Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 36d7748
Showing
101 changed files
with
55,566 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
# file GENERATED by distutils, do NOT edit | ||
setup.py | ||
bin/attackkeys | ||
bin/checkknownkeys | ||
bin/detectdupkeys | ||
bin/getmoduli | ||
bin/ipdata | ||
bin/ipinfo | ||
bin/ipinfohost | ||
bin/httpd-ivre | ||
bin/nmap2db | ||
bin/p0f2db | ||
bin/passiverecon2db | ||
bin/passivereconworker | ||
bin/plotdb | ||
bin/runscans | ||
bin/runscans-agent | ||
bin/scancli | ||
bin/scanstatus | ||
doc/AGENT.md | ||
doc/DOCKER.md | ||
doc/FAST-INSTALL-AND-FIRST-RUN.md | ||
doc/INSTALL.md | ||
doc/LICENSE-EXTERNAL.md | ||
doc/LICENSE.md | ||
doc/README.md | ||
doc/WEBUI.md | ||
docker/agent/Dockerfile | ||
docker/base/Dockerfile | ||
docker/base/ivre.conf | ||
docker/client/Dockerfile | ||
docker/db/Dockerfile | ||
docker/web/Dockerfile | ||
docker/web/doku-conf-acl.auth.php | ||
docker/web/doku-conf-plugins.local.php | ||
docker/web/doku-conf-local.php | ||
docker/web/doku-conf-users.auth.php | ||
docker/web/nginx-default-site | ||
honeyd/sshd | ||
ivre/__init__.py | ||
ivre/config.py | ||
ivre/db.py | ||
ivre/geoiputils.py | ||
ivre/graphroute.py | ||
ivre/keys.py | ||
ivre/mathutils.py | ||
ivre/nmapopt.py | ||
ivre/scanengine.py | ||
ivre/target.py | ||
ivre/utils.py | ||
ivre/xmlnmap.py | ||
passiverecon/passiverecon.bro | ||
passiverecon/passiverecon2db-ignore.example | ||
web/cgi-bin/scanjson.py | ||
web/cgi-bin/scanjsonconfig-sample.py | ||
web/dokuwiki/backlinks.patch | ||
web/dokuwiki/doc/agent.txt | ||
web/dokuwiki/doc/docker.txt | ||
web/dokuwiki/doc/fast-install-and-first-run.txt | ||
web/dokuwiki/doc/install.txt | ||
web/dokuwiki/doc/license-external.txt | ||
web/dokuwiki/doc/license.txt | ||
web/dokuwiki/doc/readme.txt | ||
web/dokuwiki/doc/webui.txt | ||
web/dokuwiki/media/logo.png | ||
web/static/config-sample.js | ||
web/static/favicon-loading.gif | ||
web/static/favicon.png | ||
web/static/index.html | ||
web/static/ivre.css | ||
web/static/ivre.js | ||
web/static/loading.gif | ||
web/static/logo.png | ||
web/static/world-110m.json | ||
web/static/templates/filters.html | ||
web/static/templates/menu.html | ||
web/static/templates/progressbar.html | ||
web/static/templates/subview-host-summary.html | ||
web/static/templates/subview-port-summary.html | ||
web/static/templates/subview-service-summary.html | ||
web/static/templates/view-hosts.html | ||
web/static/templates/view-scripts-only.html | ||
web/static/an/js/angular.js | ||
web/static/bs/css/bootstrap-responsive.css | ||
web/static/bs/css/bootstrap.css | ||
web/static/bs/img/glyphicons-halflings-white.png | ||
web/static/bs/img/glyphicons-halflings.png | ||
web/static/bs/js/bootstrap.js | ||
web/static/d3/js/d3.v3.min.js | ||
web/static/d3/js/topojson.v1.min.js | ||
web/static/jq/jquery.js |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
This file is part of IVRE. | ||
|
||
Copyright 2011 - 2014 [Pierre LALET](mailto:pierre.lalet@cea.fr) | ||
|
||
# What is it? # | ||
|
||
IVRE (Instrument de veille sur les réseaux extérieurs) or DRUNK | ||
(Dynamic Recon of UNKnown networks) is a network recon framework, | ||
including two modules for passive recon (one p0f-base and one | ||
bro-based) and one module for active recon (mostly nmap-based, with a | ||
bit of zmap). | ||
|
||
The advertising slogans are: | ||
|
||
- (in French): IVRE, il scanne Internet. | ||
- (in English): Know the networks, get DRUNK! | ||
|
||
The names IVRE and DRUNK have been chosen as a tribute to "Le | ||
Taullier". | ||
|
||
# Documentation # | ||
|
||
See [doc/README](doc/README.md) (and `doc/*` files) for more | ||
information. | ||
|
||
On a server with the IVRE web server properly installed with a | ||
Dokuwiki notepad, the `doc/*` files are available under the `doc:` | ||
namespace (e.g., `doc:readme` for the [doc/README](doc/README.md) | ||
file). | ||
|
||
On a client with IVRE installed, you can use a `--help` option with | ||
most IVRE CLI tools, and use `help(ivre.module)` with most IVRE Python | ||
sub-modules. | ||
|
||
# License # | ||
|
||
IVRE is free software: you can redistribute it and/or modify | ||
it under the terms of the GNU General Public License as published by | ||
the Free Software Foundation, either version 3 of the License, or | ||
(at your option) any later version. | ||
|
||
IVRE is distributed in the hope that it will be useful, | ||
but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
GNU General Public License for more details. | ||
|
||
You should have received a copy of the GNU General Public License | ||
[along with IVRE](doc/LICENSE.md). If not, see [the gnu.org web | ||
site](http://www.gnu.org/licenses/). | ||
|
||
# Support # | ||
|
||
Try `--help` for the CLI tools, `help()` under Python and the "HELP" | ||
button in the web interface. | ||
|
||
Feel free to contact the author and offer him a beer if you need help! | ||
|
||
If you don't like beer, a good scotch or any other good alcoholic | ||
beverage will do (it is the author's unalienable right to decide | ||
whether a beverage is good or not). | ||
|
||
# Contributing # | ||
|
||
Code contributions (pull-requests) are of course welcome! | ||
|
||
The project needs scan results and capture files that can be provided | ||
as examples. If you can contribute some samples, or if you want to | ||
contribute some samples and would need some help to do so, or if you | ||
can provide a server to run scans, please contact the author. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
#! /bin/sh | ||
|
||
# This file is part of IVRE. | ||
# Copyright 2011 - 2014 Pierre LALET <pierre.lalet@cea.fr> | ||
# | ||
# IVRE is free software: you can redistribute it and/or modify it | ||
# under the terms of the GNU General Public License as published by | ||
# the Free Software Foundation, either version 3 of the License, or | ||
# (at your option) any later version. | ||
# | ||
# IVRE is distributed in the hope that it will be useful, but WITHOUT | ||
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | ||
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public | ||
# License for more details. | ||
# | ||
# You should have received a copy of the GNU General Public License | ||
# along with IVRE. If not, see <http://www.gnu.org/licenses/>. | ||
|
||
NMAPOPTS="-vv -A --host-timeout 15m" | ||
SLEEP="sleep 2" | ||
THREADS=10 | ||
STOREDOWN="true" | ||
|
||
INDIR=./input/ | ||
CURDIR=./cur/ | ||
OUTDIR=./output/ | ||
|
||
if [ "$TERM" != "screen" ] ; then | ||
screen "$0" $@ | ||
exit 0 | ||
fi | ||
|
||
mkdir -p "$INDIR" "$CURDIR" "$OUTDIR" | ||
|
||
if [ -z "$INTHREAD" ] ; then | ||
screen -X setenv INTHREAD 1 | ||
for i in `seq $THREADS` ; do | ||
screen "$0" $@ | ||
done | ||
exit 0 | ||
fi | ||
|
||
while true ; do | ||
[ -f "want_down" ] && break | ||
fname=`ls -rt "$INDIR" | head -1` | ||
if [ -z "$fname" ] ; then | ||
$SLEEP | ||
continue | ||
fi | ||
if ! mv "$INDIR/$fname" "$CURDIR/" ; then | ||
continue | ||
fi | ||
if ! (nmap $NMAPOPTS -iL "$CURDIR/$fname" -oX "$CURDIR/$fname.xml") ; then | ||
rm -f "$CURDIR/$fname.xml" | ||
mv "$CURDIR/$fname" "$INDIR/" | ||
$SLEEP | ||
else | ||
if [ "$STOREDOWN" = "false" ] && | ||
grep -q -F '<status state="down"' "$CURDIR/$fname.xml" ; then | ||
rm -f "$CURDIR/$fname.xml" "$CURDIR/$fname" | ||
else | ||
mv "$CURDIR/$fname.xml" "$OUTDIR" | ||
rm -f "$CURDIR/$fname" | ||
fi | ||
fi | ||
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
#! /bin/sh | ||
|
||
# This file is part of IVRE. | ||
# Copyright 2011 - 2014 Pierre LALET <pierre.lalet@cea.fr> | ||
# | ||
# IVRE is free software: you can redistribute it and/or modify it | ||
# under the terms of the GNU General Public License as published by | ||
# the Free Software Foundation, either version 3 of the License, or | ||
# (at your option) any later version. | ||
# | ||
# IVRE is distributed in the hope that it will be useful, but WITHOUT | ||
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | ||
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public | ||
# License for more details. | ||
# | ||
# You should have received a copy of the GNU General Public License | ||
# along with IVRE. If not, see <http://www.gnu.org/licenses/>. | ||
|
||
|
||
# This is an equivalent of runscans-agent (the --sync part only) that | ||
# can do not need python. | ||
|
||
RSYNC="rsync" | ||
# Uncomment the following line to use TOR | ||
#RSYNC="torify rsync" | ||
|
||
MAINDIR="./agentsdata" | ||
|
||
# [user@]host:path [[user@]host:path [...]] | ||
AGENTS="user@host:path" | ||
|
||
SLEEP="2" | ||
|
||
function agent_path () { | ||
echo "${MAINDIR}/$(echo $1 | tr ':@' '__')" | ||
} | ||
|
||
# make directories | ||
for a in $AGENTS ; do | ||
for d in input remoteinput remotecur remoteoutput ; do | ||
echo -p "$(agent_path $a)/${d}/" | ||
done | ||
done | ||
|
||
# sync loop | ||
while true ; do | ||
for a in $AGENTS ; do | ||
${RSYNC} -a "$(agent_path $a)/input/" "$(agent_path $a)/remoteinput/" | ||
${RSYNC} --remove-source-files "$(agent_path $a)/input/" "${a}/input/" | ||
${RSYNC} --delete "${a}/input/" "$(agent_path $a)/remoteinput/" | ||
${RSYNC} --delete "${a}/cur/" "$(agent_path $a)/remotecur/" | ||
${RSYNC} --remove-source-files "${a}/output/" "$(agent_path $a)/remoteoutput/" | ||
done | ||
sleep ${SLEEP} | ||
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
#! /usr/bin/env python | ||
|
||
# This file is part of IVRE. | ||
# Copyright 2011 - 2014 Pierre LALET <pierre.lalet@cea.fr> | ||
# | ||
# IVRE is free software: you can redistribute it and/or modify it | ||
# under the terms of the GNU General Public License as published by | ||
# the Free Software Foundation, either version 3 of the License, or | ||
# (at your option) any later version. | ||
# | ||
# IVRE is distributed in the hope that it will be useful, but WITHOUT | ||
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | ||
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public | ||
# License for more details. | ||
# | ||
# You should have received a copy of the GNU General Public License | ||
# along with IVRE. If not, see <http://www.gnu.org/licenses/>. | ||
|
||
"""This tool is based on the paper "Mining your Ps and Qs: Detection | ||
of Widespread Weak Keys in Network Devices" | ||
(https://factorable.net/paper.html). It is *really* slow. You should | ||
probably consider to use the tool getmoduli to extract the moduli from | ||
the databases and then use the tool fastgcd (available here: | ||
https://factorable.net/resources.html). | ||
""" | ||
|
||
import ivre.keys | ||
import ivre.db | ||
from Crypto.Util.number import GCD | ||
import datetime | ||
import sys | ||
|
||
|
||
def check_keys(k, keys): | ||
"""Checks whether the modulus of the new RSA key k has a one common | ||
factor with one of the other keys. | ||
""" | ||
res = False | ||
for kk in keys: | ||
g = GCD(k, kk) | ||
if g != 1 and g != k: | ||
print g, k, kk | ||
sys.stdout.flush() | ||
res = True | ||
if (len(keys) + 1) % 100 == 0: | ||
print "%d unique keys handled in %d seconds" % ( | ||
len(keys) + 1, | ||
int(datetime.datetime.now().strftime('%s')) - starttime, | ||
) | ||
sys.stdout.flush() | ||
return res | ||
|
||
|
||
def init(): | ||
"Initialize global variables." | ||
global starttime | ||
starttime = int(datetime.datetime.now().strftime('%s')) | ||
|
||
|
||
def test_keys(): | ||
"Run the test with all the SSH and SSL keys we have in our database." | ||
keys = {} | ||
allkeys = [ivre.keys.SSHRSAKey(), ivre.keys.SSLRSAKey(), | ||
ivre.keys.PassiveSSLRSAKey()] | ||
for a in allkeys: | ||
for k in a.get_keys(): | ||
if 'modulus' in k: | ||
kk = k['modulus'] | ||
if kk in keys: | ||
kkk = keys[kk] | ||
if (k['host'], k['port']) not in kkk: | ||
asnum = ivre.db.db.data.get(k['host']) | ||
if asnum is not None and 'as_num' in asnum: | ||
asnum = asnum['as_num'] | ||
else: | ||
asnum = -1 | ||
kkk.add((asnum, k['host'], k['port'])) | ||
keys[kk] = kkk | ||
continue | ||
if check_keys(kk, keys): | ||
print k | ||
sys.stdout.flush() | ||
keys[kk] = set([(k['host'], k['port'])]) | ||
else: | ||
print "BUG ?", k | ||
print "%d unique keys handled in %d seconds" % ( | ||
len(keys), | ||
int(datetime.datetime.now().strftime('%s')) - starttime, | ||
) | ||
for k in keys: | ||
if len(keys[k]) != 1: | ||
print hex(k), len(keys[k]), keys[k] | ||
|
||
if __name__ == '__main__': | ||
init() | ||
test_keys() |
Oops, something went wrong.