Intro

Nmap (Network Mapper) is a free and open-source network scanner created by Gordon Lyon. It is a valuable tool in the arsenal of a network administrator to probe networks and much more. To enhance the functionality of Nmap with IP2Location, we have created a script to return geolocation information about the Nmap target. This script uses the IP2Location BIN database files which comes in the free LITE form as well as the commercial form.

Download free LITE BIN files at https://lite.ip2location.com/

Download paid BIN files at https://www.ip2location.com/

What’s the differences between IP2Location Commercial and IP2Location LITE

How to install the IP2Location script in Nmap

We will show the steps required for Debian Linux.

• Install Nmap if you don’t already have it.

  apt-get install nmap

• Install LuaRocks which we’ll use to install our Lua package.

  apt-get install luarocks

• Install the IP2Location Lua package.

  luarocks install ip2location

• Download https://github.com/ip2location/ip2location-nmap/blob/master/ip-geolocation-ip2location.nse and copy into the /usr/share/nmap/scripts/ folder.
• Download your LITE or paid BIN file and copy to whichever folder you like. E.g. /myfolder/

Using Nmap with IP2Location Geolocation

Run the following command to call Nmap with the IP2Location results. In this example, we are probing ip2location.com on port 80 to check its status. The IP address associated with ip2location.com will be used to query the IP2Location BIN file to get its geolocation information.

nmap --script ip-geolocation-ip2location -p80 ip2location.com --script-args ip-geolocation-ip2location.ip2location_db=/myfolder/DB26.BIN

You will see the following as the result of the command.

Starting Nmap 7.93 ( https://nmap.org ) at 2023-05-02 08:26 UTC
34.224.172.222
country_short: US
country_long: United States of America
region: Virginia
city: Ashburn
isp: Amazon Technologies Inc.
latitude: 39.039474
longitude: -77.491806
domain: amazon.com
zipcode: 20146
timezone: -04:00
netspeed: T1
iddcode: 1
areacode: 703
weatherstationcode: USVA0027
weatherstationname: Ashburn
mcc: –
mnc: –
mobilebrand: –
elevation: 83
usagetype: DCH
addresstype: U
category: IAB19-11
district: Loudoun County
asn: 14618
as: Amazon.com Inc.
Nmap scan report for ip2location.com (34.224.172.222)
Host is up (0.00066s latency).
Other addresses for ip2location.com (not scanned): 2600:1f18:45b0:5b00:f5d8:4183:7710:ceec
rDNS record for 34.224.172.222: ec2-34-224-172-222.compute-1.amazonaws.com

PORT STATE SERVICE
80/tcp open http

Nmap done: 1 IP address (1 host up) scanned in 0.34 seconds

Conclusion

We believe that by combining the flexibility of Nmap with the power of geolocation data by IP2Location, network administrators will now have a more potent tool to keep their networks safe from any malicious actors.