As I carry out a significant amount of OSInt work I often bump into the problem of needing to enumerate IP addresses. This can include knowing what my own external IP address is. Simply running ifconfig (or ipconfig in Windows) will provide my internal addresses but not the internet facing address from the router. This is especially important when trying to ensure that you are hidden from a target. It could be that I connect to a VPN or proxy elsewhere in the world but how can I be sure that my IP address is hidden?
A student on my recent Advanced OSI course related a story of a colleague researching a very dangerous group and suddenly realising that their VPN software had crashed and that their Police IP address was now visible in their targets logs – not good!
Their are loads of tools, especially Firefox plugins, that will report your IP and the IP of the site you are on, WorldIP is a favourite. However, I wanted to write a small program that would monitor my IP and report if it changes. I also wanted to be able to write a tool to do batch look ups of domains and IP’s and extract their Geolocation information.
I stumbled across freegeoip.net. It is a simple IP look up site but with an API. It allows 10,000 look ups per day for free which is more than enough (for most days!).
To use just type into your browser –
and it will return information about your own external IP address into a CSV file. Lovely! The results look like this…
You can also specify /xml, /json and /jsonp.
By adding a URL or IP address to the query will return the information about that address…
…and it returns…
18.104.22.168,US,United States,NY,New York,Somers,10589,America/New_York,41.33,-73.70,501
or if you specify /xml…
<Response><IP>22.214.171.124</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>Somers</City><ZipCode>10589</ZipCode><TimeZone>America/New_York</TimeZone><Latitude>41.325</Latitude><Longitude>-73.698</Longitude><MetroCode>501</MetroCode></Response>
To do this programmatically perhaps from a Shell script I can just use wget
Using this I can write a simple background tool that monitors my IP address and notifies me of any change. It will also be easy to have a tool which can be pointed at a text file of IPs or domains and returns all the information to me. That will save loads of time.
I’ll post the tools when I’ve done them.