测试机配置:
CPU:Intel至强E5400系列CPU*2
内存:16G 1333MHz
硬盘:50GB
通过docker装好的IVRE是没有数据的,本文是导入一些扫描数据使IVRE看起来更好一点。
Nmap & ZMap & Bro & p0f & Tesseract & Vagrant
安装Docker
sudo apt-get update
sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
sudo apt-get update
sudo apt-get install docker-ce
docker -v
安装Vagrant
wget https://releases.hashicorp.com/vagrant/1.7.4/vagrant_1.7.4_x86_64.deb
dpkg -i vagrant_1.7.4_x86_64.deb
安装IVRE
git clone https://github.com/cea-sec/ivre.git
cd ivre/
mkdir -m 1777 var_lib_mongodb var_log_mongodb ivre-share
wget -q https://ivre.rocks/Vagrantfile
vagrant up --no-parallel
docker attach ivreclient
进行数据库的初始化
ivre ipinfo --init
This will remove any passive information in your database. Process ? [y/N] y
ivre ipdata --init
This will remove any country/AS information in your database. Process ? [y/N] y
ivre scancli --init
This will remove any scan result in your database. Process ? [y/N] y
ivre runscansagentdb --init
This will remove any agent and/or scan in your database and files. Process ? [y/N] y
ivre ipdata --download --import-all --no-update-passive-db
扫描结果为0时 手动执行
ivre runscans --routable --limit 1000 --output=XMLFork
ivre nmap2db -c ROUTABLE-CAMPAIGN-001 -s MySource -r scans/ROUTABLE/up
首先开启ivre/db:
sudo docker start ivredb
然后开启ivre/web:
sudo docker start ivreweb
最后开启ivre/client:
sudo docker start ivreclient
然后通过attach命令进入ivreclient
sudo docker attach ivreclient
docker容器开启完毕。你可以在ivre/client中进行扫描~~~~
扫描任务
执行命令:
runscans --routable --limit 1000 --output=XMLFork
上面这条命令将对互联网上1000个随机主机进行标准扫描,开启13个nmap进程。
扫描结果入库
nmap2db -c ROUTABLE-CAMPAIGN-001 -s MySource -r scans/ROUTABLE/up