Tool and Usage
IVRE is a framework to perform reconnaissance for network traffic. It leverages other tools to pull in the data and show it in the web interface.
How it works
IVRE uses data from other sources like Argus, Bro, Masscan, Nmap, zmap, and others. It pulls in the data and stores it in a MongoDB instance for further analysis. Network flows (flowdata) can be used as well, in which it uses a Neo4j database. The data can be extracted and displayed via command-line, web interface, or the Python API.
IVRE means Instrument de veille sur les réseaux extérieurs. It is French for DRUNK, Dynamic Recon of Unknown NetworKs. The IVRE framework allows both active as passive data gathering.
Usage and audience
IVRE is commonly used for digital forensics, information gathering, intrusion detection, or network analysis. Target users for this tool are pentesters, security professionals, and system administrators.
- IVRE is written in Python
- Application programming interface (API) available
- Command line interface
- Graphical user interface
- + The source code of this software is available
- - More than 10 contributors
- - More than 500 GitHub stars
Support operating systems
IVRE is known to work on Linux.
Several dependencies are required to use IVRE.
|Latest release||0.9.6 [2017-06-26]|
|Last updated||Sept. 19, 2017|
|IVRE GitHub project|
|IVRE project website|