ONYPHE has made available a free API and free MMDB download of their new Geolocus database. It provided IP address metadata in the form of:
{
"abuse":
[
"amzn-noc-contact@amazon.com",
"aws-routing-poc@amazon.com",
"aws-rpki-routing-poc@amazon.com",
"trustandsafety@support.aws.com"
],
"asn": "AS14618",
"continent": "NA",
"continentname": "North America",
"country": "US",
"countryname": "United States",
"domain":
[
"amazon.com",
"amazonaws.com",
"aws.com"
],
"ip": "3.215.138.152",
"isineu": 0,
"latitude": "37.09024",
"location": "37.09024,-95.712891",
"longitude": "-95.712891",
"netname": "AMAZON-IAD",
"organization": "Amazon Data Services NoVa",
"physical_asn": "AS14618",
"physical_continent": "NA",
"physical_continentname": "North America",
"physical_country": "US",
"physical_countryname": "United States",
"physical_isineu": 0,
"physical_latitude": "37.09024",
"physical_location": "37.09024,-95.712891",
"physical_longitude": "-95.712891",
"physical_organization": "Amazon.com, Inc.",
"physical_subnet": "3.208.0.0/12",
"physical_timezone": "America/Chicago",
"subnet": "3.208.0.0/12",
"timezone": "America/Chicago"
}
Since it’s way more efficient to use the MMDB file than the API, I built a cross-platform CLI tool for it: https://codeberg.org/hrbrmstr/geolocus-cli.
also with binary releases: https://codeberg.org/hrbrmstr/geolocus-cli/releases
Code is also available via Tangled Knot: https://tangled.sh/@hrbrmstr.dev/geolocus-cli
Usage:
# Download the latest Geolocus database
geolocus-cli download
# Look up IPs from a file
geolocus-cli lookup -i ips.txt -o results.json
# Process IPs from stdin and output to stdout
cat ips.txt | geolocus-cli lookup
# Output in CSV format
geolocus-cli lookup -i ips.txt -f csv -o results.csv
# Output in JSONL format (one JSON object per line)
geolocus-cli lookup -i ips.txt -f jsonl -o results.jsonl
# Disable session caching
geolocus-cli lookup -i ips.txt --no-cache
CLI options:
Commands:
download Download a fresh copy of the geolocus.mmdb database
lookup Lookup and enrich IP addresses from a file or stdin
Options:
-h, --help Show help information
-i, --input <file> Input file containing IP addresses (one per line)
-o, --output <file> Output file for results (defaults to stdout)
-f, --format <format> Output format: json, csv, or jsonl (default: json)
--no-cache Disable IP caching for the current session
RSAC 2025 Sets A Dangerous Precedent for Cybersecurity Leadership
(I posted this on LI, but I like to own my content, so am also posting here.)
The cybersecurity community deserves better than what we’re witnessing at RSAC 2025, today.
While Kristi Noem delivers today’s keynote, the absence of traditional cybersecurity leaders from agencies like NSA and CISA speaks volumes about shifting priorities in our field. This contrast becomes even more troubling when viewed alongside recent developments with Chris Krebs. The former CISA director — widely respected for his defense of election security — has faced unprecedented retaliation: security clearances revoked, his employer SentinelOne effectively blacklisted, and federal investigations directed into his tenure for simply upholding the integrity of our democratic systems.
Meanwhile, Secretary Noem — who has publicly committed to “reining in” CISA’s disinformation efforts and called its election integrity work “shocking” — receives our industry’s most prestigious speaking platform. Her tenure at DHS has featured more political theater than substantive cybersecurity leadership — or just leadership in general — prioritizing spectacle over the technical expertise and collaborative approach our field demands.
RSAC has always represented rigorous, forward-thinking discussion about defending critical infrastructure and fostering trust in technology. By elevating political figures who undermine the very principles our community stands for — while one of our most principled voices faces silencing — we’re accepting a dangerous new standard.
The cybersecurity field requires leaders who value expertise, accountability, and the defense of democratic norms. We must ask ourselves: what message are we sending about our professional values when we applaud those who work to dismantle the very protections we’ve built?
Every individual involved with RSAC who had a part to play in this decision should be deeply, deeply ashamed of themselves.