IVRE掃描並導入數據
通過docker裝好的IVRE是沒有數據的,本文是導入一些掃描數據使IVRE看起來更好一點。對於IVRE,我也是剛開始折騰,可能折騰的並不深,這裏只是記錄我的一些感想和收穫,如有問題或是錯誤,請大家及時指出,小弟將不勝感激。
上一篇文章並沒有介紹IVRE,其實IVRE是一個python縮寫的開源框架,官網iv.re上有介紹。
有關IVRE的中文文檔並不多,小弟主要是從它的doc中查找的IVRE的具體用法,在IVRE的GitHub上有doc的文件夾,文件夾中有使用方法。
GitHub地址:https://github.com/cea-sec/ivre
文檔截圖
在這裏,我只給出幾條比較重要的命令,其他的命令請自行查看文檔
通過attach命令進入ivreclient
$ docker attach ivreclient運行如下初始化命令,下面這些命令是從官方doc中粘出來的
root@ivreclient:/# ipinfo --init
This will remove any passive information in your database. Process ? [y/N] y
root@ivreclient:/# ipdata --init
This will remove any country/AS information in your database. Process ? [y/N] y
root@ivreclient:/# scancli --init
This will remove any scan result in your database. Process ? [y/N] y
root@ivreclient:/# runscans-agentdb --init
This will remove any agent and/or scan in your database and files. Process ? [y/N] y
root@ivreclient:/# ipdata --download --import-all --dont-feed-ipdata-cols
[...]
The latest command will take a long time. Then we can integrate the
Nmap results to the database:
root@ivreclient:/# nmap2db -r -s MySource -c MyCategory /ivre-share
You can then exit the shell (`C-d`), this will stop the
container.但是我這裏nmap2db命令後顯示導入0條記錄,也不知道爲什麼,如果有大哥成功導入還請留言給小弟,小弟不勝感激——
那麼下載的導不進去的話,就自己掃一些導進去吧,文檔提供了方法
The easiest way is to install IVRE on the "scanning" machine and run:
# runscans --routable --limit 1000 --output=XMLFork
This will run a standard scan against 1000 random hosts on the
Internet by running 30 nmap processes in parallel. See the output of
`runscans --help` if you want to do something else.
When it's over, to import the results in the database, run:
$ nmap2db -c ROUTABLE-CAMPAIGN-001 -s MySource -r scans/ROUTABLE/up
Here, `ROUTABLE-CAMPAIGN-001` is a category (just an arbitrary name
that you will use later to filter scan results) and `MySource` is a
friendly name for your scanning machine (same here, an arbitrary name
usable to filter scan results; by default, when you insert a scan
result, if you already have a scan result for the same host address
with the same source, the previous result is moved to an "archive"
collection (fewer indexes) and the new result is inserted in the
database).
There is an alternative to installing IVRE on the scanning machine
that allows to use several agents from one master. See the
[AGENT](AGENT.md) file, the program `runscans-agent` for the master
and the `agent/` directory in the source tree.文檔說了好多,其實就兩句命令
# runscans --routable --limit 1000 --output=XMLFork
$ nmap2db -c ROUTABLE-CAMPAIGN-001 -s MySource -r scans/ROUTABLE/up第一句命令是進行掃描,使用nmap隨機掃描1000個主機,並將結果存成XMLFork格式,
第二句是將掃描結果存到數據庫裏
具體的參數是什麼意思,請–help查看,這裏就不解釋了。
附一張有數據的IVRE截圖
