#
Find-Geolocation Powershell Module
#
Powershell Function 👨💻
Yep so this time round I just boshed together an advanced function that uses a simple API call to retrieve the geolocation of either the IP address supplied, or the Domain Name supplied. So why did you bother doing this module? Well just because I love doing Powershell, hopefully keep dementia at bay, and is almost like my daily work-out instead of pumping iron and getting big muscles, I am making my brain into a sponge to absorb as much as I can. Like what can I do today that would be pretty cool but also useful not just for me, but to hopefully help someone else out in their job too, making their life easier.
I mean a good number of years ago I did look into Kali Linux quite a lot, and even had a duel booted laptop at one stage. So within the OS of Kali you have at the time I think it was like 300 tools built into this OS to make it like the ultimate hacking OS. Obviously I was using this to train myself to join the world of white hat hackers out there, but yeah it really opened my eyes to the types of useful tools out there. From memory a lot of these tools were reconnaissance tools. Tools that would gather you information about your target. Enough information gathered through reconnaissance and then you know all the weak spots that target could potentially have and the type of attack you could prevent with this knowledge.
So I don't know exactly why this particular random idea for a module popped into my head but it did. So once it did I was then on a mission to make this as user friendly as possible but also try to be a bit unique. So originally I searched on the Powershell Gallery to make sure there were not bucket loads of these type of modules out there already. Like I could only find a few, like literally a few. Each one of these modules only let you search via IP address. In my head that goes against what us mere humans can remember. Why? Well else they wouldn't have invented DNS and let everyone surf the web using domain names instead of ip addresses. Because it is easaier for us mere mortals to remember a domain name as opposed to an IP address. Thankfully the API I was looking at did support both IP address and Domain name. In my opinion that makes this module pretty unique and well worth building as it would be the only module to my knowledge offering both ways of obtaining the geolocation off of either one of these bits of information.
#
API ℹ️
You may or may not know about API aka Application Programming Interface. So here is some brief documentation
API An application programming interface is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how to build or use such a connection or interface is called an API specification. A computer system that meets this standard is said to implement or expose an API. The term API may refer either to the specification or to the implementation. In contrast to a user interface, which connects a computer to a person, an application programming interface connects computers or pieces of software to each other. It is not intended to be used directly by a person other than a computer programmer who is incorporating it into the software. An API is often made up of different parts which act as tools or services that are available to the programmer
So come on Adam what does that mean in cave man talk. Well to a simple person like me it would be like going to a McDonalds drive through with no queue and everything just waiting to be given to you. Still not making sense? Okay to me it is the fastest way you can possible achieve the specific answer you are looking for. So yeah maybe I could have downloaded some software to run this for me, but trust unless the program is using an API then this will give you results quicker than the program could. Or like if I was to do this manually, just the processing power and memory that firefox.exe uses on my laptop, it would be slower going via the web than it would for me to make the API call, the result is instant. I know not everyone out there has a 10 year old crappy x86 laptop to do all this experimenting on, but trust if it runs super fast on my laptop (which it does) it should be lightning fast on your nice x64 solid state drive stupid amount of ram machine. In a nutshell that is why to use an API for the task, and secondly to my knowledge APIs are normally only serving one purpose to keep them super fast. By one purpose I mean an API to find train times...It is not going to tell you what the weather will be like, or the services available on each train, it will just give you train times. I hope this paragraph has maybe made more sense than the official wiki guide above.
#
Find-Geolocation 🔍
Well in my last blog, I had to update it after publishing it, due to a topic that arose. That topic was my incorrect use of the GET verb, when in hindsight I should have used NEW. The awesome Steve, who I am on first name basis with (as in I know his first name) from the official Microsoft Powershell team was kind enough to tell me so backing up the other twitter user who had suggested it. So I was feeling a bit paranoid about using GET for this one, although that was my original choice of verb. The NEW verb just didn't seem appropriate for the task, as I am not producing anything new, I am showing existing information gathered from the API. I know that just like the common man I am, that FIND verb is also a common approved verb. I do like to read documentation but I didn't want to waste time from building the project. So as I figured people are using this module to find out information on the given IP address or Domain name, that FIND was the verb of choice for this module. Just to make sure so I can justify my choice of verb for the job:-
#
Top Tip Add Decent Help 📝
Due to the UK 🇬🇧 still being incredibly hot at the moment, and the fact we don't have fancy air-conditioning it has meant me getting to sleep has taken a bit longer than usual. So instead of just laying there thinking I'm hot, I'm hot, I'm really hot. I been spending my evenings making some new modules, then writing a blog on it. I do feel very creative late at night, so try to use that creativity to do something positive, I can over-look certain things. Like adding a proper help to the module. So this time round I made sure I added a decent help message for each parameter to be used.
NAME
Find-Geolocation
SYNOPSIS
Can resolve either an IP Address or a Domain Name and give you geolocation information.
SYNTAX
Find-Geolocation [-IP <IPAddress>] [<CommonParameters>]
Find-Geolocation [-DomainName <Uri>] [<CommonParameters>]
DESCRIPTION
This module is using https://freegeoip.live API which is free. Yes. It's totally free. They believe that digital
businesses need to get such kind of service for free. Many services are selling Geoip API as a service, but they
think that it should be totally free. Feel free to their API as much as you want without any limit other than
10,000 queries per hour for one IP address. I thought this would be another good addition to add to the Powershell
Gallery.
PARAMETERS
-IP <IPAddress>
This parameter is used to specify the IP Address you want to find the geolocation information
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-DomainName <Uri>
This parameter is used to specify the Domain Name address you want to find the geolocation information
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS > Find-Geolocation -DomainName portsmouth.co.uk
-------------------------- EXAMPLE 2 --------------------------
PS > Find-Geolocation -IP 141.193.213.10
Attention
Please see the description in the module and do not take the biscuit on this free service. Thank you for coding responsibly.
#
Until Next Time 👋
Hopefully this module will reach out to more users than previous module may have. As always I like to try and keep things interesting, and to try and make something unique and useful as the end module product. It has kind of got me thinking about when I was building Universal Dashboard modules, like I mean that is such an awesome community with really good posts examples etc...but apart from a few no-one else really got developing Powershell React components. I mean on the forums people would be like
I wish this component existed to display on my dashboard...
For me this is like when you were young and one of your mates would double-dare you to do something really stupid, maybe even life-threatning but to turn down a double-dare was just un-heard of. Thankfully these requests were not life threatning and I gladly accepted the challenge, as most of these ideas were really cool. Anyways back to the subject, I mean I know there is like loads and loads of modules on the gallery, but you...yes you sitting there reading this, have you put a module on the gallery yet? I am not daring anyone to do any stupid challenges but if you have not uploaded a module I am sure you got some cool script you use all the time, that you could then turn into a function, maybe even an advanced function, then all you have to do is create the PSD1 file using the New-ModuleManifest cmdlet just fill in as much as the parameters as you can, and then you just need an API key to publish it. As I am always telling my 4 daughters, sharing is caring, so hopefully one of these blogs has been semi-useful or even partly-helpful to you. Thank you for reading this far.
