How to use the ivre.db.sql.__init__.PassiveFilter function in ivre
To help you get started, we’ve selected a few ivre examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
cea-sec / ivre / ivre / db / sql / __init__.py View on Github 
subdomains=False):
cnd = cls.tables.passive.recontype == 'DNS_ANSWER'
if name is not None:
cnd &= (
(cls.tables.passive.moreinfo['domaintarget'
if reverse else
'domain'].has_key(name))
# noqa: W601 (BinaryExpression)
if subdomains else
cls._searchstring_re(cls.tables.passive.targetval
if reverse else
cls.tables.passive.value, name)
)
if dnstype is not None:
cnd &= cls.tables.passive.source.op('~')('^%s-' % dnstype.upper())
return PassiveFilter(main=cnd)def searchsshkey(cls, keytype=None):
if keytype is None:
return PassiveFilter(main=(
(cls.tables.passive.recontype == 'SSH_SERVER_HOSTKEY') &
(cls.tables.passive.source == 'SSHv2')
))
return PassiveFilter(main=(
(cls.tables.passive.recontype == 'SSH_SERVER_HOSTKEY') &
(cls.tables.passive.source == 'SSHv2') &
(cls.tables.passive.moreinfo.op('->>')('algo') == 'ssh-' + keytype)
))def searchhttpauth(cls):
return PassiveFilter(main=(
((cls.tables.passive.recontype == 'HTTP_CLIENT_HEADER') |
(cls.tables.passive.recontype == 'HTTP_CLIENT_HEADER_SERVER')) &
((cls.tables.passive.source == 'AUTHORIZATION') |
(cls.tables.passive.source == 'PROXY-AUTHORIZATION'))
))def searchrecontype(cls, rectype):
return PassiveFilter(main=(cls.tables.passive.recontype == rectype))def searchport(cls, port, protocol='tcp', state='open', neg=False):
"""Filters (if `neg` == True, filters out) records on the specified
protocol/port.
"""
if protocol != 'tcp':
raise ValueError("Protocols other than TCP are not supported "
"in passive")
if state != 'open':
raise ValueError("Only open ports can be found in passive")
return PassiveFilter(main=(cls.tables.passive.port != port)
if neg else (cls.tables.passive.port == port))def searchtimeago(cls, delta, neg=False, new=True):
field = cls.tables.passive.firstseen if new else \
cls.tables.passive.lastseen
if not isinstance(delta, datetime.timedelta):
delta = datetime.timedelta(seconds=delta)
now = datetime.datetime.now()
timestamp = now - delta
return PassiveFilter(main=(field < timestamp if neg else
field >= timestamp))def searchcertsubject(cls, expr, issuer=None):
base = (
(cls.tables.passive.recontype == 'SSL_SERVER') &
(cls.tables.passive.source == 'cert') &
(cls._searchstring_re(
cls.tables.passive.moreinfo.op('->>')('subject_text'), expr
))
)
if issuer is None:
return PassiveFilter(main=base)
return PassiveFilter(main=(
base &
(cls._searchstring_re(
cls.tables.passive.moreinfo.op('->>')('issuer_text'), issuer
))def searchcmp(cls, key, val, cmpop):
if isinstance(key, basestring):
key = cls.fields[key]
return PassiveFilter(main=key.op(cmpop)(val))def searchbasicauth(cls):
return PassiveFilter(main=(
((cls.tables.passive.recontype == 'HTTP_CLIENT_HEADER') |
(cls.tables.passive.recontype == 'HTTP_CLIENT_HEADER_SERVER')) &
((cls.tables.passive.source == 'AUTHORIZATION') |
(cls.tables.passive.source == 'PROXY-AUTHORIZATION')) &
cls.tables.passive.value.op('~*')('^Basic')
))def searchcertissuer(cls, expr):
return PassiveFilter(main=(
(cls.tables.passive.recontype == 'SSL_SERVER') &
(cls.tables.passive.source == 'cert') &
(cls._searchstring_re(
cls.tables.passive.moreinfo.op('->>')('issuer_text'), expr
))
Popular ivre functions
- ivre.config
- ivre.db.db
- ivre.db.db.nmap
- ivre.db.db.nmap.count
- ivre.db.db.nmap.get
- ivre.db.db.passive
- ivre.db.db.passive.get
- ivre.db.sql.__init__.PassiveFilter
- ivre.utils
- ivre.utils.all2datetime
- ivre.utils.datetime2timestamp
- ivre.utils.encode_b64
- ivre.utils.force_int2ip
- ivre.utils.int2ip
- ivre.utils.ip2int
- ivre.utils.LOGGER
- ivre.utils.LOGGER.debug
- ivre.utils.LOGGER.warning
- ivre.utils.str2regexp
- ivre.xmlnmap