Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Pierre Lalet
    @p-l-
    If you can share the file http.json, I will have a look.
    Senanfurkan
    @Senanfurkan

    I scanned the ip's once before that is why I used --merge, I just tried with different ip addresses now. Result was the same 0 results imported I have 2 different output as .json file also couldn't imported.

    Here is the file: https://send.firefox.com/download/57ae58f48a740d53/#6msomx4ndlF_yABIC6-wtw

    Pierre Lalet
    @p-l-
    I was not clear in my question: had you, prior to this insertion, already added the very same file? ivre scan2db first hashes each file and will not insert already inserted files.
    Also, which version of ivre are you using? I had no problem inserting this file with the current devel version
    Senanfurkan
    @Senanfurkan

    Nope, I didn't added the same file. I added another file which consist of Uber's ASN ip addresses. I used ivre runscans command to scan Uber ASN. I import the scan results by using command ivre scan2db and ivre db2view which are worked without problem.

    In this example;
    This spesific file which I sent you consist of Paypal's ASN ip addresses. I scanned the ip addresses by using zgrab2 and tried to import. When I first time add it, output was 0 results imported

    I am using IVRE Version 0.9.14

    Pierre Lalet
    @p-l-
    OK zgrab2 support is recent. You should switch to the current dev version or wait for the next release (should be soon now)
    Erwan
    @Erwan14536010_twitter
    :D
    Dr. Di Prodi
    @robomotic
    Hello guys! Just got access to the demo!
    very exciting I like this project very much.
    I am wondering if somebody has worked on indexing banners
    basically like Shodan does
    in nmap could be replicated by running this
    https://nmap.org/nsedoc/scripts/banner.html
    and then storing the output in ElasticSearch
    Dr. Di Prodi
    @robomotic
    wait I am an idiot I just noticed I can click on the last octet and it displays the banner ahahah!
    Pierre Lalet
    @p-l-
    @robomotic clicking the last octet adds a filter, which has a side consequence: the result that interests you is the only one, and it displays entirely (instead of only the summary)
    but you can get the detailed view without adding a filter: just "long-click" in a result.
    Dr. Di Prodi
    @robomotic
    great it does work nicely, maybe should add some icon to make it more intuitive
    do you also have a demo API account I can use ?
    https://doc.ivre.rocks/en/latest/dev/web-api.html
    do I just need Basic authentication to use the Web API (e.g. same credentials as the demo) ?
    Pierre Lalet
    @p-l-
    Yep, you can use the same credentials as in the demo. Also, you need to force a "Referer: https://ivre.rocks/demo"
    (sorry I missed your message for some reason)
    Max Davitt
    @themaxdavitt
    Hi everyone - I was wondering how I should go about labeling/tagging results as I go through them after importing. I saw there was an attempt or two at a label implementation open in the PRs, but they were from years ago. What's the status on this feature?
    Pierre Lalet
    @p-l-
    Hi! It is not implemented. For now, we use the categories that are set at import time, or in a database shell. Hope this helps!
    Max Davitt
    @themaxdavitt
    Gotcha, thanks! I feel like this could be a helpful feature if finished, I'd consider setting it as a goal or milestone for a future update if I were you. :) Have a nice day and stay safe!
    Flyrabby
    @Flyrabby
    may i get more details about the scheme?
    Pierre Lalet
    @p-l-
    What do you mean exactly?
    If you have not already, maybe you could have a look at this page: https://doc.ivre.rocks/en/latest/overview/principles.html
    Flyrabby
    @Flyrabby
    thank you for your fast reply. i mean the scheme version 14
    the data format in the mongodb
    and the page you providing for me is also very helpful
    Pierre Lalet
    @p-l-
    This part is indeed not well documented. Basically, the document format in both nmap and view purposes is close to the structured output of Nmap (XML produced by -oX). You can see what changes from Nmap output to the current format by reading the code of the migration methods (they should be documented) in ivre/db/__init__.py and ivre/db/mongo.py.
    Flyrabby
    @Flyrabby
    thank you very much!Then I want to know when ivre had supported to zeek scan
    I didnt find this function last year.🙃
    Pierre Lalet
    @p-l-
    I'm not sure what you mean. IVRE has been supporting intelligence collection with Zeek (Bro) since the beginning. Turning those results into Nmap-like results if fairly recent. No idea when exactly, you will have to git log if it really matters.
    Flyrabby
    @Flyrabby
    It doesnt matter.I appreciate you and your work
    Pierre Lalet
    @p-l-
    Thanks :-)
    tpenisso
    @tpenisso
    hello ! I try to use MongoDBNmap to count open port by IP scanned during the last 24 h. I want to call get_open_port_count but I don't know how call it. I have this output : (<generator object MongoDBActive.get_ips.<locals>.<genexpr> at 0x7f748622b150>, 2213). Are there some examples please ?
    PS : excuse me in advance for my approximate English, I'm French and I haven't written in English for some time...
    Pierre Lalet
    @p-l-
    @tpenisso hi, if I understand well, you nee to call : from ivre.db import db; db.view.count(db.view.searchopenport())
    This will count each machine with at least one open port
    If you want to know how many ports are open per host, you can try: list(db.view.get_open_port_count(db.view.flt_empty)[0])
    tpenisso
    @tpenisso
    I want to know how many ports are open per host for the machines scanned in the last 24h. I understand that this : db.nmap.get(db.nmap.searchtimeago(datetime.timedelta(1, 0, 0))) gives the machines scanned in the last 24H
    I'm going to try list(db.view.get_open_port_count(db.view.flt_empty)[0])
    Pierre Lalet
    @p-l-
    you probably want to replace db.view.flt_empty by db.nmap.searchtimeago(datetime.timedelta(1, 0, 0))
    tpenisso
    @tpenisso
    Thanks
    tpenisso
    @tpenisso
    that's what I thought :-)
    tpenisso
    @tpenisso
    hi ! I have an issue on the field "starttime" which is not updated with "scan2db" and "db2view" . on the other hand no problem for the "endtime" field which is well updated. is this issue known ?
    Pierre Lalet
    @p-l-
    Hi! 'db2view' creates a "view" by merging data from "passive" and "nmap". So starttime is the earliest starttime, and endtime the latest endtime.