recog 2.3.0 → 2.3.1

data/xml/snmp_sysobjid.xml

@@ -31,7 +31,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
   </fingerprint>
   <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: x86.*Software: Windows 2000 Version 5\.0.*$">
-    <description>Windows 2000 on x86</description>
+    <description>Windows 2000 Datacenter on x86</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: x86 Family 15 Model 4 Stepping 8 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.0 (Build 2195 Uniprocessor Free)</example>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.family" value="Windows"/>
@@ -49,7 +49,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
   </fingerprint>
   <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: x86.*Software: Windows Version 5\.2.*$">
-    <description>Windows Server 2003 on x86</description>
+    <description>Windows Server 2003 Datacenter on x86</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: x86 Family 15 Model 4 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 5.2 (Build 3790 Multiprocessor Free)</example>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.family" value="Windows"/>
@@ -68,7 +68,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
   </fingerprint>
   <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: \S+64.*Software: Windows Version 5\.2.*$">
-    <description>Windows Server 2003 on x86_64</description>
+    <description>Windows Server 2003 Datacenter on x86_64</description>
     <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: AMD64 Family 15 Model 4 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 5.2 (Build 3790 Multiprocessor Free)</example>
     <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: Intel64 Family 6 Model 15 Stepping 6 AT/AT COMPATIBLE - Software: Windows Version 5.2 (Build 3790 Multiprocessor Free)</example>
     <param pos="0" name="os.vendor" value="Microsoft"/>

data/xml/ssh_banners.xml

@@ -38,15 +38,15 @@
   </fingerprint>
   <fingerprint pattern="^Serv-U_([\d\.]+)$">
     <description>Serv-U SSH</description>
-    <example>Serv-U_7.4.0.1</example>
+    <example service.version="7.4.0.1">Serv-U_7.4.0.1</example>
     <param pos="0" name="service.vendor" value="Rhino Software"/>
     <param pos="0" name="service.product" value="Serv-U"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
   <fingerprint pattern="WS_FTP-SSH_([\d\.]+)$">
     <description>WS_FTP Server with SSH</description>
-    <example>WS_FTP-SSH_6.1.1</example>
-    <example>WS_FTP-SSH_7.0</example>
+    <example service.version="6.1.1">WS_FTP-SSH_6.1.1</example>
+    <example service.version="7.0">WS_FTP-SSH_7.0</example>
     <param pos="0" name="service.vendor" value="Ipswitch"/>
     <param pos="0" name="service.product" value="WS_FTP"/>
     <param pos="1" name="service.version"/>
@@ -705,8 +705,7 @@
    </fingerprint>-->
   <!-- TODO: Handle "vpn3" banners for Cisco 3000 VPN Concentrators (need example banners first) -->
   <fingerprint pattern="^Cisco-(.*)$">
-    <description>Cisco SSH banner (could be IOS or PIX).
-         The version always seems to be 1.25</description>
+    <description>Cisco SSH banner (could be IOS or PIX), The version always seems to be 1.25</description>
     <example service.version="1.25">Cisco-1.25</example>
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.vendor" value="Cisco"/>
@@ -924,7 +923,7 @@
     <param pos="0" name="hw.vendor" value="Ruijie"/>
   </fingerprint>
   <fingerprint pattern="^VShell_(?:Special_Edition_)?(\d+)_(\d+)_(\d+)_(\d+) VShell$">
-    <description>VanDyke VShell</description>
+    <description>VanDyke VShell - detailed variant</description>
     <example service.version="3" service.version.version="6" service.version.version.version="2" service.version.version.version.version="446">VShell_3_6_2_446 VShell</example>
     <example service.version="2" service.version.version="5" service.version.version.version="0" service.version.version.version.version="204">VShell_Special_Edition_2_5_0_204 VShell</example>
     <param pos="1" name="service.version"/>
@@ -945,8 +944,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:vandyke:vshell:{service.version}"/>
   </fingerprint>
   <fingerprint pattern="^WRQReflection(?i:F)orSecureIT_(.*)$">
-    <description>Attachmate Reflection (formerly WRQ Reflection for Secure IT)
-      </description>
+    <description>Attachmate Reflection (formerly WRQ Reflection for Secure IT)</description>
     <example service.version="6.1 Build 21">WRQReflectionForSecureIT_6.1 Build 21</example>
     <example service.version="8.2 Build 117">WRQReflectionforSecureIT_8.2 Build 117</example>
     <param pos="1" name="service.version"/>
@@ -955,8 +953,7 @@
     <param pos="0" name="service.product" value="Reflection"/>
   </fingerprint>
   <fingerprint pattern="^([^\s]*)\s*F-Secure SSH\s*(?:.*)$">
-    <description>Attachmate Reflection (formerly F-Secure SSH)
-      </description>
+    <description>Attachmate Reflection (formerly F-Secure SSH)</description>
     <example service.version="3.2.3">3.2.3 F-Secure SSH Windows NT Server</example>
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.vendor" value="Attachmate"/>
@@ -964,7 +961,7 @@
     <param pos="0" name="service.product" value="Reflection"/>
   </fingerprint>
   <fingerprint pattern="^([^\s]*)\s*SSH Tectia Server$">
-    <description>SSH Communications Security Tectia Server</description>
+    <description>SSH Communications Security Tectia Server - branded</description>
     <example service.version="6.4.12.353">6.4.12.353 SSH Tectia Server</example>
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.vendor" value="SSH Communications Security"/>

data/xml/x509_subjects.xml

@@ -72,7 +72,7 @@
     <param pos="1" name="host.mac"/>
   </fingerprint>
   <fingerprint pattern="^SERIALNUMBER=PID:([^ ]+) SN:([^,]+),CN=(?:[a-zA-Z0-9\-]+)-SEP([a-fA-F0-9]{12}),OU=CTG,O=Cisco Systems Inc\.$">
-    <description>Cisco / Linksys Router</description>
+    <description>Cisco / Linksys Router with serial number</description>
     <example host.mac="B07D47D33A1C" hw.product="CP-8851" cisco.serial_number="FCH1924AHCA">SERIALNUMBER=PID:CP-8851 SN:FCH1924AHCA,CN=CP-8851-SEPB07D47D33A1C,OU=CTG,O=Cisco Systems Inc.</example>
     <param pos="0" name="hw.device" value="IP Phone"/>
     <param pos="0" name="hw.vendor" value="Cisco"/>
@@ -136,10 +136,7 @@
     <example>CN=idrac-SVCTAG,OU=Remote Access Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
     <example>CN=idrac-prosit-laks,OU=Remote Access Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
     <example>CN=idrac-,OU=Remote Access Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
-    <example>CN=idrac-SVCTAG,OU=Remote Access Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
     <example>CN=idrac,OU=Remote Access Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
-    <example>CN=idrac,OU=Remote Access Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
-    <example>CN=idrac-SVCTAG,OU=Remote Access Group,O=Dell Inc.,L=Round Rock,ST=Texas,C=US</example>
     <param pos="0" name="hw.device" value="Lights Out Management"/>
     <param pos="0" name="hw.vendor" value="Dell"/>
     <param pos="0" name="hw.product" value="iDRAC"/>
@@ -193,7 +190,7 @@
     <param pos="1" name="host.name"/>
   </fingerprint>
   <fingerprint pattern="^CN=HP Service Processor,OU=UDU Service Tools,O=Hewlett-Packard Development Company\\, L\.P\.\\ ,L=Fremont,ST=California,C=US$">
-    <description>HP iLO</description>
+    <description>HP iLO - HP Service Processor</description>
     <example>CN=HP Service Processor,OU=UDU Service Tools,O=Hewlett-Packard Development Company\, L.P.\ ,L=Fremont,ST=California,C=US</example>
     <param pos="0" name="hw.device" value="Lights Out Management"/>
     <param pos="0" name="hw.vendor" value="HP"/>
@@ -221,7 +218,7 @@
     <param pos="1" name="host.mac"/>
   </fingerprint>
   <fingerprint pattern="^CN=([A-Za-z0-9\_\-\.]+),OU=Hewlett Packard Enterprise Network Management Software \(SMH\),O=Hewlett Packard Enterprise,L=Houston,ST=Texas,C=US$">
-    <description>HP iLO</description>
+    <description>HP iLO - Enterprise Mgmt variant</description>
     <example>CN=bigsrv99,OU=Hewlett Packard Enterprise Network Management Software (SMH),O=Hewlett Packard Enterprise,L=Houston,ST=Texas,C=US</example>
     <param pos="0" name="hw.device" value="Lights Out Management"/>
     <param pos="0" name="hw.vendor" value="HP"/>
@@ -267,7 +264,7 @@
     <param pos="0" name="os.vendor" value="Avocent"/>
   </fingerprint>
   <fingerprint pattern="^CN=Avocent Mergepoint Unity,O=Avocent Mergepoint Unity,L=Huntsville,ST=Alabama,C=US$">
-    <description>Avocent KVM</description>
+    <description>Avocent Mergepoint KVM</description>
     <example>CN=Avocent Mergepoint Unity,O=Avocent Mergepoint Unity,L=Huntsville,ST=Alabama,C=US</example>
     <param pos="0" name="hw.device" value="KVM"/>
     <param pos="0" name="hw.vendor" value="Avocent"/>
@@ -277,9 +274,9 @@
     <param pos="0" name="os.product" value="Mergepoint"/>
   </fingerprint>
   <fingerprint pattern="^CN=HP Jetdirect [a-zA-Z0-9]+,OU=([a-fA-F0-9]{12})\+OU=([a-zA-Z0-9]+),O=Hewlett-Packard Co\.$">
-    <description>HP Jet Direct</description>
-    <example>CN=HP Jetdirect 38831831,OU=2C413883186A+OU=J8028E,O=Hewlett-Packard Co.</example>
-    <example>CN=HP Jetdirect FBFA31E7,OU=8851FBE33ABB+OU=J8016E,O=Hewlett-Packard Co.</example>
+    <description>HP Jet Direct - with host MAC and product</description>
+    <example host.mac="2C413883186A" hw.product="J8028E">CN=HP Jetdirect 38831831,OU=2C413883186A+OU=J8028E,O=Hewlett-Packard Co.</example>
+    <example os.product="J8016E">CN=HP Jetdirect FBFA31E7,OU=8851FBE33ABB+OU=J8016E,O=Hewlett-Packard Co.</example>
     <param pos="0" name="hw.device" value="Printer"/>
     <param pos="0" name="hw.vendor" value="HP"/>
     <param pos="0" name="hw.family" value="JetDirect"/>
@@ -451,7 +448,7 @@
     <param pos="0" name="hw.product" value="APIC"/>
   </fingerprint>
   <fingerprint pattern="^CN=APIC$">
-    <description>Cisco APIC</description>
+    <description>Cisco APIC - bare CN</description>
     <example>CN=APIC</example>
     <param pos="0" name="hw.vendor" value="Cisco"/>
     <param pos="0" name="hw.product" value="APIC"/>
@@ -555,7 +552,7 @@
     <param pos="0" name="os.device" value="Appliance"/>
   </fingerprint>
   <fingerprint pattern="^CN=.*,OU=FortiManager,O=Fortinet,L=Sunnyvale,ST=California,C=US$">
-    <description>Fortinet FortiMail Appliance</description>
+    <description>Fortinet FortiManager Appliance</description>
     <example>CN=FMG-VM0000000000,OU=FortiManager,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
     <param pos="0" name="hw.vendor" value="Fortinet"/>
     <param pos="0" name="hw.device" value="Appliance"/>
@@ -587,7 +584,7 @@
     <param pos="1" name="host.mac"/>
   </fingerprint>
   <fingerprint pattern="^CN=unifi$">
-    <description>Ubiquiti Controller</description>
+    <description>Ubiquiti Controller - unifi bare</description>
     <example>CN=unifi</example>
     <param pos="0" name="hw.vendor" value="Ubiquiti"/>
     <param pos="0" name="hw.device" value="Wireless Controller"/>
@@ -596,7 +593,7 @@
     <param pos="0" name="os.device" value="Wireless Controller"/>
   </fingerprint>
   <fingerprint pattern="^CN=UniFi,OU=UniFi,O=ubnt\.com,L=San Jose,ST=CA,C=US$">
-    <description>Ubiquiti Controller</description>
+    <description>Ubiquiti Controller - unifi</description>
     <example>CN=UniFi,OU=UniFi,O=ubnt.com,L=San Jose,ST=CA,C=US</example>
     <param pos="0" name="hw.vendor" value="Ubiquiti"/>
     <param pos="0" name="hw.device" value="Wireless Controller"/>
@@ -755,7 +752,7 @@
     <param pos="0" name="os.family" value="Linux"/>
   </fingerprint>
   <fingerprint pattern="^CN=Canon (iR-[a-zA-Z0-9\.\-\_]+)$">
-    <description>Canon iR-ADV Printer</description>
+    <description>Canon iR-ADV Printer with product info</description>
     <example os.product="iR-ADV">CN=Canon iR-ADV</example>
     <param pos="0" name="hw.device" value="Printer"/>
     <param pos="0" name="hw.vendor" value="Canon"/>
@@ -814,7 +811,7 @@
     <param pos="1" name="hw.product"/>
   </fingerprint>
   <fingerprint pattern="^CN=([a-fA-F0-9]{12}),O=Polycom Inc\.$">
-    <description>NEC DT Series IP Phone</description>
+    <description>Polycom SoundPoint IP Phone</description>
     <example host.mac="64167F169981">CN=64167F169981,O=Polycom Inc.</example>
     <param pos="0" name="os.vendor" value="Polycom"/>
     <param pos="0" name="os.device" value="IP Phone"/>
@@ -878,7 +875,7 @@
     <param pos="0" name="os.device" value="WAP"/>
   </fingerprint>
   <fingerprint pattern="^CN=axis-([a-fA-F0-9]{12}),O=Axis Communications AB$">
-    <description>OpenWRT WAP</description>
+    <description>Axis Communications Web Cam</description>
     <example host.mac="accc8ea31abf">CN=axis-accc8ea31abf,O=Axis Communications AB</example>
     <param pos="0" name="hw.vendor" value="AXIS"/>
     <param pos="0" name="hw.device" value="Web Cam"/>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: recog
 version: !ruby/object:Gem::Version
-  version: 2.3.0
+  version: 2.3.1
 platform: ruby
 authors:
 - Rapid7 Research
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-04-10 00:00:00.000000000 Z
+date: 2019-05-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -250,7 +250,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.11
+rubygems_version: 2.6.6
 signing_key: 
 specification_version: 4
 summary: Network service fingerprint database, classes, and utilities