IP2Location Geolocation information with Nmap


Nmap (Network Mapper) is a free and open-source network scanner created by Gordon Lyon. It is a valuable tool in the arsenal of a network administrator to probe networks and much more. To enhance the functionality of Nmap with IP2Location, we have created a script to return geolocation information about the Nmap target. This script uses the IP2Location BIN database files which comes in the free LITE form as well as the commercial form.

Download free LITE BIN files at https://lite.ip2location.com/

Download paid BIN files at https://www.ip2location.com/

What’s the differences between IP2Location Commercial and IP2Location LITE

How to install the IP2Location script in Nmap

We will show the steps required for Debian Linux.

Using Nmap with IP2Location Geolocation

Run the following command to call Nmap with the IP2Location results. In this example, we are probing ip2location.com on port 80 to check its status. The IP address associated with ip2location.com will be used to query the IP2Location BIN file to get its geolocation information.

nmap --script ip-geolocation-ip2location -p80 ip2location.com --script-args ip-geolocation-ip2location.ip2location_db=/myfolder/DB26.BIN

You will see the following as the result of the command.

Starting Nmap 7.93 ( https://nmap.org ) at 2023-05-02 08:26 UTC
country_short: US
country_long: United States of America
region: Virginia
city: Ashburn
isp: Amazon Technologies Inc.
latitude: 39.039474
longitude: -77.491806
domain: amazon.com
zipcode: 20146
timezone: -04:00
netspeed: T1
iddcode: 1
areacode: 703
weatherstationcode: USVA0027
weatherstationname: Ashburn
mcc: –
mnc: –
mobilebrand: –
elevation: 83
usagetype: DCH
addresstype: U
category: IAB19-11
district: Loudoun County
asn: 14618
as: Amazon.com Inc.
Nmap scan report for ip2location.com (
Host is up (0.00066s latency).
Other addresses for ip2location.com (not scanned): 2600:1f18:45b0:5b00:f5d8:4183:7710:ceec
rDNS record for ec2-34-224-172-222.compute-1.amazonaws.com

80/tcp open http

Nmap done: 1 IP address (1 host up) scanned in 0.34 seconds


We believe that by combining the flexibility of Nmap with the power of geolocation data by IP2Location, network administrators will now have a more potent tool to keep their networks safe from any malicious actors.

Was this article helpful?

Related Articles