dap 0.0.3 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 73ff4b39330e321425b775345ca2ea42a378d763
-  data.tar.gz: 8a48bfc369a9a73125a16e30c2909a2e1f22cc26
+  metadata.gz: 7353b035e42f0ddd251e0e568ecd58cf22294869
+  data.tar.gz: fa161592d559ecb61c0ca8e03bb88a93377406f0
 SHA512:
-  metadata.gz: 2160fbc5d336626b36cfbfb897b10734d8fda2e6833762861089883af48d0580f7e5ab4a343096a89a0eeb0dabd132afc6f6093dc01d3b944a614b5a5be37272
-  data.tar.gz: 358e4a7817f7cf2a622a77c8f7697c8a9eecfc86b6cf4df281dae66c9c7b237288be5429a7c78dac9d237e23324250374c335e8852c034a2ffb23db44a3b97a4
+  metadata.gz: 4f96b6c1e7032263ed23214ea4a5cd56a7ae16690f92e59321635cd3d05c74ae4d7f2735612e925e2517e471e7ec19187b64d8a83ecf2eb25bcfbc10f83c4f5b
+  data.tar.gz: b7f9c5bb9a947f7bec0c38f57bed0059be0b893bbdcc8087f8821db72aa1869069cf06eb999e72136b768fbadcff3ab3733237c8cea5979bdebb3bdf41d717bf

data/Gemfile

@@ -6,7 +6,7 @@ gem 'htmlentities'
 gem 'net-dns'
 gem 'bit-struct'
 gem 'geoip-c'
-gem 'recog'
+gem 'recog', '>=1.0.15'
 
 group :test do
   gem 'rspec', '~> 3.1.0'

data/Gemfile.lock

@@ -28,7 +28,7 @@ GEM
     nokogiri (1.6.3.1)
       mini_portile (= 0.6.0)
     oj (2.10.2)
-    recog (0.02)
+    recog (1.0.15)
       nokogiri
     rspec (3.1.0)
       rspec-core (~> 3.1.0)
@@ -55,5 +55,5 @@ DEPENDENCIES
   net-dns
   nokogiri
   oj
-  recog
+  recog (>= 1.0.15)
   rspec (~> 3.1.0)

data/lib/dap/filter.rb

@@ -6,4 +6,6 @@ require 'dap/filter/openssl'
 require 'dap/filter/names'
 require 'dap/filter/geoip'
 require 'dap/filter/recog'
-require 'dap/filter/vulnmatch'
+require 'dap/filter/vulnmatch'
+require 'dap/filter/ssh_keyscan'
+require 'dap/filter/smbclient'

data/lib/dap/filter/smbclient.rb

@@ -0,0 +1,26 @@
+module Dap
+module Filter
+
+require 'digest/md5'
+
+class FilterDecodeSMBClient
+  include BaseDecoder
+
+  def decode(data)
+    save  = {}
+
+    data.split(/\n/).each do |line|
+      case line.strip
+      when /^Domain=\[([^\]]+)\] OS=\[([^\]]+)\] Server=\[([^\]]+)\]/
+        save['smb_domain'] = $1
+        save['smb_native_os'] = $2
+        save['smb_native_lm'] = $3
+      end
+    end
+
+    save
+  end
+end
+
+end
+end

data/lib/dap/filter/ssh_keyscan.rb

@@ -0,0 +1,37 @@
+module Dap
+module Filter
+
+require 'digest/md5'
+
+class FilterDecodeSSHKeyscan
+  include BaseDecoder
+
+  def decode(data)
+    save  = {}
+
+    data.split(/\n/).each do |line|
+      case line.strip
+      when /^# [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\s+(.*)/m
+        banner = $1
+        save['banner'] = banner
+        if banner =~ /^SSH-([\d\.]+)-([^\s]+)\s+(.*)/m
+          save['ssh-protocol'] = $1
+          save['ssh-version']  = $2
+          save['ssh-vendor']   = $3
+          save['ssh-recog']    = $2 + " " + $3
+        end
+
+      when /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\s+((ssh|ecdsa)[^\s]+)\s+(.*)/m
+        ktype = $1
+        kdata = $3
+        save['hkey-' + ktype] = kdata
+        save['hkey-' + ktype + '-fp'] = Digest::MD5.hexdigest(kdata.unpack('m*').first).scan(/../).join(':')
+      end
+    end
+
+    save
+  end
+end
+
+end
+end

data/lib/dap/version.rb

@@ -1,3 +1,3 @@
 module Dap
-  VERSION = "0.0.3"
+  VERSION = "0.0.4"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dap
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
 platform: ruby
 authors:
 - Rapid7 Research
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-01-06 00:00:00.000000000 Z
+date: 2015-02-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -183,6 +183,8 @@ files:
 - lib/dap/filter/openssl.rb
 - lib/dap/filter/recog.rb
 - lib/dap/filter/simple.rb
+- lib/dap/filter/smbclient.rb
+- lib/dap/filter/ssh_keyscan.rb
 - lib/dap/filter/udp.rb
 - lib/dap/filter/vulnmatch.rb
 - lib/dap/input.rb