recog 2.3.17 → 2.3.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ci.yml +26 -0
  3. data/bin/recog_standardize +6 -0
  4. data/cpe-remap.yaml +342 -200
  5. data/identifiers/README.md +24 -10
  6. data/identifiers/fields.txt +104 -0
  7. data/identifiers/hw_device.txt +2 -0
  8. data/identifiers/hw_family.txt +11 -0
  9. data/identifiers/hw_product.txt +71 -0
  10. data/identifiers/os_device.txt +2 -1
  11. data/identifiers/os_family.txt +2 -0
  12. data/identifiers/os_product.txt +36 -8
  13. data/identifiers/service_family.txt +10 -1
  14. data/identifiers/service_product.txt +78 -2
  15. data/identifiers/vendor.txt +55 -0
  16. data/lib/recog/nizer.rb +1 -82
  17. data/lib/recog/version.rb +1 -1
  18. data/requirements.txt +1 -1
  19. data/update_cpes.py +18 -5
  20. data/xml/apache_modules.xml +60 -0
  21. data/xml/apache_os.xml +1 -1
  22. data/xml/dns_versionbind.xml +11 -1
  23. data/xml/favicons.xml +122 -3
  24. data/xml/ftp_banners.xml +62 -51
  25. data/xml/html_title.xml +553 -41
  26. data/xml/http_cookies.xml +262 -61
  27. data/xml/http_servers.xml +478 -108
  28. data/xml/http_wwwauth.xml +36 -9
  29. data/xml/imap_banners.xml +5 -5
  30. data/xml/ldap_searchresult.xml +1 -0
  31. data/xml/mdns_device-info_txt.xml +340 -10
  32. data/xml/mysql_banners.xml +2 -1
  33. data/xml/nntp_banners.xml +1 -1
  34. data/xml/ntp_banners.xml +16 -2
  35. data/xml/operating_system.xml +4 -4
  36. data/xml/pop_banners.xml +4 -4
  37. data/xml/rtsp_servers.xml +7 -0
  38. data/xml/sip_banners.xml +347 -9
  39. data/xml/sip_user_agents.xml +323 -4
  40. data/xml/smb_native_lm.xml +32 -1
  41. data/xml/smb_native_os.xml +160 -33
  42. data/xml/smtp_banners.xml +167 -128
  43. data/xml/smtp_expn.xml +1 -0
  44. data/xml/smtp_vrfy.xml +1 -0
  45. data/xml/snmp_sysdescr.xml +205 -36
  46. data/xml/ssh_banners.xml +139 -25
  47. data/xml/telnet_banners.xml +92 -48
  48. data/xml/tls_jarm.xml +140 -0
  49. data/xml/x509_issuers.xml +201 -2
  50. data/xml/x509_subjects.xml +251 -32
  51. metadata +5 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f593d696005c5d90c90e99a3ff779f11e73eeb28d94c6fed500bef2124502803
4
- data.tar.gz: 555a3b4fc6ba321c11d0479cc6054e4f316fa810d567bdddf2dfa2de08788043
3
+ metadata.gz: 972b7cc1ae69526b61f221eeefce61d192ccf4b1603342f94195bf6cd2ddba95
4
+ data.tar.gz: 807831da5cdfd3160bca893367c92f4b817514758b996968829253f548d19709
5
5
  SHA512:
6
- metadata.gz: eeddda28aaf2233544f1f4072d1f1d62431d5a8ade16edfb39f57aa05d8199794305c043af3618bced6b752f247709fc5b0f6ee430309779e5ed56bd0f963cc7
7
- data.tar.gz: 32c03df36eef13503fdeb2ebdb5a54a5fc26e682ced5b43e047d5e885135019e19b6617845dd0087d7c06c246dc49c6866ed00585e8b6978a1db9c58dc1ce4ad
6
+ metadata.gz: a923e57f1f34fb74358756372fc3d3d08c20f0a0b9b1088905f57f4b09a2a56b2d9d4940d39e609ff50c164d15e285c9e1707032864d55f969a7ed4d72e68de5
7
+ data.tar.gz: 62d17cd2cdf9c3a6d35b36e4ace9c20744d42cfd99a2e90f65e463540fceb551f35f7572179af261c8881116aeadc51986e371631dc451df31081d52d79a58c1
@@ -0,0 +1,26 @@
1
+ name: CI
2
+
3
+ on: [push, pull_request]
4
+
5
+ jobs:
6
+ test:
7
+ name: 'Ruby: ${{ matrix.ruby-version }}'
8
+ runs-on: ubuntu-latest
9
+ strategy:
10
+ fail-fast: false
11
+ matrix:
12
+ ruby-version: ['2.5', '2.6', '2.7', '3.0', 'jruby-9.1.17.0', 'jruby']
13
+
14
+ steps:
15
+ - uses: actions/checkout@v2
16
+ - name: Set up Ruby
17
+ uses: ruby/setup-ruby@v1
18
+ with:
19
+ ruby-version: ${{ matrix.ruby-version }}
20
+ bundler-cache: true # runs 'bundle install' and caches installed gems automatically
21
+ - name: Run tests
22
+ run: |
23
+ bundle exec rake --version
24
+ bundle exec rake tests
25
+ env:
26
+ JRUBY_OPTS: --server -J-Xms512m -J-Xmx2G
@@ -50,6 +50,7 @@ end
50
50
 
51
51
  # Load the unique identifiers
52
52
  vendors = load_identifiers(File.join(bdir, "vendor.txt"))
53
+ fields = load_identifiers(File.join(bdir, "fields.txt"))
53
54
  os_arch = load_identifiers(File.join(bdir, "os_architecture.txt"))
54
55
  os_prod = load_identifiers(File.join(bdir, "os_product.txt"))
55
56
  os_family = load_identifiers(File.join(bdir, "os_family.txt"))
@@ -67,6 +68,10 @@ ARGV.each do |arg|
67
68
  ndb.fingerprints.each do |f|
68
69
  f.params.each do |k,v|
69
70
  paramIndex, val = v
71
+ if ! fields[k]
72
+ puts "FIELD MISSING: #{k}"
73
+ fields[k] = true
74
+ end
70
75
  next if paramIndex != 0
71
76
  next if val.index("{") != nil
72
77
  next if val.strip == ""
@@ -131,6 +136,7 @@ exit if ! options.write
131
136
 
132
137
  # Write back the unique identifiers
133
138
  write_identifiers(vendors, File.join(bdir, "vendor.txt"))
139
+ write_identifiers(fields, File.join(bdir, "fields.txt"))
134
140
  write_identifiers(os_arch, File.join(bdir, "os_architecture.txt"))
135
141
  write_identifiers(os_prod, File.join(bdir, "os_product.txt"))
136
142
  write_identifiers(os_family, File.join(bdir, "os_family.txt"))
data/cpe-remap.yaml CHANGED
@@ -1,201 +1,343 @@
1
1
  mappings:
2
- alpine:
3
- vendor: alpinelinux
4
- products:
5
- linux: alpine_linux
6
- apache:
7
- products:
8
- httpd: http_server
9
- apple:
10
- products:
11
- ios: iphone_os
12
- aprelium_technologies:
13
- vendor: aprelium
14
- alt-n:
15
- vendor: altn
16
- bea:
17
- products:
18
- weblogic: weblogic_server
19
- blue_coat:
20
- vendor: bluecoat
21
- carnegie_mellon_university:
22
- vendor: cmu
23
- products:
24
- cyrus_imap: cyrus_imap_server
25
- centos:
26
- products:
27
- linux: centos
28
- centos_webpanel:
29
- vendor: centos-webpanel
30
- check_point:
31
- vendor: checkpoint
32
- cisco:
33
- vendor: cisco
34
- products:
35
- adaptive_security_appliance: adaptive_security_appliance_software
36
- apic: application_policy_infrastructure_controller
37
- pix: pix_firewall_software
38
- telepresence: telepresence_video_communication_server_software
39
- crushftp:
40
- products:
41
- crushftp_web_interface: crushftp
42
- data_domain:
43
- vendor: dell
44
- products:
45
- dd_os: emc_data_domain_os
46
- debian:
47
- products:
48
- linux: debian_linux
49
- drupal:
50
- products:
51
- cms: drupal
52
- embedthis:
53
- products:
54
- goahead_webserver: goahead
55
- emc:
56
- products:
57
- celerra: celerra_network_attached_storage
58
- f5:
59
- products:
60
- big-ip: big-ip_local_traffic_manager
61
- big-ip_ltm: big-ip_local_traffic_manager
62
- fedora_project:
63
- vendor: fedoraproject
64
- hp:
65
- products:
66
- ilo: integrated_lights_out
67
- tru64_unix: tru64
68
- ibm:
69
- products:
70
- lotus_domino: lotus_domino_server
71
- ibm_domino: lotus_domino
72
- os/400: os_400
73
- intel:
74
- products:
75
- intel(r)_active_management_technology: active_management_technology
76
- intel(r)_standard_manageability: standard_manageability
77
- jamf:
78
- products:
79
- jamf_pro: jamf
80
- juniper:
81
- products:
82
- junos_os: junos
83
- kibana:
84
- vendor: elasticsearch
85
- kodi:
86
- products:
87
- media_server: kodi
88
- cz.nic:
89
- vendor: knot-dns
90
- litespeed_technologies:
91
- vendor: litespeedtech
92
- linux:
93
- products:
94
- linux: linux_kernel
95
- lynx_technology:
96
- vendor: lynxtechnology
97
- products:
98
- twonky_media_server: twonky_server
99
- mailenable:
100
- products:
101
- mail_server: mailenable
102
- microsoft:
103
- products:
104
- active_directory_controller: active_directory
105
- exchange_server_5.5: exchange_server
106
- exchange_2000_server: exchange_server
107
- exchange_2003_server: exchange_server
108
- exchange_2007_server: exchange_server
109
- lightweight_directory_server: active_directory_lightweight_directory_service
110
- windows_server_2003_datacenter_edition: windows_server_2003
111
- windows_server_2003_r2: windows_server_2003
112
- windows_2008_r2: windows_server_2008
113
- windows_server_2008_datacenter_edition: windows_server_2008
114
- windows_server_2008_r2: windows_server_2008
115
- windows_server_2008_r2_datacenter_edition: windows_server_2008
116
- windows_server_2012_r2: windows_server_2012
117
- nt: windows_nt
118
- windows_nt_desktop: windows_nt
119
- windows_nt_server: windows_nt
120
- windows_server_2000: windows_2000
121
- windows_2000_server: windows_2000
122
- windows_2000_datacenter_server: windows_2000
123
- pws: personal_web_server
124
- mod_ssl:
125
- vendor: modssl
126
- mod_wsgi:
127
- vendor: modwsgi
128
- mort_bay:
129
- vendor: mortbay
130
- munin:
131
- vendor: munin-monitoring
132
- nlnet_labs:
133
- vendor: nlnetlabs
134
- products:
135
- dnsd: name_server_daemon
136
- net-snmp:
137
- products:
138
- snmp_agent: net-snmp
139
- owncloud:
140
- products:
141
- owncloud_server: owncloud
142
- palo_alto_networks:
143
- vendor: paloaltonetworks
144
- products:
145
- pa_firewall: pan-os
146
- parallels:
147
- products:
148
- plesk: parallels_plesk_panel
149
- plesk:
150
- vendor: parallels
151
- proftpd_project:
152
- vendor: proftpd
153
- progress:
154
- products:
155
- openedge_explorer: openedge
156
- pulse_secure:
157
- vendor: pulsesecure
158
- realvnc_ltd.:
159
- vendor: realvnc
160
- red_hat:
161
- vendor: redhat
162
- products:
163
- cygwin_x_server_project: cygwin
164
- fedora_core_linux: fedora_core
165
- jboss_as: jboss_wildfly_application_server
166
- jboss_eap: jboss_enterprise_application_platform
167
- jbossweb: jboss_web_framework_kit
168
- red_hat_directory_server: directory_server
169
- squid_cache:
170
- vendor: squid-cache
171
- sun:
172
- vendor: sun
173
- products:
174
- solaris: sunos
175
- swagger:
176
- vendor: smartbear
177
- tandberg:
178
- vendor: cisco
179
- tightvnc:
180
- products:
181
- desktop: tightvnc
182
- ubiquiti:
183
- vendor: ui
184
- ubuntu:
185
- vendor: canonical
186
- products:
187
- linux: ubuntu_linux
188
- vandyke_software:
189
- vendor: vandyke
190
- vmware:
191
- products:
192
- photon_linux: photon_os
193
- zimbra: zimbra_desktop
194
- vcenter: vcenter_server
195
- vmware_esx_server: esx
196
- vmware_esxi_server: esxi
197
- wind_river:
198
- vendor: windriver
199
- x.org:
200
- products:
201
- x.org_x11: x11
2
+ # The following section contains CPE application or 'a' remappings. These will
3
+ # ONLY be used for mapping Recog 'service' attributes.
4
+ a:
5
+ akamai:
6
+ products:
7
+ ghost: akamaighost
8
+ amazon:
9
+ products:
10
+ s3: amazon_simple_storage_service
11
+ cloudfront_load_balancer: amazon_cloudfront
12
+ apache:
13
+ products:
14
+ httpd: http_server
15
+ aprelium_technologies:
16
+ vendor: aprelium
17
+ alt-n:
18
+ vendor: altn
19
+ aruba_networks:
20
+ vendor: arubanetworks
21
+ bea:
22
+ products:
23
+ weblogic: weblogic_server
24
+ blue_coat:
25
+ vendor: bluecoat
26
+ carnegie_mellon_university:
27
+ vendor: cmu
28
+ products:
29
+ cyrus_imap: cyrus_imap_server
30
+ centos_webpanel:
31
+ vendor: centos-webpanel
32
+ check_point:
33
+ vendor: checkpoint
34
+ cherokee_project:
35
+ vendor: cherokee-project
36
+ cisco:
37
+ products:
38
+ apic: application_policy_infrastructure_controller
39
+ cloudflare:
40
+ products:
41
+ cloudflare_load_balancer: load_balancing
42
+ cpanel:
43
+ products:
44
+ cpanel_service_daemon: cpanel
45
+ crushftp:
46
+ products:
47
+ crushftp_web_interface: crushftp
48
+ cz.nic:
49
+ vendor: knot-dns
50
+ drupal:
51
+ products:
52
+ cms: drupal
53
+ embedthis:
54
+ products:
55
+ goahead_webserver: goahead
56
+ envoy_proxy:
57
+ vendor: envoyproxy
58
+ f5:
59
+ products:
60
+ big-ip: big-ip_local_traffic_manager
61
+ big-ip_ltm: big-ip_local_traffic_manager
62
+ fedora_project:
63
+ vendor: fedoraproject
64
+ google:
65
+ products:
66
+ google_web_services: web_server
67
+ ibm:
68
+ products:
69
+ lotus_domino: lotus_domino_server
70
+ ibm_domino: lotus_domino
71
+ ignite_realtime:
72
+ vendor: igniterealtime
73
+ intel:
74
+ products:
75
+ intel(r)_active_management_technology: active_management_technology
76
+ intel(r)_standard_manageability: standard_manageability
77
+ jamf:
78
+ products:
79
+ jamf_pro: jamf
80
+ kibana:
81
+ vendor: elasticsearch
82
+ kubernetes:
83
+ products:
84
+ nginx_ingress_controller: ingress-nginx
85
+ kodi:
86
+ products:
87
+ media_server: kodi
88
+ kong:
89
+ vendor: konghq
90
+ products:
91
+ gateway: kong_gateway
92
+ litespeed_technologies:
93
+ vendor: litespeedtech
94
+ lotus:
95
+ vendor: ibm
96
+ lynx_technology:
97
+ vendor: lynxtechnology
98
+ products:
99
+ twonky_media_server: twonky_server
100
+ mailenable:
101
+ products:
102
+ mail_server: mailenable
103
+ manageengine:
104
+ vendor: zohocorp
105
+ products:
106
+ adaudit_plus: manageengine_adaudit_plus
107
+ desktop_central: manageengine_desktop_central
108
+ opmanager: manageengine_opmanager
109
+ microsoft:
110
+ products:
111
+ active_directory_controller: active_directory
112
+ exchange_server_5.5: exchange_server
113
+ exchange_2000_server: exchange_server
114
+ exchange_2003_server: exchange_server
115
+ exchange_2007_server: exchange_server
116
+ lightweight_directory_server: active_directory_lightweight_directory_service
117
+ pws: personal_web_server
118
+ mod_ssl:
119
+ vendor: modssl
120
+ mod_wsgi:
121
+ vendor: modwsgi
122
+ # NIST took the vendor name from the website but apparently missed the `.in`
123
+ # in moinmo.in was part of the name
124
+ moinmoin:
125
+ vendor: moinmo
126
+ mort_bay:
127
+ vendor: mortbay
128
+ munin:
129
+ vendor: munin-monitoring
130
+ nlnet_labs:
131
+ vendor: nlnetlabs
132
+ products:
133
+ dnsd: name_server_daemon
134
+ net-snmp:
135
+ products:
136
+ snmp_agent: net-snmp
137
+ owncloud:
138
+ products:
139
+ owncloud_server: owncloud
140
+ parallels:
141
+ products:
142
+ plesk: parallels_plesk_panel
143
+ plesk:
144
+ vendor: parallels
145
+ proftpd_project:
146
+ vendor: proftpd
147
+ progress:
148
+ products:
149
+ openedge_explorer: openedge
150
+ pulse_secure:
151
+ vendor: pulsesecure
152
+ realvnc_ltd.:
153
+ vendor: realvnc
154
+ red_hat:
155
+ vendor: redhat
156
+ products:
157
+ cygwin_x_server_project: cygwin
158
+ jboss_as: jboss_wildfly_application_server
159
+ jboss_eap: jboss_enterprise_application_platform
160
+ jbossweb: jboss_web_framework_kit
161
+ red_hat_directory_server: directory_server
162
+ serv-u:
163
+ vendor: solarwinds
164
+ squid_cache:
165
+ vendor: squid-cache
166
+ ssh_communications_security:
167
+ vendor: ssh
168
+ products:
169
+ ssh_tectia_server: tectia_server
170
+ standard_networks:
171
+ vendor: ipswitch
172
+ swagger:
173
+ vendor: smartbear
174
+ synology:
175
+ products:
176
+ dsm: diskstation_manager
177
+ tightvnc:
178
+ products:
179
+ desktop: tightvnc
180
+ tor_project:
181
+ vendor: torproject
182
+ traefik_labs:
183
+ vendor: traefik
184
+ products:
185
+ traefik_proxy: traefik
186
+ twistedmatrix:
187
+ products:
188
+ twisted_web: twistedweb
189
+ ubiquiti:
190
+ vendor: ui
191
+ vandyke_software:
192
+ vendor: vandyke
193
+ vmware:
194
+ products:
195
+ zimbra: zimbra_desktop
196
+ vcenter: vcenter_server
197
+ x.org:
198
+ products:
199
+ x.org_x11: x11
200
+
201
+ # The following section contains CPE operating system or 'o' remappings. These will
202
+ # ONLY be used for mapping Recog 'os' attributes.
203
+ o:
204
+ alpine:
205
+ vendor: alpinelinux
206
+ products:
207
+ linux: alpine_linux
208
+ apple:
209
+ products:
210
+ ios: iphone_os
211
+ brocade:
212
+ vendor: broadcom
213
+ products:
214
+ fabric_os: fabric_operating_system
215
+ centos:
216
+ products:
217
+ linux: centos
218
+ check_point:
219
+ vendor: checkpoint
220
+ cisco:
221
+ products:
222
+ adaptive_security_appliance: adaptive_security_appliance_software
223
+ nam: network_analysis_module_software
224
+ pix: pix_firewall_software
225
+ telepresence: telepresence_video_communication_server_software
226
+ vpn_3000_concentrator: vpn_3000_concentrator_series_software
227
+ wireless_lan_controller: wireless_lan_controller_software
228
+ citrix:
229
+ products:
230
+ netscaler: netscaler_firmware
231
+ netscaler_gateway: netscaler_gateway_firmware
232
+ cumulus:
233
+ vendor: cumulusnetworks
234
+ data_domain:
235
+ vendor: dell
236
+ products:
237
+ dd_os: emc_data_domain_os
238
+ debian:
239
+ products:
240
+ linux: debian_linux
241
+ hp:
242
+ products:
243
+ ilo: integrated_lights-out_firmware
244
+ ilo_firmware: integrated_lights-out_firmware
245
+ ilo_2: integrated_lights-out_2_firmware
246
+ ilo_3: integrated_lights-out_3_firmware
247
+ ilo_4: integrated_lights-out_4_firmware
248
+ ilo_5: integrated_lights-out_5_firmware
249
+ tru64_unix: tru64
250
+ ibm:
251
+ products:
252
+ os/400: os_400
253
+ i5/os: i5os
254
+ juniper:
255
+ products:
256
+ junos_os: junos
257
+ linux:
258
+ products:
259
+ linux: linux_kernel
260
+ microsoft:
261
+ products:
262
+ windows_server_2003_datacenter_edition: windows_server_2003
263
+ windows_server_2003_r2: windows_server_2003
264
+ windows_2008_r2: windows_server_2008
265
+ windows_server_2008_datacenter_edition: windows_server_2008
266
+ windows_server_2008_r2: windows_server_2008
267
+ windows_server_2008_r2_datacenter_edition: windows_server_2008
268
+ windows_server_2012_r2: windows_server_2012
269
+ nt: windows_nt
270
+ windows_nt_desktop: windows_nt
271
+ windows_nt_server: windows_nt
272
+ windows_server_2000: windows_2000
273
+ windows_2000_server: windows_2000
274
+ windows_2000_datacenter_server: windows_2000
275
+ oracle:
276
+ products:
277
+ ilom: integrated_lights_out_manager_firmware
278
+ palo_alto_networks:
279
+ vendor: paloaltonetworks
280
+ red_hat:
281
+ vendor: redhat
282
+ products:
283
+ fedora_core_linux: fedora_core
284
+ sun:
285
+ products:
286
+ solaris: sunos
287
+ ubiquiti:
288
+ vendor: ui
289
+ ubuntu:
290
+ vendor: canonical
291
+ products:
292
+ linux: ubuntu_linux
293
+ vmware:
294
+ products:
295
+ photon_linux: photon_os
296
+ vmware_esx_server: esx
297
+ vmware_esxi_server: esxi
298
+ wind_river:
299
+ vendor: windriver
300
+
301
+ # The following section contains CPE hardware or 'h' remappings. These will
302
+ # ONLY be used for mapping Recog 'hw' attributes.
303
+ h:
304
+ apple:
305
+ products:
306
+ imac_(retina_4k_21.5-inch_2019): imac
307
+ imac_(retina_5k_27-inch_2017): imac
308
+ imac_(retina_5k_27-inch_2019): imac
309
+ imac_(retina_5k_27-inch_2020): imac
310
+ macbook_air_(13-inch_2017): macbook_air
311
+ macbook_air_(m1_2020): macbook_air
312
+ macbook_air_(retina_13-inch_2018): macbook_air
313
+ macbook_air_(retina_13-inch_2019): macbook_air
314
+ macbook_air_(retina_13-inch_2020): macbook_air
315
+ macbook_pro_(13-inch_2018_four_thunderbolt_3_ports): macbook_pro
316
+ macbook_pro_(13-inch_2019_two_thunderbolt_3_ports): macbook_pro
317
+ macbook_pro_(13-inch_2020): macbook_pro
318
+ macbook_pro_(13-inch_m1_2020): macbook_pro
319
+ macbook_pro_(15-inch_2018): macbook_pro
320
+ macbook_pro_(15-inch_2019): macbook_pro
321
+ macbook_pro_(16-inch_2019): macbook_pro
322
+ macbook_pro_(retina_13-inch_early_2015): macbook_pro
323
+ macbook_pro_(retina_15-inch_mid_2015): macbook_pro
324
+ cisco:
325
+ products:
326
+ nam: network_analysis_module
327
+ citrix:
328
+ products:
329
+ netscaler_sdx_gateway: netscaler_sdx
330
+ emc:
331
+ products:
332
+ celerra: celerra_network_attached_storage
333
+ hp:
334
+ products:
335
+ ilo: integrated_lights-out
336
+ kace:
337
+ vendor: dell
338
+ products:
339
+ k1000: kace_k1000_systems_management_appliance
340
+ tandberg:
341
+ vendor: cisco
342
+ ubiquiti:
343
+ vendor: ui