GeoIPgen is a country to IP addresses generator.

Download http://geoipgen.googlecode.com/files/geoipgen-0.4.tar.gz
Latest Version 0.4, 7th March 2009
License BSD
Author Andrew Horton aka urbanadventurer, MorningStar Security

Introduction

GeoIPgen is a country-to-IPs generator. It’s a geographic IP generator for IPv4 networks that uses the MaxMind GeoLite Country database.

Geoipgen is the first published software that uses a geographic ip database in reverse to translate from country-to-IPs instead of the usual use of IP-to-country to produce the complete set of IP addresses for a country. Previously software has generated IP address ranges so that entire countries can be blocked by a firewall and the technique used by geoipgen has been discussed before by the GNUcitizen researchers.

Video Tutorial

Vivek Ramachandran from Security Tube has made an excellent video tutorial for geoipgen titled Geo Targeting Cyber Attacks using IP Addresses.

Installation

See the INSTALL file

Usage

Usage: ./geoipgen [OPTION]… [COUNTRYCODE]…
Version 0.4 by Andrew Horton aka urbanadventurer, MorningStar Security
Homepage: http://www.morningstarsecurity.com/research/geoipgen

GeoIPgen is a country-to-IPs generator. It’s a geographic IP generator for IPv4 networks that uses the MaxMind GeoLite Country database.
Features: Random or sorted order, unique or repeating IPs, skips broadcast addresses, one, many or all countries.

Target:
COUNTRYCODE One or more country codes, delimited by spaces
Use ‘all’ to target all country codes. Use -l to see a list.
-n NUM Exits after NUM IPs have been generated

Unique or repeating:
-u, –unique Return each IP in the countries once only (default)
–repeat IPs can repeat with random order

Order:
-s, –sorted Order is sorted, ascending
–random Order is random (default)

Other:
-h, –help This message
-l, –list-countries List countries and their country codes
-c DIRECTORY Location of GeoIPCountryWhois.csv database
Default locations: ./, /home/user/.geoipgen/, /usr/local/share/
-V, –version Print version information. This version is 0.4

Example Usage:

How to generate random IPs for the whole world, enumerating each IP once only.
$ geoipgen all

Find out how many IPs are allocated to Israel
$ geoipgen –sorted il | wc -l

How to generate all IPs for New Zealand
$ geoipgen nz

How to generate all IPs for New Zealand and Australia
$ geoipgen nz au

How to generate 10000 IPs in Far East Asia
$ geoipgen -n 10000 cn hk mn tw mo jp kr kp

How to continually generate IPs for the United States, with repeats
$ geoipgen –repeat us

How to reverse resolve a country

This can aid in testing the accuracy of the MaxMind location data by finding IP address blocks potentially attributed to the wrong country. For example, an IP address block could be attributed to New Zealand by Maxmind’s database but when each IP is resolved is found to have many hostnames ending in .sk indicates the ip block belongs to Slovakia and MaxMind has misattributed the location data.

For fast DNS resolution, use an asynchronous resolver like adns.

How to install GNU adns
Download and follow instructions from http://www.chiark.greenend.org.uk/~ian/adns/
or

$ sudo apt-get install libadns1-bin

Pipe IPs to adnsresfilter and only output resolved IPs

$ ./geoipgen nz | adnsresfilter -w -a | egrep “\[.*\]”

Example Output

broadband-telecom.global-gateway.net.nz[125.238.151.47]
161-65-114-241.ip.fx.net.nz[161.65.114.241]
c0.d0.33.static.xlhost.com[209.51.208.192]
203-114-177-78.dsl.sta.inspire.net.nz[203.114.177.78]
ds7a04.cc.waikato.ac.nz[130.217.64.150]

Performance

Geoipgen uses an algorithm to traverse the IP map returning each IP once only. This algorithm uses some randomness so the pattern should never repeat. This is a much more efficient and faster method than using a bitfield to track whether an IP has been returned.

The first time you generate a set of countries, the countrycode map files are created and saved in ~/.geoipgen/. Subsequent uses are faster because they reload the saved countrycode map.

Related Info

Homepage of the MaxMind GeoLite database http://www.maxmind.com/app/geoip_country
There is an alternative geoIP database here http://software77.net/cgi-bin/ip-country/geo-ip.pl

Credits

Geoipgen is authored by Andrew Horton (urbanadventurer) andrew [at] morningstarsecurity.com.
Thanks to MaxMind for making their GeoLite Country database freely available.