Wherediz IP Location Scripting

A buddy of mine that I used to work with wanted to learn Python scripting.  He created a tool that helped solve a problem we would encounter in our day to day work.  When we get alerts for servers not responding to web traffic, we usually take a look at the access logs in an attempt to find malicious traffic.  Usually malicious traffic is pretty easy to spot, however if it were a custom application, it may not be obvious.  So we would run a whois on the IP address and see where in the world the IP address is coming from.

We began creating bash scripts to pull the IP addresses that made the highest number of requests in a day, then we found we were running whois on a list of IP addresses.  We wanted a way to check all the IP addresses on the same machine without pulling up an external website.  So he created the tool Wherediz.


Original Version Github: https://gist.github.com/rackonnoiter/aaefb31bffad9e886c90

Script Optimized Version: https://github.com/jossmalo/wherediz

This tool is an API written in python to return the geographic location of an IP address.  After my buddy turned the project over to me, I attempted to make it very script friendly so the output could be incorporated into our day to day scripts.

The main website lists the details of the commands you can pass, however it is extremely simple to use.

$ curl wherediz.com/ Mountain View, California, United States

This can easily be combined into scripts to return the location of an IP address

$ for i in $(tail access.log | awk {'print $1'}) ; do curl wherediz.com/$i ; done San Antonio, Texas, United States France United Kingdom San Antonio, Texas, United States San Antonio, Texas, United States San Antonio, Texas, United States Beijing, Beijing, China United Kingdom San Antonio, Texas, United States San Antonio, Texas, United States

Its a simple tool based on the data provided from GeoLite MaxMind can save quite a few steps when combined with scripts to determine where traffic is coming from.

Post your comment


No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments