recog 2.3.17 → 2.3.21

Sign up to get free protection for your applications and to get access to all the features.
Files changed (51) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ci.yml +26 -0
  3. data/bin/recog_standardize +6 -0
  4. data/cpe-remap.yaml +342 -200
  5. data/identifiers/README.md +24 -10
  6. data/identifiers/fields.txt +104 -0
  7. data/identifiers/hw_device.txt +2 -0
  8. data/identifiers/hw_family.txt +11 -0
  9. data/identifiers/hw_product.txt +71 -0
  10. data/identifiers/os_device.txt +2 -1
  11. data/identifiers/os_family.txt +2 -0
  12. data/identifiers/os_product.txt +36 -8
  13. data/identifiers/service_family.txt +10 -1
  14. data/identifiers/service_product.txt +78 -2
  15. data/identifiers/vendor.txt +55 -0
  16. data/lib/recog/nizer.rb +1 -82
  17. data/lib/recog/version.rb +1 -1
  18. data/requirements.txt +1 -1
  19. data/update_cpes.py +18 -5
  20. data/xml/apache_modules.xml +60 -0
  21. data/xml/apache_os.xml +1 -1
  22. data/xml/dns_versionbind.xml +11 -1
  23. data/xml/favicons.xml +122 -3
  24. data/xml/ftp_banners.xml +62 -51
  25. data/xml/html_title.xml +553 -41
  26. data/xml/http_cookies.xml +262 -61
  27. data/xml/http_servers.xml +478 -108
  28. data/xml/http_wwwauth.xml +36 -9
  29. data/xml/imap_banners.xml +5 -5
  30. data/xml/ldap_searchresult.xml +1 -0
  31. data/xml/mdns_device-info_txt.xml +340 -10
  32. data/xml/mysql_banners.xml +2 -1
  33. data/xml/nntp_banners.xml +1 -1
  34. data/xml/ntp_banners.xml +16 -2
  35. data/xml/operating_system.xml +4 -4
  36. data/xml/pop_banners.xml +4 -4
  37. data/xml/rtsp_servers.xml +7 -0
  38. data/xml/sip_banners.xml +347 -9
  39. data/xml/sip_user_agents.xml +323 -4
  40. data/xml/smb_native_lm.xml +32 -1
  41. data/xml/smb_native_os.xml +160 -33
  42. data/xml/smtp_banners.xml +167 -128
  43. data/xml/smtp_expn.xml +1 -0
  44. data/xml/smtp_vrfy.xml +1 -0
  45. data/xml/snmp_sysdescr.xml +205 -36
  46. data/xml/ssh_banners.xml +139 -25
  47. data/xml/telnet_banners.xml +92 -48
  48. data/xml/tls_jarm.xml +140 -0
  49. data/xml/x509_issuers.xml +201 -2
  50. data/xml/x509_subjects.xml +251 -32
  51. metadata +5 -2
@@ -1,16 +1,27 @@
1
1
  # Recog: Identifiers
2
2
 
3
- This directory contains lists of standard identifiers for mapping Recog matches. The goal is define a standard set of constants to represent known software, hardware, vendors, and categories.
3
+ This directory contains lists of standard identifiers for mapping Recog matches.
4
+ The goal is define a standard set of constants to represent known software,
5
+ hardware, vendors, and categories.
4
6
 
5
- This is currently incomplete and will be updated as standardization work moves forward.
7
+ This is currently incomplete and will be updated as standardization work moves
8
+ forward.
6
9
 
7
- Fingerprints should use these identifiers whenever possible; if a different name or syntax for a given identifier is preferred, this should be implemented in the application through a mapping function.
10
+ Fingerprints should use these identifiers whenever possible; if a different name
11
+ or syntax for a given identifier is preferred, this should be implemented in the
12
+ application through a mapping function.
8
13
 
9
14
  ## Lists
10
15
 
16
+ ### Fields
17
+
18
+ `fields.txt` defines the various fields (`os.vendor`, etc.) used to assert
19
+ information about a match.
20
+
11
21
  ### Vendors
12
22
 
13
- `vendor.txt` defines known vendor names, covering services, operating systems, and hardware.
23
+ `vendor.txt` defines known vendor names, covering services, operating systems,
24
+ and hardware.
14
25
 
15
26
  ### Operating Systems
16
27
 
@@ -22,14 +33,14 @@ Fingerprints should use these identifiers whenever possible; if a different name
22
33
 
23
34
  `os_device.txt` defines known types of devices by function or purpose.
24
35
 
25
-
26
36
  ### Hardware
27
37
 
28
38
  `hw_product.txt` defines known hardware product names.
29
39
 
30
40
  `hw_family.txt` defines known hardware product families.
31
41
 
32
- `hw_device.txt` defines known types of devices by function or purpose (overlaps with `os_device.txt`).
42
+ `hw_device.txt` defines known types of devices by function or purpose (overlaps
43
+ with `os_device.txt`).
33
44
 
34
45
  ### Services
35
46
 
@@ -47,10 +58,13 @@ Fingerprints should use these identifiers whenever possible; if a different name
47
58
 
48
59
  ## Pending Work
49
60
 
50
- * All existing fingerprints should be correlated against these lists to identify mismatches and updated accordingly.
61
+ * All existing fingerprints should be correlated against these lists to
62
+ identify mismatches and updated accordingly.
51
63
 
52
- * All net new identifiers from the existing fingerprints should be merged into these lists.
64
+ * All net new identifiers from the existing fingerprints should be merged into
65
+ these lists.
53
66
 
54
- * All fingerprint assertions should be enumerated, documented, and standardized where possible (`host.mac`, etc).
67
+ * All fingerprint assertions should be enumerated, documented, and standardized
68
+ where possible (`host.mac`, etc).
55
69
 
56
- * Hardware identifiers should be enumerated, consolidated, and standardized.
70
+ * Hardware identifiers should be enumerated, consolidated, and standardized.
@@ -0,0 +1,104 @@
1
+ agilent.serial
2
+ apache.info
3
+ apache.variant
4
+ apache.variant.version
5
+ chromecast.capabilities
6
+ chromecast.generation
7
+ chromecast.serial_number
8
+ cisco.imc_model
9
+ cisco.serial_number
10
+ cookie
11
+ dell.service_tag
12
+ extron.model
13
+ fortinet.serial_number
14
+ host.domain
15
+ host.ip
16
+ host.mac
17
+ host.mac_eui64
18
+ host.mac_local
19
+ host.name
20
+ host.time
21
+ hw.certainty
22
+ hw.cpe23
23
+ hw.device
24
+ hw.family
25
+ hw.model
26
+ hw.product
27
+ hw.serial_number
28
+ hw.series
29
+ hw.vendor
30
+ hw.version
31
+ imail.eval
32
+ jetty.info
33
+ junction.cookie
34
+ junction.name
35
+ lenovo.machine_model
36
+ lenovo.machine_type
37
+ linux.kernel.version
38
+ loadbalancer.poolname
39
+ mdaemon.unregistered
40
+ mercur.os.info
41
+ metainfo.version
42
+ metainfo.version.version
43
+ ms.nttp.version
44
+ notes.build.version
45
+ ntmail.id
46
+ openssh.comment
47
+ openssh.cvepatch
48
+ os.arch
49
+ os.build
50
+ os.certainty
51
+ os.cpe23
52
+ os.device
53
+ os.edition
54
+ os.family
55
+ os.model
56
+ os.product
57
+ os.rev
58
+ os.vendor
59
+ os.version
60
+ os.version.version
61
+ os.version.version.version
62
+ postfix.os.info
63
+ postoffice.build
64
+ postoffice.id
65
+ procurve.model
66
+ proftpd.server.name
67
+ pureftpd.config
68
+ python.version
69
+ qpopper.version
70
+ ruckus.serial_number
71
+ securetransport.build
72
+ sendmail.config.version
73
+ sendmail.hpux.phne.version
74
+ sendmail.vendor.version
75
+ service.certainty
76
+ service.component.cpe23
77
+ service.component.family
78
+ service.component.product
79
+ service.component.vendor
80
+ service.component.version
81
+ service.cpe23
82
+ service.device
83
+ service.edition
84
+ service.family
85
+ service.node
86
+ service.product
87
+ service.protocol
88
+ service.vendor
89
+ service.version
90
+ service.version.version
91
+ service.version.version.version
92
+ service.version.version.version.version
93
+ siemens.model
94
+ snmp.fpmib.oid.1
95
+ snmp.fpmib.oid.2
96
+ system.time
97
+ system.time.format
98
+ system.time.micros
99
+ system.time.millis
100
+ tandberg.model
101
+ thttpd.mx-patch
102
+ tomcat.info
103
+ wd2go.device_id
104
+ zmailer.ident
@@ -22,6 +22,7 @@ Ethernet Adapter
22
22
  Firewall
23
23
  HMI Controller
24
24
  Handheld Scanner
25
+ Hypervisor
25
26
  IP Camera
26
27
  IPS
27
28
  Industrial Control
@@ -45,6 +46,7 @@ Power Relay
45
46
  Powerline
46
47
  Print Server
47
48
  Printer
49
+ Relay Controller
48
50
  Router
49
51
  SD-WAN Appliance
50
52
  SIP Device
@@ -5,17 +5,20 @@ AirPort
5
5
  Apple TV
6
6
  Communication Manager
7
7
  DVR
8
+ Data ONTAP
8
9
  DiskStation
9
10
  Document Centre
10
11
  EDR
11
12
  Extended Systems ExtendNet
12
13
  FRITZ!Box
14
+ FRITZ!Fon
13
15
  FRITZ!Powerline
14
16
  FRITZ!WLAN Repeater
15
17
  FS
16
18
  Firewall-1
17
19
  Forms Printer
18
20
  FortiGate
21
+ FortiVoice
19
22
  GW25
20
23
  GXV
21
24
  GXW
@@ -42,8 +45,11 @@ Multifunction
42
45
  My Book
43
46
  NE
44
47
  NPort
48
+ NetScaler
45
49
  NetVanta
50
+ Netscaler
46
51
  Network Audio
52
+ Network Security Appliance
47
53
  Network Video Door Station
48
54
  Optra
49
55
  Orbi
@@ -59,6 +65,7 @@ Router
59
65
  S500 Range
60
66
  SIP Device
61
67
  SIP Gateway
68
+ SL2100
62
69
  Service Access Switch
63
70
  Service Router
64
71
  Simatic HMI
@@ -79,9 +86,12 @@ TelePresence
79
86
  Time Capsule
80
87
  TippingPoint
81
88
  Turbo Station
89
+ UNIVERGE
82
90
  UniFi
83
91
  Unified Security Gateway
92
+ VDX
84
93
  VSX
94
+ Vigor
85
95
  VoIP
86
96
  WD2GO
87
97
  WiMax
@@ -93,6 +103,7 @@ Xserve
93
103
  ZXDSL
94
104
  ZXHN
95
105
  ZXV
106
+ airMAX
96
107
  iLO
97
108
  iMac
98
109
  iPad
@@ -3,6 +3,7 @@
3
3
  34972A Data Logger
4
4
  3PAR
5
5
  53230A Frequency Counter
6
+ 883 VoIP
6
7
  ADB-4820CD
7
8
  APIC
8
9
  AV Receiver
@@ -19,6 +20,7 @@ Apple TV (2nd generation)
19
20
  Apple TV (3rd generation)
20
21
  Apple TV (4th generation)
21
22
  Apple TV 4K
23
+ Apple TV 4K (2nd generation)
22
24
  Appliance
23
25
  ArchiveTeam Warrior
24
26
  Asset Management
@@ -35,15 +37,19 @@ Catalyst
35
37
  Catalyst 1900
36
38
  Celerra
37
39
  Chromecast
40
+ ClearPass Policy Manager
38
41
  ClickShare
39
42
  CloudKey
40
43
  CommandPost
41
44
  ConnectUPS Web Card
42
45
  Crosswork SON Appliance
46
+ D Series
47
+ DCS-825L
43
48
  DCS-932
44
49
  DD OS
45
50
  DNA Center
46
51
  DSL Router
52
+ Data ONTAP
47
53
  Digital Signage Player
48
54
  Discover
49
55
  Discovery
@@ -57,9 +63,12 @@ EP-series
57
63
  EXA Signal Analyzer
58
64
  Eagle Eye Director II
59
65
  EchoLife Home Gateway
66
+ EdgeRouter X
60
67
  EdgeSwitch
61
68
  Elevation
69
+ Email Security Gateway
62
70
  EqualLogic
71
+ Ethernet Relay Controller
63
72
  Ethernet Relay Module
64
73
  Excella
65
74
  Fastmark M5
@@ -70,9 +79,20 @@ Firewall-1
70
79
  FlexiPacket Hub
71
80
  FortiMail
72
81
  FortiManager
82
+ GXP1610
83
+ GXP1615
84
+ GXP1625
85
+ GXP1628
86
+ GXP2200
73
87
  GigaVUE
74
88
  HDHomeRun
75
89
  HDIPCam
90
+ HT801
91
+ HT802
92
+ HT812
93
+ HT813
94
+ HT814
95
+ HT818
76
96
  HiPer Access Router Card
77
97
  Home Controller
78
98
  Home Gateway
@@ -89,6 +109,7 @@ IP Link Control Processor
89
109
  IP2IR
90
110
  IPMI
91
111
  IVR
112
+ Infinity Controler
92
113
  IntelliSlot Web Card
93
114
  Internet Payment Gateway
94
115
  Internet Phone Adapter
@@ -100,6 +121,7 @@ JetDirect
100
121
  K1000
101
122
  KWS-1043N
102
123
  Key Management
124
+ Key Management Server
103
125
  Lantick Ethernet Relay Controller
104
126
  Lencore Sound Manager 2
105
127
  MDS 9000
@@ -115,6 +137,7 @@ Mac mini (Late 2009)
115
137
  Mac mini (Late 2012)
116
138
  Mac mini (Late 2014)
117
139
  Mac mini (Late 2018)
140
+ Mac mini (M1, 2020)
118
141
  Mac mini (Mid 2007)
119
142
  Mac mini (Mid 2010)
120
143
  Mac mini (Mid 2011)
@@ -132,16 +155,20 @@ MacBook Air (13-inch, Early 2014)
132
155
  MacBook Air (13-inch, Late 2010)
133
156
  MacBook Air (13-inch, Mid 2011)
134
157
  MacBook Air (13-inch, Mid 2012)
158
+ MacBook Air (M1, 2020)
135
159
  MacBook Air (Mid 2009)
136
160
  MacBook Air (Retina, 13-inch, 2018)
137
161
  MacBook Air (Retina, 13-inch, 2019)
162
+ MacBook Air (Retina, 13-inch, 2020)
138
163
  MacBook Pro (13-inch, 2016, Four Thunderbolt 3 ports)
139
164
  MacBook Pro (13-inch, 2016, Two Thunderbolt 3 ports)
140
165
  MacBook Pro (13-inch, 2017, Four Thunderbolt 3 ports)
141
166
  MacBook Pro (13-inch, 2017, Two Thunderbolt 3 ports)
142
167
  MacBook Pro (13-inch, 2018, Four Thunderbolt 3 ports)
143
168
  MacBook Pro (13-inch, 2019, Two Thunderbolt 3 ports)
169
+ MacBook Pro (13-inch, 2020)
144
170
  MacBook Pro (13-inch, Late 2011)
171
+ MacBook Pro (13-inch, M1, 2020)
145
172
  MacBook Pro (13-inch, Mid 2009)
146
173
  MacBook Pro (13-inch, Mid 2010)
147
174
  MacBook Pro (13-inch, Mid 2012)
@@ -153,6 +180,8 @@ MacBook Pro (15-inch, Late 2008)
153
180
  MacBook Pro (15-inch, Late 2011)
154
181
  MacBook Pro (15-inch, Mid 2009)
155
182
  MacBook Pro (15-inch, Mid 2010)
183
+ MacBook Pro (15-inch, Mid 2012)
184
+ MacBook Pro (16-inch, 2019)
156
185
  MacBook Pro (17-inch, Early 2008)
157
186
  MacBook Pro (17-inch, Late 2011)
158
187
  MacBook Pro (17-inch, Mid 2009)
@@ -164,24 +193,32 @@ MacBook Pro (Retina, 15-inch, Early 2013)
164
193
  MacBook Pro (Retina, 15-inch, Late 2013)
165
194
  MacBook Pro (Retina, 15-inch, Mid 2015)
166
195
  Makito X Decoder
196
+ Media Gateway
167
197
  MediaLink Controller
168
198
  MediaSense
169
199
  Meeting Management
170
200
  Meeting Server
171
201
  MegaRAC
202
+ Meraki Device
172
203
  Mercury
173
204
  Mergepoint
174
205
  Miniserver
175
206
  My Book Live
176
207
  N5172B Signal Generator
208
+ NAM
177
209
  NAS4Free
178
210
  NFVIS
179
211
  NPort
212
+ NetScaler Gateway
213
+ NetScaler SDX Gateway
180
214
  NetScreen
181
215
  NetVR
182
216
  Netbox
217
+ Netscaler Gateway
218
+ Network Camera
183
219
  Network Gateway
184
220
  Network Node
221
+ Network Security Appliance
185
222
  Nexus 1000V
186
223
  Nexus Player
187
224
  OfficeConnect Switch
@@ -189,8 +226,10 @@ OnHub
189
226
  OpenManage
190
227
  OpenManage Switch
191
228
  OpenNAC
229
+ Orbi micro
192
230
  Orbit IP Camera
193
231
  PDR M800
232
+ PIAF Virtual Appliance
194
233
  PLAY
195
234
  PLC-5
196
235
  Paragon-100G
@@ -201,6 +240,8 @@ Prime Collaboration Manager
201
240
  Primergy
202
241
  Printer
203
242
  Prosafe Plus
243
+ R Series
244
+ RT31P2
204
245
  RTU
205
246
  Rack PDU Card
206
247
  Raspberry Pi
@@ -210,12 +251,18 @@ ReeCam
210
251
  Roku
211
252
  Room Alert
212
253
  S7 DALI Gateway
254
+ SD-WAN
213
255
  SHIELD
214
256
  SIP Gateway
215
257
  SIParator Firewall
258
+ SL2100
216
259
  SLS
217
260
  SPA
261
+ SPA112
262
+ SPA122
218
263
  SRP
264
+ SV8100
265
+ SV9100
219
266
  ScanFront
220
267
  Scrutinizer
221
268
  Sensor
@@ -230,6 +277,7 @@ SolsticePod
230
277
  SoundPoint
231
278
  Spot
232
279
  Stealthwatch
280
+ Steelhead
233
281
  Storage Appliance
234
282
  Sub
235
283
  Sunny WebBox
@@ -238,6 +286,7 @@ SuperStack 3 Firewall
238
286
  SuperStack II
239
287
  Symmetry EN-2DBC
240
288
  System Management
289
+ TG789vac
241
290
  TelePresence
242
291
  TelePresence MCU
243
292
  Tenable Appliance
@@ -245,13 +294,20 @@ Tenable Core
245
294
  Tetration
246
295
  Time Capsule
247
296
  TouchLink Control Panel
297
+ UCM6202
298
+ UCM6204
299
+ UCM6208
248
300
  UCS Manager
301
+ USG20-VPN
302
+ USG40
303
+ USG60
249
304
  UniFi Cloud Key
250
305
  UniFi NVR
251
306
  UniFi Security Gateway
252
307
  Univerge
253
308
  Universal Media Gateway
254
309
  VBrick Rev
310
+ VPN Gateway
255
311
  Verizon FiOS Router
256
312
  Video Controller
257
313
  Vigor
@@ -259,6 +315,7 @@ Virtual Connect Manager
259
315
  Virtual Traffic Manager
260
316
  Vood
261
317
  WLAN AP
318
+ WNR2000
262
319
  WebBox
263
320
  Whiteboard
264
321
  Wireless Dock
@@ -279,6 +336,8 @@ iCOM Control Panel
279
336
  iDRAC
280
337
  iLO
281
338
  iLO 3
339
+ iLO 4
340
+ iMac (20/24-inch, Early 2008)
282
341
  iMac (21.5-inch, 2017)
283
342
  iMac (21.5-inch, Late 2012)
284
343
  iMac (21.5-inch, Late 2013)
@@ -297,6 +356,7 @@ iMac (Retina 4K, 21.5-inch, 2019)
297
356
  iMac (Retina 4K, 21.5-inch, Late 2015)
298
357
  iMac (Retina 5K, 27-inch, 2017)
299
358
  iMac (Retina 5K, 27-inch, 2019)
359
+ iMac (Retina 5K, 27-inch, 2020)
300
360
  iMac (Retina 5K, 27-inch, Late 2015)
301
361
  iMac (Retina 5K, 27-inch, Mid 2015)
302
362
  iMac Pro (Retina 5K, Late 2017)
@@ -308,7 +368,11 @@ iPad Air (3rd generation)
308
368
  iPad Air 2
309
369
  iPad Pro (10.5-inch)
310
370
  iPad Pro (11-inch)
371
+ iPad Pro (11-inch, 2nd generation)
311
372
  iPad Pro (12.9-inch)
373
+ iPad Pro (12.9-inch, 2nd generation)
374
+ iPad Pro (12.9-inch, 3rd generation)
375
+ iPad Pro (12.9-inch, 4th generation)
312
376
  iPad Pro (9.7-inch)
313
377
  iPad mini
314
378
  iPad mini (5th generation)
@@ -316,6 +380,12 @@ iPad mini 2
316
380
  iPad mini 3
317
381
  iPad mini 4
318
382
  iPhone
383
+ iPhone 11 Pro
384
+ iPhone 11 Pro Max
385
+ iPhone 12 5G
386
+ iPhone 12 Mini 5G
387
+ iPhone 12 Pro 5G
388
+ iPhone 12 Pro Max 5G
319
389
  iPhone 3G
320
390
  iPhone 3GS
321
391
  iPhone 4
@@ -332,6 +402,7 @@ iPhone 7 Plus
332
402
  iPhone 8
333
403
  iPhone 8 Plus
334
404
  iPhone SE
405
+ iPhone SE (2020)
335
406
  iPhone X
336
407
  iPhone XR
337
408
  iPhone XS