1. GeoIP가 지원하는 언어
- C Library
- Perl Module
- PHP Module
- Apache Module (mod_geoip)
- Java Class
- Python Class
- C# Class
- Ruby Module
- MS COM Object?(ASP, ColdFusion, Pascal, PHP, Perl, Python, and Visual Basic code)
- VB.NET?(Only works with GeoIP Country)
- Pascal
- JavaScript
2. GeoIP 설치
git clone git://github.com/appliedsec/pygeoip.git
cd pygeoip
python setup.py build
sudo python setup.py install
3. GeoIP에 사용될 IP 데이터베이스 다운로드
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
gunzip GeoLiteCity.dat.gz
4. IP 데이터베이스 업데이트 쉘 스크립트 만들기
: chmod +x 를 잊지 않기, tor를 사용하기 때문에 모듈 설치가 필요함.
#!/bin/sh
sudo apt-get install -y torsocks
GUNZIP="/bin/gunzip"
MAXMINDURL="http://geolite.maxmind.com/download/geoip/database"
WGET="/usr/bin/wget"
TOR="/usr/bin/usewithtor"
DATADIR=`pwd`
TMPDIR=$(mktemp -d)
if [ ! -d "\$DATADIR" ] ;
then echo "Data directory $DATADIR/ doesn't exist!" exit 1 fi if [ ! -w "\$DATADIR" ] ;
then echo "Can't write to \$DATADIR directory!" exit 1 fi
cd "${TMPDIR}"
echo ${WGET} "${MAXMINDURL}/GeoLiteCity.dat.gz" ${TOR} \${WGET} "${MAXMINDURL}/GeoLiteCity.dat.gz" ${GUNZIP} -c "
./GeoLiteCity.dat.gz" > GeoLiteCity.dat if [ \$? != 0 ] ;
then echo "Can't download a free GeoLite City database!" exit 1 fi mv -f "GeoLiteCity.dat" "${DATADIR}/"
if [ \$? != 0 ] ;
then echo "Can't move databases file to ${DATADIR}/" exit 1 fi exit 0
5. 테스트
import pygeoip
gi = pygeoip.GeoIP('GeoLiteCity.dat')
rec = gi.record_by_name('google.com')
for code,val in rec.items():
... print "%s: %s" % (code,val)
city: Mountain View
region_name: CA
area_code: 650
time_zone: America/Los_Angeles
dma_code: 807
metro_code: San Francisco, CA
country_code3: USA
latitude: 37.4192
postal_code: 94043
longitude: -122.0574
country_code: US
country_name: United States
6. Matploitlib를 이용하여 지도에 표시
sudo apt-get install -y python-tk python-numpy python-matplotlib python-dev
wget http://downloads.sourceforge.net/project/matplotlib/matplotlib-toolkits/basemap-1.0.5/basemap-1.0.5.tar.gz
tar -xvzf basemap-1.0.5.tar.gz
cd basemap-1.0.5/geos-3.3.3<
make
sudo make install
cd ..
python setup.py build
sudo python setup.py install
7. mapper.py 받기
svn cat http://malwarecookbook.googlecode.com/svn/trunk/5/13/mapper.py > mapper.py
8. 사용하기
python mapper.py -a 222.122.195.6,74.125.128.101
222.122.195.6 : naver.com
74.125.128.101 : google.com
9. Bash Shell로 설치
#!/bin/sh
sudo apt-get install -y subversion git-core python-tk python-numpy python-matplotlib python-dev torsocks
service tor restart
HOME_PWD=`pwd`
cd /tmp/
git clone git://github.com/appliedsec/pygeoip.git
cd pygeoip
python setup.py build
sudo python setup.py install
cd ..
wget http://downloads.sourceforge.net/project/matplotlib/matplotlib-toolkits/basemap-1.0.5/basemap-1.0.5.tar.gz
tar -xvzf basemap-1.0.5.tar.gz
cd basemap-1.0.5/geos-3.3.3
./configure
make
sudo make install
cd ..
python setup.py build
sudo python setup.py install
cd $HOME_PWD
mkdir pygeoip
cd pygeoip
cat > GeoLiteCityUpdate.sh << EOF
#!/bin/sh
GUNZIP="/bin/gunzip"
MAXMINDURL="http://geolite.maxmind.com/download/geoip/database"
WGET="/usr/bin/wget "
TOR="/usr/bin/usewithtor "
DATADIR=\`pwd\`
TMPDIR=\$(mktemp -d)
if [ ! -d "\$DATADIR" ] ; then
echo "Data directory \$DATADIR/ doesn't exist!"
exit 1
fi
if [ ! -w "\$DATADIR" ] ; then
echo "Can't write to \$DATADIR directory!"
exit 1
fi
cd "\${TMPDIR}"
echo \${WGET} "\${MAXMINDURL}/GeoLiteCity.dat.gz"
\${TOR} \${WGET} "\${MAXMINDURL}/GeoLiteCity.dat.gz"
\${GUNZIP} -c "./GeoLiteCity.dat.gz" > GeoLiteCity.dat
if [ \$? != 0 ] ; then
echo "Can't download a free GeoLite City database!"
exit 1
fi
mv -f "GeoLiteCity.dat" "\${DATADIR}/"
if [ \$? != 0 ] ; then
echo "Can't move databases file to \${DATADIR}/"
exit 1
fi
exit 0
EOF
chmod +x GeoLiteCityUpdate.sh
./GeoLiteCityUpdate.sh
svn cat http://malwarecookbook.googlecode.com/svn/trunk/5/13/mapper.py > mapper.py
10. 정리
GeoIP는 위와 같이 pygeoip를 설치해도 되고, 'sudo apt-get install python-geoip'로 설치해도 무관하다.
다만 악성코드 비법서에 나오는 mapper.py는 pygeoip를 사용하므로 이것을 선택햇다.
pygeoip와 python-geoip의 기능은 같지만 사용하는 명령어 모습이 아주 근소하게 다르다는 점만 알고 있으면 된다.
11. Reference
- http://www.pointlessrants.com/2010/05/python-geoip-python-geoip-cities-tutorial/
- 악성코드 분석가의 비법서
반응형
'Information Security > OpenSource' 카테고리의 다른 글
iScanner (1) | 2013.01.16 |
---|---|
Pygoogle.py (1) | 2013.01.10 |
thug (1) | 2013.01.02 |
Phoneyc (1) | 2012.12.18 |
YARA-Project (1) | 2012.11.15 |