msticpy.context.geoip module

Geoip Lookup module using IPStack and Maxmind GeoLite2.

Geographic location lookup for IP addresses. This module has two classes for different services:

• GeoLiteLookup - Maxmind Geolite (see https://www.maxmind.com)

• IPStackLookup - IPStack (see https://ipstack.com)

Both services offer a free tier for non-commercial use. However, a paid tier will normally get you more accuracy, more detail and a higher throughput rate. Maxmind geolite uses a downloadable database, while IPStack is an online lookup (API key required).

exception msticpy.context.geoip.GeoIPDatabaseError

Bases: Exception

Exception when GeoIP database cannot be found.

add_note()

Exception.add_note(note) – add a note to the exception

args

with_traceback()

Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.

class msticpy.context.geoip.GeoIpLookup

Bases: object

Abstract base class for GeoIP Lookup classes.

See also

IPStackLookup

IPStack GeoIP Implementation

GeoLiteLookup

MaxMind GeoIP Implementation

df_lookup_ip(data, column)

Lookup Geolocation data from a pandas Dataframe.

Parameters:

• data (pd.DataFrame) – pandas dataframe containing IpAddress column

• column (str) – the name of the dataframe column to use as a source

• self (Self)

Returns:

Copy of original dataframe with IP Location information columns appended (where a location lookup was successful)

Return type:

pd.DataFrame

abstractmethod lookup_ip(ip_address=None, ip_addr_list=None, ip_entity=None)

Lookup IP location abstract method.

Parameters:

• ip_address (str, optional) – a single address to look up (the default is None)

• ip_addr_list (Iterable, optional) – a collection of addresses to lookup (the default is None)

• ip_entity (IpAddress, optional) – an IpAddress entity (the default is None) - any existing data in the Location property will be overwritten

• self (Self)

Returns:

raw geolocation results and same results as IpAddress entities with populated Location property.

Return type:

tuple[list[Any], list[IpAddress]]

lookup_ips(data, column)

Lookup Geolocation data from a pandas Dataframe.

Parameters:

• data (pd.DataFrame) – pandas dataframe containing IpAddress column

• column (str) – the name of the dataframe column to use as a source

• self (Self)

Returns:

IpLookup results as DataFrame.

Return type:

pd.DataFrame

print_license()

Print license information for providers.

Parameters:

self (Self)

Return type:

None

class msticpy.context.geoip.IPStackLookup(api_key=None, *, bulk_lookup=False)

Bases: GeoIpLookup

IPStack GeoIP Implementation.

See also

GeoIpLookup

Abstract base class

GeoLiteLookup

MaxMind GeoIP Implementation

Create a new instance of IPStackLookup.

Parameters:

• api_key (str, optional) – API Key from IPStack - see https://ipstack.com default is None - obtain key from msticpyconfig.yaml

• bulk_lookup (bool, optional) – For Professional and above tiers allowing you to submit multiple IPs in a single request. (the default is False, which submits a single request per address)

bulk_lookup: bool

df_lookup_ip(data, column)

Lookup Geolocation data from a pandas Dataframe.

Parameters:

• data (pd.DataFrame) – pandas dataframe containing IpAddress column

• column (str) – the name of the dataframe column to use as a source

• self (Self)

Returns:

Copy of original dataframe with IP Location information columns appended (where a location lookup was successful)

Return type:

pd.DataFrame

lookup_ip(ip_address=None, ip_addr_list=None, ip_entity=None)

Lookup IP location from IPStack web service.

Parameters:

• ip_address (str, optional) – a single address to look up (the default is None)

• ip_addr_list (Iterable, optional) – a collection of addresses to lookup (the default is None)

• ip_entity (IpAddress, optional) – an IpAddress entity (the default is None) - any existing data in the Location property will be overwritten

• self (Self)

Returns:

raw geolocation results and same results as IpAddress entities with populated Location property.

Return type:

tuple[list[Any], list[IpAddress]]

Raises:

• ConnectionError – Invalid status returned from http request

• PermissionError – Service refused request (e.g. requesting batch of addresses on free tier API key)

lookup_ips(data, column)

Lookup Geolocation data from a pandas Dataframe.

Parameters:

• data (pd.DataFrame) – pandas dataframe containing IpAddress column

• column (str) – the name of the dataframe column to use as a source

• self (Self)

Returns:

IpLookup results as DataFrame.

Return type:

pd.DataFrame

print_license()

Print license information for providers.

Parameters:

self (Self)

Return type:

None

settings: ProviderSettings | None

msticpy.context.geoip.entity_distance(ip_src, ip_dest)

Return distance between two IP Entities.

Parameters:

• ip_src (IpAddress) – Source/Origin IpAddress Entity

• ip_dest (IpAddress) – Destination IpAddress Entity

Returns:

Distance in kilometers.

Return type:

float

Raises:

AttributeError – If either entity has no location information

msticpy.context.geoip.geo_distance(origin, destination)

Calculate the Haversine distance.

Parameters:

• origin (tuple[float, float]) – Latitude, Longitude of origin of distance measurement.

• destination (tuple[float, float]) – Latitude, Longitude of origin of distance measurement.

Returns:

Distance in kilometers.

Return type:

float

Examples

>>> origin = (48.1372, 11.5756)  # Munich
>>> destination = (52.5186, 13.4083)  # Berlin
>>> round(geo_distance(origin, destination), 1)
504.2

Notes

Author: Martin Thoma - stackoverflow