metasploit_data_models 0.20.0 → 0.20.1.pre.recog
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/Gemfile +3 -3
- data/app/models/mdm/host.rb +2 -2
- data/db/migrate/20140919000000_normalize_existing_hosts.rb +8 -0
- data/lib/mdm/host/operating_system_normalization.rb +803 -888
- data/lib/metasploit_data_models/engine.rb +2 -0
- data/lib/metasploit_data_models/version.rb +3 -1
- data/metasploit_data_models.gemspec +4 -0
- data/spec/app/models/mdm/host_spec.rb +333 -127
- data/spec/dummy/db/structure.sql +679 -0
- metadata +20 -174
@@ -10,6 +10,8 @@ module MetasploitDataModels
|
|
10
10
|
g.test_framework :rspec, :fixture => false
|
11
11
|
end
|
12
12
|
|
13
|
+
config.paths.add 'lib', autoload: true
|
14
|
+
|
13
15
|
initializer 'metasploit_data_models.prepend_factory_path', :after => 'factory_girl.set_factory_paths' do
|
14
16
|
if defined? FactoryGirl
|
15
17
|
relative_definition_file_path = config.generators.options[:factory_girl][:dir]
|
@@ -6,7 +6,9 @@ module MetasploitDataModels
|
|
6
6
|
# The minor version number, scoped to the {MAJOR} version number.
|
7
7
|
MINOR = 20
|
8
8
|
# The patch number, scoped to the {MINOR} version number.
|
9
|
-
PATCH =
|
9
|
+
PATCH = 1
|
10
|
+
|
11
|
+
PRERELEASE = 'recog'
|
10
12
|
|
11
13
|
# The full version string, including the {MAJOR}, {MINOR}, {PATCH}, and optionally, the `PRERELEASE` in the
|
12
14
|
# {http://semver.org/spec/v2.0.0.html semantic versioning v2.0.0} format.
|
@@ -39,6 +39,10 @@ Gem::Specification.new do |s|
|
|
39
39
|
# @see MSP-2971
|
40
40
|
s.add_runtime_dependency 'activerecord', '>= 3.2.13', '< 4.0.0'
|
41
41
|
s.add_runtime_dependency 'activesupport'
|
42
|
+
|
43
|
+
# os fingerprinting
|
44
|
+
s.add_runtime_dependency 'recog'
|
45
|
+
|
42
46
|
s.add_runtime_dependency 'metasploit-concern', '~> 0.2.1'
|
43
47
|
s.add_runtime_dependency 'metasploit-model', '~> 0.27.0'
|
44
48
|
s.add_runtime_dependency 'railties', '< 4.0.0'
|
@@ -547,126 +547,152 @@ describe Mdm::Host do
|
|
547
547
|
end
|
548
548
|
|
549
549
|
context '#parse_windows_os_str' do
|
550
|
-
it 'should always return the os_name as
|
550
|
+
it 'should always return the os_name as Windows' do
|
551
551
|
result = host.send(:parse_windows_os_str, '')
|
552
|
-
result[
|
552
|
+
result['os.product'].should == 'Windows'
|
553
553
|
end
|
554
554
|
|
555
555
|
context 'arch' do
|
556
556
|
it 'should return a value for arch if there is one' do
|
557
557
|
result = host.send(:parse_windows_os_str, 'Windows x64')
|
558
|
-
result[
|
558
|
+
result['os.arch'].should == 'x64'
|
559
559
|
end
|
560
560
|
|
561
561
|
it "should not have an arch key if we don't know the arch" do
|
562
562
|
result = host.send(:parse_windows_os_str, 'Windows')
|
563
|
-
result.has_key?(
|
563
|
+
result.has_key?('os.arch').should == false
|
564
564
|
end
|
565
565
|
end
|
566
566
|
|
567
567
|
context 'Service Pack' do
|
568
568
|
it 'should be returned if we see Service Pack X' do
|
569
569
|
result = host.send(:parse_windows_os_str, 'Windows XP Service Pack 1')
|
570
|
-
result[
|
570
|
+
result['os.version'].should == 'SP1'
|
571
571
|
end
|
572
572
|
|
573
573
|
it 'should be returned if we see SPX' do
|
574
574
|
result = host.send(:parse_windows_os_str, 'Windows XP SP3')
|
575
|
-
result[
|
575
|
+
result['os.version'].should == 'SP3'
|
576
576
|
end
|
577
577
|
end
|
578
578
|
|
579
|
-
context 'os
|
580
|
-
|
579
|
+
context 'os product' do
|
580
|
+
|
581
|
+
it "should appear as Windows 95 for 'Windows 95" do
|
582
|
+
result = host.send(:parse_windows_os_str, 'Windows 95')
|
583
|
+
result['os.product'].should == 'Windows 95'
|
584
|
+
end
|
585
|
+
|
586
|
+
it "should appear as Windows NT 3.51 for 'Windows NT 3.51" do
|
587
|
+
result = host.send(:parse_windows_os_str, 'Windows NT 3.51')
|
588
|
+
result['os.product'].should == 'Windows NT 3.51'
|
589
|
+
end
|
590
|
+
|
591
|
+
it "should appear as Windows NT 4.0 for 'Windows NT 4.0" do
|
592
|
+
result = host.send(:parse_windows_os_str, 'Windows NT 4.0')
|
593
|
+
result['os.product'].should == 'Windows NT 4.0'
|
594
|
+
end
|
595
|
+
|
596
|
+
it "should appear as Windows 98 for 'Windows 98" do
|
597
|
+
result = host.send(:parse_windows_os_str, 'Windows 98')
|
598
|
+
result['os.product'].should == 'Windows 98'
|
599
|
+
end
|
600
|
+
|
601
|
+
it "should appear as Windows ME for 'Windows ME" do
|
602
|
+
result = host.send(:parse_windows_os_str, 'Windows ME')
|
603
|
+
result['os.product'].should == 'Windows ME'
|
604
|
+
end
|
605
|
+
|
606
|
+
it "should appear as Windows 2003 for '.NET Server'" do
|
581
607
|
result = host.send(:parse_windows_os_str, 'Windows .NET Server')
|
582
|
-
result[
|
608
|
+
result['os.product'].should == 'Windows Server 2003'
|
583
609
|
end
|
584
610
|
|
585
|
-
it 'should be recognized for XP' do
|
611
|
+
it 'should be recognized for Windows XP' do
|
586
612
|
result = host.send(:parse_windows_os_str, 'Windows XP')
|
587
|
-
result[
|
613
|
+
result['os.product'].should == 'Windows XP'
|
588
614
|
end
|
589
615
|
|
590
|
-
it 'should be recognized for 2000' do
|
616
|
+
it 'should be recognized for Windows Server 2000' do
|
591
617
|
result = host.send(:parse_windows_os_str, 'Windows 2000')
|
592
|
-
result[
|
618
|
+
result['os.product'].should == 'Windows Server 2000'
|
593
619
|
end
|
594
620
|
|
595
|
-
it 'should be recognized for 2003' do
|
621
|
+
it 'should be recognized for Windows Server 2003' do
|
596
622
|
result = host.send(:parse_windows_os_str, 'Windows 2003')
|
597
|
-
result[
|
623
|
+
result['os.product'].should == 'Windows Server 2003'
|
598
624
|
end
|
599
625
|
|
600
|
-
it 'should be recognized for 2008' do
|
626
|
+
it 'should be recognized for Windows 2008' do
|
601
627
|
result = host.send(:parse_windows_os_str, 'Windows 2008')
|
602
|
-
result[
|
628
|
+
result['os.product'].should == 'Windows Server 2008'
|
603
629
|
end
|
604
630
|
|
605
|
-
it 'should be recognized for
|
606
|
-
result = host.send(:parse_windows_os_str, 'Windows
|
607
|
-
result[
|
631
|
+
it 'should be recognized for Windows 2012' do
|
632
|
+
result = host.send(:parse_windows_os_str, 'Windows 2012')
|
633
|
+
result['os.product'].should == 'Windows Server 2012'
|
608
634
|
end
|
609
635
|
|
610
|
-
it 'should be recognized for
|
611
|
-
result = host.send(:parse_windows_os_str, 'Windows
|
612
|
-
result[
|
636
|
+
it 'should be recognized for Windows Vista' do
|
637
|
+
result = host.send(:parse_windows_os_str, 'Windows Vista')
|
638
|
+
result['os.product'].should == 'Windows Vista'
|
613
639
|
end
|
614
640
|
|
615
|
-
it 'should be recognized for
|
641
|
+
it 'should be recognized for Windows Server 2000' do
|
616
642
|
result = host.send(:parse_windows_os_str, 'Windows 2000 Advanced Server')
|
617
|
-
result[
|
643
|
+
result['os.product'].should == 'Windows Server 2000'
|
618
644
|
end
|
619
645
|
|
620
|
-
it 'should be recognized for 7' do
|
646
|
+
it 'should be recognized for Windows 7' do
|
621
647
|
result = host.send(:parse_windows_os_str, 'Windows 7')
|
622
|
-
result[
|
648
|
+
result['os.product'].should == 'Windows 7'
|
623
649
|
end
|
624
650
|
|
625
|
-
it 'should be recognized for 7
|
651
|
+
it 'should be recognized for Windows 7 Ultimate Edition' do
|
626
652
|
result = host.send(:parse_windows_os_str, 'Windows 7 Ultimate Edition')
|
627
|
-
result[
|
653
|
+
result['os.product'].should == 'Windows 7'
|
654
|
+
result['os.edition'].should == 'Ultimate'
|
628
655
|
end
|
629
656
|
|
630
|
-
it 'should be recognized for 8' do
|
657
|
+
it 'should be recognized for Windows 8' do
|
631
658
|
result = host.send(:parse_windows_os_str, 'Windows 8')
|
632
|
-
result[
|
659
|
+
result['os.product'].should == 'Windows 8'
|
633
660
|
end
|
634
661
|
|
635
|
-
it 'should be
|
636
|
-
|
637
|
-
|
662
|
+
it 'should be recognized for Windows 8.1' do
|
663
|
+
result = host.send(:parse_windows_os_str, 'Windows 8.1')
|
664
|
+
result['os.product'].should == 'Windows 8.1'
|
638
665
|
end
|
639
|
-
end
|
640
666
|
|
641
|
-
|
642
|
-
|
643
|
-
result
|
644
|
-
result[:type].should == 'server'
|
667
|
+
it 'should be recognized for Windows 8.2' do
|
668
|
+
result = host.send(:parse_windows_os_str, 'Windows 8.2')
|
669
|
+
result['os.product'].should == 'Windows 8.2'
|
645
670
|
end
|
646
671
|
|
647
|
-
it 'should be
|
648
|
-
result = host.send(:parse_windows_os_str, 'Windows
|
649
|
-
result[
|
672
|
+
it 'should be recognized as Windows XP, Build 2600, SP3' do
|
673
|
+
result = host.send(:parse_windows_os_str, 'Windows XP (Build 2600, Service Pack 3).')
|
674
|
+
result['os.product'].should == 'Windows XP'
|
675
|
+
result['os.build'].should == '2600'
|
676
|
+
result['os.version'].should == 'SP3'
|
650
677
|
end
|
651
678
|
|
652
|
-
it 'should be
|
653
|
-
result = host.send(:parse_windows_os_str, 'Windows
|
654
|
-
result[
|
679
|
+
it 'should be recognized as Windows Server 2003, Build 3790' do
|
680
|
+
result = host.send(:parse_windows_os_str, 'Windows .NET Server (Build 3790).')
|
681
|
+
result['os.product'].should == 'Windows Server 2003'
|
682
|
+
result['os.build'].should == '3790'
|
655
683
|
end
|
656
684
|
|
657
|
-
it 'should be
|
658
|
-
result = host.send(:parse_windows_os_str, 'Windows
|
659
|
-
result[
|
685
|
+
it 'should be recognized as Windows Server 2008, Build 6001, SP1' do
|
686
|
+
result = host.send(:parse_windows_os_str, 'Windows 2008 (Build 6001, Service Pack 1).')
|
687
|
+
result['os.product'].should == 'Windows Server 2008'
|
688
|
+
result['os.build'].should == '6001'
|
689
|
+
result['os.version'].should == 'SP1'
|
660
690
|
end
|
661
691
|
|
662
|
-
it 'should
|
663
|
-
|
664
|
-
|
665
|
-
|
666
|
-
|
667
|
-
it 'should be client for anything else' do
|
668
|
-
result = host.send(:parse_windows_os_str, 'Windows XP')
|
669
|
-
result[:type].should == 'client'
|
692
|
+
it 'should default to Windows <name> if all else fails' do
|
693
|
+
result = host.send(:parse_windows_os_str, 'Windows Foobar Service Pack 3')
|
694
|
+
result['os.product'].should == 'Windows Foobar'
|
695
|
+
result['os.version'].should == 'SP3'
|
670
696
|
end
|
671
697
|
end
|
672
698
|
end
|
@@ -681,7 +707,7 @@ describe Mdm::Host do
|
|
681
707
|
host.validate_fingerprint_data(fingerprint).should == false
|
682
708
|
end
|
683
709
|
|
684
|
-
it 'should return false for
|
710
|
+
it 'should return false for postgresql fingerprints' do
|
685
711
|
fingerprint= FactoryGirl.build(:mdm_note, :ntype => 'postgresql.fingerprint', :data => {})
|
686
712
|
host.validate_fingerprint_data(fingerprint).should == false
|
687
713
|
end
|
@@ -692,81 +718,262 @@ describe Mdm::Host do
|
|
692
718
|
end
|
693
719
|
end
|
694
720
|
|
721
|
+
|
722
|
+
context '#apply_match_to_host' do
|
723
|
+
|
724
|
+
before(:each) do
|
725
|
+
stub_const('Rex::Text', Module.new)
|
726
|
+
allow(Rex::Text).to receive(:ascii_safe_hex) do |unsanitized|
|
727
|
+
r = Regexp.new("([^[:print:]])", Regexp::NOENCODING)
|
728
|
+
# Pass back the sanitized value for the stub
|
729
|
+
unsanitized.force_encoding('binary').gsub(r){ |x| "\\x%.2x" % (x.unpack("C*")[0]) }
|
730
|
+
end
|
731
|
+
end
|
732
|
+
|
733
|
+
it 'should set host.mac when host.mac is present' do
|
734
|
+
match = { 'host.mac' => '00:11:22:33:44:55' }
|
735
|
+
host.send(:apply_match_to_host, match)
|
736
|
+
host.mac.should == '00:11:22:33:44:55'
|
737
|
+
end
|
738
|
+
|
739
|
+
it 'should set host.name when host.name is present' do
|
740
|
+
match = { 'host.name' => 'webbyweb' }
|
741
|
+
host.send(:apply_match_to_host, match)
|
742
|
+
host.name.should == 'webbyweb'
|
743
|
+
end
|
744
|
+
|
745
|
+
it 'should set host.arch when os.arch is present' do
|
746
|
+
match = { 'os.arch' => 'x86' }
|
747
|
+
host.send(:apply_match_to_host, match)
|
748
|
+
host.arch.should == 'x86'
|
749
|
+
end
|
750
|
+
|
751
|
+
it 'should set host.name to an escaped hex value when host.name contains high bytes' do
|
752
|
+
match = { 'host.name' => "HighBytes\xff\xf0" }
|
753
|
+
host.send(:apply_match_to_host, match)
|
754
|
+
host.name.should == "HighBytes\\xff\\xf0"
|
755
|
+
end
|
756
|
+
|
757
|
+
it 'should set host.purpose to client when os.product is Windows XP' do
|
758
|
+
match = { 'os.product' => 'Windows XP' }
|
759
|
+
host.send(:apply_match_to_host, match)
|
760
|
+
host.os_name.should == 'Windows XP'
|
761
|
+
host.purpose.should == 'client'
|
762
|
+
end
|
763
|
+
|
764
|
+
it 'should set host.purpose to server when os.product is Windows 2012' do
|
765
|
+
match = { 'os.product' => 'Windows 2012' }
|
766
|
+
host.send(:apply_match_to_host, match)
|
767
|
+
host.os_name.should == 'Windows 2012'
|
768
|
+
host.purpose.should == 'server'
|
769
|
+
end
|
770
|
+
|
771
|
+
it 'should set host.purpose to printer when os.device is Print server' do
|
772
|
+
match = { 'os.device' => 'Print server' }
|
773
|
+
host.send(:apply_match_to_host, match)
|
774
|
+
host.purpose.should == 'printer'
|
775
|
+
end
|
776
|
+
|
777
|
+
it 'should set host.os_lang to English when os.language is English' do
|
778
|
+
match = { 'os.language' => 'English' }
|
779
|
+
host.send(:apply_match_to_host, match)
|
780
|
+
host.os_lang.should == 'English'
|
781
|
+
end
|
782
|
+
|
783
|
+
it 'should set host.os_name to Windows 8.1 when os.product is Windows 8.1' do
|
784
|
+
match = { 'os.product' => 'Windows 8.1' }
|
785
|
+
host.send(:apply_match_to_host, match)
|
786
|
+
host.os_name.should == 'Windows 8.1'
|
787
|
+
end
|
788
|
+
|
789
|
+
it 'should set host.os_name to Windows when os.product is not set and os.family is Windows' do
|
790
|
+
match = { 'os.family' => 'Windows' }
|
791
|
+
host.send(:apply_match_to_host, match)
|
792
|
+
host.os_name.should == 'Windows'
|
793
|
+
end
|
794
|
+
|
795
|
+
it 'should set host.os_flavor to Professional when os.edition is Professional' do
|
796
|
+
match = { 'os.edition' => 'Professional' }
|
797
|
+
host.send(:apply_match_to_host, match)
|
798
|
+
host.os_flavor.should == 'Professional'
|
799
|
+
end
|
800
|
+
|
801
|
+
it 'should set host.os_sp to SP2 when os.version is SP2' do
|
802
|
+
match = { 'os.version' => 'SP2' }
|
803
|
+
host.send(:apply_match_to_host, match)
|
804
|
+
host.os_sp.should == 'SP2'
|
805
|
+
end
|
806
|
+
|
807
|
+
it 'should set host.os_sp to 3.2.11 when os.version is nil and linux.kernel.version is 3.2.11' do
|
808
|
+
match = { 'linux.kernel.version' => '3.2.11' }
|
809
|
+
host.send(:apply_match_to_host, match)
|
810
|
+
host.os_sp.should == '3.2.11'
|
811
|
+
end
|
812
|
+
end
|
813
|
+
|
814
|
+
context '#normalize_match' do
|
815
|
+
|
816
|
+
it 'should convert Service Pack X to SPX' do
|
817
|
+
match = { 'os.version' => 'Service Pack 2' }
|
818
|
+
result = host.send(:normalize_match, match)
|
819
|
+
result['os.version'].should == 'SP2'
|
820
|
+
end
|
821
|
+
|
822
|
+
it 'should not convert No Service Pack to SP' do
|
823
|
+
match = { 'os.version' => 'No Service Pack' }
|
824
|
+
result = host.send(:normalize_match, match)
|
825
|
+
result['os.version'].should == 'No Service Pack'
|
826
|
+
end
|
827
|
+
|
828
|
+
it 'should convert Apple Mac OS X to Mac OS X' do
|
829
|
+
match = { 'os.product' => 'Apple Mac OS X' }
|
830
|
+
result = host.send(:normalize_match, match)
|
831
|
+
result['os.product'].should == 'Mac OS X'
|
832
|
+
result['os.vendor'].should == 'Apple'
|
833
|
+
end
|
834
|
+
|
835
|
+
it 'should convert Microsoft Windows to Windows' do
|
836
|
+
match = { 'os.product' => 'Microsoft Windows 7' }
|
837
|
+
result = host.send(:normalize_match, match)
|
838
|
+
result['os.product'].should == 'Windows 7'
|
839
|
+
result['os.vendor'].should == 'Microsoft'
|
840
|
+
end
|
841
|
+
|
842
|
+
it 'should convert Windows Server 2012 to Windows 2012' do
|
843
|
+
match = { 'os.product' => 'Windows Server 2012' }
|
844
|
+
result = host.send(:normalize_match, match)
|
845
|
+
result['os.product'].should == 'Windows 2012'
|
846
|
+
end
|
847
|
+
end
|
848
|
+
|
849
|
+
context '#guess_purpose_from_match' do
|
850
|
+
|
851
|
+
it 'should detect Windows XP as a client' do
|
852
|
+
match = { 'os.product' => 'Windows XP' }
|
853
|
+
result = host.send(:guess_purpose_from_match, match)
|
854
|
+
result.should == 'client'
|
855
|
+
end
|
856
|
+
|
857
|
+
it 'should detect Windows 8.1 as a client' do
|
858
|
+
match = { 'os.product' => 'Windows 8.1' }
|
859
|
+
result = host.send(:guess_purpose_from_match, match)
|
860
|
+
result.should == 'client'
|
861
|
+
end
|
862
|
+
|
863
|
+
it 'should detect Windows 2000 as a server' do
|
864
|
+
match = { 'os.product' => 'Windows 2000' }
|
865
|
+
result = host.send(:guess_purpose_from_match, match)
|
866
|
+
result.should == 'server'
|
867
|
+
end
|
868
|
+
|
869
|
+
it 'should detect Windows Server 2012 as a server' do
|
870
|
+
match = { 'os.product' => 'Windows Server 2012' }
|
871
|
+
result = host.send(:guess_purpose_from_match, match)
|
872
|
+
result.should == 'server'
|
873
|
+
end
|
874
|
+
|
875
|
+
it 'should detect Linux as a server' do
|
876
|
+
match = { 'os.product' => 'Linux' }
|
877
|
+
result = host.send(:guess_purpose_from_match, match)
|
878
|
+
result.should == 'server'
|
879
|
+
end
|
880
|
+
|
881
|
+
it 'should detect JetDirect as a printer' do
|
882
|
+
match = { 'os.product' => 'JetDirect', 'os.device' => 'Print server' }
|
883
|
+
result = host.send(:guess_purpose_from_match, match)
|
884
|
+
result.should == 'printer'
|
885
|
+
end
|
886
|
+
|
887
|
+
it 'should detect Unknown Printer as a printer' do
|
888
|
+
match = { 'os.product' => 'Unknown Printer' }
|
889
|
+
result = host.send(:guess_purpose_from_match, match)
|
890
|
+
result.should == 'printer'
|
891
|
+
end
|
892
|
+
|
893
|
+
it 'should detect Linksys Router as a router' do
|
894
|
+
match = { 'os.product' => 'Linksys', 'os.device' => 'Router' }
|
895
|
+
result = host.send(:guess_purpose_from_match, match)
|
896
|
+
result.should == 'router'
|
897
|
+
end
|
898
|
+
|
899
|
+
it 'should detect CheckPoint Firewall-1 as a firewall' do
|
900
|
+
match = { 'os.vendor' => 'Check Point', 'os.product' => 'Firewall-1' }
|
901
|
+
result = host.send(:guess_purpose_from_match, match)
|
902
|
+
result.should == 'firewall'
|
903
|
+
end
|
904
|
+
end
|
905
|
+
|
695
906
|
context '#normalize_scanner_fp' do
|
696
907
|
context 'for session_fingerprint' do
|
697
908
|
it 'should return all the correct data for Windows XP SP3 x86' do
|
698
909
|
fingerprint = FactoryGirl.build(:mdm_session_fingerprint, :host => host)
|
699
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
700
|
-
result[
|
701
|
-
result[
|
702
|
-
result[
|
703
|
-
result[
|
704
|
-
result[
|
705
|
-
result[:name].should == nil
|
706
|
-
result[:certainty].should == 0.8
|
910
|
+
result = host.send(:normalize_scanner_fp, fingerprint).first
|
911
|
+
result['os.product'].should == 'Windows XP'
|
912
|
+
result['os.version'].should == 'SP3'
|
913
|
+
result['os.arch'].should == 'x86'
|
914
|
+
result['host.name'].should == nil
|
915
|
+
result['os.certainty'].to_f.should == 0.8
|
707
916
|
end
|
708
917
|
|
709
918
|
it 'should return all the correct data for Windows 2008 SP1 x64' do
|
710
919
|
fp_data = { :os => 'Microsoft Windows 2008 SP1', :arch => 'x64'}
|
711
920
|
fingerprint = FactoryGirl.build(:mdm_session_fingerprint, :host => host, :data => fp_data)
|
712
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
713
|
-
result[
|
714
|
-
result[
|
715
|
-
result[
|
716
|
-
result[
|
717
|
-
result[
|
718
|
-
result[:name].should == nil
|
719
|
-
result[:certainty].should == 0.8
|
921
|
+
result = host.send(:normalize_scanner_fp, fingerprint).first
|
922
|
+
result['os.product'].should == 'Windows Server 2008'
|
923
|
+
result['os.version'].should == 'SP1'
|
924
|
+
result['os.arch'].should == 'x64'
|
925
|
+
result['host.name'].should == nil
|
926
|
+
result['os.certainty'].to_f.should == 0.8
|
720
927
|
end
|
721
928
|
|
722
929
|
it 'should fingerprint Metasploitable correctly' do
|
723
930
|
# Taken from an actual session_fingerprint of Metasploitable 2
|
724
931
|
fp_data = { :os => 'Linux 2.6.24-16-server (i386)', :name => 'metasploitable'}
|
725
932
|
fingerprint = FactoryGirl.build(:mdm_session_fingerprint, :host => host, :data => fp_data)
|
726
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
727
|
-
result[
|
728
|
-
result[
|
729
|
-
result[
|
730
|
-
result[
|
731
|
-
result[
|
933
|
+
result = host.send(:normalize_scanner_fp, fingerprint).first
|
934
|
+
result['os.product'].should == 'Linux'
|
935
|
+
result['host.name'].should == 'metasploitable'
|
936
|
+
result['os.version'].should == '2.6.24-16-server'
|
937
|
+
result['os.arch'].should == 'x86'
|
938
|
+
result['os.certainty'].to_f.should == 0.8
|
732
939
|
end
|
733
940
|
|
734
941
|
it 'should just populate os_name if it is unsure' do
|
735
942
|
fp_data = { :os => 'Darwin 12.3.0 x86_64 i386'}
|
736
943
|
fingerprint = FactoryGirl.build(:mdm_session_fingerprint, :host => host, :data => fp_data)
|
737
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
738
|
-
result[
|
739
|
-
result[
|
740
|
-
result[
|
741
|
-
result[
|
944
|
+
result = host.send(:normalize_scanner_fp, fingerprint).first
|
945
|
+
result['os.product'].should == 'Darwin 12.3.0 x86_64 i386'
|
946
|
+
result['os.version'].should == nil
|
947
|
+
result['os.arch'].should == nil
|
948
|
+
result['os.certainty'].should == 0.8
|
742
949
|
end
|
743
950
|
end
|
744
951
|
|
745
952
|
context 'for nmap_fingerprint' do
|
746
|
-
it 'should return OS name
|
953
|
+
it 'should return OS name for a Windows XP fingerprint' do
|
747
954
|
fingerprint = FactoryGirl.build(:mdm_nmap_fingerprint, :host => host)
|
748
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
749
|
-
result[
|
750
|
-
result[
|
751
|
-
result[:certainty].should == 1
|
955
|
+
result = host.send(:normalize_scanner_fp, fingerprint).first
|
956
|
+
result['os.product'].should == 'Windows XP'
|
957
|
+
result['os.certainty'].to_f.should == described_class::MAX_NMAP_CERTAINTY
|
752
958
|
end
|
753
959
|
|
754
|
-
it 'should return OS name
|
960
|
+
it 'should return OS name for a Metasploitable fingerprint' do
|
755
961
|
fp_data = {:os_vendor=>"Linux", :os_family=>"Linux", :os_version=>"2.6.X", :os_accuracy=>100}
|
756
962
|
fingerprint = FactoryGirl.build(:mdm_nmap_fingerprint, :host => host, :data => fp_data)
|
757
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
758
|
-
result[
|
759
|
-
result[
|
760
|
-
result[
|
963
|
+
result = host.send(:normalize_scanner_fp, fingerprint).first
|
964
|
+
result['os.product'].should == 'Linux'
|
965
|
+
result['os.version'].should == '2.6.X'
|
966
|
+
result['os.certainty'].to_f.should == described_class::MAX_NMAP_CERTAINTY
|
761
967
|
end
|
762
968
|
|
763
969
|
it 'should return OS name and flavor fo an OSX fingerprint' do
|
764
970
|
fp_data = {:os_vendor=>"Apple", :os_family=>"Mac OS X", :os_version=>"10.8.X", :os_accuracy=>100}
|
765
971
|
fingerprint = FactoryGirl.build(:mdm_nmap_fingerprint, :host => host, :data => fp_data)
|
766
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
767
|
-
result[
|
768
|
-
result[
|
769
|
-
result[
|
972
|
+
result = host.send(:normalize_scanner_fp, fingerprint).first
|
973
|
+
result['os.product'].should == 'Mac OS X'
|
974
|
+
result['os.vendor'].should == 'Apple'
|
975
|
+
result['os.version'].should == '10.8.X'
|
976
|
+
result['os.certainty'].to_f.should == described_class::MAX_NMAP_CERTAINTY
|
770
977
|
end
|
771
978
|
end
|
772
979
|
|
@@ -774,50 +981,51 @@ describe Mdm::Host do
|
|
774
981
|
context 'of a Windows system' do
|
775
982
|
it 'should return a generic Windows fingerprint with no product info' do
|
776
983
|
fingerprint = FactoryGirl.build(:mdm_nexpose_fingerprint, :host => host)
|
777
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
778
|
-
result[
|
779
|
-
result[
|
780
|
-
result[
|
984
|
+
result = host.send(:normalize_scanner_fp, fingerprint).first
|
985
|
+
result['os.product'].should == 'Windows'
|
986
|
+
result['os.arch'].should == 'x86'
|
987
|
+
result['os.certainty'].to_f.should == 0.67
|
781
988
|
end
|
782
989
|
|
783
990
|
it 'should recognize a Windows 7 fingerprint' do
|
784
991
|
fp_data = {:family=>"Windows", :certainty=>"0.67", :vendor=>"Microsoft", :arch=>"x86", :product => 'Windows 7', :version => 'SP1'}
|
785
992
|
fingerprint = FactoryGirl.build(:mdm_nexpose_fingerprint, :host => host, :data => fp_data)
|
786
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
787
|
-
result[
|
788
|
-
result[
|
789
|
-
result[
|
790
|
-
result[
|
791
|
-
result[:certainty].should == 0.67
|
993
|
+
result = host.send(:normalize_scanner_fp, fingerprint).first
|
994
|
+
result['os.product'].should == 'Windows 7'
|
995
|
+
result['os.version'].should == 'SP1'
|
996
|
+
result['os.arch'].should == 'x86'
|
997
|
+
result['os.certainty'].to_f.should == 0.67
|
792
998
|
end
|
793
999
|
end
|
794
1000
|
|
795
1001
|
it 'should recognize an OSX fingerprint' do
|
796
1002
|
fp_data = {:family=>"Mac OS X", :certainty=>"0.80", :vendor=>"Apple"}
|
797
1003
|
fingerprint = FactoryGirl.build(:mdm_nexpose_fingerprint, :host => host, :data => fp_data)
|
798
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
799
|
-
result[
|
1004
|
+
result = host.send(:normalize_scanner_fp, fingerprint).first
|
1005
|
+
result['os.product'].should == 'Mac OS X'
|
1006
|
+
result['os.vendor'].should == "Apple"
|
800
1007
|
end
|
801
1008
|
|
802
1009
|
it 'should recognize a Cisco fingerprint' do
|
803
1010
|
fp_data = {:family=>"IOS", :certainty=>"1.00", :vendor=>"Cisco", :version=>"11.2(8)SA2"}
|
804
1011
|
fingerprint = FactoryGirl.build(:mdm_nexpose_fingerprint, :host => host, :data => fp_data)
|
805
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
806
|
-
result[
|
1012
|
+
result = host.send(:normalize_scanner_fp, fingerprint).first
|
1013
|
+
result['os.product'].should == 'IOS'
|
1014
|
+
result['os.vendor'].should == 'Cisco'
|
807
1015
|
end
|
808
1016
|
|
809
|
-
it 'should recognize an
|
1017
|
+
it 'should recognize an embedded fingerprint' do
|
810
1018
|
fp_data = {:family=>"embedded", :certainty=>"1.00", :vendor=>"Footek"}
|
811
1019
|
fingerprint = FactoryGirl.build(:mdm_nexpose_fingerprint, :host => host, :data => fp_data)
|
812
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
813
|
-
result[
|
1020
|
+
result = host.send(:normalize_scanner_fp, fingerprint).first
|
1021
|
+
result['os.product'].should == 'Footek'
|
814
1022
|
end
|
815
1023
|
|
816
1024
|
it 'should handle an unknown fingerprint' do
|
817
1025
|
fp_data = {:certainty=>"1.00", :vendor=>"Footek"}
|
818
1026
|
fingerprint = FactoryGirl.build(:mdm_nexpose_fingerprint, :host => host, :data => fp_data)
|
819
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
820
|
-
result[
|
1027
|
+
result = host.send(:normalize_scanner_fp, fingerprint).first
|
1028
|
+
result['os.product'].should == 'Footek'
|
821
1029
|
end
|
822
1030
|
|
823
1031
|
|
@@ -826,21 +1034,19 @@ describe Mdm::Host do
|
|
826
1034
|
context 'for retina_fingerprint' do
|
827
1035
|
it 'should recognize a Windows fingerprint' do
|
828
1036
|
fingerprint = FactoryGirl.build(:mdm_retina_fingerprint, :host => host)
|
829
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
830
|
-
result[
|
831
|
-
result[
|
832
|
-
result[
|
833
|
-
result[
|
834
|
-
result[:type].should == 'server'
|
835
|
-
result[:certainty].should == 0.8
|
1037
|
+
result = host.send(:normalize_scanner_fp, fingerprint).first
|
1038
|
+
result['os.product'].should == 'Windows Server 2003'
|
1039
|
+
result['os.arch'].should == 'x64'
|
1040
|
+
result['os.version'].should == 'SP2'
|
1041
|
+
result['os.certainty'].to_f.should == 0.8
|
836
1042
|
end
|
837
1043
|
|
838
1044
|
it 'should otherwise jsut copy the fingerprint to os_name' do
|
839
1045
|
fp_data = { :os => 'Linux 2.6.X (i386)'}
|
840
1046
|
fingerprint = FactoryGirl.build(:mdm_retina_fingerprint, :host => host, :data => fp_data)
|
841
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
842
|
-
result[
|
843
|
-
result[
|
1047
|
+
result = host.send(:normalize_scanner_fp, fingerprint).first
|
1048
|
+
result['os.product'].should == 'Linux 2.6.X (i386)'
|
1049
|
+
result['os.certainty'].to_f.should == 0.8
|
844
1050
|
end
|
845
1051
|
end
|
846
1052
|
end
|