recog 2.0.5 → 2.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 538906d10e028d9eb6b1289aad52a889a7434bed
-  data.tar.gz: c139e7f79f7e23d9a68173ec4f70816d06ea6135
+  metadata.gz: d010c11e748201cc521fce486766ca0c1e361e79
+  data.tar.gz: f969772209e0ea6d1b23edfe07468f713611124c
 SHA512:
-  metadata.gz: 255869f8b2f01dc9ef1d2e5862eb30aa08247d17598945dffd0469860a3b7dc782a15bcd0d8d25c05a9318338ec4c8d7da2bfd1dd934490ce21a5fc3b3aed84f
-  data.tar.gz: 2b801d4f83b318e1f33752b4cbcd2ea859a9f743bc17c62a86a3497f5e90acab0738c47eeb199a3b48ed0f86925b3a39ac715b3fd6a393da09fa1f30f76fc8bb
+  metadata.gz: 6ddb7b4de06272bf896d5b200181fcea4acb82006346330f05a6da3a42c87a383afdbad1d4ef7bd9555496fd425a8200ac33c54fcf295bc21c87e68607623757
+  data.tar.gz: 9d6c2044e970acf26699ef841364b5c569877ebe939dff7242a9f11810b45c14224fd89c71d209bf0159171c0ae54dcb055adc3745fe0ee7523c1d5fc5d1bf92

data/README.md

@@ -10,7 +10,7 @@ Recog is a framework for identifying products, services, operating systems, and
 
 ## Installation
 
-Recog consists of both XML fingerprint files and an assortment of code, mostly in Ruby, that makes it easy to develop, test, and use the contained fingerprints. In order to use the included ruby code, a recent version of Ruby (1.9.3+) is required, along with Rubygems and the `bundler` gem. Once these dependencies are in place, use the following commands to grab the latest source code and install any additional dependencies.
+Recog consists of both XML fingerprint files and an assortment of code, mostly in Ruby, that makes it easy to develop, test, and use the contained fingerprints. In order to use the included ruby code, a recent version of Ruby (2.1+) is required, along with Rubygems and the `bundler` gem. Once these dependencies are in place, use the following commands to grab the latest source code and install any additional dependencies.
 
     $ git clone git@github.com:rapid7/recog.git
     $ cd recog
@@ -26,19 +26,17 @@ The fingerprints within Recog are stored in XML files, each of which is designed
 
 A fingerprint file consists of an XML document like the following:
 
-    01: <?xml version="1.0"?>
-    02:
-    03: <fingerprints matches="ssh.banner">
-    04:
-    05: <fingerprint pattern="^RomSShell_([\d\.]+)$">
-    06:  <description>Allegro RomSShell SSH</description>
-    07:  <example service.version="4.62">RomSShell_4.62</example>
-    08:  <param pos="0" name="service.vendor" value="Allegro"/>
-    09:  <param pos="0" name="service.product" value="RomSShell"/>
-    10:  <param pos="1" name="service.version"/>
-    11: </fingerprint>
-    12:
-    13: </fingerprints>
+```
+<fingerprints matches="ssh.banner">
+  <fingerprint pattern="^RomSShell_([\d\.]+)$">
+    <description>Allegro RomSShell SSH</description>
+    <example service.version="4.62">RomSShell_4.62</example>
+    <param pos="0" name="service.vendor" value="Allegro"/>
+    <param pos="0" name="service.product" value="RomSShell"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+</fingerprints>
+```
 
 The first line should always consist of the XML version declaration. The first element should always be a `fingerpints` block with a `matches` attribute indicating what data this fingerprint file is supposed to match. The `matches` attribute is normally in the form of `protocol.field`.
 
@@ -48,7 +46,9 @@ Inside of the fingerprint, a `description` element should contain a human-readab
 
 At least one `example` element should be present, however multiple `example` elements are preferred.  These elements are used as part of the test coverage present in rspec which validates that the provided data matches the specified regular expression.  Additionally, if the fingerprint is using the `param` elements to extract field values from the data (described next), you can add these expected extractions as attributes for the `example` elements.  In the example above, this:
 
-    07:  <example service.version="4.62">RomSShell_4.62</example>
+```
+<example service.version="4.62">RomSShell_4.62</example>
+```
 
 tests that `RomSShell_4.62` matches the provided regular expression and that the value of `service.version` is 4.62.
 
@@ -58,14 +58,19 @@ The `param` elements contain a `pos` attribute, which indicates what capture fie
 
 Once a fingerprint has been added, the `example` entries can be tested by executing `bin/recog_verify` against the fingerprint file:
 
+```
     $ bin/recog_verify xml/ssh_banners.xml
+```
 
 Matches can be tested on the command-line in a similar fashion:
 
+```
     $ echo 'OpenSSH_6.6p1 Ubuntu-2ubuntu1' | bin/recog_match xml/ssh_banners.xml -
     MATCH: {"service.version"=>"6.6p1", "openssh.comment"=>"Ubuntu-2ubuntu1", "service.vendor"=>"OpenBSD", "service.family"=>"OpenSSH", "service.product"=>"OpenSSH", "data"=>"OpenSSH_6.6p1 Ubuntu-2ubuntu1"}
+```
 
 ### Best Practices
+
 * Create a single fingerprint for each product as long as the pattern remains clear and readable. If that is not possible, the pattern should be logically decomposed into additional fingerprints.
 * Create regular expressions that allow for flexible version number matching. This ensures greater probability of matching a product. For example, all known public releases of a product report either `major.minor` or `major.minor.build` format version numbers. If the fingerprint strictly matches this version number format, it would fail to match a modified build of the product that reports only a `major` version number format.
 

data/lib/recog/fingerprint/regexp_factory.rb

@@ -27,6 +27,8 @@ module Recog
         'IGNORECASE'        => Regexp::IGNORECASE
       }
 
+      DEFAULT_FLAGS = 0
+
       # @return [Regexp]
       def self.build(pattern, flags)
         options = build_options(flags)
@@ -44,7 +46,7 @@ module Recog
         unless unsupported_flags.empty?
           fail "Unsupported regular expression flags found: #{unsupported_flags.join(',')}. Must be one of: #{FLAG_MAP.keys.join(',')}"
         end
-        flags.reduce(Regexp::NOENCODING) do |sum, flag|
+        flags.reduce(DEFAULT_FLAGS) do |sum, flag|
           sum |= (FLAG_MAP[flag] || 0)
         end
       end

data/lib/recog/version.rb

@@ -1,3 +1,3 @@
 module Recog
-  VERSION = '2.0.5'
+  VERSION = '2.0.6'
 end

data/spec/lib/recog/db_spec.rb

@@ -57,11 +57,8 @@ describe Recog::DB do
       end
 
       it 'creates a Regexp with expected flags' do
-        if RUBY_PLATFORM =~ /java/i
-          pending "Bug in jruby"
-        end
         expect(entry.regex).to be_a(Regexp)
-        expect(entry.regex.options).to eq(Regexp::NOENCODING | Regexp::IGNORECASE)
+        expect(entry.regex.options).to eq(Recog::Fingerprint::RegexpFactory::DEFAULT_FLAGS | Regexp::IGNORECASE)
       end
 
       it "has a pattern" do

data/spec/lib/recog/fingerprint/{regexp_factory.rb → regexp_factory_spec.rb}

@@ -28,31 +28,38 @@ describe Recog::Fingerprint::RegexpFactory do
     let(:flags) { [ ] }
     it { is_expected.to be_a(Fixnum) }
 
-    specify "sets NOENCODING" do
-      expect(subject & Regexp::NOENCODING).to_not be_zero
+    context 'without any explicit flags' do
+      let(:flags) { [ ] }
+      specify "sets default flags" do
+        expect(subject).to be Recog::Fingerprint::RegexpFactory::DEFAULT_FLAGS
+      end
     end
 
     context 'with REG_ICASE' do
       let(:flags) { [ 'REG_ICASE' ] }
-      specify "sets NOENCODING & IGNORECASE" do
-        expect(subject & Regexp::NOENCODING).to_not be_zero
-        expect(subject & Regexp::IGNORECASE).to_not be_zero
+      specify "sets IGNORECASE" do
+        expect(subject).to be (Recog::Fingerprint::RegexpFactory::DEFAULT_FLAGS | Regexp::IGNORECASE)
       end
     end
 
     context 'with REG_DOT_NEWLINE' do
       let(:flags) { [ 'REG_DOT_NEWLINE' ] }
-      specify "sets NOENCODING & MULTILINE" do
-        expect(subject & Regexp::NOENCODING).to_not be_zero
-        expect(subject & Regexp::MULTILINE).to_not be_zero
+      specify "sets MULTILINE" do
+        expect(subject).to be (Recog::Fingerprint::RegexpFactory::DEFAULT_FLAGS | Regexp::MULTILINE)
       end
     end
 
     context 'with REG_LINE_ANY_CRLF' do
       let(:flags) { [ 'REG_LINE_ANY_CRLF' ] }
-      specify "sets NOENCODING & MULTILINE" do
-        expect(subject & Regexp::NOENCODING).to_not be_zero
-        expect(subject & Regexp::MULTILINE).to_not be_zero
+      specify "sets MULTILINE" do
+        expect(subject).to be (Recog::Fingerprint::RegexpFactory::DEFAULT_FLAGS | Regexp::MULTILINE)
+      end
+    end
+
+    context 'with multiple flags' do
+      let(:flags) { [ 'REG_LINE_ANY_CRLF', 'REG_ICASE' ] }
+      specify "sets correct flags" do
+        expect(subject).to be (Recog::Fingerprint::RegexpFactory::DEFAULT_FLAGS | Regexp::MULTILINE | Regexp::IGNORECASE)
       end
     end
 

data/xml/ftp_banners.xml

@@ -104,9 +104,10 @@ against these patterns to fingerprint FTP servers.
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
   </fingerprint>
-  <fingerprint pattern="^(\S+)(?: \S+)? FTP Server \(Version:\s+Mac OS X Server\s*([\d\.]*).*\) ready.?$" flags="REG_ICASE">
-    <description>FTPD on Mac OS X Server</description>
-    <example>example.com FTP server (Version:  Mac OS X Server 10.3 - +GSSAPI) ready.</example>
+  <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\s+([\d\.]+).*\) ready\.?" flags="REG_ICASE,MULTILINE">
+    <description>FTPD on Mac OS X Server with a version</description>
+    <example host.name="example.com" os.version="10.3">example.com FTP server (Version:  Mac OS X Server 10.3 - +GSSAPI) ready.</example>
+    <example host.name="example.com" os.version="10.3">this is a banner.  change it.&#13;&#10;example.com FTP server (Version:  Mac OS X Server 10.3 - +GSSAPI) ready.</example>
     <param pos="0" name="service.vendor" value="Apple"/>
     <param pos="0" name="service.product" value="FTP"/>
     <param pos="0" name="os.vendor" value="Apple"/>
@@ -116,6 +117,25 @@ against these patterns to fingerprint FTP servers.
     <param pos="1" name="host.name"/>
     <param pos="2" name="os.version"/>
   </fingerprint>
+  <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\) ready\.?" flags="REG_ICASE,MULTILINE">
+    <description>FTPD on Mac OS X Server without a version</description>
+    <example host.name="example.com">example.com FTP server (Version:  Mac OS X Server) ready.</example>
+    <example host.name="example.com">this is a banner.  change it.&#13;&#10;example.com FTP server (Version:  Mac OS X Server) ready.</example>
+    <param pos="0" name="service.vendor" value="Apple"/>
+    <param pos="0" name="service.product" value="FTP"/>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="os.family" value="Mac OS X"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="0" name="os.product" value="Mac OS X Server"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
+  <fingerprint pattern="^(\S+)\s+FTP Server \(tnftpd (.*)\) ready\.?$" flags="REG_ICASE">
+    <description>Simple tnftpd banner with a version</description>
+    <example host.name="example.com" service.version="20061217">example.com FTP server (tnftpd 20061217) ready.</example>
+    <param pos="0" name="service.product" value="tnftpd"/>
+    <param pos="2" name="service.version"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
   <fingerprint pattern="^(\S+) FTP Server \(SunOS (\S+)\) ready\.?$" flags="REG_ICASE">
     <description>SunOS/Solaris</description>
     <example>example.com FTP server (SunOS 5.7) ready.</example>
@@ -184,18 +204,20 @@ against these patterns to fingerprint FTP servers.
     <param pos="0" name="service.family" value="ProFTPD"/>
     <param pos="0" name="service.product" value="ProFTPD"/>
   </fingerprint>
-  <fingerprint pattern="^=\(&lt;\*&gt;\)=-\.:\. \(\( Welcome to Pure-FTPd ([\d.]+) \)\) \.:\.-=\(&lt;\*&gt;\)=-$">
+  <fingerprint pattern="^=\(&lt;\*&gt;\)=-\.:\. \(\( Welcome to Pure-FTPd ([\d.]+) \)\) \.:\.-=\(&lt;\*&gt;\)=-" flags="MULTILINE">
     <!-- yes, the leading and trailing text is not balanced.
          the leading text is missing the - at the beginning -->
     <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-</example>
+    <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-&#13;&#10;more stuff</example>
     <description>Pure-FTPd versions &lt;= 1.0.13 (at least as far back as 1.0.11)</description>
     <param pos="0" name="service.family" value="Pure-FTPd"/>
     <param pos="0" name="service.product" value="Pure-FTPd"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
-  <fingerprint pattern="^-{9,10} Welcome to Pure-FTPd (.*)-{9,10}$">
+  <fingerprint pattern="^-{9,10} Welcome to Pure-FTPd (.*)-{9,10}" flags="MULTILINE">
     <example>---------- Welcome to Pure-FTPd ----------</example>
     <example>--------- Welcome to Pure-FTPd [privsep] [TLS] ----------</example>
+    <example>--------- Welcome to Pure-FTPd [privsep] [TLS] ----------&#13;&#10;more text</example>
     <description>Pure-FTPd versions >= 1.0.14
       Config data can be zero or more of: [privsep] [TLS]
     </description>
@@ -203,8 +225,9 @@ against these patterns to fingerprint FTP servers.
     <param pos="0" name="service.family" value="Pure-FTPd"/>
     <param pos="0" name="service.product" value="Pure-FTPd"/>
   </fingerprint>
-  <fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-$">
-    <example>=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-</example>
+  <fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-" flags="MULTILINE">
+    <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-</example>
+    <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-&#13;&#10;more text</example>
     <description>Older Pure-FTPd versions</description>
     <param pos="0" name="service.family" value="Pure-FTPd"/>
     <param pos="0" name="service.product" value="Pure-FTPd"/>
@@ -866,6 +889,14 @@ against these patterns to fingerprint FTP servers.
     <param pos="1" name="host.name"/>
   </fingerprint>
 
+  <fingerprint pattern="^(\S+) FTP server \(Version (\d.*)\) ready\.?$" flags="REG_ICASE">
+    <description>Generic FTP fingerprint with a hostname and a version for a generic FTP implementation</description>
+    <example host.name="example.com" service.version="6.00LS">example.com FTP server (Version 6.00LS) ready.</example>
+    <example host.name="example.com" service.version="1.2">example.com FTP server (Version 1.2) ready.</example>
+    <param pos="1" name="host.name"/>
+    <param pos="2" name="service.version"/>
+  </fingerprint>
+
   <fingerprint pattern="^FTP (?:server|service)?(?: is)? ready\.?$" flags="REG_ICASE">
     <description>Generic FTP fingerprint without a hostname</description>
     <example>FTP server is ready.</example>

data/xml/mysql_error.xml

@@ -41,17 +41,17 @@
     <param pos="0" name="service.product" value="MariaDB"/>
   </fingerprint>
 
-  <fingerprint pattern="^Le h.te '[^']+' n'est pas authoris. . se connecter . ce serveur MySQL$">
-    <example>Le h�te '10.10.10.10' n'est pas authoris� � se connecter � ce serveur MySQL</example>
+  <fingerprint pattern="^Le hôte '[^']+' n'est pas authorisé à se connecter à ce serveur MySQL$">
+    <example>Le hôte '10.10.10.10' n'est pas authorisé à se connecter à ce serveur MySQL</example>
     <description>Oracle MySQL - Error: Host not allowed to connect (French)</description>
     <param pos="0" name="service.vendor" value="Oracle"/>
     <param pos="0" name="service.family" value="MySQL"/>
     <param pos="0" name="service.product" value="MySQL"/>
   </fingerprint>
 
-  <fingerprint pattern="^'Host' '[^']+' n.o tem permiss.o para se conectar com este servidor MySQL$">
-    <example>'Host' '10.10.10.10' n�o tem permiss�o para se conectar com este servidor MySQL</example>
-    <description>Oracle MySQL - Error: Host not allowed to connect (Spanish)</description>
+  <fingerprint pattern="^'Host' '[^']+' não tem permissão para se conectar com este servidor MySQL$">
+    <example>'Host' '10.10.10.10' não tem permissão para se conectar com este servidor MySQL</example>
+    <description>Oracle MySQL - Error: Host not allowed to connect (Portuguese)</description>
     <param pos="0" name="service.vendor" value="Oracle"/>
     <param pos="0" name="service.family" value="MySQL"/>
     <param pos="0" name="service.product" value="MySQL"/>

data/xml/smb_native_os.xml

@@ -358,6 +358,32 @@
       <param pos="1" name="os.build"/>
    </fingerprint>
 
+   <!-- Windows 10 Preview -->
+   <fingerprint pattern="^Windows 10 (\w+|\w+ \w+|\w+ \w+ \w+) Insider Preview (\d+)$">
+      <description>Windows 10 Enterprise Insider Preview</description>
+      <example os.build="10130" os.edition="Enterprise">Windows 10 Enterprise Insider Preview 10130</example>
+      <param pos="0" name="os.certainty" value="1.0"/>
+      <param pos="0" name="os.vendor" value="Microsoft"/>
+      <param pos="0" name="os.product" value="Windows 10"/>
+      <param pos="1" name="os.edition"/>
+      <param pos="2" name="os.build"/>
+   </fingerprint>
+
+   <fingerprint pattern="^Windows 10 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+      <description>Windows 10</description>
+      <example os.build="10130" os.edition="Enterprise">Windows 10 Enterprise 10130</example>
+      <example os.build="10130" os.edition="Mobile Enterprise">Windows 10 Mobile Enterprise 10130</example>
+      <example os.build="10130" os.edition="Mobile">Windows 10 Mobile 10130</example>
+      <example os.build="10130" os.edition="Home">Windows 10 Home 10130</example>
+      <example os.build="10130" os.edition="Education">Windows 10 Education 10130</example>
+      <example os.build="10130" os.edition="Professional">Windows 10 Professional 10130</example>
+      <param pos="0" name="os.certainty" value="1.0"/>
+      <param pos="0" name="os.vendor" value="Microsoft"/>
+      <param pos="0" name="os.product" value="Windows 10"/>
+      <param pos="1" name="os.edition"/>
+      <param pos="2" name="os.build"/>
+   </fingerprint>
+
    <!-- TODO: Detect vendor, distribution, and package versions -->
    <fingerprint pattern="^Samba (\d\.\d+.\d+\w*)">
       <description>Samba</description>

data/xml/ssh_banners.xml

@@ -79,7 +79,7 @@ fingerprint SSH servers.
       <param pos="0" name="os.product" value="NetBSD"/>
    </fingerprint>
 
-   <fingerprint pattern="^OpenSSH_(4\.1p1) (Debian-7ubuntu4)$">
+   <fingerprint pattern="^OpenSSH_(4\.1p1) (Debian-7ubuntu\d+(?:\.\d+)?)$">
       <description>OpenSSH running on Ubuntu 5.10</description>
       <example>OpenSSH_4.1p1 Debian-7ubuntu4</example>
       <param pos="1" name="service.version"/>
@@ -94,7 +94,7 @@ fingerprint SSH servers.
       <param pos="0" name="os.version" value="5.10"/>
    </fingerprint>
 
-   <fingerprint pattern="^OpenSSH_(4\.2p1) (Debian-7ubuntu3.*)$">
+   <fingerprint pattern="^OpenSSH_(4\.2p1) (Debian-7ubuntu\d+(?:\.\d+)?)$">
       <description>OpenSSH running on Ubuntu 6.04</description>
       <example>OpenSSH_4.2p1 Debian-7ubuntu3.1</example>
       <example>OpenSSH_4.2p1 Debian-7ubuntu3.2</example>
@@ -110,7 +110,7 @@ fingerprint SSH servers.
       <param pos="0" name="os.version" value="6.04"/>
    </fingerprint>
 
-   <fingerprint pattern="^OpenSSH_(4\.3p2) (Debian-8ubuntu1.*)$">
+   <fingerprint pattern="^OpenSSH_(4\.3p2) (Debian-8ubuntu\d+(?:\.\d+)?)$">
       <description>OpenSSH running on Ubuntu 7.04</description>
       <example>OpenSSH_4.3p2 Debian-8ubuntu1.4</example>
       <param pos="1" name="service.version"/>
@@ -125,7 +125,7 @@ fingerprint SSH servers.
       <param pos="0" name="os.version" value="7.04"/>
    </fingerprint>
 
-   <fingerprint pattern="^OpenSSH_(4\.6p1) (Debian-5ubuntu0.*)$">
+   <fingerprint pattern="^OpenSSH_(4\.6p1) (Debian-5ubuntu\d+(?:\.\d+)?)$">
       <description>OpenSSH running on Ubuntu 7.10</description>
       <example>OpenSSH_4.6p1 Debian-5ubuntu0.2</example>
       <example>OpenSSH_4.6p1 Debian-5ubuntu0.5</example>
@@ -140,11 +140,27 @@ fingerprint SSH servers.
       <param pos="0" name="os.family" value="Linux"/>
       <param pos="0" name="os.product" value="Linux"/>
       <param pos="0" name="os.version" value="7.10"/>
+    </fingerprint>
+
+   <fingerprint pattern="^OpenSSH_(4\.6p1) (Debian-5build1)$">
+      <description>OpenSSH running on very early versions of Ubuntu 7.10</description>
+      <example service.version="4.6p1" openssh.comment="Debian-5build1">OpenSSH_4.6p1 Debian-5build1</example>
+      <param pos="1" name="service.version"/>
+      <param pos="2" name="openssh.comment"/>
+      <param pos="0" name="service.vendor" value="OpenBSD"/>
+      <param pos="0" name="service.family" value="OpenSSH"/>
+      <param pos="0" name="service.product" value="OpenSSH"/>
+      <param pos="0" name="os.vendor" value="Ubuntu"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Linux"/>
+      <param pos="0" name="os.version" value="7.10"/>
    </fingerprint>
 
-   <fingerprint pattern="^OpenSSH_(4\.7p1) (Debian-8ubuntu1.*)$">
+   <fingerprint pattern="^OpenSSH_(4\.7p1) (Debian-8ubuntu\d+(?:\.\d+)?)$">
       <description>OpenSSH running on Ubuntu 8.04</description>
-      <example>OpenSSH_4.7p1 Debian-8ubuntu1.2</example>
+      <example service.version="4.7p1" openssh.comment="Debian-8ubuntu1.2">OpenSSH_4.7p1 Debian-8ubuntu1.2</example>
+      <example service.version="4.7p1" openssh.comment="Debian-8ubuntu3">OpenSSH_4.7p1 Debian-8ubuntu3</example>
       <param pos="1" name="service.version"/>
       <param pos="2" name="openssh.comment"/>
       <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -157,7 +173,7 @@ fingerprint SSH servers.
       <param pos="0" name="os.version" value="8.04"/>
    </fingerprint>
 
-   <fingerprint pattern="^OpenSSH_(5\.1p1) (Debian-3ubuntu1)$">
+   <fingerprint pattern="^OpenSSH_(5\.1p1) (Debian-3ubuntu\d+(?:\.\d+)?)$">
       <description>OpenSSH running on Ubuntu 8.10</description>
       <example>OpenSSH_5.1p1 Debian-3ubuntu1</example>
       <param pos="1" name="service.version"/>
@@ -172,7 +188,7 @@ fingerprint SSH servers.
       <param pos="0" name="os.version" value="8.10"/>
    </fingerprint>
 
-   <fingerprint pattern="^OpenSSH_(5\.1p1) (Debian-5ubuntu1)$">
+   <fingerprint pattern="^OpenSSH_(5\.1p1) (Debian-5ubuntu\d+(?:\.\d+)?)$">
       <description>OpenSSH running on Ubuntu 9.04</description>
       <example>OpenSSH_5.1p1 Debian-5ubuntu1</example>
       <param pos="1" name="service.version"/>
@@ -187,7 +203,7 @@ fingerprint SSH servers.
       <param pos="0" name="os.version" value="9.04"/>
    </fingerprint>
 
-   <fingerprint pattern="^OpenSSH_(5\.1p1) (Debian-6ubuntu2)$">
+   <fingerprint pattern="^OpenSSH_(5\.1p1) (Debian-6ubuntu\d+(?:\.\d+)?)$">
       <description>OpenSSH running on Ubuntu 9.10</description>
       <example>OpenSSH_5.1p1 Debian-6ubuntu2</example>
       <param pos="1" name="service.version"/>
@@ -202,9 +218,14 @@ fingerprint SSH servers.
       <param pos="0" name="os.version" value="9.10"/>
    </fingerprint>
 
-   <fingerprint pattern="^OpenSSH_(5\.3p1) (Debian-3ubuntu3)$">
+   <fingerprint pattern="^OpenSSH_(5\.3p1) (Debian-3ubuntu\d+(?:\.\d+)?)$">
       <description>OpenSSH running on Ubuntu 10.04 (lucid)</description>
-      <example>OpenSSH_5.3p1 Debian-3ubuntu3</example>
+      <example service.version="5.3p1" openssh.comment="Debian-3ubuntu3">OpenSSH_5.3p1 Debian-3ubuntu3</example>
+      <example service.version="5.3p1" openssh.comment="Debian-3ubuntu4">OpenSSH_5.3p1 Debian-3ubuntu4</example>
+      <example service.version="5.3p1" openssh.comment="Debian-3ubuntu5">OpenSSH_5.3p1 Debian-3ubuntu5</example>
+      <example service.version="5.3p1" openssh.comment="Debian-3ubuntu6">OpenSSH_5.3p1 Debian-3ubuntu6</example>
+      <example service.version="5.3p1" openssh.comment="Debian-3ubuntu7">OpenSSH_5.3p1 Debian-3ubuntu7</example>
+      <example service.version="5.3p1" openssh.comment="Debian-3ubuntu7.1">OpenSSH_5.3p1 Debian-3ubuntu7.1</example>
       <param pos="1" name="service.version"/>
       <param pos="2" name="openssh.comment"/>
       <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -217,9 +238,11 @@ fingerprint SSH servers.
       <param pos="0" name="os.version" value="10.04"/>
    </fingerprint>
 
-   <fingerprint pattern="^OpenSSH_(5\.3p1) (Debian-3ubuntu4)$">
-      <description>OpenSSH running on Ubuntu 10.04 (lucid) update 1</description>
-      <example>OpenSSH_5.3p1 Debian-3ubuntu4</example>
+   <fingerprint pattern="^OpenSSH_(5\.5p1) (Debian-4ubuntu\d+(?:\.\d+)?)$">
+      <description>OpenSSH running on Ubuntu 10.10</description>
+      <example service.version="5.5p1" openssh.comment="Debian-4ubuntu4">OpenSSH_5.5p1 Debian-4ubuntu4</example>
+      <example service.version="5.5p1" openssh.comment="Debian-4ubuntu5">OpenSSH_5.5p1 Debian-4ubuntu5</example>
+      <example service.version="5.5p1" openssh.comment="Debian-4ubuntu6">OpenSSH_5.5p1 Debian-4ubuntu6</example>
       <param pos="1" name="service.version"/>
       <param pos="2" name="openssh.comment"/>
       <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -229,13 +252,12 @@ fingerprint SSH servers.
       <param pos="0" name="os.device" value="General"/>
       <param pos="0" name="os.family" value="Linux"/>
       <param pos="0" name="os.product" value="Linux"/>
-      <param pos="0" name="os.version" value="10.04"/>
+      <param pos="0" name="os.version" value="10.10"/>
    </fingerprint>
 
-   <fingerprint pattern="^OpenSSH_(5\.3p1) (Debian-3ubuntu[56])$">
-      <description>OpenSSH running on Ubuntu 10.04 (lucid) update 2</description>
-      <example>OpenSSH_5.3p1 Debian-3ubuntu5</example>
-      <example>OpenSSH_5.3p1 Debian-3ubuntu6</example>
+   <fingerprint pattern="^OpenSSH_(5\.8p1) (Debian-1ubuntu\d(?:\.\d)?)$">
+      <description>OpenSSH running on Ubuntu 11.04</description>
+      <example>OpenSSH_5.8p1 Debian-1ubuntu3</example>
       <param pos="1" name="service.version"/>
       <param pos="2" name="openssh.comment"/>
       <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -245,12 +267,12 @@ fingerprint SSH servers.
       <param pos="0" name="os.device" value="General"/>
       <param pos="0" name="os.family" value="Linux"/>
       <param pos="0" name="os.product" value="Linux"/>
-      <param pos="0" name="os.version" value="10.04"/>
+      <param pos="0" name="os.version" value="11.04"/>
    </fingerprint>
 
-   <fingerprint pattern="^OpenSSH_(5\.3p1) (Debian-3ubuntu7)$">
-      <description>OpenSSH running on Ubuntu 10.04 (lucid) update 3 or update 4</description>
-      <example>OpenSSH_5.3p1 Debian-3ubuntu7</example>
+   <fingerprint pattern="^OpenSSH_(5\.8p1) (Debian-7ubuntu\d(?:\.\d)?)$">
+      <description>OpenSSH running on Ubuntu 11.10</description>
+      <example>OpenSSH_5.8p1 Debian-7ubuntu1</example>
       <param pos="1" name="service.version"/>
       <param pos="2" name="openssh.comment"/>
       <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -260,13 +282,13 @@ fingerprint SSH servers.
       <param pos="0" name="os.device" value="General"/>
       <param pos="0" name="os.family" value="Linux"/>
       <param pos="0" name="os.product" value="Linux"/>
-      <param pos="0" name="os.version" value="10.04"/>
+      <param pos="0" name="os.version" value="11.10"/>
    </fingerprint>
 
-   <fingerprint pattern="^OpenSSH_(5\.5p1) (Debian-4ubuntu[45])$">
-      <description>OpenSSH running on Ubuntu 10.10</description>
-      <example>OpenSSH_5.5p1 Debian-4ubuntu4</example>
-      <example>OpenSSH_5.5p1 Debian-4ubuntu5</example>
+   <fingerprint pattern="^OpenSSH_(5\.9p1) (Debian-5ubuntu\d(?:\.\d)?)$">
+      <description>OpenSSH running on Ubuntu 12.04</description>
+      <example service.version="5.9p1" openssh.comment="Debian-5ubuntu1">OpenSSH_5.9p1 Debian-5ubuntu1</example>
+      <example service.version="5.9p1" openssh.comment="Debian-5ubuntu1.4">OpenSSH_5.9p1 Debian-5ubuntu1.4</example>
       <param pos="1" name="service.version"/>
       <param pos="2" name="openssh.comment"/>
       <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -276,12 +298,12 @@ fingerprint SSH servers.
       <param pos="0" name="os.device" value="General"/>
       <param pos="0" name="os.family" value="Linux"/>
       <param pos="0" name="os.product" value="Linux"/>
-      <param pos="0" name="os.version" value="10.10"/>
+      <param pos="0" name="os.version" value="12.04"/>
    </fingerprint>
 
-   <fingerprint pattern="^OpenSSH_(5\.8p1) (Debian-1ubuntu3)$">
-      <description>OpenSSH running on Ubuntu 11.04</description>
-      <example>OpenSSH_5.8p1 Debian-1ubuntu3</example>
+   <fingerprint pattern="^OpenSSH_(6\.0p1) (Debian-3ubuntu\d(?:\.\d)?)$">
+      <description>OpenSSH running on Ubuntu 12.10</description>
+      <example>OpenSSH_6.0p1 Debian-3ubuntu1</example>
       <param pos="1" name="service.version"/>
       <param pos="2" name="openssh.comment"/>
       <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -291,12 +313,12 @@ fingerprint SSH servers.
       <param pos="0" name="os.device" value="General"/>
       <param pos="0" name="os.family" value="Linux"/>
       <param pos="0" name="os.product" value="Linux"/>
-      <param pos="0" name="os.version" value="11.04"/>
+      <param pos="0" name="os.version" value="12.10"/>
    </fingerprint>
 
-   <fingerprint pattern="^OpenSSH_(5\.8p1) (Debian-7ubuntu1)$">
-      <description>OpenSSH running on Ubuntu 11.10</description>
-      <example>OpenSSH_5.8p1 Debian-7ubuntu1</example>
+   <fingerprint pattern="^OpenSSH_(6\.1p1) (Debian-4)$">
+      <description>OpenSSH running on Ubuntu 13.04</description>
+      <example>OpenSSH_6.1p1 Debian-4</example>
       <param pos="1" name="service.version"/>
       <param pos="2" name="openssh.comment"/>
       <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -306,12 +328,13 @@ fingerprint SSH servers.
       <param pos="0" name="os.device" value="General"/>
       <param pos="0" name="os.family" value="Linux"/>
       <param pos="0" name="os.product" value="Linux"/>
-      <param pos="0" name="os.version" value="11.10"/>
+      <param pos="0" name="os.version" value="13.04"/>
    </fingerprint>
 
-   <fingerprint pattern="^OpenSSH_(5\.9p1) (Debian-5ubuntu1(?:\.3|))$">
-      <description>OpenSSH running on Ubuntu 12.04</description>
-      <example>OpenSSH_5.9p1 Debian-5ubuntu1</example>
+   <fingerprint pattern="^OpenSSH_(6\.6(?:\.\d)?p1) (Ubuntu-2ubuntu\d+(?:\.\d+)?)$">
+      <description>OpenSSH running on Ubuntu 14.04</description>
+      <example service.version="6.6p1" openssh.comment="Ubuntu-2ubuntu1">OpenSSH_6.6p1 Ubuntu-2ubuntu1</example>
+      <example service.version="6.6.1p1" openssh.comment="Ubuntu-2ubuntu2">OpenSSH_6.6.1p1 Ubuntu-2ubuntu2</example>
       <param pos="1" name="service.version"/>
       <param pos="2" name="openssh.comment"/>
       <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -321,12 +344,12 @@ fingerprint SSH servers.
       <param pos="0" name="os.device" value="General"/>
       <param pos="0" name="os.family" value="Linux"/>
       <param pos="0" name="os.product" value="Linux"/>
-      <param pos="0" name="os.version" value="12.04"/>
-   </fingerprint>
+      <param pos="0" name="os.version" value="14.04"/>
+    </fingerprint>
 
-   <fingerprint pattern="^OpenSSH_(6\.0p1) (Debian-3ubuntu1)$">
-      <description>OpenSSH running on Ubuntu 12.10</description>
-      <example>OpenSSH_6.0p1 Debian-3ubuntu1</example>
+   <fingerprint pattern="^OpenSSH_(6\.7p1) (Ubuntu-5ubuntu\d(?:\.\d)?)$">
+      <description>OpenSSH running on Ubuntu 15.04 (vivid)</description>
+      <example service.version="6.7p1" openssh.comment="Ubuntu-5ubuntu1">OpenSSH_6.7p1 Ubuntu-5ubuntu1</example>
       <param pos="1" name="service.version"/>
       <param pos="2" name="openssh.comment"/>
       <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -336,37 +359,39 @@ fingerprint SSH servers.
       <param pos="0" name="os.device" value="General"/>
       <param pos="0" name="os.family" value="Linux"/>
       <param pos="0" name="os.product" value="Linux"/>
-      <param pos="0" name="os.version" value="12.10"/>
+      <param pos="0" name="os.version" value="15.04"/>
    </fingerprint>
 
-   <fingerprint pattern="^OpenSSH_(6\.1p1) (Debian-4)$">
-      <description>OpenSSH running on Ubuntu 13.04</description>
-      <example>OpenSSH_6.1p1 Debian-4</example>
+   <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian-4(?:\+deb7u\d+)?)$">
+      <description>OpenSSH running on Debian 7.x (wheezy)</description>
+      <example service.version="6.0p1" openssh.comment="Debian-4">OpenSSH_6.0p1 Debian-4</example>
+      <example service.version="6.0p1" openssh.comment="Debian-4+deb7u1">OpenSSH_6.0p1 Debian-4+deb7u1</example>
+      <example service.version="6.0p1" openssh.comment="Debian-4+deb7u2">OpenSSH_6.0p1 Debian-4+deb7u2</example>
       <param pos="1" name="service.version"/>
       <param pos="2" name="openssh.comment"/>
       <param pos="0" name="service.vendor" value="OpenBSD"/>
       <param pos="0" name="service.family" value="OpenSSH"/>
       <param pos="0" name="service.product" value="OpenSSH"/>
-      <param pos="0" name="os.vendor" value="Ubuntu"/>
+      <param pos="0" name="os.vendor" value="Debian"/>
       <param pos="0" name="os.device" value="General"/>
       <param pos="0" name="os.family" value="Linux"/>
       <param pos="0" name="os.product" value="Linux"/>
-      <param pos="0" name="os.version" value="13.04"/>
-   </fingerprint>
+      <param pos="0" name="os.version" value="7.0"/>
+    </fingerprint>
 
-   <fingerprint pattern="^OpenSSH_(6\.6p1) (Ubuntu-2ubuntu1)$">
-      <description>OpenSSH running on Ubuntu 14.04</description>
-      <example>OpenSSH_6.6p1 Ubuntu-2ubuntu1</example>
+   <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+squeeze.*)$">
+      <description>OpenSSH running on Debian 6.0 (squeeze)</description>
+      <example service.version="5.5p1" openssh.comment="Debian-6+squeeze4">OpenSSH_5.5p1 Debian-6+squeeze4</example>
       <param pos="1" name="service.version"/>
       <param pos="2" name="openssh.comment"/>
       <param pos="0" name="service.vendor" value="OpenBSD"/>
       <param pos="0" name="service.family" value="OpenSSH"/>
       <param pos="0" name="service.product" value="OpenSSH"/>
-      <param pos="0" name="os.vendor" value="Ubuntu"/>
+      <param pos="0" name="os.vendor" value="Debian"/>
       <param pos="0" name="os.device" value="General"/>
       <param pos="0" name="os.family" value="Linux"/>
       <param pos="0" name="os.product" value="Linux"/>
-      <param pos="0" name="os.version" value="14.04"/>
+      <param pos="0" name="os.version" value="6.0"/>
    </fingerprint>
 
    <fingerprint pattern="^OpenSSH_([^\s]+)\s+((?:Debian|Ubuntu).+ubuntu.*)$">
@@ -380,6 +405,7 @@ fingerprint SSH servers.
       <param pos="0" name="os.device" value="General"/>
       <param pos="0" name="os.family" value="Linux"/>
       <param pos="0" name="os.product" value="Linux"/>
+      <param pos="0" name="os.certainty" value="0.75"/>
    </fingerprint>
 
    <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+etch.*)$">
@@ -424,19 +450,6 @@ fingerprint SSH servers.
       <param pos="0" name="os.version" value="3.0"/>
    </fingerprint>
 
-   <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.*)$">
-      <description>OpenSSH running on Debian (unknown version)</description>
-      <param pos="1" name="service.version"/>
-      <param pos="2" name="openssh.comment"/>
-      <param pos="0" name="service.vendor" value="OpenBSD"/>
-      <param pos="0" name="service.family" value="OpenSSH"/>
-      <param pos="0" name="service.product" value="OpenSSH"/>
-      <param pos="0" name="os.vendor" value="Debian"/>
-      <param pos="0" name="os.device" value="General"/>
-      <param pos="0" name="os.family" value="Linux"/>
-      <param pos="0" name="os.product" value="Linux"/>
-   </fingerprint>
-
    <fingerprint pattern="^OpenSSH_(.*)\+(CAN-[0-9]{4}-[0-9]{4})$">
       <description>OpenSSH with CVE patch, as seen in Mac OS X</description>
       <param pos="1" name="service.version"/>
@@ -475,9 +488,21 @@ fingerprint SSH servers.
       <param pos="0" name="os.product" value="Windows"/>
    </fingerprint>
 
+   <fingerprint pattern="^OpenSSH_(\d+\.\d+(?:\.\d+)?(?:p\d+)?)$">
+      <description>OpenSSH with just a version, no comment by vendor</description>
+      <example service.version="5.9p1">OpenSSH_5.9p1</example>
+      <example service.version="5.9">OpenSSH_5.9</example>
+      <example service.version="3.8.1p1">OpenSSH_3.8.1p1</example>
+      <example service.version="6.6.1">OpenSSH_6.6.1</example>
+      <param pos="1" name="service.version"/>
+      <param pos="0" name="service.vendor" value="OpenBSD"/>
+      <param pos="0" name="service.family" value="OpenSSH"/>
+      <param pos="0" name="service.product" value="OpenSSH"/>
+    </fingerprint>
+
    <!-- SSH-1.99-OpenSSH_4.3p2-4.cern-hpn-CERN-4.3p2-4.cern -->
 
-   <fingerprint pattern="^OpenSSH_?([^\s]*)\s*(.*)$">
+   <!--<fingerprint pattern="^OpenSSH_?([^\s]*)\s*(.*)$">
       <description>Catch all for OpenSSH based SSH servers
       ******************** NOTE ********************
       Be sure to put any specific OpenSSH derivative
@@ -489,7 +514,7 @@ fingerprint SSH servers.
       <param pos="0" name="service.vendor" value="OpenBSD"/>
       <param pos="0" name="service.family" value="OpenSSH"/>
       <param pos="0" name="service.product" value="OpenSSH"/>
-   </fingerprint>
+   </fingerprint>-->
 
    <!-- TODO: Handle "vpn3" banners for Cisco 3000 VPN Concentrators (need example banners first) -->
 

metadata

@@ -1,111 +1,111 @@
 --- !ruby/object:Gem::Specification
 name: recog
 version: !ruby/object:Gem::Version
-  version: 2.0.5
+  version: 2.0.6
 platform: ruby
 authors:
 - Rapid7 Research
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-06-09 00:00:00.000000000 Z
+date: 2015-06-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: yard
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: redcarpet
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: cucumber
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: aruba
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: Recog is a framework for identifying products, services, operating systems,
@@ -121,10 +121,10 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rspec
-- .travis.yml
-- .yardopts
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- ".yardopts"
 - CONTRIBUTING.md
 - Gemfile
 - LICENSE
@@ -167,7 +167,7 @@ files:
 - spec/data/whitespaced_fingerprint.xml
 - spec/lib/fingerprint_self_test_spec.rb
 - spec/lib/recog/db_spec.rb
-- spec/lib/recog/fingerprint/regexp_factory.rb
+- spec/lib/recog/fingerprint/regexp_factory_spec.rb
 - spec/lib/recog/fingerprint_spec.rb
 - spec/lib/recog/formatter_spec.rb
 - spec/lib/recog/match_reporter_spec.rb
@@ -219,17 +219,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '2.1'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.6
 signing_key: 
 specification_version: 4
 summary: Network service fingerprint database, classes, and utilities