recog 2.3.18 → 2.3.22

data/identifiers/vendor.txt

@@ -1,10 +1,14 @@
+2N Telekomunikace
+3CX
 3Com
 8x8 Inc.
 A.K.I Software
 ACME
+ACT Security
 ADB
 ADC
 ADTRAN
+AIOHTTP Project
 ALCATEL
 ALT
 ALU
@@ -22,13 +26,16 @@ AT&T Worldworx
 ATEN
 ATG
 ATL Telecom Limited
+ATT
 AVM
 AVT
 AVTECH
 AXIS
 Aastra
 Accelerated Technology
+AdGuard
 Adaptec
+AdminDroid
 Adobe
 Adtran
 Aerohive
@@ -36,6 +43,7 @@ Agere Systems
 Agilent
 AirDefense
 AirMagnet
+Aircookie
 Airties
 Akamai
 Algo
@@ -43,6 +51,8 @@ AlienVault
 Allegro Software
 Allen-Bradley
 Allied Telesyn
+Allworx
+Alpha Technologies
 Alpha Telecom, Inc. U.S.A.
 Alpine
 Alt-N
@@ -53,6 +63,7 @@ AnyBus
 Apache
 Apple
 Aprelium Technologies
+Aptinex
 ArGoSoft
 Arachni
 Araknis Networks
@@ -77,6 +88,7 @@ AudioCodes
 Avaya
 Avery Dennison
 Avigilon
+Avleen Vig
 Avocent
 Axis
 Axonius
@@ -87,13 +99,18 @@ BT
 Bandura Labs
 Bangteng
 Barco
+Barix
+Barracuda
 Berkeley Software Design Inc.
 Bftpd Project
 Bigfoot
+Bird Home Automation
 Bitvise
+BlackBox
 Blue Coat
 BlueCat
 Boa
+Bobcat
 Bomgar
 Bosch
 Bose
@@ -106,10 +123,12 @@ Buffalo
 C&D Technologies
 C-Phone Corporation
 CA
+CBT
 CDVI
 CSM
 Cabletron
 CaddyServer
+Calibre-Web Project
 Calient
 Calnex
 Cambium Networks
@@ -126,6 +145,7 @@ Cesanta
 Chainpoint
 Check Point
 Checkpoint
+Cherokee Project
 CherryPy
 Ciena
 Cintech Tele-Management
@@ -153,12 +173,16 @@ Compuware
 Conectiva
 Conexant
 Congruency, Inc.
+ConnectWise
+Control Solutions
 Couchbase
 Cradlepoint
 Crestron
 Critical Path
 CrushFTP
 CrystalVoice Communications
+Cumulus
+CyberPower
 Cyberoam
 D J Bernstein
 D-Link
@@ -176,11 +200,13 @@ Debian
 Dell
 Deutsche Telekom
 Device42
+Dialogic
 Digi
 Digitronic Computersysteme GmbH
 Digium
 DirectLOGIC
 DocuWiki
+Dokuwiki
 Double Precision
 Dovecot
 Dr. Neuhaus Mikroelektronik
@@ -206,12 +232,15 @@ Embedthis
 Emby
 Emerson
 Emulex
+Encode
 Enterasys
+Envoy Proxy
 Epson
 EqualLogic
 Equivalence (OpenH323)
 Ericsson
 Eudora
+Evolis
 ExtraHop
 Extreme Networks
 Extron
@@ -222,6 +251,7 @@ Facebook
 FarSite Communications
 FatWire
 Fedora Project
+Ferner
 Ferrari Electronik GmbH
 Fidelis
 Fidelix
@@ -231,6 +261,7 @@ Firefly
 Floosietek
 FlowPoint
 Flussonic
+Flyspray
 Folding@home
 Fortinet
 Foscam
@@ -238,6 +269,9 @@ Foundry
 Foundry Networks
 FreeBSD
 FreePBX
+FreeSWITCH
+Freebox
+FreshTomato
 Fuji Xerox
 Fujitsu
 Fujitsu Siemens
@@ -255,12 +289,16 @@ Genivia
 Genscape
 Gentoo
 Gerrit
+GigaBlue
 Gigamon
+Gigaset
 GitHub
 GitLab
 Gitea
 Global Technology Associates
 GlobalScape
+GoGogate
+Gogs
 Google
 Gordano
 Grafana
@@ -277,6 +315,7 @@ HP
 HPE
 Hadoop
 Haivision
+Hak5
 Hanwha Techwin
 HashiCorp
 Hauni Elektronik
@@ -298,6 +337,7 @@ ISC
 ISDN Communications
 ITO Communications
 Idea
+Ignite Realtime
 ImageCom
 Imagistics
 Inari Inc.
@@ -313,7 +353,10 @@ Internet Archive
 Inveo
 Ipswitch
 Isilon
+Istio
+JFrog
 Jamf
+Jellyfin
 Jenkins
 JetBrains
 Juniper
@@ -338,6 +381,7 @@ Kyocera
 Kyocera Mita
 LANCOM Systems
 LANDesk
+LG
 LINX
 Labtam
 Lanier
@@ -352,10 +396,14 @@ LibreNMS
 Liebert
 Lifesize
 LigoWave
+Ligowave
+Lime Technologies
 Linksys
 Linux
 LiteSpeed Technologies
 LiveWorks Limited
+Logitech
+Lorex
 Lotus
 Loxone
 Lucent
@@ -381,12 +429,15 @@ Media5 Corporation
 MediaGate
 Mediatrix Telecom
 Merak
+Meraki
 Mercury Security
 Merit LILIN
 Mersive
 MetaInfo
+Metabase
 MiBridge Inc.
 Michael Tokarev
+MicroStrategy
 Microplex
 Microsoft
 MikroTik
@@ -396,11 +447,13 @@ Mitel
 Mobatek
 Mobotix
 Mocana
+MoinMoin
 Moodle
 Mort Bay
 Motion Media Technology
 Motorola
 Moxa
+Mozilla
 MultiTech
 Multicraft
 Munin
@@ -413,6 +466,7 @@ NLnet Labs
 NTP
 NVIDIA
 Nagios
+Nanoleaf
 NcFTP Software
 Neoscale
 Nero
@@ -435,14 +489,17 @@ Netwave
 Network Alchemy Limited
 Network Equipment Technologies
 Neustar
+Nextcloud
 Nokia
 Nokia-Siemens
 Nominum
 Nortel
 Norton
 Novell
+Nuuo
 OPNsense
 Objective Communications
+Observium
 Oce
 Octopus
 Oki
@@ -453,6 +510,8 @@ OpenLDAP
 OpenMediaVault
 OpenNAC
 OpenResty
+OpenSER
+OpenSIPS
 OpenSUSE
 OpenStack
 OpenVMS
@@ -464,6 +523,7 @@ Oracle
 Overland
 Oversee
 PHP
+PIAF
 PLD
 PRTG
 Pagoo, Inc.
@@ -475,16 +535,22 @@ Panduit
 Paradyne
 Parallels
 Paramiko
+Patton
 Paul Smith Computer Services
+Pelco
 Percona
+Perl
+Phacility
 Philips
 Philips Video Conferencing Systems
+Phoenix Contact
 Pi-hole
 PictureTel
 Plain Black
 Plex
 Plixer
 Polatis
+Poly
 Polycom
 Portainer
 Postfix
@@ -494,10 +560,13 @@ PowerWare
 Pragma Systems
 Pro Group
 ProFTPD Project
+ProSoft Technology
 Process Software
 Progress
 Prometheus
 Pronet
+Proxmox
+Psion Teklogix
 Pulse Secure
 Pure Storage
 PureFTPd
@@ -522,11 +591,13 @@ RealVNC Ltd.
 Rectifier Technologies
 Red Hat
 Redback Networks
+Redline
 Redmine
 Rhino Software
 Ricoh
 Ridgeway Systems and Software
 Rifatron
+Riverbed
 Riverstone
 Rockliffe
 Rockwell Automation
@@ -550,8 +621,10 @@ SMA Solar Technology Ag
 SMC Networks
 SPIP
 SSH Communications Security
+STARFACE GmhH
 SUSE
 SafeNet
+Sage
 Samba
 Samsung
 Sangoma
@@ -559,6 +632,7 @@ SapporoWorks
 Satelitech
 Savin
 Scalix
+Schneider Electric
 Schneider Rundfunkwerke AG
 Science Dynamics Corporation
 Science Logic
@@ -576,6 +650,7 @@ Serv-U
 ServerTech
 Sharp
 ShellInABox
+Shelly
 Shenzhen Reecam Tech. Ltd.
 ShoreTel
 Siebel
@@ -585,8 +660,10 @@ Silver Peak
 Siqura
 Slackware
 SmoothWall
+SnapServer
 Sofrel
 Softing
+Software House
 SolarWinds
 SonarQube
 SonicWall
@@ -599,12 +676,14 @@ Spiceworks
 Spirent Communications
 SpliceCom
 Splunk
+SpotterRF
 Squid Cache
 Standard Networks
 StarNet Communications Corp.
 StarVox, Inc.
 StartCom
 Steinsvik
+Strategic Cyber LLC
 StreamComm
 SuSE
 Sun
@@ -616,6 +695,7 @@ Symantec
 Symbol
 Symbol Technologies Inc.
 Symplified
+Synacor
 Syndeo Corp.
 Synology
 SysMaster Corporation
@@ -626,29 +706,36 @@ TP-LINK
 TRENDnet
 TVersity
 TYPO3
+Tableau
 Tandberg
 Taobao
 Tasman Networks
+Technicolor
 Tektronix
 Teldat H. Kruszynski, M. Cichocki Sp. J.
 TeleStream Technologies, Inc.
 TeleWare
+Teledyne FLIR
 Telliris
 Telxon Corporation
 Tenable
 Tencent
+Teradici
 Thekelleys
 Thomson
 TigerVNC
 TightVNC
+Tildeslash
 Tilgin
 Tintro
 Tinyproxy Project
 Tivo
 Tobit Software
 Tokutek
+Tor Project
 TornadoWeb
 Toshiba
+Traefik Labs
 Treck
 Tridium
 Troy
@@ -663,10 +750,14 @@ Ubiquiti
 Ubuntu
 UnboundID
 Unica
+Unify
 Unisys
 UnitedLinux
+VBrick
 VMware
 VTEL
+Vaddio
+Valcom
 VanDyke Software
 Vanguard Managed Solutions
 Varnish-cache
@@ -679,6 +770,7 @@ VideoServer
 Vignette
 Vine
 Vircom
+Visuality Systems
 Vizio
 VocalTec Communications, Inc.
 Västgöta-Data AB
@@ -688,13 +780,18 @@ Washington University
 WatchGuard
 WeOnlyDo
 WebTrends
+Webmin
+Weidmüller
 Westbay Engineers
 Westell
 Western Digital
 White Box
+Wifx
 Wildix
 Wind River
+Wowza
 Wowza Media Systems
+Wyze
 X.Org
 XAMPP
 XFree86
@@ -707,6 +804,7 @@ Xitami
 Xlight
 Xubuntu
 Xyplex
+Xytronix
 Yamaha
 Yealink
 Yocto
@@ -723,18 +821,24 @@ cPanel
 cz.nic
 enGenius
 estos
+etherpad
 exim
 gdnsd
 home.pl
 i.LON
+iRobot
+iStar
 iTach
+iXsystems
 innovaphone
 libssh
 lighttpd
 mod_ssl
 mod_wsgi
 nginx
+ninenines
 noVNC
+ntop
 ownCloud
 pfSense
 port25

data/lib/recog/db.rb

@@ -66,10 +66,11 @@ class DB
 
     end
 
+    filepath =  self.path.sub(/\.xml$/, '')
     @match_key = File.basename(self.path).sub(/\.xml$/, '') unless @match_key
 
     xml.xpath('/fingerprints/fingerprint').each do |fprint|
-      @fingerprints << Fingerprint.new(fprint, @match_key, @protocol)
+      @fingerprints << Fingerprint.new(fprint, @match_key, @protocol, filepath)
     end
 
     xml = nil

data/lib/recog/fingerprint.rb

@@ -31,7 +31,8 @@ class Fingerprint
   # @param xml [Nokogiri::XML::Element]
   # @param match_key [String] See Recog::DB
   # @param protocol [String] Protocol such as ftp, mssql, http, etc.
-  def initialize(xml, match_key=nil, protocol=nil)
+  # @param filepath [String] Directory path for fingerprint example files
+  def initialize(xml, match_key=nil, protocol=nil, filepath=nil)
     @match_key = match_key
     @protocol = protocol
     @name   = parse_description(xml)
@@ -40,7 +41,7 @@ class Fingerprint
     @tests = []
 
     @protocol.downcase! if @protocol
-    parse_examples(xml)
+    parse_examples(xml, filepath)
     parse_params(xml)
   end
 
@@ -176,6 +177,7 @@ class Fingerprint
       # out correctly and match the capture group values we expect.
       test.attributes.each do |k, v|
         next if k == '_encoding'
+        next if k == '_filename'
         if !result.has_key?(k) || result[k] != v
           message = "'#{@name}' failed to find expected capture group #{k} '#{v}'. Result was #{result[k]}"
           status = :fail
@@ -223,7 +225,7 @@ class Fingerprint
     capture_group_used.each do |param_name, param_used|
       if !param_used
         message = "'#{@name}' is missing an example that checks for parameter '#{param_name}' " +
-                  "messsage which is derived from a capture group"
+                  "which is derived from a capture group"
         yield :warn, message
       end
     end
@@ -247,14 +249,25 @@ class Fingerprint
   end
 
   # @param xml [Nokogiri::XML::Element]
+  # @param filepath [String] Directory path for fingerprint example files
   # @return [void]
-  def parse_examples(xml)
+  def parse_examples(xml, filepath)
     elements = xml.xpath('example')
 
     elements.each do |elem|
       # convert nokogiri Attributes into a hash of name => value
       attrs = elem.attributes.values.reduce({}) { |a,e| a.merge(e.name => e.value) }
-      @tests << Test.new(elem.content, attrs)
+      if attrs["_filename"]
+        contents = ""
+        fn = File.join(filepath, attrs["_filename"])
+        File.open(fn, "rb") do |file|
+          contents = file.read
+          contents.force_encoding(Encoding::ASCII_8BIT)
+        end
+        @tests << Test.new(contents, attrs)
+      else
+        @tests << Test.new(elem.content, attrs)
+      end
     end
 
     nil

data/lib/recog/nizer.rb

@@ -8,13 +8,13 @@ class Nizer
   # Non-weighted host attributes that can be extracted from fingerprint matches
   HOST_ATTRIBUTES = %W{
     host.domain
-    host.id
     host.ip
     host.mac
     host.name
     host.time
     hw.device
     hw.family
+    hw.serial_number
     hw.product
     hw.vendor
   }
@@ -264,84 +264,3 @@ class Nizer
 
 end
 end
-
-=begin
-
-Current key names:
-
-  apache.info
-  apache.variant
-  apache.variant.version
-  cookie
-  host.domain
-  host.id
-  host.ip
-  host.mac
-  host.name
-  host.time
-  hw.device
-  hw.family
-  hw.product
-  hw.vendor
-  imail.eval
-  jetty.info
-  junction.cookie
-  junction.name
-  linux.kernel.version
-  loadbalancer.poolname
-  mdaemon.unregistered
-  mercur.os.info
-  metainfo.version
-  metainfo.version.version
-  ms.nttp.version
-  notes.build.version
-  notes.intl
-  ntmail.id
-  openssh.comment
-  openssh.cvepatch
-  os.arch
-  os.build
-  os.certainty
-  os.device
-  os.edition
-  os.family
-  os.product
-  os.vendor
-  os.version
-  os.version.version
-  os.version.version.version
-  postfix.os.info
-  postoffice.build
-  postoffice.id
-  proftpd.server.name
-  pureftpd.config
-  qpopper.version
-  sendmail.config.version
-  sendmail.hpux.phne.version
-  sendmail.vendor.version
-  service.certainty
-  service.component.family
-  service.component.product
-  service.component.vendor
-  service.component.version
-  service.family
-  service.product
-  service.vendor
-  service.version
-  service.version.version
-  service.version.version.version
-  service.version.version.version.version
-  service.version.version.version.version.version
-  siemens.model
-  snmp.fpmib.oid.1
-  snmp.fpmib.oid.2
-  system.time
-  system.time.format
-  system.time.micros
-  system.time.millis
-  thttpd.mx-patch
-  timeout
-  tomcat.info
-  zmailer.ident
-
-=end

data/lib/recog/verifier.rb

@@ -1,15 +1,15 @@
 module Recog
 class Verifier
-  attr_reader :fingerprints, :reporter
+  attr_reader :db, :reporter
 
-  def initialize(fingerprints, reporter)
-    @fingerprints = fingerprints
+  def initialize(db, reporter)
+    @db = db
     @reporter = reporter
   end
 
   def verify
-    reporter.report(fingerprints.count) do
-      fingerprints.each do |fp|
+    reporter.report(db.fingerprints.count) do
+      db.fingerprints.each do |fp|
         reporter.print_name fp
 
         fp.verify_params do |status, message|

data/lib/recog/verifier_factory.rb

@@ -4,10 +4,10 @@ require 'recog/verify_reporter'
 
 module Recog
 module VerifierFactory
-  def self.build(options)
+  def self.build(options, db)
     formatter = Formatter.new(options, $stdout)
-    reporter  = VerifyReporter.new(options, formatter)
-    Verifier.new(options.fingerprints, reporter)
+    reporter  = VerifyReporter.new(options, formatter, db.path)
+    Verifier.new(db, reporter)
   end
 end
 end