Skip to content
Network recon framework.
Python HTML JavaScript CSS Zeek Lua Other
Branch: master
Clone or download

Latest commit

p-l- Merge pull request #946 from p-l-/tiny-fixes
Tiny fix & improvement
Latest commit 2b00b83 May 29, 2020


Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Drop p0f and Bro < 3 support May 18, 2020
.travis Use repository May 18, 2020
bash_completion [bash completion] Fix choices for short options Jun 26, 2017
bin CLI: catch broken pipe errors Apr 28, 2020
data Fix empty directories creation on pip install Apr 26, 2018
doc Tiny doc fixes May 18, 2020
docker Drop p0f and Bro < 3 support May 18, 2020
ivre Tiny fixes & improvements May 29, 2020
nmap_scripts Fix X11 screenshot script Mar 23, 2020
pkg Improve x509 certificates handling May 18, 2020
tests Tests/Elastic: update schema before using the data May 25, 2020
web X509: use distinct records for CA chains May 19, 2020
zeek Nmap & view: add HASSH support May 25, 2020
.codeclimate.yml CodeClimate: enable Python checks Nov 29, 2015
.codecov.yml Tests/Coverage: fix codecov ignore Feb 23, 2017
.gitattributes Clean support for versions Jan 25, 2017
.gitignore Add missing doc files Jul 5, 2019
.travis.yml Tests: move results back in this repository May 19, 2020
LICENSE Add a license file and an issue template Jun 16, 2017
MANIFEST Passive: introduce support for HASSH May 24, 2020 Drop p0f and Bro < 3 support May 18, 2020
requirements-doc.txt Doc: fix builds Jul 7, 2019
requirements-elastic.txt Drop pycrypto for cryptography (needed by pyOpenSSL) Apr 15, 2020
requirements-maxmind.txt Drop pycrypto for cryptography (needed by pyOpenSSL) Apr 15, 2020
requirements-mongo.txt Drop pycrypto for cryptography (needed by pyOpenSSL) Apr 15, 2020
requirements-postgres.txt Drop pycrypto for cryptography (needed by pyOpenSSL) Apr 15, 2020
requirements-sqlite.txt Drop pycrypto for cryptography (needed by pyOpenSSL) Apr 15, 2020
requirements-tinydb-27.txt Drop pycrypto for cryptography (needed by pyOpenSSL) Apr 15, 2020
requirements-tinydb.txt DB/TinyDB: support TinyDB v4 May 9, 2020
requirements.txt Drop pycrypto for cryptography (needed by pyOpenSSL) Apr 15, 2020
setup.cfg Clean support for versions Jan 25, 2017 Passive: introduce support for HASSH May 24, 2020

Build Status Documentation Status Codacy Badge Join the chat at Gitter Follow on Twitter


Logo IVRE (Instrument de veille sur les réseaux extérieurs) or DRUNK (Dynamic Recon of UNKnown networks) is a network recon framework, including tools for passive recon (flow analytics relying on Zeek, Argus, Nfdump, and active recon (IVRE uses Nmap to run scans; IVRE can also import XML output from Nmap and Masscan), and JSON output from ZGrab2 and ZDNS.

The advertising slogans are:

  • (in French): IVRE, il scanne Internet.
  • (in English): Know the networks, get DRUNK!

The names IVRE and DRUNK have been chosen as a tribute to "Le Taullier".


You can have a look at the project homepage, the screenshot gallery, and the quick video introduction for an overview of the Web interface.

We have a demonstration instance, just contact us to get an access.

A few blog posts have been written to show some features of IVRE.


IVRE's documentation is hosted by Read The Docs, based on files from the doc/ directory of the repository.

On an IVRE web server, the doc/* files are available, rendered, under /doc/.

On a system with IVRE installed, you can use a --help option with most IVRE CLI tools, and help(ivre.module) with most IVRE Python sub-modules.


IVRE is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

IVRE is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with IVRE. If not, see the web site.


Try --help for the CLI tools, help() under Python and the "HELP" button in the web interface.

Have a look at the FAQ!

Feel free to contact the author and offer him a beer if you need help!

If you don't like beer, a good scotch or any other good alcoholic beverage will do (it is the author's unalienable right to decide whether a beverage is good or not).


Code contributions (pull-requests) are of course welcome!

The project needs scan results and capture files that can be provided as examples. If you can contribute some samples, or if you want to contribute some samples and would need some help to do so, or if you can provide a server to run scans, please contact the author.


For both support and contribution, the repository on Github should be used: feel free to create a new issue or a pull request!

You can also join the Gitter conversation (that is the preferred way to get in touch for questions), or use the e-mail dev on the domain

Talking about IVRE


If you are using IVRE in you research, please cite it as follows:

Pierre Lalet, Florent Monjalet, Camille Mougey, Vincent Ruello and Vivien Venuti. IVRE, a network recon framework., 2011-2020.

Here is the appropriate bibtex entry:

    title = {{IVRE}, a network recon framework},
    author={Lalet, Pierre and Monjalet, Florent and Mougey, Camille and Ruello, Vincent and Venuti, Viven},
    url = {},
    howpublished = {\url{}},
    institution = {{CEA}: the French Alternative Energies and Atomic Energy Commission},
    year = {2011--2020},

Technical documents & blog posts

You can mention "IVRE, a network recon framework", together with the project homepage, and/or the repository,

On twitter, you can follow and/or mention @IvreRocks.

You can’t perform that action at this time.