Note: This is our submission to HackerNoon’s IP Geolocation Writing Contest. We hope you enjoy our first HackerNoon submission.
In this article, we’ll be using ip2location, Shodan and other tools as case studies for discussing IP geolocation and privacy. We’ll also do a quick walk-through by showing you some suitable tools that you can easily use to determine information about systems as you browse the web. But first, let's get a quick rundown on our subject material from Chat GPT or as we call it – the electronic brain.
Prompt: Give me a quick synopsis on IP Geo-location and explain why we might need to know this information.
ChatGPT-generated Output: IP geolocation is the process of identifying the physical location of an internet-connected device by analyzing its IP address. Every device that is connected to the internet is assigned a unique IP address, which can be used to determine the approximate geographical location of the device.
We might need to know this information for various reasons. For example, businesses can use IP Geo-location to target their advertising efforts to specific regions or countries. Law enforcement agencies can use IP Geolocation to track down cyber criminals or to locate missing persons. Website owners can use IP Geo-location to customize content based on the visitor's location.
IP Geolocation can also be used to detect fraudulent activities such as identity theft, credit card fraud, and phishing attacks. By comparing the location of the device with the user's claimed location, suspicious activities can be flagged and prevented.
Overall, IP Geo-location is a powerful tool that can provide valuable insights into the location of internet-connected devices. However, it's important to use this tool responsibly and to be aware of its limitations.
That seems straightforward enough. We’d like to add 2 points, however.
Firstly that IP location can be considered a form of open-source intelligence, or OSINT. Whilst the field of OSINT is quite broad, the general theme of the field is that it is based on information that is easily available to the public or “open source” in its nature.
Secondly, whilst IP-lookup information is a useful tool for many purposes it’s important to understand that in a world full of VPNs and proxy servers, the IP Lookup information you’re provided may link back to a VPN or proxy, guarding the user’s true IP against baseline detection.
It’s important to know what to look for in determining if this is the case for a specific address of interest or not.
When searching, we can use three main tool types for geolocation. We can use the usual web portal through the browser, a browser-based extension, or a CLI / terminal-based interface.
All systems have their own individual pros and cons and should be assessed accordingly however a good rule of thumb can be to use web-based or extension-based systems for beginners or scenarios that see lesser use, whilst terminal or command line interface options can be a better option for those more experienced users or those that prefer information without all the add-ons.
If you’re not experienced with the terminal but would like to learn more, we’d like to remind you that we’re delivering a book at the start of next year that will walk you through exactly that. With tutorials on command line-based search, privacy-based browsing, and how to easily set up temporary email and sms facilities via the command line, Command Line for Investigators will take you through the steps you need to configure your Linux-based terminal for OSINT analysis.
An example of this could be the portal provided by the competition sponsor, ip2location. Providing 50 free lookups a day without an account and more if you register for a free account, this is a simple easy way to determine information about individual IP addresses or address blocks without needing to provide registration information.
If you’d like further features including the ability to save your search and interface them with CLI tools then it’s worth signing up for an account to take advantage of these additional features. This isn’t essential however and can be used in a limited capacity within the browser straight away.
Another web-based option is Shodan. Shodan, whilst being more in-depth, provides a larger field of search information including a myriad of search tags that allow you to search by country, device type and more. Unlike ip2location however, you’ll need to register for an account to make the best use of the service, so if you’re looking for a simple lookup, you may find ip2location to be a quicker option for you.
If you need to check your own IP address to check that your VPN is working or see what your potential for fingerprinting is, whatismyipaddress.com will give you a lookup providing ipv4 and ipv6 addresses where relevant.
Whilst not providing lookup information a worthy mention is the range of tools provided by the electronic frontier foundation. Giving you the ability to ensure https, check your browser fingerprint, and more, this is a worthwhile stop for any privacy advocate or budding OSINT investigator. You can find these at https://www.eff.org/pages/tools where you’ll see a number of these useful tools and extensions available for your use, free of charge.
You’ll also find some handy browser extensions that can run automatically and give you this information at your fingertips. If you’re a regular lookup user you may find this a better option than a dedicated web portal as it doesn’t require regular sign-in or pasting of address information.
For Firefox users, the Flagfox extension will give you country of origin information in the address bar, with more information at a right-click available to the user. Pooling service information which includes custom configuration, Flagfox is a powerful yet simple tool when used correctly and is a good example of easily integrating these tools into your workflow.
Shodan also has a browser extension that's used extensively. Providing IP information, server history, and location as well as port information, this extension also allows you to look up information on Shodan’s website, giving you the ability to conduct further searches with little input giving you a broader look at the address information. Working well for power uses, the Shodan lookup tool is good for basic analysis whilst providing further information to the users as required.
Ip2location also provides users with a simple browser extension to provide lookup information. Whilst a simpler tool than the previously mentioned options, it’s still extremely useful for providing basic lookup information. You’ll find an Ip2location extension should be available for most of the common browsers.
We’ve left terminal information for last as we feel this is a personal choice based on one’s preferences. Some people have no interest in using the command line, whilst others are experienced users, being able to do IP lookup and other networking enumeration.
There are many well-known tools for gathering OSINT via the command line. However simplicity is best with a terminal, use it (or don’t) in a manner that compliments your workflow style. With that said, here are three tools that may be of interest to the new command line user. Whilst an install walk-through is outside the scope of this article you’ll find enough information online to assist you with installing these into your own setup along with active communities to assist you in troubleshooting should it be needed.
It’s also worth checking GitHub for options as many tools and packages have been written to assist in simple searches. Remember to check the code closely before you run it, particularly if you are giving it sudo / admin rights to your machine. It’s up to the user to determine safe code, malware will always be out there.
Ip2Location: In our opinion, the best way to use ip2location via the terminal is to simply use the provided inputs on the ip2location.io website. You can also find provided code snippets using bash, PHP, Java, and even find simple curl requests to assist you in searching.
Whilst you’ll need to register for an API key to get the best from the service, it’s a usable format, with a reasonable request limit on the free plan, and is even useful for beginner terminal users.
Given that you can use it with something as simple as curl, you can start experimenting with this tool simply by looking at command or code snippets and running them in your own terminal. You can find more information on this at ip2location.io/ip2location-documentation
Shodan: We have a familiar contender for number two, by including Shodan in our list of CLI-based tools. There's a reason why it deserved a mention in all three categories. Shodan is an extremely useful tool regardless of UI style. However, the command line version deserves a particular mention for working in a terminal as it provides a simple and effective way to collect and process domain, system, and user information in an easy-to-process format.
It’s also a useful tool for beginners to start with, providing simple command inputs and an extensive help menu to guide you through the process, allowing you to obtain and learn useful inputs. You can even alias commands to shorten your search time or extract specific pieces of information.
Recon-NG: Whilst not just a Geolocation tool we’ve given a particular nod to Recon-NG for its configurability. With addable modules and good information and tutorials, Recon-NG can be used to provide a reasonably detailed picture of many open-source intelligence items of interest and can be configured to provide only relevant information to its user.
Whilst there is a technical penalty provided with learning and effectively using this tool, it’s a good option for terminal users to start with if for no other reason than taking the time to effectively use the CLI means you effectively have access to a vast range of tools within it, along with ways of collating and processing this acquired information efficiently. Install modules and learn as needed. You’ll be surprised at the configuration you’re able to achieve using freeware tools alone.
We’d be remiss to touch on terminal usage and not remind users of the ability of aliases to effectively reduce your workflow. Rather than typing and retyping common commands, you may find assigning commands an alias a much more effective way to conduct your OSINT. Whilst bash history, scripting, and other tools have their place, aliasing can also be an effective way of navigating your way through menus and accessing your command line resources efficiently.
Plus, by configuring your own personalized aliases in your .bash_aliases
file you’ve taken the first steps towards effectively configuring your own terminals to be more personalized to suit your own circumstances.
If you’re a Linux user (and let’s face it, if you’re learning command line then you should be) why don’t you have a look at what else is in that file or your main .bashrc config file.
Is there anything else you’d like to customize, like your own greeting on startup, or a script to provide a random motivation. Perhaps you’d like to add neo-fetch so you can check out your system vitals and network information when the terminal opens. Maybe you can use a script to set up for search, logging into ip2location or shodan and providing your API key automatically each time the terminal opens.
Small mods like these are a great place to begin picking up little tips and tricks that will improve your ability to navigate the terminal and understand the Linux file and configuration system in a way that allows you to use it efficiently. Remember – master bash then take over the world….or something like that.
So there you have it! Our first submission to the HackerNoon writing contest is now complete.
We may look at a second submission that walks you through enumeration in some more detail depending on reader feedback. We’d like to remind people though, if you’re interested in learning in network resources and open source intelligence in general that there are a myriad of tools and solutions to assist you in your learning journey.
Whilst it can be daunting taking on and learning a new topic there are many skilled bloggers and writers out there who enjoy breaking down these topics into ways that are easy for the beginner to follow. But the spirit of OSINT is following the information on a journey to where ever it goes. So don’t be afraid of using that flight tracker, or scouring GitHub for tools that interest you. Doing is still an effective way of learning. And if you’re people shy, don’t forget that we even live in a world where chat GPT is a very usable tool for tutoring.
And in the interest of staying fair we’d like to finish by adding an affiliate link to an open source intelligence book that you may find useful in your pathways. We have no association with the author, and was not paid for any review or promotion. We’ve simply included additional study tools that we have both used and believe are worthy of peoples time and money. If you’d like to jump down the rabbit hole and put your own investigative skills to the test, these resources will give you all the information you need to make things happen and up your terminal game.
Check out our book: Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information
The lead image for this article was generated by HackerNoon's AI Image Generator via the prompt "a map on a smartphone".