recog 0.01

data/spec/lib/match_reporter_spec.rb

@@ -0,0 +1,90 @@
+require_relative '../../lib/recog/match_reporter'
+
+describe Recog::MatchReporter do
+  let(:options) { double(detail: false) }
+  let(:formatter) { double('formatter').as_null_object }
+  subject { Recog::MatchReporter.new(options, formatter) }
+
+  def run_report 
+    subject.report do
+        subject.increment_line_count
+        subject.match 'a match'
+        subject.failure 'a failure'
+    end
+  end
+
+  describe "#report" do
+    it "prints matches" do
+      expect(formatter).to receive(:success_message).with('a match')
+      run_report
+    end
+
+    it "prints failures" do
+      expect(formatter).to receive(:failure_message).with('a failure')
+      run_report
+    end
+    
+    context "with detail" do
+      subject { Recog::MatchReporter.new(double(detail: true), formatter) }
+
+      it "prints the lines processed" do
+        expect(formatter).to receive(:status_message).with("\nProcessed 1 lines")
+        run_report
+      end
+
+      it "prints summary" do
+        expect(formatter).to receive(:failure_message).with("SUMMARY: 1 matches and 1 failures")
+        run_report
+      end  
+    end
+  end
+
+  describe "#print_summary" do
+    context "with all matches" do
+      before { subject.match 'match' }
+
+      it "prints a successful summary" do
+        msg = "SUMMARY: 1 matches and 0 failures"
+        expect(formatter).to receive(:success_message).with(msg)
+        subject.print_summary
+      end
+    end
+
+    context "with failures" do
+      before { subject.failure 'fail' }
+
+      it "prints a failure summary" do
+        msg = "SUMMARY: 0 matches and 1 failures"
+        expect(formatter).to receive(:failure_message).with(msg)
+        subject.print_summary
+      end
+    end
+  end
+
+  describe "#stop?" do
+    context "with a failure limit" do
+      before do
+        options.stub(fail_fast: true, stop_after: 3) 
+        subject.failure 'first'
+        subject.failure 'second'
+      end
+
+      it "returns true when the limit is reached " do
+        subject.failure 'third'
+        expect(subject.stop?).to be_true
+      end
+
+      it "returns false when under the limit" do
+        expect(subject.stop?).to be_false
+      end
+    end
+
+    context "with no failure limit" do
+      before { options.stub(fail_fast: false) }
+
+      it "return false" do
+        expect(subject.stop?).to be_false
+      end
+    end
+  end
+end

data/spec/lib/nizer_spec.rb

@@ -0,0 +1,124 @@
+require_relative '../../lib/recog'
+require 'yaml'
+
+describe Recog::Nizer do
+  subject { Recog::Nizer }
+
+  describe "#match" do
+    File.readlines(File.expand_path(File.join('spec', 'data', 'smb_native_os.txt'))).each do |line|
+      data = line.strip
+      context "with smb_native_os:#{data}" do
+        let(:match_result) { subject.match('smb.native_os', data) }
+
+        it "returns a hash" do
+          expect(match_result.class).to eq(::Hash)
+        end
+
+        it "returns a successful match" do
+          expect(match_result['matched'].to_s).to match(/^[A-Z]/)
+        end
+
+        it "correctly matches service or os" do
+          if data =~ /^Windows/
+            expect(match_result['os.product']).to match(/^Windows/)
+          end
+
+          if data =~ /^Samba/
+            expect(match_result['service.product']).to match(/^Samba/)
+          end
+        end
+
+      end
+    end
+  end
+
+  describe "self.best_os_match" do
+
+    # Demonstrates how this method picks up additional attributes from other members of the winning
+    # os.product match group and applies them to the result.
+    matches1 = YAML.load(File.read(File.expand_path(File.join('spec', 'data', 'best_os_match_1.yml'))))
+    context "with best_os_match_1.yml" do
+      let(:result) { subject.best_os_match(matches1) }
+
+      it "returns a hash" do
+        expect(result.class).to eq(::Hash)
+      end
+
+      it "matches Windows 2008" do
+        expect(result['os.product']).to eq('Windows 2008')
+      end
+
+      it "matches Microsoft" do
+        expect(result['os.vendor']).to eq('Microsoft')
+      end
+
+      it "matches English" do
+        expect(result['os.language']).to eq('English')
+      end
+
+      it "matches service pack 2" do
+        expect(result['os.version']).to eq('Service Pack 2')
+      end
+    end
+
+    # Demonstrates how additive os.certainty values allow a 1.0 certainty rule to be overridden
+    # by multiple lower certainty matches
+    matches2 = YAML.load(File.read(File.expand_path(File.join('spec', 'data', 'best_os_match_2.yml'))))
+    context "with best_os_match_2.yml" do
+      let(:result) { subject.best_os_match(matches2) }
+
+      it "returns a hash" do
+        expect(result.class).to eq(::Hash)
+      end
+
+      it "matches Windows 2012" do
+        expect(result['os.product']).to eq('Windows 2012')
+      end
+
+      it "matches Microsoft" do
+        expect(result['os.vendor']).to eq('Microsoft')
+      end
+
+      it "matches Arabic" do
+        expect(result['os.language']).to eq('Arabic')
+      end
+
+      it "matches service pack 1" do
+        expect(result['os.version']).to eq('Service Pack 1')
+      end
+    end
+
+  end
+
+ describe "self.best_service_match" do
+
+    # Demonstrates how this method picks up additional attributes from other members of the winning
+    # service.product match group and applies them to the result.
+    matches1 = YAML.load(File.read(File.expand_path(File.join('spec', 'data', 'best_service_match_1.yml'))))
+    context "with best_service_match_1.yml" do
+      let(:result) { subject.best_service_match(matches1) }
+
+      it "returns a hash" do
+        expect(result.class).to eq(::Hash)
+      end
+
+      it "matches IIS" do
+        expect(result['service.product']).to eq('IIS')
+      end
+
+      it "matches Microsoft" do
+        expect(result['service.vendor']).to eq('Microsoft')
+      end
+
+      it "matches English" do
+        expect(result['service.language']).to eq('English')
+      end
+
+      it "matches version 6.0" do
+        expect(result['service.version'].to_i).to eq(6.0)
+      end
+    end
+
+  end
+
+end

data/spec/lib/verify_reporter_spec.rb

@@ -0,0 +1,112 @@
+require_relative '../../lib/recog/verify_reporter'
+
+describe Recog::VerifyReporter do
+  let(:formatter) { double('formatter').as_null_object }
+  let(:fingerprint) { double(name: 'a name', tests: [double, double, double]) }
+  let(:summary_line) do
+    "SUMMARY: Test completed with 1 successful, 1 warnings, and 1 failures"
+  end
+
+  subject { Recog::VerifyReporter.new(double(detail: false), formatter) }
+
+  def run_report 
+    subject.report(1) do
+        subject.print_name fingerprint
+        subject.success 'passed'
+        subject.warning 'a warning'
+        subject.failure 'a failure'
+    end
+  end
+
+  describe "#report" do
+    it "prints warnings" do
+      expect(formatter).to receive(:warning_message).with('a warning')
+      run_report
+    end
+
+    it "prints failures" do
+      expect(formatter).to receive(:failure_message).with('a failure')
+      run_report
+    end
+
+    it "prints summary" do
+      expect(formatter).to receive(:failure_message).with(summary_line)
+      run_report
+    end  
+    
+    context "with detail" do
+      subject { Recog::VerifyReporter.new(double(detail: true), formatter) }
+
+      it "prints the fingerprint name" do
+        expect(formatter).to receive(:status_message).with("\na name")
+        run_report
+      end
+
+      it "prints successes" do
+        expect(formatter).to receive(:success_message).with('   passed')
+        run_report
+      end
+
+      it "prints warnings" do
+        expect(formatter).to receive(:warning_message).with('   a warning')
+        run_report
+      end
+
+      it "prints failures" do
+        expect(formatter).to receive(:failure_message).with('   a failure')
+        run_report
+      end
+
+      it "prints the fingerprint count" do
+        expect(formatter).to receive(:status_message).with("\nVerified 1 fingerprints:")
+        run_report
+      end
+
+      it "prints summary" do
+        expect(formatter).to receive(:failure_message).with(summary_line)
+        run_report
+      end  
+
+      context "with no fingerprint tests" do
+        before { fingerprint.stub(tests: []) }
+
+        it "does not print the name" do
+          expect(formatter).not_to receive(:status_message).with("\na name")
+          run_report
+        end
+      end
+    end
+  end
+
+  describe "#print_summary" do
+    context "with success" do
+      before { subject.success 'pass' }
+
+      it "prints a successful summary" do
+        msg = "SUMMARY: Test completed with 1 successful, 0 warnings, and 0 failures"
+        expect(formatter).to receive(:success_message).with(msg)
+        subject.print_summary
+      end
+    end
+
+    context "with warnings" do
+      before { subject.warning 'warn' }
+
+      it "prints a warning summary" do
+        msg = "SUMMARY: Test completed with 0 successful, 1 warnings, and 0 failures"
+        expect(formatter).to receive(:warning_message).with(msg)
+        subject.print_summary
+      end
+    end
+
+    context "with failures" do
+      before { subject.failure 'fail' }
+
+      it "prints a failure summary" do
+        msg = "SUMMARY: Test completed with 0 successful, 0 warnings, and 1 failures"
+        expect(formatter).to receive(:failure_message).with(msg)
+        subject.print_summary
+      end
+    end
+  end
+end

data/xml/apache_os.xml

@@ -0,0 +1,295 @@
+<?xml version="1.0"?>
+<!--
+When an HTTP server is fingerprinted as Apache, a second analysis pass can be done
+on the server headers to extract OS information.
+-->
+
+<fingerprints matches="apache_os">
+   <fingerprint pattern=".*\(iSeries\).*">
+      <description>IBM i5/OS iSeries (OS/400)</description>
+      <param pos="0" name="os.vendor" value="IBM"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="OS/400"/>
+      <param pos="0" name="os.product" value="OS/400"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(Mandrake Linux/\d+\.\d+\.92mdk\).*">
+      <!-- (Mandrake Linux/6.12.92mdk) -->
+      <description>Mandriva (formerly Mandrake) Linux 9.2</description>
+      <param pos="0" name="os.certainty" value="0.9"/>
+      <param pos="0" name="os.vendor" value="Mandriva"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Linux"/>
+      <param pos="0" name="os.version" value="9.2"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(Mandrake Linux/\d+\.\d+\.100mdk\).*">
+      <!-- (Mandrake Linux/6.8.100mdk) -->
+      <description>Mandriva (formerly Mandrake) Linux 10.0</description>
+      <param pos="0" name="os.certainty" value="0.9"/>
+      <param pos="0" name="os.vendor" value="Mandriva"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Linux"/>
+      <param pos="0" name="os.version" value="10.0"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\((?:Mandrake|Mandriva) Linux/.*">
+      <!-- (Mandrake Linux/11mdk)
+           (Mandriva Linux/PREFORK-13.3.20060mdk)
+           (Mandriva Linux/PREFORK-13mdk)
+           (Mandriva Linux/PREFORK-1.1mdv2007.0)
+       -->
+      <description>Mandriva (formerly Mandrake) Linux unknown version</description>
+      <param pos="0" name="os.vendor" value="Mandriva"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Linux"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(Mandrakelinux/.*">
+      <!-- (Mandrakelinux/PREFORK-9mdk) -->
+      <description>Mandriva (formerly Mandrake) Linux unknown version</description>
+      <param pos="0" name="os.vendor" value="Mandriva"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Linux"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(PalmOS\).*">
+      <description>PalmOS</description>
+      <param pos="0" name="os.vendor" value="Palm"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="PalmOS"/>
+      <param pos="0" name="os.product" value="PalmOS"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(Win32\).*">
+      <description>Microsoft Windows</description>
+      <param pos="0" name="os.certainty" value="0.75"/>
+      <param pos="0" name="os.vendor" value="Microsoft"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Windows"/>
+      <param pos="0" name="os.product" value="Windows"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(Darwin\).*">
+      <description>Apple Mac OS X</description>
+      <param pos="0" name="os.vendor" value="Apple"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Mac OS X"/>
+      <param pos="0" name="os.product" value="Mac OS X"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(Ubuntu\).*">
+      <description>Ubuntu</description>
+      <param pos="0" name="os.vendor" value="Ubuntu"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Linux"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*(?:Sun )?Cobalt \(Unix\)?.*">
+      <!-- Sun Cobalt (Unix)
+           Cobalt (Unix)
+           Cobalt (Unix)  (Red Hat/Linux)
+        -->
+      <description>Sun Cobalt RaQ (Red Hat based Linux)</description>
+      <param pos="0" name="os.vendor" value="Sun"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Cobalt RaQ"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(BlueQuartz\).*">
+      <description>Blue Quartz is created by a Cobalt RaQ UG</description>
+      <param pos="0" name="os.vendor" value="Sun"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Cobalt RaQ"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(Fedora\).*">
+      <description>Red Hat Fedora</description>
+      <param pos="0" name="os.vendor" value="Red Hat"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Fedora Core Linux"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(RHEL\).*">
+      <description>Red Hat Fedora</description>
+      <param pos="0" name="os.vendor" value="Red Hat"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Enterprise Linux"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(Red[ -]Hat(?:[/ ]Linux)?\).*">
+      <!-- (Red Hat/Linux)
+           (Red-Hat/Linux)
+           (Red Hat Linux)
+           (Red Hat)
+        -->
+      <description>Red Hat Linux</description>
+      <param pos="0" name="os.vendor" value="Red Hat"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Linux"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*Debian(?:[/ ]GNU)?(?:/Linux)?.*">
+      <!-- (Debian)
+           (Debian GNU/Linux)
+           (Unix) Debian GNU/Linux
+           (Unix) Debian/GNU
+        -->
+      <description>Debian Linux</description>
+      <param pos="0" name="os.vendor" value="Debian"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Linux"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\((?:Linux/)?S[uU]SE(?:/Linux)?\).*">
+      <!-- (SuSE)
+           (SuSE/Linux)
+           (Linux/SuSE)
+           (Linux/SUSE)
+        -->
+      <description>Novell SuSE Linux</description>
+      <param pos="0" name="os.vendor" value="SuSE"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Linux"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(NETWARE\).*">
+      <description>Novell NetWare</description>
+      <param pos="0" name="os.vendor" value="Novell"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="NetWare"/>
+      <param pos="0" name="os.product" value="NetWare"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*HP-UX_Apache-based_Web_Server.*">
+      <description>HP HP-UX</description>
+      <param pos="0" name="os.vendor" value="HP"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="HP-UX"/>
+      <param pos="0" name="os.product" value="HP-UX"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(CentOS\).*">
+      <description>CentOS Linux</description>
+      <param pos="0" name="os.vendor" value="CentOS"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Linux"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(Turbolinux\).*">
+      <description>Turbolinux</description>
+      <param pos="0" name="os.vendor" value="Turbolinux"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Linux"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(FreeBSD\).*">
+      <description>FreeBSD</description>
+      <param pos="0" name="os.vendor" value="FreeBSD"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="FreeBSD"/>
+      <param pos="0" name="os.product" value="FreeBSD"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(Asianux\).*">
+      <description>Asianux Linux</description>
+      <param pos="0" name="os.vendor" value="Asianux"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Linux"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(Gentoo(?:/Linux)?\).*">
+      <description>Gentoo Linux</description>
+      <param pos="0" name="os.vendor" value="Gentoo"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Linux"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(Conectiva(?:/Linux)?\).*">
+      <description>CentOS Linux</description>
+      <param pos="0" name="os.vendor" value="Conectiva"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Linux"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(Trustix Secure Linux(?:/Linux)?\).*">
+      <description>CentOS Linux</description>
+      <param pos="0" name="os.vendor" value="Trustix"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Secure Linux"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(White Box\).*">
+      <description>White Box Enterprise Linux</description>
+      <param pos="0" name="os.vendor" value="White Box"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Enterprise Linux"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(UnitedLinux\).*">
+      <description>UnitedLinux</description>
+      <param pos="0" name="os.vendor" value="UnitedLinux"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Linux"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(PLD/Linux\).*">
+      <description>PLD Linux</description>
+      <param pos="0" name="os.vendor" value="PLD"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Linux"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(Vine/Linux\).*">
+      <description>Vine Linux</description>
+      <param pos="0" name="os.vendor" value="Vine"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Linux"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(rPath\).*">
+      <description>rPath Linux</description>
+      <param pos="0" name="os.vendor" value="rPath"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Linux"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*\(StartCom Linux\).*">
+      <description>StartCom Linux</description>
+      <param pos="0" name="os.vendor" value="StartCom"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Linux"/>
+   </fingerprint>
+
+   <fingerprint pattern=".*Linux.*">
+      <description>Generic Linux fallback</description>
+      <param pos="0" name="os.certainty" value="0.75"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Linux"/>
+   </fingerprint>
+</fingerprints>