, you will be greeted will the triple >>> indicating you are now in an interactive python shell. Let’s import the module and instantiate the class.
>>> import pygeoip>>> gip = pygeopip.GeoIP(‘GeoLiteCity.dat’)
Next, we are ready to begin our query. Let’s see where Google is located.
>>> rec = gip.record_by_addr(‘22.214.171.124‘)
>>> for key,val in rec.items():
… print “%s: %s” %(key,val)
Please note that it is critical to indent the “print”. If not, you will throw an error.
As you can see, we were able to locate Google’s IP in Mountain View, CA at area code 650, postal code 94043, longitude -122.0574, and latitude 37.4192. Not bad!.
Once again, the combination of the database and pygeoip script was able to provide us with key location information on CNN’s IP address.
This little tool is great for locating any IP address in the world, albeit, it is a bit clunky. Maybe someone here in the Null Byte community with good Python skills would like to write an interactive script with a nice user interface where the user can simply enter the IP and get the record information?. Thank you, if you have any doubts please type down a comment.