Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
126 lines (91 sloc) 3.39 KB

Welcome to IVRE's documentation!

IVRE (French: Instrument de veille sur les réseaux extérieurs) or DRUNK (Dynamic Recon of UNKnown networks) is an open-source framework for network recon, written in Python. It relies on powerful open-source tools to gather intelligence from the network, actively or passively.

It aims at leveraging network captures and scans to let you understand how a network works. It is useful for pentests & red-teaming, incident response, monitoring, etc.


IVRE can aggregate Nmap & Masscan scan results as well as intelligence from network captures using Zeek (formerly known as Bro), Argus and Nfdump


IVRE can prove useful in several different scenarios (you may want to have a look at the :ref:`overview/screenshots:screenshots gallery`). Here are some examples:

  • Create your own Shodan-like service, using Nmap and/or Masscan, against the whole Internet or your own networks, (private or not).

  • Store each X509 certificate seen in SSL/TLS connections, SSH public keys and algorithms, DNS answers, HTTP headers (Server, Host, User-Agent, etc.), and more... This can be useful to:

    • Validate X509 certificates independently from the clients.
    • Monitor phishing domains (based on DNS answers, HTTP Host headers, X509 certificates) hit from your corporate network.
    • Run your own, private (or not) passive DNS service.

Getting started

If You want to learn more about the different purposes of IVRE, you should start reading the :ref:`overview/principles:principles`.

After that, you can start the :ref:`install/index:installation` process.

Once you are ready, dive into the "Usage" section!


Code contributions (pull-requests) are of course welcome!

The project needs scan results and capture files that can be provided as examples. If you can contribute some samples, or if you want to contribute some samples and would need some help to do so, or if you can provide a server to run scans, please contact the author.


For both support and contribution, the repository on Github should be used: feel free to create a new issue or a pull request!

You can also join the Gitter conversation (that is the preferred way to get in touch for questions), or use the e-mail dev on the domain

On Twitter, you can follow and/or mention @IvreRocks.


.. toctree::
   :maxdepth: 3


.. toctree::
   :maxdepth: 3


.. toctree::
   :maxdepth: 3


.. toctree::
   :maxdepth: 3


.. toctree::
   :maxdepth: 1
   :caption: Licenses:


Indices and tables

You can’t perform that action at this time.