RubyGems - recog-intrigue - Versions diffs - 2.3.7 - Mend

recog-intrigue 2.3.7

Files changed (130) hide show

checksums.yaml +7 -0
data/.github/ISSUE_TEMPLATE/bug_report.md +37 -0
data/.github/ISSUE_TEMPLATE/feature_request.md +17 -0
data/.github/ISSUE_TEMPLATE/fingerprint_request.md +27 -0
data/.github/PULL_REQUEST_TEMPLATE +24 -0
data/.gitignore +14 -0
data/.rbenv-gemset +1 -0
data/.rspec +3 -0
data/.ruby-gemset +1 -0
data/.ruby-version +1 -0
data/.travis.yml +25 -0
data/.yardopts +1 -0
data/CONTRIBUTING.md +171 -0
data/COPYING +23 -0
data/Gemfile +10 -0
data/LICENSE +7 -0
data/README.md +85 -0
data/Rakefile +22 -0
data/bin/recog_export +81 -0
data/bin/recog_match +55 -0
data/bin/recog_standardize +118 -0
data/bin/recog_verify +64 -0
data/cpe-remap.yaml +134 -0
data/features/data/failing_banners_fingerprints.xml +20 -0
data/features/data/matching_banners_fingerprints.xml +23 -0
data/features/data/multiple_banners_fingerprints.xml +32 -0
data/features/data/no_tests.xml +3 -0
data/features/data/sample_banner.txt +2 -0
data/features/data/successful_tests.xml +18 -0
data/features/data/tests_with_failures.xml +20 -0
data/features/data/tests_with_warnings.xml +17 -0
data/features/match.feature +36 -0
data/features/support/aruba.rb +3 -0
data/features/support/env.rb +6 -0
data/features/verify.feature +48 -0
data/identifiers/README.md +47 -0
data/identifiers/os_architecture.txt +20 -0
data/identifiers/os_device.txt +52 -0
data/identifiers/os_family.txt +160 -0
data/identifiers/os_product.txt +199 -0
data/identifiers/service_family.txt +185 -0
data/identifiers/service_product.txt +255 -0
data/identifiers/software_class.txt +26 -0
data/identifiers/software_family.txt +91 -0
data/identifiers/software_product.txt +333 -0
data/identifiers/vendor.txt +405 -0
data/lib/recog.rb +4 -0
data/lib/recog/db.rb +78 -0
data/lib/recog/db_manager.rb +31 -0
data/lib/recog/fingerprint.rb +280 -0
data/lib/recog/fingerprint/regexp_factory.rb +56 -0
data/lib/recog/fingerprint/test.rb +18 -0
data/lib/recog/formatter.rb +51 -0
data/lib/recog/match_reporter.rb +77 -0
data/lib/recog/matcher.rb +94 -0
data/lib/recog/matcher_factory.rb +14 -0
data/lib/recog/nizer.rb +347 -0
data/lib/recog/verifier.rb +39 -0
data/lib/recog/verifier_factory.rb +13 -0
data/lib/recog/verify_reporter.rb +86 -0
data/lib/recog/version.rb +3 -0
data/misc/convert_mysql_err +61 -0
data/misc/order.xsl +17 -0
data/recog-intrigue.gemspec +45 -0
data/requirements.txt +2 -0
data/spec/data/best_os_match_1.yml +17 -0
data/spec/data/best_os_match_2.yml +17 -0
data/spec/data/best_service_match_1.yml +17 -0
data/spec/data/smb_native_os.txt +25 -0
data/spec/data/test_fingerprints.xml +36 -0
data/spec/data/verification_fingerprints.xml +86 -0
data/spec/data/whitespaced_fingerprint.xml +5 -0
data/spec/lib/fingerprint_self_test_spec.rb +174 -0
data/spec/lib/recog/db_spec.rb +98 -0
data/spec/lib/recog/fingerprint/regexp_factory_spec.rb +73 -0
data/spec/lib/recog/fingerprint_spec.rb +112 -0
data/spec/lib/recog/formatter_spec.rb +69 -0
data/spec/lib/recog/match_reporter_spec.rb +91 -0
data/spec/lib/recog/nizer_spec.rb +330 -0
data/spec/lib/recog/verify_reporter_spec.rb +113 -0
data/spec/spec_helper.rb +82 -0
data/update_cpes.py +186 -0
data/xml/apache_modules.xml +1911 -0
data/xml/apache_os.xml +273 -0
data/xml/architecture.xml +36 -0
data/xml/dns_versionbind.xml +761 -0
data/xml/fingerprints.xsd +128 -0
data/xml/ftp_banners.xml +1553 -0
data/xml/h323_callresp.xml +603 -0
data/xml/hp_pjl_id.xml +358 -0
data/xml/html_title.xml +1630 -0
data/xml/http_cookies.xml +411 -0
data/xml/http_servers.xml +3195 -0
data/xml/http_wwwauth.xml +595 -0
data/xml/imap_banners.xml +245 -0
data/xml/ldap_searchresult.xml +711 -0
data/xml/mdns_device-info_txt.xml +1796 -0
data/xml/mdns_workstation_txt.xml +15 -0
data/xml/mysql_banners.xml +1649 -0
data/xml/mysql_error.xml +871 -0
data/xml/nntp_banners.xml +82 -0
data/xml/ntp_banners.xml +1223 -0
data/xml/operating_system.xml +629 -0
data/xml/pop_banners.xml +499 -0
data/xml/rsh_resp.xml +76 -0
data/xml/rtsp_servers.xml +76 -0
data/xml/sip_banners.xml +359 -0
data/xml/sip_user_agents.xml +221 -0
data/xml/smb_native_lm.xml +62 -0
data/xml/smb_native_os.xml +662 -0
data/xml/smtp_banners.xml +1690 -0
data/xml/smtp_debug.xml +39 -0
data/xml/smtp_ehlo.xml +49 -0
data/xml/smtp_expn.xml +82 -0
data/xml/smtp_help.xml +157 -0
data/xml/smtp_mailfrom.xml +20 -0
data/xml/smtp_noop.xml +44 -0
data/xml/smtp_quit.xml +29 -0
data/xml/smtp_rcptto.xml +25 -0
data/xml/smtp_rset.xml +26 -0
data/xml/smtp_turn.xml +26 -0
data/xml/smtp_vrfy.xml +89 -0
data/xml/snmp_sysdescr.xml +6507 -0
data/xml/snmp_sysobjid.xml +430 -0
data/xml/ssh_banners.xml +1968 -0
data/xml/telnet_banners.xml +1595 -0
data/xml/x11_banners.xml +232 -0
data/xml/x509_issuers.xml +134 -0
data/xml/x509_subjects.xml +1268 -0
metadata +304 -0

@@ -0,0 +1,405 @@
+2Wire
+3Com
+4D
+ACC
+ACME Laboratories
+Acorn
+Actiontec
+ActiveState
+Adaptec
+ADC
+Adobe
+Adtran
+AIM
+Aironet
+Alcatel
+Allegro Software
+Allied Telesyn
+Alpha Micro
+Alpine
+Alteon
+Alt-N
+Amazon
+AMD
+Amiga
+AnalogX
+Apache
+APC
+Apollo
+Apple
+Aprelium Technologies
+Arescom
+ArGoSoft
+Arlan
+ARM
+ARRIS
+Artifex Software Inc.
+Asante
+Ascend
+Ascom
+Asianux
+Atari
+ATG
+AtheOS
+Atrium Software
+Attachmate
+Auspex
+Avaya
+Avocent
+Axent
+Axis
+Bay Networks
+Be
+BEA
+Bell Labs
+Bintec
+Bitvise
+Blue Coat
+Borderware
+Brix Networks
+Brocade
+Brother
+BSDi
+BT
+Buffalo
+Business Objects
+Cabletron
+Cacheflow
+Canon
+Canonical
+Cantillion
+Capellix
+Castelle
+CastleNet
+Caucho
+Cayman
+CentOS
+Chase
+Check Point
+CherryPy
+Cisco
+Citrix
+Clearswift
+CNET
+CNT
+Cobalt
+Commodore
+Compaq
+Compatible Systems
+Computer Associates
+Computone
+Conectiva
+Conexant
+Convex
+Copper Mountain
+Corega
+Cray
+Critical Path
+CSM
+CyberArk
+CyberGuard
+Cyclades
+Data General
+Datamax
+DataVoice
+Debian
+DEC
+Dell
+Digital Link
+Digital Networks
+DigiTel
+D-Link
+Docker Inc.
+DrayTek
+EasyTel
+Eaton
+Edimax
+Eicon
+Ektron
+ELSA
+Embedthis
+EMC
+EMWAC
+Enterasys
+Epson
+EqualLogic
+Ericsson
+Eudora
+EUSSO
+Exabyte
+exim
+ExtendNet
+Extreme Networks
+F5
+FastComm
+FatWire
+FiberLine
+Floosietek
+FlowPoint
+Fore
+FortiNet
+Foundry
+Foxit Software Inc.
+FreeBSD
+FreeScale
+FreeSCO
+Fujitsu Siemens
+GalactiComm
+Gandalf
+Gauntlet
+Genius
+Gentoo
+Gigamon
+Global Technology Associates
+GlobalScape
+GNet
+GNU
+Google
+Gordano
+Hawking
+Hitachi
+Hospira
+HP
+Huawei
+Hydra
+IBM
+Imagistics
+Innovaphone
+Intel
+Intergraph
+IPCop
+Ipswitch
+Isolation
+IXIA
+Juniper
+KA9Q
+Kaspersky Lab
+Kentrox
+Kerio
+Konica
+Kronos
+Kyocera
+Labtam
+LANCOM Systems
+Lantronix
+Leunig
+Lexmark
+LG Goldstream
+Linksys
+Linux
+Linux Foundation
+Livingston
+LogMeIn
+Lotus
+Lucent
+LWIP
+Lyris
+Macromedia
+Madge
+Magna
+Mail-Max
+Mandrake
+Mandriva
+Maxim IC
+McAfee
+Megabit
+Merak
+Meridian
+MetaInfo
+Microbase
+Microplex
+Microsoft
+MikroTik
+Minix
+Minolta
+Mirapoint
+Mocana
+Moodle
+Mort Bay
+Motorola
+Mozilla
+MRV Communications
+MultiTech
+MySQL
+NAT
+NCD
+NcFTP Software
+NCR
+NEC
+Neoware
+NetApp
+NetBSD
+Netgear
+NetJet
+NetMatrix
+Netopia
+Netscape
+NetScreen
+NetSilicon
+Network Systems
+Nexland
+NeXT
+Nokia
+Nortel
+Norton
+Novell
+NSG
+NTT
+Oce
+Okidata
+Omron
+OpenBSD
+OpenJDK
+OpenSUSE
+Opera Software
+Oracle
+Overland
+Oversee
+ownCloud
+Packet Engines
+Packeteer
+Palm
+Palo Alto Networks
+Panasonic
+Paul Smith Computer Services
+Philips
+PHP
+phpMyAdmin
+Pigtail
+Piriform
+Pitney Bowes
+Plain Black
+Planet
+PLD
+Polycom
+Postgres
+PowerWare
+Pragma Systems
+PreEmptive Solutions
+Process Software
+Proteon
+Proxim
+qmail
+QMS
+QNX
+Qualcomm
+Quanterra
+Quantum
+Racal
+Radionics
+Rapid7
+Raptor
+Rarlab
+RCA
+RealMedia
+Red Hat
+Redback
+Rhino Software
+Ricoh
+Ringdale
+Riverbed Technology
+Riverstone Networks
+RoadLanner
+Rockliffe
+Rockwell
+Roxen
+rPath
+SafeNet
+SAP
+SAR
+Savin
+SBLIM
+Schneider Electric
+SCO
+Seattle Labs
+Secure Computing
+Sega
+Sendmail
+Sequent
+SGI
+Sharp
+Shiva
+Siebel
+Siemens
+Simon Tatham
+Slackware
+SMC
+SmoothWall
+SonicWALL
+SonoSite
+Sony
+Sophos
+Source Technologies
+Sourcefire
+SpeedStream
+Sphera
+SSH Communications Security
+StackTools
+Standard Networks
+StartCom
+Stratus
+Sun
+SUSE
+Sybase
+Symantec
+Symbol
+SysTech
+Tahoe
+Tally
+Tandberg
+Tandem
+Tasman Networks
+Tekelec
+Tektonix
+Telebit
+Telindus
+Telocity
+Teltrend
+Thomson
+TIS
+TOR
+Toshiba
+Trancell
+Trend Micro
+Truetime
+Trustix
+Turbolinux
+Turtle Beach
+Twisted Matrix Labs
+TYPO3
+Ubuntu
+Unica
+UnitedLinux
+US Robotics
+VanDyke Software
+Vanguard
+VersaNet
+VideoLAN
+Vignette
+Vine
+Vircom
+Virtual Access
+VMware
+WatchGuard
+Webmin
+WebTrends
+White Box
+Wind River
+Wireshark
+Wordpress
+WTI
+XCD
+Xerox
+Xitami
+XMach
+XnSoft
+Xylan
+Xylogics
+Xyplex
+Yahoo
+Yamaha
+Zero One
+ZMailer
+Zoom
+ZoomAir
+Zyxel

data/lib/recog.rb ADDED

@@ -0,0 +1,4 @@
+require_relative 'recog/version'
+require_relative 'recog/db_manager'
+require_relative 'recog/matcher_factory'
+require_relative 'recog/nizer'

data/lib/recog/db.rb ADDED

@@ -0,0 +1,78 @@
+module Recog
+# A collection of {Fingerprint fingerprints} for matching against a particular
+# kind of fingerprintable data, e.g. an HTTP `Server` header
+class DB
+  require 'nokogiri'
+  require_relative 'fingerprint'
+  # @return [String]
+  attr_reader :path
+  # @return [Array<Fingerprint>] {Fingerprint} objects that can be matched
+  #   against strings that make sense for the {#match_key}
+  attr_reader :fingerprints
+  # @return [String] Taken from the `fingerprints/matches` attribute, or
+  #   defaults to the basename of {#path} without the `.xml` extension.
+  attr_reader :match_key
+  # @return [String] Taken from the `fingerprints/protocol` attribute, or
+  #   defaults to an empty string
+  attr_reader :protocol
+  # @return [String] Taken from the `fingerprints/database_type` attribute
+  #   defaults to an empty string
+  attr_reader :database_type
+  # @return [Float] Taken from the `fingerprints/preference` attribute,
+  #   defaults to 0.10.  Used when ordering databases, highest numbers
+  #   are given priority and are processed first.
+  attr_reader :preference
+  # Default Fingerprint database preference when it isn't specified in file
+  # Do not use a value below 0.10 so as to allow users to specify lower
+  # values in their own custom XML that will always run last.
+  DEFAULT_FP_PREFERENCE = 0.10
+  # @param path [String]
+  def initialize(filename)
+    @match_key = nil
+    @protocol = ''
+    @database_type = ''
+    @preference = DEFAULT_FP_PREFERENCE.to_f
+    @path = "#{File.dirname(__FILE__)}/../../xml/#{filename}"
+    @fingerprints = []
+    parse_fingerprints
+  end
+  # @return [void]
+  def parse_fingerprints
+    xml = nil
+    File.open(self.path, 'rb') do |fd|
+      xml = Nokogiri::XML(fd.read(fd.stat.size))
+    end
+    raise "#{self.path} is invalid XML: #{xml.errors.join(',')}" unless xml.errors.empty?
+    xml.xpath('/fingerprints').each do |fbase|
+      @match_key = fbase['matches'].to_s if fbase['matches']
+      @protocol = fbase['protocol'].to_s if fbase['protocol']
+      @database_type = fbase['database_type'].to_s if fbase['database_type']
+      @preference = fbase['preference'].to_f if fbase['preference']
+    end
+    @match_key = File.basename(self.path).sub(/\.xml$/, '') unless @match_key
+    xml.xpath('/fingerprints/fingerprint').each do |fprint|
+      @fingerprints << Fingerprint.new(fprint, @match_key, @protocol)
+    end
+    xml = nil
+  end
+end
+end