RubyGems - recog - Versions diffs - 2.3.18 → 2.3.22 - Mend

recog 2.3.18 → 2.3.22

Files changed (73) hide show

checksums.yaml +4 -4
data/.github/dependabot.yml +8 -0
data/.github/workflows/ci.yml +26 -0
data/.github/workflows/verify.yml +89 -0
data/CONTRIBUTING.md +6 -0
data/README.md +17 -0
data/bin/recog_standardize +33 -12
data/bin/recog_verify +1 -2
data/cpe-remap.yaml +355 -200
data/features/verify.feature +14 -14
data/identifiers/README.md +24 -10
data/identifiers/fields.txt +105 -0
data/identifiers/hw_device.txt +8 -0
data/identifiers/hw_family.txt +19 -0
data/identifiers/hw_product.txt +122 -0
data/identifiers/os_device.txt +2 -1
data/identifiers/os_family.txt +3 -0
data/identifiers/os_product.txt +46 -8
data/identifiers/service_family.txt +10 -1
data/identifiers/service_product.txt +90 -2
data/identifiers/vendor.txt +104 -0
data/lib/recog/db.rb +2 -1
data/lib/recog/fingerprint.rb +18 -5
data/lib/recog/nizer.rb +1 -82
data/lib/recog/verifier.rb +5 -5
data/lib/recog/verifier_factory.rb +3 -3
data/lib/recog/verify_reporter.rb +14 -4
data/lib/recog/version.rb +1 -1
data/requirements.txt +1 -1
data/spec/lib/fingerprint_self_test_spec.rb +1 -0
data/spec/lib/recog/verify_reporter_spec.rb +69 -0
data/tools/dev/hooks/pre-commit +21 -0
data/update_cpes.py +19 -6
data/xml/apache_modules.xml +60 -0
data/xml/apache_os.xml +38 -38
data/xml/dhcp_vendor_class.xml +206 -0
data/xml/dns_versionbind.xml +11 -1
data/xml/favicons.xml +270 -45
data/xml/ftp_banners.xml +89 -64
data/xml/h323_callresp.xml +99 -99
data/xml/hp_pjl_id.xml +3 -3
data/xml/html_title.xml +1051 -62
data/xml/http_cookies.xml +294 -85
data/xml/http_servers.xml +551 -122
data/xml/http_wwwauth.xml +139 -43
data/xml/imap_banners.xml +8 -8
data/xml/ldap_searchresult.xml +1 -0
data/xml/mdns_device-info_txt.xml +720 -27
data/xml/mysql_banners.xml +3 -2
data/xml/nntp_banners.xml +4 -4
data/xml/ntp_banners.xml +79 -65
data/xml/operating_system.xml +6 -6
data/xml/pop_banners.xml +11 -11
data/xml/rsh_resp.xml +3 -3
data/xml/rtsp_servers.xml +7 -0
data/xml/sip_banners.xml +374 -9
data/xml/sip_user_agents.xml +377 -5
data/xml/smb_native_lm.xml +32 -1
data/xml/smb_native_os.xml +160 -33
data/xml/smtp_banners.xml +168 -129
data/xml/smtp_ehlo.xml +1 -1
data/xml/smtp_expn.xml +1 -0
data/xml/smtp_help.xml +10 -10
data/xml/smtp_noop.xml +2 -2
data/xml/smtp_vrfy.xml +1 -0
data/xml/snmp_sysdescr.xml +508 -214
data/xml/snmp_sysobjid.xml +25 -25
data/xml/ssh_banners.xml +145 -29
data/xml/telnet_banners.xml +240 -61
data/xml/tls_jarm.xml +162 -0
data/xml/x509_issuers.xml +237 -2
data/xml/x509_subjects.xml +369 -49
metadata +10 -3

data/xml/smb_native_os.xml CHANGED Viewed

@@ -2,6 +2,9 @@
 <fingerprints matches="smb.native_os" protocol="smb" database_type="util.os">
   <!--
     SMB fingerprints obtained from the Native OS field of SMB negotations
+    NOTE: os.version is used to capture Service Pack for Microsoft Windows.
+          This is inconsistent with other OSs and CPE generation and should
+          be reviewed for correction.
   -->
   <fingerprint pattern="^(Windows NT \d\.\d+)$">
@@ -39,6 +42,14 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:-"/>
   </fingerprint>
+  <fingerprint pattern="^Windows 6.1$">
+    <description>Spoofed value often used by Samba -- assert nothing.</description>
+    <example>Windows 6.1</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
+  </fingerprint>
   <fingerprint pattern="^Windows XP (\d+) (Service Pack \d+)$">
     <description>Windows XP with Service Pack</description>
     <example os.build="2600" os.version="Service Pack 1">Windows XP 2600 Service Pack 1</example>
@@ -195,7 +206,7 @@
   <!-- TODO: Need an example string -->
   <fingerprint pattern="^Windows \(R\) Storage Server 2008 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
-    <description>Windows Web Server 2008 Storage</description>
+    <description>Windows Server 2008 Storage</description>
     <param pos="0" name="os.certainty" value="1.0"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.product" value="Windows Server 2008"/>
@@ -216,8 +227,6 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
   </fingerprint>
-  <!-- TODO: Need an example string -->
   <fingerprint pattern="^Windows Server 2008 HPC Edition (\d+)$">
     <description>Windows Web Server 2008 HPC</description>
     <example>Windows Server 2008 HPC Edition 7600</example>
@@ -257,30 +266,6 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
   </fingerprint>
-  <fingerprint pattern="^Windows Server 2016(?: Technical Preview \d+)? (\w+|\w+ \w+|\w+ \w+ \w+)(?: Evaluation)? (\d+)$">
-    <description>Windows Server 2016 with a build, without service pack</description>
-    <example os.edition="Datacenter" os.build="14393">Windows Server 2016 Datacenter 14393</example>
-    <example os.edition="Standard" os.build="14393">Windows Server 2016 Standard Evaluation 14393</example>
-    <example os.edition="Essentials" os.build="10586">Windows Server 2016 Technical Preview 4 Essentials 10586</example>
-    <param pos="0" name="os.certainty" value="1.0"/>
-    <param pos="0" name="os.vendor" value="Microsoft"/>
-    <param pos="0" name="os.product" value="Windows Server 2016"/>
-    <param pos="1" name="os.edition"/>
-    <param pos="2" name="os.build"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
-  </fingerprint>
-  <fingerprint pattern="^Windows Storage Server 2016 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
-    <description>Windows Server 2016 Storage</description>
-    <example os.build="14393">Windows Storage Server 2016 Standard 14393</example>
-    <param pos="0" name="os.certainty" value="1.0"/>
-    <param pos="0" name="os.vendor" value="Microsoft"/>
-    <param pos="0" name="os.product" value="Windows Server 2016"/>
-    <param pos="0" name="os.edition" value="Storage"/>
-    <param pos="1" name="os.build"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
-  </fingerprint>
   <fingerprint pattern="^Windows Web Server 2008 R2 (\d+) (Service Pack \d+)$">
     <description>Windows Server 2008 R2 Web</description>
     <example os.version="Service Pack 1">Windows Web Server 2008 R2 7601 Service Pack 1</example>
@@ -316,6 +301,81 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
   </fingerprint>
+  <fingerprint pattern="^Hyper-V Server 7601 Service Pack 1$">
+    <description>Windows Server 2008 R2 Hyper-V</description>
+    <example>Hyper-V Server 7601 Service Pack 1</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
+    <param pos="0" name="os.edition" value="Hyper-V"/>
+    <param pos="0" name="os.build" value="7601"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
+  </fingerprint>
+  <!-- Windows 2019 -->
+  <fingerprint pattern="^Windows Server 2019 (\w+|\w+ \w+|\w+ \w+ \w+)(?: Evaluation)? (\d+)$">
+    <description>Windows Server 2019 with a build, without service pack</description>
+    <example os.build="17763" os.edition="Standard">Windows Server 2019 Standard 17763</example>
+    <example os.build="17763" os.edition="Standard">Windows Server 2019 Standard Evaluation 17763</example>
+    <example os.build="17763" os.edition="Datacenter">Windows Server 2019 Datacenter 17763</example>
+    <example os.build="17763" os.edition="Essentials">Windows Server 2019 Essentials 17763</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2019"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2019:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Hyper-V Server 2019  (\d+)$">
+    <description>Windows Server 2019 Hyper-V</description>
+    <example os.build="17763">Hyper-V Server 2019  17763</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2019"/>
+    <param pos="0" name="os.edition" value="Hyper-V"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2019:-"/>
+  </fingerprint>
+  <!-- Windows 2016 -->
+  <fingerprint pattern="^Windows Server 2016(?: Technical Preview \d+)? (\w+|\w+ \w+|\w+ \w+ \w+)(?: Evaluation)? (\d+)$">
+    <description>Windows Server 2016 with a build, without service pack</description>
+    <example os.edition="Datacenter" os.build="14393">Windows Server 2016 Datacenter 14393</example>
+    <example os.edition="Standard" os.build="14393">Windows Server 2016 Standard Evaluation 14393</example>
+    <example os.edition="Essentials" os.build="10586">Windows Server 2016 Technical Preview 4 Essentials 10586</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2016"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Storage Server 2016 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows Server 2016 Storage</description>
+    <example os.build="14393">Windows Storage Server 2016 Standard 14393</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2016"/>
+    <param pos="0" name="os.edition" value="Storage"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Hyper-V Server 2016 (\d+)$">
+    <description>Windows Server 2016 Hyper-V</description>
+    <example os.build="14393">Hyper-V Server 2016 14393</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2016"/>
+    <param pos="0" name="os.edition" value="Hyper-V"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
+  </fingerprint>
   <fingerprint pattern="^Windows Vista \(TM\) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
     <description>Windows Vista (SP)</description>
     <example os.edition="Home Premium" os.version="Service Pack 2">Windows Vista (TM) Home Premium 6002 Service Pack 2</example>
@@ -385,10 +445,9 @@
   <!-- Windows 2012 R2 matches go first to simplify the regular expressions -->
-  <!-- TODO: Need an example string -->
   <fingerprint pattern="^Windows Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
     <description>Windows Server 2012 R2 (SP)</description>
+    <example os.build="9600" os.edition="Standard" os.version="Service Pack 1">Windows Server 2012 R2 Standard 9600 Service Pack 1</example>
     <param pos="0" name="os.certainty" value="1.0"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
@@ -400,7 +459,7 @@
   <fingerprint pattern="^Windows Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
     <description>Windows Server 2012 R2</description>
-    <example os.edition="Standard">Windows Server 2012 R2 Standard 9600</example>
+    <example os.build="9600" os.edition="Standard">Windows Server 2012 R2 Standard 9600</example>
     <param pos="0" name="os.certainty" value="1.0"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
@@ -409,10 +468,35 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
   </fingerprint>
-  <!-- TODO: Need an example string -->
+  <fingerprint pattern="^Windows Storage Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows Server 2012 R2 Storage</description>
+    <example os.build="9600" os.edition="Standard">Windows Storage Server 2012 R2 Standard 9600</example>
+    <example os.build="9600" os.edition="Workgroup">Windows Storage Server 2012 R2 Workgroup 9600</example>
+    <example os.build="9600" os.edition="Essentials">Windows Storage Server 2012 R2 Essentials 9600</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Hyper-V Server 2012 R2 (\d+)$">
+    <description>Windows Server 2012 R2 Hyper-V</description>
+    <example os.build="9600">Hyper-V Server 2012 R2 9600</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
+    <param pos="0" name="os.edition" value="Hyper-V"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
+  </fingerprint>
+  <!-- Windows 2012 -->
   <fingerprint pattern="^Windows Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
     <description>Windows Server 2012 (SP)</description>
+    <example os.build="9200" os.edition="Standard" os.version="Service Pack 1">Windows Server 2012 Standard 9200 Service Pack 1</example>
     <param pos="0" name="os.certainty" value="1.0"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.product" value="Windows Server 2012"/>
@@ -433,6 +517,29 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
   </fingerprint>
+  <fingerprint pattern="^Windows Storage Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows Server 2012 Storage</description>
+    <example os.build="9200" os.edition="Standard">Windows Storage Server 2012 Standard 9200</example>
+    <example os.build="9200" os.edition="Workgroup">Windows Storage Server 2012 Workgroup 9200</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Hyper-V Server 2012 (\d+)$">
+    <description>Windows Server 2012 Hyper-V</description>
+    <example os.build="9200">Hyper-V Server 2012 9200</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012"/>
+    <param pos="0" name="os.edition" value="Hyper-V"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
+  </fingerprint>
   <fingerprint pattern="^Windows MultiPoint Server 2012 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
     <description>Windows MultiPoint Server 2012 (SP)</description>
     <example os.build="9201" os.version="Service Pack 1">Windows MultiPoint Server 2012 Premium 9201 Service Pack 1</example>
@@ -487,7 +594,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_10:-"/>
   </fingerprint>
-  <fingerprint pattern="^VxWorks">
+  <fingerprint pattern="^VxWorks$">
     <description>VxWorks</description>
     <example>VxWorks</example>
     <param pos="0" name="os.certainty" value="0.5"/>
@@ -498,9 +605,10 @@
     <param pos="0" name="service.product" value="VxWorks CIFS"/>
   </fingerprint>
-  <fingerprint pattern="^OS/400 \D(\d+)\D(\d+)\D(\d+)">
+  <fingerprint pattern="^OS/?400 \D(\d+)\D(\d+)\D(\d+)$">
     <description>OS/400</description>
     <example os.version="4" os.version.version="5" os.version.version.version="0">OS/400 V4R5M0</example>
+    <example os.version="5" os.version.version="4" os.version.version.version="5">OS400 V5R4M5</example>
     <param pos="0" name="os.vendor" value="IBM"/>
     <param pos="0" name="os.product" value="OS/400"/>
     <param pos="1" name="os.version"/>
@@ -509,6 +617,17 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:{os.version}"/>
   </fingerprint>
+  <fingerprint pattern="^I5OS \D(\d+)\D(\d+)\D(\d+)$">
+    <description>IBM i5/OS</description>
+    <example os.version="6" os.version.version="1" os.version.version.version="1">I5OS V6R1M1</example>
+    <param pos="0" name="os.vendor" value="IBM"/>
+    <param pos="0" name="os.product" value="i5/OS"/>
+    <param pos="1" name="os.version"/>
+    <param pos="2" name="os.version.version"/>
+    <param pos="3" name="os.version.version.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:ibm:i5os:{os.version}"/>
+  </fingerprint>
   <fingerprint pattern="^Apple Base Station$">
     <description>SMB exposed via SMB shared USB disks on Apple devices</description>
     <example>Apple Base Station</example>
@@ -538,6 +657,14 @@
     <param pos="0" name="service.vendor" value="Netreon"/>
   </fingerprint>
+  <fingerprint pattern="^QTS$">
+    <description>QNAP QTS</description>
+    <example>QTS</example>
+    <param pos="0" name="os.vendor" value="QNAP"/>
+    <param pos="0" name="os.product" value="QTS"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:qnap:qts:-"/>
+  </fingerprint>
   <!-- VisionFS -->
   <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)ai(\d{4})">