IVRE扫描并导入数据

IVRE扫描并导入数据

通过docker装好的IVRE是没有数据的，本文是导入一些扫描数据使IVRE看起来更好一点。对于IVRE，我也是刚开始折腾，可能折腾的并不深，这里只是记录我的一些感想和收获，如有问题或是错误，请大家及时指出，小弟将不胜感激。

上一篇文章并没有介绍IVRE，其实IVRE是一个python缩写的开源框架，官网iv.re上有介绍。

有关IVRE的中文文档并不多，小弟主要是从它的doc中查找的IVRE的具体用法，在IVRE的GitHub上有doc的文件夹，文件夹中有使用方法。

GitHub地址：https://github.com/cea-sec/ivre

文档截图



在这里，我只给出几条比较重要的命令，其他的命令请自行查看文档

通过attach命令进入ivreclient

$ docker attach ivreclient

运行如下初始化命令，下面这些命令是从官方doc中粘出来的

root@ivreclient:/# ipinfo --init
This will remove any passive information in your database. Process ? [y/N] y
root@ivreclient:/# ipdata --init
This will remove any country/AS information in your database. Process ? [y/N] y
root@ivreclient:/# scancli --init
This will remove any scan result in your database. Process ? [y/N] y
root@ivreclient:/# runscans-agentdb --init
This will remove any agent and/or scan in your database and files. Process ? [y/N] y
root@ivreclient:/# ipdata --download --import-all --dont-feed-ipdata-cols
[...]

The latest command will take a long time. Then we can integrate the
Nmap results to the database:

root@ivreclient:/# nmap2db -r -s MySource -c MyCategory /ivre-share

You can then exit the shell (`C-d`), this will stop the
container.

但是我这里nmap2db命令后显示导入0条记录，也不知道为什么，如果有大哥成功导入还请留言给小弟，小弟不胜感激——

那么下载的导不进去的话，就自己扫一些导进去吧，文档提供了方法

The easiest way is to install IVRE on the "scanning" machine and run:

# runscans --routable --limit 1000 --output=XMLFork

This will run a standard scan against 1000 random hosts on the
Internet by running 30 nmap processes in parallel. See the output of
`runscans --help` if you want to do something else.

When it's over, to import the results in the database, run:

$ nmap2db -c ROUTABLE-CAMPAIGN-001 -s MySource -r scans/ROUTABLE/up

Here, `ROUTABLE-CAMPAIGN-001` is a category (just an arbitrary name
that you will use later to filter scan results) and `MySource` is a
friendly name for your scanning machine (same here, an arbitrary name
usable to filter scan results; by default, when you insert a scan
result, if you already have a scan result for the same host address
with the same source, the previous result is moved to an "archive"
collection (fewer indexes) and the new result is inserted in the
database).

There is an alternative to installing IVRE on the scanning machine
that allows to use several agents from one master. See the
[AGENT](AGENT.md) file, the program `runscans-agent` for the master
and the `agent/` directory in the source tree.

文档说了好多，其实就两句命令

# runscans --routable --limit 1000 --output=XMLFork
$ nmap2db -c ROUTABLE-CAMPAIGN-001 -s MySource -r scans/ROUTABLE/up

第一句命令是进行扫描，使用nmap随机扫描1000个主机，并将结果存成XMLFork格式，

第二句是将扫描结果存到数据库里

具体的参数是什么意思，请–help查看，这里就不解释了。

附一张有数据的IVRE截图