IVRE! Drunk Frenchman Port Scanner Framework!

You may have visit SHODAN (The IoT search engine) or ZoomEye (World Wide Port Search Engine). The systems are very useful to have a good view of world! 🙂

But they have restriction for seeing results. For example SHODAN lets for unregistered users to view just 1 page (10 results). If you registered, the limitation is 5 pages. But again restriction!

So what to do?

You can view a good article about these type of engines in this link.

But IVRE, the drunk frenchman

IVRE is a python based, open source search engine for ports. But it is just an interface. The main power resists in NMAP. IVRE import the results of nmap and have a good interface.

How to install it?

You may visit the main tutorial provided by IVRE to the most updated instructions!

IVRE has three module. Scanner, Web Interface, Database server. In its very fast and quick guide, it is suggested to install all of them in one machine.

I follow the instructions in this link on a Ubuntu 16.04 virtual machine.

Firstly  install dependencies:

sudo apt-get -y install mongodb python-pymongo python-crypto apache2 dokuwiki

But a small exception is in the above code -> they may forgot to add libapache2-mod-php which is needed to run PHP codes by APACHE2 in dokuwiki. So I add libapache2-mod-php (and also git + nmap) to the packages.

sudo apt-get -y install mongodb python-pymongo python-crypto apache2 dokuwiki libapache2-mod-php git nmap

After that just follow the steps:

$ git clone https://github.com/cea-sec/ivre
$ cd ivre
$ python setup.py build
$ sudo python setup.py install

And configuration of web server:

$ sudo -s
# cd /var/www/html ## or depending on your version /var/www
# rm index.html
# ln -s /usr/local/share/ivre/web/static/* .
# cd /usr/lib/cgi-bin
# ln -s /usr/local/share/ivre/web/cgi-bin/* .
# cd /var/lib/dokuwiki/data/pages
# ln -s /usr/local/share/ivre/dokuwiki/doc
# cd /var/lib/dokuwiki/data/media
# ln -s /usr/local/share/ivre/dokuwiki/media/logo.png
# ln -s /usr/local/share/ivre/dokuwiki/media/doc
# cd /usr/share/dokuwiki
# patch -p0 < /usr/local/share/ivre/dokuwiki/backlinks.patch
# cd /etc/apache2/mods-enabled
# for m in cgi rewrite ; do [ -L $m.load ] || ln -s ../mods-available/$m.load ; done
# cd /usr/local/share/ivre/web/cgi-bin
# sed -i 's/^\(\s*\)#Rewrite/\1Rewrite/' /etc/dokuwiki/apache.conf
# service apache2 reload
# exit

If you want to view the search engine from your local network, you may face the following screen after pressing help.

Just edit /etc/dokuwiki/apache.conf and change the line:

Allow from localhost 127.0.0.1 ::1

to

#Allow from localhost 127.0.0.1 ::1
Allow from all

And Vola!

Database Initialization

And follow the steps from IVRE:

$ ivre scancli --init
This will remove any scan result in your database. Process ? [y/N] y
$ ivre ipinfo --init
This will remove any passive information in your database. Process ? [y/N] y
$ ivre ipdata --init
This will remove any country/AS information in your database. Process ? [y/N] y
$ sudo ivre runscansagentdb --init
This will remove any agent and/or scan in your database and files. Process ? [y/N] y
$ sudo ivre ipdata --download
$ ivre ipdata --import-all --no-update-passive-db

And everything is OK. Just test some random IPs. For example 50 random IPs with 40 nmap processes.

sudo ivre runscans --routable --limit 50 --processes 40

Wait for scan to be finished!

And the result!