Skip to content

Instantly share code, notes, and snippets.

@michaelneu

michaelneu/README.md

Last active June 10, 2022 18:53
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save michaelneu/ba22c018a84d56edff4386dd10e82a36 to your computer and use it in GitHub Desktop.
Save michaelneu/ba22c018a84d56edff4386dd10e82a36 to your computer and use it in GitHub Desktop.
Download ZIP
Create a map for IP addresses
Raw
README.md

geocode.py

Use this file to geocode IPs from logfiles and draw them on a map.

How to use it

This script requires geocoder to be installed, so setup a virtualenv:

$ virtualenv --python=python3 venv
$ source venv/bin/activate
$ pip install -r requirements.txt

Pass your logfile into the script and pipe the results to a html file:

$ python3 geocode.py logs.txt > map.html

Open the html file in your browser.

Raw
geocode.py
#!/usr/bin/env python3
import sys
import re
import geocoder
from collections import Counter
ip_pattern = re.compile(r"(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})")
page_template = """
<html>
<head>
<title>Honeypot SSH Connections</title>
<style>
* {
box-sizing: border-box;
}
body {
font-family: sans-serif;
margin: 0px;
}
.statistics {
position: absolute;
top: 0px;
bottom: 0px;
left: 0px;
overflow-y: auto;
padding: 20px;
background-color: rgba(255, 255, 255, 0.9);
z-index: 9000;
box-shadow: 0px 0px 10px rgba(0, 0, 0, 0.3);
}
table {
border: 1px solid #ccc;
border-collapse: collapse;
}
tr + tr,
tbody {
border-top: 1px solid #ccc;
}
td + td,
th + th {
border-left: 1px solid #ccc;
}
td, th {
padding: 5px;
}
</style>
</head>
<body>
<div class="statistics">
<table>
<thead>
<th>Country</th>
<th>Connections</th>
</thead>
<tbody>
%s
</tbody>
</table>
</div>
<div id="mapdiv"></div>
<script src="http://www.openlayers.org/api/OpenLayers.js"></script>
<script>
var map = new OpenLayers.Map("mapdiv");
map.addLayer(new OpenLayers.Layer.OSM());
var coordinates = [
%s
].map(([lon, lat]) => (
new OpenLayers.LonLat(lon, lat).transform(
new OpenLayers.Projection("EPSG:4326"),
map.getProjectionObject()
)
));
var markers = new OpenLayers.Layer.Markers("Markers");
map.addLayer(markers);
for (var coordinate of coordinates) {
markers.addMarker(new OpenLayers.Marker(coordinate));
}
map.setCenter(coordinates[0], 0);
</script>
</body>
</html>
"""
coordinate_template = "[%f, %f]"
country_template = "<tr><td>%s</td><td>%d</td></tr>"
if __name__ == "__main__":
if len(sys.argv) != 2:
print("Usage:", __file__, "logfile.txt")
exit(1)
with open(sys.argv[1], "r") as ip_file_handle:
lines = [ip.strip() for ip in ip_file_handle.readlines()]
ips = map(lambda ips: ips[0], filter(lambda matches: len(matches) > 0, map(lambda line: ip_pattern.findall(line), lines)))
geocodes = [geocoder.ip(ip) for ip in ips]
countries = [geocode.country for geocode in geocodes]
country_counter = Counter(countries)
statistics = reversed(sorted(country_counter.items(), key=lambda country: country[1]))
statistics_rows = "".join([country_template % statistic for statistic in statistics])
locations = filter(lambda location: location, [geocode.latlng for geocode in geocodes])
coordinates = ",".join([coordinate_template % (location[1], location[0]) for location in locations])
print(page_template % (statistics_rows, coordinates))
Raw
requirements.txt
certifi==2018.10.15
chardet==3.0.4
Click==7.0
decorator==4.3.0
future==0.17.1
geocoder==1.38.1
idna==2.7
ratelim==0.1.6
requests==2.20.0
six==1.11.0
urllib3==1.24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment