How to use the ivre.utils function in ivre
To help you get started, we’ve selected a few ivre examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
cea-sec / ivre / ivre / db / mongo.py View on Github 
open ports based researches.
"""
assert "schema_version" not in doc
assert "openports" not in doc
update = {"$set": {"schema_version": 1}}
updated_ports = False
openports = {}
for port in doc.get("ports", []):
# populate openports
if port.get('state_state') == 'open':
openports.setdefault(port["protocol"], {}).setdefault(
"ports", []).append(port["port"])
# create the screenwords attribute
if 'screenshot' in port and 'screenwords' not in port:
screenwords = utils.screenwords(self.getscreenshot(port))
if screenwords is not None:
port['screenwords'] = screenwords
updated_ports = True
for proto in list(openports):
count = len(openports[proto]["ports"])
openports[proto]["count"] = count
openports["count"] = openports.get("count", 0) + count
if not openports:
openports["count"] = 0
if updated_ports:
update["$set"]["ports"] = doc["ports"]
update["$set"]["openports"] = openports
return update
def process(value):
return None if not value else utils.bin2ip(
utils.decode_hex(value)
)port = [p for p in host.get('ports', [])
if p['port'] == port and p['protocol'] == protocol][0]
except IndexError:
raise KeyError("Port %s/%d does not exist" % (protocol, port))
if 'screenshot' in port and not overwrite:
return
port['screenshot'] = "field"
trim_result = utils.trim_image(data)
if trim_result is False:
# Image no longer exists after trim
return
elif trim_result is not True:
# Image has been trimmed
data = trim_result
port['screendata'] = bson.Binary(data)
screenwords = utils.screenwords(data)
if screenwords is not None:
port['screenwords'] = screenwords
self.db[
self.colname_oldhosts if archive else self.colname_hosts
].update({"_id": host['_id']}, {"$set": {'ports': host['ports']}})def ip2internal(addr):
# required for use with ivre.db.sql.tables.DefaultINET() (see
# .bind_processor()). Backends using variants must implement
# their own methods.
if not addr:
return b""
if PY3:
return utils.ip2bin(addr)
if isinstance(addr, str) and INTERNAL_IP_PY2.search(addr):
return addr
return utils.encode_hex(utils.ip2bin(addr))def gunzip(fname, clean=True):
if not fname.endswith('.gz'):
raise Exception('filename should end with ".gz"')
with utils.open_file(os.path.join(config.GEOIP_PATH, fname)) as inp:
with open(os.path.join(config.GEOIP_PATH, fname[:-3]), "wb") as outp:
outp.write(inp.read())
if clean:
os.unlink(os.path.join(config.GEOIP_PATH, fname))def __init__(self, net, **kargs):
if 'categories' not in kargs or kargs['categories'] is None:
kargs['categories'] = ['NET-' + net.replace('/', '_')]
TargetRange.__init__(self, *utils.net2range(net), **kargs)self._curtable = {}
return
if self._curscript['id'] in SCREENSHOTS_SCRIPTS:
fname = SCREENSHOTS_SCRIPTS[self._curscript['id']](
self._curscript
)
if fname is not None:
exceptions = []
for full_fname in [fname,
os.path.join(
os.path.dirname(self._fname),
fname)]:
try:
with open(full_fname, 'rb') as fdesc:
data = fdesc.read()
trim_result = utils.trim_image(data)
if trim_result:
# When trim_result is False, the image no
# longer exists after trim
if trim_result is not True:
# Image has been trimmed
data = trim_result
current['screenshot'] = "field"
current['screendata'] = self._to_binary(
data
)
screenwords = utils.screenwords(data)
if screenwords is not None:
current['screenwords'] = screenwords
except Exception:
exceptions.append((sys.exc_info(), full_fname))
else:def main():
"""Update the flow database from ARP requests in PCAP files"""
parser, use_argparse = utils.create_argparser(__doc__, extraargs="files")
if use_argparse:
parser.add_argument("files", nargs='*', metavar='FILE',
help="PCAP files")
parser.add_argument("-v", "--verbose", help="verbose mode",
action="store_true")
args = parser.parse_args()
if args.verbose:
config.DEBUG = True
bulk = db.flow.start_bulk_insert()
query_cache = db.flow.add_flow(["Flow"], ('proto',))
for fname in args.files:
for pkt in reader(fname):
rec = {"dst": pkt.pdst, "src": pkt.psrc,
"start_time": datetime.fromtimestamp(pkt.time),
Popular ivre functions
- ivre.config
- ivre.db.db
- ivre.db.db.nmap
- ivre.db.db.nmap.count
- ivre.db.db.nmap.get
- ivre.db.db.passive
- ivre.db.db.passive.get
- ivre.db.sql.__init__.PassiveFilter
- ivre.utils
- ivre.utils.all2datetime
- ivre.utils.datetime2timestamp
- ivre.utils.encode_b64
- ivre.utils.force_int2ip
- ivre.utils.int2ip
- ivre.utils.ip2int
- ivre.utils.LOGGER
- ivre.utils.LOGGER.debug
- ivre.utils.LOGGER.warning
- ivre.utils.str2regexp
- ivre.xmlnmap