Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    tpenisso
    @tpenisso
    is there a way to downgrade the database scheme without doing a purge/init of the database ? In fact, I upgrade by mistake the Python module IVRE from 0.9.15 to 0.9.16 and make a scan2db of a scan result. but I've got this error for the "db2view" :
    ValueError: Cannot merge host documents. Schema versions differ (16 != 18)
    Pierre Lalet
    @p-l-
    You cannot downgrade results
    (sorry @tpenisso I had not seen your message)
    What you should do is:
    1. update the scan records (ivre scancli --update-schema)
    2. update the existing view records (ivre view --update-schema)
    3. run your db2view operation again
    tpenisso
    @tpenisso
    thans you for your response !
    Ivan Shelestov
    @Shelestov7

    Hello how can I change NMAP_SCAN_TEMPLATES so that I can scan UPD and TCP in the range 0-65535. My config:
    NMAP_SCAN_TEMPLATES = { "default": { "scans": ["U", 'S'], "ports": "0-65535", "host_timeout": "15m", # default value: None "script_timeout": "2m", # default value: None "scripts_categories": ["default", "discovery", "auth"], # default value: None "scripts_exclude": [ "broadcast", "brute", "dos", "exploit", "external", "fuzzer", "intrusive", ], } }

    And after scan i have error like this
    'Traceback (most recent call last):
    File "/usr/lib/python3.8/xml/sax/expatreader.py", line 217, in feed
    self._parser.Parse(data, isFinal)
    xml.parsers.expat.ExpatError: no element found: line 154, column 0`

    Pierre Lalet
    @p-l-

    Hi!

    how can I change NMAP_SCAN_TEMPLATES so that I can scan UPD and TCP in the range 0-65535.

    You just need to add the following lines to your /etc/ivre.conf:

    NMAP_SCAN_TEMPLATES["default"]["scans"] = "SU"
    NMAP_SCAN_TEMPLATES["default"]["ports"] = "0-65535"
    6 replies
    Ivan Shelestov
    @Shelestov7
    @p-l- Tnx
    tpenisso
    @tpenisso
    hi ! I see this message " kernel: RPC: fragment too large: " in several machine logs that IVRE scans. Is there a particular script could trigger this message ? Or a conf particular ?
    For information, machines are on CentOS/RedHat
    Pierre Lalet
    @p-l-
    IVRE itself does not scan. It only runs Nmap, so you probably want to ask Nmap's devs about your issue.
    tpenisso
    @tpenisso
    ok thanks !
    Philip
    @11philip22
    Hi, Is there a way to remove scan results that only contain filtered or closed ports?
    Pierre Lalet
    @p-l-
    ivre scancli --delete --no-openport
    (and ivre view --delete --no-openport if you want to remove them from the view)
    Philip
    @11philip22
    Cool! thank you
    Ivan Shelestov
    @Shelestov7
    Hi, if i run scan, find some open ports, close them and run next scan with args --again up, and i still see open ports for this host from last scan. Can i fix it?
    Pierre Lalet
    @p-l-
    You need to remove the previous results first (--delete or even --init)
    schniggie
    @schniggie:matrix.org
    [m]
    hello guys, just trying ivre for the first time. Currently stuck with the following ivre httpd issue. Using latest kali package (ivre/rolling,now 0.9.16-0kali2 all [installed])
    any ideas? Just getting "Error: 500 Internal Server Error" on the client side
    Pierre Lalet
    @p-l-
    Hi! I don't know how you did install IVRE, but it seems that the config sub-module cannot resolve WEB_STATIC_PATH. Can you run the following command and report the output?
    python -c "from ivre import config;print(config.WEB_STATIC_PATH)"
    Did you add a configuration file (/etc/ivre.conf, ~/.ivre.conf or both)?
    schniggie
    @schniggie:matrix.org
    [m]
    install was done by apt install ivre ivre-docs
    Pierre Lalet
    @p-l-
    So you are running Kali?
    schniggie
    @schniggie:matrix.org
    [m]
    yes
    python -c "from ivre import config;print(config.WEB_STATIC_PATH)"
    None
    $cat /etc/ivre/ivre.conf
    DB="tinydb://%s/.ivre" % os.path.expanduser("~")
    schniggie
    @schniggie:matrix.org
    [m]
    looks like the kali package is lacking some config values
    Pierre Lalet
    @p-l-
    This value should be computed automatically. For some reason (I don't have time to investigate for now) some files are missing. You may just copy them for now, using git clone https://github.com/cea-sec/ivre; sudo cp -r ivre/web/static /usr/share/ivre/web/static.
    Pierre Lalet
    @p-l-
    Submitted on kali's gitlab : kalilinux/packages/ivre#3
    schniggie
    @schniggie:matrix.org
    [m]
    @p-l-: thank you ;)
    Philip
    @11philip22
    Hi, How do i remove wiki pages? And is it possible to rename page titles?
    Pierre Lalet
    @p-l-
    IVRE's wiki is actually a simple Dokuwiki, so I guess you should ask on the Dokuwiki forums or chats.
    Pierre Lalet
    @p-l-
    If some of you are The Hive / Cortex users: there is an ongoing Cortex Analyzer that uses data from IVRE. See TheHive-Project/Cortex-Analyzers#923.
    tpenisso
    @tpenisso
    hi, I have a python function which searchs hostname from an IP in the IVRE DB. I use this "db.nmap.get(db.nmap.searchhost(ip))" which return all the scan results of this "ip" with at first the oldest result et at the end the lastest result. Is there a way to reverse this order to get the lastest result at first ?
    Pierre Lalet
    @p-l-
    You can use the sort parameter in .get()
    tpenisso
    @tpenisso
    thanks you !
    Pierre Lalet
    @p-l-
    Also, you can limit the fields reported by the DB server to limit the traffic between the DB and your application:
    db.nmap.get(db.nmap.searchhost(ip), sort=[("endtime", -1)], fields=["hostnames.name"])
    tpenisso
    @tpenisso
    it works, thanks you ! :)
    Sam Tuke
    @samtuke
    @p-l- Hey Pierre, thanks for your reply on GitHub about my "pro" support question - yes that's what I meant. So paid help setting up a private IVRE instance isn't an option?
    Pierre Lalet
    @p-l-
    I don't think so; at least, I don't do that, and I don't know of anyone that does it either. It depends of what kind of help / support level you need.
    Sam Tuke
    @samtuke
    Ok. Basically I'd like someone to setup a server for me so it's ready to use. And possibly apply upgrades in future if that requires more than executing a copy paste CLI command. Also advice on using IVRE for my use case (researching email servers) would be useful. In all, might be a few hours work?
    Pierre Lalet
    @p-l-
    Let's try to see if someone wants to do that (I don't have time for this, and I don't have a way to get paid either): https://twitter.com/IvreRocks/status/1382036760142700547
    Sam Tuke
    @samtuke
    Amazon wish list? Thanks for the tweet :)
    tpenisso
    @tpenisso
    HI ! is there a doc on the DB and the role of each collection of the MongoDB (and also each keys of each collections) ?
    Pierre Lalet
    @p-l-
    Hi! I think this is a good starting point: https://doc.ivre.rocks/en/latest/overview/principles.html
    tpenisso
    @tpenisso
    thanks you !
    tpenisso
    @tpenisso
    an another issue we have to face : we have an update issue of the result of the IHM. By example, at 10h , we scan (with ivre runscan) an IP X.X.X.X and the output of the script "http-default-accounts" shows an account with a weak password (example : toto/toto) for a Tomcat on port 55. At 10h30, We make the correction on the machine (password change). at 10h30, We rescan the IP and there is not anymore of output for the script "http-default-accounts" on port 55 but in the IHM, the output "http-default-accounts" is always here. For info, we scan the IP from the same machine and the same nmap template. Is the issue is known by IVRE's community ? Is there a solution ?
    Pierre Lalet
    @p-l-
    The view has merged several scan results. You need to remove the previous scan, then insert the new one