IVRE扫描并导入数据
2015-08-09 15:13
323 查看
IVRE扫描并导入数据
通过docker装好的IVRE是没有数据的,本文是导入一些扫描数据使IVRE看起来更好一点。对于IVRE,我也是刚开始折腾,可能折腾的并不深,这里只是记录我的一些感想和收获,如有问题或是错误,请大家及时指出,小弟将不胜感激。上一篇文章并没有介绍IVRE,其实IVRE是一个python缩写的开源框架,官网iv.re上有介绍。
有关IVRE的中文文档并不多,小弟主要是从它的doc中查找的IVRE的具体用法,在IVRE的GitHub上有doc的文件夹,文件夹中有使用方法。
GitHub地址:https://github.com/cea-sec/ivre
文档截图
在这里,我只给出几条比较重要的命令,其他的命令请自行查看文档
通过attach命令进入ivreclient
$ docker attach ivreclient
运行如下初始化命令,下面这些命令是从官方doc中粘出来的
root@ivreclient:/# ipinfo --init This will remove any passive information in your database. Process ? [y/N] y root@ivreclient:/# ipdata --init This will remove any country/AS information in your database. Process ? [y/N] y root@ivreclient:/# scancli --init This will remove any scan result in your database. Process ? [y/N] y root@ivreclient:/# runscans-agentdb --init This will remove any agent and/or scan in your database and files. Process ? [y/N] y root@ivreclient:/# ipdata --download --import-all --dont-feed-ipdata-cols [...] The latest command will take a long time. Then we can integrate the Nmap results to the database: root@ivreclient:/# nmap2db -r -s MySource -c MyCategory /ivre-share You can then exit the shell (`C-d`), this will stop the container.
但是我这里nmap2db命令后显示导入0条记录,也不知道为什么,如果有大哥成功导入还请留言给小弟,小弟不胜感激——
那么下载的导不进去的话,就自己扫一些导进去吧,文档提供了方法
The easiest way is to install IVRE on the "scanning" machine and run: # runscans --routable --limit 1000 --output=XMLFork This will run a standard scan against 1000 random hosts on the Internet by running 30 nmap processes in parallel. See the output of `runscans --help` if you want to do something else. When it's over, to import the results in the database, run: $ nmap2db -c ROUTABLE-CAMPAIGN-001 -s MySource -r scans/ROUTABLE/up Here, `ROUTABLE-CAMPAIGN-001` is a category (just an arbitrary name that you will use later to filter scan results) and `MySource` is a friendly name for your scanning machine (same here, an arbitrary name usable to filter scan results; by default, when you insert a scan result, if you already have a scan result for the same host address with the same source, the previous result is moved to an "archive" collection (fewer indexes) and the new result is inserted in the database). There is an alternative to installing IVRE on the scanning machine that allows to use several agents from one master. See the [AGENT](AGENT.md) file, the program `runscans-agent` for the master and the `agent/` directory in the source tree.
文档说了好多,其实就两句命令
# runscans --routable --limit 1000 --output=XMLFork $ nmap2db -c ROUTABLE-CAMPAIGN-001 -s MySource -r scans/ROUTABLE/up
第一句命令是进行扫描,使用nmap随机扫描1000个主机,并将结果存成XMLFork格式,
第二句是将扫描结果存到数据库里
具体的参数是什么意思,请–help查看,这里就不解释了。
附一张有数据的IVRE截图
相关文章推荐
- Twitter Streaming API的调用
- Chapaev and Potatoes (URAL 1809 暴力)
- ASP.NET MVC5(3)数据从控制器传递给视图
- 完整的动画程序
- Python-Selenium2做Web自动化测试(6)-解决使用Webdrive打开Firefox不含有插件的问题
- nyoj 1234 签到题
- HDU - 4821 (暴力的复杂度计算)
- Detours 库使用(一)
- 1008 素数环问题
- 第一章、操作系统基本简介
- 《Java从入门到精通》第十三章学习笔记
- 20150809
- VC散列表
- 回归测试和冒烟测试的区别
- 基于SSH实现全选删除功能
- Text Justification -- LeetCode
- 第22章 声音与音乐(1)
- HDU 4734
- CSR 8670 开启 GAIA 编译 BLUELIB
- android 日历(1)