Repository for the IPvSeeYou talk at Black Hat 2021

Overview

IPvSeeYou Geolocation Lookup Tool

Overview

IPvSeeYou.py is a tool to assist with geolocating EUI-64 IPv6 hosts. It

  1. takes as input an EUI-64-derived MAC address,
  2. uses a previously-generated WAN MAC address to BSSID offset table to predict the BSSID for the EUI-64-derived MAC address,
  3. queries a geolocation API for the predicted BSSID, and
  4. prints the results (and optionally outputs to KML.)

Requirements

IPvSeeYou.py is written in and has been tested only using Python3. Installing the packages from the requirements.txt file using:

pip3 install -r requirements.txt

will ensure you have the required dependencies.

Usage

IPvSeeYou.py is written in Python3 and uses argparse, so you can always get help by passing the -h flag:

[email protected] % ./IPvSeeYou.py -h
usage: IPvSeeYou.py [-h] (-M MAC_FILE | -m MAC | -e EUI | -E EUI_FILE) (-a | -w) [-o OFFSET_FILE]
                    [-k KML] [-U API_USER] [-P API_PASS]

optional arguments:
  -h, --help            show this help message and exit
  -M MAC_FILE, --mac-file MAC_FILE
                        File of MAC addresses from EUI-64 IPv6 addresses to bulk lookup
  -m MAC, --mac MAC     Single MAC address from EUI-64 IPv6 address to attempt to geolocate
  -e EUI, --eui EUI     Single EUI-64 IPv6 address to extract MAC from and attempt to geolocate
  -E EUI_FILE, --eui-file EUI_FILE
                        File of EUI-64 IPv6 addresses to extract MAC from and attempt to geolocate
  -a, --apple           Use Apple's location services API to geolocate BSSID
  -w, --wigle           Use WiGLE's API to geolocate BSSID (requires -U API_USER and -P API_PASS)
  -o OFFSET_FILE, --offset-file OFFSET_FILE
                        File containing inferred OUI offsets (default ./offsets.txt)
  -k KML, --kml KML     Output KML filename
  -U API_USER, --api-user API_USER
                        WiGLE API username (required for -w)
  -P API_PASS, --api-pass API_PASS
                        WiGLE API password (required for -w)

The first set of mutually exclusive arguments indicates how the program should expect EUI-64-derived MAC addresses.

  1. -e EUI indicates that the user is specifying a single EUI-64 IPv6 address to attempt to geolocate, as in -e 2001::0211:22ff:fe33:4455
  2. -E EUI_FILE indicates that the user is specifying a file that contains one or more EUI-64 IPv6 addresses, each separated by a newline, as in -E euis.txt
  3. -m MAC indicates that the user is specifying a single MAC address (that presumably they derived from an EUI-64 IPv6 address), as in -m 00:11:22:33:44:55
  4. -M MAC_FILE indicates that they user is specifying a file containing one or more MAC addresses, each separated by a newline, as in -M macs.txt

The second set of mutually exclusive arguments indicates how the program should look up the predicted BSSID (if one is found) for the EUI-64 derived MAC addresses.

  1. -a/--apple will use Apple's location services API. IPvSeeYou.py uses logic derived from hubert3's iSniff-GPS
  2. -w/--wigle will use WiGLE's API to query for the predicted BSSID. This requires a WiGLE API username and password to be specified using -U/--api-user and -P/--api-pass.

-o/--offset-file OFFSET_FILE is an optional argument to specify OUI and their WAN MAC to BSSID offsets, each on a new line. For example:

00:11:22 -3
00:77:88 2

indicates that the OUI 00:11:22 has a WAN MAC to BSSID offset of -3. By default, a file called ./offsets.txt is used and need not be specified if it exists.

-k/--kml KML is an optional argument that will generate a KML output file with a point for each geolocated EUI-64-derived MAC address.

Examples

MAC addresses, username/password and geolocations in this section are for example purposes only, and will not provide an actual geolocation or authentication to WiGLE.

To specify a single EUI-64 IPv6 address to geolocate using Apple's location services API and output to a KML file called output.kml, we:

./IPvSeeYou.py -e 2001:0:1:2:0200:11ff:fe22:3344 -k output.kml -a

#EUI-64-Derived MAC	BSSID	lat,lon
00:00:11:22:33:44	00:00:11:22:33:46	12.34,56.78 

To specify a file containing EUI-64-derived MAC addresses to geolocate using the WiGLE API, with WiGLE API username and password, we:

./IPvSeeYou.py -M fileOfMacs.txt -w -U abcdefabcdefabcdefabcdef -P 1234567890abcdef
#EUI-64-Derived MAC	BSSID	lat,lon
00:00:11:22:33:44	00:00:11:22:33:46	12.34,56.78 
f8:00:11:22:33:44	f8:00:11:22:33:40	23.45,-12.34

Credits

Much of the code that interacts with Apple's Location Services was borrowed from @hubert3's excellent iSniff-GPS, presented at Black Hat USA 2012.

AWS Quick Start Team

EKS CDK Quick Start (in Python) DEVELOPER PREVIEW NOTE: Thise project is currently available as a preview and should not be considered for production

AWS Quick Start 83 Sep 18, 2022
Telegram bot for stream music or video on telegram

KYURA MUSIC Telegram bot for stream music or video on telegram, powered by PyTgCalls and Pyrogram Help Need Help me to translate this repo, click the

0 Dec 08, 2022
Python based league of legends orbwalker

League of Legends Orbwalker Usage Install python3 Create a python3 venv Install the requirements pip install -r requirements.txt Get in game and run m

Inusha 43 Dec 12, 2022
Remedy when Amazon ECR is not running basic scans for container CVEs.

Welcome to your CDK Python project! This is a blank project for Python development with CDK. The cdk.json file tells the CDK Toolkit how to execute yo

4n6ir 4 Nov 05, 2022
An opensource chat service that cares about your privacy.

An opensource chat service that cares about your privacy. Instructions to set up a local testing environment: 1) Clone this repository and navigate to

Aiman Al Masoud 2 Dec 03, 2022
Barbot is a discord bot made from discord.py and python, barbot is most to fun and roleplay for servers!

BarBot Main source of barbot Overview Barbot is a discord bot made from discord.py and python, barbot is most to fun and roleplay for servers! Links i

AlexyDaCoder 3 Nov 28, 2021
Python interface to the World Bank Indicators and Climate APIs

wbpy A Python interface to the World Bank Indicators and Climate APIs. Readthedocs Github source World Bank API docs The Indicators API lets you acces

Matt Duck 47 Oct 31, 2022
A head unit UI designed to replace the RTx/SMEG/RNEG/NG4/RCC/NAC

HeadUnit UI (Come discuss about it on our Discord!) Intro This is the UI part of a headunit project from OpenLeo, based on python and kivy, it looks l

OpenLeo 6 Nov 23, 2022
Fast and small Discord-Toolset.

Mooncord 🌙 Discord server: https://discord.gg/frnpk2rg Fast and small Discord-Toolset. Enjoy? Star this repo ⭐ (Main file in Mooncord/Moon-1.0.1/vers

7ua 9 Dec 11, 2021
We propose the adversarial blur attack (ABA) against visual object tracking.

ABA We propose the adversarial blur attack (ABA) against visual object tracking. The ICCV link: https://arxiv.org/abs/2107.12085 and, https://openacce

Qing Guo 13 Dec 01, 2022
A Telegram bot to download from Youtube server.

IDN-YoutubeDL-Bot A Telegram bot to download from Youtube server. Configs 📖 API_ID - Your APP ID. Get it from my.telegram.org API_HASH - Your API_HAS

IDNCoderX 4 Dec 02, 2022
Instagram Bot posting earthquakes with magnitude greater than or equal to 3.5.

Instagram Bot posting earthquakes with magnitude greater than or equal to 3.5

Alican Yüksel 4 Aug 22, 2022
Ini Hanya Shortcut Untuk Menambahkan Kunci Tambahan Pada Termux & Membantu Para Nub Yang Decode Script Orang:v

Ini Hanya Shortcut Untuk Menambahkan Kunci Tambahan Pada Termux & Membantu Para Nub Yang Decode Script Orang:v

Lord_Ammar 1 Jan 23, 2022
A simple telegram bot to save restricted content with custom thumbmail support by Mahesh Chauhan

Save Restricted Content Bot A simple telegram bot to save restricted content with custom thumbmail support by Mahesh Chauhan. Variables API_ID API_HAS

Mahesh Chauhan 532 Jan 02, 2023
A custom Discord Rich Presence to display when you're studying so you're stupid friends won't disturb you when you're studying.

Studying RPC Description A custom Discord Rich Presence to display when you're studying so you're stupid friends won't disturb you when you're studyin

John Edmerson Pizarra 4 Nov 19, 2022
Anti-corruption-bot - Anti corruption bot with python

anti-corruption-bot Test API (running via Flask) is currently hosted at https://

Richard Bankole 2 Feb 16, 2022
A telegram photos or videos background remover bot

Remove BG Bot A telegram photos or videos background remover bot Variables API_HASH Your API Hash from my.telegram.org API_ID Your API ID from my.tele

ALBY 7 Dec 13, 2022
Tglogging - A python package to send your app logs to a telegram chat in realtime

Telegram Logger A simple python package to send your app logs to a telegram chat

SUBIN 60 Dec 27, 2022
🖥️ Windows Batch and powershell Discord Token grabber. Made for Troll (lmao)

Batched-Grabber Windows Batch and powershell Discord Token grabber. Made for Troll ! Setup. 1. pip(3) install numpy colored 2. python(3) Batched.py 3.

Ѵιcнч 41 Nov 01, 2022
Kang Sticker bot

Kang Sticker Bot A simple Telegram bot which creates sticker packs from other stickers, images, documents and URLs. Based on kangbot Deploy Credits: s

Hafitz Setya 11 Jan 02, 2023