Welcome to IVRE’s documentation!¶
IVRE (French: Instrument de veille sur les réseaux extérieurs) or DRUNK (Dynamic Recon of UNKnown networks) is an open-source framework for network recon, written in Python. It relies on powerful open-source tools to gather intelligence from the network, actively or passively.
It aims at leveraging network captures and scans to let you understand how a network works. It is useful for pentests & red-teaming, incident response, monitoring, etc.
- Web site: https://ivre.rocks/
- Twitter: @IvreRocks
- Mastodon: @email@example.com
- Github: ivre/ivre
IVRE can aggregate scan results as well as intelligence from network captures. It accepts results from several tools:
Active recon (network scanners):
Tools from the ZMap project:
Tools from the Project Discovery:
Passive recon (from network traffic and/or captures):
- Zeek (formerly known as Bro)
IVRE can prove useful in several different scenarios (you may want to have a look at the Screenshots gallery). Here are some examples:
Create your own Shodan-like service, using Nmap and/or Masscan and/or Zmap / Zgrab / Zgrab2, against the whole Internet or your own networks, (private or not).
Store each X509 certificate seen in SSL/TLS connections, SSH public keys and algorithms, DNS answers, HTTP headers (
User-Agent, etc.), and more… This can be useful to:
- Validate X509 certificates independently from the clients.
- Monitor phishing domains (based on DNS answers, HTTP
Hostheaders, X509 certificates) hit from your corporate network.
- Run your own, private (or not) passive DNS service.
If you want to learn more about the different purposes of IVRE, you should start reading the Principles.
After that, you can start the Installation process.
Once you are ready, dive into the “Usage” section!
Code contributions (pull-requests) are of course welcome!
The project needs scan results and capture files that can be provided as examples. If you can contribute some samples, or if you want to contribute some samples and would need some help to do so, or if you can provide a server to run scans, please contact the author.
For both support and contribution, the repository on Github should be used: feel free to create a new issue or a pull request!
You can also join the Gitter conversation (that is the preferred way to get in
touch for questions), or use the e-mail
dev on the domain
On Twitter, you can follow and/or mention @IvreRocks.
On Mastodon, you can follow and/or mention @firstname.lastname@example.org.
- Screenshots gallery
- Installation guidelines
- Fast install & first run
- Some use cases
- Active recon
- Web User Interface
- IVRE with Kibana