recog 1.0.17 → 1.0.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.md +5 -5
- data/lib/recog/version.rb +1 -1
- data/xml/http_servers.xml +61 -10
- metadata +41 -25
- checksums.yaml +0 -7
data/README.md
CHANGED
@@ -52,6 +52,8 @@ tests that `RomSShell_4.62` matches the provided regular expression and that the
|
|
52
52
|
|
53
53
|
The `param` elements contain a `pos` attribute, which indicates what capture field from the `pattern` should be extracted, or `0` for a static string. The `name` attribute is the key that will be reported in the case of a successful match and the `value` will either be a static string for `pos` values of `0` or missing and taken from the captured field.
|
54
54
|
|
55
|
+
### Testing
|
56
|
+
|
55
57
|
Once a fingerprint has been added, the `example` entries can be tested by executing `bin/recog_verify` against the fingerprint file:
|
56
58
|
|
57
59
|
$ bin/recog_verify xml/ssh_banners.xml
|
@@ -61,9 +63,7 @@ Matches can be tested on the command-line in a similar fashion:
|
|
61
63
|
$ echo 'OpenSSH_6.6p1 Ubuntu-2ubuntu1' | bin/recog_match xml/ssh_banners.xml -
|
62
64
|
MATCH: {"service.version"=>"6.6p1", "openssh.comment"=>"Ubuntu-2ubuntu1", "service.vendor"=>"OpenBSD", "service.family"=>"OpenSSH", "service.product"=>"OpenSSH", "data"=>"OpenSSH_6.6p1 Ubuntu-2ubuntu1"}
|
63
65
|
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
66
|
+
### Best Practices
|
67
|
+
* Create a single fingerprint for each product as long as the pattern remains clear and readable. If that is not possible, the pattern should be logically decomposed into additional fingerprints.
|
68
|
+
* Create regular expressions that allow for flexible version number matching. This ensures greater probability of matching a product. For example, all known public releases of a product report either `major.minor` or `major.minor.build` format version numbers. If the fingerprint strictly matches this version number format, it would fail to match a modified build of the product that reports only a `major` version number format.
|
69
69
|
|
data/lib/recog/version.rb
CHANGED
data/xml/http_servers.xml
CHANGED
@@ -1889,22 +1889,73 @@
|
|
1889
1889
|
<param pos="0" name="os.certainty" value="0.75"/>
|
1890
1890
|
</fingerprint>
|
1891
1891
|
|
1892
|
-
<fingerprint pattern = "^com.hp.openview.
|
1893
|
-
<description>HP Openview Coda</description>
|
1894
|
-
<example>com.hp.openview.Coda 0.0.1</example>
|
1892
|
+
<fingerprint pattern = "^(?:BBC \d+\.\d+\.\d+\.?\d*; )?(?:com.hp.openview.)?[c|C]oda (\d+\.\d+\.\d+\.?\d*)$">
|
1893
|
+
<description>HP Openview Coda (Communications Daemon)</description>
|
1894
|
+
<example service.component.version="0.0.1">com.hp.openview.Coda 0.0.1</example>
|
1895
|
+
<example service.component.version="10.00.123">BBC 05.20.050; coda 10.00.123</example>
|
1896
|
+
<example service.component.version="0.0.1">BBC 2.6.0.7; com.hp.openview.Coda 0.0.1</example>
|
1895
1897
|
<param pos="0" name="service.vendor" value="HP"/>
|
1896
1898
|
<param pos="0" name="service.family" value="OpenView"/>
|
1897
|
-
<param pos="0" name="service.
|
1898
|
-
<param pos="
|
1899
|
+
<param pos="0" name="service.component.vendor" value="HP"/>
|
1900
|
+
<param pos="0" name="service.component.family" value="OpenView"/>
|
1901
|
+
<param pos="0" name="service.component.product" value="CODA"/>
|
1902
|
+
<param pos="1" name="service.component.version"/>
|
1899
1903
|
</fingerprint>
|
1900
1904
|
|
1901
|
-
<fingerprint pattern
|
1902
|
-
<description>
|
1903
|
-
<example
|
1905
|
+
<fingerprint pattern="^BBC \d+\.\d+\.\d+\.?\d*; ovbbcrcp (\d+\.\d+\.\d+\.?\d*)$">
|
1906
|
+
<description>OpenView Reverse Channel Proxy (RCP)</description>
|
1907
|
+
<example service.component.version="11.00.044">BBC 11.00.044; ovbbcrcp 11.00.044</example>
|
1904
1908
|
<param pos="0" name="service.vendor" value="HP"/>
|
1905
1909
|
<param pos="0" name="service.family" value="OpenView"/>
|
1906
|
-
<param pos="0" name="service.
|
1907
|
-
<param pos="
|
1910
|
+
<param pos="0" name="service.component.vendor" value="HP"/>
|
1911
|
+
<param pos="0" name="service.component.family" value="OpenView"/>
|
1912
|
+
<param pos="0" name="service.component.product" value="Reverse Channel Proxy"/>
|
1913
|
+
<param pos="1" name="service.component.version"/>
|
1914
|
+
</fingerprint>
|
1915
|
+
|
1916
|
+
<fingerprint pattern = "^(?:BBC \d+\.\d+\.\d+\.?\d*; )?com.hp.openview.bbc.LLBServer (\d+\.\d+\.\d+\.?\d*)$">
|
1917
|
+
<description>HP Openview LLBServer (Local Location Broker)</description>
|
1918
|
+
<example service.component.version="2.6.8.1">com.hp.openview.bbc.LLBServer 2.6.8.1</example>
|
1919
|
+
<example service.component.version="2.6.0.7">BBC 2.6.0.7; com.hp.openview.bbc.LLBServer 2.6.0.7</example>
|
1920
|
+
<param pos="0" name="service.vendor" value="HP"/>
|
1921
|
+
<param pos="0" name="service.family" value="OpenView"/>
|
1922
|
+
<param pos="0" name="service.component.vendor" value="HP"/>
|
1923
|
+
<param pos="0" name="service.component.family" value="OpenView"/>
|
1924
|
+
<param pos="0" name="service.component.product" value="LLBServer"/>
|
1925
|
+
<param pos="1" name="service.component.version"/>
|
1926
|
+
</fingerprint>
|
1927
|
+
|
1928
|
+
<fingerprint pattern="^BBC \d+\.\d+\.\d+; ovbbccb (\d+\.\d+\.\d+)$">
|
1929
|
+
<description>OpenView Communication Broker (ovbbccb)</description>
|
1930
|
+
<example service.component.version="06.00.083">BBC 06.00.083; ovbbccb 06.00.083</example>
|
1931
|
+
<example service.component.version="11.10.035">BBC 11.10.035; ovbbccb 11.10.035</example>
|
1932
|
+
<param pos="0" name="service.vendor" value="HP"/>
|
1933
|
+
<param pos="0" name="service.family" value="OpenView"/>
|
1934
|
+
<param pos="0" name="service.component.vendor" value="HP"/>
|
1935
|
+
<param pos="0" name="service.component.family" value="OpenView"/>
|
1936
|
+
<param pos="0" name="service.component.product" value="Communication Broker"/>
|
1937
|
+
<param pos="1" name="service.component.version"/>
|
1938
|
+
</fingerprint>
|
1939
|
+
|
1940
|
+
<fingerprint pattern="^BBC \d+\.\d+\.\d+; ovbbccb unknown version$">
|
1941
|
+
<description>OpenView Communication Broker (ovbbccb) with no version</description>
|
1942
|
+
<example>BBC 11.13.007; ovbbccb unknown version</example>
|
1943
|
+
<param pos="0" name="service.vendor" value="HP"/>
|
1944
|
+
<param pos="0" name="service.family" value="OpenView"/>
|
1945
|
+
<param pos="0" name="service.component.vendor" value="HP"/>
|
1946
|
+
<param pos="0" name="service.component.family" value="OpenView"/>
|
1947
|
+
<param pos="0" name="service.component.product" value="Communication Broker"/>
|
1948
|
+
</fingerprint>
|
1949
|
+
|
1950
|
+
<fingerprint pattern="^UOS$">
|
1951
|
+
<example>UOS</example>
|
1952
|
+
<description>HTTP Server that appears unique to Managment Console on HP TippingPoint IPS Devices</description>
|
1953
|
+
<param pos="0" name="service.vendor" value="HP"/>
|
1954
|
+
<param pos="0" name="service.product" value="HTTP"/>
|
1955
|
+
<param pos="0" name="service.family" value="TippingPoint"/>
|
1956
|
+
<param pos="0" name="os.vendor" value="HP"/>
|
1957
|
+
<param pos="0" name="os.family" value="TippingPoint"/>
|
1958
|
+
<param pos="0" name="os.device" value="IPS"/>
|
1908
1959
|
</fingerprint>
|
1909
1960
|
|
1910
1961
|
<fingerprint pattern="^Helix Server Version ([0-9.]*) \(win32\) \(RealServer compatible\)$">
|
metadata
CHANGED
@@ -1,111 +1,126 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: recog
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.18
|
5
|
+
prerelease:
|
5
6
|
platform: ruby
|
6
7
|
authors:
|
7
8
|
- Rapid7 Research
|
8
9
|
autorequire:
|
9
10
|
bindir: bin
|
10
11
|
cert_chain: []
|
11
|
-
date: 2015-02-
|
12
|
+
date: 2015-02-26 00:00:00.000000000 Z
|
12
13
|
dependencies:
|
13
14
|
- !ruby/object:Gem::Dependency
|
14
15
|
name: rspec
|
15
16
|
requirement: !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
16
18
|
requirements:
|
17
|
-
- -
|
19
|
+
- - ! '>='
|
18
20
|
- !ruby/object:Gem::Version
|
19
21
|
version: '0'
|
20
22
|
type: :development
|
21
23
|
prerelease: false
|
22
24
|
version_requirements: !ruby/object:Gem::Requirement
|
25
|
+
none: false
|
23
26
|
requirements:
|
24
|
-
- -
|
27
|
+
- - ! '>='
|
25
28
|
- !ruby/object:Gem::Version
|
26
29
|
version: '0'
|
27
30
|
- !ruby/object:Gem::Dependency
|
28
31
|
name: yard
|
29
32
|
requirement: !ruby/object:Gem::Requirement
|
33
|
+
none: false
|
30
34
|
requirements:
|
31
|
-
- -
|
35
|
+
- - ! '>='
|
32
36
|
- !ruby/object:Gem::Version
|
33
37
|
version: '0'
|
34
38
|
type: :development
|
35
39
|
prerelease: false
|
36
40
|
version_requirements: !ruby/object:Gem::Requirement
|
41
|
+
none: false
|
37
42
|
requirements:
|
38
|
-
- -
|
43
|
+
- - ! '>='
|
39
44
|
- !ruby/object:Gem::Version
|
40
45
|
version: '0'
|
41
46
|
- !ruby/object:Gem::Dependency
|
42
47
|
name: redcarpet
|
43
48
|
requirement: !ruby/object:Gem::Requirement
|
49
|
+
none: false
|
44
50
|
requirements:
|
45
|
-
- -
|
51
|
+
- - ! '>='
|
46
52
|
- !ruby/object:Gem::Version
|
47
53
|
version: '0'
|
48
54
|
type: :development
|
49
55
|
prerelease: false
|
50
56
|
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
none: false
|
51
58
|
requirements:
|
52
|
-
- -
|
59
|
+
- - ! '>='
|
53
60
|
- !ruby/object:Gem::Version
|
54
61
|
version: '0'
|
55
62
|
- !ruby/object:Gem::Dependency
|
56
63
|
name: cucumber
|
57
64
|
requirement: !ruby/object:Gem::Requirement
|
65
|
+
none: false
|
58
66
|
requirements:
|
59
|
-
- -
|
67
|
+
- - ! '>='
|
60
68
|
- !ruby/object:Gem::Version
|
61
69
|
version: '0'
|
62
70
|
type: :development
|
63
71
|
prerelease: false
|
64
72
|
version_requirements: !ruby/object:Gem::Requirement
|
73
|
+
none: false
|
65
74
|
requirements:
|
66
|
-
- -
|
75
|
+
- - ! '>='
|
67
76
|
- !ruby/object:Gem::Version
|
68
77
|
version: '0'
|
69
78
|
- !ruby/object:Gem::Dependency
|
70
79
|
name: aruba
|
71
80
|
requirement: !ruby/object:Gem::Requirement
|
81
|
+
none: false
|
72
82
|
requirements:
|
73
|
-
- -
|
83
|
+
- - ! '>='
|
74
84
|
- !ruby/object:Gem::Version
|
75
85
|
version: '0'
|
76
86
|
type: :development
|
77
87
|
prerelease: false
|
78
88
|
version_requirements: !ruby/object:Gem::Requirement
|
89
|
+
none: false
|
79
90
|
requirements:
|
80
|
-
- -
|
91
|
+
- - ! '>='
|
81
92
|
- !ruby/object:Gem::Version
|
82
93
|
version: '0'
|
83
94
|
- !ruby/object:Gem::Dependency
|
84
95
|
name: simplecov
|
85
96
|
requirement: !ruby/object:Gem::Requirement
|
97
|
+
none: false
|
86
98
|
requirements:
|
87
|
-
- -
|
99
|
+
- - ! '>='
|
88
100
|
- !ruby/object:Gem::Version
|
89
101
|
version: '0'
|
90
102
|
type: :development
|
91
103
|
prerelease: false
|
92
104
|
version_requirements: !ruby/object:Gem::Requirement
|
105
|
+
none: false
|
93
106
|
requirements:
|
94
|
-
- -
|
107
|
+
- - ! '>='
|
95
108
|
- !ruby/object:Gem::Version
|
96
109
|
version: '0'
|
97
110
|
- !ruby/object:Gem::Dependency
|
98
111
|
name: nokogiri
|
99
112
|
requirement: !ruby/object:Gem::Requirement
|
113
|
+
none: false
|
100
114
|
requirements:
|
101
|
-
- -
|
115
|
+
- - ! '>='
|
102
116
|
- !ruby/object:Gem::Version
|
103
117
|
version: '0'
|
104
118
|
type: :runtime
|
105
119
|
prerelease: false
|
106
120
|
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
none: false
|
107
122
|
requirements:
|
108
|
-
- -
|
123
|
+
- - ! '>='
|
109
124
|
- !ruby/object:Gem::Version
|
110
125
|
version: '0'
|
111
126
|
description: Recog is a framework for identifying products, services, operating systems,
|
@@ -121,10 +136,10 @@ executables:
|
|
121
136
|
extensions: []
|
122
137
|
extra_rdoc_files: []
|
123
138
|
files:
|
124
|
-
-
|
125
|
-
-
|
126
|
-
-
|
127
|
-
-
|
139
|
+
- .gitignore
|
140
|
+
- .rspec
|
141
|
+
- .travis.yml
|
142
|
+
- .yardopts
|
128
143
|
- CONTRIBUTING.md
|
129
144
|
- Gemfile
|
130
145
|
- LICENSE
|
@@ -208,26 +223,27 @@ files:
|
|
208
223
|
- xml/upnp_banners.xml
|
209
224
|
homepage: https://www.github.com/rapid7/recog
|
210
225
|
licenses: []
|
211
|
-
metadata: {}
|
212
226
|
post_install_message:
|
213
227
|
rdoc_options: []
|
214
228
|
require_paths:
|
215
229
|
- lib
|
216
230
|
required_ruby_version: !ruby/object:Gem::Requirement
|
231
|
+
none: false
|
217
232
|
requirements:
|
218
|
-
- -
|
233
|
+
- - ! '>='
|
219
234
|
- !ruby/object:Gem::Version
|
220
235
|
version: '0'
|
221
236
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
237
|
+
none: false
|
222
238
|
requirements:
|
223
|
-
- -
|
239
|
+
- - ! '>='
|
224
240
|
- !ruby/object:Gem::Version
|
225
241
|
version: '0'
|
226
242
|
requirements: []
|
227
243
|
rubyforge_project:
|
228
|
-
rubygems_version:
|
244
|
+
rubygems_version: 1.8.23.2
|
229
245
|
signing_key:
|
230
|
-
specification_version:
|
246
|
+
specification_version: 3
|
231
247
|
summary: Network service fingerprint database, classes, and utilities
|
232
248
|
test_files: []
|
233
249
|
has_rdoc:
|
checksums.yaml
DELETED
@@ -1,7 +0,0 @@
|
|
1
|
-
---
|
2
|
-
SHA1:
|
3
|
-
metadata.gz: ba7d8b2d9765280fc41fea934102dbff6bff69b6
|
4
|
-
data.tar.gz: d86c1221b484f17a0d826de292648b6bf5737381
|
5
|
-
SHA512:
|
6
|
-
metadata.gz: 56446fa6f827bdcf28976878dc4697333da0eb48be67884c875a8b848b6e0d44e429e675becb3a2e9556338bf9ab9af674d38dea77603f8f399a1be05adb4446
|
7
|
-
data.tar.gz: 7c1e4e4751dfbf8b8082aa9928340be690f98f3cdbf1141bd5570c3a35b57a2142dc64b604a35726f9443e520c4d53e27080fa4b07891c52d7cac59aa80356b7
|