IVRE – Network Recon Framework

IVRE (Instrument de veille sur les réseaux extérieurs) or DRUNK (Dynamic Recon of UNKnown networks) is a network recon framework, including tools for passive recon (flow analytics relying on Bro, Argus, Nfdump, fingerprint analytics based on Bro and p0f and active recon (IVRE uses Nmap to run scans, can use ZMap as a pre-scanner; IVRE can also import XML output from Nmap and Masscan).

IVRE - Network Recon Framework
IVRE – Network Recon Framework

Currently the framework support the following features:

  • Scan & sniff – Nmap and Masscan included to run scan during penetration testing against subnet , whole country or a specific range of IP addresses. It can use Zmap for a fast pre-scan, and collect info from network traffic (passively) using Bro, Argus, Nfdump & p0f.
  • Browser – Use the CLI tools, the Python API or the Web interface to browse the results. Filter, look for specific services or vulnerable versions, within a specific country or network, quickly access to previous results for a specific host, etc.
  • Analyze – Make the best of your scan results to identify similar hosts and corner-cases. Look for most (and least) common ports, services or products, and get a quick overview of the address space with the “heatmap”
  • Flow analysis – IVRE comes with a handy interface to browse network flows.
  • Count open ports and top ports open on a remote service detected

You can read more and download this framework over here: https://ivre.rocks/

Notify of
Inline Feedbacks
View all comments