Nmap (Network Mapper) is a free and open-source network scanner created by Gordon Lyon. It is a valuable tool in the arsenal of a network administrator to probe networks and much more. To enhance the functionality of Nmap, we have created a script to return geolocation information about the Nmap target. This script uses the IP2Location BIN database files which comes in the free LITE form as well as the commercial form.
Download free LITE BIN files at https://lite.ip2location.com/
Download paid BIN files at https://www.ip2location.com/
How to install the IP2Location script in Nmap
We will show the steps required for Debian Linux.
- Install Nmap if you don’t already have it.
apt-get install nmap
- Install LuaRocks which we’ll use to install our Lua package.
apt-get install luarocks
- Install the IP2Location Lua package.
luarocks install ip2location
- Download https://github.com/ip2location/ip2location-nmap/blob/master/ip-geolocation-ip2location.nse and copy into the /usr/share/nmap/scripts/ folder.
- Download your LITE or paid BIN file and copy to whichever folder you like. E.g. /myfolder/
How to use Nmap with IP2Location
Run the following command to call Nmap with the IP2Location results. In this example, we are probing ip2location.com on port 80 to check its status. The IP address associated with ip2location.com will be used to query the IP2Location BIN file to get its geolocation information.
nmap --script ip-geolocation-ip2location -p80 ip2location.com --script-args ip-geolocation-ip2location.ip2location_db=/myfolder/DB24.BIN
You will see the following as the result of the command.
Starting Nmap 7.40 ( https://nmap.org ) at 2019-04-08 07:07 UTC
country_long: United States
isp: Amazon Technologies Inc.
Nmap scan report for ip2location.com (188.8.131.52)
Host is up (0.00053s latency).
Other addresses for ip2location.com (not scanned): 2600:1f18:45b0:5b00:f5d8:4183:7710:ceec
rDNS record for 184.108.40.206: ec2-34-224-172-222.compute-1.amazonaws.com
PORT STATE SERVICE
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds
We believe that by combining the flexiblity of Nmap with the power of geolocation data by IP2Location, network administrators will now have a more potent tool to keep their networks safe from any malicious actors.