recog 0.01

data/lib/recog/verifier.rb

@@ -0,0 +1,46 @@
+module Recog
+class Verifier
+  attr_reader :fingerprints, :reporter
+
+  def initialize(fingerprints, reporter)
+    @fingerprints = fingerprints
+    @reporter = reporter
+  end
+
+  def verify_tests
+    reporter.report(fingerprints.count) do
+      fingerprints.each do |fp|
+        reporter.print_name fp
+
+        if fp.tests.length == 0
+          warning = "'#{fp.name}' has no test cases"
+          reporter.warning "WARN: #{warning}"
+        end
+
+        fp.tests.each do |test|
+          m = test.match(fp.regex)
+          unless m
+            failure = "'#{fp.name}' failed to match #{test.inspect} with #{fp.regex.to_s}'"
+            reporter.failure("FAIL: #{failure}")
+          else
+            info = { }
+            fp.params.each_pair do |k,v|
+              if v[0] == 0
+                info[k] = v[1]
+              else
+                info[k] = m[ v[0] ]
+                if m[ v[0] ].to_s.empty?
+                  warning = "'#{fp.name}' failed to match #{test.inspect} key '#{k}'' with #{fp.regex.to_s}'"
+                  reporter.warning "WARN: #{warning}"
+                end					
+              end
+            end
+
+            reporter.success(test)
+          end
+        end
+      end
+    end
+  end
+end
+end

data/lib/recog/verifier_factory.rb

@@ -0,0 +1,13 @@
+require 'recog/verifier'
+require 'recog/formatter'
+require 'recog/verify_reporter'
+
+module Recog
+module VerifierFactory
+  def self.build(options)
+    formatter = Formatter.new(options, $stdout)
+    reporter  = VerifyReporter.new(options, formatter)
+    Verifier.new(options.fingerprints, reporter)
+  end
+end
+end

data/lib/recog/verify_reporter.rb

@@ -0,0 +1,85 @@
+module Recog
+class VerifyReporter
+  attr_reader :formatter
+  attr_reader :success_count, :warning_count, :failure_count
+
+  def initialize(options, formatter)
+    @options = options
+    @formatter = formatter
+    reset_counts
+  end
+
+  def report(fingerprint_count)
+    reset_counts
+    yield self
+    summarize(fingerprint_count)
+  end
+
+  def success(text)
+    @success_count += 1
+    formatter.success_message("#{padding}#{text}") if detail?
+  end
+
+  def warning(text)
+    @warning_count += 1
+    formatter.warning_message("#{padding}#{text}")
+  end
+
+  def failure(text)
+    @failure_count += 1
+    formatter.failure_message("#{padding}#{text}")
+  end
+
+  def print_name(fingerprint)
+    if detail? && fingerprint.tests.any?
+      name = fingerprint.name.empty? ? '[unnamed]' : fingerprint.name
+      formatter.status_message("\n#{name}")
+    end
+  end
+
+  def summarize(fingerprint_count)
+    print_fingerprint_count(fingerprint_count) if detail?
+    print_summary
+  end
+
+  def print_fingerprint_count(count)
+    formatter.status_message("\nVerified #{count} fingerprints:")
+  end
+
+  def print_summary
+    colorize_summary(summary_line)
+  end
+
+  private
+
+  def reset_counts
+    @success_count = @failure_count = @warning_count = 0
+  end
+
+  def detail?
+    @options.detail
+  end
+
+  def padding
+    '   ' if @options.detail
+  end
+
+  def summary_line
+    summary = "SUMMARY: Test completed with "
+    summary << "#{@success_count} successful"
+    summary << ", #{@warning_count} warnings"
+    summary << ", and #{@failure_count} failures"
+    summary
+  end
+
+  def colorize_summary(summary)
+    if @failure_count > 0
+      formatter.failure_message(summary)
+    elsif @warning_count > 0
+      formatter.warning_message(summary)
+    else
+      formatter.success_message(summary)
+    end
+  end
+end
+end

data/lib/recog/version.rb

@@ -0,0 +1,3 @@
+module Recog
+  VERSION = "0.01"
+end

data/recog.gemspec

@@ -0,0 +1,34 @@
+# -*- encoding: utf-8 -*-
+$LOAD_PATH.push File.expand_path('../lib', __FILE__)
+require 'recog/version'
+
+Gem::Specification.new do |s|
+  s.name        = 'recog'
+  s.version     = Recog::VERSION
+  s.authors     = [
+      'Rapid7 Research'
+  ]
+  s.email       = [
+      'research@rapid7.com'
+  ]
+  s.homepage    = "https://www.github.com/rapid7/recog"
+  s.summary     = %q{Network service fingerprint database, classes, and utilities}
+  s.description = %q{
+    Recog is a framework for identifying products, services, operating systems, and hardware by matching 
+    fingerprints against data returned from various network probes. Recog makes it simply to extract useful 
+    information from web server banners, snmp system description fields, and a whole lot more. 
+  }.gsub(/\s+/, ' ').strip
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ['lib']
+
+  # ---- Dependencies ----
+
+  s.add_development_dependency 'rspec'
+  s.add_development_dependency 'cucumber'
+  s.add_development_dependency 'aruba'
+
+  s.add_runtime_dependency 'nokogiri'
+end

data/spec/data/best_os_match_1.yml

@@ -0,0 +1,17 @@
+---
+- os.product: Windows 2008
+  os.vendor: Microsoft
+  os.version: Service Pack 2
+  os.certainty: 0.5
+- os.product: Windows 2008
+  os.vendor: Microsoft
+  os.version: Service Pack 1
+  os.certainty: 0.4
+- os.product: Windows 2008
+  os.vendor: Microsoft
+  os.certainty: 0.3
+  os.language: English
+- os.product: Windows 2012
+  os.vendor: Microsoft
+  os.certainty: 0.4
+  os.language: Arabic

data/spec/data/best_os_match_2.yml

@@ -0,0 +1,17 @@
+---
+- os.product: Windows 2008
+  os.vendor: Microsoft
+  os.version: Service Pack 2
+  os.certainty: 1.0
+- os.product: Windows 2012
+  os.vendor: Microsoft
+  os.version: Service Pack 1
+  os.certainty: 0.7
+- os.product: Windows 2008
+  os.vendor: Microsoft
+  os.certainty: 0.3
+  os.language: English
+- os.product: Windows 2012
+  os.vendor: Microsoft
+  os.certainty: 0.8
+  os.language: Arabic

data/spec/data/best_service_match_1.yml

@@ -0,0 +1,17 @@
+---
+- service.product: IIS
+  service.vendor: Microsoft
+  service.version: 6.0
+  service.certainty: 1.0
+- service.product: Apache
+  service.vendor: Linux
+  service.version: 2.2.4
+  service.certainty: 0.5
+- service.product: IIS
+  service.vendor: Microsoft
+  service.certainty: 0.5
+  service.language: English
+- service.product: IIS
+  service.vendor: Microsoft
+  service.certainty: 0.4
+  service.language: Arabic

data/spec/data/smb_native_os.txt

@@ -0,0 +1,31 @@
+Windows Web Server 2008 R2 7601 Service Pack 1
+Windows Vista (TM) Home Premium 6002 Service Pack 2
+Windows Server (R) 2008 Standard 6002 Service Pack 2
+Windows Server (R) 2008 Enterprise without Hyper-V 6001 Service Pack 1
+Windows Server (R) 2008 Enterprise 6002 Service Pack 2
+Windows Server (R) 2008 Enterprise 6001 Service Pack 1
+Windows Server 2012 Standard 9200
+Windows Server 2012 R2 Standard 9600
+Windows Server 2008 R2 Standard 7601 Service Pack 1
+Windows Server 2008 R2 Standard 7600
+Windows Server 2008 R2 Enterprise 7601 Service Pack 1
+Windows Server 2008 R2 Enterprise 7600
+Windows Server 2008 HPC Edition 7600
+Windows Server 2003 R2 3790 Service Pack 2
+Windows Server 2003 3790 Service Pack 2
+Windows (R) Web Server 2008 6002 Service Pack 2
+Windows MultiPoint Server 2012 Premium 9200
+Windows 8 Enterprise 9200
+Windows 8.1 Enterprise 9600
+Windows 7 Ultimate 7601 Service Pack 1
+Windows 7 Ultimate 7600
+Windows 7 Starter 7601 Service Pack 1
+Windows 7 Home Premium 7600
+Windows 7 Enterprise 7601 Service Pack 1
+Windows 7 Enterprise 7600
+Samba 3.6.9-151.el6_4.1
+Samba 3.6.6
+Samba 3.6.3
+Samba 3.0.32-0.2-2210-SUSE-SL10.3
+Samba 3.0.28a
+Samba 3.0.24

data/spec/data/test_fingerprints.xml

@@ -0,0 +1,24 @@
+<?xml version="1.0"?>
+<fingerprints>
+   <fingerprint pattern=".*\(iSeries\).*">
+   </fingerprint>
+
+   <fingerprint pattern=".*\(PalmOS\).*">
+     <description>PalmOS</description>
+     <param pos="1" name="os.vendor" value="Palm"/>
+     <param pos="2" name="os.device" value="General"/>
+   </fingerprint>
+
+   <fingerprint pattern="(designjet \S+)" flags="REG_ICASE">
+     <description>HP Designjet printer</description>
+     <description>I should be ignored</description>
+     <param pos="0" name="service.vendor" value="HP"/>
+   </fingerprint>
+
+   <fingerprint pattern="laserjet (.*)(?: series)?" flags="REG_ICASE">
+     <description>HP JetDirect Printer</description>
+     <example>HP LaserJet 4100 Series</example>
+     <example>HP LaserJet 2200</example>
+     <param pos="0" name="service.vendor" value="HP"/>
+   </fingerprint>
+</fingerprints>

data/spec/lib/db_spec.rb

@@ -0,0 +1,89 @@
+require_relative '../../lib/recog/db'
+
+describe Recog::DB do
+  let(:xml_file) { File.expand_path File.join('spec', 'data', 'test_fingerprints.xml') }
+  subject { Recog::DB.new(xml_file) }
+
+  describe "#fingerprints" do
+    context "with only a pattern" do
+      let(:entry) { subject.fingerprints[0] }
+
+      it "has a blank name with no description" do
+        expect(entry.name).to be_empty
+      end
+
+      it "has a pattern" do
+        expect(entry.regex.source).to eq(".*\\(iSeries\\).*")
+      end
+
+      it "has no params" do
+        expect(entry.params).to be_empty
+      end
+
+      it "has no tests" do
+        expect(entry.tests).to be_empty
+      end
+    end
+
+    context "with params" do
+      let(:entry) { subject.fingerprints[1] }
+
+      it "has a name" do
+        expect(entry.name).to eq('PalmOS')
+      end
+
+      it "has a pattern" do
+        expect(entry.regex.source).to eq(".*\\(PalmOS\\).*")
+      end
+
+      it "has params" do
+        expect(entry.params).to eq({"os.vendor"=>[1, "Palm"], "os.device"=>[2, "General"]})
+      end
+
+      it "has no tests" do
+        expect(entry.tests).to be_empty
+      end
+    end
+
+    context "with pattern flags" do
+      let(:entry) { subject.fingerprints[2] }
+
+      it "has a name and only uses the first value" do
+        expect(entry.name).to eq('HP Designjet printer')
+      end
+
+      it "has a pattern" do
+        expect(entry.regex.options).to eq(Regexp::NOENCODING | Regexp::IGNORECASE)
+        expect(entry.regex.source).to eq("(designjet \\S+)")
+      end
+
+      it "has params" do
+        expect(entry.params).to eq({"service.vendor"=>[0, "HP"]})
+      end
+
+      it "has no tests" do
+        expect(entry.tests).to be_empty
+      end
+    end
+
+    context "with test" do
+      let(:entry) { subject.fingerprints[3] }
+
+      it "has a name" do
+        expect(entry.name).to eq('HP JetDirect Printer')
+      end
+
+      it "has a pattern" do
+        expect(entry.regex.source).to eq("laserjet (.*)(?: series)?")
+      end
+
+      it "has params" do
+        expect(entry.params).to eq({"service.vendor"=>[0, "HP"]})
+      end
+
+      it "has no tests" do
+        expect(entry.tests).to match_array(["HP LaserJet 4100 Series", "HP LaserJet 2200"])
+      end
+    end
+  end
+end

data/spec/lib/formatter_spec.rb

@@ -0,0 +1,69 @@
+require_relative '../../lib/recog/formatter'
+
+describe Recog::Formatter do
+  let(:output) { StringIO.new }
+
+  context "with no color" do
+    subject { Recog::Formatter.new(double(color: false), output) }
+
+    describe "#message" do
+      it "outputs the text" do
+        subject.status_message 'some text'
+        expect(output.string).to eq("some text\n")
+      end
+    end
+
+    describe "#success_message" do
+      it "outputs the text" do
+        subject.success_message 'a success'
+        expect(output.string).to eq("a success\n")
+      end
+    end
+
+    describe "#warning_message" do
+      it "outputs the text" do
+        subject.warning_message 'a warning'
+        expect(output.string).to eq("a warning\n")
+      end
+    end
+
+    describe "#failure_message" do
+      it "outputs the text" do
+        subject.failure_message 'a failure'
+        expect(output.string).to eq("a failure\n")
+      end
+    end
+  end
+
+  context "with color" do
+    subject { Recog::Formatter.new(double(color: true), output) }
+
+    describe "#message" do
+      it "outputs the text in white" do
+        subject.status_message 'some text'
+        expect(output.string).to eq("\e[15msome text\e[0m\n")
+      end
+    end
+
+    describe "#success_message" do
+      it "outputs the text in green" do
+        subject.success_message 'a success'
+        expect(output.string).to eq("\e[32ma success\e[0m\n")
+      end
+    end
+
+    describe "#warning_message" do
+      it "outputs the text in yellow" do
+        subject.warning_message 'a warning'
+        expect(output.string).to eq("\e[33ma warning\e[0m\n")
+      end
+    end
+
+    describe "#failure_message" do
+      it "outputs the text in red" do
+        subject.failure_message 'a failure'
+        expect(output.string).to eq("\e[31ma failure\e[0m\n")
+      end
+    end
+  end
+end