Python App #07

IP Lookup

IP Lookup provides comprehensive IP address intelligence. Enter any IP and instantly get geolocation data (city, country, coordinates), ISP and organization details, and direct links to threat intelligence platforms including Shodan, VirusTotal, AbuseIPDB, and CriminalIP. Optionally enable active port scanning to discover open services on common ports (FTP, SSH, HTTP, HTTPS, RDP, MySQL, SMB, and more). Results are displayed on an interactive map when tkintermapview is installed.

geolocationport scanthreat intelshodan

Last updated:

Features

  • IP geolocation (ip-api.com)
  • ISP and organization identification
  • City/country/coordinates
  • Interactive map view
  • Shodan direct links
  • VirusTotal lookup links
  • AbuseIPDB check links
  • CriminalIP asset links
  • Active port scanning (16 common ports)
  • Google Maps coordinates link
  • HTML session export

Quick Start

# 1. Extract the zip and enter the folder
cd 07-IP-Lookup

# 2. Install dependencies
python install_requirements.py

# 3. Launch the tool
python ip_lookup.py

Download

Tool: IP Lookup
File: 07-IP-Lookup.zip
Python: 3.8+
OS: Windows, macOS, Linux
Dependencies: customtkinter, requests, tkintermapview

Downloads are free — clicking the link below opens a short ad that helps support Max Intel. Thank you! Wait 15 seconds after clicking to unlock.

Click here for an ad
15
seconds remaining…
✓ Unlocked — thank you!
← All Python OSINT Apps

How Do IP Geolocation and Threat Lookups Work?

IP intelligence combines geolocation databases, autonomous system registries, and threat feeds to profile any internet address. According to MaxMind (2024), city-level IP geolocation is accurate within 50km for 72% of IPv4 addresses. This tool queries multiple providers and displays results on an interactive map with ISP, ASN, and threat data.

Threat Intelligence Integration

IP reputation checking is a core component of the MITRE ATT&CK framework (Reconnaissance, TA0043) and is recommended by NIST SP 800-150 for incident response. This tool links to VirusTotal (70+ security engines), AbuseIPDB, and Shodan. Cross-referencing helps distinguish legitimate infrastructure from C2 servers, botnet nodes, and scanning hosts.

Network Ownership and ASN Analysis

The Internet Assigned Numbers Authority (IANA) delegates IP blocks to five Regional Internet Registries (ARIN, RIPE NCC, APNIC, LACNIC, AFRINIC). This tool maps IPs to their owning ASN, providing organizational context for attributing infrastructure to specific entities — valuable for tracking hosting providers used by threat actors.

🌐 IP Lookup — Frequently Asked Questions

What data does the IP lookup return?

The tool returns geolocation (country, city, coordinates), ISP and organization info, ASN details, reverse DNS, and checks against threat intelligence databases for known malicious activity.

Does the IP address investigation tool require installation?

No. The tool runs entirely in your browser using client-side Python via Pyodide. No installation, API keys, or server-side processing required. Your queries are executed locally for maximum privacy.

What can I do with the IP address investigation tool?

You can geolocation, WHOIS, reverse DNS, abuse reports, and threat intelligence. The tool provides a clean interface with exportable results and cross-links to related Max Intel tools for deeper investigation.

Domain Intel

Deep domain investigation.

Traceroute

Visual network path analysis.

IP Lookup

IP address intelligence directory.

Cloud IP Checker

Identify cloud provider for any IP.