recog 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/lib/recog/version.rb +1 -1
- data/spec/lib/fingerprint_self_test_spec.rb +6 -1
- data/xml/hp_pjl_id.xml +3 -3
- data/xml/ntp_banners.xml +291 -4
- data/xml/smb_native_os.xml +4 -4
- data/xml/snmp_sysdescr.xml +6 -6
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f8733f7ff4f55fc69c2cecd58f5fbd7463c4901e
|
|
4
|
+
data.tar.gz: efba2831830120c2d9926a1f394b42783e1e9217
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: dec5ea7cfb2baa55c2ec7ecb555d899f2ba0d28579548b5a34f4b4e144c28eddc6057f0fb29731dd01e566118a9d90d459a577d1845230517afca544b153af7f
|
|
7
|
+
data.tar.gz: 6dd37f82c514a9dfc56faede90bb3e027f4e1284a637540c549e1dafd5aac3af36bf991d23cc6d92e69fe0323b17d20ff4570afd15361581659fa74d3d6e0f37
|
data/README.md
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Recog: A Recognition Framework
|
|
2
2
|
=====
|
|
3
3
|
|
|
4
|
-
Recog is a framework for identifying products, services, operating systems, and hardware by matching fingerprints against data returned from various network probes. Recog makes it
|
|
4
|
+
Recog is a framework for identifying products, services, operating systems, and hardware by matching fingerprints against data returned from various network probes. Recog makes it simple to extract useful information from web server banners, snmp system description fields, and a whole lot more. Recog is open source, please see the [LICENSE](https://raw.githubusercontent.com/rapid7/recog/master/LICENSE) file for more information.
|
|
5
5
|
|
|
6
6
|
[](https://travis-ci.org/rapid7/recog)
|
|
7
7
|
==
|
data/lib/recog/version.rb
CHANGED
|
@@ -38,7 +38,12 @@ describe Recog::DB do
|
|
|
38
38
|
|
|
39
39
|
fp.tests.each do |example|
|
|
40
40
|
it "passes self-test #{example.content.gsub(/\s+/, ' ')[0,32]}..." do
|
|
41
|
-
|
|
41
|
+
match = fp.match(example.content)
|
|
42
|
+
expect(match).to_not be_nil
|
|
43
|
+
# test any extractions specified in the example
|
|
44
|
+
example.attributes.each_pair do |k,v|
|
|
45
|
+
expect(match[k]).to eq(v)
|
|
46
|
+
end
|
|
42
47
|
end
|
|
43
48
|
end
|
|
44
49
|
|
data/xml/hp_pjl_id.xml
CHANGED
|
@@ -186,8 +186,8 @@ matched against these patterns to fingerprint the printer.
|
|
|
186
186
|
<param pos="0" name="os.device" value="Printer"/>
|
|
187
187
|
<param pos="1" name="os.product"/>
|
|
188
188
|
</fingerprint>
|
|
189
|
-
|
|
190
|
-
<fingerprint pattern="^Oce (fx[
|
|
189
|
+
|
|
190
|
+
<fingerprint pattern="^Oce (fx[^\s:]+):.*$" flags="REG_ICASE">
|
|
191
191
|
<description>Oce FX series multifunction device</description>
|
|
192
192
|
<example os.product="fx3000">Oce fx3000:8C5-B29:Ver.D:U0707161719:B0601271355</example>
|
|
193
193
|
<param pos="0" name="os.vendor" value="Oce"/>
|
|
@@ -285,7 +285,7 @@ matched against these patterns to fingerprint the printer.
|
|
|
285
285
|
<param pos="0" name="os.device" value="Multifunction Device"/>
|
|
286
286
|
<param pos="1" name="os.product"/>
|
|
287
287
|
</fingerprint>
|
|
288
|
-
|
|
288
|
+
|
|
289
289
|
<fingerprint pattern="^HYDRA$" flags="REG_ICASE">
|
|
290
290
|
<description>RSI Hydra printer</description>
|
|
291
291
|
<example>HYDRA</example>
|
data/xml/ntp_banners.xml
CHANGED
|
@@ -3,6 +3,83 @@
|
|
|
3
3
|
NTP "banners", taken from a readvar response
|
|
4
4
|
-->
|
|
5
5
|
<fingerprints matches="ntp.readvar">
|
|
6
|
+
<fingerprint pattern="^.*version=Domain Time II (\S+),hostname=([^,]+),.*system=Win2003.*,processor=(\S+)" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
7
|
+
<description>Greyware Automation Products, Inc. Domain Time II on Windows Server 2003</description>
|
|
8
|
+
<example service.version="5.1.b.20100331R" os.arch="x64" host.name="blah">
|
|
9
|
+
version=Domain Time II 5.1.b.20100331R,hostname=blah,domain=,flat=WORKGROUP,system=Win2003 x64,processor=x64
|
|
10
|
+
</example>
|
|
11
|
+
<example service.version="5.2.b.20110831R" os.arch="x86" host.name="blah">
|
|
12
|
+
version=Domain Time II 5.2.b.20110831R,hostname=blah,domain=blah,flat=blah,system=Win2003,processor=x86
|
|
13
|
+
</example>
|
|
14
|
+
<param pos="0" name="service.vendor" value="Greyware Automation Products, Inc."/>
|
|
15
|
+
<param pos="0" name="service.product" value="Domain Time II"/>
|
|
16
|
+
<param pos="1" name="service.version"/>
|
|
17
|
+
<param pos="2" name="host.name"/>
|
|
18
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
19
|
+
<param pos="0" name="os.family" value="Windows"/>
|
|
20
|
+
<param pos="0" name="os.product" value="Windows Server 2003"/>
|
|
21
|
+
<param pos="3" name="os.arch"/>
|
|
22
|
+
</fingerprint>
|
|
23
|
+
<fingerprint pattern="^.*version=Domain Time II (\S+),hostname=([^,]+),.*system=Win2008R2.*,processor=(\S+)" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
24
|
+
<description>Greyware Automation Products, Inc. Domain Time II on Windows Server 2008 R2</description>
|
|
25
|
+
<example service.version="5.2.b.20120215R" os.arch="x64" host.name="blah">
|
|
26
|
+
version=Domain Time II 5.2.b.20120215R,hostname=blah,domain=blah,flat=blah,system=Win2008R2 x64,processor=x64
|
|
27
|
+
</example>
|
|
28
|
+
<param pos="0" name="service.vendor" value="Greyware Automation Products, Inc."/>
|
|
29
|
+
<param pos="0" name="service.product" value="Domain Time II"/>
|
|
30
|
+
<param pos="1" name="service.version"/>
|
|
31
|
+
<param pos="2" name="host.name"/>
|
|
32
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
33
|
+
<param pos="0" name="os.family" value="Windows"/>
|
|
34
|
+
<param pos="0" name="os.product" value="Windows 2008 R2"/>
|
|
35
|
+
<param pos="3" name="os.arch"/>
|
|
36
|
+
</fingerprint>
|
|
37
|
+
<fingerprint pattern="^.*version=Domain Time II (\S+),hostname=([^,]+),.*system=Win2008.*,processor=(\S+)" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
38
|
+
<description>Greyware Automation Products, Inc. Domain Time II on Windows 2008</description>
|
|
39
|
+
<example service.version="5.2.b.20140303R" os.arch="x86" host.name="blah">
|
|
40
|
+
version=Domain Time II 5.2.b.20140303R,hostname=blah,domain=blah,flat=blah,system=Win2008,processor=x86
|
|
41
|
+
</example>
|
|
42
|
+
<example service.version="5.2.b.20140523" os.arch="x64" host.name="blah">
|
|
43
|
+
version=Domain Time II 5.2.b.20140523,hostname=blah,domain=blah,flat=blah,system=Win2008 x64,processor=x64
|
|
44
|
+
</example>
|
|
45
|
+
<param pos="0" name="service.vendor" value="Greyware Automation Products, Inc."/>
|
|
46
|
+
<param pos="0" name="service.product" value="Domain Time II"/>
|
|
47
|
+
<param pos="1" name="service.version"/>
|
|
48
|
+
<param pos="2" name="host.name"/>
|
|
49
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
50
|
+
<param pos="0" name="os.family" value="Windows"/>
|
|
51
|
+
<param pos="0" name="os.product" value="Windows Server 2008"/>
|
|
52
|
+
<param pos="3" name="os.arch"/>
|
|
53
|
+
</fingerprint>
|
|
54
|
+
<fingerprint pattern="^.*version=Domain Time II (\S+),hostname=([^,]+),.*system=Win2012.*,processor=(\S+)" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
55
|
+
<description>Greyware Automation Products, Inc. Domain Time II on Windows Server 2012</description>
|
|
56
|
+
<example service.version="5.2.b.20140101R" os.arch="x64" host.name="blah">
|
|
57
|
+
version=Domain Time II 5.2.b.20140101R,hostname=blah,domain=blah,flat=blah,system=Win2012 x64,processor=x64
|
|
58
|
+
</example>
|
|
59
|
+
<param pos="0" name="service.vendor" value="Greyware Automation Products, Inc."/>
|
|
60
|
+
<param pos="0" name="service.product" value="Domain Time II"/>
|
|
61
|
+
<param pos="1" name="service.version"/>
|
|
62
|
+
<param pos="2" name="host.name"/>
|
|
63
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
64
|
+
<param pos="0" name="os.family" value="Windows"/>
|
|
65
|
+
<param pos="0" name="os.product" value="Windows Server 2012"/>
|
|
66
|
+
<param pos="3" name="os.arch"/>
|
|
67
|
+
</fingerprint>
|
|
68
|
+
<fingerprint pattern="^.*version=Domain Time II (\S+),hostname=([^,]+),.*system=Win7.*,processor=(\S+)" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
69
|
+
<description>Greyware Automation Products, Inc. Domain Time II on Windows 7</description>
|
|
70
|
+
<example service.version="5.2.b.20130405R" os.arch="x64" host.name="blah">
|
|
71
|
+
version=Domain Time II 5.2.b.20130405R,hostname=blah,domain=,flat=WORKGROUP,system=Win7 x64,processor=x64
|
|
72
|
+
</example>
|
|
73
|
+
<param pos="0" name="service.vendor" value="Greyware Automation Products, Inc."/>
|
|
74
|
+
<param pos="0" name="service.product" value="Domain Time II"/>
|
|
75
|
+
<param pos="1" name="service.version"/>
|
|
76
|
+
<param pos="2" name="host.name"/>
|
|
77
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
78
|
+
<param pos="0" name="os.family" value="Windows"/>
|
|
79
|
+
<param pos="0" name="os.product" value="Windows 7"/>
|
|
80
|
+
<param pos="3" name="os.arch"/>
|
|
81
|
+
</fingerprint>
|
|
82
|
+
|
|
6
83
|
<fingerprint pattern="^.*version="ntpd (\S+)[^"]+",.*system="Equallogic \(R\) storage array"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
7
84
|
<description>ntpd running on an EqualLogic Storage Array that includes the NTP version</description>
|
|
8
85
|
<example>
|
|
@@ -31,6 +108,20 @@ NTP "banners", taken from a readvar response
|
|
|
31
108
|
<param pos="0" name="os.vendor" value="EqualLogic"/>
|
|
32
109
|
<param pos="0" name="os.product" value="Storage Array"/>
|
|
33
110
|
</fingerprint>
|
|
111
|
+
<fingerprint pattern="^.*version="ntpd ([^ ]+)[^"]+",.*processor="([^ ]+)",.*system="Linux/(?:[^ ]+\.ESX)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
112
|
+
<description>ntpd running on VMware ESX</description>
|
|
113
|
+
<example service.version="4.2.2p1@1.1570-o" os.arch="x86_64">
|
|
114
|
+
version="ntpd 4.2.2p1@1.1570-o Thu Nov 26 11:34:34 UTC 2009 (1)",
|
|
115
|
+
processor="x86_64", system="Linux/2.6.18-194.ESX"
|
|
116
|
+
</example>
|
|
117
|
+
<param pos="0" name="service.family" value="NTP"/>
|
|
118
|
+
<param pos="0" name="service.product" value="NTP"/>
|
|
119
|
+
<param pos="1" name="service.version"/>
|
|
120
|
+
<param pos="0" name="os.vendor" value="VMware"/>
|
|
121
|
+
<param pos="0" name="os.family" value="VMware ESX/ESXi"/>
|
|
122
|
+
<param pos="0" name="os.product" value="VMware ESX Server"/>
|
|
123
|
+
<param pos="2" name="os.arch"/>
|
|
124
|
+
</fingerprint>
|
|
34
125
|
<fingerprint pattern="^.*version="ntpd ([^ ]+)[^"]+",.*processor="([^ ]+)",.*system="Linux/?([^ ]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
35
126
|
<description>ntpd running on Linux</description>
|
|
36
127
|
<example>
|
|
@@ -46,6 +137,23 @@ NTP "banners", taken from a readvar response
|
|
|
46
137
|
<param pos="2" name="os.arch"/>
|
|
47
138
|
<param pos="3" name="os.version"/>
|
|
48
139
|
</fingerprint>
|
|
140
|
+
<fingerprint pattern="^.*version="ntpd ([^ ]+)[^"]+",.*processor="([^"]+)",.*system="Darwin/?6\.([^"]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
141
|
+
<description>ntpd running on Mac OSX 10.2/Jaguar</description>
|
|
142
|
+
<example service.version="4.1.1@1.786" os.version="10.2" os.version.version="8">
|
|
143
|
+
version="ntpd 4.1.1@1.786 Tue Nov 12 09:30:41 PST 2002 (1)", processor="Power Macintosh", system="Darwin6.8",
|
|
144
|
+
</example>
|
|
145
|
+
<param pos="0" name="service.family" value="NTP"/>
|
|
146
|
+
<param pos="0" name="service.product" value="NTP"/>
|
|
147
|
+
<param pos="1" name="service.version"/>
|
|
148
|
+
<param pos="0" name="os.vendor" value="Apple"/>
|
|
149
|
+
<param pos="0" name="os.family" value="Mac OS X"/>
|
|
150
|
+
<param pos="0" name="os.product" value="Mac OS X"/>
|
|
151
|
+
<param pos="0" name="os.device" value="General"/>
|
|
152
|
+
<param pos="2" name="os.arch"/>
|
|
153
|
+
<param pos="0" name="os.version" value="10.2"/>
|
|
154
|
+
<param pos="3" name="os.version.version"/>
|
|
155
|
+
<param pos="0" name="os.certainty" value="0.9"/>
|
|
156
|
+
</fingerprint>
|
|
49
157
|
<fingerprint pattern="^.*version="ntpd ([^ ]+)[^"]+",.*processor="([^"]+)",.*system="Darwin/?7\.([^"]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
50
158
|
<description>ntpd running on Mac OSX 10.3/Panther</description>
|
|
51
159
|
<param pos="0" name="service.family" value="NTP"/>
|
|
@@ -114,6 +222,24 @@ NTP "banners", taken from a readvar response
|
|
|
114
222
|
<param pos="3" name="os.version.version"/>
|
|
115
223
|
<param pos="0" name="os.certainty" value="0.9"/>
|
|
116
224
|
</fingerprint>
|
|
225
|
+
<fingerprint pattern="^.*processor="([^"]+)".*system="BSD/OS([\d.]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
226
|
+
<description>BSD/OS with a version and arch</description>
|
|
227
|
+
<example os.arch="i386" os.product="BSD/OS" os.version="4.3.1">
|
|
228
|
+
processor="i386", system="BSD/OS4.3.1", leap=0, stratum=2
|
|
229
|
+
</example>
|
|
230
|
+
<param pos="0" name="os.vendor" value="Berkeley Software Design Inc."/>
|
|
231
|
+
<param pos="0" name="os.product" value="BSD/OS"/>
|
|
232
|
+
<param pos="1" name="os.arch"/>
|
|
233
|
+
<param pos="2" name="os.version"/>
|
|
234
|
+
</fingerprint>-->
|
|
235
|
+
<fingerprint pattern="^.*system="BSD/OS"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
236
|
+
<description>BSD/OS without a version or arch</description>
|
|
237
|
+
<example>
|
|
238
|
+
system="BSD/OS", leap=3, stratum=16, rootdelay=0.00
|
|
239
|
+
</example>
|
|
240
|
+
<param pos="0" name="os.vendor" value="Berkeley Software Design Inc."/>
|
|
241
|
+
<param pos="0" name="os.product" value="BSD/OS"/>
|
|
242
|
+
</fingerprint>
|
|
117
243
|
<fingerprint pattern="^.*version="ntpd ([^ ]+)[^"]+",.*processor="([^"]+)",.*system="Darwin/?11\.([^"]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
118
244
|
<description>ntpd running on Mac OSX 10.7/Lion</description>
|
|
119
245
|
<example>
|
|
@@ -161,6 +287,20 @@ NTP "banners", taken from a readvar response
|
|
|
161
287
|
<param pos="2" name="os.arch"/>
|
|
162
288
|
<param pos="3" name="os.version"/>
|
|
163
289
|
</fingerprint>
|
|
290
|
+
<fingerprint pattern="^.*processor="([^ ]+)",.*system="FreeBSD/?([^ ]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
291
|
+
<description>ntp without a version on FreeBSD</description>
|
|
292
|
+
<example os.arch="i386" os.version="4.1-RELEASE">
|
|
293
|
+
processor="i386", system="FreeBSD4.1-RELEASE"
|
|
294
|
+
</example>
|
|
295
|
+
<example os.arch="i386" os.version="2.2.6-RELEASE">
|
|
296
|
+
processor="i386", system="FreeBSD2.2.6-RELEASE",
|
|
297
|
+
</example>
|
|
298
|
+
<param pos="0" name="os.vendor" value="FreeBSD"/>
|
|
299
|
+
<param pos="0" name="os.family" value="FreeBSD"/>
|
|
300
|
+
<param pos="0" name="os.product" value="FreeBSD"/>
|
|
301
|
+
<param pos="1" name="os.arch"/>
|
|
302
|
+
<param pos="2" name="os.version"/>
|
|
303
|
+
</fingerprint>
|
|
164
304
|
<fingerprint pattern="^.*version="ntpd ([^ ]+)[^"]+",.*processor="([^ ]+)",.*system="NetBSD/?([^ ]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
165
305
|
<description>ntpd running on NetBSD</description>
|
|
166
306
|
<example>
|
|
@@ -176,6 +316,56 @@ NTP "banners", taken from a readvar response
|
|
|
176
316
|
<param pos="2" name="os.arch"/>
|
|
177
317
|
<param pos="3" name="os.version"/>
|
|
178
318
|
</fingerprint>
|
|
319
|
+
<fingerprint pattern="^.*processor="([^ ]+)",.*system="NetBSD/?([^ ]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
320
|
+
<description>ntpd running on NetBSD</description>
|
|
321
|
+
<example os.arch="i386" os.version="1.5.3">
|
|
322
|
+
processor="i386", system="NetBSD1.5.3"
|
|
323
|
+
</example>
|
|
324
|
+
<example>
|
|
325
|
+
processor="i386", system="NetBSD1.6"
|
|
326
|
+
</example>
|
|
327
|
+
<example>
|
|
328
|
+
processor="i386", system="NetBSD1.6.1"
|
|
329
|
+
</example>
|
|
330
|
+
<example>
|
|
331
|
+
processor="i386", system="NetBSD1.6.2_STABLE"
|
|
332
|
+
</example>
|
|
333
|
+
<example>
|
|
334
|
+
processor="sbmips", system="NetBSD3.0"
|
|
335
|
+
</example>
|
|
336
|
+
<example>
|
|
337
|
+
processor="se100", system="NetBSD1.5.3"
|
|
338
|
+
</example>
|
|
339
|
+
<example>
|
|
340
|
+
processor="seil3", system="NetBSD1.6.1_STABLE"
|
|
341
|
+
</example>
|
|
342
|
+
<example>
|
|
343
|
+
processor="seil3", system="NetBSD1.6.2_STABLE"
|
|
344
|
+
</example>
|
|
345
|
+
<example>
|
|
346
|
+
processor="seil4", system="NetBSD1.6.1_STABLE"
|
|
347
|
+
</example>
|
|
348
|
+
<example>
|
|
349
|
+
processor="seil4", system="NetBSD1.6.2_STABLE"
|
|
350
|
+
</example>
|
|
351
|
+
<example>
|
|
352
|
+
processor="siara2k", system="NetBSD1.5.3"
|
|
353
|
+
</example>
|
|
354
|
+
<param pos="0" name="os.vendor" value="NetBSD"/>
|
|
355
|
+
<param pos="0" name="os.family" value="NetBSD"/>
|
|
356
|
+
<param pos="0" name="os.product" value="NetBSD"/>
|
|
357
|
+
<param pos="1" name="os.arch"/>
|
|
358
|
+
<param pos="2" name="os.version"/>
|
|
359
|
+
</fingerprint>
|
|
360
|
+
<fingerprint pattern="^.*system="NetWare"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
361
|
+
<description>NetWare</description>
|
|
362
|
+
<example>
|
|
363
|
+
system="NetWare", leap=0, stratum=2, rootdelay=0.12
|
|
364
|
+
</example>
|
|
365
|
+
<param pos="0" name="os.vendor" value="Novell"/>
|
|
366
|
+
<param pos="0" name="os.family" value="NetWare"/>
|
|
367
|
+
<param pos="0" name="os.product" value="NetWare"/>
|
|
368
|
+
</fingerprint>
|
|
179
369
|
<fingerprint pattern="^.*version="ntpd ([^ ]+)[^"]+",.*processor="([^ ]+)",.*system="SunOS/?([^ ]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
180
370
|
<description>ntpd running on Solaris</description>
|
|
181
371
|
<example>
|
|
@@ -191,6 +381,55 @@ NTP "banners", taken from a readvar response
|
|
|
191
381
|
<param pos="2" name="os.arch"/>
|
|
192
382
|
<param pos="3" name="os.version"/>
|
|
193
383
|
</fingerprint>
|
|
384
|
+
<fingerprint pattern="^.*processor="([^ ]+)",.*system="SunOS/?([^ ]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
385
|
+
<description>Solaris with no ntp version</description>
|
|
386
|
+
<example>
|
|
387
|
+
processor="sun4m", system="SunOS5.6"
|
|
388
|
+
</example>
|
|
389
|
+
<example>
|
|
390
|
+
processor="sun4m", system="SunOS5.8"
|
|
391
|
+
</example>
|
|
392
|
+
<example>
|
|
393
|
+
processor="sun4u", system="SunOS5.10"
|
|
394
|
+
</example>
|
|
395
|
+
<example>
|
|
396
|
+
processor="sun4u", system="SunOS5.6"
|
|
397
|
+
</example>
|
|
398
|
+
<example>
|
|
399
|
+
processor="sun4u", system="SunOS5.7"
|
|
400
|
+
</example>
|
|
401
|
+
<example>
|
|
402
|
+
processor="sun4u", system="SunOS5.8"
|
|
403
|
+
</example>
|
|
404
|
+
<example>
|
|
405
|
+
processor="sun4u", system="SunOS5.9"
|
|
406
|
+
</example>
|
|
407
|
+
<param pos="0" name="os.vendor" value="Sun"/>
|
|
408
|
+
<param pos="0" name="os.family" value="Solaris"/>
|
|
409
|
+
<param pos="0" name="os.product" value="Solaris"/>
|
|
410
|
+
<param pos="1" name="os.arch"/>
|
|
411
|
+
<param pos="2" name="os.version"/>
|
|
412
|
+
</fingerprint>
|
|
413
|
+
<fingerprint pattern="^.*system="UNIX/SunOS ([^ ]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
414
|
+
<description>SunOS with no ntp version</description>
|
|
415
|
+
<example>
|
|
416
|
+
system="UNIX/SunOS 4.x",
|
|
417
|
+
</example>
|
|
418
|
+
<param pos="0" name="os.vendor" value="Sun"/>
|
|
419
|
+
<param pos="0" name="os.family" value="Solaris"/>
|
|
420
|
+
<param pos="0" name="os.product" value="Solaris"/>
|
|
421
|
+
</fingerprint>
|
|
422
|
+
<fingerprint pattern="processor="([^ ]+)",.*system="JUNOS/?([^ ]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
423
|
+
<description>Juniper/Netscreen JunOS NTP without a version</description>
|
|
424
|
+
<example>processor="i386", system="JUNOS7.0R2.7", leap=0, stratum=3</example>
|
|
425
|
+
<example>processor="i386", system="JUNOS6.4R1.6", leap=3, stratum=16</example>
|
|
426
|
+
<example>processor="i386", system="JUNOS5.5R2.3", leap=0, stratum=3</example>
|
|
427
|
+
<param pos="0" name="os.vendor" value="Juniper"/>
|
|
428
|
+
<param pos="0" name="os.family" value="Junos"/>
|
|
429
|
+
<param pos="0" name="os.product" value="Junos OS"/>
|
|
430
|
+
<param pos="2" name="os.arch"/>
|
|
431
|
+
<param pos="3" name="os.version"/>
|
|
432
|
+
</fingerprint>
|
|
194
433
|
<fingerprint pattern="^.*version="ntpd ([^ ]+)[^"]+",.*processor="([^ ]+)",.*system="JUNOS/?([^ ]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
195
434
|
<description>ntpd running on Juniper/Netscreen JunOS</description>
|
|
196
435
|
<example>
|
|
@@ -270,9 +509,9 @@ NTP "banners", taken from a readvar response
|
|
|
270
509
|
<param pos="2" name="os.arch"/>
|
|
271
510
|
<param pos="3" name="os.version"/>
|
|
272
511
|
</fingerprint>
|
|
273
|
-
<fingerprint pattern=".*processor="([^ ]+)",.*system="OSF1
|
|
512
|
+
<fingerprint pattern=".*processor="([^ ]+)",.*system="OSF1[/V]?([^ ]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
274
513
|
<description>ntpd running on OSF/1</description>
|
|
275
|
-
<example>
|
|
514
|
+
<example os.arch="alpha" os.version="4.0">
|
|
276
515
|
processor="alpha", system="OSF1V4.0", leap=00, stratum=1, precision=-18,
|
|
277
516
|
</example>
|
|
278
517
|
<param pos="0" name="service.family" value="NTP"/>
|
|
@@ -282,6 +521,14 @@ NTP "banners", taken from a readvar response
|
|
|
282
521
|
<param pos="2" name="os.version"/>
|
|
283
522
|
<param pos="1" name="os.arch"/>
|
|
284
523
|
</fingerprint>
|
|
524
|
+
<fingerprint pattern=".*system="UNIX/DECOSF1"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
525
|
+
<description>DEC OSF/1</description>
|
|
526
|
+
<example>
|
|
527
|
+
system="UNIX/DECOSF1", leap=0, stratum=3, rootdelay=18.14,
|
|
528
|
+
</example>
|
|
529
|
+
<param pos="0" name="os.vendor" value="DEC"/>
|
|
530
|
+
<param pos="0" name="os.product" value="OSF/1"/>
|
|
531
|
+
</fingerprint>
|
|
285
532
|
<fingerprint pattern="^.*system="Linux"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
286
533
|
<description>Linux with NTP enabled, no processor/version</description>
|
|
287
534
|
<example>
|
|
@@ -361,7 +608,7 @@ NTP "banners", taken from a readvar response
|
|
|
361
608
|
<param pos="0" name="os.product" value="UNIX"/>
|
|
362
609
|
<param pos="0" name="os.certainty" value="0.5"/>
|
|
363
610
|
</fingerprint>
|
|
364
|
-
<fingerprint pattern="system="VxWorks
|
|
611
|
+
<fingerprint pattern="system="VxWorks(?:/TORNADO)?"" flags="REG_ICASE">
|
|
365
612
|
<description>Generic VxWorks</description>
|
|
366
613
|
<example>
|
|
367
614
|
system="VxWorks", leap=0, stratum=8, rootdelay=63.74,
|
|
@@ -369,11 +616,32 @@ NTP "banners", taken from a readvar response
|
|
|
369
616
|
reftime=0xd4747c5c.5851f000, poll=6, clock=0xd4747c6d.31206000,
|
|
370
617
|
phase=4.131, freq=18961.38, compliance=0
|
|
371
618
|
</example>
|
|
619
|
+
<example>
|
|
620
|
+
system="VXWORKS/Tornado", leap=3, stratum=16, rootdelay=0.00, rootdispersion=0.00
|
|
621
|
+
</example>
|
|
622
|
+
<param pos="0" name="os.vendor" value="Wind River"/>
|
|
623
|
+
<param pos="0" name="os.product" value="VxWorks"/>
|
|
624
|
+
</fingerprint>
|
|
625
|
+
<fingerprint pattern="system="arm-wrs-vxworks"" flags="REG_ICASE">
|
|
626
|
+
<description>VxWorks ARM, cross-compiled on Linux</description>
|
|
627
|
+
<example>
|
|
628
|
+
processor="unknown", system="arm-wrs-vxworks", leap=0, stratum=2, rootdelay=999.86, rootdispersion=17.90, peer=32444
|
|
629
|
+
</example>
|
|
630
|
+
<param pos="0" name="os.vendor" value="Wind River"/>
|
|
631
|
+
<param pos="0" name="os.product" value="VxWorks"/>
|
|
632
|
+
<param pos="0" name="os.arch" value="arm"/>
|
|
633
|
+
</fingerprint>
|
|
634
|
+
<fingerprint pattern="system="i386-wrs-vxworks"" flags="REG_ICASE">
|
|
635
|
+
<description>VxWorks x86, cross-compiled on Linux</description>
|
|
636
|
+
<example>
|
|
637
|
+
system="i386-wrs-vxworks", leap=0, stratum=2, rootdelay=999.86, rootdispersion=17.90, peer=32444
|
|
638
|
+
</example>
|
|
372
639
|
<param pos="0" name="os.vendor" value="Wind River"/>
|
|
373
640
|
<param pos="0" name="os.product" value="VxWorks"/>
|
|
641
|
+
<param pos="0" name="os.arch" value="i386"/>
|
|
374
642
|
</fingerprint>
|
|
375
643
|
<fingerprint pattern="system="UNIX/(Unixware([^ ]+))"" flags="REG_ICASE">
|
|
376
|
-
<description>
|
|
644
|
+
<description>SCO Unixware NTP</description>
|
|
377
645
|
<example>
|
|
378
646
|
system="UNIX/Unixware2", leap=3, stratum=16, rootdelay=0.00,
|
|
379
647
|
rootdispersion=0.00, peer=0, refid=0.0.0.0, reftime=0x00000000.00000000,
|
|
@@ -384,6 +652,16 @@ NTP "banners", taken from a readvar response
|
|
|
384
652
|
<param pos="0" name="os.vendor" value="SCO"/>
|
|
385
653
|
<param pos="1" name="os.product"/>
|
|
386
654
|
</fingerprint>
|
|
655
|
+
<fingerprint pattern="^.*processor="([^"]+)", system="SCO_SV([\d\.]+)"" flags="REG_ICASE">
|
|
656
|
+
<description>SCO Unixware NTP</description>
|
|
657
|
+
<example os.version="3.2" os.arch="i386">
|
|
658
|
+
processor="i386", system="SCO_SV3.2", leap=0, stratum=2, precision=-18
|
|
659
|
+
</example>
|
|
660
|
+
<param pos="0" name="os.vendor" value="SCO"/>
|
|
661
|
+
<param pos="0" name="os.product" value="UNIX"/>
|
|
662
|
+
<param pos="1" name="os.arch"/>
|
|
663
|
+
<param pos="2" name="os.version"/>
|
|
664
|
+
</fingerprint>
|
|
387
665
|
<fingerprint pattern="^.*version="ntpd ([^ ]+)[^"]+",.*\s*processor="([^ ]+)",.*system="SecureOS/([^ ]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
388
666
|
<description>McAfee Network Firewall Enterprise NTP (SecureOS)</description>
|
|
389
667
|
<example>
|
|
@@ -536,4 +814,13 @@ NTP "banners", taken from a readvar response
|
|
|
536
814
|
<param pos="2" name="os.arch"/>
|
|
537
815
|
<param pos="3" name="os.version"/>
|
|
538
816
|
</fingerprint>
|
|
817
|
+
<fingerprint pattern=".*version="ntpd ([^ ]+)[^"]+",\s*processor,\s*system="/"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
818
|
+
<description>NTP on an unknown system</description>
|
|
819
|
+
<example service.version="4.2.6p2-RC4@1.2180-o">
|
|
820
|
+
version="ntpd 4.2.6p2-RC4@1.2180-o Sun Jun 13 02:56:12 UTC 2010 (2)", processor, system="/"
|
|
821
|
+
</example>
|
|
822
|
+
<param pos="0" name="service.family" value="NTP"/>
|
|
823
|
+
<param pos="0" name="service.product" value="NTP"/>
|
|
824
|
+
<param pos="1" name="service.version"/>
|
|
825
|
+
</fingerprint>
|
|
539
826
|
</fingerprints>
|
data/xml/smb_native_os.xml
CHANGED
|
@@ -76,7 +76,7 @@
|
|
|
76
76
|
|
|
77
77
|
<fingerprint pattern="^Windows Server 2003 R2 (\d+) (Service Pack \d+)$">
|
|
78
78
|
<description>Windows Server 2003 R2 (SP)</description>
|
|
79
|
-
<example os.
|
|
79
|
+
<example os.build="3790" os.version="Service Pack 2">Windows Server 2003 R2 3790 Service Pack 2</example>
|
|
80
80
|
<param pos="0" name="os.certainty" value="1.0"/>
|
|
81
81
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
82
82
|
<param pos="0" name="os.product" value="Windows Server 2003 R2"/>
|
|
@@ -86,7 +86,7 @@
|
|
|
86
86
|
|
|
87
87
|
<fingerprint pattern="^Windows Server 2003 (\d+)$">
|
|
88
88
|
<description>Windows Server 2003</description>
|
|
89
|
-
<example os.
|
|
89
|
+
<example os.build="3790">Windows Server 2003 3790</example>
|
|
90
90
|
<param pos="0" name="os.certainty" value="1.0"/>
|
|
91
91
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
92
92
|
<param pos="0" name="os.product" value="Windows Server 2003"/>
|
|
@@ -95,8 +95,8 @@
|
|
|
95
95
|
|
|
96
96
|
<fingerprint pattern="^Windows Server 2003 (\d+) (Service Pack \d+)$">
|
|
97
97
|
<description>Windows Server 2003 (SP)</description>
|
|
98
|
-
<example os.
|
|
99
|
-
<example os.
|
|
98
|
+
<example os.build="3790" os.version="Service Pack 1">Windows Server 2003 3790 Service Pack 1</example>
|
|
99
|
+
<example os.build="3790" os.version="Service Pack 2">Windows Server 2003 3790 Service Pack 2</example>
|
|
100
100
|
<param pos="0" name="os.certainty" value="1.0"/>
|
|
101
101
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
102
102
|
<param pos="0" name="os.product" value="Windows Server 2003"/>
|
data/xml/snmp_sysdescr.xml
CHANGED
|
@@ -1537,7 +1537,7 @@
|
|
|
1537
1537
|
<example os.version="7.2(1)4">Cisco Adaptive Security Appliance Version 7.2(1)4</example>
|
|
1538
1538
|
<example os.version="8.4(5)">Cisco Adaptive Security Appliance Version 8.4(5)</example>
|
|
1539
1539
|
<example os.version="8.4(2)">Cisco Adaptive Security Appliance Version 8.4(2)</example>
|
|
1540
|
-
<example
|
|
1540
|
+
<example os.version="7.2(4)17">Cisco Adaptive Security Appliance Version 7.2(4)17</example>
|
|
1541
1541
|
<param pos="0" name="os.certainty" value="0.85"/>
|
|
1542
1542
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
|
1543
1543
|
<param pos="0" name="os.product" value="Adaptive Security Appliance"/>
|
|
@@ -2451,11 +2451,11 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
|
2451
2451
|
<param pos="0" name="os.device" value="Switch"/>
|
|
2452
2452
|
<param pos="1" name="os.product"/>
|
|
2453
2453
|
</fingerprint>
|
|
2454
|
-
|
|
2454
|
+
|
|
2455
2455
|
<!--======================================================================
|
|
2456
2456
|
FreeBSD
|
|
2457
2457
|
=======================================================================-->
|
|
2458
|
-
|
|
2458
|
+
|
|
2459
2459
|
<fingerprint pattern="(^FreeBSD) \S+ ([\d\.]+-(?:STABLE|RELEASE)(?:-p\d+)?).*\s(\w+)$">
|
|
2460
2460
|
<description>FreeBSD 10.0</description>
|
|
2461
2461
|
<example>FreeBSD freebsd-10-x64-ports-p 10.0-RELEASE-p4 FreeBSD 10.0-RELEASE-p4 #0: Tue Jun 3 13:14:57 UTC 2014 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64</example>
|
|
@@ -2471,7 +2471,7 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
|
2471
2471
|
<param pos="2" name="os.version"/>
|
|
2472
2472
|
<param pos="3" name="os.arch"/>
|
|
2473
2473
|
</fingerprint>
|
|
2474
|
-
|
|
2474
|
+
|
|
2475
2475
|
<fingerprint pattern="^FreeBSD">
|
|
2476
2476
|
<description>FreeBSD generic</description>
|
|
2477
2477
|
<example>FreeBSD freebsd</example>
|
|
@@ -2480,7 +2480,7 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
|
2480
2480
|
<param pos="0" name="os.product" value="Linux"/>
|
|
2481
2481
|
<param pos="0" name="os.device" value="General"/>
|
|
2482
2482
|
</fingerprint>
|
|
2483
|
-
|
|
2483
|
+
|
|
2484
2484
|
<!--======================================================================
|
|
2485
2485
|
FUJI XEROX
|
|
2486
2486
|
=======================================================================-->
|
|
@@ -5257,7 +5257,7 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
|
5257
5257
|
<param pos="0" name="os.device" value="General"/>
|
|
5258
5258
|
<param pos="0" name="os.arch" value="x86"/>
|
|
5259
5259
|
</fingerprint>
|
|
5260
|
-
|
|
5260
|
+
|
|
5261
5261
|
<fingerprint pattern="Windows\s\S+\s(6\.2\.\d+)\s+Server\s[\d\.]+\s(\w+).*">
|
|
5262
5262
|
<description>Windows Server 2012</description>
|
|
5263
5263
|
<example>Windows w12-srv-snmp 6.2.9200 Server 4.0 Intel64 Family 6 Model 26 Stepping 4</example>
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: recog
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rapid7 Research
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-10-
|
|
11
|
+
date: 2014-10-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|