IPinfo CLI: Building a Production-Ready IP Intelligence Tool with Go
Hook
Most developers reach for curl and jq when they need IP geolocation data. But what happens when you need to process 10,000 IPs from nginx logs, filter out private addresses, map their locations, and generate a CSV report—all in a single pipeline?
Context
IP intelligence is foundational to security operations, fraud detection, compliance, and network analysis. Yet the tooling landscape has historically forced developers into uncomfortable tradeoffs: use MaxMind’s offline databases and manage updates yourself, write one-off scripts against various free APIs with unreliable uptime, or integrate heavyweight SDKs into every service that needs geolocation.
The IPinfo CLI emerged from a different philosophy: treat IP data like text processing. Build a composable suite of Unix-style utilities that do one thing well, pipe together naturally, and integrate seamlessly into existing workflows. Written in Go and wrapping the IPinfo.io API, this isn’t just another REST client—it’s a complete IP intelligence toolkit that includes standalone binaries for grep-style filtering, CIDR manipulation, range conversion, and even MMDB database inspection.
Technical Insight
The architectural decision that makes IPinfo CLI compelling is its modular design. Rather than bundling everything into a monolithic binary, the project ships each utility as both a subcommand and a standalone executable. Run ipinfo grepip or just grepip—both work identically. This means you can install only the tools you need, and they compose naturally with existing Unix pipelines.
Consider a real-world scenario: you’re analyzing failed SSH login attempts and need to geolocate the source IPs. Here’s how the tools compose:
# Extract IPs from auth logs, filter to unique addresses, lookup details
cat /var/log/auth.log | grepip | sort -u | ipinfo bulk > results.json
# Filter to specific IPs, then process
cat /var/log/auth.log | grepip | ipinfo bulkThe grepip utility is designed to extract IP addresses from text input, handling the common task of filtering IPs from logs and other sources. It appears to support both IPv4 and IPv6 addresses based on the codebase, though the README doesn’t detail specific validation mechanisms.
Bulk processing is a core feature. When you pipe a list of IPs to ipinfo bulk, the tool processes them efficiently. The tool supports multiple output formats—JSON for programmatic processing, CSV for spreadsheets (using the -c flag), or plain text for human review:
# Process IPs and output as CSV
cat ip_list.txt | ipinfo -c > report.csv
# Filter to a specific field like hostname
cat ips.txt | ipinfo -f hostname
# Summarize geographic distribution of IPs
cat ip_list.txt | ipinfo summarizeThe CIDR utilities solve a common pain point in network engineering. Converting between CIDR notation, IP ranges, and individual IP lists requires either memorizing binary math or reaching for an online calculator. These utilities make it trivial:
# Expand a CIDR to individual IPs
cidr2ip 192.168.1.0/28
# Convert IP range to CIDR blocks
range2cidr 10.0.0.1 10.0.0.254
# Split a large CIDR into smaller subnets
splitcidr 10.0.0.0/16 24Distribution is where Go’s cross-compilation shines. The project uses GitHub Actions to build binaries for 20+ platform combinations—including FreeBSD, NetBSD, OpenBSD, DragonFly BSD, and Solaris. The release process generates Debian packages, Homebrew formulas, Scoop manifests, and Docker images automatically. For Ubuntu users, they maintain a PPA that auto-updates all utilities. This broad platform support makes the tool viable for heterogeneous environments where you might need to run the same workflow on a macOS laptop, Linux server, and FreeBSD firewall.
Authentication is handled via token-based configuration. You can initialize the CLI with your token using ipinfo init. Free tier users get limited data output and some features like bulk lookups require a token. You can get a free token at https://ipinfo.io/signup.
Gotcha
The biggest limitation is the hard dependency on IPinfo.io’s API. Unlike MaxMind’s geoip tools that work entirely offline with local MMDB databases, this CLI requires network connectivity and API availability for nearly all operations. While there’s a separate mmdb subcommand for inspecting database files, it doesn’t integrate with the main lookup commands. If you’re building a service that needs to geolocate IPs in an air-gapped network or can’t tolerate API downtime, this isn’t the right tool.
The free tier has limitations for production usage. The README notes that without a token there will be “limited data output” and bulk lookups won’t be available. For production log analysis or security pipelines where you need full data access and bulk operations, you’ll need to evaluate IPinfo.io’s paid plans.
Another consideration: if you’re looking up the same IPs repeatedly in a script, you may be making redundant API calls. You’ll need to implement your own deduplication layer or use the bulk command with pre-filtered input to optimize API usage.
Verdict
Use IPinfo CLI if you’re building IP intelligence workflows where composability matters more than offline operation—security teams investigating threats, DevOps engineers analyzing traffic patterns, or compliance teams generating audit reports. It excels when you’re already using IPinfo.io’s API and need polished, production-ready tooling with excellent Unix pipeline integration. The standalone utilities alone justify installation for anyone doing regular network engineering work with CIDRs and ranges. Skip it if you need offline operation (stick with MaxMind’s tools and local MMDB files), if you’re cost-sensitive and processing high volumes on the free tier, or if you need more advanced traffic analysis beyond the geolocation and ASN data that IPinfo.io provides. Also skip if you want to avoid vendor lock-in—this tool is purpose-built for IPinfo.io’s API and won’t work with alternative data sources.
