IVRE includes tools to run Nmap against targets like a network or an address range, a whole country, a specific AS, or the full IPv4 connected address space.
It can also parse output from active scans run with Masscan, ZGrab2 or ZDNS and collect info from network traffic (passively) using Zeek (Bro), Argus or Nfdump.
Use the CLI tools, the Python API or the Web interface to browse the results.
Filter, look for specific services or vulnerable versions, within a specific country or network, quickly access to previous results for a specific host, etc.
Make the best of your scan results to identify similar hosts and corner-cases.
Look for most (and least) common ports, services or products, and get a quick overview of the address space with the “heatmap”
IVRE is an open-source framework for network recon. It relies on open-source well-known tools (Nmap, Masscan, ZGrab2, ZDNS and Zeek (Bro)) to gather data (network intelligence), stores it in a database (MongoDB is the recommended backend), and provides tools to analyze it.
It includes a Web interface aimed at analyzing Nmap scan results (since it relies on a database, it can be much more efficient with huge scans than a tool like Zenmap, the Nmap GUI, for example).
IVRE means Instrument de veille sur les réseaux extérieurs, and is French for DRUNK, Dynamic Recon of Unknown NetworKs.
It's free software, the code is on GitHub and the documentation on Read the Docs. Enjoy!
IVRE comes with a handy interface to browse network flows.
IVRE can import results from Zeek (Bro), Argus or Netflow (using Nfdump). The data can be explored from a CLI, a Web interface and the Python API.
$ zeek -r mycapture.cap $ ivre flowcli --init This will remove any scan result in your database. Process ? [y/N] y $ ivre zeek2db *.log $ ivre flowcli --count 585 clients 1259 servers 3629 flows
There are several ways to install and deploy IVRE; depending on your situation, you may want to use your distribution packages (Kali Linux, Arch Linux or BlackArch Linux users), Pip, Docker and Vagrant, or a manual installation process.
On Kali Linux, just run apt install ivre to install the package. You can also add ivre-doc if needed.
If you are an Arch Linux user, there is an AUR package, that should be easy to install: something like yay -S ivre ivre-web should work (use yay -S ivre-git ivre-web-git to get the current development version). If you use BlackArch Linux, IVRE should be installed and work out of the box. If not, just run: pacman -S ivre ivre-web.
IVRE is also packaged in Pypi, and you can use Pip to install it: pip install ivre.
Thanks to Docker and Vagrant, running IVRE is (almost) as easy as typing vagrant up.
$ mkdir -m 1777 var_lib_mongodb ivre-share dokuwiki_data $ wget -q https://ivre.rocks/Vagrantfile $ vagrant up --no-parallel Bringing machine 'ivredb' up with 'docker' provider... Bringing machine 'ivreweb' up with 'docker' provider... Bringing machine 'ivreclient' up with 'docker' provider... [...] $ docker attach ivreclient root@e809cb41cb9a:/#
While both AUR and Pypi packages are built for each release, Docker images are built automatically from the Github repository and follow the development version, just like AUR ivre-git packages.
You don't want to use Docker, Archlinux or Pip? The documentation includes a step-by-step installation procedure, that should be easy to adapt to any Linux / Unix-like system.
We maintain an up-to-date documentation (from the doc/ folder in the repository), to include help options to each tool, and to document the code.
Some blog posts have been published, along with sample data, to help newcomers get started.
Access to a demonstration instance, running IVRE's latest version with an Internet-wide scan of Modbus-enabled device, is available upon request. Contact us!
When no tool exist in IVRE to get the information you want, it's easy to access your results through the Python API. The data can then be processed and used with your favorite analysis tools (here, matplotlib and RT Graph 3D).
IVRE integrates with several security tools, such as YETI (Your Everyday Threat Intelligence) and Cortex (TheHive project). Thanks to IVRE's API (and using existing examples), building new connectors for other tools should be easy.
By the way if you have a great tool running on top of IVRE, please let us know!
You like IVRE? Keep in touch, and let the world know about it!
By talking about IVRE (how it helps you, what you are able to do with it), you can help us reach more people and grow the community. This will attract new users, bug reporters and contributors, which in turn, will make IVRE better, for you!
The preferred way to reach us to ask questions about IVRE or report bugs is to open an issue on the Github repository. The project is @IvreRocks on Twitter.
You can send us an e-mail: dev@.