recog 1.0.17 → 1.0.18

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. data/README.md +5 -5
  2. data/lib/recog/version.rb +1 -1
  3. data/xml/http_servers.xml +61 -10
  4. metadata +41 -25
  5. checksums.yaml +0 -7
data/README.md CHANGED
@@ -52,6 +52,8 @@ tests that `RomSShell_4.62` matches the provided regular expression and that the
52
52
 
53
53
  The `param` elements contain a `pos` attribute, which indicates what capture field from the `pattern` should be extracted, or `0` for a static string. The `name` attribute is the key that will be reported in the case of a successful match and the `value` will either be a static string for `pos` values of `0` or missing and taken from the captured field.
54
54
 
55
+ ### Testing
56
+
55
57
  Once a fingerprint has been added, the `example` entries can be tested by executing `bin/recog_verify` against the fingerprint file:
56
58
 
57
59
  $ bin/recog_verify xml/ssh_banners.xml
@@ -61,9 +63,7 @@ Matches can be tested on the command-line in a similar fashion:
61
63
  $ echo 'OpenSSH_6.6p1 Ubuntu-2ubuntu1' | bin/recog_match xml/ssh_banners.xml -
62
64
  MATCH: {"service.version"=>"6.6p1", "openssh.comment"=>"Ubuntu-2ubuntu1", "service.vendor"=>"OpenBSD", "service.family"=>"OpenSSH", "service.product"=>"OpenSSH", "data"=>"OpenSSH_6.6p1 Ubuntu-2ubuntu1"}
63
65
 
64
-
65
-
66
-
67
-
68
-
66
+ ### Best Practices
67
+ * Create a single fingerprint for each product as long as the pattern remains clear and readable. If that is not possible, the pattern should be logically decomposed into additional fingerprints.
68
+ * Create regular expressions that allow for flexible version number matching. This ensures greater probability of matching a product. For example, all known public releases of a product report either `major.minor` or `major.minor.build` format version numbers. If the fingerprint strictly matches this version number format, it would fail to match a modified build of the product that reports only a `major` version number format.
69
69
 
data/lib/recog/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Recog
2
- VERSION = '1.0.17'
2
+ VERSION = '1.0.18'
3
3
  end
data/xml/http_servers.xml CHANGED
@@ -1889,22 +1889,73 @@
1889
1889
  <param pos="0" name="os.certainty" value="0.75"/>
1890
1890
  </fingerprint>
1891
1891
 
1892
- <fingerprint pattern = "^com.hp.openview.Coda (\d\.\d.\d)$">
1893
- <description>HP Openview Coda</description>
1894
- <example>com.hp.openview.Coda 0.0.1</example>
1892
+ <fingerprint pattern = "^(?:BBC \d+\.\d+\.\d+\.?\d*; )?(?:com.hp.openview.)?[c|C]oda (\d+\.\d+\.\d+\.?\d*)$">
1893
+ <description>HP Openview Coda (Communications Daemon)</description>
1894
+ <example service.component.version="0.0.1">com.hp.openview.Coda 0.0.1</example>
1895
+ <example service.component.version="10.00.123">BBC 05.20.050; coda 10.00.123</example>
1896
+ <example service.component.version="0.0.1">BBC 2.6.0.7; com.hp.openview.Coda 0.0.1</example>
1895
1897
  <param pos="0" name="service.vendor" value="HP"/>
1896
1898
  <param pos="0" name="service.family" value="OpenView"/>
1897
- <param pos="0" name="service.product" value="OpenView"/>
1898
- <param pos="1" name="service.version"/>
1899
+ <param pos="0" name="service.component.vendor" value="HP"/>
1900
+ <param pos="0" name="service.component.family" value="OpenView"/>
1901
+ <param pos="0" name="service.component.product" value="CODA"/>
1902
+ <param pos="1" name="service.component.version"/>
1899
1903
  </fingerprint>
1900
1904
 
1901
- <fingerprint pattern = "^com.hp.openview.bbc.LLBServer (\d\.\d.\d\.\d)$">
1902
- <description>HP Openview LLBServer</description>
1903
- <example>com.hp.openview.bbc.LLBServer 2.6.8.1</example>
1905
+ <fingerprint pattern="^BBC \d+\.\d+\.\d+\.?\d*; ovbbcrcp (\d+\.\d+\.\d+\.?\d*)$">
1906
+ <description>OpenView Reverse Channel Proxy (RCP)</description>
1907
+ <example service.component.version="11.00.044">BBC 11.00.044; ovbbcrcp 11.00.044</example>
1904
1908
  <param pos="0" name="service.vendor" value="HP"/>
1905
1909
  <param pos="0" name="service.family" value="OpenView"/>
1906
- <param pos="0" name="service.product" value="OpenView"/>
1907
- <param pos="1" name="service.version"/>
1910
+ <param pos="0" name="service.component.vendor" value="HP"/>
1911
+ <param pos="0" name="service.component.family" value="OpenView"/>
1912
+ <param pos="0" name="service.component.product" value="Reverse Channel Proxy"/>
1913
+ <param pos="1" name="service.component.version"/>
1914
+ </fingerprint>
1915
+
1916
+ <fingerprint pattern = "^(?:BBC \d+\.\d+\.\d+\.?\d*; )?com.hp.openview.bbc.LLBServer (\d+\.\d+\.\d+\.?\d*)$">
1917
+ <description>HP Openview LLBServer (Local Location Broker)</description>
1918
+ <example service.component.version="2.6.8.1">com.hp.openview.bbc.LLBServer 2.6.8.1</example>
1919
+ <example service.component.version="2.6.0.7">BBC 2.6.0.7; com.hp.openview.bbc.LLBServer 2.6.0.7</example>
1920
+ <param pos="0" name="service.vendor" value="HP"/>
1921
+ <param pos="0" name="service.family" value="OpenView"/>
1922
+ <param pos="0" name="service.component.vendor" value="HP"/>
1923
+ <param pos="0" name="service.component.family" value="OpenView"/>
1924
+ <param pos="0" name="service.component.product" value="LLBServer"/>
1925
+ <param pos="1" name="service.component.version"/>
1926
+ </fingerprint>
1927
+
1928
+ <fingerprint pattern="^BBC \d+\.\d+\.\d+; ovbbccb (\d+\.\d+\.\d+)$">
1929
+ <description>OpenView Communication Broker (ovbbccb)</description>
1930
+ <example service.component.version="06.00.083">BBC 06.00.083; ovbbccb 06.00.083</example>
1931
+ <example service.component.version="11.10.035">BBC 11.10.035; ovbbccb 11.10.035</example>
1932
+ <param pos="0" name="service.vendor" value="HP"/>
1933
+ <param pos="0" name="service.family" value="OpenView"/>
1934
+ <param pos="0" name="service.component.vendor" value="HP"/>
1935
+ <param pos="0" name="service.component.family" value="OpenView"/>
1936
+ <param pos="0" name="service.component.product" value="Communication Broker"/>
1937
+ <param pos="1" name="service.component.version"/>
1938
+ </fingerprint>
1939
+
1940
+ <fingerprint pattern="^BBC \d+\.\d+\.\d+; ovbbccb unknown version$">
1941
+ <description>OpenView Communication Broker (ovbbccb) with no version</description>
1942
+ <example>BBC 11.13.007; ovbbccb unknown version</example>
1943
+ <param pos="0" name="service.vendor" value="HP"/>
1944
+ <param pos="0" name="service.family" value="OpenView"/>
1945
+ <param pos="0" name="service.component.vendor" value="HP"/>
1946
+ <param pos="0" name="service.component.family" value="OpenView"/>
1947
+ <param pos="0" name="service.component.product" value="Communication Broker"/>
1948
+ </fingerprint>
1949
+
1950
+ <fingerprint pattern="^UOS$">
1951
+ <example>UOS</example>
1952
+ <description>HTTP Server that appears unique to Managment Console on HP TippingPoint IPS Devices</description>
1953
+ <param pos="0" name="service.vendor" value="HP"/>
1954
+ <param pos="0" name="service.product" value="HTTP"/>
1955
+ <param pos="0" name="service.family" value="TippingPoint"/>
1956
+ <param pos="0" name="os.vendor" value="HP"/>
1957
+ <param pos="0" name="os.family" value="TippingPoint"/>
1958
+ <param pos="0" name="os.device" value="IPS"/>
1908
1959
  </fingerprint>
1909
1960
 
1910
1961
  <fingerprint pattern="^Helix Server Version ([0-9.]*) \(win32\) \(RealServer compatible\)$">
metadata CHANGED
@@ -1,111 +1,126 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: recog
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.17
4
+ version: 1.0.18
5
+ prerelease:
5
6
  platform: ruby
6
7
  authors:
7
8
  - Rapid7 Research
8
9
  autorequire:
9
10
  bindir: bin
10
11
  cert_chain: []
11
- date: 2015-02-19 00:00:00.000000000 Z
12
+ date: 2015-02-26 00:00:00.000000000 Z
12
13
  dependencies:
13
14
  - !ruby/object:Gem::Dependency
14
15
  name: rspec
15
16
  requirement: !ruby/object:Gem::Requirement
17
+ none: false
16
18
  requirements:
17
- - - ">="
19
+ - - ! '>='
18
20
  - !ruby/object:Gem::Version
19
21
  version: '0'
20
22
  type: :development
21
23
  prerelease: false
22
24
  version_requirements: !ruby/object:Gem::Requirement
25
+ none: false
23
26
  requirements:
24
- - - ">="
27
+ - - ! '>='
25
28
  - !ruby/object:Gem::Version
26
29
  version: '0'
27
30
  - !ruby/object:Gem::Dependency
28
31
  name: yard
29
32
  requirement: !ruby/object:Gem::Requirement
33
+ none: false
30
34
  requirements:
31
- - - ">="
35
+ - - ! '>='
32
36
  - !ruby/object:Gem::Version
33
37
  version: '0'
34
38
  type: :development
35
39
  prerelease: false
36
40
  version_requirements: !ruby/object:Gem::Requirement
41
+ none: false
37
42
  requirements:
38
- - - ">="
43
+ - - ! '>='
39
44
  - !ruby/object:Gem::Version
40
45
  version: '0'
41
46
  - !ruby/object:Gem::Dependency
42
47
  name: redcarpet
43
48
  requirement: !ruby/object:Gem::Requirement
49
+ none: false
44
50
  requirements:
45
- - - ">="
51
+ - - ! '>='
46
52
  - !ruby/object:Gem::Version
47
53
  version: '0'
48
54
  type: :development
49
55
  prerelease: false
50
56
  version_requirements: !ruby/object:Gem::Requirement
57
+ none: false
51
58
  requirements:
52
- - - ">="
59
+ - - ! '>='
53
60
  - !ruby/object:Gem::Version
54
61
  version: '0'
55
62
  - !ruby/object:Gem::Dependency
56
63
  name: cucumber
57
64
  requirement: !ruby/object:Gem::Requirement
65
+ none: false
58
66
  requirements:
59
- - - ">="
67
+ - - ! '>='
60
68
  - !ruby/object:Gem::Version
61
69
  version: '0'
62
70
  type: :development
63
71
  prerelease: false
64
72
  version_requirements: !ruby/object:Gem::Requirement
73
+ none: false
65
74
  requirements:
66
- - - ">="
75
+ - - ! '>='
67
76
  - !ruby/object:Gem::Version
68
77
  version: '0'
69
78
  - !ruby/object:Gem::Dependency
70
79
  name: aruba
71
80
  requirement: !ruby/object:Gem::Requirement
81
+ none: false
72
82
  requirements:
73
- - - ">="
83
+ - - ! '>='
74
84
  - !ruby/object:Gem::Version
75
85
  version: '0'
76
86
  type: :development
77
87
  prerelease: false
78
88
  version_requirements: !ruby/object:Gem::Requirement
89
+ none: false
79
90
  requirements:
80
- - - ">="
91
+ - - ! '>='
81
92
  - !ruby/object:Gem::Version
82
93
  version: '0'
83
94
  - !ruby/object:Gem::Dependency
84
95
  name: simplecov
85
96
  requirement: !ruby/object:Gem::Requirement
97
+ none: false
86
98
  requirements:
87
- - - ">="
99
+ - - ! '>='
88
100
  - !ruby/object:Gem::Version
89
101
  version: '0'
90
102
  type: :development
91
103
  prerelease: false
92
104
  version_requirements: !ruby/object:Gem::Requirement
105
+ none: false
93
106
  requirements:
94
- - - ">="
107
+ - - ! '>='
95
108
  - !ruby/object:Gem::Version
96
109
  version: '0'
97
110
  - !ruby/object:Gem::Dependency
98
111
  name: nokogiri
99
112
  requirement: !ruby/object:Gem::Requirement
113
+ none: false
100
114
  requirements:
101
- - - ">="
115
+ - - ! '>='
102
116
  - !ruby/object:Gem::Version
103
117
  version: '0'
104
118
  type: :runtime
105
119
  prerelease: false
106
120
  version_requirements: !ruby/object:Gem::Requirement
121
+ none: false
107
122
  requirements:
108
- - - ">="
123
+ - - ! '>='
109
124
  - !ruby/object:Gem::Version
110
125
  version: '0'
111
126
  description: Recog is a framework for identifying products, services, operating systems,
@@ -121,10 +136,10 @@ executables:
121
136
  extensions: []
122
137
  extra_rdoc_files: []
123
138
  files:
124
- - ".gitignore"
125
- - ".rspec"
126
- - ".travis.yml"
127
- - ".yardopts"
139
+ - .gitignore
140
+ - .rspec
141
+ - .travis.yml
142
+ - .yardopts
128
143
  - CONTRIBUTING.md
129
144
  - Gemfile
130
145
  - LICENSE
@@ -208,26 +223,27 @@ files:
208
223
  - xml/upnp_banners.xml
209
224
  homepage: https://www.github.com/rapid7/recog
210
225
  licenses: []
211
- metadata: {}
212
226
  post_install_message:
213
227
  rdoc_options: []
214
228
  require_paths:
215
229
  - lib
216
230
  required_ruby_version: !ruby/object:Gem::Requirement
231
+ none: false
217
232
  requirements:
218
- - - ">="
233
+ - - ! '>='
219
234
  - !ruby/object:Gem::Version
220
235
  version: '0'
221
236
  required_rubygems_version: !ruby/object:Gem::Requirement
237
+ none: false
222
238
  requirements:
223
- - - ">="
239
+ - - ! '>='
224
240
  - !ruby/object:Gem::Version
225
241
  version: '0'
226
242
  requirements: []
227
243
  rubyforge_project:
228
- rubygems_version: 2.4.3
244
+ rubygems_version: 1.8.23.2
229
245
  signing_key:
230
- specification_version: 4
246
+ specification_version: 3
231
247
  summary: Network service fingerprint database, classes, and utilities
232
248
  test_files: []
233
249
  has_rdoc:
checksums.yaml DELETED
@@ -1,7 +0,0 @@
1
- ---
2
- SHA1:
3
- metadata.gz: ba7d8b2d9765280fc41fea934102dbff6bff69b6
4
- data.tar.gz: d86c1221b484f17a0d826de292648b6bf5737381
5
- SHA512:
6
- metadata.gz: 56446fa6f827bdcf28976878dc4697333da0eb48be67884c875a8b848b6e0d44e429e675becb3a2e9556338bf9ab9af674d38dea77603f8f399a1be05adb4446
7
- data.tar.gz: 7c1e4e4751dfbf8b8082aa9928340be690f98f3cdbf1141bd5570c3a35b57a2142dc64b604a35726f9443e520c4d53e27080fa4b07891c52d7cac59aa80356b7