RubyGems - recog - Versions diffs - 2.3.18 → 2.3.19 - Mend

recog 2.3.18 → 2.3.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

checksums.yaml +4 -4
data/.github/workflows/ci.yml +26 -0
data/cpe-remap.yaml +11 -0
data/identifiers/hw_device.txt +2 -0
data/identifiers/hw_family.txt +6 -0
data/identifiers/hw_product.txt +59 -0
data/identifiers/os_device.txt +2 -0
data/identifiers/os_family.txt +1 -0
data/identifiers/os_product.txt +25 -0
data/identifiers/service_family.txt +3 -0
data/identifiers/service_product.txt +27 -0
data/identifiers/vendor.txt +33 -0
data/lib/recog/version.rb +1 -1
data/update_cpes.py +3 -3
data/xml/favicons.xml +108 -0
data/xml/ftp_banners.xml +2 -1
data/xml/html_title.xml +156 -1
data/xml/http_cookies.xml +85 -0
data/xml/http_servers.xml +120 -1
data/xml/http_wwwauth.xml +8 -0
data/xml/mdns_device-info_txt.xml +308 -10
data/xml/ntp_banners.xml +9 -1
data/xml/rtsp_servers.xml +7 -0
data/xml/sip_banners.xml +344 -8
data/xml/sip_user_agents.xml +317 -4
data/xml/smb_native_lm.xml +32 -1
data/xml/smb_native_os.xml +157 -33
data/xml/snmp_sysdescr.xml +129 -1
data/xml/ssh_banners.xml +118 -11
data/xml/telnet_banners.xml +25 -1
data/xml/tls_jarm.xml +139 -0
data/xml/x509_issuers.xml +16 -0
data/xml/x509_subjects.xml +72 -0
metadata +4 -2

data/identifiers/service_family.txt CHANGED Viewed

@@ -140,6 +140,7 @@ OzymanDNS
 PBX
 PHP
 PWS
+Phabricator
 Pi-hole
 Post.Office
 Postfix
@@ -187,6 +188,7 @@ Tomcat
 Tornado
 Twisted
 Twisted Web
+UPnP
 UTM
 UltraDNS
 Unbound
@@ -221,6 +223,7 @@ Wing FTP
 ZMailer
 Zope
 ZyWALL
+Zywall
 djbdns
 ePolicy Orchestrator
 emHTTPD

data/identifiers/service_product.txt CHANGED Viewed

@@ -14,6 +14,7 @@ Abyss Web Server X1
 Active Directory Controller
 Active Intelligence Engine
 ActiveMQ
+AdGuard Home
 AirTunes
 Airflow
 Alteon Web Switch
@@ -40,6 +41,7 @@ Bigfoot Email Tools
 BlackJumboDog
 BladeSystems
 Boa
+Bugzilla
 CCProxy
 CMS
 CMS400.NET
@@ -50,17 +52,23 @@ CUPS
 CacheServe
 Caddy
 CakePHP
+Calibre-Web
 CallPilot
 Celerra
 CentOS Directory Server
 CentOS Web Panel
+Cherokee
 CherryPy
 Chronograf
+ClearPass Policy Manager
+Cloud C2
 CloudFlare Load Balancer
 CloudFront Load Balancer
+Cobalt Strike Listener
 CockroachDB
 Code Review
 ColdFusion
+Collaboration Server
 Commerce Server
 Communication Broker
 Communigate Pro
@@ -88,11 +96,13 @@ Data Connection Directory
 Deploy
 Desktop
 Desktop Authority
+Desktop Central
 Device Manager
 Director
 Directory Server
 Dnsmasq
 DocuWiki
+Dokuwiki
 Domain Time II
 Domino LDAP Server
 Dovecot
@@ -131,8 +141,10 @@ Firewall-1
 Flink
 Flower
 Flussonic Media Server
+FortiVoice
 FortressSSH Server
 FreSSH
+FreeSWITCH
 GHost
 GNAT Box
 GStreamer RTSP Server
@@ -141,6 +153,7 @@ GitLab
 Gitea
 GlassFish Server
 GoAhead Webserver
+Gogs
 Google Front End
 Google Web Services
 Grafana
@@ -198,6 +211,7 @@ Jira
 Joom!Fish
 KM FTPD
 KM-MFP-HTTP
+Kamailio
 Kangle
 Kerio Connect
 Kerio Control
@@ -237,15 +251,18 @@ MaxScale
 Media Server
 MediaSense
 Mercury Mail Transport System
+Merlin
 Messaging Gateway
 Messaging Server
 MetaDirectory Server
+Metabase
 Metasploit
 MiniDLNA
 MiniUPnP
 MobaXterm
 Mongoose
 Mongrel
+Monit
 Moodle
 MultiNet
 Multicraft
@@ -292,10 +309,13 @@ Open Directory
 Open Stack Platform Director
 OpenAdStream
 OpenEdge Explorer
+OpenFire
 OpenLDAP
 OpenManage
 OpenMediaVault
 OpenResty
+OpenSER
+OpenSIPS
 OpenSMTPD
 OpenSSH
 OpenText Exceed
@@ -303,6 +323,7 @@ OpenVMS
 OpenVPN Access Server
 OpenView
 Oracle Application Server Containers
+Orion Platform
 Outlook Web Access
 OzymanDNS
 PA Firewall
@@ -314,6 +335,7 @@ PWS
 Paramiko
 Percona Server
 Perl
+Phabricator
 Phusion Passenger
 Pi-hole
 Platform Services Controller
@@ -326,6 +348,7 @@ PowerMTA
 ProFTPD
 ProRat
 Prometheus
+Proxmox
 Proxy
 Proxygen
 Pulse Connect Secure
@@ -369,6 +392,7 @@ SSH Secure Shell
 SSH Server
 SSH Tectia Server
 SSL-VPN
+STARFACE PBX
 STUN Server
 SWAT
 Samba
@@ -421,6 +445,7 @@ Tivoli Access Manager for e-business WebSEAL
 Tivoli Storage FlashCopy Manager
 Tivoli Storage Manager
 Tomcat
+Tor
 Tornado
 Twisted FTPD
 Twisted Web
@@ -483,10 +508,12 @@ Xvnc
 ZMailer
 Zabbix
 Zimbra
+Zimbra Collaboration Suite
 Zing Vision
 Zope
 alphapd
 axTLS
+bashttpd
 bsnmpd
 cPanel
 cPanel Service Daemon

data/identifiers/vendor.txt CHANGED Viewed

@@ -2,6 +2,7 @@
 8x8 Inc.
 A.K.I Software
 ACME
+ACT Security
 ADB
 ADC
 ADTRAN
@@ -22,12 +23,14 @@ AT&T Worldworx
 ATEN
 ATG
 ATL Telecom Limited
+ATT
 AVM
 AVT
 AVTECH
 AXIS
 Aastra
 Accelerated Technology
+AdGuard
 Adaptec
 Adobe
 Adtran
@@ -77,6 +80,7 @@ AudioCodes
 Avaya
 Avery Dennison
 Avigilon
+Avleen Vig
 Avocent
 Axis
 Axonius
@@ -110,6 +114,7 @@ CDVI
 CSM
 Cabletron
 CaddyServer
+Calibre-Web Project
 Calient
 Calnex
 Cambium Networks
@@ -126,6 +131,7 @@ Cesanta
 Chainpoint
 Check Point
 Checkpoint
+Cherokee Project
 CherryPy
 Ciena
 Cintech Tele-Management
@@ -159,6 +165,7 @@ Crestron
 Critical Path
 CrushFTP
 CrystalVoice Communications
+Cumulus
 Cyberoam
 D J Bernstein
 D-Link
@@ -176,11 +183,13 @@ Debian
 Dell
 Deutsche Telekom
 Device42
+Dialogic
 Digi
 Digitronic Computersysteme GmbH
 Digium
 DirectLOGIC
 DocuWiki
+Dokuwiki
 Double Precision
 Dovecot
 Dr. Neuhaus Mikroelektronik
@@ -238,6 +247,7 @@ Foundry
 Foundry Networks
 FreeBSD
 FreePBX
+FreeSWITCH
 Fuji Xerox
 Fujitsu
 Fujitsu Siemens
@@ -261,6 +271,7 @@ GitLab
 Gitea
 Global Technology Associates
 GlobalScape
+Gogs
 Google
 Gordano
 Grafana
@@ -277,6 +288,7 @@ HP
 HPE
 Hadoop
 Haivision
+Hak5
 Hanwha Techwin
 HashiCorp
 Hauni Elektronik
@@ -298,6 +310,7 @@ ISC
 ISDN Communications
 ITO Communications
 Idea
+Ignite Realtime
 ImageCom
 Imagistics
 Inari Inc.
@@ -314,6 +327,7 @@ Inveo
 Ipswitch
 Isilon
 Jamf
+Jellyfin
 Jenkins
 JetBrains
 Juniper
@@ -352,6 +366,7 @@ LibreNMS
 Liebert
 Lifesize
 LigoWave
+Ligowave
 Linksys
 Linux
 LiteSpeed Technologies
@@ -385,8 +400,10 @@ Mercury Security
 Merit LILIN
 Mersive
 MetaInfo
+Metabase
 MiBridge Inc.
 Michael Tokarev
+MicroStrategy
 Microplex
 Microsoft
 MikroTik
@@ -401,6 +418,7 @@ Mort Bay
 Motion Media Technology
 Motorola
 Moxa
+Mozilla
 MultiTech
 Multicraft
 Munin
@@ -453,6 +471,8 @@ OpenLDAP
 OpenMediaVault
 OpenNAC
 OpenResty
+OpenSER
+OpenSIPS
 OpenSUSE
 OpenStack
 OpenVMS
@@ -464,6 +484,7 @@ Oracle
 Overland
 Oversee
 PHP
+PIAF
 PLD
 PRTG
 Pagoo, Inc.
@@ -476,7 +497,9 @@ Paradyne
 Parallels
 Paramiko
 Paul Smith Computer Services
+Pelco
 Percona
+Phacility
 Philips
 Philips Video Conferencing Systems
 Pi-hole
@@ -498,6 +521,7 @@ Process Software
 Progress
 Prometheus
 Pronet
+Proxmox
 Pulse Secure
 Pure Storage
 PureFTPd
@@ -527,6 +551,7 @@ Rhino Software
 Ricoh
 Ridgeway Systems and Software
 Rifatron
+Riverbed
 Riverstone
 Rockliffe
 Rockwell Automation
@@ -550,6 +575,7 @@ SMA Solar Technology Ag
 SMC Networks
 SPIP
 SSH Communications Security
+STARFACE GmhH
 SUSE
 SafeNet
 Samba
@@ -605,6 +631,7 @@ StarNet Communications Corp.
 StarVox, Inc.
 StartCom
 Steinsvik
+Strategic Cyber LLC
 StreamComm
 SuSE
 Sun
@@ -616,6 +643,7 @@ Symantec
 Symbol
 Symbol Technologies Inc.
 Symplified
+Synacor
 Syndeo Corp.
 Synology
 SysMaster Corporation
@@ -629,6 +657,7 @@ TYPO3
 Tandberg
 Taobao
 Tasman Networks
+Technicolor
 Tektronix
 Teldat H. Kruszynski, M. Cichocki Sp. J.
 TeleStream Technologies, Inc.
@@ -641,12 +670,14 @@ Thekelleys
 Thomson
 TigerVNC
 TightVNC
+Tildeslash
 Tilgin
 Tintro
 Tinyproxy Project
 Tivo
 Tobit Software
 Tokutek
+Tor Project
 TornadoWeb
 Toshiba
 Treck
@@ -707,6 +738,7 @@ Xitami
 Xlight
 Xubuntu
 Xyplex
+Xytronix
 Yamaha
 Yealink
 Yocto
@@ -738,6 +770,7 @@ noVNC
 ownCloud
 pfSense
 port25
+proxmox
 qmail
 rPath
 vsFTPd Project

data/lib/recog/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Recog
-  VERSION = '2.3.18'
+  VERSION = '2.3.19'
 end

data/update_cpes.py CHANGED Viewed

@@ -190,7 +190,7 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
                     continue
                 vendor = vendor.lower().replace(' ', '_').replace(',', '')
-                product = product.lower().replace(' ', '_').replace(',', '')
+                product = product.lower().replace(' ', '_').replace(',', '').replace('!', '%21')
                 if 'unknown' in [vendor, product]:
                     continue
@@ -209,8 +209,8 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
                     continue
                 # building the CPE string
-                # Last minute escaping of '/'
-                product = product.replace('/', '\/')
+                # Last minute escaping of '/' and `!`
+                product = product.replace('/', '\/').replace('%21', '\!')
                 cpe_value = 'cpe:/{}:{}:{}'.format(cpe_type, vendor, product)
                 if version:

data/xml/favicons.xml CHANGED Viewed

@@ -6,6 +6,30 @@
   <!-- Services -->
+  <fingerprint pattern="^4297c114f263c206ed12aaff4b0c7a50|e5af3b68e837498a85b25ef2c36a0825$">
+    <description>Metabase</description>
+    <example>4297c114f263c206ed12aaff4b0c7a50</example>
+    <example>e5af3b68e837498a85b25ef2c36a0825</example>
+    <param pos="0" name="service.product" value="Metabase"/>
+    <param pos="0" name="service.vendor" value="Metabase"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:metabase:metabase:-"/>
+  </fingerprint>
+  <fingerprint pattern="^14bd519881ea49a75353572cfb458dec$">
+    <description>Calibre-Web Project</description>
+    <example>14bd519881ea49a75353572cfb458dec</example>
+    <param pos="0" name="service.vendor" value="Calibre-Web Project"/>
+    <param pos="0" name="service.product" value="Calibre-Web"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:calibre-web_project:calibre-web:-"/>
+  </fingerprint>
+  <fingerprint pattern="^d2cef6047a604012455f5c9a1cd4d960$">
+    <description>Jellyfin Media Server</description>
+    <example>d2cef6047a604012455f5c9a1cd4d960</example>
+    <param pos="0" name="service.vendor" value="Jellyfin"/>
+    <param pos="0" name="service.product" value="Media Server"/>
+  </fingerprint>
   <fingerprint pattern="^0f584138aacfb79aaba7e2539fc4e642$">
     <description>Plex Media Server</description>
     <example>0f584138aacfb79aaba7e2539fc4e642</example>
@@ -194,6 +218,16 @@
     <param pos="0" name="service.vendor" value="SolarWinds"/>
     <param pos="0" name="service.product" value="Virtualization Manager"/>
     <param pos="0" name="service.certainty" value="0.5"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:virtualization_manager:-"/>
+  </fingerprint>
+  <fingerprint pattern="^53317933c27890ae9218697ecc0e97d9$">
+    <description>SolarWinds Orion</description>
+    <example>53317933c27890ae9218697ecc0e97d9</example>
+    <param pos="0" name="service.vendor" value="SolarWinds"/>
+    <param pos="0" name="service.product" value="Orion Platform"/>
+    <param pos="0" name="service.certainty" value="0.5"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:orion_platform:-"/>
   </fingerprint>
   <fingerprint pattern="^ee20526df4d69f7b02ee107458d8d679$">
@@ -813,6 +847,14 @@
     <param pos="0" name="service.certainty" value="0.5"/>
   </fingerprint>
+  <fingerprint pattern="^ad4de5c717c886a99c4cf0e066e9b461$">
+    <description>MicroStrategy Collaboration Server</description>
+    <example>ad4de5c717c886a99c4cf0e066e9b461</example>
+    <param pos="0" name="service.vendor" value="MicroStrategy"/>
+    <param pos="0" name="service.product" value="Collaboration Server"/>
+    <param pos="0" name="service.certainty" value="0.5"/>
+  </fingerprint>
   <!-- Devices -->
   <fingerprint pattern="^2fd26da3d6b790a86038f440d5b37eea$">
@@ -1714,6 +1756,64 @@
     <param pos="0" name="os.certainty" value="0.5"/>
   </fingerprint>
+  <fingerprint pattern="^ed61e4c9e9a176e82734aa42c6a00ce4|0dc6bff9bdabf1184c157d75ac73c22a$">
+    <description>Lifesize TelePresence</description>
+    <example>ed61e4c9e9a176e82734aa42c6a00ce4</example>
+    <example>0dc6bff9bdabf1184c157d75ac73c22a</example>
+    <param pos="0" name="hw.vendor" value="Lifesize"/>
+    <param pos="0" name="hw.device" value="Video Conferencing"/>
+    <param pos="0" name="hw.product" value="TelePresence"/>
+    <param pos="0" name="os.vendor" value="Lifesize"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="TelePresence"/>
+    <param pos="0" name="os.device" value="Video Conferencing"/>
+  </fingerprint>
+  <fingerprint pattern="^45e72b45613ba6ec2a1ded251a31f201$">
+    <description>Symantec PGP Key Management Server</description>
+    <example>45e72b45613ba6ec2a1ded251a31f201</example>
+    <param pos="0" name="hw.vendor" value="Symantec"/>
+    <param pos="0" name="hw.device" value="Security Appliance"/>
+    <param pos="0" name="hw.product" value="Key Management Server"/>
+  </fingerprint>
+  <fingerprint pattern="^302fe34dc0e9515e2d0509ff5f3217e5|8565497731f799fdd25ae59286807055$">
+    <description>Riverbed Steelhead Appliance</description>
+    <example>302fe34dc0e9515e2d0509ff5f3217e5</example>
+    <example>8565497731f799fdd25ae59286807055</example>
+    <param pos="0" name="hw.vendor" value="Riverbed"/>
+    <param pos="0" name="hw.device" value="Security Appliance"/>
+    <param pos="0" name="hw.product" value="Steelhead"/>
+    <param pos="0" name="os.product" value="RiOS"/>
+    <param pos="0" name="os.vendor" value="Riverbed"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:riverbed:rios:-"/>
+  </fingerprint>
+  <fingerprint pattern="^d29a1ef8a3d0011504f5d076600ce16d$">
+    <description>Silver Peak Appliance</description>
+    <example>d29a1ef8a3d0011504f5d076600ce16d</example>
+    <param pos="0" name="hw.vendor" value="Silver Peak"/>
+    <param pos="0" name="hw.device" value="Network Appliance"/>
+    <param pos="0" name="hw.product" value="SD-WAN"/>
+  </fingerprint>
+  <fingerprint pattern="^425515e283192a3a686c04e1c50620aa$">
+    <description>Cisco Meraki Appliance</description>
+    <example>425515e283192a3a686c04e1c50620aa</example>
+    <param pos="0" name="hw.vendor" value="Cisco"/>
+    <param pos="0" name="hw.product" value="Meraki Device"/>
+    <param pos="0" name="hw.device" value="Network Appliance"/>
+    <param pos="0" name="hw.certainty" value="0.40"/>
+  </fingerprint>
+  <fingerprint pattern="^f5c62ea4c4e9f9a8606400becc01375e$">
+    <description>PBX in a Flash</description>
+    <example>f5c62ea4c4e9f9a8606400becc01375e</example>
+    <param pos="0" name="hw.vendor" value="PIAF"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.product" value="PIAF Virtual Appliance"/>
+  </fingerprint>
   <fingerprint pattern="^7b73744799150c888a172daf3d7093bf$">
     <description>Pure Storage Appliance</description>
     <example>7b73744799150c888a172daf3d7093bf</example>
@@ -1723,4 +1823,12 @@
     <param pos="0" name="hw.certainty" value="0.5"/>
   </fingerprint>
+  <fingerprint pattern="^1b786be7a46bd96a503a81b7faf86263$">
+    <description>AdGuard Home</description>
+    <example>1b786be7a46bd96a503a81b7faf86263</example>
+    <param pos="0" name="service.vendor" value="AdGuard"/>
+    <param pos="0" name="service.product" value="AdGuard Home"/>
+    <param pos="0" name="service.certainty" value="0.5"/>
+  </fingerprint>
 </fingerprints>