GeoIPgen

GeoIPgen is a country to IP addresses generator.

Download geoipgen-0.4.tar.gz
Latest Version 0.4, 7th March 2009
License BSD
Author Andrew Horton aka urbanadventurer

⚠️ GeoIPgen version 0.4 is not currently working. The project requires an update since the GeoLite Legacy MaxMind database that GeoIPGen relies on was discontinued by MaxMind on January 2, 2019. If you installed GeoIPgen before this time you can continue to use GeoIPgen and will be unaffected except that you will be unable to update the database.

Introduction

GeoIPgen is a country-to-IPs generator. It’s a geographic IP generator for IPv4 networks that uses the MaxMind GeoLite Country database.

This is useful for enabling the accurate targeting of Internet scanning to the allocated IP v4 address space of one or more countries.

Geoipgen is the first published software that uses a geographic ip database in reverse to translate from country-to-IPs instead of the usual use of IP-to-country to produce the complete set of IP addresses for a country. Previously software has generated IP address ranges so that entire countries can be blocked by a firewall and the technique used by geoipgen has been discussed before by the GNUcitizen researchers.

Video Tutorial

Vivek Ramachandran from Security Tube has made an excellent video tutorial for geoipgen titled Geo Targeting Cyber Attacks using IP Addresses.

Usage

./geoipgen -h
Usage: ./geoipgen [OPTION]… [COUNTRYCODE]…
Version 0.4 by Andrew Horton aka urbanadventurer, MorningStar Security
Homepage: http://morningstarsecurity.com/research/geoipgen
 
GeoIPgen is a country-to-IPs generator. It’s a geographic IP generator for IPv4 networks that uses the MaxMind GeoLite Country database.
Features: Random or sorted order, unique or repeating IPs, skips broadcast addresses, one, many or all countries.
 
Target:
COUNTRYCODE One or more country codes, delimited by spaces
Use ‘all’ to target all country codes. Use -l to see a list.
-n NUM Exits after NUM IPs have been generated
 
Unique or repeating:
-u, –unique Return each IP in the countries once only (default)
–repeat IPs can repeat with random order
 
Order:
-s, –sorted Order is sorted, ascending
–random Order is random (default)
 
Other:
-h, –help This message
-l, –list-countries List countries and their country codes
-c DIRECTORY Location of GeoIPCountryWhois.csv database
Default locations: ./, /home/user/.geoipgen/, /usr/local/share/
-V, –version Print version information. This version is 0.4
 
Example Usage:
 
How to generate random IPs for the whole world, enumerating each IP once only.
* geoipgen all
 
Find out how many IPs are allocated to Israel
* geoipgen –sorted il | wc -l
 
How to generate all IPs for New Zealand
* geoipgen nz
 
How to generate all IPs for New Zealand and Australia
* geoipgen nz au
 
How to generate 10000 IPs in Far East Asia
* geoipgen -n 10000 cn hk mn tw mo jp kr kp
 
How to continually generate IPs for the United States, with repeats
* geoipgen –repeat us

Installation

See the INSTALL file

How to reverse resolve a country

This can aid in testing the accuracy of the MaxMind location data by finding IP address blocks potentially attributed to the wrong country.

For example, an IP address block could be attributed to New Zealand by Maxmind’s database but when each IP is resolved is found to have many hostnames ending in .sk indicates the ip block belongs to Slovakia and MaxMind has misattributed the location data.

For fast DNS resolution, use an asynchronous resolver like adns.

How to install GNU adns

Download and follow instructions from http://www.chiark.greenend.org.uk/~ian/adns/
or use apt-get on Debian or Ubuntu Linux.

sudo apt-get install libadns1-bin

Pipe IPs to adnsresfilter and only output resolved IPs

./geoipgen nz | adnsresfilter -w -a | egrep “\[.*\]”
broadband-telecom.global-gateway.net.nz[125.238.151.47]
161-65-114-241.ip.fx.net.nz[161.65.114.241]
c0.d0.33.static.xlhost.com[209.51.208.192]
203-114-177-78.dsl.sta.inspire.net.nz[203.114.177.78]
ds7a04.cc.waikato.ac.nz[130.217.64.150]

Credits

Geoipgen is authored by Andrew Horton (urbanadventurer) andrew [at] morningstarsecurity.com.
Thanks to MaxMind for making their GeoLite Country database freely available.