LSE top 100LSE top 100IVRE (46)IVRE (46)

Tool and Usage

Project details

Programming language
Camille Mougey
Florent Monjalet
Pierre Lalet
Latest release
Latest release date

Project health

This score is calculated by different factors, like project age, last release date, etc.

How it works

IVRE uses data from other sources like Argus, Bro, Masscan, Nmap, zmap, and others. It pulls in the data and stores it in a MongoDB instance for further analysis. Network flows (flowdata) can be used as well, in which it uses a Neo4j database. The data can be extracted and displayed via command-line, web interface, or the Python API.

Background information

IVRE means Instrument de veille sur les réseaux extérieurs. It is French for DRUNK, Dynamic Recon of Unknown NetworKs. The IVRE framework allows both active as passive data gathering.

Usage and audience

IVRE is commonly used for digital forensics, information gathering, intrusion detection, or network analysis. Target users for this tool are pentesters, security professionals, and system administrators.


  • Application programming interface (API) available
  • Command line interface
  • Graphical user interface

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:


  • + More than 10 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Author and Maintainers

IVRE is under development by Camille Mougey, Florent Monjalet, Pierre Lalet.


Supported operating systems

IVRE is known to work on Linux.


Several dependencies are required to use IVRE.

  • MongoDB
  • bottle
  • future
  • psycopg2
  • py2neo
  • pycrypto
  • pymongo
  • sqlalchemy

IVRE alternatives

Similar tools to IVRE:



The 0trace.py utility is a rewrite of 0trace (by another author) to perform reconnaissance and bypass network firewalls.



Zeek is a network security monitoring tool (NSM) and helps with monitoring. It can also play an active rol in performing forensics and incident response.



Chiron is a security assessment framework for IPv6 testing. It can be used during penetration testing or analysis of network devices. Read how it works in this review.

All IVRE alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information


This tool is categorized as a network reconnaissance tools and network security monitoring tool.