IVRE v0.9.13 release

IVRE version 0.9.13 has been released, and is available on Github, PyPI and AUR.

Changelog

The most notable changes since version 0.9.12 include:

  • Support for JA3 fingerprints and User-Agent values in view (Vincent Ruello)

  • IPv6 support:

    • in utils.get_addr_type() (Vivien Venuti)

    • DNS (AAAA) answers in passive (Angélique Baille)

  • Support DNS blacklist answers in passive (Marion Lafon)

  • Support SMB & NTLM output from Masscan in nmap

  • Add .features() API to feed machine learning algorithms (blog post coming as soon as possible)

  • Add ivre ipcalc tool (Vivien Venuti)

  • Support --gnmap CLI output for nmap and view

  • Improve tests coverage (Vivien Venuti)

  • Support --explain for PostgreSQL (Vivien Venuti)

  • Early implementation of HttpDB backend (to use another IVRE HTTP service as a pseudo-database)

  • Drop SQL* with Python 2.6: sqlalchemy versions working with Python 2.6 are vulnerable to CVE-2019-7164.

  • Many bugfixes & tiny improvements (Vincent Ruello, Vivien Venuti, Angélique Baille, Marion Lafon, Cyrille Franchet, Paul Martinez)

IPv6 support

IPv6 support is really important but (as far as I can tell) is far from getting enough real life tests. If you have IPv6 networks with traffic, please help us and report any bug!

Documentation

A comprehensive (re)write of the documentation is on its way, so please let us know (for example, opening an issue, using the “doc” label).