metasploit_data_models 0.20.1.pre.recog → 0.20.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/Gemfile +3 -3
- data/app/models/mdm/host.rb +2 -2
- data/lib/mdm/host/operating_system_normalization.rb +888 -803
- data/lib/metasploit_data_models/version.rb +0 -2
- data/metasploit_data_models.gemspec +0 -4
- data/spec/app/models/mdm/host_spec.rb +127 -333
- data/spec/dummy/db/structure.sql +0 -679
- metadata +174 -20
- data/db/migrate/20140919000000_normalize_existing_hosts.rb +0 -8
@@ -8,8 +8,6 @@ module MetasploitDataModels
|
|
8
8
|
# The patch number, scoped to the {MINOR} version number.
|
9
9
|
PATCH = 1
|
10
10
|
|
11
|
-
PRERELEASE = 'recog'
|
12
|
-
|
13
11
|
# The full version string, including the {MAJOR}, {MINOR}, {PATCH}, and optionally, the `PRERELEASE` in the
|
14
12
|
# {http://semver.org/spec/v2.0.0.html semantic versioning v2.0.0} format.
|
15
13
|
#
|
@@ -39,10 +39,6 @@ Gem::Specification.new do |s|
|
|
39
39
|
# @see MSP-2971
|
40
40
|
s.add_runtime_dependency 'activerecord', '>= 3.2.13', '< 4.0.0'
|
41
41
|
s.add_runtime_dependency 'activesupport'
|
42
|
-
|
43
|
-
# os fingerprinting
|
44
|
-
s.add_runtime_dependency 'recog'
|
45
|
-
|
46
42
|
s.add_runtime_dependency 'metasploit-concern', '~> 0.2.1'
|
47
43
|
s.add_runtime_dependency 'metasploit-model', '~> 0.27.0'
|
48
44
|
s.add_runtime_dependency 'railties', '< 4.0.0'
|
@@ -547,152 +547,126 @@ describe Mdm::Host do
|
|
547
547
|
end
|
548
548
|
|
549
549
|
context '#parse_windows_os_str' do
|
550
|
-
it 'should always return the os_name as Windows' do
|
550
|
+
it 'should always return the os_name as Microsoft Windows' do
|
551
551
|
result = host.send(:parse_windows_os_str, '')
|
552
|
-
result[
|
552
|
+
result[:os_name].should == 'Microsoft Windows'
|
553
553
|
end
|
554
554
|
|
555
555
|
context 'arch' do
|
556
556
|
it 'should return a value for arch if there is one' do
|
557
557
|
result = host.send(:parse_windows_os_str, 'Windows x64')
|
558
|
-
result[
|
558
|
+
result[:arch].should == 'x64'
|
559
559
|
end
|
560
560
|
|
561
561
|
it "should not have an arch key if we don't know the arch" do
|
562
562
|
result = host.send(:parse_windows_os_str, 'Windows')
|
563
|
-
result.has_key?(
|
563
|
+
result.has_key?(:arch).should == false
|
564
564
|
end
|
565
565
|
end
|
566
566
|
|
567
567
|
context 'Service Pack' do
|
568
568
|
it 'should be returned if we see Service Pack X' do
|
569
569
|
result = host.send(:parse_windows_os_str, 'Windows XP Service Pack 1')
|
570
|
-
result[
|
570
|
+
result[:os_sp].should == 'SP1'
|
571
571
|
end
|
572
572
|
|
573
573
|
it 'should be returned if we see SPX' do
|
574
574
|
result = host.send(:parse_windows_os_str, 'Windows XP SP3')
|
575
|
-
result[
|
575
|
+
result[:os_sp].should == 'SP3'
|
576
576
|
end
|
577
577
|
end
|
578
578
|
|
579
|
-
context 'os
|
580
|
-
|
581
|
-
it "should appear as Windows 95 for 'Windows 95" do
|
582
|
-
result = host.send(:parse_windows_os_str, 'Windows 95')
|
583
|
-
result['os.product'].should == 'Windows 95'
|
584
|
-
end
|
585
|
-
|
586
|
-
it "should appear as Windows NT 3.51 for 'Windows NT 3.51" do
|
587
|
-
result = host.send(:parse_windows_os_str, 'Windows NT 3.51')
|
588
|
-
result['os.product'].should == 'Windows NT 3.51'
|
589
|
-
end
|
590
|
-
|
591
|
-
it "should appear as Windows NT 4.0 for 'Windows NT 4.0" do
|
592
|
-
result = host.send(:parse_windows_os_str, 'Windows NT 4.0')
|
593
|
-
result['os.product'].should == 'Windows NT 4.0'
|
594
|
-
end
|
595
|
-
|
596
|
-
it "should appear as Windows 98 for 'Windows 98" do
|
597
|
-
result = host.send(:parse_windows_os_str, 'Windows 98')
|
598
|
-
result['os.product'].should == 'Windows 98'
|
599
|
-
end
|
600
|
-
|
601
|
-
it "should appear as Windows ME for 'Windows ME" do
|
602
|
-
result = host.send(:parse_windows_os_str, 'Windows ME')
|
603
|
-
result['os.product'].should == 'Windows ME'
|
604
|
-
end
|
605
|
-
|
606
|
-
it "should appear as Windows 2003 for '.NET Server'" do
|
579
|
+
context 'os flavor' do
|
580
|
+
it "should appear as 2003 for '.NET Server'" do
|
607
581
|
result = host.send(:parse_windows_os_str, 'Windows .NET Server')
|
608
|
-
result[
|
582
|
+
result[:os_flavor].should == '2003'
|
609
583
|
end
|
610
584
|
|
611
|
-
it 'should be recognized for
|
585
|
+
it 'should be recognized for XP' do
|
612
586
|
result = host.send(:parse_windows_os_str, 'Windows XP')
|
613
|
-
result[
|
587
|
+
result[:os_flavor].should == 'XP'
|
614
588
|
end
|
615
589
|
|
616
|
-
it 'should be recognized for
|
590
|
+
it 'should be recognized for 2000' do
|
617
591
|
result = host.send(:parse_windows_os_str, 'Windows 2000')
|
618
|
-
result[
|
592
|
+
result[:os_flavor].should == '2000'
|
619
593
|
end
|
620
594
|
|
621
|
-
it 'should be recognized for
|
595
|
+
it 'should be recognized for 2003' do
|
622
596
|
result = host.send(:parse_windows_os_str, 'Windows 2003')
|
623
|
-
result[
|
597
|
+
result[:os_flavor].should == '2003'
|
624
598
|
end
|
625
599
|
|
626
|
-
it 'should be recognized for
|
600
|
+
it 'should be recognized for 2008' do
|
627
601
|
result = host.send(:parse_windows_os_str, 'Windows 2008')
|
628
|
-
result[
|
602
|
+
result[:os_flavor].should == '2008'
|
629
603
|
end
|
630
604
|
|
631
|
-
it 'should be recognized for
|
632
|
-
result = host.send(:parse_windows_os_str, 'Windows
|
633
|
-
result[
|
605
|
+
it 'should be recognized for Vista' do
|
606
|
+
result = host.send(:parse_windows_os_str, 'Windows Vista')
|
607
|
+
result[:os_flavor].should == 'Vista'
|
634
608
|
end
|
635
609
|
|
636
|
-
it 'should be recognized for
|
637
|
-
result = host.send(:parse_windows_os_str, 'Windows
|
638
|
-
result[
|
610
|
+
it 'should be recognized for SBS' do
|
611
|
+
result = host.send(:parse_windows_os_str, 'Windows SBS')
|
612
|
+
result[:os_flavor].should == 'SBS'
|
639
613
|
end
|
640
614
|
|
641
|
-
it 'should be recognized for
|
615
|
+
it 'should be recognized for 2000 Advanced Server' do
|
642
616
|
result = host.send(:parse_windows_os_str, 'Windows 2000 Advanced Server')
|
643
|
-
result[
|
617
|
+
result[:os_flavor].should == '2000 Advanced Server'
|
644
618
|
end
|
645
619
|
|
646
|
-
it 'should be recognized for
|
620
|
+
it 'should be recognized for 7' do
|
647
621
|
result = host.send(:parse_windows_os_str, 'Windows 7')
|
648
|
-
result[
|
622
|
+
result[:os_flavor].should == '7'
|
649
623
|
end
|
650
624
|
|
651
|
-
it 'should be recognized for
|
625
|
+
it 'should be recognized for 7 X Edition' do
|
652
626
|
result = host.send(:parse_windows_os_str, 'Windows 7 Ultimate Edition')
|
653
|
-
result[
|
654
|
-
result['os.edition'].should == 'Ultimate'
|
627
|
+
result[:os_flavor].should == '7 Ultimate Edition'
|
655
628
|
end
|
656
629
|
|
657
|
-
it 'should be recognized for
|
630
|
+
it 'should be recognized for 8' do
|
658
631
|
result = host.send(:parse_windows_os_str, 'Windows 8')
|
659
|
-
result[
|
632
|
+
result[:os_flavor].should == '8'
|
660
633
|
end
|
661
634
|
|
662
|
-
it 'should be
|
663
|
-
|
664
|
-
|
635
|
+
it 'should be guessed at if all else fails' do
|
636
|
+
result = host.send(:parse_windows_os_str, 'Windows Foobar Service Pack 3')
|
637
|
+
result[:os_flavor].should == 'Foobar'
|
665
638
|
end
|
639
|
+
end
|
666
640
|
|
667
|
-
|
668
|
-
|
669
|
-
result
|
641
|
+
context 'os type' do
|
642
|
+
it 'should be server for Windows NT' do
|
643
|
+
result = host.send(:parse_windows_os_str, 'Windows NT 4')
|
644
|
+
result[:type].should == 'server'
|
670
645
|
end
|
671
646
|
|
672
|
-
it 'should be
|
673
|
-
result = host.send(:parse_windows_os_str, 'Windows
|
674
|
-
result[
|
675
|
-
result['os.build'].should == '2600'
|
676
|
-
result['os.version'].should == 'SP3'
|
647
|
+
it 'should be server for Windows 2003' do
|
648
|
+
result = host.send(:parse_windows_os_str, 'Windows 2003')
|
649
|
+
result[:type].should == 'server'
|
677
650
|
end
|
678
651
|
|
679
|
-
it 'should be
|
680
|
-
result = host.send(:parse_windows_os_str, 'Windows
|
681
|
-
result[
|
682
|
-
result['os.build'].should == '3790'
|
652
|
+
it 'should be server for Windows 2008' do
|
653
|
+
result = host.send(:parse_windows_os_str, 'Windows 2008')
|
654
|
+
result[:type].should == 'server'
|
683
655
|
end
|
684
656
|
|
685
|
-
it 'should be
|
686
|
-
result = host.send(:parse_windows_os_str, 'Windows
|
687
|
-
result[
|
688
|
-
result['os.build'].should == '6001'
|
689
|
-
result['os.version'].should == 'SP1'
|
657
|
+
it 'should be server for Windows SBS' do
|
658
|
+
result = host.send(:parse_windows_os_str, 'Windows SBS')
|
659
|
+
result[:type].should == 'server'
|
690
660
|
end
|
691
661
|
|
692
|
-
it 'should
|
693
|
-
|
694
|
-
|
695
|
-
|
662
|
+
it 'should be server for anything with Server in the string' do
|
663
|
+
result = host.send(:parse_windows_os_str, 'Windows Foobar Server')
|
664
|
+
result[:type].should == 'server'
|
665
|
+
end
|
666
|
+
|
667
|
+
it 'should be client for anything else' do
|
668
|
+
result = host.send(:parse_windows_os_str, 'Windows XP')
|
669
|
+
result[:type].should == 'client'
|
696
670
|
end
|
697
671
|
end
|
698
672
|
end
|
@@ -707,7 +681,7 @@ describe Mdm::Host do
|
|
707
681
|
host.validate_fingerprint_data(fingerprint).should == false
|
708
682
|
end
|
709
683
|
|
710
|
-
it 'should return false for
|
684
|
+
it 'should return false for postgressql fingerprints' do
|
711
685
|
fingerprint= FactoryGirl.build(:mdm_note, :ntype => 'postgresql.fingerprint', :data => {})
|
712
686
|
host.validate_fingerprint_data(fingerprint).should == false
|
713
687
|
end
|
@@ -718,262 +692,81 @@ describe Mdm::Host do
|
|
718
692
|
end
|
719
693
|
end
|
720
694
|
|
721
|
-
|
722
|
-
context '#apply_match_to_host' do
|
723
|
-
|
724
|
-
before(:each) do
|
725
|
-
stub_const('Rex::Text', Module.new)
|
726
|
-
allow(Rex::Text).to receive(:ascii_safe_hex) do |unsanitized|
|
727
|
-
r = Regexp.new("([^[:print:]])", Regexp::NOENCODING)
|
728
|
-
# Pass back the sanitized value for the stub
|
729
|
-
unsanitized.force_encoding('binary').gsub(r){ |x| "\\x%.2x" % (x.unpack("C*")[0]) }
|
730
|
-
end
|
731
|
-
end
|
732
|
-
|
733
|
-
it 'should set host.mac when host.mac is present' do
|
734
|
-
match = { 'host.mac' => '00:11:22:33:44:55' }
|
735
|
-
host.send(:apply_match_to_host, match)
|
736
|
-
host.mac.should == '00:11:22:33:44:55'
|
737
|
-
end
|
738
|
-
|
739
|
-
it 'should set host.name when host.name is present' do
|
740
|
-
match = { 'host.name' => 'webbyweb' }
|
741
|
-
host.send(:apply_match_to_host, match)
|
742
|
-
host.name.should == 'webbyweb'
|
743
|
-
end
|
744
|
-
|
745
|
-
it 'should set host.arch when os.arch is present' do
|
746
|
-
match = { 'os.arch' => 'x86' }
|
747
|
-
host.send(:apply_match_to_host, match)
|
748
|
-
host.arch.should == 'x86'
|
749
|
-
end
|
750
|
-
|
751
|
-
it 'should set host.name to an escaped hex value when host.name contains high bytes' do
|
752
|
-
match = { 'host.name' => "HighBytes\xff\xf0" }
|
753
|
-
host.send(:apply_match_to_host, match)
|
754
|
-
host.name.should == "HighBytes\\xff\\xf0"
|
755
|
-
end
|
756
|
-
|
757
|
-
it 'should set host.purpose to client when os.product is Windows XP' do
|
758
|
-
match = { 'os.product' => 'Windows XP' }
|
759
|
-
host.send(:apply_match_to_host, match)
|
760
|
-
host.os_name.should == 'Windows XP'
|
761
|
-
host.purpose.should == 'client'
|
762
|
-
end
|
763
|
-
|
764
|
-
it 'should set host.purpose to server when os.product is Windows 2012' do
|
765
|
-
match = { 'os.product' => 'Windows 2012' }
|
766
|
-
host.send(:apply_match_to_host, match)
|
767
|
-
host.os_name.should == 'Windows 2012'
|
768
|
-
host.purpose.should == 'server'
|
769
|
-
end
|
770
|
-
|
771
|
-
it 'should set host.purpose to printer when os.device is Print server' do
|
772
|
-
match = { 'os.device' => 'Print server' }
|
773
|
-
host.send(:apply_match_to_host, match)
|
774
|
-
host.purpose.should == 'printer'
|
775
|
-
end
|
776
|
-
|
777
|
-
it 'should set host.os_lang to English when os.language is English' do
|
778
|
-
match = { 'os.language' => 'English' }
|
779
|
-
host.send(:apply_match_to_host, match)
|
780
|
-
host.os_lang.should == 'English'
|
781
|
-
end
|
782
|
-
|
783
|
-
it 'should set host.os_name to Windows 8.1 when os.product is Windows 8.1' do
|
784
|
-
match = { 'os.product' => 'Windows 8.1' }
|
785
|
-
host.send(:apply_match_to_host, match)
|
786
|
-
host.os_name.should == 'Windows 8.1'
|
787
|
-
end
|
788
|
-
|
789
|
-
it 'should set host.os_name to Windows when os.product is not set and os.family is Windows' do
|
790
|
-
match = { 'os.family' => 'Windows' }
|
791
|
-
host.send(:apply_match_to_host, match)
|
792
|
-
host.os_name.should == 'Windows'
|
793
|
-
end
|
794
|
-
|
795
|
-
it 'should set host.os_flavor to Professional when os.edition is Professional' do
|
796
|
-
match = { 'os.edition' => 'Professional' }
|
797
|
-
host.send(:apply_match_to_host, match)
|
798
|
-
host.os_flavor.should == 'Professional'
|
799
|
-
end
|
800
|
-
|
801
|
-
it 'should set host.os_sp to SP2 when os.version is SP2' do
|
802
|
-
match = { 'os.version' => 'SP2' }
|
803
|
-
host.send(:apply_match_to_host, match)
|
804
|
-
host.os_sp.should == 'SP2'
|
805
|
-
end
|
806
|
-
|
807
|
-
it 'should set host.os_sp to 3.2.11 when os.version is nil and linux.kernel.version is 3.2.11' do
|
808
|
-
match = { 'linux.kernel.version' => '3.2.11' }
|
809
|
-
host.send(:apply_match_to_host, match)
|
810
|
-
host.os_sp.should == '3.2.11'
|
811
|
-
end
|
812
|
-
end
|
813
|
-
|
814
|
-
context '#normalize_match' do
|
815
|
-
|
816
|
-
it 'should convert Service Pack X to SPX' do
|
817
|
-
match = { 'os.version' => 'Service Pack 2' }
|
818
|
-
result = host.send(:normalize_match, match)
|
819
|
-
result['os.version'].should == 'SP2'
|
820
|
-
end
|
821
|
-
|
822
|
-
it 'should not convert No Service Pack to SP' do
|
823
|
-
match = { 'os.version' => 'No Service Pack' }
|
824
|
-
result = host.send(:normalize_match, match)
|
825
|
-
result['os.version'].should == 'No Service Pack'
|
826
|
-
end
|
827
|
-
|
828
|
-
it 'should convert Apple Mac OS X to Mac OS X' do
|
829
|
-
match = { 'os.product' => 'Apple Mac OS X' }
|
830
|
-
result = host.send(:normalize_match, match)
|
831
|
-
result['os.product'].should == 'Mac OS X'
|
832
|
-
result['os.vendor'].should == 'Apple'
|
833
|
-
end
|
834
|
-
|
835
|
-
it 'should convert Microsoft Windows to Windows' do
|
836
|
-
match = { 'os.product' => 'Microsoft Windows 7' }
|
837
|
-
result = host.send(:normalize_match, match)
|
838
|
-
result['os.product'].should == 'Windows 7'
|
839
|
-
result['os.vendor'].should == 'Microsoft'
|
840
|
-
end
|
841
|
-
|
842
|
-
it 'should convert Windows Server 2012 to Windows 2012' do
|
843
|
-
match = { 'os.product' => 'Windows Server 2012' }
|
844
|
-
result = host.send(:normalize_match, match)
|
845
|
-
result['os.product'].should == 'Windows 2012'
|
846
|
-
end
|
847
|
-
end
|
848
|
-
|
849
|
-
context '#guess_purpose_from_match' do
|
850
|
-
|
851
|
-
it 'should detect Windows XP as a client' do
|
852
|
-
match = { 'os.product' => 'Windows XP' }
|
853
|
-
result = host.send(:guess_purpose_from_match, match)
|
854
|
-
result.should == 'client'
|
855
|
-
end
|
856
|
-
|
857
|
-
it 'should detect Windows 8.1 as a client' do
|
858
|
-
match = { 'os.product' => 'Windows 8.1' }
|
859
|
-
result = host.send(:guess_purpose_from_match, match)
|
860
|
-
result.should == 'client'
|
861
|
-
end
|
862
|
-
|
863
|
-
it 'should detect Windows 2000 as a server' do
|
864
|
-
match = { 'os.product' => 'Windows 2000' }
|
865
|
-
result = host.send(:guess_purpose_from_match, match)
|
866
|
-
result.should == 'server'
|
867
|
-
end
|
868
|
-
|
869
|
-
it 'should detect Windows Server 2012 as a server' do
|
870
|
-
match = { 'os.product' => 'Windows Server 2012' }
|
871
|
-
result = host.send(:guess_purpose_from_match, match)
|
872
|
-
result.should == 'server'
|
873
|
-
end
|
874
|
-
|
875
|
-
it 'should detect Linux as a server' do
|
876
|
-
match = { 'os.product' => 'Linux' }
|
877
|
-
result = host.send(:guess_purpose_from_match, match)
|
878
|
-
result.should == 'server'
|
879
|
-
end
|
880
|
-
|
881
|
-
it 'should detect JetDirect as a printer' do
|
882
|
-
match = { 'os.product' => 'JetDirect', 'os.device' => 'Print server' }
|
883
|
-
result = host.send(:guess_purpose_from_match, match)
|
884
|
-
result.should == 'printer'
|
885
|
-
end
|
886
|
-
|
887
|
-
it 'should detect Unknown Printer as a printer' do
|
888
|
-
match = { 'os.product' => 'Unknown Printer' }
|
889
|
-
result = host.send(:guess_purpose_from_match, match)
|
890
|
-
result.should == 'printer'
|
891
|
-
end
|
892
|
-
|
893
|
-
it 'should detect Linksys Router as a router' do
|
894
|
-
match = { 'os.product' => 'Linksys', 'os.device' => 'Router' }
|
895
|
-
result = host.send(:guess_purpose_from_match, match)
|
896
|
-
result.should == 'router'
|
897
|
-
end
|
898
|
-
|
899
|
-
it 'should detect CheckPoint Firewall-1 as a firewall' do
|
900
|
-
match = { 'os.vendor' => 'Check Point', 'os.product' => 'Firewall-1' }
|
901
|
-
result = host.send(:guess_purpose_from_match, match)
|
902
|
-
result.should == 'firewall'
|
903
|
-
end
|
904
|
-
end
|
905
|
-
|
906
695
|
context '#normalize_scanner_fp' do
|
907
696
|
context 'for session_fingerprint' do
|
908
697
|
it 'should return all the correct data for Windows XP SP3 x86' do
|
909
698
|
fingerprint = FactoryGirl.build(:mdm_session_fingerprint, :host => host)
|
910
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
911
|
-
result[
|
912
|
-
result[
|
913
|
-
result[
|
914
|
-
result[
|
915
|
-
result[
|
699
|
+
result = host.send(:normalize_scanner_fp, fingerprint)
|
700
|
+
result[:os_name].should == 'Microsoft Windows'
|
701
|
+
result[:os_flavor].should == 'XP'
|
702
|
+
result[:os_sp].should == 'SP3'
|
703
|
+
result[:arch].should == 'x86'
|
704
|
+
result[:type].should == 'client'
|
705
|
+
result[:name].should == nil
|
706
|
+
result[:certainty].should == 0.8
|
916
707
|
end
|
917
708
|
|
918
709
|
it 'should return all the correct data for Windows 2008 SP1 x64' do
|
919
710
|
fp_data = { :os => 'Microsoft Windows 2008 SP1', :arch => 'x64'}
|
920
711
|
fingerprint = FactoryGirl.build(:mdm_session_fingerprint, :host => host, :data => fp_data)
|
921
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
922
|
-
result[
|
923
|
-
result[
|
924
|
-
result[
|
925
|
-
result[
|
926
|
-
result[
|
712
|
+
result = host.send(:normalize_scanner_fp, fingerprint)
|
713
|
+
result[:os_name].should == 'Microsoft Windows'
|
714
|
+
result[:os_flavor].should == '2008'
|
715
|
+
result[:os_sp].should == 'SP1'
|
716
|
+
result[:arch].should == 'x64'
|
717
|
+
result[:type].should == 'server'
|
718
|
+
result[:name].should == nil
|
719
|
+
result[:certainty].should == 0.8
|
927
720
|
end
|
928
721
|
|
929
722
|
it 'should fingerprint Metasploitable correctly' do
|
930
723
|
# Taken from an actual session_fingerprint of Metasploitable 2
|
931
724
|
fp_data = { :os => 'Linux 2.6.24-16-server (i386)', :name => 'metasploitable'}
|
932
725
|
fingerprint = FactoryGirl.build(:mdm_session_fingerprint, :host => host, :data => fp_data)
|
933
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
934
|
-
result[
|
935
|
-
result[
|
936
|
-
result[
|
937
|
-
result[
|
938
|
-
result[
|
726
|
+
result = host.send(:normalize_scanner_fp, fingerprint)
|
727
|
+
result[:os_name].should == 'Linux'
|
728
|
+
result[:name].should == 'metasploitable'
|
729
|
+
result[:os_sp].should == '2.6.24-16-server'
|
730
|
+
result[:arch].should == 'x86'
|
731
|
+
result[:certainty].should == 0.8
|
939
732
|
end
|
940
733
|
|
941
734
|
it 'should just populate os_name if it is unsure' do
|
942
735
|
fp_data = { :os => 'Darwin 12.3.0 x86_64 i386'}
|
943
736
|
fingerprint = FactoryGirl.build(:mdm_session_fingerprint, :host => host, :data => fp_data)
|
944
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
945
|
-
result[
|
946
|
-
result[
|
947
|
-
result[
|
948
|
-
result[
|
737
|
+
result = host.send(:normalize_scanner_fp, fingerprint)
|
738
|
+
result[:os_name].should == 'Darwin 12.3.0 x86_64 i386'
|
739
|
+
result[:os_sp].should == nil
|
740
|
+
result[:arch].should == nil
|
741
|
+
result[:certainty].should == 0.8
|
949
742
|
end
|
950
743
|
end
|
951
744
|
|
952
745
|
context 'for nmap_fingerprint' do
|
953
|
-
it 'should return OS name for a Windows XP fingerprint' do
|
746
|
+
it 'should return OS name and flavor for a Windows XP fingerprint' do
|
954
747
|
fingerprint = FactoryGirl.build(:mdm_nmap_fingerprint, :host => host)
|
955
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
956
|
-
result[
|
957
|
-
result[
|
748
|
+
result = host.send(:normalize_scanner_fp, fingerprint)
|
749
|
+
result[:os_name].should == 'Microsoft Windows'
|
750
|
+
result[:os_flavor].should == 'XP'
|
751
|
+
result[:certainty].should == 1
|
958
752
|
end
|
959
753
|
|
960
|
-
it 'should return OS name for a Metasploitable fingerprint' do
|
754
|
+
it 'should return OS name and flavor for a Metasploitable fingerprint' do
|
961
755
|
fp_data = {:os_vendor=>"Linux", :os_family=>"Linux", :os_version=>"2.6.X", :os_accuracy=>100}
|
962
756
|
fingerprint = FactoryGirl.build(:mdm_nmap_fingerprint, :host => host, :data => fp_data)
|
963
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
964
|
-
result[
|
965
|
-
result[
|
966
|
-
result[
|
757
|
+
result = host.send(:normalize_scanner_fp, fingerprint)
|
758
|
+
result[:os_name].should == 'Linux'
|
759
|
+
result[:os_flavor].should == '2.6.X'
|
760
|
+
result[:certainty].should == 1
|
967
761
|
end
|
968
762
|
|
969
763
|
it 'should return OS name and flavor fo an OSX fingerprint' do
|
970
764
|
fp_data = {:os_vendor=>"Apple", :os_family=>"Mac OS X", :os_version=>"10.8.X", :os_accuracy=>100}
|
971
765
|
fingerprint = FactoryGirl.build(:mdm_nmap_fingerprint, :host => host, :data => fp_data)
|
972
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
973
|
-
result[
|
974
|
-
result[
|
975
|
-
result[
|
976
|
-
result['os.certainty'].to_f.should == described_class::MAX_NMAP_CERTAINTY
|
766
|
+
result = host.send(:normalize_scanner_fp, fingerprint)
|
767
|
+
result[:os_name].should == 'Apple Mac OS X'
|
768
|
+
result[:os_flavor].should == '10.8.X'
|
769
|
+
result[:certainty].should == 1
|
977
770
|
end
|
978
771
|
end
|
979
772
|
|
@@ -981,51 +774,50 @@ describe Mdm::Host do
|
|
981
774
|
context 'of a Windows system' do
|
982
775
|
it 'should return a generic Windows fingerprint with no product info' do
|
983
776
|
fingerprint = FactoryGirl.build(:mdm_nexpose_fingerprint, :host => host)
|
984
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
985
|
-
result[
|
986
|
-
result[
|
987
|
-
result[
|
777
|
+
result = host.send(:normalize_scanner_fp, fingerprint)
|
778
|
+
result[:os_name].should == 'Microsoft Windows'
|
779
|
+
result[:arch].should == 'x86'
|
780
|
+
result[:certainty].should == 0.67
|
988
781
|
end
|
989
782
|
|
990
783
|
it 'should recognize a Windows 7 fingerprint' do
|
991
784
|
fp_data = {:family=>"Windows", :certainty=>"0.67", :vendor=>"Microsoft", :arch=>"x86", :product => 'Windows 7', :version => 'SP1'}
|
992
785
|
fingerprint = FactoryGirl.build(:mdm_nexpose_fingerprint, :host => host, :data => fp_data)
|
993
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
994
|
-
result[
|
995
|
-
result[
|
996
|
-
result[
|
997
|
-
result[
|
786
|
+
result = host.send(:normalize_scanner_fp, fingerprint)
|
787
|
+
result[:os_name].should == 'Microsoft Windows'
|
788
|
+
result[:os_flavor].should == '7'
|
789
|
+
result[:os_sp].should == 'SP1'
|
790
|
+
result[:arch].should == 'x86'
|
791
|
+
result[:certainty].should == 0.67
|
998
792
|
end
|
999
793
|
end
|
1000
794
|
|
1001
795
|
it 'should recognize an OSX fingerprint' do
|
1002
796
|
fp_data = {:family=>"Mac OS X", :certainty=>"0.80", :vendor=>"Apple"}
|
1003
797
|
fingerprint = FactoryGirl.build(:mdm_nexpose_fingerprint, :host => host, :data => fp_data)
|
1004
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
1005
|
-
result[
|
1006
|
-
result['os.vendor'].should == "Apple"
|
798
|
+
result = host.send(:normalize_scanner_fp, fingerprint)
|
799
|
+
result[:os_name].should == 'Apple Mac OS X'
|
1007
800
|
end
|
1008
801
|
|
1009
802
|
it 'should recognize a Cisco fingerprint' do
|
1010
803
|
fp_data = {:family=>"IOS", :certainty=>"1.00", :vendor=>"Cisco", :version=>"11.2(8)SA2"}
|
1011
804
|
fingerprint = FactoryGirl.build(:mdm_nexpose_fingerprint, :host => host, :data => fp_data)
|
1012
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
1013
|
-
result[
|
1014
|
-
result['os.vendor'].should == 'Cisco'
|
805
|
+
result = host.send(:normalize_scanner_fp, fingerprint)
|
806
|
+
result[:os_name].should == 'Cisco IOS'
|
1015
807
|
end
|
1016
808
|
|
1017
|
-
it 'should recognize an
|
809
|
+
it 'should recognize an embeeded fingerprint' do
|
1018
810
|
fp_data = {:family=>"embedded", :certainty=>"1.00", :vendor=>"Footek"}
|
1019
811
|
fingerprint = FactoryGirl.build(:mdm_nexpose_fingerprint, :host => host, :data => fp_data)
|
1020
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
1021
|
-
result[
|
812
|
+
result = host.send(:normalize_scanner_fp, fingerprint)
|
813
|
+
result[:os_name].should == 'Footek'
|
1022
814
|
end
|
1023
815
|
|
1024
816
|
it 'should handle an unknown fingerprint' do
|
1025
817
|
fp_data = {:certainty=>"1.00", :vendor=>"Footek"}
|
1026
818
|
fingerprint = FactoryGirl.build(:mdm_nexpose_fingerprint, :host => host, :data => fp_data)
|
1027
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
1028
|
-
result[
|
819
|
+
result = host.send(:normalize_scanner_fp, fingerprint)
|
820
|
+
result[:os_name].should == 'Footek'
|
1029
821
|
end
|
1030
822
|
|
1031
823
|
|
@@ -1034,19 +826,21 @@ describe Mdm::Host do
|
|
1034
826
|
context 'for retina_fingerprint' do
|
1035
827
|
it 'should recognize a Windows fingerprint' do
|
1036
828
|
fingerprint = FactoryGirl.build(:mdm_retina_fingerprint, :host => host)
|
1037
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
1038
|
-
result[
|
1039
|
-
result[
|
1040
|
-
result[
|
1041
|
-
result[
|
829
|
+
result = host.send(:normalize_scanner_fp, fingerprint)
|
830
|
+
result[:os_name].should == 'Microsoft Windows'
|
831
|
+
result[:os_flavor].should == '2003'
|
832
|
+
result[:arch].should == 'x64'
|
833
|
+
result[:os_sp].should == 'SP2'
|
834
|
+
result[:type].should == 'server'
|
835
|
+
result[:certainty].should == 0.8
|
1042
836
|
end
|
1043
837
|
|
1044
838
|
it 'should otherwise jsut copy the fingerprint to os_name' do
|
1045
839
|
fp_data = { :os => 'Linux 2.6.X (i386)'}
|
1046
840
|
fingerprint = FactoryGirl.build(:mdm_retina_fingerprint, :host => host, :data => fp_data)
|
1047
|
-
result = host.send(:normalize_scanner_fp, fingerprint)
|
1048
|
-
result[
|
1049
|
-
result[
|
841
|
+
result = host.send(:normalize_scanner_fp, fingerprint)
|
842
|
+
result[:os_name].should == 'Linux 2.6.X (i386)'
|
843
|
+
result[:certainty].should == 0.8
|
1050
844
|
end
|
1051
845
|
end
|
1052
846
|
end
|