recog 2.3.18 → 2.3.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (73) hide show
  1. checksums.yaml +4 -4
  2. data/.github/dependabot.yml +8 -0
  3. data/.github/workflows/ci.yml +26 -0
  4. data/.github/workflows/verify.yml +89 -0
  5. data/CONTRIBUTING.md +6 -0
  6. data/README.md +17 -0
  7. data/bin/recog_standardize +33 -12
  8. data/bin/recog_verify +1 -2
  9. data/cpe-remap.yaml +355 -200
  10. data/features/verify.feature +14 -14
  11. data/identifiers/README.md +24 -10
  12. data/identifiers/fields.txt +105 -0
  13. data/identifiers/hw_device.txt +8 -0
  14. data/identifiers/hw_family.txt +19 -0
  15. data/identifiers/hw_product.txt +122 -0
  16. data/identifiers/os_device.txt +2 -1
  17. data/identifiers/os_family.txt +3 -0
  18. data/identifiers/os_product.txt +46 -8
  19. data/identifiers/service_family.txt +10 -1
  20. data/identifiers/service_product.txt +90 -2
  21. data/identifiers/vendor.txt +104 -0
  22. data/lib/recog/db.rb +2 -1
  23. data/lib/recog/fingerprint.rb +18 -5
  24. data/lib/recog/nizer.rb +1 -82
  25. data/lib/recog/verifier.rb +5 -5
  26. data/lib/recog/verifier_factory.rb +3 -3
  27. data/lib/recog/verify_reporter.rb +14 -4
  28. data/lib/recog/version.rb +1 -1
  29. data/requirements.txt +1 -1
  30. data/spec/lib/fingerprint_self_test_spec.rb +1 -0
  31. data/spec/lib/recog/verify_reporter_spec.rb +69 -0
  32. data/tools/dev/hooks/pre-commit +21 -0
  33. data/update_cpes.py +19 -6
  34. data/xml/apache_modules.xml +60 -0
  35. data/xml/apache_os.xml +38 -38
  36. data/xml/dhcp_vendor_class.xml +206 -0
  37. data/xml/dns_versionbind.xml +11 -1
  38. data/xml/favicons.xml +270 -45
  39. data/xml/ftp_banners.xml +89 -64
  40. data/xml/h323_callresp.xml +99 -99
  41. data/xml/hp_pjl_id.xml +3 -3
  42. data/xml/html_title.xml +1051 -62
  43. data/xml/http_cookies.xml +294 -85
  44. data/xml/http_servers.xml +551 -122
  45. data/xml/http_wwwauth.xml +139 -43
  46. data/xml/imap_banners.xml +8 -8
  47. data/xml/ldap_searchresult.xml +1 -0
  48. data/xml/mdns_device-info_txt.xml +720 -27
  49. data/xml/mysql_banners.xml +3 -2
  50. data/xml/nntp_banners.xml +4 -4
  51. data/xml/ntp_banners.xml +79 -65
  52. data/xml/operating_system.xml +6 -6
  53. data/xml/pop_banners.xml +11 -11
  54. data/xml/rsh_resp.xml +3 -3
  55. data/xml/rtsp_servers.xml +7 -0
  56. data/xml/sip_banners.xml +374 -9
  57. data/xml/sip_user_agents.xml +377 -5
  58. data/xml/smb_native_lm.xml +32 -1
  59. data/xml/smb_native_os.xml +160 -33
  60. data/xml/smtp_banners.xml +168 -129
  61. data/xml/smtp_ehlo.xml +1 -1
  62. data/xml/smtp_expn.xml +1 -0
  63. data/xml/smtp_help.xml +10 -10
  64. data/xml/smtp_noop.xml +2 -2
  65. data/xml/smtp_vrfy.xml +1 -0
  66. data/xml/snmp_sysdescr.xml +508 -214
  67. data/xml/snmp_sysobjid.xml +25 -25
  68. data/xml/ssh_banners.xml +145 -29
  69. data/xml/telnet_banners.xml +240 -61
  70. data/xml/tls_jarm.xml +162 -0
  71. data/xml/x509_issuers.xml +237 -2
  72. data/xml/x509_subjects.xml +369 -49
  73. metadata +10 -3
@@ -2,6 +2,9 @@
2
2
  <fingerprints matches="smb.native_os" protocol="smb" database_type="util.os">
3
3
  <!--
4
4
  SMB fingerprints obtained from the Native OS field of SMB negotations
5
+ NOTE: os.version is used to capture Service Pack for Microsoft Windows.
6
+ This is inconsistent with other OSs and CPE generation and should
7
+ be reviewed for correction.
5
8
  -->
6
9
 
7
10
  <fingerprint pattern="^(Windows NT \d\.\d+)$">
@@ -39,6 +42,14 @@
39
42
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:-"/>
40
43
  </fingerprint>
41
44
 
45
+ <fingerprint pattern="^Windows 6.1$">
46
+ <description>Spoofed value often used by Samba -- assert nothing.</description>
47
+ <example>Windows 6.1</example>
48
+ <param pos="0" name="hw.certainty" value="0.0"/>
49
+ <param pos="0" name="os.certainty" value="0.0"/>
50
+ <param pos="0" name="service.certainty" value="0.0"/>
51
+ </fingerprint>
52
+
42
53
  <fingerprint pattern="^Windows XP (\d+) (Service Pack \d+)$">
43
54
  <description>Windows XP with Service Pack</description>
44
55
  <example os.build="2600" os.version="Service Pack 1">Windows XP 2600 Service Pack 1</example>
@@ -195,7 +206,7 @@
195
206
  <!-- TODO: Need an example string -->
196
207
 
197
208
  <fingerprint pattern="^Windows \(R\) Storage Server 2008 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
198
- <description>Windows Web Server 2008 Storage</description>
209
+ <description>Windows Server 2008 Storage</description>
199
210
  <param pos="0" name="os.certainty" value="1.0"/>
200
211
  <param pos="0" name="os.vendor" value="Microsoft"/>
201
212
  <param pos="0" name="os.product" value="Windows Server 2008"/>
@@ -216,8 +227,6 @@
216
227
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
217
228
  </fingerprint>
218
229
 
219
- <!-- TODO: Need an example string -->
220
-
221
230
  <fingerprint pattern="^Windows Server 2008 HPC Edition (\d+)$">
222
231
  <description>Windows Web Server 2008 HPC</description>
223
232
  <example>Windows Server 2008 HPC Edition 7600</example>
@@ -257,30 +266,6 @@
257
266
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
258
267
  </fingerprint>
259
268
 
260
- <fingerprint pattern="^Windows Server 2016(?: Technical Preview \d+)? (\w+|\w+ \w+|\w+ \w+ \w+)(?: Evaluation)? (\d+)$">
261
- <description>Windows Server 2016 with a build, without service pack</description>
262
- <example os.edition="Datacenter" os.build="14393">Windows Server 2016 Datacenter 14393</example>
263
- <example os.edition="Standard" os.build="14393">Windows Server 2016 Standard Evaluation 14393</example>
264
- <example os.edition="Essentials" os.build="10586">Windows Server 2016 Technical Preview 4 Essentials 10586</example>
265
- <param pos="0" name="os.certainty" value="1.0"/>
266
- <param pos="0" name="os.vendor" value="Microsoft"/>
267
- <param pos="0" name="os.product" value="Windows Server 2016"/>
268
- <param pos="1" name="os.edition"/>
269
- <param pos="2" name="os.build"/>
270
- <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
271
- </fingerprint>
272
-
273
- <fingerprint pattern="^Windows Storage Server 2016 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
274
- <description>Windows Server 2016 Storage</description>
275
- <example os.build="14393">Windows Storage Server 2016 Standard 14393</example>
276
- <param pos="0" name="os.certainty" value="1.0"/>
277
- <param pos="0" name="os.vendor" value="Microsoft"/>
278
- <param pos="0" name="os.product" value="Windows Server 2016"/>
279
- <param pos="0" name="os.edition" value="Storage"/>
280
- <param pos="1" name="os.build"/>
281
- <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
282
- </fingerprint>
283
-
284
269
  <fingerprint pattern="^Windows Web Server 2008 R2 (\d+) (Service Pack \d+)$">
285
270
  <description>Windows Server 2008 R2 Web</description>
286
271
  <example os.version="Service Pack 1">Windows Web Server 2008 R2 7601 Service Pack 1</example>
@@ -316,6 +301,81 @@
316
301
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
317
302
  </fingerprint>
318
303
 
304
+ <fingerprint pattern="^Hyper-V Server 7601 Service Pack 1$">
305
+ <description>Windows Server 2008 R2 Hyper-V</description>
306
+ <example>Hyper-V Server 7601 Service Pack 1</example>
307
+ <param pos="0" name="os.certainty" value="1.0"/>
308
+ <param pos="0" name="os.vendor" value="Microsoft"/>
309
+ <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
310
+ <param pos="0" name="os.edition" value="Hyper-V"/>
311
+ <param pos="0" name="os.build" value="7601"/>
312
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
313
+ </fingerprint>
314
+
315
+ <!-- Windows 2019 -->
316
+
317
+ <fingerprint pattern="^Windows Server 2019 (\w+|\w+ \w+|\w+ \w+ \w+)(?: Evaluation)? (\d+)$">
318
+ <description>Windows Server 2019 with a build, without service pack</description>
319
+ <example os.build="17763" os.edition="Standard">Windows Server 2019 Standard 17763</example>
320
+ <example os.build="17763" os.edition="Standard">Windows Server 2019 Standard Evaluation 17763</example>
321
+ <example os.build="17763" os.edition="Datacenter">Windows Server 2019 Datacenter 17763</example>
322
+ <example os.build="17763" os.edition="Essentials">Windows Server 2019 Essentials 17763</example>
323
+ <param pos="0" name="os.certainty" value="1.0"/>
324
+ <param pos="0" name="os.vendor" value="Microsoft"/>
325
+ <param pos="0" name="os.product" value="Windows Server 2019"/>
326
+ <param pos="1" name="os.edition"/>
327
+ <param pos="2" name="os.build"/>
328
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2019:-"/>
329
+ </fingerprint>
330
+
331
+ <fingerprint pattern="^Hyper-V Server 2019 (\d+)$">
332
+ <description>Windows Server 2019 Hyper-V</description>
333
+ <example os.build="17763">Hyper-V Server 2019 17763</example>
334
+ <param pos="0" name="os.certainty" value="1.0"/>
335
+ <param pos="0" name="os.vendor" value="Microsoft"/>
336
+ <param pos="0" name="os.product" value="Windows Server 2019"/>
337
+ <param pos="0" name="os.edition" value="Hyper-V"/>
338
+ <param pos="1" name="os.build"/>
339
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2019:-"/>
340
+ </fingerprint>
341
+
342
+ <!-- Windows 2016 -->
343
+
344
+ <fingerprint pattern="^Windows Server 2016(?: Technical Preview \d+)? (\w+|\w+ \w+|\w+ \w+ \w+)(?: Evaluation)? (\d+)$">
345
+ <description>Windows Server 2016 with a build, without service pack</description>
346
+ <example os.edition="Datacenter" os.build="14393">Windows Server 2016 Datacenter 14393</example>
347
+ <example os.edition="Standard" os.build="14393">Windows Server 2016 Standard Evaluation 14393</example>
348
+ <example os.edition="Essentials" os.build="10586">Windows Server 2016 Technical Preview 4 Essentials 10586</example>
349
+ <param pos="0" name="os.certainty" value="1.0"/>
350
+ <param pos="0" name="os.vendor" value="Microsoft"/>
351
+ <param pos="0" name="os.product" value="Windows Server 2016"/>
352
+ <param pos="1" name="os.edition"/>
353
+ <param pos="2" name="os.build"/>
354
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
355
+ </fingerprint>
356
+
357
+ <fingerprint pattern="^Windows Storage Server 2016 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
358
+ <description>Windows Server 2016 Storage</description>
359
+ <example os.build="14393">Windows Storage Server 2016 Standard 14393</example>
360
+ <param pos="0" name="os.certainty" value="1.0"/>
361
+ <param pos="0" name="os.vendor" value="Microsoft"/>
362
+ <param pos="0" name="os.product" value="Windows Server 2016"/>
363
+ <param pos="0" name="os.edition" value="Storage"/>
364
+ <param pos="1" name="os.build"/>
365
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
366
+ </fingerprint>
367
+
368
+ <fingerprint pattern="^Hyper-V Server 2016 (\d+)$">
369
+ <description>Windows Server 2016 Hyper-V</description>
370
+ <example os.build="14393">Hyper-V Server 2016 14393</example>
371
+ <param pos="0" name="os.certainty" value="1.0"/>
372
+ <param pos="0" name="os.vendor" value="Microsoft"/>
373
+ <param pos="0" name="os.product" value="Windows Server 2016"/>
374
+ <param pos="0" name="os.edition" value="Hyper-V"/>
375
+ <param pos="1" name="os.build"/>
376
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
377
+ </fingerprint>
378
+
319
379
  <fingerprint pattern="^Windows Vista \(TM\) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
320
380
  <description>Windows Vista (SP)</description>
321
381
  <example os.edition="Home Premium" os.version="Service Pack 2">Windows Vista (TM) Home Premium 6002 Service Pack 2</example>
@@ -385,10 +445,9 @@
385
445
 
386
446
  <!-- Windows 2012 R2 matches go first to simplify the regular expressions -->
387
447
 
388
- <!-- TODO: Need an example string -->
389
-
390
448
  <fingerprint pattern="^Windows Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
391
449
  <description>Windows Server 2012 R2 (SP)</description>
450
+ <example os.build="9600" os.edition="Standard" os.version="Service Pack 1">Windows Server 2012 R2 Standard 9600 Service Pack 1</example>
392
451
  <param pos="0" name="os.certainty" value="1.0"/>
393
452
  <param pos="0" name="os.vendor" value="Microsoft"/>
394
453
  <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
@@ -400,7 +459,7 @@
400
459
 
401
460
  <fingerprint pattern="^Windows Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
402
461
  <description>Windows Server 2012 R2</description>
403
- <example os.edition="Standard">Windows Server 2012 R2 Standard 9600</example>
462
+ <example os.build="9600" os.edition="Standard">Windows Server 2012 R2 Standard 9600</example>
404
463
  <param pos="0" name="os.certainty" value="1.0"/>
405
464
  <param pos="0" name="os.vendor" value="Microsoft"/>
406
465
  <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
@@ -409,10 +468,35 @@
409
468
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
410
469
  </fingerprint>
411
470
 
412
- <!-- TODO: Need an example string -->
471
+ <fingerprint pattern="^Windows Storage Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
472
+ <description>Windows Server 2012 R2 Storage</description>
473
+ <example os.build="9600" os.edition="Standard">Windows Storage Server 2012 R2 Standard 9600</example>
474
+ <example os.build="9600" os.edition="Workgroup">Windows Storage Server 2012 R2 Workgroup 9600</example>
475
+ <example os.build="9600" os.edition="Essentials">Windows Storage Server 2012 R2 Essentials 9600</example>
476
+ <param pos="0" name="os.certainty" value="1.0"/>
477
+ <param pos="0" name="os.vendor" value="Microsoft"/>
478
+ <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
479
+ <param pos="1" name="os.edition"/>
480
+ <param pos="2" name="os.build"/>
481
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
482
+ </fingerprint>
483
+
484
+ <fingerprint pattern="^Hyper-V Server 2012 R2 (\d+)$">
485
+ <description>Windows Server 2012 R2 Hyper-V</description>
486
+ <example os.build="9600">Hyper-V Server 2012 R2 9600</example>
487
+ <param pos="0" name="os.certainty" value="1.0"/>
488
+ <param pos="0" name="os.vendor" value="Microsoft"/>
489
+ <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
490
+ <param pos="0" name="os.edition" value="Hyper-V"/>
491
+ <param pos="1" name="os.build"/>
492
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
493
+ </fingerprint>
494
+
495
+ <!-- Windows 2012 -->
413
496
 
414
497
  <fingerprint pattern="^Windows Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
415
498
  <description>Windows Server 2012 (SP)</description>
499
+ <example os.build="9200" os.edition="Standard" os.version="Service Pack 1">Windows Server 2012 Standard 9200 Service Pack 1</example>
416
500
  <param pos="0" name="os.certainty" value="1.0"/>
417
501
  <param pos="0" name="os.vendor" value="Microsoft"/>
418
502
  <param pos="0" name="os.product" value="Windows Server 2012"/>
@@ -433,6 +517,29 @@
433
517
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
434
518
  </fingerprint>
435
519
 
520
+ <fingerprint pattern="^Windows Storage Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
521
+ <description>Windows Server 2012 Storage</description>
522
+ <example os.build="9200" os.edition="Standard">Windows Storage Server 2012 Standard 9200</example>
523
+ <example os.build="9200" os.edition="Workgroup">Windows Storage Server 2012 Workgroup 9200</example>
524
+ <param pos="0" name="os.certainty" value="1.0"/>
525
+ <param pos="0" name="os.vendor" value="Microsoft"/>
526
+ <param pos="0" name="os.product" value="Windows Server 2012"/>
527
+ <param pos="1" name="os.edition"/>
528
+ <param pos="2" name="os.build"/>
529
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
530
+ </fingerprint>
531
+
532
+ <fingerprint pattern="^Hyper-V Server 2012 (\d+)$">
533
+ <description>Windows Server 2012 Hyper-V</description>
534
+ <example os.build="9200">Hyper-V Server 2012 9200</example>
535
+ <param pos="0" name="os.certainty" value="1.0"/>
536
+ <param pos="0" name="os.vendor" value="Microsoft"/>
537
+ <param pos="0" name="os.product" value="Windows Server 2012"/>
538
+ <param pos="0" name="os.edition" value="Hyper-V"/>
539
+ <param pos="1" name="os.build"/>
540
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
541
+ </fingerprint>
542
+
436
543
  <fingerprint pattern="^Windows MultiPoint Server 2012 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
437
544
  <description>Windows MultiPoint Server 2012 (SP)</description>
438
545
  <example os.build="9201" os.version="Service Pack 1">Windows MultiPoint Server 2012 Premium 9201 Service Pack 1</example>
@@ -487,7 +594,7 @@
487
594
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_10:-"/>
488
595
  </fingerprint>
489
596
 
490
- <fingerprint pattern="^VxWorks">
597
+ <fingerprint pattern="^VxWorks$">
491
598
  <description>VxWorks</description>
492
599
  <example>VxWorks</example>
493
600
  <param pos="0" name="os.certainty" value="0.5"/>
@@ -498,9 +605,10 @@
498
605
  <param pos="0" name="service.product" value="VxWorks CIFS"/>
499
606
  </fingerprint>
500
607
 
501
- <fingerprint pattern="^OS/400 \D(\d+)\D(\d+)\D(\d+)">
608
+ <fingerprint pattern="^OS/?400 \D(\d+)\D(\d+)\D(\d+)$">
502
609
  <description>OS/400</description>
503
610
  <example os.version="4" os.version.version="5" os.version.version.version="0">OS/400 V4R5M0</example>
611
+ <example os.version="5" os.version.version="4" os.version.version.version="5">OS400 V5R4M5</example>
504
612
  <param pos="0" name="os.vendor" value="IBM"/>
505
613
  <param pos="0" name="os.product" value="OS/400"/>
506
614
  <param pos="1" name="os.version"/>
@@ -509,6 +617,17 @@
509
617
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:{os.version}"/>
510
618
  </fingerprint>
511
619
 
620
+ <fingerprint pattern="^I5OS \D(\d+)\D(\d+)\D(\d+)$">
621
+ <description>IBM i5/OS</description>
622
+ <example os.version="6" os.version.version="1" os.version.version.version="1">I5OS V6R1M1</example>
623
+ <param pos="0" name="os.vendor" value="IBM"/>
624
+ <param pos="0" name="os.product" value="i5/OS"/>
625
+ <param pos="1" name="os.version"/>
626
+ <param pos="2" name="os.version.version"/>
627
+ <param pos="3" name="os.version.version.version"/>
628
+ <param pos="0" name="os.cpe23" value="cpe:/o:ibm:i5os:{os.version}"/>
629
+ </fingerprint>
630
+
512
631
  <fingerprint pattern="^Apple Base Station$">
513
632
  <description>SMB exposed via SMB shared USB disks on Apple devices</description>
514
633
  <example>Apple Base Station</example>
@@ -538,6 +657,14 @@
538
657
  <param pos="0" name="service.vendor" value="Netreon"/>
539
658
  </fingerprint>
540
659
 
660
+ <fingerprint pattern="^QTS$">
661
+ <description>QNAP QTS</description>
662
+ <example>QTS</example>
663
+ <param pos="0" name="os.vendor" value="QNAP"/>
664
+ <param pos="0" name="os.product" value="QTS"/>
665
+ <param pos="0" name="os.cpe23" value="cpe:/o:qnap:qts:-"/>
666
+ </fingerprint>
667
+
541
668
  <!-- VisionFS -->
542
669
 
543
670
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)ai(\d{4})">