How to use ivre - 10 common examples
To help you get started, we’ve selected a few ivre examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
cea-sec / ivre / tests / tests.py View on Github 
result = ivre.db.db.nmap.get(
ivre.db.db.nmap.searchhopdomain(re.compile('.'))
)
hop = random.choice([
hop for hop in
reduce(lambda x, y: x['hops'] + y['hops'],
next(result)['traces'],
{'hops': []})
if 'domains' in hop and hop['domains']
])
count = ivre.db.db.nmap.count(
ivre.db.db.nmap.searchhop(hop['ipaddr'])
)
self.assertGreaterEqual(count, 1)
count = ivre.db.db.nmap.count(
ivre.db.db.nmap.searchhopdomain(hop['domains'][0])
)
self.assertGreaterEqual(count, 1)
# Indexes
addr = next(ivre.db.db.nmap.get(
ivre.db.db.nmap.flt_empty
))['addr']
addr_net = '.'.join(addr.split('.')[:3]) + '.0/24'
queries = [
ivre.db.db.nmap.searchhost(addr),
ivre.db.db.nmap.searchnet(addr_net),
ivre.db.db.nmap.searchrange(max(ivre.utils.ip2int(addr) - 256, 0),
min(ivre.utils.ip2int(addr) + 256,
4294967295)),
]
for query in queries:)
self.assertGreaterEqual(count, 1)
count = ivre.db.db.nmap.count(
ivre.db.db.nmap.searchhopdomain(hop['domains'][0])
)
self.assertGreaterEqual(count, 1)
# Indexes
addr = next(ivre.db.db.nmap.get(
ivre.db.db.nmap.flt_empty
))['addr']
addr_net = '.'.join(addr.split('.')[:3]) + '.0/24'
queries = [
ivre.db.db.nmap.searchhost(addr),
ivre.db.db.nmap.searchnet(addr_net),
ivre.db.db.nmap.searchrange(max(ivre.utils.ip2int(addr) - 256, 0),
min(ivre.utils.ip2int(addr) + 256,
4294967295)),
]
for query in queries:
result = ivre.db.db.nmap.get(query)
count = ivre.db.db.nmap.count(query)
if DATABASE == "mongo":
nscanned = json.loads(ivre.db.db.nmap.explain(
ivre.db.db.nmap._get(query)
))
try:
nscanned = nscanned['nscanned']
except KeyError:
nscanned = nscanned['executionStats']['totalDocsExamined']
self.assertEqual(count, nscanned)
self.assertEqual(ivre.db.db.nmap.searchbanner(re.compile("^SSH-"))
)
self.check_value("nmap_ssh_count", count)
count = ivre.db.db.nmap.count(ivre.db.db.nmap.searchvncauthbypass())
self.check_value("nmap_vncauthbypass_count", count)
count = ivre.db.db.nmap.count(ivre.db.db.nmap.searchmssqlemptypwd())
self.check_value("nmap_mssql_emptypwd_count", count)
count = ivre.db.db.nmap.count(ivre.db.db.nmap.searchmysqlemptypwd())
self.check_value("nmap_mysql_emptypwd_count", count)
count = ivre.db.db.nmap.count(ivre.db.db.nmap.searchxp445())
self.check_value("nmap_xp445_count", count)
count = ivre.db.db.nmap.count(ivre.db.db.nmap.searchtorcert())
self.check_value("nmap_torcert_count", count)
count = ivre.db.db.nmap.count(ivre.db.db.nmap.searchgeovision())
self.check_value("nmap_geovision_count", count)
count = ivre.db.db.nmap.count(ivre.db.db.nmap.searchwebcam())
self.check_value("nmap_webcam_count", count)
count = ivre.db.db.nmap.count(ivre.db.db.nmap.searchphonedev())
self.check_value("nmap_phonedev_count", count)
count = ivre.db.db.nmap.count(ivre.db.db.nmap.searchnetdev())
self.check_value("nmap_netdev_count", count)
count = ivre.db.db.nmap.count(ivre.db.db.nmap.searchdomain("com"))
# Test case OK?
self.assertGreater(count, 0)
self.check_value("nmap_domain_com_count", count)
count = ivre.db.db.nmap.count(
ivre.db.db.nmap.searchdomain("com", neg=True)
)
self.check_value("nmap_not_domain_com_count", count)
count = ivre.db.db.nmap.count(
ivre.db.db.nmap.searchdomain(re.compile("^(com|net)$"),
neg=True)def _find_fingerprint():
for host in ivre.db.db.nmap.get(ivre.db.db.nmap.searchsshkey()):
for port in host.get('ports', []):
for script in port.get('scripts', []):
if script['id'] == 'ssh-hostkey':
for key in script.get('ssh-hostkey', []):
if 'fingerprint' in key:
return host['addr'], key['fingerprint']fields=['endtime'],
sort=[['endtime', -1]]
))['endtime']
)
)
self.assertEqual(count, hosts_count)
nets = ivre.utils.range2nets(addrrange)
count = 0
for net in nets:
count += ivre.db.db.nmap.count(
ivre.db.db.nmap.searchnet(net)
)
start, stop = (ivre.utils.ip2int(addr) for addr in
ivre.utils.net2range(net))
for addr in ivre.db.db.nmap.distinct(
"addr",
flt=ivre.db.db.nmap.searchnet(net),
):
addr = ivre.utils.ip2int(ivre.db.db.nmap.internal2ip(addr))
self.assertTrue(start <= addr <= stop)
self.assertEqual(count, addr_range_count)
# Networks in `nets` are separated sets
count = ivre.db.db.nmap.count(
ivre.db.db.nmap.flt_and(
*(ivre.db.db.nmap.searchnet(net) for net in nets)
)
)
self.assertEqual(count, 0 if len(nets) > 1 else addr_range_count)
count = ivre.db.db.nmap.count(
ivre.db.db.nmap.flt_or(
*(ivre.db.db.nmap.searchnet(net) for net in nets)if DATABASE == "mongo":
nscanned = json.loads(ivre.db.db.nmap.explain(
ivre.db.db.nmap._get(query)
))
try:
nscanned = nscanned['nscanned']
except KeyError:
nscanned = nscanned['executionStats']['totalDocsExamined']
self.assertEqual(count, nscanned)
self.assertEqual(
query,
ivre.db.db.nmap.str2flt(ivre.db.db.nmap.flt2str(query))
)
# FIXME: test PostgreSQL indexes
count = ivre.db.db.nmap.count(ivre.db.db.nmap.searchx11())
self.check_value("nmap_x11_count", count)
count = ivre.db.db.nmap.count(ivre.db.db.nmap.searchx11access())
self.check_value("nmap_x11access_count", count)
count = ivre.db.db.nmap.count(ivre.db.db.nmap.searchnfs())
self.check_value("nmap_nfs_count", count)
count = ivre.db.db.nmap.count(ivre.db.db.nmap.searchypserv())
self.check_value("nmap_nis_count", count)
count = ivre.db.db.nmap.count(ivre.db.db.nmap.searchphpmyadmin())
self.check_value("nmap_phpmyadmin_count", count)
count = ivre.db.db.nmap.count(ivre.db.db.nmap.searchwebfiles())
self.check_value("nmap_webfiles_count", count)
count = ivre.db.db.nmap.count(
ivre.db.db.nmap.searchbanner(re.compile("^SSH-"))
)
self.check_value("nmap_ssh_count", count)
count = ivre.db.db.nmap.count(ivre.db.db.nmap.searchvncauthbypass()))
self.assertEqual(count, hosts_count)
nets = ivre.utils.range2nets(addrrange)
count = 0
for net in nets:
count += ivre.db.db.nmap.count(
ivre.db.db.nmap.searchnet(net)
)
start, stop = (ivre.utils.ip2int(addr) for addr in
ivre.utils.net2range(net))
for addr in ivre.db.db.nmap.distinct(
"addr",
flt=ivre.db.db.nmap.searchnet(net),
):
addr = ivre.utils.ip2int(ivre.db.db.nmap.internal2ip(addr))
self.assertTrue(start <= addr <= stop)
self.assertEqual(count, addr_range_count)
# Networks in `nets` are separated sets
count = ivre.db.db.nmap.count(
ivre.db.db.nmap.flt_and(
*(ivre.db.db.nmap.searchnet(net) for net in nets)
)
)
self.assertEqual(count, 0 if len(nets) > 1 else addr_range_count)
count = ivre.db.db.nmap.count(
ivre.db.db.nmap.flt_or(
*(ivre.db.db.nmap.searchnet(net) for net in nets)
)
)
self.assertEqual(count, addr_range_count)self.assertEqual(ivre.utils.get_addr_type('10.0.0.0'), 'Private')
self.assertIsNone(ivre.utils.get_addr_type('100.63.255.255'))
self.assertEqual(ivre.utils.get_addr_type('100.67.89.123'), 'CGN')
self.assertEqual(ivre.utils.get_addr_type('239.255.255.255'),
'Multicast')
self.assertEqual(ivre.utils.get_addr_type('240.0.0.0'), 'Reserved')
self.assertEqual(ivre.utils.get_addr_type('255.255.255.254'),
'Reserved')
self.assertEqual(ivre.utils.get_addr_type('255.255.255.255'),
'Broadcast')
# ip2int() / int2ip()
self.assertEqual(ivre.utils.ip2int("1.0.0.1"), (1 << 24) + 1)
self.assertEqual(ivre.utils.int2ip((1 << 24) + 1), "1.0.0.1")
self.assertEqual(ivre.utils.ip2int('::2:0:0:0:2'), (2 << 64) + 2)
self.assertEqual(ivre.utils.int2ip((2 << 64) + 2), '::2:0:0:0:2')
# Math utils
# http://stackoverflow.com/a/15285588/3223422
def is_prime(n):
if n == 2 or n == 3:
return True
if n < 2 or n % 2 == 0:
return False
if n < 9:
return True
if n % 3 == 0:
return False
r = int(n**0.5)
f = 5
while f <= r:
if n % f == 0:# sqlite3.OperationalError: Expression tree is too
# large (maximum depth 10000)
continue
res, out, err = RUN(["ivre", "ipinfo", "--count", "--country",
cname])
self.assertEqual(ret, 0)
self.assertTrue(not err)
self.check_value("passive_count_country_%s" % cname, int(out))
# Delete
flt = ivre.db.db.passive.searchcert()
count = ivre.db.db.passive.count(flt)
# Test case OK?
self.assertGreater(count, 0)
ivre.db.db.passive.remove(flt)
new_count = ivre.db.db.passive.count(
ivre.db.db.passive.flt_empty
)
self.assertEqual(count + new_count, total_count)
ret, out, _ = RUN(["ivre", "ipinfo", "--short"])
self.assertEqual(ret, 0)
count = sum(1 for _ in out.splitlines())
self.check_value("passive_ipinfo_short_count", count)
ret, out, _ = RUN(["ivre", "iphost", "/./"])
self.assertEqual(ret, 0)
count = sum(1 for _ in out.splitlines())
self.check_value("passive_iphost_count", count)
ret, out, _ = RUN(["ivre", "iphost", "--sub", "com"])
self.assertEqual(ret, 0)def test_10_data(self):
"""ipdata (Maxmind, thyme.apnic.net) functions"""
# Download
res = RUN(["ivre", "ipdata", "--download"])[0]
self.assertEqual(res, 0)
# Reinit passive DB since we have downloaded the files
ivre.db.db.data.reload_files()
if DATABASE != "maxmind":
print(u"Database files have been downloaded -- "
u"other data tests won't run")
return
# CSV creation -- disabled on Travis CI: this is way too slow.
# Files are downloaded from ivre.rocks in .travis.yml instead,
# and "touched" here to make sure they are newer than the
# .mmdb files. Only the Country file is created.
for sub in ['ASN', 'City']:
fname = os.path.join(ivre.config.GEOIP_PATH,
'GeoLite2-%s.dump-IPv4.csv' % sub)
if os.path.isfile(fname):
os.utime(fname, None)
fname = os.path.join(ivre.config.GEOIP_PATH,
Popular ivre functions
- ivre.config
- ivre.db.db
- ivre.db.db.nmap
- ivre.db.db.nmap.count
- ivre.db.db.nmap.get
- ivre.db.db.passive
- ivre.db.db.passive.get
- ivre.db.sql.__init__.PassiveFilter
- ivre.utils
- ivre.utils.all2datetime
- ivre.utils.datetime2timestamp
- ivre.utils.encode_b64
- ivre.utils.force_int2ip
- ivre.utils.int2ip
- ivre.utils.ip2int
- ivre.utils.LOGGER
- ivre.utils.LOGGER.debug
- ivre.utils.LOGGER.warning
- ivre.utils.str2regexp
- ivre.xmlnmap