recog 2.1.16 → 2.1.17

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 46ba9575344a0c9ccb84a57f8c16a8f1cce87dda
4
- data.tar.gz: 5e1cd6d782580f76ca1f3c6ab4f262be9fb43742
3
+ metadata.gz: 2e23a820ea5a298e2e5ecc215acd180ffd100095
4
+ data.tar.gz: ea80caf394aac4842db49260f0f2ce78d2e7b175
5
5
  SHA512:
6
- metadata.gz: f3423d685fe428eeca92786543c44d7c87a13a18f5a03b16be4108a3711d602e766ab0fdd7743b91a546ad2bac7337d1419937ec5cc3c62b3ccd4d21b15db946
7
- data.tar.gz: bccc628203be24c5612e9dac64f755cac8a4867bf71b772ce7faeadb2fbcac6fbf34eb897cc517c23914aeff6971f346236f8220e48ffab545bfac78cd055f3f
6
+ metadata.gz: bedc6d3512f4f840db3fb475fffa0f765e7b7e4aa92388a6b06c43233adef2712e6e015cfe513162be543cb8d89dfb3f40d8d11d437535d97ba0a13a488b37bc
7
+ data.tar.gz: 8e04f84a8f9cb40e66dfc9e64bbb76b1ca7934239c0a28c641e2c3c55a7d37dab538f8d327ee2f4b8fdf1a56ba7ea3c7e84f950ad62f020e8cb449ba918a3aa0
@@ -1,3 +1,3 @@
1
1
  module Recog
2
- VERSION = '2.1.16'
2
+ VERSION = '2.1.17'
3
3
  end
@@ -83,10 +83,10 @@ The system or service fingerprint with the highest certainty overwrites the othe
83
83
  <param pos="2" name="service.version"/>
84
84
  <param pos="1" name="host.name"/>
85
85
  </fingerprint>
86
- <fingerprint pattern="^ArGoSoft Mail Server Pro for WinNT/2000, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
87
- <description>
88
- Example: 220 ArGoSoft Mail Server Pro for WinNT/2000, Version 1.61 (1.6.1.8)
89
- </description>
86
+ <fingerprint pattern="^ArGoSoft Mail Server Pro for WinNT\/2000(?:\/XP)?, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
87
+ <description>ArGoSoft Mail, Pro version </description>
88
+ <example service.version="1.6.1.8">ArGoSoft Mail Server Pro for WinNT/2000, Version 1.61 (1.6.1.8)</example>
89
+ <example service.version="1.8.9.5">ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.9.5)</example>
90
90
  <param pos="0" name="service.vendor" value="ArGoSoft"/>
91
91
  <param pos="0" name="service.family" value="Mail Server"/>
92
92
  <param pos="0" name="service.product" value="Mail Server"/>
@@ -104,11 +104,12 @@ The system or service fingerprint with the highest certainty overwrites the othe
104
104
  <param pos="1" name="host.name"/>
105
105
  <param pos="2" name="service.version"/>
106
106
  </fingerprint>
107
- <fingerprint pattern="^CheckPoint FireWall-1 secure SMTP server *$">
107
+ <fingerprint pattern="^CheckPoint FireWall-1 secure E?SMTP server *$">
108
108
  <description>
109
109
  CheckPoint FireWall-1
110
110
  </description>
111
111
  <example>CheckPoint FireWall-1 secure SMTP server</example>
112
+ <example>CheckPoint FireWall-1 secure ESMTP server</example>
112
113
  <param pos="0" name="service.vendor" value="Check Point"/>
113
114
  <param pos="0" name="service.family" value="Check Point"/>
114
115
  <param pos="0" name="service.product" value="Firewall-1"/>
@@ -184,27 +185,10 @@ The system or service fingerprint with the highest certainty overwrites the othe
184
185
  <param pos="1" name="host.name"/>
185
186
  <param pos="2" name="service.version"/>
186
187
  </fingerprint>
187
- <fingerprint pattern="^([^ ]+) running Eudora Internet Mail Server ([^ ]+\.[^ ]+\.[^ ]+) *$">
188
- <description>
189
- Eudora Internet Mail Server (3 version numbers)
190
- example: 220 interlink.com.ar running Eudora Internet Mail Server 3.0.2
191
- example: 220 mail.gis.at running Eudora Internet Mail Server 2.2
192
- </description>
193
- <param pos="0" name="service.vendor" value="Eudora"/>
194
- <param pos="0" name="service.family" value="Internet Mail Server"/>
195
- <param pos="0" name="service.product" value="Internet Mail Server"/>
196
- <param pos="0" name="os.vendor" value="Apple"/>
197
- <param pos="0" name="os.family" value="Mac OS"/>
198
- <param pos="0" name="os.device" value="General"/>
199
- <param pos="0" name="os.product" value="Mac OS"/>
200
- <param pos="1" name="host.name"/>
201
- <param pos="2" name="service.version"/>
202
- </fingerprint>
203
- <fingerprint pattern="^([^ ]+) running Eudora Internet Mail Server ([^ ]+\.[^ ]+) *$">
204
- <description>
205
- Eudora Internet Mail Server (2 version numbers)
206
- 220 mail.gis.at running Eudora Internet Mail Server 2.2
207
- </description>
188
+ <fingerprint pattern="^([^ ]+) running Eudora Internet Mail Server (\d\.[\d.]+) *$">
189
+ <description> Eudora Internet Mail Server</description>
190
+ <example service.version="3.0.2" host.name="foo.bar">foo.bar running Eudora Internet Mail Server 3.0.2</example>
191
+ <example service.version="2.2" host.name="foo.bar">foo.bar running Eudora Internet Mail Server 2.2</example>
208
192
  <param pos="0" name="service.vendor" value="Eudora"/>
209
193
  <param pos="0" name="service.family" value="Internet Mail Server"/>
210
194
  <param pos="0" name="service.product" value="Internet Mail Server"/>
@@ -295,20 +279,33 @@ The system or service fingerprint with the highest certainty overwrites the othe
295
279
  <param pos="0" name="os.device" value="General"/>
296
280
  <param pos="0" name="os.product" value="Windows"/>
297
281
  </fingerprint>
298
- <fingerprint pattern="^([^ ]+) ESMTP Exim ([^ ]+\.[^ ]+) .?$">
299
- <description>Exim without timestamp</description>
300
- <example service.version="4.89">foo.bar ESMTP Exim 4.89 "</example>
301
- <example service.version="4.84_2">foo.bar ESMTP Exim 4.84_2 "</example>
282
+ <fingerprint pattern="^ESMTP Exim$">
283
+ <description>Exim without version string or hostname</description>
284
+ <example>ESMTP Exim</example>
285
+ <param pos="0" name="service.vendor" value="exim"/>
286
+ <param pos="0" name="service.family" value="exim"/>
287
+ <param pos="0" name="service.product" value="exim"/>
288
+ </fingerprint>
289
+ <fingerprint pattern="^ ?([^, ]+)(?:,)? ESMTP (?i:Exim) +(\d+\.[\d_.-]+)(?: +#\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *(?:We do not authorize the use of this system to transport unsolicited, and\/or bulk e-mail.)?$">
290
+ <description>Exim with version string and optional timestamp</description>
291
+ <example service.version="4.89" host.name="foo.bar">foo.bar ESMTP Exim 4.89 "</example>
292
+ <example service.version="4.83" host.name="foo.bar">foo.bar, ESMTP EXIM 4.83"</example>
293
+ <example service.version="4.84_2" host.name="foo.bar">foo.bar ESMTP Exim 4.84_2 "</example>
294
+ <example service.version="4.89-122312">foo.bar ESMTP Exim 4.89-122312 Thu, 16 Nov 2017 10:33:38 +0200 </example>
295
+ <example service.version="4.80" system.time="Thu, 16 Nov 2017 01:04:30 -0800">foo.bar ESMTP Exim 4.80 Thu, 16 Nov 2017 01:04:30 -0800 </example>
296
+ <example service.version="3.12" system.time="Wed, 31 Jan 2001 15:47:23 +1100">foo.bar ESMTP Exim 3.12 #1 Wed, 31 Jan 2001 15:47:23 +1100 </example>
297
+ <example service.version="4.89" host.name="foo.bar"> foo.bar ESMTP Exim 4.89 #1 Thu, 16 Nov 2017 04:55:31 -0500 We do not authorize the use of this system to transport unsolicited, and/or bulk e-mail.</example>
302
298
  <param pos="0" name="service.vendor" value="exim"/>
303
299
  <param pos="0" name="service.family" value="exim"/>
304
300
  <param pos="0" name="service.product" value="exim"/>
305
301
  <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
306
302
  <param pos="1" name="host.name"/>
307
303
  <param pos="2" name="service.version"/>
304
+ <param pos="3" name="system.time"/>
308
305
  </fingerprint>
309
- <fingerprint pattern="^([^ ]+) ESMTP Exim ([^ ]+\.[^ ]+) (.+)$">
310
- <description>Exim with timestamp</description>
311
- <example service.version="3.12">foo.bar ESMTP Exim 3.12 #1 Wed, 31 Jan 2001 15:47:23 +1100</example>
306
+ <fingerprint pattern="^([^, ]+)(?:,)? ESMTP (?i:Exim) +(\d+) ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
307
+ <description>Exim with digit only version string and optional timestamp</description>
308
+ <example service.version="125302" host.name="foo.bar">foo.bar ESMTP Exim 125302 Thu, 16 Nov 2017 04:55:11 -0500 </example>
312
309
  <param pos="0" name="service.vendor" value="exim"/>
313
310
  <param pos="0" name="service.family" value="exim"/>
314
311
  <param pos="0" name="service.product" value="exim"/>
@@ -317,12 +314,49 @@ The system or service fingerprint with the highest certainty overwrites the othe
317
314
  <param pos="2" name="service.version"/>
318
315
  <param pos="3" name="system.time"/>
319
316
  </fingerprint>
317
+ <fingerprint pattern="^([^, ]+)(?:,)? ESMTP (?i:Exim) +(\d+\.[\d_.]+)(?: +#\d)? Ubuntu ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
318
+ <description>Exim with version string and optional timestamp (Ubuntu)</description>
319
+ <example service.version="4.82" system.time="Thu, 16 Nov 2017 11:30:44 +0300">foo.bar ESMTP Exim 4.82 Ubuntu Thu, 16 Nov 2017 11:30:44 +0300 </example>
320
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
321
+ <param pos="0" name="os.family" value="Linux"/>
322
+ <param pos="0" name="os.product" value="Linux"/>
323
+ <param pos="0" name="service.vendor" value="exim"/>
324
+ <param pos="0" name="service.family" value="exim"/>
325
+ <param pos="0" name="service.product" value="exim"/>
326
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
327
+ <param pos="1" name="host.name"/>
328
+ <param pos="2" name="service.version"/>
329
+ <param pos="3" name="system.time"/>
330
+ </fingerprint>
331
+ <fingerprint pattern="^([^, ]+)(?:,)? ESMTP (?i:Exim) *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
332
+ <description>Exim without version string and with optional timestamp</description>
333
+ <example host.name="foo.bar">foo.bar ESMTP Exim</example>
334
+ <example host.name="foo.bar" system.time="Thu, 16 Nov 2017 01:11:30 -0800">foo.bar ESMTP Exim Thu, 16 Nov 2017 01:11:30 -0800 </example>
335
+ <param pos="0" name="service.vendor" value="exim"/>
336
+ <param pos="0" name="service.family" value="exim"/>
337
+ <param pos="0" name="service.product" value="exim"/>
338
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
339
+ <param pos="1" name="host.name"/>
340
+ <param pos="2" name="system.time"/>
341
+ </fingerprint>
342
+ <fingerprint pattern="^ ?ESMTP (?i:Exim) (\d+\.[\d_.]+)(?: +#\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
343
+ <description>Exim without hostname</description>
344
+ <example service.version="4.82" system.time="Thu, 16 Nov 2017 12:19:22 +0300">ESMTP Exim 4.82 Thu, 16 Nov 2017 12:19:22 +0300 </example>
345
+ <example service.version="4.82"> ESMTP Exim 4.82 Thu, 16 Nov 2017 11:41:41 +0300 </example>
346
+ <example service.version="4.89"> ESMTP Exim 4.89 #1 Thu, 16 Nov 2017 07:32:28 -0200 </example>
347
+ <param pos="0" name="service.vendor" value="exim"/>
348
+ <param pos="0" name="service.family" value="exim"/>
349
+ <param pos="0" name="service.product" value="exim"/>
350
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
351
+ <param pos="1" name="service.version"/>
352
+ <param pos="2" name="system.time"/>
353
+ </fingerprint>
320
354
  <fingerprint pattern="^([^ ]+) FTGate server ready .*$">
321
355
  <description>
322
356
  FTGate mail server, runs on Windows 9x/NT/2k
323
357
  http://www.ftgate.com
324
- Example: 220 stoddardhoney.com FTGate server ready -attitude [C.o.r.E]
325
- </description>
358
+ </description>
359
+ <example host.name="foo.bar">foo.bar FTGate server ready -attitude [C.o.r.E]</example>
326
360
  <param pos="0" name="service.vendor" value="Floosietek"/>
327
361
  <param pos="0" name="service.family" value="FTGate"/>
328
362
  <param pos="0" name="service.product" value="FTGate"/>
@@ -498,11 +532,12 @@ The system or service fingerprint with the highest certainty overwrites the othe
498
532
  <param pos="0" name="service.product" value="MailSite"/>
499
533
  <param pos="1" name="service.version"/>
500
534
  </fingerprint>
501
- <fingerprint pattern="^([^ ]+) +MAILsweeper ESMTP Receiver Version ([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+) Ready *$">
535
+ <fingerprint pattern="^([^ ]+) +MAILsweeper ESMTP Receiver Version (\d\.[\d.]+) Ready *$">
502
536
  <description>
503
537
  Content Security MAILsweeper for SMTP http://www.contenttechnologies.com/products/msw4smtp/default.asp
504
538
  example: 220 infotech.at MAILsweeper ESMTP Receiver Version 4.2.1.0 Ready
505
539
  </description>
540
+ <example service.version="4.2.1.0">foo.bar MAILsweeper ESMTP Receiver Version 4.2.1.0 Ready</example>
506
541
  <param pos="0" name="service.vendor" value="Clearswift"/>
507
542
  <param pos="0" name="service.family" value="MAILsweeper"/>
508
543
  <param pos="0" name="service.product" value="MAILsweeper"/>
@@ -769,10 +804,12 @@ The system or service fingerprint with the highest certainty overwrites the othe
769
804
  <param pos="1" name="host.name"/>
770
805
  </fingerprint>
771
806
  <fingerprint pattern="^([^ ]+) ESMTP Service \(Lotus Domino Release (\d+\.\d+\.\w+)\) ready at (.+) *$">
772
- <description>
773
- Lotus Domino 5 SMTP MTA
774
- 220 foo.bar.com ESMTP Service (Lotus Domino Release 5.0.5) ready at Wed, 19 Dec 2001 19:54:55 -0500
775
- </description>
807
+ <description>Lotus Domino SMTP MTA</description>
808
+ <example service.version="5.0.8">foo.bar ESMTP Service (Lotus Domino Release 5.0.8) ready at Thu, 16 Nov 2017 18:14:12 +0900</example>
809
+ <example service.version="5.0.13a">foo.bar ESMTP Service (Lotus Domino Release 5.0.13a) ready at Thu, 16 Nov 2017 17:47:42 +0800</example>
810
+ <example service.version="7.0.4">foo.bar ESMTP Service (Lotus Domino Release 7.0.4) ready at Thu, 16 Nov 2017 18:28:36 +0900</example>
811
+ <example service.version="8.0.2FP2">foo.bar ESMTP Service (Lotus Domino Release 8.0.2FP2) ready at Thu, 16 Nov 2017 02:17:33 -0700</example>
812
+ <example service.version="8.5.3">foo.bar ESMTP Service (Lotus Domino Release 8.5.3) ready at Thu, 16 Nov 2017 17:52:21 +0800</example>
776
813
  <param pos="0" name="service.vendor" value="Lotus"/>
777
814
  <param pos="0" name="service.family" value="Lotus Domino"/>
778
815
  <param pos="0" name="service.product" value="Lotus Domino"/>
@@ -808,11 +845,13 @@ The system or service fingerprint with the highest certainty overwrites the othe
808
845
  <param pos="2" name="service.version"/>
809
846
  <param pos="3" name="system.time"/>
810
847
  </fingerprint>
811
- <fingerprint pattern="^([^ ]+) ESMTP Service \(Lotus Domino Build (\d+\.\d+)\) ready at (.+) *$">
848
+ <fingerprint pattern="^([^ ]+) ESMTP Service \(Lotus Domino Build (V?[\w.]+)\) ready at (.+) *$">
812
849
  <description>
813
850
  Lotus Domino (some early build)
814
851
  220 foo.bar.com ESMTP Service (Lotus Domino Build 166.1) ready at Tue, 6 Feb 2001 2
815
852
  </description>
853
+ <example notes.build.version="166.1">foo.bar ESMTP Service (Lotus Domino Build 166.1) ready at Thu, 16 Nov 2017 10:39:22 +0200</example>
854
+ <example notes.build.version="V85_M2_08202008">foo.bar ESMTP Service (Lotus Domino Build V85_M2_08202008) ready at Thu, 16 Nov 2017 03:57:40 -0500</example>
816
855
  <param pos="0" name="service.vendor" value="Lotus"/>
817
856
  <param pos="0" name="service.family" value="Lotus Domino"/>
818
857
  <param pos="0" name="service.product" value="Lotus Domino"/>
@@ -910,10 +949,11 @@ The system or service fingerprint with the highest certainty overwrites the othe
910
949
  <param pos="2" name="service.version"/>
911
950
  <param pos="3" name="service.version.version"/>
912
951
  </fingerprint>
913
- <fingerprint pattern="^([^ ]+) ESMTP Postfix \(([^ ]+)-([^ ]+)\)$">
952
+ <fingerprint pattern="^([^ ]+) ESMTP Postfix \(([\d.]+)-([^ ]+)\)$">
914
953
  <description>
915
954
  Postfix (2 version numbers )
916
955
  </description>
956
+ <example service.version="2.8" service.version.version="20100306">foo.bar ESMTP Postfix (2.8-20100306)</example>
917
957
  <param pos="0" name="service.family" value="Postfix"/>
918
958
  <param pos="0" name="service.product" value="Postfix"/>
919
959
  <param pos="1" name="host.name"/>
@@ -974,6 +1014,12 @@ The system or service fingerprint with the highest certainty overwrites the othe
974
1014
  <param pos="0" name="service.product" value="Postfix"/>
975
1015
  <param pos="1" name="host.name"/>
976
1016
  </fingerprint>
1017
+ <fingerprint pattern="^ESMTP Postfix$">
1018
+ <description>Postfix banner without hostname or version</description>
1019
+ <example>ESMTP Postfix</example>
1020
+ <param pos="0" name="service.family" value="Postfix"/>
1021
+ <param pos="0" name="service.product" value="Postfix"/>
1022
+ </fingerprint>
977
1023
  <fingerprint pattern="^([^ ]+) ESMTP server \(Post\.Office v([^ ]+) release (.+) ID# ([^ ]+)\) ready (.+) *$">
978
1024
  <description>
979
1025
  Post.Office (3 version numbers)
@@ -1501,29 +1547,37 @@ The system or service fingerprint with the highest certainty overwrites the othe
1501
1547
  <param pos="2" name="service.version"/>
1502
1548
  </fingerprint>
1503
1549
  <fingerprint pattern="^([^ ]+) +ESMTP Symantec Mail Security$">
1504
- <description>
1505
- Symantec Mail Security for SMTP
1506
- </description>
1550
+ <description>Symantec Mail Security for SMTP</description>
1551
+ <example host.name="foo.bar">foo.bar ESMTP Symantec Mail Security</example>
1507
1552
  <param pos="0" name="service.vendor" value="Symantec"/>
1508
1553
  <param pos="0" name="service.product" value="Symantec Mail Security for SMTP"/>
1509
1554
  <param pos="1" name="host.name"/>
1510
1555
  </fingerprint>
1511
- <fingerprint pattern="^([^ ]+) +VOPmail ESMTP Receiver Version ([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+) Ready *$">
1556
+ <fingerprint pattern="^([^ ]+) ESMTP Symantec Messaging Gateway$">
1557
+ <description>Symantec Mail Gateway</description>
1558
+ <example host.name="foo.bar">foo.bar ESMTP Symantec Messaging Gateway</example>
1559
+ <param pos="0" name="service.vendor" value="Symantec"/>
1560
+ <param pos="0" name="service.product" value="Symantec Messaging Gateway"/>
1561
+ <param pos="1" name="host.name"/>
1562
+ </fingerprint>
1563
+ <fingerprint pattern="^([^ ]+) +VOPmail ESMTP Receiver Version (\d\.[\d.]+) Ready$">
1512
1564
  <description>
1513
1565
  VOPMail http://www.vircom.com/en/products/vopmail/vopmail.shtml
1514
- example: 220 compudata.com.ar VOPmail ESMTP Receiver Version 4.0.179.0 Ready
1515
- </description>
1566
+ </description>
1567
+ <example host.name="foo.bar" service.version="4.0.179.0">foo.bar VOPmail ESMTP Receiver Version 4.0.179.0 Ready</example>
1516
1568
  <param pos="0" name="service.vendor" value="Vircom"/>
1517
1569
  <param pos="0" name="service.family" value="VOPMail"/>
1518
1570
  <param pos="0" name="service.product" value="VOPMail"/>
1519
1571
  <param pos="1" name="host.name"/>
1520
1572
  <param pos="2" name="service.version"/>
1521
1573
  </fingerprint>
1522
- <fingerprint pattern="^([^ ]+) VPOP3 SMTP Server Ready *$">
1574
+ <fingerprint pattern="^([^ ]+) VPOP3 E?SMTP Server (?:Ready|access not allowed!)$">
1523
1575
  <description>
1524
1576
  VPOP3 Email server: http://www.pscs.co.uk/products/vpop3/index.html
1525
- example: 220 mail.sbm.com.ar VPOP3 SMTP Server Ready
1526
- </description>
1577
+ </description>
1578
+ <example>foo.bar VPOP3 ESMTP Server Ready</example>
1579
+ <example>foo.bar VPOP3 SMTP Server Ready</example>
1580
+ <example>foo.bar VPOP3 SMTP Server access not allowed!</example>
1527
1581
  <param pos="0" name="service.vendor" value="Paul Smith Computer Services"/>
1528
1582
  <param pos="0" name="service.family" value="VPOP3"/>
1529
1583
  <param pos="0" name="service.product" value="VPOP3"/>
@@ -1591,22 +1645,29 @@ The system or service fingerprint with the highest certainty overwrites the othe
1591
1645
  <param pos="2" name="service.version"/>
1592
1646
  <param pos="3" name="system.time"/>
1593
1647
  </fingerprint>
1594
- <fingerprint pattern="^([^ ]+) ESMTP - WinRoute Pro ([^ ]+\.[^ ]+) *$">
1648
+ <fingerprint pattern="^([^ ]+) ESMTP - WinRoute Pro ([^ ]+\.[^ ]+)$">
1595
1649
  <description>
1596
1650
  WinRoute Pro, runs on 9x/NT/2k
1597
1651
  http://www.tinysoftware.com/winpro.php
1598
- example: 220 unspecified.host ESMTP - WinRoute Pro 4.0
1599
- </description>
1652
+ </description>
1653
+ <example host.name="foo.bar" service.version="4.2.4">foo.bar ESMTP - WinRoute Pro 4.2.4</example>
1600
1654
  <param pos="0" name="service.family" value="WinRoute"/>
1601
1655
  <param pos="0" name="service.product" value="WinRoute"/>
1602
1656
  <param pos="1" name="host.name"/>
1603
1657
  <param pos="2" name="service.version"/>
1604
1658
  </fingerprint>
1605
- <fingerprint pattern="^([^ ]+) ZMailer Server ([^ ]+\.[^ ]+\.[^ ]+) #([^ ]) ESMTP ready at (.+) *$">
1606
- <description>
1607
- ZMailer http://www.zmailer.org/technical.html
1608
- example: 220 dedos.pert.com.ar ZMailer Server 2.99.54 #2 ESMTP ready at Tue, 6 Feb 2001 10:42:08 -0300
1609
- </description>
1659
+ <fingerprint pattern="^ESMTP - WinRoute Pro ([^ ]+\.[^ ]+) *(?: #\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)$">
1660
+ <description>WinRoute Pro w/o hostname</description>
1661
+ <example service.version="4.2.1">ESMTP - WinRoute Pro 4.2.1 Thu, 16 Nov 2017 11:48:15 +0300</example>
1662
+ <param pos="0" name="service.family" value="WinRoute"/>
1663
+ <param pos="0" name="service.product" value="WinRoute"/>
1664
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1665
+ <param pos="1" name="service.version"/>
1666
+ <param pos="2" name="system.time"/>
1667
+ </fingerprint>
1668
+ <fingerprint pattern="^([^ ]+) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP ready at (.+) *$">
1669
+ <description>ZMailer http://www.zmailer.org/technical.html</description>
1670
+ <example service.version="2.99.57" service.version.version="1">foo.bar ZMailer Server 2.99.57 #1 ESMTP ready at Thu, 16 Nov 2017 12:00:12 +0300</example>
1610
1671
  <param pos="0" name="service.vendor" value="ZMailer"/>
1611
1672
  <param pos="0" name="service.family" value="ZMailer"/>
1612
1673
  <param pos="0" name="service.product" value="ZMailer"/>
@@ -1616,10 +1677,9 @@ The system or service fingerprint with the highest certainty overwrites the othe
1616
1677
  <param pos="3" name="service.version.version"/>
1617
1678
  <param pos="4" name="system.time"/>
1618
1679
  </fingerprint>
1619
- <fingerprint pattern="^([^ ]+) ZMailer Server ([^ ]+\.[^ ]+\.[^ ]+) #([^ ]) ESMTP\+IDENT ready at (.+) *$">
1620
- <description>
1621
- ZMailer server that supports IDENT
1622
- </description>
1680
+ <fingerprint pattern="^([^ ]+) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP\+IDENT ready at (.+) *$">
1681
+ <description>ZMailer server that supports IDENT</description>
1682
+ <example service.version="2.99.55" service.version.version="16">foo.bar ZMailer Server 2.99.55 #16 ESMTP+IDENT ready at Thu, 16 Nov 2017 06:51:42 -0300</example>
1623
1683
  <param pos="0" name="service.vendor" value="ZMailer"/>
1624
1684
  <param pos="0" name="service.family" value="ZMailer"/>
1625
1685
  <param pos="0" name="service.product" value="ZMailer"/>
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: recog
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.16
4
+ version: 2.1.17
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rapid7 Research
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-10-25 00:00:00.000000000 Z
11
+ date: 2017-11-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec