How to use the ivre.db.db.passive function in ivre
To help you get started, we’ve selected a few ivre examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
cea-sec / ivre / tests / tests.py View on Github 
"ivre", "ipinfo",
addr if isinstance(addr, basestring) else ivre.utils.int2ip(addr),
])
self.assertEqual(ret, 0)
self.assertTrue(not err)
self.assertGreater(out.count(b'\n'), result)
result = ivre.db.db.passive.count(
ivre.db.db.passive.searchhost("127.12.34.56")
)
self.assertEqual(result, 0)
addrrange = sorted(
(
ivre.db.db.passive.internal2ip(x)
for x in ivre.db.db.passive.distinct(
'addr',
flt=ivre.db.db.passive.searchipv4(),
) if x
),
key=ivre.utils.ip2int,
)
self.assertGreaterEqual(len(addrrange), 2)
if len(addrrange) < 4:
addrrange = [addrrange[0], addrrange[-1]]
else:
addrrange = [addrrange[1], addrrange[-2]]
result = ivre.db.db.passive.count(
ivre.db.db.passive.searchrange(*addrrange)
)
self.assertGreaterEqual(result, 2)
addresses_1 = [for rec in ivre.db.db.passive.get(
ivre.db.db.passive.searchja3client(
value_or_hash=values["_id"]
)
):
if rec['count'] == values["count"]:
break
else:
self.assertTrue(False)
# Delete the reference on the cursor to close the connection
# to the database (required for SQLite)
del cur
# JA3 server:
# Get one record, then find it again with different filters.
rec1 = ivre.db.db.passive.get_one(ivre.db.db.passive.searchja3server())
for value in [None, rec1['infos']['raw'], rec1['value'],
rec1['infos']['sha1'], rec1['infos']['sha256']]:
for clival in [None, rec1['infos']['client']['raw'],
rec1['source'][4:], rec1['infos']['client']['sha1'],
rec1['infos']['client']['sha1']]:
if value is None and clival is None:
continue
for rec2 in ivre.db.db.passive.get(
ivre.db.db.passive.searchja3server(
value_or_hash=value,
client_value_or_hash=clival,
)
):
if rec1 == rec2:
break
else:)
self.check_value("passive_torcert_count", count)
count = ivre.db.db.passive.count(
ivre.db.db.passive.searchcertsubject(
re.compile('google', re.I)
)
)
self.check_value("passive_cert_google", count)
count = ivre.db.db.passive.count(
ivre.db.db.passive.searchcertsubject(
re.compile('microsoft', re.I)
)
)
self.check_value("passive_cert_microsoft", count)
count = ivre.db.db.passive.count(
ivre.db.db.passive.searchjavaua()
)
self.check_value("passive_javaua_count", count)
count = ivre.db.db.passive.count(
ivre.db.db.passive.searchsensor("TEST")
)
self.assertEqual(count, total_count)
count = ivre.db.db.passive.count(
ivre.db.db.passive.searchsensor("TEST", neg=True)
)
self.assertEqual(count, 0)
count = ivre.db.db.passive.count(
ivre.db.db.passive.searchsensor(
re.compile("^TEST$"), neg=True)
)
self.assertEqual(count, 0)ivre.db.db.passive.searchcertsubject(
re.compile('microsoft', re.I)
)
)
self.check_value("passive_cert_microsoft", count)
count = ivre.db.db.passive.count(
ivre.db.db.passive.searchjavaua()
)
self.check_value("passive_javaua_count", count)
count = ivre.db.db.passive.count(
ivre.db.db.passive.searchsensor("TEST")
)
self.assertEqual(count, total_count)
count = ivre.db.db.passive.count(
ivre.db.db.passive.searchsensor("TEST", neg=True)
)
self.assertEqual(count, 0)
count = ivre.db.db.passive.count(
ivre.db.db.passive.searchsensor(
re.compile("^TEST$"), neg=True)
)
self.assertEqual(count, 0)
for auth_type in ["basic", "http", "pop", "ftp"]:
count = ivre.db.db.passive.count(
getattr(
ivre.db.db.passive, "search%sauth" % auth_type
)()
)
self.check_value("passive_%sauth_count" % auth_type, count)]
addresses_2 = set()
nets = ivre.utils.range2nets(addrrange)
for net in nets:
addresses_2 = addresses_2.union(
ivre.db.db.passive.internal2ip(x)
for x in ivre.db.db.passive.distinct(
"addr",
flt=ivre.db.db.passive.searchnet(net),
)
)
self.assertItemsEqual(addresses_1, addresses_2)
count = 0
for net in nets:
result = ivre.db.db.passive.count(
ivre.db.db.passive.searchnet(net)
)
count += result
start, stop = (ivre.utils.ip2int(addr)
for addr in ivre.utils.net2range(net))
for addr in ivre.db.db.passive.distinct(
"addr",
flt=ivre.db.db.passive.searchnet(net),
):
addr = ivre.utils.ip2int(ivre.db.db.passive.internal2ip(addr))
self.assertTrue(
start <= addr <= stop
)
result = ivre.db.db.passive.count(
ivre.db.db.passive.flt_and(
*(ivre.db.db.passive.searchnet(net) for net in nets)
))values = next(cur)
self.check_value(
"passive_top_%s_%sdistinct" % (key,
"" if distinct else "not_"),
values["_id"],
)
self.check_value(
"passive_top_%s_%sdistinct_count" % (
key,
"" if distinct else "not_",
),
values["count"],
)
if not distinct:
# Let's try to find the record with same value and count
for rec in ivre.db.db.passive.get(
ivre.db.db.passive.searchja3client(
value_or_hash=values["_id"]
)
):
if rec['count'] == values["count"]:
break
else:
self.assertTrue(False)
# Delete the reference on the cursor to close the connection
# to the database (required for SQLite)
del cur
# JA3 server:
# Get one record, then find it again with different filters.
rec1 = ivre.db.db.passive.get_one(ivre.db.db.passive.searchja3server())
for value in [None, rec1['infos']['raw'], rec1['value'],def __init__(self, baseflt=None):
DBKey.__init__(self, db.passive, baseflt=baseflt)'inserting them in database.')
parser.add_argument('--verbose', '-v', action='store_true',
help='For test output, print out formatted results.')
if not USING_ARGPARSE:
if 'nmap' in sys.argv:
if db.nmap is None:
parser.error('Cannot use "nmap" (no Nmap database exists)')
for args, kargs in db.nmap.argparser.args:
parser.add_option(*args, **kargs)
elif 'passive' in sys.argv:
if db.passive is None:
parser.error(
'Cannot use "passive" (no Passive database exists)'
)
for args, kargs in db.passive.argparser.args:
parser.add_option(*args, **kargs)
else:
parser.error(
'Invalid subcommand, only "nmap" and "passive" are supported'
)
else:
subparsers = parser.add_subparsers(dest='view_source',
help="Accepted values are 'nmap' "
"and 'passive'. None or 'all' "
"will do both")
if db.nmap is not None:
subparsers.add_parser('nmap', parents=[db.nmap.argparser])
if db.passive is not None:
subparsers.add_parser('passive', parents=[db.passive.argparser])
subparsers.add_parser('all')for arg in args.ips_or_macs:
if arg[:1] in "-!~":
neg = True
arg = arg[1:]
else:
neg = False
match = MAC_ADDR.search(arg)
if match:
flts[0].append(db.passive.searchmac(mac=arg, neg=neg))
elif arg.startswith('/') and '/' in arg[1:]:
flts[0].append(db.passive.searchmac(mac=utils.str2regexp(arg),
neg=neg))
elif '/' in arg:
flts[1].append(db.passive.searchnet(arg, neg=neg))
else:
flts[1].append(db.passive.searchhost(arg, neg=neg))
if not flts[0]:
flts[0].append(db.passive.searchmac())
flt = db.passive.flt_or(*flts[0])
if flts[1]:
flt = db.passive.flt_and(flt, db.passive.flt_or(*flts[1]))
if args.sensor is not None:
flt = db.passive.flt_and(flt, db.passive.searchsensor(args.sensor))
if args.count:
print(db.passive.count(flt))
return
for rec in db.passive.get(flt, sort=[('addr', 1), ('value', 1),
('source', 1)]):
rec["times"] = "s" if rec["count"] > 1 else ""
if not rec.get("sensor"):
rec["sensor"] = "-"
if args.resolve:else:
fname = ['-s', fname]
if mode is None:
mode = 'SYN'
mode = ivre.passive.P0F_MODES[mode]
recontype = 'P0F2-%s' % mode['name']
p0fprocess = subprocess.Popen(
['p0f', '-q', '-l', '-S', '-ttt'] + fname +
mode['options'] + [mode['filter']],
stdout=subprocess.PIPE,
preexec_fn=os.setpgrp,
)
if bulk_db:
function = ivre.db.db.passive.insert_or_update_bulk
elif bulk_local:
function = ivre.db.db.passive.insert_or_update_local_bulk
else:
function = functools.partial(
ivre.db.DBPassive.insert_or_update_bulk,
ivre.db.db.passive,
)
function(
ivre.passive.parse_p0f_line(
line,
include_port=(mode['name'] == 'SYN+ACK'),
sensor=sensor,
recontype=recontype,
) for line in p0fprocess.stdout
)
Popular ivre functions
- ivre.config
- ivre.db.db
- ivre.db.db.nmap
- ivre.db.db.nmap.count
- ivre.db.db.nmap.get
- ivre.db.db.passive
- ivre.db.db.passive.get
- ivre.db.sql.__init__.PassiveFilter
- ivre.utils
- ivre.utils.all2datetime
- ivre.utils.datetime2timestamp
- ivre.utils.encode_b64
- ivre.utils.force_int2ip
- ivre.utils.int2ip
- ivre.utils.ip2int
- ivre.utils.LOGGER
- ivre.utils.LOGGER.debug
- ivre.utils.LOGGER.warning
- ivre.utils.str2regexp
- ivre.xmlnmap