RubyGems - recog - Versions diffs - 2.0.24 → 2.1.0 - Mend

recog 2.0.24 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (53) hide show

checksums.yaml +4 -4
data/README.md +1 -1
data/features/data/matching_banners_fingerprints.xml +2 -1
data/features/data/multiple_banners_fingerprints.xml +2 -0
data/features/match.feature +6 -6
data/lib/recog/db.rb +33 -11
data/lib/recog/db_manager.rb +6 -2
data/lib/recog/fingerprint.rb +39 -2
data/lib/recog/nizer.rb +93 -20
data/lib/recog/version.rb +1 -1
data/spec/lib/fingerprint_self_test_spec.rb +7 -0
data/spec/lib/recog/nizer_spec.rb +165 -3
data/xml/apache_os.xml +1 -1
data/xml/architecture.xml +1 -1
data/xml/fingerprints.xsd +91 -0
data/xml/ftp_banners.xml +456 -74
data/xml/h323_callresp.xml +1 -1
data/xml/hp_pjl_id.xml +4 -1
data/xml/http_cookies.xml +1 -1
data/xml/http_servers.xml +1 -1
data/xml/http_wwwauth.xml +1 -1
data/xml/imap_banners.xml +1 -1
data/xml/ldap_searchresult.xml +1 -1
data/xml/mdns_device-info_txt.xml +1 -1
data/xml/mdns_workstation_txt.xml +1 -1
data/xml/mysql_banners.xml +1 -1
data/xml/mysql_error.xml +1 -1
data/xml/nntp_banners.xml +1 -1
data/xml/ntp_banners.xml +1 -1
data/xml/operating_system.xml +1 -1
data/xml/pop_banners.xml +1 -1
data/xml/rsh_resp.xml +1 -1
data/xml/sip_banners.xml +1 -1
data/xml/sip_user_agents.xml +1 -1
data/xml/smb_native_lm.xml +1 -1
data/xml/smb_native_os.xml +1 -1
data/xml/smtp_banners.xml +5 -1
data/xml/smtp_debug.xml +4 -1
data/xml/smtp_ehlo.xml +4 -1
data/xml/smtp_expn.xml +4 -1
data/xml/smtp_help.xml +4 -1
data/xml/smtp_mailfrom.xml +1 -1
data/xml/smtp_noop.xml +4 -1
data/xml/smtp_quit.xml +4 -1
data/xml/smtp_rcptto.xml +1 -1
data/xml/smtp_rset.xml +4 -1
data/xml/smtp_turn.xml +4 -1
data/xml/smtp_vrfy.xml +4 -1
data/xml/snmp_sysdescr.xml +1 -1
data/xml/snmp_sysobjid.xml +1 -1
data/xml/ssh_banners.xml +1 -1
data/xml/upnp_banners.xml +1 -1
metadata +4 -3

data/xml/h323_callresp.xml CHANGED

@@ -3,7 +3,7 @@
 Responses to H.323 call SETUP messages are matched against these patterns
 to fingerprint H.323 servers.
 -->
-<fingerprints>
+<fingerprints protocol="h.323" database_type="service" preference="0.80">
   <fingerprint pattern="^0x000b2d00\:(.*)\:.*?(\d*\.*\d*\.*\d*).*$" flags="REG_ICASE">
     <description>Sony H.323 Server</description>
     <param pos="0" name="service.vendor" value="Sony"/>

data/xml/hp_pjl_id.xml CHANGED

@@ -3,8 +3,11 @@
 For printers running the PJL protocol (usually on 9100/tcp), their type can be requested
 by the INFO ID command. The printer types (strings surrounded by double quotes) are
 matched against these patterns to fingerprint the printer.
+'preference' notes: The value has been explicitly set to 0.10 due to the very loose
+regex that is used here.
 -->
-<fingerprints>
+<fingerprints protocol="pjl" database_type="service" preference="0.10">
   <!--
    LaserJet and Designjet are registered trademarks of HP. Therefore matching for the keywords
    is sufficient for asserting all relevant information

data/xml/http_cookies.xml CHANGED

@@ -3,7 +3,7 @@
 Set-Cookie HTTP header values are matched against these patterns to fingerprint HTTP
 servers.
 -->
-<fingerprints matches="http_header.cookie">
+<fingerprints matches="http_header.cookie" protocol="http" database_type="service">
   <fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)=.*">
     <description>
          Adobe (Macromedia) ColdFusion uses various cookies.

data/xml/http_servers.xml CHANGED

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- HTTP Server headers are matched against these patterns to fingerprint HTTP servers. -->
-<fingerprints matches="http_header.server">
+<fingerprints matches="http_header.server" protocol="http" database_type="service" preference="0.90">
   <fingerprint pattern="^Stronghold/(\d\.\d) Apache/([012][\d.]*)\s*(.*)$">
     <description>Red Hat Stronghold Enterprise Apache</description>
     <example>Stronghold/3.0 Apache/1.3.19 RedHat/3014c</example>

data/xml/http_wwwauth.xml CHANGED

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- HTTP WWW-Authenticate headers are matched against these patterns to fingerprint HTTP servers. -->
-<fingerprints matches="http_header.wwwauth">
+<fingerprints matches="http_header.wwwauth" protocol="http" database_type="service" preference="0.85">
   <fingerprint pattern="^(?:Basic|Digest) realm=.[iI]RMC(?:@(IRMC[0-9a-fA-F]{6}))?..*$">
     <description>Fujitsu Siemens Primergy with BMC RemoteView on an iRMC card</description>
     <param pos="0" name="service.vendor" value="Fujitsu Siemens"/>

data/xml/imap_banners.xml CHANGED

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- IMAP banners are matched against these patterns to fingerprint IMAP servers. -->
-<fingerprints matches="imap4.banner">
+<fingerprints matches="imap4.banner" protocol="imap" database_type="service" preference="0.90">
   <fingerprint pattern="^Microsoft Exchange IMAP4rev1 server version (5\.5\.\d{4}\.\d+) \((.*)\) ready$">
     <description>Microsoft Exchange Server 5.5</description>
     <param pos="0" name="service.vendor" value="Microsoft"/>

data/xml/ldap_searchresult.xml CHANGED

@@ -3,7 +3,7 @@
   Notes: Ruby will fail to build the RegExp if it contains \x84 which is a standard
          byte in ASN.1 Sequence length fields.
 -->
-<fingerprints matches="ldap.search_result">
+<fingerprints matches="ldap.search_result" protocol="ldap" database_type="service" preference=".80">
   <!--
     Samba - position prior to Windows entries due to regex. When testing new

data/xml/mdns_device-info_txt.xml CHANGED

@@ -6,7 +6,7 @@
   to the domain name for a server to respond with the record:
   e.g. 'host-name._device-info._tcp.local'.
 -->
-<fingerprints matches="mdns.device-info.txt">
+<fingerprints matches="mdns.device-info.txt" protocol="mdns" database_type="util.os">
   <!--
      OS X versions:
      The number specified after osxvers= is equivalent to the major

data/xml/mdns_workstation_txt.xml CHANGED

@@ -6,7 +6,7 @@
   to the domain name for a server to respond with the record:
   e.g. 'host-name._workstation._tcp.local'.
 -->
-<fingerprints matches="mdns.workstation.txt">
+<fingerprints matches="mdns.workstation.txt" protocol="mdns" database_type="service">
   <fingerprint pattern="^org\.freedesktop\.Avahi\.cookie=\S+$">
     <description>Avahi</description>
     <example>org.freedesktop.Avahi.cookie=1023312927</example>

data/xml/mysql_banners.xml CHANGED

@@ -10,7 +10,7 @@
      the TCP payload and the fingerprints below are used to match and extract
      from this version.
 -->
-<fingerprints matches="mysql.banners">
+<fingerprints matches="mysql.banners" protocol="mysql" database_type="service" preference="0.75">
   <fingerprint pattern="^(\d{1,2}\.\d{1,3}\.[a-f\d]{1,3}(?:[.-]\d{1,2})?(?:[.-]\d{1})?)(?:-m\d{1,2})?(?:-rc)?(?:-alpha)?(?:-beta)?(?:-gamma)?(?:-?max)?(?:-rs)?(?:-modified)?(?:-debug)?(?:-log)?$" flags="REG_ICASE">
     <description>Oracle MySQL (common)</description>
     <example service.version="4.1.20">4.1.20</example>

data/xml/mysql_error.xml CHANGED

@@ -23,7 +23,7 @@
      http://osxr.org/mysql/source/sql/share/errmsg-utf8.txt or
      https://github.com/twitter/mysql/blob/master/sql/share/errmsg-utf8.txt
 -->
-<fingerprints matches="mysql.error">
+<fingerprints matches="mysql.error" protocol="mysql" database_type="service" preference=".80">
   <!-- ER_HOST_NOT_PRIVILEGED -->
   <fingerprint pattern="^Stroj '[^']+' nemá povoleno se k tomuto MySQL serveru připojit$">
     <description>Oracle MySQL error ER_HOST_NOT_PRIVILEGED (cze)</description>

data/xml/nntp_banners.xml CHANGED

@@ -3,7 +3,7 @@
 NNTP greeting messages (part of the banner after the response code) are matched
 against these patterns to fingerprint NNTP servers.
 -->
-<fingerprints matches="nntp.banner">
+<fingerprints matches="nntp.banner" protocol="nntp" database_type="service">
   <fingerprint pattern="^NNTP Service (?:.*) Version: (5.0.2195.[0-9]+) .*$">
     <description>Microsoft IIS NNTP Server on Windows 2000</description>
     <example>NNTP Service 5.00.0984 Version: 5.0.2195.7034 Posting Allowed</example>

data/xml/ntp_banners.xml CHANGED

@@ -2,7 +2,7 @@
 <!--
 NTP "banners", taken from a readvar response
 -->
-<fingerprints matches="ntp.readvar">
+<fingerprints matches="ntp.readvar" protocol="ntp" database_type="service" preference="0.80">
   <fingerprint pattern="^.*version=Domain Time II (\S+),hostname=([^,]+),.*system=Win2003.*,processor=(\S+)" flags="REG_DOT_NEWLINE,REG_ICASE">
     <description>Greyware Automation Products, Inc. Domain Time II on Windows Server 2003</description>
     <example service.version="5.1.b.20100331R" os.arch="x64" host.name="blah">

data/xml/operating_system.xml CHANGED

@@ -2,7 +2,7 @@
 <!--
   Patterns for common names of various operating systems.
 -->
-<fingerprints matches="operating_system.name">
+<fingerprints matches="operating_system.name" database_type="util.os" preference="0.80">
   <!-- Windows begin -->
   <fingerprint pattern="^(?i:(?:Microsoft )?(Windows (?:[a-z]+\s[a-z]+\s|[a-z]+\s)?Server (?:\d{4} R2|\d{4}))(?:,\s|\s)?([a-z]+)?(?: Edition)?(?:\s)?(SP\d|SP \d|Service Pack \d)?)$">
     <description>Windows Server 2003 and later</description>

data/xml/pop_banners.xml CHANGED

@@ -3,7 +3,7 @@
 POP3 greeting messages (part of the banner after the status indicator +OK or -ERR) are
 matched against these patterns to fingerprint POP3 servers.
 -->
-<fingerprints matches="pop3.banner">
+<fingerprints matches="pop3.banner" protocol="pop3" database_type="service" preference="0.90">
   <fingerprint pattern="^([^ ]+) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
     <description>OSX Cyrus POP</description>
     <example host.domain="8.8.8.8" service.version="2.3.8" os.version="10.5">8.8.8.8 Cyrus POP3 v2.3.8-OS X Server 10.5: 9A562 server ready &lt;1999107648.1324502155@8.8.8.8&gt;</example>

data/xml/rsh_resp.xml CHANGED

@@ -2,7 +2,7 @@
 <!--
 Rservices responses to requests are matched against these patterns to fingerprint the OSes of servers.
 -->
-<fingerprints>
+<fingerprints protocol="rsh" database_type="service">
   <fingerprint pattern="^.Permission denied: Error 0$">
     <description>Digital Unix rlogind</description>
     <example>xPermission denied: Error 0</example>

data/xml/sip_banners.xml CHANGED

@@ -2,7 +2,7 @@
 <!--
 SIP Server header values are matched against these patterns to fingerprint SIP devices.
 -->
-<fingerprints matches="sip_header.server">
+<fingerprints matches="sip_header.server" protocol="sip" database_type="service">
   <fingerprint pattern="^Cisco-SIPGateway/IOS-([\d\.x]+)$">
     <description>Cisco SIPGateway</description>
     <example>Cisco-SIPGateway/IOS-12.x</example>

data/xml/sip_user_agents.xml CHANGED

@@ -2,7 +2,7 @@
 <!--
 SIP User Agent header values are matched against these patterns to fingerprint SIP devices.
 -->
-<fingerprints matches="sip_header.user_agent">
+<fingerprints matches="sip_header.user_agent" protocol="sip" database_type="service">
   <!-- Cisco Devices -->
   <fingerprint pattern="^Cisco-SIPGateway/IOS-([\d\.x]+)$">
     <description>Cisco SIPGateway</description>

data/xml/smb_native_lm.xml CHANGED

@@ -3,7 +3,7 @@
   SMB fingerprints obtained from the Native LM (LAN manager) field of SMB
   negotations
 -->
-<fingerprints matches="smb.native_lm">
+<fingerprints matches="smb.native_lm" protocol="smb" database_type="service">
   <!-- Mac OS X -->
   <fingerprint pattern="^Samba (3\.0\.28a-apple)$">
     <description>Samba on OS X 10.6</description>

data/xml/smb_native_os.xml CHANGED

@@ -2,7 +2,7 @@
 <!--
   SMB fingerprints obtained from the Native OS field of SMB negotations
 -->
-<fingerprints matches="smb.native_os">
+<fingerprints matches="smb.native_os" protocol="smb" database_type="util.os">
   <fingerprint pattern="^(Windows NT \d\.\d+)$">
     <description>Windows NT</description>
     <example os.product="Windows NT 4.0">Windows NT 4.0</example>

data/xml/smtp_banners.xml CHANGED

@@ -17,8 +17,12 @@ These XML files are used in this order:
    smtp_quit.xml
 The system or service fingerprint with the highest certainty overwrites the others.
+'preference' notes: This value has been impacted by the poor quality of the 'Cisco PIX' match.
+  Additionally, the 'preference' value for the other databases mentioned above has been set so
+  as to implement their preference as described.
 -->
-<fingerprints matches="smtp.banner">
+<fingerprints matches="smtp.banner" protocol="smtp" database_type="service" preference="0.20">
   <fingerprint pattern="^X1 NT-ESMTP Server ([^ ]+) \(IMail (\d+\.[^ ]+) EVAL \d+-\d+\)$">
     <description>IMail EVAL version</description>
     <param pos="0" name="service.vendor" value="Ipswitch"/>

data/xml/smtp_debug.xml CHANGED

@@ -4,8 +4,11 @@ SMTP response lines to the DEBUG command are matched against these patterns
 (1 line at a time) to fingerprint SMTP servers.
 See comment at the top of smtp_banners.xml for additional info.
+'preference' note: This value has been set so as to implement the ordering
+  of SMTP related fingerprint databases as described in 'smtp_banners.xml'.
 -->
-<fingerprints>
+<fingerprints protocol="smtp" database_type="service" preference="0.14">
   <fingerprint pattern="^500 No way!$">
     <description>
          Exim

data/xml/smtp_ehlo.xml CHANGED

@@ -4,8 +4,11 @@ SMTP response lines to the EHLO command are matched against these patterns
 (1 line at a time) to fingerprint SMTP servers.
 See comment at the top of smtp_banners.xml for additional info.
+'preference' note: This value has been set so as to implement the ordering
+  of SMTP related fingerprint databases as described in 'smtp_banners.xml'.
 -->
-<fingerprints>
+<fingerprints protocol="smtp" database_type="service" preference='0.19'>
   <fingerprint pattern="^500[ -]Syntax error, command &quot;XXXX&quot; unrecognized$">
     <description>
          Cisco PIX changes the command letters to 'X' before passing

data/xml/smtp_expn.xml CHANGED

@@ -4,8 +4,11 @@ SMTP response lines to the EXPN command are matched against these patterns
 (1 line at a time) to fingerprint SMTP servers.
 See comment at the top of smtp_banners.xml for additional info.
+'preference' note: This value has been set so as to implement the ordering
+  of SMTP related fingerprint databases as described in 'smtp_banners.xml'.
 -->
-<fingerprints>
+<fingerprints protocol="smtp" database_type="service" preference="0.16">
   <fingerprint pattern="^500[ -]Syntax error, command &quot;XXXX.*&quot; unrecognized$">
     <description>
          Cisco PIX changes the command letters to 'X' before passing

data/xml/smtp_help.xml CHANGED

@@ -4,8 +4,11 @@ SMTP response lines to the HELP command are matched against these patterns
 (1 line at a time) to fingerprint SMTP servers.
 See comment at the top of smtp_banners.xml for additional info.
+'preference' note: This value has been set so as to implement the ordering
+  of SMTP related fingerprint databases as described in 'smtp_banners.xml'.
 -->
-<fingerprints>
+<fingerprints protocol="smtp" database_type="service" preference="0.18">
   <fingerprint pattern="^214[ -]This is ArGoSoft Mail Server, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
     <description>
          ArgoSoft mail server HELP response

data/xml/smtp_mailfrom.xml CHANGED

@@ -2,7 +2,7 @@
 <!--
 This file is currently unused.
 -->
-<fingerprints>
+<fingerprints protocol="smtp" database_type="service">
   <fingerprint pattern="250 .* is syntactically correct *">
     <description>exim</description>
     <example>250 &lt;nosuchuser@rapid7.com&gt; is syntactically correct</example>

data/xml/smtp_noop.xml CHANGED

@@ -4,8 +4,11 @@ SMTP response lines to the NOOP command are matched against these patterns
 (1 line at a time) to fingerprint SMTP servers.
 See comment at the top of smtp_banners.xml for additional info.
+'preference' note: This value has been set so as to implement the ordering
+  of SMTP related fingerprint databases as described in 'smtp_banners.xml'.
 -->
-<fingerprints>
+<fingerprints protocol="smtp" database_type="service" preference="0.17">
   <fingerprint pattern="^220 OK.*$">
     <description>
          CheckPoint FireWall-1 returns code 220 for NOOP command (instead of 250)

data/xml/smtp_quit.xml CHANGED

@@ -4,8 +4,11 @@ SMTP response lines to the QUIT command are matched against these patterns
 (1 line at a time) to fingerprint SMTP servers.
 See comment at the top of smtp_banners.xml for additional info.
+'preference' note: This value has been set so as to implement the ordering
+  of SMTP related fingerprint databases as described in 'smtp_banners.xml'.
 -->
-<fingerprints>
+<fingerprints protocol="smtp" database_type="service" preference="0.11">
   <fingerprint pattern="^221[ -]See ya in cyberspace$">
     <description>
          221 See ya in cyberspace

data/xml/smtp_rcptto.xml CHANGED

@@ -2,7 +2,7 @@
 <!--
 This file is currently unused.
 -->
-<fingerprints>
+<fingerprints protocol="smtp" database_type="service">
   <!--
    <fingerprint pattern="501[ -]Invalid domain *">
       <description>

data/xml/smtp_rset.xml CHANGED

@@ -4,8 +4,11 @@ SMTP response lines to the RSET command are matched against these patterns
 (1 line at a time) to fingerprint SMTP servers.
 See comment at the top of smtp_banners.xml for additional info.
+'preference' note: This value has been set so as to implement the ordering
+  of SMTP related fingerprint databases as described in 'smtp_banners.xml'.
 -->
-<fingerprints>
+<fingerprints protocol="smtp" database_type="service" preference="0.12">
   <fingerprint pattern="^250[ -]RSET\?  Well, OK\.$">
     <description>
          500 What? I don't understand that.

data/xml/smtp_turn.xml CHANGED

@@ -4,8 +4,11 @@ SMTP response lines to the TURN command are matched against these patterns
 (1 line at a time) to fingerprint SMTP servers.
 See comment at the top of smtp_banners.xml for additional info.
+'preference' note: This value has been set so as to implement the ordering
+  of SMTP related fingerprint databases as described in 'smtp_banners.xml'.
 -->
-<fingerprints>
+<fingerprints protocol="smtp" database_type="service" preference="0.13">
   <fingerprint pattern="^502[ -]Hey!  I don't let remote systems TURN on me\.$">
     <description>
          502 Hey!  I don't let remote systems TURN on me.

data/xml/smtp_vrfy.xml CHANGED

@@ -4,8 +4,11 @@ SMTP response lines to the VRFY command are matched against these patterns
 (1 line at a time) to fingerprint SMTP servers.
 See comment at the top of smtp_banners.xml for additional info.
+'preference' note: This value has been set so as to implement the ordering
+  of SMTP related fingerprint databases as described in 'smtp_banners.xml'.
 -->
-<fingerprints>
+<fingerprints protocol="smtp" database_type="service" preference="0.15">
   <fingerprint pattern="^500[ -]Syntax error, command &quot;XXXX.*&quot; unrecognized$">
     <description>
          Cisco PIX changes the command letters to 'X' before passing

data/xml/snmp_sysdescr.xml CHANGED

@@ -4,7 +4,7 @@
   SNMP fingerprint definitions. These are matched against the value of the
   'sysDescr' (OID 1.3.6.1.2.1.1.1) variable.
 -->
-<fingerprints matches="snmp.sys_description">
+<fingerprints matches="snmp.sys_description" protocol="snmp" database_type="service" preference="0.20">
   <!--======================================================================
                               3COM
    =======================================================================-->

data/xml/snmp_sysobjid.xml CHANGED

@@ -3,7 +3,7 @@
   SNMP fingerprint definitions for SysObjectIDs. These are matched against the value of the
   'sysObjectID' (OID 1.3.6.1.2.1.1.2) variable.
 -->
-<fingerprints matches="snmp.sys_object_id">
+<fingerprints matches="snmp.sys_object_id" protocol="snmp" database_type="service">
   <!--======================================================================
                               MICROSOFT
    =======================================================================-->

data/xml/ssh_banners.xml CHANGED

@@ -4,7 +4,7 @@ SSH "software revision and comment" strings (official RFC nomenclature for the p
 the identification string after "SSH-x.x-") are matched against these patterns to
 fingerprint SSH servers.
 -->
-<fingerprints matches="ssh.banner">
+<fingerprints matches="ssh.banner" protocol="ssh" database_type="service" preference="0.90">
   <!-- Honeypot SSH server banners are useless for fingerprinting -->
   <fingerprint pattern="honeypot" flags="REG_ICASE">
     <description>Honeypot SSH</description>

data/xml/upnp_banners.xml CHANGED

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- UPnP Server headers are matched against these patterns to fingerprint UPnP servers. -->
-<fingerprints matches="ssdp_header.server">
+<fingerprints matches="ssdp_header.server" protocol="ssdp" database_type="service" preference="0.70">
   <fingerprint pattern="^Linux/(\S+) UPnP/[\d\.]+ miniupnpd/([\d\.]+)$" flags="REG_ICASE">
     <description>Linux MiniUPnPd UPnP Server</description>
     <example>Linux/Cross_compiled UPnP/1.0 miniupnpd/1.0</example>

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: recog
 version: !ruby/object:Gem::Version
-  version: 2.0.24
+  version: 2.1.0
 platform: ruby
 authors:
 - Rapid7 Research
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-11-09 00:00:00.000000000 Z
+date: 2016-11-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -237,7 +237,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.2.5
+rubygems_version: 2.5.2
 signing_key:
 specification_version: 4
 summary: Network service fingerprint database, classes, and utilities
@@ -268,3 +268,4 @@ test_files:
 - spec/lib/recog/nizer_spec.rb
 - spec/lib/recog/verify_reporter_spec.rb
 - spec/spec_helper.rb
+has_rdoc: