recog 1.0.17 → 1.0.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/README.md CHANGED
@@ -52,6 +52,8 @@ tests that `RomSShell_4.62` matches the provided regular expression and that the
52
52
 
53
53
  The `param` elements contain a `pos` attribute, which indicates what capture field from the `pattern` should be extracted, or `0` for a static string. The `name` attribute is the key that will be reported in the case of a successful match and the `value` will either be a static string for `pos` values of `0` or missing and taken from the captured field.
54
54
 
55
+ ### Testing
56
+
55
57
  Once a fingerprint has been added, the `example` entries can be tested by executing `bin/recog_verify` against the fingerprint file:
56
58
 
57
59
  $ bin/recog_verify xml/ssh_banners.xml
@@ -61,9 +63,7 @@ Matches can be tested on the command-line in a similar fashion:
61
63
  $ echo 'OpenSSH_6.6p1 Ubuntu-2ubuntu1' | bin/recog_match xml/ssh_banners.xml -
62
64
  MATCH: {"service.version"=>"6.6p1", "openssh.comment"=>"Ubuntu-2ubuntu1", "service.vendor"=>"OpenBSD", "service.family"=>"OpenSSH", "service.product"=>"OpenSSH", "data"=>"OpenSSH_6.6p1 Ubuntu-2ubuntu1"}
63
65
 
64
-
65
-
66
-
67
-
68
-
66
+ ### Best Practices
67
+ * Create a single fingerprint for each product as long as the pattern remains clear and readable. If that is not possible, the pattern should be logically decomposed into additional fingerprints.
68
+ * Create regular expressions that allow for flexible version number matching. This ensures greater probability of matching a product. For example, all known public releases of a product report either `major.minor` or `major.minor.build` format version numbers. If the fingerprint strictly matches this version number format, it would fail to match a modified build of the product that reports only a `major` version number format.
69
69
 
data/lib/recog/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Recog
2
- VERSION = '1.0.17'
2
+ VERSION = '1.0.18'
3
3
  end
data/xml/http_servers.xml CHANGED
@@ -1889,22 +1889,73 @@
1889
1889
  <param pos="0" name="os.certainty" value="0.75"/>
1890
1890
  </fingerprint>
1891
1891
 
1892
- <fingerprint pattern = "^com.hp.openview.Coda (\d\.\d.\d)$">
1893
- <description>HP Openview Coda</description>
1894
- <example>com.hp.openview.Coda 0.0.1</example>
1892
+ <fingerprint pattern = "^(?:BBC \d+\.\d+\.\d+\.?\d*; )?(?:com.hp.openview.)?[c|C]oda (\d+\.\d+\.\d+\.?\d*)$">
1893
+ <description>HP Openview Coda (Communications Daemon)</description>
1894
+ <example service.component.version="0.0.1">com.hp.openview.Coda 0.0.1</example>
1895
+ <example service.component.version="10.00.123">BBC 05.20.050; coda 10.00.123</example>
1896
+ <example service.component.version="0.0.1">BBC 2.6.0.7; com.hp.openview.Coda 0.0.1</example>
1895
1897
  <param pos="0" name="service.vendor" value="HP"/>
1896
1898
  <param pos="0" name="service.family" value="OpenView"/>
1897
- <param pos="0" name="service.product" value="OpenView"/>
1898
- <param pos="1" name="service.version"/>
1899
+ <param pos="0" name="service.component.vendor" value="HP"/>
1900
+ <param pos="0" name="service.component.family" value="OpenView"/>
1901
+ <param pos="0" name="service.component.product" value="CODA"/>
1902
+ <param pos="1" name="service.component.version"/>
1899
1903
  </fingerprint>
1900
1904
 
1901
- <fingerprint pattern = "^com.hp.openview.bbc.LLBServer (\d\.\d.\d\.\d)$">
1902
- <description>HP Openview LLBServer</description>
1903
- <example>com.hp.openview.bbc.LLBServer 2.6.8.1</example>
1905
+ <fingerprint pattern="^BBC \d+\.\d+\.\d+\.?\d*; ovbbcrcp (\d+\.\d+\.\d+\.?\d*)$">
1906
+ <description>OpenView Reverse Channel Proxy (RCP)</description>
1907
+ <example service.component.version="11.00.044">BBC 11.00.044; ovbbcrcp 11.00.044</example>
1904
1908
  <param pos="0" name="service.vendor" value="HP"/>
1905
1909
  <param pos="0" name="service.family" value="OpenView"/>
1906
- <param pos="0" name="service.product" value="OpenView"/>
1907
- <param pos="1" name="service.version"/>
1910
+ <param pos="0" name="service.component.vendor" value="HP"/>
1911
+ <param pos="0" name="service.component.family" value="OpenView"/>
1912
+ <param pos="0" name="service.component.product" value="Reverse Channel Proxy"/>
1913
+ <param pos="1" name="service.component.version"/>
1914
+ </fingerprint>
1915
+
1916
+ <fingerprint pattern = "^(?:BBC \d+\.\d+\.\d+\.?\d*; )?com.hp.openview.bbc.LLBServer (\d+\.\d+\.\d+\.?\d*)$">
1917
+ <description>HP Openview LLBServer (Local Location Broker)</description>
1918
+ <example service.component.version="2.6.8.1">com.hp.openview.bbc.LLBServer 2.6.8.1</example>
1919
+ <example service.component.version="2.6.0.7">BBC 2.6.0.7; com.hp.openview.bbc.LLBServer 2.6.0.7</example>
1920
+ <param pos="0" name="service.vendor" value="HP"/>
1921
+ <param pos="0" name="service.family" value="OpenView"/>
1922
+ <param pos="0" name="service.component.vendor" value="HP"/>
1923
+ <param pos="0" name="service.component.family" value="OpenView"/>
1924
+ <param pos="0" name="service.component.product" value="LLBServer"/>
1925
+ <param pos="1" name="service.component.version"/>
1926
+ </fingerprint>
1927
+
1928
+ <fingerprint pattern="^BBC \d+\.\d+\.\d+; ovbbccb (\d+\.\d+\.\d+)$">
1929
+ <description>OpenView Communication Broker (ovbbccb)</description>
1930
+ <example service.component.version="06.00.083">BBC 06.00.083; ovbbccb 06.00.083</example>
1931
+ <example service.component.version="11.10.035">BBC 11.10.035; ovbbccb 11.10.035</example>
1932
+ <param pos="0" name="service.vendor" value="HP"/>
1933
+ <param pos="0" name="service.family" value="OpenView"/>
1934
+ <param pos="0" name="service.component.vendor" value="HP"/>
1935
+ <param pos="0" name="service.component.family" value="OpenView"/>
1936
+ <param pos="0" name="service.component.product" value="Communication Broker"/>
1937
+ <param pos="1" name="service.component.version"/>
1938
+ </fingerprint>
1939
+
1940
+ <fingerprint pattern="^BBC \d+\.\d+\.\d+; ovbbccb unknown version$">
1941
+ <description>OpenView Communication Broker (ovbbccb) with no version</description>
1942
+ <example>BBC 11.13.007; ovbbccb unknown version</example>
1943
+ <param pos="0" name="service.vendor" value="HP"/>
1944
+ <param pos="0" name="service.family" value="OpenView"/>
1945
+ <param pos="0" name="service.component.vendor" value="HP"/>
1946
+ <param pos="0" name="service.component.family" value="OpenView"/>
1947
+ <param pos="0" name="service.component.product" value="Communication Broker"/>
1948
+ </fingerprint>
1949
+
1950
+ <fingerprint pattern="^UOS$">
1951
+ <example>UOS</example>
1952
+ <description>HTTP Server that appears unique to Managment Console on HP TippingPoint IPS Devices</description>
1953
+ <param pos="0" name="service.vendor" value="HP"/>
1954
+ <param pos="0" name="service.product" value="HTTP"/>
1955
+ <param pos="0" name="service.family" value="TippingPoint"/>
1956
+ <param pos="0" name="os.vendor" value="HP"/>
1957
+ <param pos="0" name="os.family" value="TippingPoint"/>
1958
+ <param pos="0" name="os.device" value="IPS"/>
1908
1959
  </fingerprint>
1909
1960
 
1910
1961
  <fingerprint pattern="^Helix Server Version ([0-9.]*) \(win32\) \(RealServer compatible\)$">
metadata CHANGED
@@ -1,111 +1,126 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: recog
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.17
4
+ version: 1.0.18
5
+ prerelease:
5
6
  platform: ruby
6
7
  authors:
7
8
  - Rapid7 Research
8
9
  autorequire:
9
10
  bindir: bin
10
11
  cert_chain: []
11
- date: 2015-02-19 00:00:00.000000000 Z
12
+ date: 2015-02-26 00:00:00.000000000 Z
12
13
  dependencies:
13
14
  - !ruby/object:Gem::Dependency
14
15
  name: rspec
15
16
  requirement: !ruby/object:Gem::Requirement
17
+ none: false
16
18
  requirements:
17
- - - ">="
19
+ - - ! '>='
18
20
  - !ruby/object:Gem::Version
19
21
  version: '0'
20
22
  type: :development
21
23
  prerelease: false
22
24
  version_requirements: !ruby/object:Gem::Requirement
25
+ none: false
23
26
  requirements:
24
- - - ">="
27
+ - - ! '>='
25
28
  - !ruby/object:Gem::Version
26
29
  version: '0'
27
30
  - !ruby/object:Gem::Dependency
28
31
  name: yard
29
32
  requirement: !ruby/object:Gem::Requirement
33
+ none: false
30
34
  requirements:
31
- - - ">="
35
+ - - ! '>='
32
36
  - !ruby/object:Gem::Version
33
37
  version: '0'
34
38
  type: :development
35
39
  prerelease: false
36
40
  version_requirements: !ruby/object:Gem::Requirement
41
+ none: false
37
42
  requirements:
38
- - - ">="
43
+ - - ! '>='
39
44
  - !ruby/object:Gem::Version
40
45
  version: '0'
41
46
  - !ruby/object:Gem::Dependency
42
47
  name: redcarpet
43
48
  requirement: !ruby/object:Gem::Requirement
49
+ none: false
44
50
  requirements:
45
- - - ">="
51
+ - - ! '>='
46
52
  - !ruby/object:Gem::Version
47
53
  version: '0'
48
54
  type: :development
49
55
  prerelease: false
50
56
  version_requirements: !ruby/object:Gem::Requirement
57
+ none: false
51
58
  requirements:
52
- - - ">="
59
+ - - ! '>='
53
60
  - !ruby/object:Gem::Version
54
61
  version: '0'
55
62
  - !ruby/object:Gem::Dependency
56
63
  name: cucumber
57
64
  requirement: !ruby/object:Gem::Requirement
65
+ none: false
58
66
  requirements:
59
- - - ">="
67
+ - - ! '>='
60
68
  - !ruby/object:Gem::Version
61
69
  version: '0'
62
70
  type: :development
63
71
  prerelease: false
64
72
  version_requirements: !ruby/object:Gem::Requirement
73
+ none: false
65
74
  requirements:
66
- - - ">="
75
+ - - ! '>='
67
76
  - !ruby/object:Gem::Version
68
77
  version: '0'
69
78
  - !ruby/object:Gem::Dependency
70
79
  name: aruba
71
80
  requirement: !ruby/object:Gem::Requirement
81
+ none: false
72
82
  requirements:
73
- - - ">="
83
+ - - ! '>='
74
84
  - !ruby/object:Gem::Version
75
85
  version: '0'
76
86
  type: :development
77
87
  prerelease: false
78
88
  version_requirements: !ruby/object:Gem::Requirement
89
+ none: false
79
90
  requirements:
80
- - - ">="
91
+ - - ! '>='
81
92
  - !ruby/object:Gem::Version
82
93
  version: '0'
83
94
  - !ruby/object:Gem::Dependency
84
95
  name: simplecov
85
96
  requirement: !ruby/object:Gem::Requirement
97
+ none: false
86
98
  requirements:
87
- - - ">="
99
+ - - ! '>='
88
100
  - !ruby/object:Gem::Version
89
101
  version: '0'
90
102
  type: :development
91
103
  prerelease: false
92
104
  version_requirements: !ruby/object:Gem::Requirement
105
+ none: false
93
106
  requirements:
94
- - - ">="
107
+ - - ! '>='
95
108
  - !ruby/object:Gem::Version
96
109
  version: '0'
97
110
  - !ruby/object:Gem::Dependency
98
111
  name: nokogiri
99
112
  requirement: !ruby/object:Gem::Requirement
113
+ none: false
100
114
  requirements:
101
- - - ">="
115
+ - - ! '>='
102
116
  - !ruby/object:Gem::Version
103
117
  version: '0'
104
118
  type: :runtime
105
119
  prerelease: false
106
120
  version_requirements: !ruby/object:Gem::Requirement
121
+ none: false
107
122
  requirements:
108
- - - ">="
123
+ - - ! '>='
109
124
  - !ruby/object:Gem::Version
110
125
  version: '0'
111
126
  description: Recog is a framework for identifying products, services, operating systems,
@@ -121,10 +136,10 @@ executables:
121
136
  extensions: []
122
137
  extra_rdoc_files: []
123
138
  files:
124
- - ".gitignore"
125
- - ".rspec"
126
- - ".travis.yml"
127
- - ".yardopts"
139
+ - .gitignore
140
+ - .rspec
141
+ - .travis.yml
142
+ - .yardopts
128
143
  - CONTRIBUTING.md
129
144
  - Gemfile
130
145
  - LICENSE
@@ -208,26 +223,27 @@ files:
208
223
  - xml/upnp_banners.xml
209
224
  homepage: https://www.github.com/rapid7/recog
210
225
  licenses: []
211
- metadata: {}
212
226
  post_install_message:
213
227
  rdoc_options: []
214
228
  require_paths:
215
229
  - lib
216
230
  required_ruby_version: !ruby/object:Gem::Requirement
231
+ none: false
217
232
  requirements:
218
- - - ">="
233
+ - - ! '>='
219
234
  - !ruby/object:Gem::Version
220
235
  version: '0'
221
236
  required_rubygems_version: !ruby/object:Gem::Requirement
237
+ none: false
222
238
  requirements:
223
- - - ">="
239
+ - - ! '>='
224
240
  - !ruby/object:Gem::Version
225
241
  version: '0'
226
242
  requirements: []
227
243
  rubyforge_project:
228
- rubygems_version: 2.4.3
244
+ rubygems_version: 1.8.23.2
229
245
  signing_key:
230
- specification_version: 4
246
+ specification_version: 3
231
247
  summary: Network service fingerprint database, classes, and utilities
232
248
  test_files: []
233
249
  has_rdoc:
checksums.yaml DELETED
@@ -1,7 +0,0 @@
1
- ---
2
- SHA1:
3
- metadata.gz: ba7d8b2d9765280fc41fea934102dbff6bff69b6
4
- data.tar.gz: d86c1221b484f17a0d826de292648b6bf5737381
5
- SHA512:
6
- metadata.gz: 56446fa6f827bdcf28976878dc4697333da0eb48be67884c875a8b848b6e0d44e429e675becb3a2e9556338bf9ab9af674d38dea77603f8f399a1be05adb4446
7
- data.tar.gz: 7c1e4e4751dfbf8b8082aa9928340be690f98f3cdbf1141bd5570c3a35b57a2142dc64b604a35726f9443e520c4d53e27080fa4b07891c52d7cac59aa80356b7