IVRE v0.9.13 release

IVRE version 0.9.13 has been released, and is available on Github, PyPI and AUR.

Changelog

The most notable changes since version 0.9.12 include:

  • Support for JA3 fingerprints and User-Agent values in view (Vincent Ruello)
  • IPv6 support:
    • in utils.get_addr_type() (Vivien Venuti)
    • DNS (AAAA) answers in passive (Angélique Baille)
  • Support DNS blacklist answers in passive (Marion Lafon)
  • Support SMB & NTLM output from Masscan in nmap
  • Add .features() API to feed machine learning algorithms (blog post coming as soon as possible)
  • Add ivre ipcalc tool (Vivien Venuti)
  • Support --gnmap CLI output for nmap and view
  • Improve tests coverage (Vivien Venuti)
  • Support --explain for PostgreSQL (Vivien Venuti)
  • Early implementation of HttpDB backend (to use another IVRE HTTP service as a pseudo-database)
  • Drop SQL* with Python 2.6: sqlalchemy versions working with Python 2.6 are vulnerable to CVE-2019-7164.
  • Many bugfixes & tiny improvements (Vincent Ruello, Vivien Venuti, Angélique Baille, Marion Lafon, Cyrille Franchet, Paul Martinez)

IPv6 support

IPv6 support is really important but (as far as I can tell) is far from getting enough real life tests. If you have IPv6 networks with traffic, please help us and report any bug!

Documentation

A comprehensive (re)write of the documentation is on its way, so please let us know (for example, opening an issue, using the “doc” label).