metasploit_data_models 0.6.13

Sign up to get free protection for your applications and to get access to all the features.
Files changed (211) hide show
  1. data/.gitignore +24 -0
  2. data/.rspec +3 -0
  3. data/.simplecov +38 -0
  4. data/.yardopts +4 -0
  5. data/Gemfile +27 -0
  6. data/LICENSE +27 -0
  7. data/README.md +72 -0
  8. data/Rakefile +53 -0
  9. data/app/models/mdm/api_key.rb +20 -0
  10. data/app/models/mdm/client.rb +9 -0
  11. data/app/models/mdm/cred.rb +80 -0
  12. data/app/models/mdm/event.rb +30 -0
  13. data/app/models/mdm/exploit_attempt.rb +14 -0
  14. data/app/models/mdm/exploited_host.rb +11 -0
  15. data/app/models/mdm/host.rb +134 -0
  16. data/app/models/mdm/host_detail.rb +15 -0
  17. data/app/models/mdm/host_tag.rb +13 -0
  18. data/app/models/mdm/imported_cred.rb +10 -0
  19. data/app/models/mdm/listener.rb +24 -0
  20. data/app/models/mdm/loot.rb +63 -0
  21. data/app/models/mdm/macro.rb +20 -0
  22. data/app/models/mdm/mod_ref.rb +3 -0
  23. data/app/models/mdm/module_action.rb +24 -0
  24. data/app/models/mdm/module_arch.rb +24 -0
  25. data/app/models/mdm/module_author.rb +25 -0
  26. data/app/models/mdm/module_detail.rb +59 -0
  27. data/app/models/mdm/module_mixin.rb +24 -0
  28. data/app/models/mdm/module_platform.rb +24 -0
  29. data/app/models/mdm/module_ref.rb +24 -0
  30. data/app/models/mdm/module_target.rb +26 -0
  31. data/app/models/mdm/nexpose_console.rb +20 -0
  32. data/app/models/mdm/note.rb +49 -0
  33. data/app/models/mdm/profile.rb +9 -0
  34. data/app/models/mdm/ref.rb +14 -0
  35. data/app/models/mdm/report.rb +50 -0
  36. data/app/models/mdm/report_template.rb +27 -0
  37. data/app/models/mdm/route.rb +9 -0
  38. data/app/models/mdm/service.rb +56 -0
  39. data/app/models/mdm/session.rb +48 -0
  40. data/app/models/mdm/session_event.rb +9 -0
  41. data/app/models/mdm/tag.rb +46 -0
  42. data/app/models/mdm/task.rb +41 -0
  43. data/app/models/mdm/user.rb +25 -0
  44. data/app/models/mdm/vuln.rb +60 -0
  45. data/app/models/mdm/vuln_attempt.rb +15 -0
  46. data/app/models/mdm/vuln_detail.rb +14 -0
  47. data/app/models/mdm/vuln_ref.rb +13 -0
  48. data/app/models/mdm/web_form.rb +16 -0
  49. data/app/models/mdm/web_page.rb +16 -0
  50. data/app/models/mdm/web_site.rb +47 -0
  51. data/app/models/mdm/web_vuln.rb +190 -0
  52. data/app/models/mdm/wmap_request.rb +3 -0
  53. data/app/models/mdm/wmap_target.rb +3 -0
  54. data/app/models/mdm/workspace.rb +196 -0
  55. data/bin/mdm_console +68 -0
  56. data/console_db.yml +9 -0
  57. data/db/migrate/000_create_tables.rb +79 -0
  58. data/db/migrate/001_add_wmap_tables.rb +35 -0
  59. data/db/migrate/002_add_workspaces.rb +36 -0
  60. data/db/migrate/003_move_notes.rb +20 -0
  61. data/db/migrate/004_add_events_table.rb +16 -0
  62. data/db/migrate/005_expand_info.rb +58 -0
  63. data/db/migrate/006_add_timestamps.rb +26 -0
  64. data/db/migrate/007_add_loots.rb +20 -0
  65. data/db/migrate/008_create_users.rb +16 -0
  66. data/db/migrate/009_add_loots_ctype.rb +10 -0
  67. data/db/migrate/010_add_alert_fields.rb +16 -0
  68. data/db/migrate/011_add_reports.rb +19 -0
  69. data/db/migrate/012_add_tasks.rb +24 -0
  70. data/db/migrate/013_add_tasks_result.rb +10 -0
  71. data/db/migrate/014_add_loots_fields.rb +12 -0
  72. data/db/migrate/015_rename_user.rb +16 -0
  73. data/db/migrate/016_add_host_purpose.rb +10 -0
  74. data/db/migrate/017_expand_info2.rb +58 -0
  75. data/db/migrate/018_add_workspace_user_info.rb +29 -0
  76. data/db/migrate/019_add_workspace_desc.rb +23 -0
  77. data/db/migrate/020_add_user_preferences.rb +11 -0
  78. data/db/migrate/021_standardize_info_and_data.rb +18 -0
  79. data/db/migrate/022_enlarge_event_info.rb +10 -0
  80. data/db/migrate/023_add_report_downloaded_at.rb +10 -0
  81. data/db/migrate/024_convert_service_info_to_text.rb +12 -0
  82. data/db/migrate/025_add_user_admin.rb +19 -0
  83. data/db/migrate/026_add_creds_table.rb +19 -0
  84. data/db/migrate/20100819123300_migrate_cred_data.rb +154 -0
  85. data/db/migrate/20100824151500_add_exploited_table.rb +16 -0
  86. data/db/migrate/20100908001428_add_owner_to_workspaces.rb +9 -0
  87. data/db/migrate/20100911122000_add_report_templates.rb +18 -0
  88. data/db/migrate/20100916151530_require_admin_flag.rb +15 -0
  89. data/db/migrate/20100916175000_add_campaigns_and_templates.rb +61 -0
  90. data/db/migrate/20100920012100_add_generate_exe_column.rb +8 -0
  91. data/db/migrate/20100926214000_add_template_prefs.rb +11 -0
  92. data/db/migrate/20101001000000_add_web_tables.rb +57 -0
  93. data/db/migrate/20101002000000_add_query.rb +10 -0
  94. data/db/migrate/20101007000000_add_vuln_info.rb +15 -0
  95. data/db/migrate/20101008111800_add_clients_to_campaigns.rb +10 -0
  96. data/db/migrate/20101009023300_add_campaign_attachments.rb +15 -0
  97. data/db/migrate/20101104135100_add_imported_creds.rb +17 -0
  98. data/db/migrate/20101203000000_fix_web_tables.rb +34 -0
  99. data/db/migrate/20101203000001_expand_host_comment.rb +12 -0
  100. data/db/migrate/20101206212033_add_limit_to_network_to_workspaces.rb +9 -0
  101. data/db/migrate/20110112154300_add_module_uuid_to_tasks.rb +9 -0
  102. data/db/migrate/20110204112800_add_host_tags.rb +28 -0
  103. data/db/migrate/20110317144932_add_session_table.rb +110 -0
  104. data/db/migrate/20110414180600_add_local_id_to_session_table.rb +11 -0
  105. data/db/migrate/20110415175705_add_routes_table.rb +18 -0
  106. data/db/migrate/20110422000000_convert_binary.rb +72 -0
  107. data/db/migrate/20110425095900_add_last_seen_to_sessions.rb +8 -0
  108. data/db/migrate/20110513143900_track_successful_exploits.rb +31 -0
  109. data/db/migrate/20110517160800_rename_and_prune_nessus_vulns.rb +26 -0
  110. data/db/migrate/20110527000000_add_task_id_to_reports_table.rb +11 -0
  111. data/db/migrate/20110527000001_add_api_keys_table.rb +12 -0
  112. data/db/migrate/20110606000001_add_macros_table.rb +16 -0
  113. data/db/migrate/20110622000000_add_settings_to_tasks_table.rb +12 -0
  114. data/db/migrate/20110624000001_add_listeners_table.rb +19 -0
  115. data/db/migrate/20110625000001_add_macro_to_listeners_table.rb +12 -0
  116. data/db/migrate/20110630000001_add_nexpose_consoles_table.rb +21 -0
  117. data/db/migrate/20110630000002_add_name_to_nexpose_consoles_table.rb +12 -0
  118. data/db/migrate/20110717000001_add_profiles_table.rb +15 -0
  119. data/db/migrate/20110727163801_expand_cred_ptype_column.rb +9 -0
  120. data/db/migrate/20110730000001_add_initial_indexes.rb +85 -0
  121. data/db/migrate/20110812000001_prune_indexes.rb +23 -0
  122. data/db/migrate/20110922000000_expand_notes.rb +9 -0
  123. data/db/migrate/20110928101300_add_mod_ref_table.rb +17 -0
  124. data/db/migrate/20111011110000_add_display_name_to_reports_table.rb +24 -0
  125. data/db/migrate/20111203000000_inet_columns.rb +13 -0
  126. data/db/migrate/20111204000000_more_inet_columns.rb +17 -0
  127. data/db/migrate/20111210000000_add_scope_to_hosts.rb +9 -0
  128. data/db/migrate/20120126110000_add_virtual_host_to_hosts.rb +9 -0
  129. data/db/migrate/20120411173220_rename_workspace_members.rb +9 -0
  130. data/db/migrate/20120601152442_add_counter_caches_to_hosts.rb +21 -0
  131. data/db/migrate/20120625000000_add_vuln_details.rb +34 -0
  132. data/db/migrate/20120625000001_add_host_details.rb +16 -0
  133. data/db/migrate/20120625000002_expand_details.rb +16 -0
  134. data/db/migrate/20120625000003_expand_details2.rb +24 -0
  135. data/db/migrate/20120625000004_add_vuln_attempts.rb +19 -0
  136. data/db/migrate/20120625000005_add_vuln_and_host_counter_caches.rb +14 -0
  137. data/db/migrate/20120625000006_add_module_details.rb +118 -0
  138. data/db/migrate/20120625000007_add_exploit_attempts.rb +26 -0
  139. data/db/migrate/20120625000008_add_fail_message.rb +12 -0
  140. data/db/migrate/20120718202805_add_owner_and_payload_to_web_vulns.rb +13 -0
  141. data/db/migrate/20130228214900_change_required_columns_to_null_false_in_web_vulns.rb +35 -0
  142. data/lib/mdm.rb +12 -0
  143. data/lib/mdm/host/operating_system_normalization.rb +984 -0
  144. data/lib/metasploit_data_models.rb +60 -0
  145. data/lib/metasploit_data_models/base64_serializer.rb +103 -0
  146. data/lib/metasploit_data_models/engine.rb +23 -0
  147. data/lib/metasploit_data_models/serialized_prefs.rb +23 -0
  148. data/lib/metasploit_data_models/validators/ip_format_validator.rb +13 -0
  149. data/lib/metasploit_data_models/validators/password_is_strong_validator.rb +70 -0
  150. data/lib/metasploit_data_models/version.rb +8 -0
  151. data/lib/tasks/yard.rake +26 -0
  152. data/metasploit_data_models.gemspec +31 -0
  153. data/script/rails +8 -0
  154. data/spec/app/models/mdm/module_action_spec.rb +38 -0
  155. data/spec/app/models/mdm/module_arch_spec.rb +38 -0
  156. data/spec/app/models/mdm/module_author_spec.rb +50 -0
  157. data/spec/app/models/mdm/module_detail_spec.rb +291 -0
  158. data/spec/app/models/mdm/module_mixin_spec.rb +38 -0
  159. data/spec/app/models/mdm/module_platform_spec.rb +38 -0
  160. data/spec/app/models/mdm/module_ref_spec.rb +38 -0
  161. data/spec/app/models/mdm/module_target_spec.rb +41 -0
  162. data/spec/app/models/mdm/web_vuln_spec.rb +126 -0
  163. data/spec/dummy/Rakefile +7 -0
  164. data/spec/dummy/app/assets/javascripts/application.js +15 -0
  165. data/spec/dummy/app/assets/stylesheets/application.css +13 -0
  166. data/spec/dummy/app/controllers/application_controller.rb +3 -0
  167. data/spec/dummy/app/helpers/application_helper.rb +2 -0
  168. data/spec/dummy/app/mailers/.gitkeep +0 -0
  169. data/spec/dummy/app/models/.gitkeep +0 -0
  170. data/spec/dummy/app/views/layouts/application.html.erb +14 -0
  171. data/spec/dummy/config.ru +4 -0
  172. data/spec/dummy/config/application.rb +61 -0
  173. data/spec/dummy/config/boot.rb +10 -0
  174. data/spec/dummy/config/database.yml.example +22 -0
  175. data/spec/dummy/config/environment.rb +5 -0
  176. data/spec/dummy/config/environments/development.rb +37 -0
  177. data/spec/dummy/config/environments/production.rb +67 -0
  178. data/spec/dummy/config/environments/test.rb +37 -0
  179. data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
  180. data/spec/dummy/config/initializers/inflections.rb +15 -0
  181. data/spec/dummy/config/initializers/mime_types.rb +5 -0
  182. data/spec/dummy/config/initializers/secret_token.rb +7 -0
  183. data/spec/dummy/config/initializers/session_store.rb +8 -0
  184. data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
  185. data/spec/dummy/config/routes.rb +2 -0
  186. data/spec/dummy/db/schema.rb +638 -0
  187. data/spec/dummy/lib/assets/.gitkeep +0 -0
  188. data/spec/dummy/log/.gitkeep +0 -0
  189. data/spec/dummy/public/404.html +26 -0
  190. data/spec/dummy/public/422.html +26 -0
  191. data/spec/dummy/public/500.html +25 -0
  192. data/spec/dummy/public/favicon.ico +0 -0
  193. data/spec/dummy/script/rails +6 -0
  194. data/spec/factories/mdm/addresses.rb +7 -0
  195. data/spec/factories/mdm/hosts.rb +18 -0
  196. data/spec/factories/mdm/module_actions.rb +14 -0
  197. data/spec/factories/mdm/module_archs.rb +14 -0
  198. data/spec/factories/mdm/module_authors.rb +22 -0
  199. data/spec/factories/mdm/module_details.rb +9 -0
  200. data/spec/factories/mdm/module_mixins.rb +14 -0
  201. data/spec/factories/mdm/module_platforms.rb +14 -0
  202. data/spec/factories/mdm/module_refs.rb +14 -0
  203. data/spec/factories/mdm/module_targets.rb +19 -0
  204. data/spec/factories/mdm/services.rb +35 -0
  205. data/spec/factories/mdm/users.rb +22 -0
  206. data/spec/factories/mdm/web_sites.rb +8 -0
  207. data/spec/factories/mdm/web_vulns.rb +64 -0
  208. data/spec/factories/mdm/workspaces.rb +23 -0
  209. data/spec/lib/base64_serializer_spec.rb +174 -0
  210. data/spec/spec_helper.rb +36 -0
  211. metadata +433 -0
@@ -0,0 +1,35 @@
1
+ # Changes all the {COLUMNS} in the web_vulns table that are required for {Mdm::WebVuln}, but were previously
2
+ # :null => true
3
+ class ChangeRequiredColumnsToNullFalseInWebVulns < ActiveRecord::Migration
4
+ # Columns that were previously :null => true, but are actually required to be non-null, so should be
5
+ # :null => false
6
+ COLUMNS = [
7
+ :category,
8
+ :confidence,
9
+ :method,
10
+ :name,
11
+ :params,
12
+ :path,
13
+ :pname,
14
+ :proof,
15
+ :risk
16
+ ]
17
+ # Table in which {COLUMNS} are.
18
+ TABLE_NAME = :web_vulns
19
+
20
+ # Marks all the {COLUMNS} as :null => true
21
+ def down
22
+ COLUMNS.each do |column|
23
+ change_column_null(TABLE_NAME, column, true)
24
+ end
25
+ end
26
+
27
+ # Marks all the {COLUMNS} as :null => false
28
+ def up
29
+ COLUMNS.each do |column|
30
+ change_column_null(TABLE_NAME, column, false)
31
+ end
32
+ end
33
+
34
+
35
+ end
data/lib/mdm.rb ADDED
@@ -0,0 +1,12 @@
1
+ # Namespace for models
2
+ module Mdm
3
+ # Causes the model_name for all Mdm modules to not include the Mdm:: prefix in their name.
4
+ #
5
+ # This has been supported since ActiveSupport 3.2.1. In ActiveSupport 3.1.0, it checked for _railtie. Before that
6
+ # there was no way to do relative naming without manually overriding model_name in each class.
7
+ #
8
+ # @return [true]
9
+ def self.use_relative_model_naming?
10
+ true
11
+ end
12
+ end
@@ -0,0 +1,984 @@
1
+ module Mdm::Host::OperatingSystemNormalization
2
+ #
3
+ # Normalize the operating system fingerprints provided by various scanners
4
+ # (nmap, nexpose, retina, nessus, etc).
5
+ #
6
+ # These are stored as notes (instead of directly in the os_* fields)
7
+ # specifically for this purpose.
8
+ #
9
+ def normalize_os
10
+ host = self
11
+
12
+ wname = {} # os_name == Linux, Windows, Mac OS X, VxWorks
13
+ wtype = {} # purpose == server, client, device
14
+ wflav = {} # os_flavor == Ubuntu, Debian, 2003, 10.5, JetDirect
15
+ wvers = {} # os_sp == 9.10, SP2, 10.5.3, 3.05
16
+ warch = {} # arch == x86, PPC, SPARC, MIPS, ''
17
+ wlang = {} # os_lang == English, ''
18
+ whost = {} # hostname
19
+
20
+ # Note that we're already restricting the query to this host by using
21
+ # host.notes instead of Note, so don't need a host_id in the
22
+ # conditions.
23
+ fingerprintable_notes = self.notes.where("ntype like '%%fingerprint'")
24
+ fingerprintable_notes.each do |fp|
25
+ next if not validate_fingerprint_data(fp)
26
+ norm = normalize_scanner_fp(fp)
27
+ wvers[norm[:os_sp]] = wvers[norm[:os_sp]].to_i + (100 * norm[:certainty])
28
+ wname[norm[:os_name]] = wname[norm[:os_name]].to_i + (100 * norm[:certainty])
29
+ wflav[norm[:os_flavor]] = wflav[norm[:os_flavor]].to_i + (100 * norm[:certainty])
30
+ warch[norm[:arch]] = warch[norm[:arch]].to_i + (100 * norm[:certainty])
31
+ whost[norm[:name]] = whost[norm[:name]].to_i + (100 * norm[:certainty])
32
+ wtype[norm[:type]] = wtype[norm[:type]].to_i + (100 * norm[:certainty])
33
+ end
34
+
35
+ # Grab service information and assign scores. Some services are
36
+ # more trustworthy than others. If more services agree than not,
37
+ # than that should be considered as well.
38
+ # Each service has a starting number of points. Services that
39
+ # are more difficult to fake are awarded more points. The points
40
+ # represent a running total, not a fixed score.
41
+ # XXX: This needs to be refactored in a big way. Tie-breaking is
42
+ # pretty arbitrary, it would be nice to explicitly believe some
43
+ # services over others, but that means recording which service
44
+ # has an opinion and which doesn't. It would also be nice to
45
+ # identify "impossible" combinations of services and alert that
46
+ # something funny is going on.
47
+ # XXX: This hack solves the memory leak generated by self.services.each {}
48
+ fingerprintable_services = self.services.where("name is not null and name != '' and info is not null and info != ''")
49
+ fingerprintable_services.each do |s|
50
+ points = 0
51
+ case s.name
52
+ when 'smb'
53
+ points = 210
54
+ case s.info
55
+ when /\.el([23456])(\s+|$)/ # Match Samba 3.0.33-0.30.el4 as RHEL4
56
+ wname['Linux'] = wname['Linux'].to_i + points
57
+ wflav["RHEL" + $1] = wflav["RHEL" + $1].to_i + points
58
+ wtype['server'] = wtype['server'].to_i + points
59
+ when /(ubuntu|debian|fedora|red ?hat|rhel)/i
60
+ wname['Linux'] = wname['Linux'].to_i + points
61
+ wflav[$1.capitalize] = wflav[$1.capitalize].to_i + points
62
+ wtype['server'] = wtype['server'].to_i + points
63
+ when /^Windows/
64
+ win_sp = nil
65
+ win_flav = nil
66
+ win_lang = nil
67
+
68
+ ninfo = s.info
69
+ ninfo.gsub!('(R)', '')
70
+ ninfo.gsub!('(TM)', '')
71
+ ninfo.gsub!(/\s+/, ' ')
72
+ ninfo.gsub!('No Service Pack', 'Service Pack 0')
73
+
74
+ # Windows (R) Web Server 2008 6001 Service Pack 1 (language: Unknown) (name:PG-WIN2008WEB) (domain:WORKGROUP)
75
+ # Windows XP Service Pack 3 (language: English) (name:EGYPT-B3E55BF3C) (domain:EGYPT-B3E55BF3C)
76
+ # Windows 7 Ultimate (Build 7600) (language: Unknown) (name:WIN7) (domain:WORKGROUP)
77
+ # Windows 2003 No Service Pack (language: Unknown) (name:VMWIN2003) (domain:PWNME)
78
+
79
+ #if ninfo =~ /^Windows ([^\s]+)(.*)(Service Pack |\(Build )([^\(]+)\(/
80
+ if ninfo =~ /^Windows (.*)(Service Pack [^\s]+|\(Build [^\)]+\))/
81
+ win_flav = $1.strip
82
+ win_sp = ($2).strip
83
+ win_sp.gsub!(/with.*/, '')
84
+ win_sp.gsub!('Service Pack', 'SP')
85
+ win_sp.gsub!('Build', 'b')
86
+ win_sp.gsub!(/\s+/, '')
87
+ win_sp.tr!("()", '')
88
+ else
89
+ if ninfo =~ /^Windows ([^\s+]+)([^\(]+)\(/
90
+ win_flav = $2.strip
91
+ end
92
+ end
93
+
94
+
95
+ if ninfo =~ /name: ([^\)]+)\)/
96
+ hostname = $1.strip
97
+ end
98
+
99
+ if ninfo =~ /language: ([^\)]+)\)/
100
+ win_lang = $1.strip
101
+ end
102
+
103
+ win_lang = nil if win_lang =~ /unknown/i
104
+ win_vers = win_sp
105
+
106
+ wname['Microsoft Windows'] = wname['Microsoft Windows'].to_i + points
107
+ wlang[win_lang] = wlang[win_lang].to_i + points if win_lang
108
+ wflav[win_flav] = wflav[win_flav].to_i + points if win_flav
109
+ wvers[win_vers] = wvers[win_vers].to_i + points if win_vers
110
+ whost[hostname] = whost[hostname].to_i + points if hostname
111
+
112
+ case win_flav
113
+ when /NT|2003|2008/
114
+ win_type = 'server'
115
+ else
116
+ win_type = 'client'
117
+ end
118
+ wtype[win_type] = wtype[win_type].to_i + points
119
+ end
120
+
121
+ when 'ssh'
122
+ points = 104
123
+ case s.info
124
+ when /honeypot/i # Never trust this
125
+ nil
126
+ when /ubuntu/i
127
+ # This needs to be above /debian/ becuase the ubuntu banner contains both, e.g.:
128
+ # SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu6
129
+ wname['Linux'] = wname['Linux'].to_i + points
130
+ wflav['Ubuntu'] = wflav['Ubuntu'].to_i + points
131
+ wtype['server'] = wtype['server'].to_i + points
132
+ when /debian/i
133
+ wname['Linux'] = wname['Linux'].to_i + points
134
+ wflav['Debian'] = wflav['Debian'].to_i + points
135
+ wtype['server'] = wtype['server'].to_i + points
136
+ when /FreeBSD/
137
+ wname['FreeBSD'] = wname['FreeBSD'].to_i + points
138
+ wtype['server'] = wtype['server'].to_i + points
139
+ when /sun_ssh/i
140
+ wname['Sun Solaris'] = wname['Sun Solaris'].to_i + points
141
+ wtype['server'] = wtype['server'].to_i + points
142
+ when /vshell|remotelyanywhere|freessh/i
143
+ wname['Microsoft Windows'] = wname['Microsoft Windows'].to_i + points
144
+ wtype['server'] = wtype['server'].to_i + points
145
+
146
+ when /radware/i
147
+ wname['RadWare'] = wname['RadWare'].to_i + points
148
+ wtype['device'] = wtype['device'].to_i + points
149
+
150
+ when /dropbear/i
151
+ wname['Linux'] = wname['Linux'].to_i + points
152
+ wtype['device'] = wtype['device'].to_i + points
153
+
154
+ when /netscreen/i
155
+ wname['NetScreen'] = wname['NetScreen'].to_i + points
156
+ wtype['device'] = wtype['device'].to_i + points
157
+
158
+ when /vpn3/
159
+ wname['Cisco VPN 3000'] = wname['Cisco VPN 3000'].to_i + points
160
+ wtype['device'] = wtype['device'].to_i + points
161
+
162
+ when /cisco/i
163
+ wname['Cisco IOS'] = wname['Cisco IOS'].to_i + points
164
+ wtype['device'] = wtype['device'].to_i + points
165
+
166
+ when /mpSSH/
167
+ wname['HP iLO'] = wname['HP iLO'].to_i + points
168
+ wtype['server'] = wtype['server'].to_i + points
169
+ end
170
+ when 'http'
171
+ points = 99
172
+ case s.info
173
+ when /iSeries/
174
+ wname['IBM iSeries'] = wname['IBM iSeries'].to_i + points
175
+ wtype['server'] = wtype['server'].to_i + points
176
+
177
+ when /Mandrake/i
178
+ wname['Linux'] = wname['Linux'].to_i + points
179
+ wflav['Mandrake'] = wflav['Mandrake'].to_i + points
180
+ wtype['server'] = wtype['server'].to_i + points
181
+
182
+ when /Mandriva/i
183
+ wname['Linux'] = wname['Linux'].to_i + points
184
+ wflav['Mandrake'] = wflav['Mandrake'].to_i + points
185
+ wtype['server'] = wtype['server'].to_i + points
186
+
187
+ when /Ubuntu/i
188
+ wname['Linux'] = wname['Linux'].to_i + points
189
+ wflav['Ubuntu'] = wflav['Ubuntu'].to_i + points
190
+ wtype['server'] = wtype['server'].to_i + points
191
+
192
+ when /Debian/i
193
+ wname['Linux'] = wname['Linux'].to_i + points
194
+ wflav['Debian'] = wflav['Debian'].to_i + points
195
+ wtype['server'] = wtype['server'].to_i + points
196
+
197
+ when /Fedora/i
198
+ wname['Linux'] = wname['Linux'].to_i + points
199
+ wflav['Fedora'] = wflav['Fedora'].to_i + points
200
+ wtype['server'] = wtype['server'].to_i + points
201
+
202
+ when /CentOS/i
203
+ wname['Linux'] = wname['Linux'].to_i + points
204
+ wflav['CentOS'] = wflav['CentOS'].to_i + points
205
+ wtype['server'] = wtype['server'].to_i + points
206
+
207
+ when /RHEL/i
208
+ wname['Linux'] = wname['Linux'].to_i + points
209
+ wflav['RHEL'] = wflav['RHEL'].to_i + points
210
+ wtype['server'] = wtype['server'].to_i + points
211
+
212
+ when /Red.?Hat/i
213
+ wname['Linux'] = wname['Linux'].to_i + points
214
+ wflav['Red Hat'] = wflav['Red Hat'].to_i + points
215
+ wtype['server'] = wtype['server'].to_i + points
216
+
217
+ when /SuSE/i
218
+ wname['Linux'] = wname['Linux'].to_i + points
219
+ wflav['SUSE'] = wflav['SUSE'].to_i + points
220
+ wtype['server'] = wtype['server'].to_i + points
221
+
222
+ when /TurboLinux/i
223
+ wname['Linux'] = wname['Linux'].to_i + points
224
+ wflav['TurboLinux'] = wflav['TurboLinux'].to_i + points
225
+ wtype['server'] = wtype['server'].to_i + points
226
+
227
+ when /Gentoo/i
228
+ wname['Linux'] = wname['Linux'].to_i + points
229
+ wflav['Gentoo'] = wflav['Gentoo'].to_i + points
230
+ wtype['server'] = wtype['server'].to_i + points
231
+
232
+ when /Conectiva/i
233
+ wname['Linux'] = wname['Linux'].to_i + points
234
+ wflav['Conectiva'] = wflav['Conectiva'].to_i + points
235
+ wtype['server'] = wtype['server'].to_i + points
236
+
237
+ when /Asianux/i
238
+ wname['Linux'] = wname['Linux'].to_i + points
239
+ wflav['Asianux'] = wflav['Asianux'].to_i + points
240
+ wtype['server'] = wtype['server'].to_i + points
241
+
242
+ when /Trustix/i
243
+ wname['Linux'] = wname['Linux'].to_i + points
244
+ wflav['Trustix'] = wflav['Trustix'].to_i + points
245
+ wtype['server'] = wtype['server'].to_i + points
246
+
247
+ when /White Box/
248
+ wname['Linux'] = wname['Linux'].to_i + points
249
+ wflav['White Box'] = wflav['White Box'].to_i + points
250
+ wtype['server'] = wtype['server'].to_i + points
251
+
252
+ when /UnitedLinux/
253
+ wname['Linux'] = wname['Linux'].to_i + points
254
+ wflav['UnitedLinux'] = wflav['UnitedLinux'].to_i + points
255
+ wtype['server'] = wtype['server'].to_i + points
256
+
257
+ when /PLD\/Linux/
258
+ wname['Linux'] = wname['Linux'].to_i + points
259
+ wflav['PLD/Linux'] = wflav['PLD/Linux'].to_i + points
260
+ wtype['server'] = wtype['server'].to_i + points
261
+
262
+ when /Vine\/Linux/
263
+ wname['Linux'] = wname['Linux'].to_i + points
264
+ wflav['Vine/Linux'] = wflav['Vine/Linux'].to_i + points
265
+ wtype['server'] = wtype['server'].to_i + points
266
+
267
+ when /rPath/
268
+ wname['Linux'] = wname['Linux'].to_i + points
269
+ wflav['rPath'] = wflav['rPath'].to_i + points
270
+ wtype['server'] = wtype['server'].to_i + points
271
+
272
+ when /StartCom/
273
+ wname['Linux'] = wname['Linux'].to_i + points
274
+ wflav['StartCom'] = wflav['StartCom'].to_i + points
275
+ wtype['server'] = wtype['server'].to_i + points
276
+
277
+ when /linux/i
278
+ wname['Linux'] = wname['Linux'].to_i + points
279
+ wtype['server'] = wtype['server'].to_i + points
280
+
281
+ when /PalmOS/
282
+ wname['PalmOS'] = wname['PalmOS'].to_i + points
283
+ wtype['device'] = wtype['device'].to_i + points
284
+
285
+ when /Microsoft[\x20\x2d]IIS\/[234]\.0/
286
+ wname['Microsoft Windows NT 4.0'] = wname['Microsoft Windows NT 4.0'].to_i + points
287
+ wtype['server'] = wtype['server'].to_i + points
288
+
289
+ when /Microsoft[\x20\x2d]IIS\/5\.0/
290
+ wname['Microsoft Windows 2000'] = wname['Microsoft Windows 2000'].to_i + points
291
+ wtype['server'] = wtype['server'].to_i + points
292
+
293
+ when /Microsoft[\x20\x2d]IIS\/5\.1/
294
+ wname['Microsoft Windows XP'] = wname['Microsoft Windows XP'].to_i + points
295
+ wtype['server'] = wtype['server'].to_i + points
296
+
297
+ when /Microsoft[\x20\x2d]IIS\/6\.0/
298
+ wname['Microsoft Windows 2003'] = wname['Microsoft Windows 2003'].to_i + points
299
+ wtype['server'] = wtype['server'].to_i + points
300
+
301
+ when /Microsoft[\x20\x2d]IIS\/7\.0/
302
+ wname['Microsoft Windows 2008'] = wname['Microsoft Windows 2008'].to_i + points
303
+ wtype['server'] = wtype['server'].to_i + points
304
+
305
+ when /Win32/i
306
+ wname['Microsoft Windows'] = wname['Microsoft Windows'].to_i + points
307
+ wtype['server'] = wtype['server'].to_i + points
308
+
309
+ when /DD\-WRT ([^\s]+) /i
310
+ wname['Linux'] = wname['Linux'].to_i + points
311
+ wflav['DD-WRT'] = wflav['DD-WRT'].to_i + points
312
+ wvers[$1.strip] = wvers[$1.strip].to_i + points
313
+ wtype['server'] = wtype['server'].to_i + points
314
+
315
+ when /Darwin/
316
+ wname['Apple Mac OS X'] = wname['Apple Mac OS X'].to_i + points
317
+
318
+ when /FreeBSD/i
319
+ wname['FreeBSD'] = wname['FreeBSD'].to_i + points
320
+
321
+ when /OpenBSD/i
322
+ wname['OpenBSD'] = wname['OpenBSD'].to_i + points
323
+
324
+ when /NetBSD/i
325
+ wname['NetBSD'] = wname['NetBSD'].to_i + points
326
+
327
+ when /NetWare/i
328
+ wname['Novell NetWare'] = wname['Novell NetWare'].to_i + points
329
+
330
+ when /OpenVMS/i
331
+ wname['OpenVMS'] = wname['OpenVMS'].to_i + points
332
+
333
+ when /SunOS|Solaris/i
334
+ wname['Sun Solaris'] = wname['Sun Solaris'].to_i + points
335
+
336
+ when /HP.?UX/i
337
+ wname['HP-UX'] = wname['HP-UX'].to_i + points
338
+ end
339
+ when 'snmp'
340
+ points = 103
341
+ case s.info
342
+ when /^Sun SNMP Agent/
343
+ wname['Sun Solaris'] = wname['Sun Solaris'].to_i + points
344
+ wtype['server'] = wtype['server'].to_i + points
345
+
346
+ when /^SunOS ([^\s]+) ([^\s]+) /
347
+ # XXX 1/2 XXX what does this comment mean i wonder
348
+ wname['Sun Solaris'] = wname['Sun Solaris'].to_i + points
349
+ wtype['server'] = wtype['server'].to_i + points
350
+
351
+ when /^Linux ([^\s]+) ([^\s]+) /
352
+ whost[$1] = whost[$1].to_i + points
353
+ wname['Linux ' + $2] = wname['Linux ' + $2].to_i + points
354
+ wvers[$2] = wvers[$2].to_i + points
355
+ arch = get_arch_from_string(s.info)
356
+ warch[arch] = warch[arch].to_i + points if arch
357
+ wtype['server'] = wtype['server'].to_i + points
358
+
359
+ when /^Novell NetWare ([^\s]+)/
360
+ wname['Novell NetWare ' + $1] = wname['Novell NetWare ' + $1].to_i + points
361
+ wvers[$1] = wvers[$1].to_i + points
362
+ arch = "x86"
363
+ warch[arch] = warch[arch].to_i + points
364
+ wtype['server'] = wtype['server'].to_i + points
365
+
366
+ when /^Novell UnixWare ([^\s]+)/
367
+ wname['Novell UnixWare ' + $1] = wname['Novell UnixWare ' + $1].to_i + points
368
+ wvers[$1] = wvers[$1].to_i + points
369
+ arch = "x86"
370
+ warch[arch] = warch[arch].to_i + points
371
+ wtype['server'] = wtype['server'].to_i + points
372
+
373
+ when /^HP-UX ([^\s]+) ([^\s]+) /
374
+ # XXX
375
+ wname['HP-UX ' + $2] = wname['HP-UX ' + $2].to_i + points
376
+ wvers[$1] = wvers[$1].to_i + points
377
+ wtype['server'] = wtype['server'].to_i + points
378
+
379
+ when /^IBM PowerPC.*Base Operating System Runtime AIX version: (\d+\.\d+)/
380
+ wname['IBM AIX ' + $1] = wname['IBM AIX ' + $1].to_i + points
381
+ wvers[$1] = wvers[$1].to_i + points
382
+ wtype['server'] = wtype['server'].to_i + points
383
+
384
+ when /^SCO TCP\/IP Runtime Release ([^\s]+)/
385
+ wname['SCO UnixWare ' + $1] = wname['SCO UnixWare ' + $1].to_i + points
386
+ wvers[$1] = wvers[$1].to_i + points
387
+ wtype['server'] = wtype['server'].to_i + points
388
+
389
+ when /.* IRIX version ([^\s]+)/
390
+ wname['SGI IRIX ' + $1] = wname['SGI IRIX ' + $1].to_i + points
391
+ wvers[$1] = wvers[$1].to_i + points
392
+ wtype['server'] = wtype['server'].to_i + points
393
+
394
+ when /^Unisys ([^\s]+) version ([^\s]+) kernel/
395
+ wname['Unisys ' + $2] = wname['Unisys ' + $2].to_i + points
396
+ wvers[$2] = wvers[$2].to_i + points
397
+ whost[$1] = whost[$1].to_i + points
398
+ wtype['server'] = wtype['server'].to_i + points
399
+
400
+ when /.*OpenVMS V([^\s]+) /
401
+ # XXX
402
+ wname['OpenVMS ' + $1] = wname['OpenVMS ' + $1].to_i + points
403
+ wvers[$1] = wvers[$1].to_i + points
404
+ wtype['server'] = wtype['server'].to_i + points
405
+
406
+ when /^Hardware:.*Software: Windows NT Version ([^\s]+) /
407
+ wname['Microsoft Windows NT ' + $1] = wname['Microsoft Windows NT ' + $1].to_i + points
408
+ wtype['server'] = wtype['server'].to_i + points
409
+
410
+ when /^Hardware:.*Software: Windows 2000 Version 5\.0/
411
+ wname['Microsoft Windows 2000'] = wname['Microsoft Windows 2000'].to_i + points
412
+ wtype['server'] = wtype['server'].to_i + points
413
+
414
+ when /^Hardware:.*Software: Windows 2000 Version 5\.1/
415
+ wname['Microsoft Windows XP'] = wname['Microsoft Windows XP'].to_i + points
416
+ wtype['server'] = wtype['server'].to_i + points
417
+
418
+ when /^Hardware:.*Software: Windows Version 5\.2/
419
+ wname['Microsoft Windows 2003'] = wname['Microsoft Windows 2003'].to_i + points
420
+ wtype['server'] = wtype['server'].to_i + points
421
+
422
+ # XXX: TODO 2008, Vista, Windows 7
423
+
424
+ when /^Microsoft Windows CE Version ([^\s]+)+/
425
+ wname['Microsoft Windows CE ' + $1] = wname['Microsoft Windows CE ' + $1].to_i + points
426
+ wtype['client'] = wtype['client'].to_i + points
427
+
428
+ when /^IPSO ([^\s]+) ([^\s]+) /
429
+ whost[$1] = whost[$1].to_i + points
430
+ wname['Nokia IPSO ' + $2] = wname['Nokia IPSO ' + $2].to_i + points
431
+ wvers[$2] = wvers[$2].to_i + points
432
+ arch = get_arch_from_string(s.info)
433
+ warch[arch] = warch[arch].to_s + points if arch
434
+ wtype['device'] = wtype['device'].to_i + points
435
+
436
+ when /^Sun StorEdge/
437
+ wname['Sun StorEdge'] = wname['Sun StorEdge'].to_i + points
438
+ wtype['device'] = wtype['device'].to_i + points
439
+
440
+ when /^HP StorageWorks/
441
+ wname['HP StorageWorks'] = wname['HP StorageWorks'].to_i + points
442
+ wtype['device'] = wtype['device'].to_i + points
443
+
444
+ when /^Network Storage/
445
+ # XXX
446
+ wname['Network Storage Router'] = wname['Network Storage Router'].to_i + points
447
+ wtype['device'] = wtype['device'].to_i + points
448
+
449
+ when /Cisco Internetwork Operating System.*Version ([^\s]+)/
450
+ vers = $1.split(/[,^\s]/)[0]
451
+ wname['Cisco IOS ' + vers] = wname['Cisco IOS ' + vers].to_i + points
452
+ wvers[vers] = wvers[vers].to_i + points
453
+ wtype['device'] = wtype['device'].to_i + points
454
+
455
+ when /Cisco Catalyst.*Version ([^\s]+)/
456
+ vers = $1.split(/[,^\s]/)[0]
457
+ wname['Cisco CatOS ' + vers] = wname['Cisco CatOS ' + vers].to_i + points
458
+ wvers[vers] = wvers[vers].to_i + points
459
+ wtype['device'] = wtype['device'].to_i + points
460
+
461
+ when /Cisco 761.*Version ([^\s]+)/
462
+ vers = $1.split(/[,^\s]/)[0]
463
+ wname['Cisco 761 ' + vers] = wname['Cisco 761 ' + vers].to_i + points
464
+ wvers[vers] = wvers[vers].to_i + points
465
+ wtype['device'] = wtype['device'].to_i + points
466
+
467
+ when /Network Analysis Module.*Version ([^\s]+)/
468
+ vers = $1.split(/[,^\s]/)[0]
469
+ wname['Cisco NAM ' + vers] = wname['Cisco NAM ' + vers].to_i + points
470
+ wvers[vers] = wvers[vers].to_i + points
471
+ wtype['device'] = wtype['device'].to_i + points
472
+
473
+ when /VPN 3000 Concentrator Series Version ([^\s]+)/
474
+ vers = $1.split(/[,^\s]/)[0]
475
+ wname['Cisco VPN 3000 ' + vers] = wname['Cisco VPN 3000 ' + vers].to_i + points
476
+ wvers[vers] = wvers[vers].to_i + points
477
+ wtype['device'] = wtype['device'].to_i + points
478
+
479
+ when /ProCurve.*Switch/
480
+ wname['3Com ProCurve Switch'] = wname['3Com ProCurve Switch'].to_i + points
481
+ wtype['device'] = wtype['device'].to_i + points
482
+
483
+ when /ProCurve.*Access Point/
484
+ wname['3Com Access Point'] = wname['3Com Access Point'].to_i + points
485
+ wtype['device'] = wtype['device'].to_i + points
486
+
487
+ when /3Com.*Access Point/i
488
+ wname['3Com Access Point'] = wname['3Com Access Point'].to_i + points
489
+ wtype['device'] = wtype['device'].to_i + points
490
+
491
+ when /ShoreGear/
492
+ wname['ShoreTel Appliance'] = wname['ShoreTel Appliance'].to_i + points
493
+ wtype['device'] = wtype['device'].to_i + points
494
+
495
+ when /firewall/i
496
+ wname['Unknown Firewall'] = wname['Unknown Firewall'].to_i + points
497
+ wtype['device'] = wtype['device'].to_i + points
498
+
499
+ when /phone/i
500
+ wname['Unknown Phone'] = wname['Unknown Phone'].to_i + points
501
+ wtype['device'] = wtype['device'].to_i + points
502
+
503
+ when /router/i
504
+ wname['Unknown Router'] = wname['Unknown Router'].to_i + points
505
+ wtype['device'] = wtype['device'].to_i + points
506
+
507
+ when /switch/i
508
+ wname['Unknown Switch'] = wname['Unknown Switch'].to_i + points
509
+ wtype['device'] = wtype['device'].to_i + points
510
+ #
511
+ # Printer Signatures
512
+ #
513
+ when /^HP ETHERNET MULTI-ENVIRONMENT/
514
+ wname['HP Printer'] = wname['HP Printer'].to_i + points
515
+ wtype['printer'] = wtype['printer'].to_i + points
516
+ when /Canon/i
517
+ wname['Canon Printer'] = wname['Canon Printer'].to_i + points
518
+ wtype['printer'] = wtype['printer'].to_i + points
519
+ when /Epson/i
520
+ wname['Epson Printer'] = wname['Epson Printer'].to_i + points
521
+ wtype['printer'] = wtype['printer'].to_i + points
522
+ when /ExtendNet/i
523
+ wname['ExtendNet Printer'] = wname['ExtendNet Printer'].to_i + points
524
+ wtype['printer'] = wtype['printer'].to_i + points
525
+ when /Fiery/i
526
+ wname['Fiery Printer'] = wname['Fiery Printer'].to_i + points
527
+ wtype['printer'] = wtype['printer'].to_i + points
528
+ when /Konica/i
529
+ wname['Konica Printer'] = wname['Konica Printer'].to_i + points
530
+ wtype['printer'] = wtype['printer'].to_i + points
531
+ when /Lanier/i
532
+ wname['Lanier Printer'] = wname['Lanier Printer'].to_i + points
533
+ wtype['printer'] = wtype['printer'].to_i + points
534
+ when /Lantronix/i
535
+ wname['Lantronix Printer'] = wname['Lantronix Printer'].to_i + points
536
+ wtype['printer'] = wtype['printer'].to_i + points
537
+ when /Lexmark/i
538
+ wname['Lexmark Printer'] = wname['Lexmark Printer'].to_i + points
539
+ wtype['printer'] = wtype['printer'].to_i + points
540
+ when /Magicolor/i
541
+ wname['Magicolor Printer'] = wname['Magicolor Printer'].to_i + points
542
+ wtype['printer'] = wtype['printer'].to_i + points
543
+ when /Minolta/i
544
+ wname['Minolta Printer'] = wname['Minolta Printer'].to_i + points
545
+ wtype['printer'] = wtype['printer'].to_i + points
546
+ when /NetJET/i
547
+ wname['NetJET Printer'] = wname['NetJET Printer'].to_i + points
548
+ wtype['printer'] = wtype['printer'].to_i + points
549
+ when /OKILAN/i
550
+ wname['OKILAN Printer'] = wname['OKILAN Printer'].to_i + points
551
+ wtype['printer'] = wtype['printer'].to_i + points
552
+ when /Phaser/i
553
+ wname['Phaser Printer'] = wname['Phaser Printer'].to_i + points
554
+ wtype['printer'] = wtype['printer'].to_i + points
555
+ when /PocketPro/i
556
+ wname['PocketPro Printer'] = wname['PocketPro Printer'].to_i + points
557
+ wtype['printer'] = wtype['printer'].to_i + points
558
+ when /Ricoh/i
559
+ wname['Ricoh Printer'] = wname['Ricoh Printer'].to_i + points
560
+ wtype['printer'] = wtype['printer'].to_i + points
561
+ when /Savin/i
562
+ wname['Savin Printer'] = wname['Savin Printer'].to_i + points
563
+ wtype['printer'] = wtype['printer'].to_i + points
564
+ when /SHARP AR/i
565
+ wname['SHARP Printer'] = wname['SHARP Printer'].to_i + points
566
+ wtype['printer'] = wtype['printer'].to_i + points
567
+ when /Star Micronix/i
568
+ wname['Star Micronix Printer'] = wname['Star Micronix Printer'].to_i + points
569
+ wtype['printer'] = wtype['printer'].to_i + points
570
+ when /Source Tech/i
571
+ wname['Source Tech Printer'] = wname['Source Tech Printer'].to_i + points
572
+ wtype['printer'] = wtype['printer'].to_i + points
573
+ when /Xerox/i
574
+ wname['Xerox Printer'] = wname['Xerox Printer'].to_i + points
575
+ wtype['printer'] = wtype['printer'].to_i + points
576
+ when /^Brother/i
577
+ wname['Brother Printer'] = wname['Brother Printer'].to_i + points
578
+ wtype['printer'] = wtype['printer'].to_i + points
579
+ when /^Axis.*Network Print/i
580
+ wname['Axis Printer'] = wname['Axis Printer'].to_i + points
581
+ wtype['printer'] = wtype['printer'].to_i + points
582
+ when /^Prestige/i
583
+ wname['Prestige Printer'] = wname['Prestige Printer'].to_i + points
584
+ wtype['printer'] = wtype['printer'].to_i + points
585
+ when /^ZebraNet/i
586
+ wname['ZebraNet Printer'] = wname['ZebraNet Printer'].to_i + points
587
+ wtype['printer'] = wtype['printer'].to_i + points
588
+ when /e\-STUDIO/i
589
+ wname['eStudio Printer'] = wname['eStudio Printer'].to_i + points
590
+ wtype['printer'] = wtype['printer'].to_i + points
591
+ when /^Gestetner/i
592
+ wname['Gestetner Printer'] = wname['Gestetner Printer'].to_i + points
593
+ wtype['printer'] = wtype['printer'].to_i + points
594
+ when /IBM.*Print/i
595
+ wname['IBM Printer'] = wname['IBM Printer'].to_i + points
596
+ wtype['printer'] = wtype['printer'].to_i + points
597
+ when /HP (Color|LaserJet|InkJet)/i
598
+ wname['HP Printer'] = wname['HP Printer'].to_i + points
599
+ wtype['printer'] = wtype['printer'].to_i + points
600
+ when /Dell (Color|Laser|Ink)/i
601
+ wname['Dell Printer'] = wname['Dell Printer'].to_i + points
602
+ wtype['printer'] = wtype['printer'].to_i + points
603
+ when /Print/i
604
+ wname['Unknown Printer'] = wname['Unknown Printer'].to_i + points
605
+ wtype['printer'] = wtype['printer'].to_i + points
606
+ end # End of s.info for SNMP
607
+
608
+ when 'telnet'
609
+ points = 105
610
+ case s.info
611
+ when /IRIX/
612
+ wname['SGI IRIX'] = wname['SGI IRIX'].to_i + points
613
+ when /AIX/
614
+ wname['IBM AIX'] = wname['IBM AIX'].to_i + points
615
+ when /(FreeBSD|OpenBSD|NetBSD)\/(.*) /
616
+ wname[$1] = wname[$1].to_i + points
617
+ arch = get_arch_from_string($2)
618
+ warch[arch] = warch[arch].to_i + points
619
+ when /Ubuntu (\d+(\.\d+)+)/
620
+ wname['Linux'] = wname['Linux'].to_i + points
621
+ wflav['Ubuntu'] = wflav['Ubuntu'].to_i + points
622
+ wvers[$1] = wvers[$1].to_i + points
623
+ when /User Access Verification/
624
+ wname['Cisco IOS'] = wname['Cisco IOS'].to_i + points
625
+ when /Microsoft/
626
+ wname['Microsoft Windows'] = wname['Microsoft Windows'].to_i + points
627
+ end # End of s.info for TELNET
628
+ wtype['server'] = wtype['server'].to_i + points
629
+
630
+ when 'smtp'
631
+ points = 103
632
+ case s.info
633
+ when /ESMTP.*SGI\.8/
634
+ wname['SGI IRIX'] = wname['SGI IRIX'].to_i + points
635
+ wtype['server'] = wtype['server'].to_i + points
636
+ end # End of s.info for SMTP
637
+
638
+ when 'https'
639
+ points = 101
640
+ case s.info
641
+ when /(VMware\s(ESXi?)).*\s([\d\.]+)/
642
+ # Very reliable fingerprinting from our own esx_fingerprint module
643
+ wname[$1] = wname[$1].to_i + (points * 5)
644
+ wflav[$3] = wflav[$3].to_i + (points * 5)
645
+ wtype['device'] = wtype['device'].to_i + points
646
+ end # End of s.info for HTTPS
647
+
648
+ when 'netbios'
649
+ points = 201
650
+ case s.info
651
+ when /W2K3/i
652
+ wname['Microsoft Windows 2003'] = wname['Microsoft Windows 2003'].to_i + points
653
+ wtype['server'] = wtype['server'].to_i + points
654
+ when /W2K8/i
655
+ wname['Microsoft Windows 2008'] = wname['Microsoft Windows 2008'].to_i + points
656
+ wtype['server'] = wtype['server'].to_i + points
657
+ end # End of s.info for NETBIOS
658
+
659
+ when 'dns'
660
+ points = 101
661
+ case s.info
662
+ when 'Microsoft DNS'
663
+ wname['Microsoft Windows'] = wname['Microsoft Windows'].to_i + points
664
+ wtype['server'] = wtype['server'].to_i + points
665
+ end # End of s.info for DNS
666
+ end # End of s.name case
667
+ # End of Services
668
+ end
669
+
670
+ #
671
+ # Report the best match here
672
+ #
673
+ best_match = {}
674
+ best_match[:os_name] = wname.keys.sort{|a,b| wname[b] <=> wname[a]}[0]
675
+ best_match[:purpose] = wtype.keys.sort{|a,b| wtype[b] <=> wtype[a]}[0]
676
+ best_match[:os_flavor] = wflav.keys.sort{|a,b| wflav[b] <=> wflav[a]}[0]
677
+ best_match[:os_sp] = wvers.keys.sort{|a,b| wvers[b] <=> wvers[a]}[0]
678
+ best_match[:arch] = warch.keys.sort{|a,b| warch[b] <=> warch[a]}[0]
679
+ best_match[:name] = whost.keys.sort{|a,b| whost[b] <=> whost[a]}[0]
680
+ best_match[:os_lang] = wlang.keys.sort{|a,b| wlang[b] <=> wlang[a]}[0]
681
+
682
+ best_match[:os_flavor] ||= host[:os_flavor] || ""
683
+ if best_match[:os_name]
684
+ # Handle cases where the flavor contains the base name
685
+ # Don't use gsub!() here because the string was a hash key in a
686
+ # previously life and gets frozen on 1.9.1, see #4128
687
+ best_match[:os_flavor] = best_match[:os_flavor].gsub(best_match[:os_name], '')
688
+ end
689
+
690
+ # If we didn't get anything, use whatever the host already has.
691
+ # Failing that, fallback to "Unknown"
692
+ best_match[:os_name] ||= host[:os_name] || 'Unknown'
693
+ best_match[:purpose] ||= 'device'
694
+
695
+ [:os_name, :purpose, :os_flavor, :os_sp, :arch, :name, :os_lang].each do |host_attr|
696
+ next if host.attribute_locked? host_attr
697
+ if best_match[host_attr]
698
+ host[host_attr] = Rex::Text.ascii_safe_hex(best_match[host_attr])
699
+ end
700
+ end
701
+
702
+ host.save if host.changed?
703
+ end
704
+
705
+ # Determine if the fingerprint data is readable. If not, it nearly always
706
+ # means that there was a problem with the YAML or the Marshal'ed data,
707
+ # so let's log that for later investigation.
708
+ def validate_fingerprint_data(fp)
709
+ if fp.data.kind_of?(Hash) and !fp.data.empty?
710
+ return true
711
+ elsif fp.ntype == "postgresql.fingerprint"
712
+ # Special case postgresql.fingerprint; it's always a string,
713
+ # and should not be used for OS fingerprinting (yet), so
714
+ # don't bother logging it. TODO: fix os fingerprint finding, this
715
+ # name collision seems silly.
716
+ return false
717
+ else
718
+ dlog("Could not validate fingerprint data: #{fp.inspect}")
719
+ return false
720
+ end
721
+ end
722
+
723
+ protected
724
+
725
+ #
726
+ # Convert a host.os.*_fingerprint Note into a hash containing the standard os_* fields
727
+ #
728
+ # Also includes a :certainty which is a float from 0 - 1.00 indicating the
729
+ # scanner's confidence in its fingerprint. If the particular scanner does
730
+ # not provide such information, defaults to 0.80.
731
+ #
732
+ # TODO: This whole normalize scanner procedure needs to be shoved off to its own
733
+ # mixin. It's far too long and convoluted, has a ton of repeated code, and is
734
+ # a massive hassle to update with new fingerprints.
735
+ def normalize_scanner_fp(fp)
736
+ return {} if not validate_fingerprint_data(fp)
737
+ ret = {}
738
+ data = fp.data
739
+ case fp.ntype
740
+ when 'host.os.session_fingerprint'
741
+ # These come from meterpreter sessions' client.sys.config.sysinfo
742
+ case data[:os]
743
+ when /Windows/
744
+ ret.update(parse_windows_os_str(data[:os]))
745
+ when /Linux ([^[:space:]]*) ([^[:space:]]*) .* (\(.*\))/
746
+ ret[:os_name] = "Linux"
747
+ ret[:name] = $1
748
+ ret[:os_sp] = $2
749
+ ret[:arch] = get_arch_from_string($3)
750
+ else
751
+ ret[:os_name] = data[:os]
752
+ end
753
+ ret[:arch] = data[:arch] if data[:arch]
754
+ ret[:name] = data[:name] if data[:name]
755
+
756
+ when 'host.os.nmap_fingerprint', 'host.os.mbsa_fingerprint'
757
+ # :os_vendor=>"Microsoft" :os_family=>"Windows" :os_version=>"2000" :os_accuracy=>"94"
758
+ #
759
+ # :os_match=>"Microsoft Windows Vista SP0 or SP1, Server 2008, or Windows 7 Ultimate (build 7000)"
760
+ # :os_vendor=>"Microsoft" :os_family=>"Windows" :os_version=>"7" :os_accuracy=>"100"
761
+ ret[:certainty] = data[:os_accuracy].to_f / 100.0
762
+ if (data[:os_vendor] == data[:os_family])
763
+ ret[:os_name] = data[:os_family]
764
+ else
765
+ ret[:os_name] = data[:os_vendor] + " " + data[:os_family]
766
+ end
767
+ ret[:os_flavor] = data[:os_version]
768
+ ret[:name] = data[:hostname] if data[:hostname]
769
+
770
+ when 'host.os.nexpose_fingerprint'
771
+ # :family=>"Windows" :certainty=>"0.85" :vendor=>"Microsoft" :product=>"Windows 7 Ultimate Edition"
772
+ # :family=>"Linux" :certainty=>"0.64" :vendor=>"Linux" :product=>"Linux"
773
+ # :family=>"Linux" :certainty=>"0.80" :vendor=>"Ubuntu" :product=>"Linux"
774
+ # :family=>"IOS" :certainty=>"0.80" :vendor=>"Cisco" :product=>"IOS"
775
+ # :family=>"embedded" :certainty=>"0.61" :vendor=>"Linksys" :product=>"embedded"
776
+ ret[:certainty] = data[:certainty].to_f
777
+ case data[:family]
778
+ when /AIX|ESX|Mac OS X|OpenSolaris|Solaris|IOS|Linux/
779
+ if data[:vendor] == data[:family]
780
+ ret[:os_name] = data[:vendor]
781
+ else
782
+ # family often contains the vendor string, so rip it out to
783
+ # avoid useless duplication
784
+ ret[:os_name] = data[:vendor].to_s + " " + data[:family].to_s.gsub(data[:vendor].to_s, '').strip
785
+ end
786
+ when "Windows"
787
+ ret[:os_name] = "Microsoft Windows"
788
+ if data[:product]
789
+ if data[:product][/2008/] && data[:version].to_i == 7
790
+ ret[:os_flavor] = "Windows 7"
791
+ ret[:type] = "client"
792
+ else
793
+ ret[:os_flavor] = data[:product].gsub("Windows", '').strip
794
+ ret[:os_sp] = data[:version] if data[:version]
795
+ if data[:product]
796
+ ret[:type] = "server" if data[:product][/Server/]
797
+ ret[:type] = "client" if data[:product][/^(XP|ME)$/]
798
+ end
799
+ end
800
+ end
801
+ when "embedded"
802
+ ret[:os_name] = data[:vendor]
803
+ else
804
+ ret[:os_name] = data[:vendor]
805
+ end
806
+ ret[:arch] = get_arch_from_string(data[:arch]) if data[:arch]
807
+ ret[:arch] ||= get_arch_from_string(data[:desc]) if data[:desc]
808
+
809
+ when 'host.os.retina_fingerprint'
810
+ # :os=>"Windows Server 2003 (X64), Service Pack 2"
811
+ case data[:os]
812
+ when /Windows/
813
+ ret.update(parse_windows_os_str(data[:os]))
814
+ else
815
+ # No idea what this looks like if it isn't windows. Just store
816
+ # the whole thing and hope for the best. XXX: Ghetto. =/
817
+ ret[:os_name] = data[:os]
818
+ end
819
+ when 'host.os.nessus_fingerprint'
820
+ # :os=>"Microsoft Windows 2000 Advanced Server (English)"
821
+ # :os=>"Microsoft Windows 2000\nMicrosoft Windows XP"
822
+ # :os=>"Linux Kernel 2.6"
823
+ # :os=>"Sun Solaris 8"
824
+ # :os=>"IRIX 6.5"
825
+
826
+ # Nessus sometimes jams multiple OS names together with a newline.
827
+ oses = data[:os].split(/\n/)
828
+ if oses.length > 1
829
+ # Multiple fingerprints means Nessus wasn't really sure, reduce
830
+ # the certainty accordingly
831
+ ret[:certainty] = 0.5
832
+ else
833
+ ret[:certainty] = 0.8
834
+ end
835
+
836
+ # Since there is no confidence associated with them, the best we
837
+ # can do is just take the first one.
838
+ case oses.first
839
+ when /Windows/
840
+ ret.update(parse_windows_os_str(data[:os]))
841
+
842
+ when /(2\.[46]\.\d+[-a-zA-Z0-9]+)/
843
+ # Linux kernel version
844
+ ret[:os_name] = "Linux"
845
+ ret[:os_sp] = $1
846
+ when /(.*)?((\d+\.)+\d+)$/
847
+ # Then we don't necessarily know what the os is, but this
848
+ # fingerprint has some version information at the end, pull it
849
+ # off.
850
+ # When Nessus doesn't know what kind of linux it has, it gives an os like
851
+ # "Linux Kernel 2.6"
852
+ # The "Kernel" string is useless, so cut it off.
853
+ ret[:os_name] = $1.gsub("Kernel", '').strip
854
+ ret[:os_sp] = $2
855
+ else
856
+ ret[:os_name] = oses.first
857
+ end
858
+
859
+ ret[:name] = data[:hname]
860
+ when 'host.os.qualys_fingerprint'
861
+ # :os=>"Microsoft Windows 2000"
862
+ # :os=>"Windows 2003"
863
+ # :os=>"Microsoft Windows XP Professional SP3"
864
+ # :os=>"Ubuntu Linux"
865
+ # :os=>"Cisco IOS 12.0(3)T3"
866
+ case data[:os]
867
+ when /Windows/
868
+ ret.update(parse_windows_os_str(data[:os]))
869
+ else
870
+ parts = data[:os].split(/\s+/, 3)
871
+ ret[:os_name] = "<unknown>"
872
+ ret[:os_name] = parts[0] if parts[0]
873
+ ret[:os_name] << " " + parts[1] if parts[1]
874
+ ret[:os_sp] = parts[2] if parts[2]
875
+ end
876
+ # XXX: We should really be using smb_version's stored fingerprints
877
+ # instead of parsing the service info manually. Disable for now so we
878
+ # don't count smb twice.
879
+ #when 'smb.fingerprint'
880
+ # # smb_version is kind enough to store everything we need directly
881
+ # ret.merge(fp.data)
882
+ # # If it's windows, this should be a pretty high-confidence
883
+ # # fingerprint. Otherwise, it's samba which doesn't give us much of
884
+ # # anything in most cases.
885
+ # ret[:certainty] = 1.0 if fp.data[:os_name] =~ /Windows/
886
+ when 'host.os.fusionvm_fingerprint'
887
+ case data[:os]
888
+ when /Windows/
889
+ ret.update(parse_windows_os_str(data[:os]))
890
+ when /Linux ([^[:space:]]*) ([^[:space:]]*) .* (\(.*\))/
891
+ ret[:os_name] = "Linux"
892
+ ret[:name] = $1
893
+ ret[:os_sp] = $2
894
+ ret[:arch] = get_arch_from_string($3)
895
+ else
896
+ ret[:os_name] = data[:os]
897
+ end
898
+ ret[:arch] = data[:arch] if data[:arch]
899
+ ret[:name] = data[:name] if data[:name]
900
+ else
901
+ # If you've fallen through this far, you've hit a generalized
902
+ # pass-through fingerprint parser.
903
+ ret[:os_name] = data[:os_name] || data[:os] || data[:os_fingerprint] || "<unknown>"
904
+ ret[:type] = data[:os_purpose] if data[:os_purpose]
905
+ ret[:arch] = data[:os_arch] if data[:os_arch]
906
+ ret[:certainty] = data[:os_certainty] || 0.5
907
+ end
908
+ ret[:certainty] ||= 0.8
909
+ ret
910
+ end
911
+
912
+ #
913
+ # Take a windows version string and return a hash with fields suitable for
914
+ # Host this object's version fields.
915
+ #
916
+ # A few example strings that this will have to parse:
917
+ # sessions
918
+ # Windows XP (Build 2600, Service Pack 3).
919
+ # Windows .NET Server (Build 3790).
920
+ # Windows 2008 (Build 6001, Service Pack 1).
921
+ # retina
922
+ # Windows Server 2003 (X64), Service Pack 2
923
+ # nessus
924
+ # Microsoft Windows 2000 Advanced Server (English)
925
+ # qualys
926
+ # Microsoft Windows XP Professional SP3
927
+ # Windows 2003
928
+ #
929
+ # Note that this list doesn't include nexpose or nmap, since they are
930
+ # both kind enough to give us the various strings in seperate pieces
931
+ # that we don't have to parse out manually.
932
+ #
933
+ def parse_windows_os_str(str)
934
+ ret = {}
935
+
936
+ ret[:os_name] = "Microsoft Windows"
937
+ arch = get_arch_from_string(str)
938
+ ret[:arch] = arch if arch
939
+
940
+ if str =~ /(Service Pack|SP) ?(\d+)/
941
+ ret[:os_sp] = "SP#{$2}"
942
+ end
943
+
944
+ # Flavor
945
+ case str
946
+ when /\.NET Server/
947
+ ret[:os_flavor] = "2003"
948
+ when /(XP|2000 Advanced Server|2000|2003|2008|SBS|Vista|7 .* Edition|7)/
949
+ ret[:os_flavor] = $1
950
+ else
951
+ # If we couldn't pull out anything specific for the flavor, just cut
952
+ # off the stuff we know for sure isn't it and hope for the best
953
+ ret[:os_flavor] ||= str.gsub(/(Microsoft )?Windows|(Service Pack|SP) ?(\d+)/, '').strip
954
+ end
955
+
956
+ if str =~ /NT|2003|2008|SBS|Server/
957
+ ret[:type] = 'server'
958
+ else
959
+ ret[:type] = 'client'
960
+ end
961
+
962
+ ret
963
+ end
964
+
965
+ # A case switch to return a normalized arch based on a given string.
966
+ def get_arch_from_string(str)
967
+ case str
968
+ when /x64|amd64|x86_64/i
969
+ "x64"
970
+ when /x86|i[3456]86/i
971
+ "x86"
972
+ when /PowerPC|PPC|POWER|ppc/
973
+ "ppc"
974
+ when /SPARC/i
975
+ "sparc"
976
+ when /MIPS/i
977
+ "mips"
978
+ when /ARM/i
979
+ "arm"
980
+ else
981
+ nil
982
+ end
983
+ end
984
+ end