Geolocation of Mac OS assets with wifi_survey in Osquery.

Using wifi_survey to get an assets geolocation.
osquery> SELECT interface, channel, country_code FROM wifi_status;+-----------+---------+--------------+
| interface | channel | country_code |
+-----------+---------+--------------+
| en0 | 36 | GB |
+-----------+---------+--------------+
osquery> SELECT bssid, rssi, noise FROM wifi_survey;
+-------------------+------+-------+
| bssid | rssi | noise |
+-------------------+------+-------+
| 5e:b1:3e:00:00:00 | -64 | -90 |
| 5c:b1:3e:00:00:00 | -62 | 0 |
| 5c:b1:3e:00:00:00 | -64 | -90 |
| 24:20:c7:00:00:00 | -88 | -90 |
| c4:41:1e:00:00:00 | -39 | 0 |
| 5e:b1:3e:00:00:00 | -64 | -90 |
+-------------------+------+-------+
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import requests
url = 'https://www.googleapis.com/geolocation/v1/geolocate'
params = {
'key': GOOGLE_CLOUD_API_KEY
}
return requests.post(url, params=params, json={
'considerIp': False,
'wifiAccessPoints': [{ # Provide your array of access points
'macAddress': bssid,
'signalStrength': rssi,
'signalToNoiseRatio': noise
}]
}).json()
{
"location": {
"lat": 37.421925,
"lng": -122.0841293
},
"accuracy": 30
}
url = 'https://maps.googleapis.com/maps/api/geocode/json'
params = {
'latlng': '{},{}'.format(lat, lng),
'key': GOOGLE_CLOUD_API_KEY
}
return requests.post(url, params=params).json()
{
"results" : [
{
"address_components" : [ .. ],
"formatted_address" : "145 City Rd, Hoxton, London EC1V 1AZ",
"geometry" : {
"location" : {
"lat" : 37.4224764,
"lng" : -122.0842499
},
..
},
"place_id" : "ChIJ2eUgeAK6j4ARbn5u_wAGqWA",
"plus_code": {
"compound_code": "CWC8+W5 Hoxton, London EC1V 1AZ",
"global_code": "849VCWC8+W5"
},
"types" : [ "street_address" ]
}
],
"status" : "OK"
}
Using the wifi_survey table to geolocate assets with Osquery

Its all over!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store