IVRE

🎉 New feature in IVRE: 🌐 RIR (regional Internet registry) lookup. >_ CLI & 🐍 Python only for now, still a bit experimental 🚧. Download and locally query data from RIR (think "local whois for IP addresses, that you can reverse query"). Get the dev version from Github or Docker

🎄 Jour 5 du Calendrier de l'Avent des 🐻 IVRE : un framework Open Source pour la reconnaissance réseau. Il s'appuie sur des outils reconnus (Nmap, Masscan, ZGrab2, ZDNS et Zeek) pour collecter des données, les stocke dans une base de données et fournit des outils pour les analyser.

🚨 IVRE now supports Citrix NetScaler Triage! CVE-2025-7775 (RCE, CVSS 9.2) is being exploited in the wild. It's time to monitor those instances. OSS to the rescue! 🛡️ github.com/ivre/ivre/pull… #CyberSecurity #CVE20257775 #NetScaler #Infosec

If you're looking for a way to find Ivanti gateways (for CVE-2025-0282... or to be ready for the next ones), and have collected the HTTP headers on a GET / (via @nmap http-headers script, or any other supported tool) you can use this filter : httphdr:location:/^\/dana-na\//

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, build your taylor-made EASM tool github.com/ivre/ivre

Current status: I've made a ton of changes to masscan's --banners option, and integrated a bunch of changes from others, primarily @ivrerocks. I'd be interested in any bug reports if you want to test them out.

Amen to that!

Respectfully disagree.

@snovvcrash Hey! Thanks for the kind words! However please note that some of the patches included in the fork won't be useful unless you import the results in IVRE, as it is the intent of this repository.

(1/2) FYI, #masscan users. The original masscan does NOT include the ‘TCP options’ field with MSS value which is required for some hosts to reply to the packet. The fork by @IvreRocks features the --tcpmss switch that includes the mentioned field for your better scope coverage ⤵️

🥳 We're pleased to announce the first group of winners for the 2023 Google Open Source Peer Bonus Program! This cycle received a record-breaking 255 nominations. Huge congratulations to the 203 winners. See the winners → goo.gle/45vnbZ6

HackerNews: "Researchers uncover new BGP flaw in popular routing software" One way to help prevent these kind of denial-of-service exploits is to make sure your perimeter is secure to trusted sources. I built a tool to perform such perimeter scanning here kaonbytes.com/p/perimeter-sc…

Is Docker saying that the OSS openfaas organisation on Docker Hub will get deleted if we don't sign up for a paid plan? What about Prometheus, and all the other numerous OSS orgs on the Docker Hub? cc @justincormack

If you use @obsdmd for your #pentest / #redteam or #threatintel notes, you might be interested in the IVRE community plugin for #Obsidian, that uses data from IVRE to enrich your notes. Get it from Obsidian (in community plugins, look for "ivre") or see github.com/ivre/obsidian-…

IVRE v0.9.19 has just been released! See below for the main changes

Thanks to Tesseract OCR, IVRE has been doing this for almost 8 years now! And thanks to MongoDB, you can use the extracted text in your queries efficiently. That's how powerful and magic opensource can be! #OSS

@nullt3r @nullenc0de I'm only here to help you analyse the results.

@nullt3r @nullenc0de I ingest output from other tools, including httpx, tldx & nuclei.

I have to make about ~5 billion http requests. What's the fastest way to do that? Looking for easier solutions than Axiom.

@nullenc0de @nullt3r For non-TLS HTTP requests, Masscan will do that within the SYN scan when using --banners

@nullt3r How did you do it? Just throw tons of computing at it?

@nullt3r @nullenc0de Next time, give IVRE a try for the analysis!

@nullenc0de I used Masscan to scan for open ports and httpx (projectdiscovery) to do the dirty work (get TLS info, headers, body etc.). After that I used clickhouse for result analysis (I could directly import the JSONL from httpx) - about 10 GB of data. 10 servers.

Due to recent events, some Kali Linux tool creators now have Mastodon accounts @epi@infosec.exchange (@epi052) @ivre@infosec.exchange (@IvreRocks) @seemoo@infosec.exchange (@seemoolab) @r00t0v3rr1d3@infosec.exchange (@r00t0v3rr1d3) @droe@infosec.exchange (@droethlisberger) ⬇️🧵