recog 1.0.24 → 1.0.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/recog/version.rb +1 -1
  3. data/xml/mysql_banners.xml +1221 -0
  4. data/xml/mysql_error.xml +129 -0
  5. metadata +4 -2
data/xml/mysql_error.xml ADDED
@@ -0,0 +1,129 @@
1
+ <?xml version="1.0"?>
2
+ <!--
3
+ Upon successful connection to an MySQL/derivative TCP endpoint, if
4
+ the connecting client is not allowed to speak to the MySQL service (for
5
+ example, it has been blocked for too many failed password attempts or it
6
+ isn't explicitly allowed to connect from this client), the first packet
7
+ received will contain an error message that is used to inform the client
8
+ of this failure prior to forcibly disconnecting the client:
9
+
10
+ $ mysql -u root -h mysql.example.com
11
+ ERROR 1130 (HY000): Host '192.168.0.100' is not allowed to connect to this MySQL server
12
+
13
+ This free-form field starts at the 7th byte and ends at the end of the TCP
14
+ payload. The fingerprints below are used to match and extract from this field.
15
+ -->
16
+ <fingerprints matches="mysql.error">
17
+
18
+ <fingerprint pattern="^(?:#HY000)?Host '[^']+' is not allowed to connect to this MySQL server$">
19
+ <example>Host '10.10.10.10' is not allowed to connect to this MySQL server</example>
20
+ <example>#HY000Host '10.10.10.10' is not allowed to connect to this MySQL server</example>
21
+ <description>Oracle MySQL - Error: Host not allowed to connect (English)</description>
22
+ <param pos="0" name="service.vendor" value="Oracle"/>
23
+ <param pos="0" name="service.family" value="MySQL"/>
24
+ <param pos="0" name="service.product" value="MySQL"/>
25
+ </fingerprint>
26
+
27
+ <fingerprint pattern="^(?:#HY000)?Host '[^']+' is blocked because of many connection errors.\s{1,2}[Uu]nblock with 'mysqladmin flush-hosts'$">
28
+ <example>Host '10.10.10.10' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'</example>
29
+ <example>Host '10.10.10.10' is blocked because of many connection errors. Unblock with 'mysqladmin flush-hosts'</example>
30
+ <description>Oracle MySQL - Error: Blocked, too many errors from this host</description>
31
+ <param pos="0" name="service.vendor" value="Oracle"/>
32
+ <param pos="0" name="service.family" value="MySQL"/>
33
+ <param pos="0" name="service.product" value="MySQL"/>
34
+ </fingerprint>
35
+
36
+ <fingerprint pattern="^Host '[^']+' is not allowed to connect to this MariaDB server$">
37
+ <example>Host '10.10.10.10' is not allowed to connect to this MariaDB server</example>
38
+ <description>MariaDB MariaDB - Error: Host not allowed to connect (English) </description>
39
+ <param pos="0" name="service.vendor" value="MariaDB"/>
40
+ <param pos="0" name="service.family" value="MySQL"/>
41
+ <param pos="0" name="service.product" value="MariaDB"/>
42
+ </fingerprint>
43
+
44
+ <fingerprint pattern="^Le h.te '[^']+' n'est pas authoris. . se connecter . ce serveur MySQL$">
45
+ <example>Le h�te '10.10.10.10' n'est pas authoris� � se connecter � ce serveur MySQL</example>
46
+ <description>Oracle MySQL - Error: Host not allowed to connect (French)</description>
47
+ <param pos="0" name="service.vendor" value="Oracle"/>
48
+ <param pos="0" name="service.family" value="MySQL"/>
49
+ <param pos="0" name="service.product" value="MySQL"/>
50
+ </fingerprint>
51
+
52
+ <fingerprint pattern="^'Host' '[^']+' n.o tem permiss.o para se conectar com este servidor MySQL$">
53
+ <example>'Host' '10.10.10.10' n�o tem permiss�o para se conectar com este servidor MySQL</example>
54
+ <description>Oracle MySQL - Error: Host not allowed to connect (Spanish)</description>
55
+ <param pos="0" name="service.vendor" value="Oracle"/>
56
+ <param pos="0" name="service.family" value="MySQL"/>
57
+ <param pos="0" name="service.product" value="MySQL"/>
58
+ </fingerprint>
59
+
60
+ <fingerprint pattern="^Host.+?hat keine Berechtigung,.+?diesem MySQL">
61
+ <example>Host '10.10.10.10' hat keine Berechtigung, sich mit diesem MySQL-Server zu verbinden</example>
62
+ <example>Host hat keine Berechtigung, eine Verbindung zu diesem MySQL Server herzustellen.</example>
63
+ <description>Oracle MySQL - Error: Host not allowed to connect (German)</description>
64
+ <param pos="0" name="service.vendor" value="Oracle"/>
65
+ <param pos="0" name="service.family" value="MySQL"/>
66
+ <param pos="0" name="service.product" value="MySQL"/>
67
+ </fingerprint>
68
+
69
+ <fingerprint pattern="^Host.+?blockiert wegen zu vieler Verbindungsfehler. Aufheben der Blockierung mit 'mysqladmin flush-hosts'">
70
+ <example>Host blockiert wegen zu vieler Verbindungsfehler. Aufheben der Blockierung mit 'mysqladmin flush-hosts'.</example>
71
+ <example>Host '10.10.10.10' blockiert wegen zu vieler Verbindungsfehler. Aufheben der Blockierung mit 'mysqladmin flush-hosts'</example>
72
+ <description>Oracle MySQL - Error: Blocked, too many errors from this host (German)</description>
73
+ <param pos="0" name="service.vendor" value="Oracle"/>
74
+ <param pos="0" name="service.family" value="MySQL"/>
75
+ <param pos="0" name="service.product" value="MySQL"/>
76
+ </fingerprint>
77
+
78
+ <fingerprint pattern="^L'h.+?est bloqu.+?cause d'un trop grand nombre d'erreur de connexion\..+?bloquer le par 'mysqladmin flush-hosts'">
79
+ <example>L'h�te '10.10.10.10' est bloqu� � cause d'un trop grand nombre d'erreur de connexion. D�bloquer le par 'mysqladmin flush-hosts'</example>
80
+ <description>Oracle MySQL - Error: Blocked, too many errors from this host (French)</description>
81
+ <param pos="0" name="service.vendor" value="Oracle"/>
82
+ <param pos="0" name="service.family" value="MySQL"/>
83
+ <param pos="0" name="service.product" value="MySQL"/>
84
+ </fingerprint>
85
+
86
+ <fingerprint pattern="^Can't create a new thread \(errno -?\d{1,2}\)">
87
+ <example>Can't create a new thread (errno -1); if you are not out of available memory, you can consult the manual for a possible OS-dependent bug</example>
88
+ <example>Can't create a new thread (errno 12); if you are not out of available memory, you can consult the manual for a possible OS-dependent bug</example>
89
+ <example>Can't create a new thread (errno 35); if you are not out of available memory, you can consult the manual for a possible OS-dependent bug</example>
90
+ <description>Oracle MySQL - Error: Out of memory</description>
91
+ <description>Oracle MySQL - Error: Out of memory</description>
92
+ <param pos="0" name="service.vendor" value="Oracle"/>
93
+ <param pos="0" name="service.family" value="MySQL"/>
94
+ <param pos="0" name="service.product" value="MySQL"/>
95
+ </fingerprint>
96
+
97
+ <fingerprint pattern="^Too many connections$">
98
+ <example>Too many connections</example>
99
+ <description>Oracle MySQL - Error: Too many connections</description>
100
+ <param pos="0" name="service.vendor" value="Oracle"/>
101
+ <param pos="0" name="service.family" value="MySQL"/>
102
+ <param pos="0" name="service.product" value="MySQL"/>
103
+ </fingerprint>
104
+
105
+ <fingerprint pattern="^Can't get hostname for your address$">
106
+ <example>Can't get hostname for your address</example>
107
+ <description>Oracle MySQL - Error: Unable to resolve client hostname</description>
108
+ <param pos="0" name="service.vendor" value="Oracle"/>
109
+ <param pos="0" name="service.family" value="MySQL"/>
110
+ <param pos="0" name="service.product" value="MySQL"/>
111
+ </fingerprint>
112
+
113
+ <fingerprint pattern="^#07000Proxy Warning - IP Forbidden$">
114
+ <example>#07000Proxy Warning - IP Forbidden</example>
115
+ <description>Oracle MySQL Proxy - Error: Host not allowed to connect</description>
116
+ <param pos="0" name="service.vendor" value="Oracle"/>
117
+ <param pos="0" name="service.family" value="MySQL"/>
118
+ <param pos="0" name="service.product" value="MySQL Proxy"/>
119
+ </fingerprint>
120
+
121
+ <fingerprint pattern="^\(proxy\) all backends are down$">
122
+ <example>(proxy) all backends are down</example>
123
+ <description>Oracle MySQL Proxy - Error: Backends down</description>
124
+ <param pos="0" name="service.vendor" value="Oracle"/>
125
+ <param pos="0" name="service.family" value="MySQL"/>
126
+ <param pos="0" name="service.product" value="MySQL Proxy"/>
127
+ </fingerprint>
128
+ <!-- Error code reference: http://dev.mysql.com/doc/refman/5.5/en/error-messages-server.html -->
129
+ </fingerprints>
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: recog
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.24
4
+ version: 1.0.25
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rapid7 Research
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-03-25 00:00:00.000000000 Z
11
+ date: 2015-03-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec
@@ -183,6 +183,8 @@ files:
183
183
  - xml/http_servers.xml
184
184
  - xml/http_wwwauth.xml
185
185
  - xml/imap_banners.xml
186
+ - xml/mysql_banners.xml
187
+ - xml/mysql_error.xml
186
188
  - xml/nntp_banners.xml
187
189
  - xml/ntp_banners.xml
188
190
  - xml/pop_banners.xml