Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add IVRE module #1354

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add IVRE module #1354

wants to merge 1 commit into from

Conversation

p-l-
Copy link
Contributor

@p-l- p-l- commented Sep 14, 2021

IVRE is an open-source network recon framework.

It has several use-cases, such as running your own Shodan-like service (based on powerful open-source tools such as Masscan, Nmap, ZGrab2, ZDns), passively gather intelligence from network traffic (including running a Passive DNS service, collecting and analyzing X509 certificates, HTTP headers, TCP banners, etc.), analyzing scanners hits against simple honeypots, etc.

It already integrates well with YETI, Cortex and OpenCTI.

See for some examples: https://doc.ivre.rocks/en/latest/usage/use-cases.html.

@p-l- p-l- marked this pull request as draft September 14, 2021 19:32
@p-l- p-l- marked this pull request as ready for review September 15, 2021 20:37
@p-l-
Copy link
Contributor Author

p-l- commented Sep 15, 2021

@bcoles Thanks for your review. I think it should be better now.

@p-l- p-l- force-pushed the add-ivre branch 3 times, most recently from 945be00 to 37b1291 Compare November 22, 2021 09:47
@codecov-commenter
Copy link

codecov-commenter commented Nov 22, 2021

Codecov Report

Merging #1354 (37b1291) into master (70caf3f) will decrease coverage by 0.10%.
The diff coverage is 20.28%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1354      +/-   ##
==========================================
- Coverage   53.34%   53.23%   -0.11%     
==========================================
  Files         483      484       +1     
  Lines       40745    40883     +138     
==========================================
+ Hits        21737    21766      +29     
- Misses      19008    19117     +109     
Impacted Files Coverage Δ
modules/sfp_ivre.py 20.28% <20.28%> (ø)
sfscan.py 77.71% <0.00%> (+0.28%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 70caf3f...37b1291. Read the comment docs.

import hashlib

from netaddr import IPNetwork
from ivre.db import db, DBPassive
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any way this could be done using pure REST instead of relying on another library?

#
# Created: 2021-09-14
# Copyright: (c) Pierre Lalet
# Licence: GPL
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please change to MIT.

yield dbase.searchhostname(name)


EVENTS_FILTERS = {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any particular reason why this approach was taken? It's quite different to all the other modules.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants