recog 2.1.8 → 2.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +4 -0
- data/features/verify.feature +1 -1
- data/lib/recog/fingerprint.rb +1 -1
- data/lib/recog/version.rb +1 -1
- data/xml/operating_system.xml +16 -4
- data/xml/smtp_banners.xml +75 -116
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: aec04b98aff91267d646e20ed78d90fccf0949d0
|
|
4
|
+
data.tar.gz: 9e30dc5c4c0b41d67fb8da72ab4beec6adf375aa
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6d463c1022993e48d8eec6d8f307f47b61ef9394f4469e961ffab1d79022ed2a1e1dd503ea71ee26cedd019ff65573563073ea9dfc920559b9be2938d1bc03f4
|
|
7
|
+
data.tar.gz: f8b10d30593f596baf37ab34ac4f3b8c257a2f45268bf32436defacbea04a25b16686497be6e5c4046798589197a3589d784927cf2edbe0f22aefe3801bec35b
|
data/.travis.yml
CHANGED
data/features/verify.feature
CHANGED
|
@@ -36,7 +36,7 @@ Feature: Verify
|
|
|
36
36
|
FAIL: 'foo test' failed to match "bar" with (?-mix:^foo$)'
|
|
37
37
|
FAIL: '' failed to match "This almost matches" with (?-mix:^This matches$)'
|
|
38
38
|
FAIL: 'bar test's os.name is a non-zero pos but specifies a value of 'Bar'
|
|
39
|
-
FAIL: 'bar test' failed to find expected capture group os.version '5.0'
|
|
39
|
+
FAIL: 'bar test' failed to find expected capture group os.version '5.0'. Result was 1.0
|
|
40
40
|
SUMMARY: Test completed with 0 successful, 0 warnings, and 4 failures
|
|
41
41
|
"""
|
|
42
42
|
And the exit status should be 4
|
data/lib/recog/fingerprint.rb
CHANGED
|
@@ -142,7 +142,7 @@ class Fingerprint
|
|
|
142
142
|
test.attributes.each do |k, v|
|
|
143
143
|
next if k == '_encoding'
|
|
144
144
|
if !result.has_key?(k) || result[k] != v
|
|
145
|
-
message = "'#{@name}' failed to find expected capture group #{k} '#{v}'"
|
|
145
|
+
message = "'#{@name}' failed to find expected capture group #{k} '#{v}'. Result was #{result[k]}"
|
|
146
146
|
status = :fail
|
|
147
147
|
break
|
|
148
148
|
end
|
data/lib/recog/version.rb
CHANGED
data/xml/operating_system.xml
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
2
2
|
<!--
|
|
3
3
|
Patterns for common names of various operating systems.
|
|
4
|
-
-->
|
|
4
|
+
-->
|
|
5
5
|
<fingerprints matches="operating_system.name" database_type="util.os" preference="0.80">
|
|
6
6
|
<!-- Windows begin -->
|
|
7
|
-
<fingerprint pattern="^(?i:(?:Microsoft )?(Windows (?:[a-z]+\s[a-z]+\s|[a-z]+\s)?Server (?:\d{4} R2|\d{4}))(?:,\s|\s)?([a-z]+)?(?: Edition)?(?:\s)?(SP\d|SP \d|Service Pack \d)?)$">
|
|
7
|
+
<fingerprint pattern="^(?i:(?:Microsoft )?(Windows (?:[a-z]+\s[a-z]+\s|[a-z]+\s)?Server (?:\d{4} R2|\d{4}))(?:,\s|\s)?([a-z]+)?(?: Edition)?(?:\s|\swith(?:out)? Hyper-V\s)?(SP\d|SP \d|Service Pack \d)?)$">
|
|
8
8
|
<description>Windows Server 2003 and later</description>
|
|
9
9
|
<example os.product="Windows Compute Cluster Server 2003">Windows Compute Cluster Server 2003</example>
|
|
10
10
|
<example os.product="Windows Server 2003" os.edition="Standard">Windows Server 2003, Standard Edition</example>
|
|
@@ -12,7 +12,9 @@
|
|
|
12
12
|
<example os.product="Windows Small Business Server 2003 R2">Windows Small Business Server 2003 R2</example>
|
|
13
13
|
<example os.product="Windows Server 2008" os.edition="Enterprise">Windows Server 2008 Enterprise Edition</example>
|
|
14
14
|
<example os.product="Windows Small Business Server 2008">Windows Small Business Server 2008</example>
|
|
15
|
-
<example os.product="Windows Server 2012
|
|
15
|
+
<example os.product="Windows Storage Server 2012 R2">Windows Storage Server 2012 R2</example>
|
|
16
|
+
<example os.product="Windows Server 2008" os.edition="Enterprise" os.version="Service Pack 2">Windows Server 2008 Enterprise without Hyper-V Service Pack 2</example>
|
|
17
|
+
<example os.product="Windows Server 2008" os.edition="Enterprise" os.version="SP1">Windows Server 2008 Enterprise with Hyper-V SP1</example>
|
|
16
18
|
<example os.product="Windows Server 2012 R2" os.edition="Foundation">Windows Server 2012 R2 Foundation Edition</example>
|
|
17
19
|
<example os.product="Windows Storage Server 2012 R2">Windows Storage Server 2012 R2</example>
|
|
18
20
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
@@ -252,11 +254,21 @@
|
|
|
252
254
|
<param pos="0" name="os.product" value="Linux Enterprise Server"/>
|
|
253
255
|
<param pos="1" name="os.version"/>
|
|
254
256
|
</fingerprint>
|
|
255
|
-
<fingerprint pattern="^(?i:
|
|
257
|
+
<fingerprint pattern="^(?i:SLES(?: Linux Enterprise Server)?\s?(\d+?(?:\.\d+?)*?)?)$">
|
|
258
|
+
<description>SLES Linux Enterprise Server</description>
|
|
259
|
+
<example os.version="11">SLES 11</example>
|
|
260
|
+
<example os.version="12">SLES Linux Enterprise Server 12</example>
|
|
261
|
+
<param pos="0" name="os.vendor" value="SUSE"/>
|
|
262
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
263
|
+
<param pos="0" name="os.product" value="Linux Enterprise Server"/>
|
|
264
|
+
<param pos="1" name="os.version"/>
|
|
265
|
+
</fingerprint>
|
|
266
|
+
<fingerprint pattern="^(?i:Ubuntu(?: Linux)?(?:\s|-)(\d+?(?:\.\d+?)*?)?\s?(LTS)?)$">
|
|
256
267
|
<description>Ubuntu Linux</description>
|
|
257
268
|
<example os.version="12.04.4">Ubuntu 12.04.4 LTS</example>
|
|
258
269
|
<example os.version="14.04">Ubuntu Linux 14.04</example>
|
|
259
270
|
<example os.version="16.04" os.edition="LTS">Ubuntu 16.04 LTS</example>
|
|
271
|
+
<example os.version="16.04" os.edition="LTS">Ubuntu-16.04 LTS</example>
|
|
260
272
|
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
|
261
273
|
<param pos="0" name="os.family" value="Linux"/>
|
|
262
274
|
<param pos="0" name="os.product" value="Linux"/>
|
data/xml/smtp_banners.xml
CHANGED
|
@@ -25,6 +25,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
25
25
|
<fingerprints matches="smtp.banner" protocol="smtp" database_type="service" preference="0.20">
|
|
26
26
|
<fingerprint pattern="^X1 NT-ESMTP Server ([^ ]+) \(IMail (\d+\.[^ ]+) EVAL \d+-\d+\)$">
|
|
27
27
|
<description>IMail EVAL version</description>
|
|
28
|
+
<example service.version="6.06">X1 NT-ESMTP Server foo.bar (IMail 6.06 EVAL 11347-1)</example>
|
|
28
29
|
<param pos="0" name="service.vendor" value="Ipswitch"/>
|
|
29
30
|
<param pos="0" name="service.family" value="IMail Server"/>
|
|
30
31
|
<param pos="0" name="service.product" value="IMail Server"/>
|
|
@@ -34,6 +35,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
34
35
|
</fingerprint>
|
|
35
36
|
<fingerprint pattern="^X1 NT-ESMTP Server ([^ ]+) \(IMail (\d+\.[^ ]+) \d+-\d+\)$">
|
|
36
37
|
<description>IMail non-EVAL version</description>
|
|
38
|
+
<example service.version="6.06">X1 NT-ESMTP Server foo.bar (IMail 6.06 899085-1)</example>
|
|
37
39
|
<param pos="0" name="service.vendor" value="Ipswitch"/>
|
|
38
40
|
<param pos="0" name="service.family" value="IMail Server"/>
|
|
39
41
|
<param pos="0" name="service.product" value="IMail Server"/>
|
|
@@ -41,7 +43,8 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
41
43
|
<param pos="1" name="host.name"/>
|
|
42
44
|
</fingerprint>
|
|
43
45
|
<fingerprint pattern="^([^ ]+) \(IMail (\d+\.[^ ]+) \d+-\d+\) NT-ESMTP Server X1$">
|
|
44
|
-
<description>IMail non-EVAL version</description>
|
|
46
|
+
<description>IMail non-EVAL version, NT-ESMTP at end</description>
|
|
47
|
+
<example service.version="12.4.2.27">foo.bar (IMail 12.4.2.27 21349-1) NT-ESMTP Server X1</example>
|
|
45
48
|
<param pos="0" name="service.vendor" value="Ipswitch"/>
|
|
46
49
|
<param pos="0" name="service.family" value="IMail Server"/>
|
|
47
50
|
<param pos="0" name="service.product" value="IMail Server"/>
|
|
@@ -89,20 +92,12 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
89
92
|
<param pos="0" name="service.product" value="Mail Server"/>
|
|
90
93
|
<param pos="1" name="service.version"/>
|
|
91
94
|
</fingerprint>
|
|
92
|
-
<fingerprint pattern="^([^ ]+) +AppleShare IP Mail Server ([^ ]+\.[
|
|
93
|
-
<description>
|
|
94
|
-
AppleShare IP Mail Server (3 version numbers)
|
|
95
|
-
</description>
|
|
96
|
-
<param pos="0" name="service.vendor" value="Apple"/>
|
|
97
|
-
<param pos="0" name="service.family" value="AppleShare IP Mail Server"/>
|
|
98
|
-
<param pos="0" name="service.product" value="AppleShare IP Mail Server"/>
|
|
99
|
-
<param pos="1" name="host.name"/>
|
|
100
|
-
<param pos="2" name="service.version"/>
|
|
101
|
-
</fingerprint>
|
|
102
|
-
<fingerprint pattern="^([^ ]+) +AppleShare IP Mail Server ([^ ]+\.[^ ]+) SMTP Server Ready *$">
|
|
95
|
+
<fingerprint pattern="^([^ ]+) +AppleShare IP Mail Server ([^ ]+\.[\d.]+) SMTP Server Ready *$">
|
|
103
96
|
<description>
|
|
104
|
-
AppleShare IP Mail Server
|
|
97
|
+
AppleShare IP Mail Server
|
|
105
98
|
</description>
|
|
99
|
+
<example service.version="6.2.1">foo.bar AppleShare IP Mail Server 6.2.1 SMTP Server Ready</example>
|
|
100
|
+
<example service.version="6.2">foo.bar AppleShare IP Mail Server 6.2 SMTP Server Ready</example>
|
|
106
101
|
<param pos="0" name="service.vendor" value="Apple"/>
|
|
107
102
|
<param pos="0" name="service.family" value="AppleShare IP Mail Server"/>
|
|
108
103
|
<param pos="0" name="service.product" value="AppleShare IP Mail Server"/>
|
|
@@ -113,6 +108,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
113
108
|
<description>
|
|
114
109
|
CheckPoint FireWall-1
|
|
115
110
|
</description>
|
|
111
|
+
<example>CheckPoint FireWall-1 secure SMTP server</example>
|
|
116
112
|
<param pos="0" name="service.vendor" value="Check Point"/>
|
|
117
113
|
<param pos="0" name="service.family" value="Check Point"/>
|
|
118
114
|
<param pos="0" name="service.product" value="Firewall-1"/>
|
|
@@ -145,6 +141,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
145
141
|
|
|
146
142
|
Search Cisco's documentation for "fixup protocol SMTP" for more information.
|
|
147
143
|
</description>
|
|
144
|
+
<example service.product="PIX">***************************</example>
|
|
148
145
|
<param pos="0" name="service.vendor" value="Cisco"/>
|
|
149
146
|
<param pos="0" name="service.family" value="PIX"/>
|
|
150
147
|
<param pos="0" name="service.product" value="PIX"/>
|
|
@@ -285,6 +282,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
285
282
|
Microsoft IIS builtin SMTP service, or Microsoft Exchange Server
|
|
286
283
|
(they are differentiated from each other in smtp-iis.clp)
|
|
287
284
|
</description>
|
|
285
|
+
<example service.version="6.0.3790.4675">foo Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
|
|
288
286
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
|
289
287
|
<param pos="0" name="service.family" value="IIS"/>
|
|
290
288
|
<param pos="0" name="service.product" value="IIS"/>
|
|
@@ -297,12 +295,20 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
297
295
|
<param pos="0" name="os.device" value="General"/>
|
|
298
296
|
<param pos="0" name="os.product" value="Windows"/>
|
|
299
297
|
</fingerprint>
|
|
298
|
+
<fingerprint pattern="^([^ ]+) ESMTP Exim ([^ ]+\.[^ ]+) .?$">
|
|
299
|
+
<description>Exim without timestamp</description>
|
|
300
|
+
<example service.version="4.89">foo.bar ESMTP Exim 4.89 "</example>
|
|
301
|
+
<example service.version="4.84_2">foo.bar ESMTP Exim 4.84_2 "</example>
|
|
302
|
+
<param pos="0" name="service.vendor" value="exim"/>
|
|
303
|
+
<param pos="0" name="service.family" value="exim"/>
|
|
304
|
+
<param pos="0" name="service.product" value="exim"/>
|
|
305
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
|
306
|
+
<param pos="1" name="host.name"/>
|
|
307
|
+
<param pos="2" name="service.version"/>
|
|
308
|
+
</fingerprint>
|
|
300
309
|
<fingerprint pattern="^([^ ]+) ESMTP Exim ([^ ]+\.[^ ]+) (.+)$">
|
|
301
|
-
<description>
|
|
302
|
-
|
|
303
|
-
example: 220 foo.bar.com ESMTP Exim 3.12 #1 Wed, 31 Jan 2001 15:47:23 +1100
|
|
304
|
-
example: 220 foo.bar.com ESMTP Exim 3.22 1 Mon, 30 Jul 2001 23:16:12 +0100 [NO UCE, NO SPAM]
|
|
305
|
-
</description>
|
|
310
|
+
<description>Exim with timestamp</description>
|
|
311
|
+
<example service.version="3.12">foo.bar ESMTP Exim 3.12 #1 Wed, 31 Jan 2001 15:47:23 +1100</example>
|
|
306
312
|
<param pos="0" name="service.vendor" value="exim"/>
|
|
307
313
|
<param pos="0" name="service.family" value="exim"/>
|
|
308
314
|
<param pos="0" name="service.product" value="exim"/>
|
|
@@ -335,19 +341,21 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
335
341
|
</fingerprint>
|
|
336
342
|
<fingerprint pattern="^([^ ]+) GroupWise Internet Agent ([^ ]+\.[^ ]+\.[^ ]+) Ready \(C\).* Novell, Inc\. *$">
|
|
337
343
|
<description>
|
|
338
|
-
Novell GroupWise Internet Agent versions 5 and higher
|
|
339
|
-
example: 220 coleharbourplace.com GroupWise Internet Agent 5.5.1 Ready (C)1993, 1998 Novell, Inc.
|
|
344
|
+
Novell GroupWise Internet Agent versions 5 and higher
|
|
340
345
|
</description>
|
|
346
|
+
<example service.version="5.5.1">foo.bar GroupWise Internet Agent 5.5.1 Ready (C)1993, 1998 Novell, Inc.</example>
|
|
341
347
|
<param pos="0" name="service.vendor" value="Novell"/>
|
|
342
348
|
<param pos="0" name="service.family" value="GroupWise"/>
|
|
343
349
|
<param pos="0" name="service.product" value="GroupWise"/>
|
|
344
350
|
<param pos="1" name="host.name"/>
|
|
345
351
|
<param pos="2" name="service.version"/>
|
|
346
352
|
</fingerprint>
|
|
347
|
-
<fingerprint pattern="^([^ ]+) GroupWise Internet Agent (
|
|
353
|
+
<fingerprint pattern="^([^ ]+) GroupWise Internet Agent (\d+\.[\d.]+) Copyright .*\d{4}-\d{4} Novell, Inc..* All rights reserved. Ready *$">
|
|
348
354
|
<description>
|
|
349
|
-
Novell GroupWise Internet Agent versions 5 and higher,
|
|
355
|
+
Novell GroupWise Internet Agent versions 5 and higher, second variant
|
|
350
356
|
</description>
|
|
357
|
+
<example service.version="8.0.3">foo.bar GroupWise Internet Agent 8.0.3 Copyright (c) 1993-2012 Novell, Inc. All rights reserved. Ready</example>
|
|
358
|
+
<example service.version="14.2.1">foo.bar GroupWise Internet Agent 14.2.1 Copyright 1993-2016 Novell, Inc., a Micro Focus Company. All rights reserved. Ready</example>
|
|
351
359
|
<param pos="0" name="service.vendor" value="Novell"/>
|
|
352
360
|
<param pos="0" name="service.family" value="GroupWise"/>
|
|
353
361
|
<param pos="0" name="service.product" value="GroupWise"/>
|
|
@@ -458,27 +466,37 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
458
466
|
<param pos="2" name="service.version"/>
|
|
459
467
|
<param pos="3" name="system.time"/>
|
|
460
468
|
</fingerprint>
|
|
461
|
-
<fingerprint pattern="^([^ ]+) +MailSite
|
|
469
|
+
<fingerprint pattern="^([^ ]+) +MailSite E?SMTP Receiver Version (\d+\.[\d.]+) Ready *$">
|
|
462
470
|
<description>
|
|
463
|
-
Rockliffe MailSite http://www.rockliffe.com
|
|
464
|
-
example: 220 bas.com.ar MailSite ESMTP Receiver Version 3.4.6.0 Ready
|
|
471
|
+
Rockliffe MailSite with version (http://www.rockliffe.com)
|
|
465
472
|
</description>
|
|
473
|
+
<example host.name="foo.bar" service.version="3.4.6.0">foo.bar MailSite ESMTP Receiver Version 3.4.6.0 Ready</example>
|
|
474
|
+
<example host.name="foo.bar" service.version="2.1.7">foo.bar MailSite SMTP Receiver Version 2.1.7 Ready</example>
|
|
466
475
|
<param pos="0" name="service.vendor" value="Rockliffe"/>
|
|
467
476
|
<param pos="0" name="service.family" value="MailSite"/>
|
|
468
477
|
<param pos="0" name="service.product" value="MailSite"/>
|
|
469
478
|
<param pos="1" name="host.name"/>
|
|
470
479
|
<param pos="2" name="service.version"/>
|
|
471
480
|
</fingerprint>
|
|
472
|
-
<fingerprint pattern="^([^ ]+) +MailSite
|
|
481
|
+
<fingerprint pattern="^([^ ]+) +MailSite E?SMTP Receiver Ready *$">
|
|
473
482
|
<description>
|
|
474
|
-
Rockliffe MailSite http://www.rockliffe.com
|
|
475
|
-
example: 220 rhino.accessweb.com MailSite SMTP Receiver Version 2.1.7 Ready
|
|
483
|
+
Rockliffe MailSite without version (http://www.rockliffe.com)
|
|
476
484
|
</description>
|
|
485
|
+
<example host.name="foo.bar">foo.bar MailSite SMTP Receiver Ready</example>
|
|
477
486
|
<param pos="0" name="service.vendor" value="Rockliffe"/>
|
|
478
487
|
<param pos="0" name="service.family" value="MailSite"/>
|
|
479
488
|
<param pos="0" name="service.product" value="MailSite"/>
|
|
480
489
|
<param pos="1" name="host.name"/>
|
|
481
|
-
|
|
490
|
+
</fingerprint>
|
|
491
|
+
<fingerprint pattern="^ ?MailSite E?SMTP Receiver Version (\d+\.[\d.]+) Ready *$">
|
|
492
|
+
<description>
|
|
493
|
+
Rockliffe MailSite without hostname(http://www.rockliffe.com)
|
|
494
|
+
</description>
|
|
495
|
+
<example service.version="10.2.0.0"> MailSite ESMTP Receiver Version 10.2.0.0 Ready</example>
|
|
496
|
+
<param pos="0" name="service.vendor" value="Rockliffe"/>
|
|
497
|
+
<param pos="0" name="service.family" value="MailSite"/>
|
|
498
|
+
<param pos="0" name="service.product" value="MailSite"/>
|
|
499
|
+
<param pos="1" name="service.version"/>
|
|
482
500
|
</fingerprint>
|
|
483
501
|
<fingerprint pattern="^([^ ]+) +MAILsweeper ESMTP Receiver Version ([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+) Ready *$">
|
|
484
502
|
<description>
|
|
@@ -492,10 +510,8 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
492
510
|
<param pos="2" name="service.version"/>
|
|
493
511
|
</fingerprint>
|
|
494
512
|
<fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) UNREGISTERED; *(.+) *$">
|
|
495
|
-
<description>
|
|
496
|
-
|
|
497
|
-
220 foo.bar ESMTP MDaemon 4.0.5 UNREGISTERED; Sat, 06 Oct 2001 09:10:56 +0400
|
|
498
|
-
</description>
|
|
513
|
+
<description>MDaemon mail server, with timestamp, unregistered</description>
|
|
514
|
+
<example service.version="4.0.5">foo.bar ESMTP MDaemon 4.0.5 UNREGISTERED; Sat, 06 Oct 2001 09:10:56 +0400</example>
|
|
499
515
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
500
516
|
<param pos="0" name="service.family" value="MDaemon"/>
|
|
501
517
|
<param pos="0" name="service.product" value="MDaemon"/>
|
|
@@ -511,10 +527,8 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
511
527
|
<param pos="3" name="system.time"/>
|
|
512
528
|
</fingerprint>
|
|
513
529
|
<fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
|
|
514
|
-
<description>
|
|
515
|
-
|
|
516
|
-
220 foo.bar ESMTP MDaemon 4.0.2; Sat, 06 Oct 2001 01:46:44 -0500
|
|
517
|
-
</description>
|
|
530
|
+
<description>MDaemon mail server, with timestamp</description>
|
|
531
|
+
<example service.version="4.0.2">foo.bar ESMTP MDaemon 4.0.2; Sat, 06 Oct 2001 01:46:44 -0500</example>
|
|
518
532
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
519
533
|
<param pos="0" name="service.family" value="MDaemon"/>
|
|
520
534
|
<param pos="0" name="service.product" value="MDaemon"/>
|
|
@@ -529,26 +543,8 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
529
543
|
<param pos="3" name="system.time"/>
|
|
530
544
|
</fingerprint>
|
|
531
545
|
<fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) ready *$">
|
|
532
|
-
<description>
|
|
533
|
-
|
|
534
|
-
220 foo.bar ESMTP MDaemon 3.5.7 ready
|
|
535
|
-
</description>
|
|
536
|
-
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
537
|
-
<param pos="0" name="service.family" value="MDaemon"/>
|
|
538
|
-
<param pos="0" name="service.product" value="MDaemon"/>
|
|
539
|
-
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
540
|
-
<param pos="0" name="os.family" value="Windows"/>
|
|
541
|
-
<param pos="0" name="os.device" value="General"/>
|
|
542
|
-
<param pos="0" name="os.product" value="Windows"/>
|
|
543
|
-
<param pos="0" name="os.arch" value="x86"/>
|
|
544
|
-
<param pos="1" name="host.name"/>
|
|
545
|
-
<param pos="2" name="service.version"/>
|
|
546
|
-
</fingerprint>
|
|
547
|
-
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] MDaemon v([^ ]+\.[^ ]+) ([^ ]+) *$">
|
|
548
|
-
<description>
|
|
549
|
-
MDaemon mail server
|
|
550
|
-
220 foo.bar.com ESMTP service ready [1] MDaemon v2.84 R
|
|
551
|
-
</description>
|
|
546
|
+
<description>MDaemon mail server, without timestamp</description>
|
|
547
|
+
<example service.version="3.5.7">foo.bar ESMTP MDaemon 3.5.7 ready</example>
|
|
552
548
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
553
549
|
<param pos="0" name="service.family" value="MDaemon"/>
|
|
554
550
|
<param pos="0" name="service.product" value="MDaemon"/>
|
|
@@ -559,13 +555,11 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
559
555
|
<param pos="0" name="os.arch" value="x86"/>
|
|
560
556
|
<param pos="1" name="host.name"/>
|
|
561
557
|
<param pos="2" name="service.version"/>
|
|
562
|
-
<param pos="3" name="service.version.version"/>
|
|
563
558
|
</fingerprint>
|
|
564
|
-
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] using MDaemon v(
|
|
565
|
-
<description>
|
|
566
|
-
|
|
567
|
-
|
|
568
|
-
</description>
|
|
559
|
+
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] (?:using )?MDaemon v(\d+\.[\d.]+) ([^ ]+) *$">
|
|
560
|
+
<description>MDaemon mail server, with version revision</description>
|
|
561
|
+
<example service.version="2.84" service.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.84 R</example>
|
|
562
|
+
<example service.version="3.0.3" service.version.version="R">foo.bar ESMTP service ready [1] using MDaemon v3.0.3 R</example>
|
|
569
563
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
570
564
|
<param pos="0" name="service.family" value="MDaemon"/>
|
|
571
565
|
<param pos="0" name="service.product" value="MDaemon"/>
|
|
@@ -698,10 +692,9 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
698
692
|
</fingerprint>
|
|
699
693
|
<fingerprint pattern="^([^ ]+) Mercury ([^ ]+\.[^ ]+) ESMTP server ready.$">
|
|
700
694
|
<description>
|
|
701
|
-
Mercury NLM for Netware
|
|
702
|
-
http://www.pmail.com/index.cfm
|
|
703
|
-
example: 220 mail.law.utexas.edu Mercury 1.43 ESMTP server ready.
|
|
695
|
+
Mercury NLM for Netware ( http://www.pmail.com/index.cfm )
|
|
704
696
|
</description>
|
|
697
|
+
<example service.version="1.43">foo.bar Mercury 1.43 ESMTP server ready.</example>
|
|
705
698
|
<param pos="0" name="service.family" value="Mercury Mail Transport System"/>
|
|
706
699
|
<param pos="0" name="service.product" value="Mercury Mail Transport System"/>
|
|
707
700
|
<param pos="0" name="os.vendor" value="Novell"/>
|
|
@@ -711,27 +704,12 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
711
704
|
<param pos="1" name="host.name"/>
|
|
712
705
|
<param pos="2" name="service.version"/>
|
|
713
706
|
</fingerprint>
|
|
714
|
-
<fingerprint pattern="
|
|
707
|
+
<fingerprint pattern="^^([^ ]+) Mercury\/32 v([^ ]+\.[^ ]+) (?:SMTP\/)?ESMTP server ready.?$">
|
|
715
708
|
<description>
|
|
716
|
-
Mercury/32 for Win9x/NT/2000
|
|
717
|
-
http://www.pmail.com/index.cfm
|
|
718
|
-
example: 220 jimmy.qmuc.ac.uk Mercury/32 v3.01a SMTP/ESMTP server ready.
|
|
719
|
-
</description>
|
|
720
|
-
<param pos="0" name="service.family" value="Mercury Mail Transport System"/>
|
|
721
|
-
<param pos="0" name="service.product" value="Mercury Mail Transport System"/>
|
|
722
|
-
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
723
|
-
<param pos="0" name="os.family" value="Windows"/>
|
|
724
|
-
<param pos="0" name="os.device" value="General"/>
|
|
725
|
-
<param pos="0" name="os.product" value="Windows"/>
|
|
726
|
-
<param pos="1" name="host.name"/>
|
|
727
|
-
<param pos="2" name="service.version"/>
|
|
728
|
-
</fingerprint>
|
|
729
|
-
<fingerprint pattern="^([^ ]+) Mercury/32 v([^ ]+\.[^ ]+) ESMTP server ready.$">
|
|
730
|
-
<description>
|
|
731
|
-
Mercury/32 for Win9x/NT/2000
|
|
732
|
-
http://www.pmail.com/index.cfm
|
|
733
|
-
example: 220 mail-gateway1.acfw.net Mercury/32 v3.30 ESMTP server ready.
|
|
709
|
+
Mercury/32 for Win9x/NT/2000 ( http://www.pmail.com/index.cfm )
|
|
734
710
|
</description>
|
|
711
|
+
<example service.version="3.01a">foo.bar Mercury/32 v3.01a SMTP/ESMTP server ready.</example>
|
|
712
|
+
<example service.version="3.30">foo.bar Mercury/32 v3.30 ESMTP server ready.</example>
|
|
735
713
|
<param pos="0" name="service.family" value="Mercury Mail Transport System"/>
|
|
736
714
|
<param pos="0" name="service.product" value="Mercury Mail Transport System"/>
|
|
737
715
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
@@ -1388,6 +1366,14 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
1388
1366
|
<param pos="2" name="service.version"/>
|
|
1389
1367
|
<param pos="3" name="system.time"/>
|
|
1390
1368
|
</fingerprint>
|
|
1369
|
+
<fingerprint pattern="^Sendmail ESMTP ready$">
|
|
1370
|
+
<description>
|
|
1371
|
+
catch all for other versions of sendmail, no hostname or date
|
|
1372
|
+
</description>
|
|
1373
|
+
<example>Sendmail ESMTP ready</example>
|
|
1374
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1375
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1376
|
+
</fingerprint>
|
|
1391
1377
|
<fingerprint pattern="^Sendmail ([^/]+)/([^/]+) ready on ([^ ]+)$">
|
|
1392
1378
|
<description>
|
|
1393
1379
|
catch all for other versions of sendmail
|
|
@@ -1499,42 +1485,15 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
1499
1485
|
<param pos="1" name="host.name"/>
|
|
1500
1486
|
<param pos="2" name="service.version"/>
|
|
1501
1487
|
</fingerprint>
|
|
1502
|
-
|
|
1503
|
-
<fingerprint pattern="^([^ ]+) S[mM][tT][pP] Server SL[mM]ail v?([^ ]+\.[^ ]+) Ready ESMTP spoken here *$">
|
|
1504
|
-
<description>
|
|
1505
|
-
Seattle Labs SLMail server for Windows NT/2k (v2.7 runs on Win9x)
|
|
1506
|
-
http://serverwatch.internet.com/reviews/mail-slmail.html
|
|
1507
|
-
http://www.seattlelab.com/
|
|
1508
|
-
example: 220 mail2.webgeneral.com Smtp Server SLMail v2.7 Ready ESMTP spoken here
|
|
1509
|
-
</description>
|
|
1510
|
-
<param pos="0" name="service.vendor" value="Seattle Labs"/>
|
|
1511
|
-
<param pos="0" name="service.family" value="SLMail"/>
|
|
1512
|
-
<param pos="0" name="service.product" value="SLMail"/>
|
|
1513
|
-
<param pos="1" name="host.name"/>
|
|
1514
|
-
<param pos="2" name="service.version"/>
|
|
1515
|
-
</fingerprint>
|
|
1516
|
-
<!-- SLMail with three version numbers -->
|
|
1517
|
-
<fingerprint pattern="^([^ ]+) S[mM][tT][pP] Server SL[mM]ail v?([^ ]+\.[^ ]+\.[^ ]+) Ready ESMTP spoken here *$">
|
|
1518
|
-
<description>
|
|
1519
|
-
Seattle Labs SLMail server for Windows NT/2k (v2.7 runs on Win9x)
|
|
1520
|
-
http://serverwatch.internet.com/reviews/mail-slmail.html
|
|
1521
|
-
http://www.seattlelab.com/
|
|
1522
|
-
example: 220 wl004.pbx.web-light.net SMTP Server SLmail 3.2.3113 Ready ESMTP spoken here
|
|
1523
|
-
</description>
|
|
1524
|
-
<param pos="0" name="service.vendor" value="Seattle Labs"/>
|
|
1525
|
-
<param pos="0" name="service.family" value="SLMail"/>
|
|
1526
|
-
<param pos="0" name="service.product" value="SLMail"/>
|
|
1527
|
-
<param pos="1" name="host.name"/>
|
|
1528
|
-
<param pos="2" name="service.version"/>
|
|
1529
|
-
</fingerprint>
|
|
1530
|
-
<!-- SLMail with four version numbers -->
|
|
1531
|
-
<fingerprint pattern="^([^ ]+) S[mM][tT][pP] Server SL[mM]ail v?([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+) Ready ESMTP spoken here *$">
|
|
1488
|
+
<fingerprint pattern="^([^ ]+) SMTP Server SLMail v?(\d\.[\d.]+) Ready ESMTP spoken here *$" flags="REG_ICASE">
|
|
1532
1489
|
<description>
|
|
1533
1490
|
Seattle Labs SLMail server for Windows NT/2k (v2.7 runs on Win9x)
|
|
1534
1491
|
http://serverwatch.internet.com/reviews/mail-slmail.html
|
|
1535
1492
|
http://www.seattlelab.com/
|
|
1536
|
-
example: 220 mail2.webgeneral.com Smtp Server SLMail v2.7 Ready ESMTP spoken here
|
|
1537
1493
|
</description>
|
|
1494
|
+
<example service.version="2.7">foo.bar Smtp Server SLMail v2.7 Ready ESMTP spoken here</example>
|
|
1495
|
+
<example service.version="3.2.3113">foo.bar SMTP Server SLmail 3.2.3113 Ready ESMTP spoken here</example>
|
|
1496
|
+
<example service.version="5.5.0.4433">foo.bar SMTP Server SLmail 5.5.0.4433 Ready ESMTP spoken here</example>
|
|
1538
1497
|
<param pos="0" name="service.vendor" value="Seattle Labs"/>
|
|
1539
1498
|
<param pos="0" name="service.family" value="SLMail"/>
|
|
1540
1499
|
<param pos="0" name="service.product" value="SLMail"/>
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: recog
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.1.
|
|
4
|
+
version: 2.1.9
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rapid7 Research
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-06-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|