본문 바로가기

엔지니어/Python

pygeoip

728x90
반응형

1. GeoIP가 지원하는 언어


  • C Library
  • Perl Module
  • PHP Module
  • Apache Module (mod_geoip)
  • Java Class
  • Python Class
  • C# Class
  • Ruby Module
  • MS COM Object?(ASP, ColdFusion, Pascal, PHP, Perl, Python, and Visual Basic code)
  • VB.NET?(Only works with GeoIP Country)
  • Pascal
  • JavaScript 


2. GeoIP 설치


git clone git://github.com/appliedsec/pygeoip.git

cd pygeoip

python setup.py build

sudo python setup.py install


3. GeoIP에 사용될 IP 데이터베이스 다운로드


wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz

gunzip GeoLiteCity.dat.gz


4. IP 데이터베이스 업데이트 쉘 스크립트 만들기


: chmod +x 를 잊지 않기, tor를 사용하기 때문에 모듈 설치가 필요함.


#!/bin/sh

sudo apt-get install -y torsocks

GUNZIP="/bin/gunzip"

MAXMINDURL="http://geolite.maxmind.com/download/geoip/database"

WGET="/usr/bin/wget"

TOR="/usr/bin/usewithtor"

DATADIR=`pwd`

TMPDIR=$(mktemp -d)

if [ ! -d "\$DATADIR" ] ;

then echo "Data directory $DATADIR/ doesn't exist!" exit 1 fi if [ ! -w "\$DATADIR" ] ; 

then echo "Can't write to \$DATADIR directory!" exit 1 fi

cd "${TMPDIR}"

echo ${WGET} "${MAXMINDURL}/GeoLiteCity.dat.gz" ${TOR} \${WGET} "${MAXMINDURL}/GeoLiteCity.dat.gz" ${GUNZIP} -c "

./GeoLiteCity.dat.gz" > GeoLiteCity.dat if [ \$? != 0 ] ;

then echo "Can't download a free GeoLite City database!" exit 1 fi mv -f "GeoLiteCity.dat" "${DATADIR}/"

if [ \$? != 0 ] ;

then echo "Can't move databases file to ${DATADIR}/" exit 1 fi exit 0


5. 테스트


# python

>>> import pygeoip

>>> gi = pygeoip.GeoIP('GeoLiteCity.dat')

>>> rec = gi.record_by_name('google.com')

>>> for code,val in rec.items():

 ...         print "%s: %s" % (code,val)


city: Mountain View

region_name: CA

area_code: 650

time_zone: America/Los_Angeles

dma_code: 807

metro_code: San Francisco, CA

country_code3: USA

latitude: 37.4192

postal_code: 94043

longitude: -122.0574

country_code: US

country_name: United States


6. Matploitlib를 이용하여 지도에 표시


sudo apt-get install -y python-tk python-numpy python-matplotlib python-dev

wget http://downloads.sourceforge.net/project/matplotlib/matplotlib-toolkits/basemap-1.0.5/basemap-1.0.5.tar.gz

tar -xvzf basemap-1.0.5.tar.gz

cd basemap-1.0.5/geos-3.3.3

./configure

make

sudo make install

cd ..

python setup.py build

sudo python setup.py install


7. mapper.py 받기


svn cat http://malwarecookbook.googlecode.com/svn/trunk/5/13/mapper.py > mapper.py


8. 사용하기


python mapper.py -a 222.122.195.6,74.125.128.101


222.122.195.6 : naver.com

74.125.128.101 : google.com


9. Bash Shell로 설치


#!/bin/sh


sudo apt-get install -y subversion git-core python-tk python-numpy python-matplotlib python-dev torsocks


service tor restart

HOME_PWD=`pwd`


cd /tmp/

git clone git://github.com/appliedsec/pygeoip.git

cd pygeoip

python setup.py build

sudo python setup.py install

cd ..


wget http://downloads.sourceforge.net/project/matplotlib/matplotlib-toolkits/basemap-1.0.5/basemap-1.0.5.tar.gz

tar -xvzf basemap-1.0.5.tar.gz

cd basemap-1.0.5/geos-3.3.3

./configure

make

sudo make install

cd ..

python setup.py build

sudo python setup.py install

cd $HOME_PWD


mkdir pygeoip

cd pygeoip


cat > GeoLiteCityUpdate.sh << EOF

#!/bin/sh

GUNZIP="/bin/gunzip"

MAXMINDURL="http://geolite.maxmind.com/download/geoip/database"

WGET="/usr/bin/wget "

TOR="/usr/bin/usewithtor "

DATADIR=\`pwd\`

TMPDIR=\$(mktemp -d)

if [ ! -d "\$DATADIR" ] ; then

echo "Data directory \$DATADIR/ doesn't exist!"

exit 1

fi

if [ ! -w "\$DATADIR" ] ; then

echo "Can't write to \$DATADIR directory!"

exit 1

fi

cd "\${TMPDIR}"

echo \${WGET} "\${MAXMINDURL}/GeoLiteCity.dat.gz"

\${TOR} \${WGET} "\${MAXMINDURL}/GeoLiteCity.dat.gz" 

\${GUNZIP} -c "./GeoLiteCity.dat.gz" > GeoLiteCity.dat         

if [ \$? != 0 ] ; then

echo "Can't download a free GeoLite City database!"

exit 1

fi

mv -f "GeoLiteCity.dat" "\${DATADIR}/"

if [ \$? != 0 ] ; then

echo "Can't move databases file to \${DATADIR}/"

exit 1

fi

exit 0

EOF


chmod +x GeoLiteCityUpdate.sh

./GeoLiteCityUpdate.sh


svn cat http://malwarecookbook.googlecode.com/svn/trunk/5/13/mapper.py > mapper.py


10. 정리


GeoIP는 위와 같이 pygeoip를 설치해도 되고, 'sudo apt-get install python-geoip'로 설치해도 무관하다.

다만 악성코드 비법서에 나오는 mapper.py는 pygeoip를 사용하므로 이것을 선택햇다.

pygeoip와 python-geoip의 기능은 같지만 사용하는 명령어 모습이 아주 근소하게 다르다는 점만 알고 있으면 된다.


11. Reference


  • http://www.pointlessrants.com/2010/05/python-geoip-python-geoip-cities-tutorial/
  • 악성코드 분석가의 비법서



반응형

'엔지니어 > Python' 카테고리의 다른 글

parsing  (0) 2016.05.26
python source install  (0) 2016.05.26
Attack alrams  (0) 2016.05.26
DDoS Attack alarm(telegram)  (0) 2016.05.26
python 프로세스 죽이기  (0) 2016.05.26