Skip to content

Offensive Resource_Files | Geo_Location

Jump to bottom
pedro ubuntu edited this page Jul 4, 2019 · 39 revisions

pic


DESCRIPTION

geo_location.rc requires 'geoiplookup' (geoip-bin) or 'curl' (ipapi.co) packages to retrieve the geolocation of all hosts present in msf database. (curl will provide more detailed geolocation reports).

  • This resource script allow users to:
    • Geo-Locate ip addr(s) using geoiplookup or curl ipapi.co resolver methods.
    • Geo-Locate auto multiple-hosts present in current database (workspace).
    • Import (txt_import) a list of hosts to be added to database and auto geolocate hosts.
    • Add hosts to msf database using 'RHOSTS' global var and scan all hosts for geolocations.
    • Resolve your internal ip addr to external, add it to db and scan all hosts for geolocations.
    • Geolocate hosts beeing offline using geoiplookup native database.dat file.
      '(when none networks are available)'.

  • Resource Script Limitations:
    • This resource script only resolves ip address. (not domain names).
    • The Geo-Location function its only possible on EXTERNAL ip address(s).
    • This resource script requires the msf database to be connected to postgresql.
    • Resolving your internal ip addr to external requires the use of 'dig' package
    • This resource script can NOT be run on meterpreter prompt because ERB its not accepted.

  • Why not use online websites for that?
    • Most geo-location webservers uses http or User-Agent headers packets.
      'This script relays on DNS servers to retry hosts geo-locations (fast-reliable)'
    • Geo-location websites does not allow us to auto-scan multiple hosts at once.
      'This script allow us to geolocate multiple ip address added or in db at once'
    • Geoiplookup installs a local database.dat that allow us to geolocate beeing offline.
      'Using webservers to geolocate allways requires an active network connection'

Geolocation using geoiplookup package pic

Geolocation using geoiplookup package and ip-tracker.org website (google maps) pic

Geolocation using curl ipapi.co package pic

Resolving internal ip to external and geolocate it pic

Import a list of hosts to be added to database and geolocate db hosts. pic


SCRIPT DEPENDENCIES

Dependencies Installation Requiered Function
Metasploit Rapid7 yes core
geoip-bin sudo apt-get install geoip-bin optional geolocation (default)
curl (native) sudo apt-get install curl optional geolocation (advanced)
dig (native) sudo apt-get install dig optional resolve internal to external ip

INDEX

[1] Description
[2] Dependencies
[3] Download-Installation
[4] Some Syntax Examples
[5] Metasploit Core Usefull Commands


DOWNLOAD - INSTALLATION

  • Download resource script (wget)
sudo wget https://raw.githubusercontent.com/r00t-3xp10it/resource_files/master/geo_location.rc
  • make working logs directory
sudo mkdir logs
  • Start postgresql service (local)
sudo service postgresql start

[i] Jump to beggining


SOME SYNTAX EXAMPLES

  • Scan current msf database hosts using 'GEOIPLOOKUP' package
msfconsole -q -x 'resource geo_location.rc'
  • Scan current database hosts using 'CURL' package
msfconsole -q -x 'setg USE_CURL true;resource geo_location.rc'
  • Set geoiplookup package installation absoluct path and scan database for geolocations
msfconsole -q -x 'setg GEOIP_PATH /usr/bin/geoiplookup;resource geo_location.rc'
  • Add multiple hosts to database and scan for there geolocations (GEOIPLOOKUP)
msfconsole -q -x 'setg RHOSTS 162.246.22.133 185.99.212.190;resource geo_location.rc'
  • Add multiple hosts to database and scan for there geolocations (CURL)
msfconsole -q -x 'setg RHOSTS 162.246.22.133 185.99.212.190;setg USE_CURL true;resource geo_location.rc'
  • Resolve internal ip addr to extenal ip and scan for is geolocation (GEOIPLOOKUP)
msfconsole -q -x 'setg RESOLVER true;resource geo_location.rc'
  • Resolve internal ip addr to external ip and scan for is geolocation (CURL)
msfconsole -q -x 'setg RESOLVER true;setg USE_CURL true;resource geo_location.rc'
  • Import remote_hosts.txt to current database and scan all db hosts for geolocations
sudo wget https://raw.githubusercontent.com/r00t-3xp10it/resource_files/master/bin/remote_hosts.txt
msfconsole -q -x 'setg TXT_IMPORT remote_hosts.txt;resource geo_location.rc'

[i] Jump to beggining


METASPLOIT CORE USEFULL COMMANDS

  • Remove all hosts from current database (workspace)
hosts -d
  • Work in a diferent workspace database (redteam)
workspace -a redteam
  • Delete workspace database (redteam)
workspace -d redteam
  • Add database_Exercise.xml hosts file to current workspace
db_import /root/database_Exercise.xml

[i] Jump to beggining


Suspicious Shell Activity - redteam @2019

Official Repository: https://github.com/r00t-3xp10it/resource_files
Wiki Pages: https://github.com/r00t-3xp10it/resource_files/wiki
Report bugs: https://github.com/r00t-3xp10it/resource_files/issues

Clone this wiki locally