Resolve a Site name to Geo Location
With everything that happened with Facebook yesterday, I began to wonder where does my query goes when I type in facebook.com. So, I did a few things and found out. The first thing I did was resolve the name facebook.com to an IP address, or group of IP addresses in this case with the command resolve-dnsname.
Resolve-DnsName -Name facebook.com
Then from there, I used the site, ip-api.com to pull the location information of the IP address. This awesome little site gives you city, state, country, zip codes, and even the ISP information of an IP address.
$Info = Invoke-RestMethod -Method Get -URI "http://ip-api.com/json/$IP"
That’s the base of the code that we will explore. It’s very straightforward, but I want to clean it up some. I want to make a Get GEO IP information and a Resolve DNSname to Geo IP. I want it to all work together even if there is multiple IP addresses and hosts names. So, lets start off with the scripts and break them down. This will contain two functions for what we are wanting.
Get-SHDGeoIP
function Get-SHDGeoIP {
[cmdletbinding()]
param (
[parameter(Mandatory = $true)][ipaddress[]]$IPAddress,
[switch]$Complete
)
foreach ($IP in $IPAddress) {
$Info = Invoke-RestMethod -Method Get -URI "http://ip-api.com/json/$IP"
if ($Complete) {
$Info
}
else {
[pscustomobject]@{
IPAddress = $info.Query
City = $Info.city
State = $Info.regionName
Country = $Info.country
ISP = $Info.isp
}
}
}
}
This script is going to pull the geo information for us. We start off with the parameters. We are testing the parameters to see if the IP address is an valid IP address. We do that with [ipaddress]. This tests for both IPv4 and IPv6. We tell it to be a array of IPaddresses with the [] inside of it. [ipaddress[]]. Just for cleaner fun, I have a switch for a complete information dump. This way
Since this is an array of IP addresses, we will start a foreach loop for each IP address in the array. We start the foreach loop by grabbing the IP information. If the user selected complete, we just dump the information we gathered to the user. if they didn’t select complete, we create a custom object with the IP address, city, state, country and ISP information.
Resolve-SHDDNSNameToGeoIP
Function Resolve-SHDDNSNameToGeoIP {
[cmdletbinding()]
param (
[parameter(Mandatory = $true)][string[]]$Hostname,
[switch]$Complete
)
foreach ($Name in $Hostname) {
if ($Complete) {
Get-SHDGeoIP -IPAddress (Resolve-DnsName -Name $Name).IPAddress -Complete
}
else {
Get-SHDGeoIP -IPAddress (Resolve-DnsName -Name $Name).IPAddress
}
}
}
The next function uses the previous function and combines it with Resolve-DnsName. We start off with a list of strings for our hostname parameter and our complete parameter. We start our loop like before of the host names. Then we use the Get-SHDGeoIP -IPAddress command with the Resolve-DnsName -Name and the link name. We then select the IP addresses which is an array. We place that array inside the Get-SHDGeoIP and bam, we have our information. Converting a hostname like Facebook.com to IP information.
With these two little scripts, you will be able to find quick information about a website and where it is being hosted. For example, this site is hosted in new jersey. I personally didn’t know that.
Let me know if you use this and how.