1. Advisor
  2. ivre
  3. functions
  4. ivre.db.db.passive.get
View all ivre analysis

How to use the ivre.db.db.passive.get function in ivre

To help you get started, we’ve selected a few ivre examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github cea-sec / ivre / tests / tests.py View on Github external
self.assertEqual(count1, count2)
            for res in ivre.db.db.passive.get(flt):
                self.assertTrue(res['infos']['service_name'] == service)

        for service, port in [('ssh', 22), ('ssh', 23), ('imap', 143),
                              ('imap', 110)]:
            res, out, _ = RUN(["ivre", "ipinfo", "--count", "--service",
                               service, "--port", str(port)])
            self.assertEqual(res, 0)
            count1 = int(out)
            self.check_value("passive_count_%s_port_%d" % (service, port),
                             count1)
            flt = ivre.db.db.passive.searchservice(service, port=port)
            count2 = ivre.db.db.passive.count(flt)
            self.assertEqual(count1, count2)
            for res in ivre.db.db.passive.get(flt):
                self.assertTrue(res['port'] == port)
                self.assertTrue(res['infos']['service_name'] == service)

        for service, product in [('ssh', 'Cisco SSH'),
                                 ('http', 'Apache httpd'),
                                 ('imap', 'Microsoft Exchange imapd')]:
            flt = ivre.db.db.passive.searchproduct(product, service=service)
            count = ivre.db.db.passive.count(flt)
            self.check_value(
                "passive_count_%s_%s" % (service, product.replace(' ', '')),
                count,
            )
            for res in ivre.db.db.passive.get(flt):
                self.assertTrue(res['infos']['service_name'] == service)
                self.assertTrue(res['infos']['service_product'] == product)
github cea-sec / ivre / ivre / web / app.py View on Github external
subdomains = request.params.get("subdomains") is not None
    reverse = request.params.get("reverse") is not None
    utils.LOGGER.debug("passivedns: query: %r, subdomains: %r", query,
                       subdomains)

    if utils.IPADDR.search(query) or query.isdigit():
        flt = db.passive.flt_and(
            db.passive.searchdns(dnstype=request.params.get("type")),
            db.passive.searchhost(query),
        )
    else:
        flt = db.passive.searchdns(name=query,
                                   dnstype=request.params.get("type"),
                                   subdomains=subdomains,
                                   reverse=reverse)
    for rec in db.passive.get(flt):
        for k in ['_id', 'infos', 'recontype', 'schema_version']:
            try:
                del rec[k]
            except KeyError:
                pass
        rec['rrtype'], rec['source'], _ = rec['source'].split('-')
        rec['rrname'] = rec.pop('value')
        try:
            rec['rdata'] = rec.pop('addr')
        except KeyError:
            rec['rdata'] = rec.pop('targetval')
        for k in ['first', 'last']:
            try:
                rec['time_%s' % k] = rec.pop('%sseen' % k)
            except KeyError:
                pass
github yeti-platform / yeti / contrib / analytics / ivre_api / ivre_api.py View on Github external
def analyze_certsubj(cls, subject, results):
        """Specific analyzer for CertificateSubject observables."""

        links = set()
        result = []
        for rec in itertools.chain(
                db.passive.get(db.passive.searchcertsubject(subject.value)),
                db.passive.get(db.passive.searchcertissuer(subject.value)),
        ):
            LOG.debug('%s.analyze_certsubj: record %r', cls.__name__, rec)
            cert = _handle_cert(db.passive, rec, links)
            links.update(
                Ip.get_or_create(value=rec['addr']).link_to(
                    cert,
                    "ssl-cert",
                    "IVRE - SSL X509 certificate",
                    first_seen=rec['firstseen'],
                    last_seen=rec['lastseen'],
                ))
            result.append(rec)

        results.update(raw=pformat(result))
        return list(links)
github yeti-platform / yeti / contrib / analytics / ivre_api / ivre_api.py View on Github external
def analyze_certsubj(cls, subject, results):
        """Specific analyzer for CertificateSubject observables."""

        links = set()
        result = []
        for rec in itertools.chain(
                db.passive.get(db.passive.searchcertsubject(subject.value)),
                db.passive.get(db.passive.searchcertissuer(subject.value)),
        ):
            LOG.debug('%s.analyze_certsubj: record %r', cls.__name__, rec)
            cert = _handle_cert(db.passive, rec, links)
            links.update(
                Ip.get_or_create(value=rec['addr']).link_to(
                    cert,
                    "ssl-cert",
                    "IVRE - SSL X509 certificate",
                    first_seen=rec['firstseen'],
                    last_seen=rec['lastseen'],
                ))
            result.append(rec)

        results.update(raw=pformat(result))
        return list(links)
github cea-sec / ivre / ivre / tools / ipinfo.py View on Github external
def disp_recs_json(flt, sort, limit, skip):
    if os.isatty(sys.stdout.fileno()):
        indent = 4
    else:
        indent = None
    for rec in db.passive.get(flt, sort=sort, limit=limit, skip=skip):
        for fld in ['_id', 'scanid']:
            try:
                del rec[fld]
            except KeyError:
                pass
        if rec.get('recontype') == 'SSL_SERVER' and \
           rec.get('source') == 'cert':
            rec['value'] = utils.encode_b64(rec['value']).decode()
        print(json.dumps(rec, indent=indent, default=db.passive.serialize))
github cea-sec / ivre / ivre / tools / ipinfo.py View on Github external
firstrecs.reverse()
    # in case we don't have (yet) records matching our criteria
    r = {'firstseen': 0, 'lastseen': 0}
    for r in firstrecs:
        if 'addr' in r:
            print(utils.force_int2ip(r['addr']), end=' ')
        else:
            print(r['targetval'], end=' ')
        disp_rec(r)
        sys.stdout.flush()
    # 2. loop
    try:
        while True:
            prevtime = r[field]
            time.sleep(1)
            for r in db.passive.get(
                    db.passive.flt_and(
                        baseflt,
                        db.passive.searchnewer(prevtime,
                                               new=field == 'firstseen'),
                    ),
                    sort=[(field, 1)]):
                if 'addr' in r:
                    print(utils.force_int2ip(r['addr']), end=' ')
                else:
                    print(r['targetval'], end=' ')
                disp_rec(r)
                sys.stdout.flush()
    except KeyboardInterrupt:
        pass
github cea-sec / ivre / ivre / tools / macinfo.py View on Github external
neg=neg))
        elif '/' in arg:
            flts[1].append(db.passive.searchnet(arg, neg=neg))
        else:
            flts[1].append(db.passive.searchhost(arg, neg=neg))
    if not flts[0]:
        flts[0].append(db.passive.searchmac())
    flt = db.passive.flt_or(*flts[0])
    if flts[1]:
        flt = db.passive.flt_and(flt, db.passive.flt_or(*flts[1]))
    if args.sensor is not None:
        flt = db.passive.flt_and(flt, db.passive.searchsensor(args.sensor))
    if args.count:
        print(db.passive.count(flt))
        return
    for rec in db.passive.get(flt, sort=[('addr', 1), ('value', 1),
                                         ('source', 1)]):
        rec["times"] = "s" if rec["count"] > 1 else ""
        if not rec.get("sensor"):
            rec["sensor"] = "-"
        if args.resolve:
            try:
                manuf = utils.mac2manuf(rec['value'])[0]
            except (TypeError, ValueError):
                pass
            else:
                rec['value'] = '%s (%s)' % (rec['value'], manuf)
        print("%(addr)s at %(value)s on %(sensor)s (%(source)s %(count)s "
              "time%(times)s, %(firstseen)s - %(lastseen)s)" % rec)
github cea-sec / ivre / ivre / view.py View on Github external
def passive_to_view(flt, category=None):
    """Generates passive entries in the View format.

    Note that this entry is likely to have no sense in itself. This
    function is intended to be used to format results for the merge
    function.

    """
    for rec in db.passive.get(flt, sort=[("addr", 1)]):
        outrec = passive_record_to_view(rec, category=category)
        if outrec is not None:
            yield outrec
github cea-sec / ivre / ivre / tools / ipinfo.py View on Github external
def disp_recs_std(flt, sort, limit, skip):
    old_addr = None
    sort = sort or [('addr', 1), ('port', 1), ('recontype', 1), ('source', 1)]
    for rec in db.passive.get(flt, sort=sort, limit=limit, skip=skip):
        if 'addr' not in rec or not rec['addr']:
            continue
        if old_addr != rec['addr']:
            if old_addr is not None:
                print()
            old_addr = rec['addr']
            print(utils.force_int2ip(old_addr))
            ipinfo = db.data.infos_byip(old_addr)
            if ipinfo:
                if 'address_type' in ipinfo:
                    print('\t', end=' ')
                    print(ipinfo['address_type'], end=' ')
                    print()
                if 'country_code' in ipinfo:
                    print('\t', end=' ')
                    print(ipinfo['country_code'], end=' ')

ivre

Network recon framework

GitHub
GPL-3.0
Latest version published 2 years ago

Package Health Score

57 / 100
Full package analysis

Popular ivre functions

Similar packages