NMAP – Traceroute with Geolocation

I like this command for “fun”.  I don’t know how accurate the geolocation is.  If I had to guess, 99% accurate at the country level and 60% – 80% accurate at the city level.

nmap –traceroute –script traceroute-geolocation {DOMAIN}

NOTE:
You need to run this with elevated privileges.

➜  ~ sudo nmap --traceroute --script traceroute-geolocation americanstrategic.com
Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-14 10:40 EDT
Nmap scan report for americanstrategic.com (207.201.208.130)
Host is up (0.022s latency).
Not shown: 998 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Host script results:
| traceroute-geolocation: 
|   HOP  RTT    ADDRESS                                             GEOLOCATION
|   1    8.65   testwifi.here (192.168.86.1)                        - ,- 
|   2    23.78  072-031-130-081.res.spectrum.com (72.31.130.81)     37.751,-97.822 United States ()
|   3    18.12  071-046-020-143.res.spectrum.com (71.46.20.143)     28.581,-81.189 United States (Florida)
|   4    23.80  bundle-ether22.tamp20-car2.bhn.net (72.31.119.119)  33.466,-86.808 United States (Alabama)
|   5    27.65  072-031-003-171.res.spectrum.com (72.31.3.171)      37.751,-97.822 United States ()
|   6    23.81  bundle-ether2.tamp07-ser2.bhn.net (72.31.208.15)    37.751,-97.822 United States ()
|   7    23.81  ae14.SPBGFLRF1CW.se.twcbiz.com (24.95.249.9)        28.488,-81.406 United States (Florida)
|   8    18.15  072-017-84-178.biz.spectrum.com (72.17.84.178)      28.115,-82.368 United States (Florida)
|   9    18.16  relay.e-ins.net (207.201.208.250)                   27.872,-82.637 United States (Florida)
|_  10   23.86  207.201.208.130                                     27.872,-82.637 United States (Florida)

TRACEROUTE (using port 443/tcp)
HOP RTT      ADDRESS
1   8.65 ms  testwifi.here (192.168.86.1)
2   23.78 ms 072-031-130-081.res.spectrum.com (72.31.130.81)
3   18.12 ms 071-046-020-143.res.spectrum.com (71.46.20.143)
4   23.80 ms bundle-ether22.tamp20-car2.bhn.net (72.31.119.119)
5   27.65 ms 072-031-003-171.res.spectrum.com (72.31.3.171)
6   23.81 ms bundle-ether2.tamp07-ser2.bhn.net (72.31.208.15)
7   23.81 ms ae14.SPBGFLRF1CW.se.twcbiz.com (24.95.249.9)
8   18.15 ms 072-017-84-178.biz.spectrum.com (72.17.84.178)
9   18.16 ms relay.e-ins.net (207.201.208.250)
10  23.86 ms 207.201.208.130

Nmap done: 1 IP address (1 host up) scanned in 8.09 seconds
More Stories
DNS Authoritative vs Non-Authoritative (Recursive) and DNS Flows