recog 2.3.18 → 2.3.22
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +8 -0
- data/.github/workflows/ci.yml +26 -0
- data/.github/workflows/verify.yml +89 -0
- data/CONTRIBUTING.md +6 -0
- data/README.md +17 -0
- data/bin/recog_standardize +33 -12
- data/bin/recog_verify +1 -2
- data/cpe-remap.yaml +355 -200
- data/features/verify.feature +14 -14
- data/identifiers/README.md +24 -10
- data/identifiers/fields.txt +105 -0
- data/identifiers/hw_device.txt +8 -0
- data/identifiers/hw_family.txt +19 -0
- data/identifiers/hw_product.txt +122 -0
- data/identifiers/os_device.txt +2 -1
- data/identifiers/os_family.txt +3 -0
- data/identifiers/os_product.txt +46 -8
- data/identifiers/service_family.txt +10 -1
- data/identifiers/service_product.txt +90 -2
- data/identifiers/vendor.txt +104 -0
- data/lib/recog/db.rb +2 -1
- data/lib/recog/fingerprint.rb +18 -5
- data/lib/recog/nizer.rb +1 -82
- data/lib/recog/verifier.rb +5 -5
- data/lib/recog/verifier_factory.rb +3 -3
- data/lib/recog/verify_reporter.rb +14 -4
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/spec/lib/fingerprint_self_test_spec.rb +1 -0
- data/spec/lib/recog/verify_reporter_spec.rb +69 -0
- data/tools/dev/hooks/pre-commit +21 -0
- data/update_cpes.py +19 -6
- data/xml/apache_modules.xml +60 -0
- data/xml/apache_os.xml +38 -38
- data/xml/dhcp_vendor_class.xml +206 -0
- data/xml/dns_versionbind.xml +11 -1
- data/xml/favicons.xml +270 -45
- data/xml/ftp_banners.xml +89 -64
- data/xml/h323_callresp.xml +99 -99
- data/xml/hp_pjl_id.xml +3 -3
- data/xml/html_title.xml +1051 -62
- data/xml/http_cookies.xml +294 -85
- data/xml/http_servers.xml +551 -122
- data/xml/http_wwwauth.xml +139 -43
- data/xml/imap_banners.xml +8 -8
- data/xml/ldap_searchresult.xml +1 -0
- data/xml/mdns_device-info_txt.xml +720 -27
- data/xml/mysql_banners.xml +3 -2
- data/xml/nntp_banners.xml +4 -4
- data/xml/ntp_banners.xml +79 -65
- data/xml/operating_system.xml +6 -6
- data/xml/pop_banners.xml +11 -11
- data/xml/rsh_resp.xml +3 -3
- data/xml/rtsp_servers.xml +7 -0
- data/xml/sip_banners.xml +374 -9
- data/xml/sip_user_agents.xml +377 -5
- data/xml/smb_native_lm.xml +32 -1
- data/xml/smb_native_os.xml +160 -33
- data/xml/smtp_banners.xml +168 -129
- data/xml/smtp_ehlo.xml +1 -1
- data/xml/smtp_expn.xml +1 -0
- data/xml/smtp_help.xml +10 -10
- data/xml/smtp_noop.xml +2 -2
- data/xml/smtp_vrfy.xml +1 -0
- data/xml/snmp_sysdescr.xml +508 -214
- data/xml/snmp_sysobjid.xml +25 -25
- data/xml/ssh_banners.xml +145 -29
- data/xml/telnet_banners.xml +240 -61
- data/xml/tls_jarm.xml +162 -0
- data/xml/x509_issuers.xml +237 -2
- data/xml/x509_subjects.xml +369 -49
- metadata +10 -3
data/identifiers/vendor.txt
CHANGED
@@ -1,10 +1,14 @@
|
|
1
|
+
2N Telekomunikace
|
2
|
+
3CX
|
1
3
|
3Com
|
2
4
|
8x8 Inc.
|
3
5
|
A.K.I Software
|
4
6
|
ACME
|
7
|
+
ACT Security
|
5
8
|
ADB
|
6
9
|
ADC
|
7
10
|
ADTRAN
|
11
|
+
AIOHTTP Project
|
8
12
|
ALCATEL
|
9
13
|
ALT
|
10
14
|
ALU
|
@@ -22,13 +26,16 @@ AT&T Worldworx
|
|
22
26
|
ATEN
|
23
27
|
ATG
|
24
28
|
ATL Telecom Limited
|
29
|
+
ATT
|
25
30
|
AVM
|
26
31
|
AVT
|
27
32
|
AVTECH
|
28
33
|
AXIS
|
29
34
|
Aastra
|
30
35
|
Accelerated Technology
|
36
|
+
AdGuard
|
31
37
|
Adaptec
|
38
|
+
AdminDroid
|
32
39
|
Adobe
|
33
40
|
Adtran
|
34
41
|
Aerohive
|
@@ -36,6 +43,7 @@ Agere Systems
|
|
36
43
|
Agilent
|
37
44
|
AirDefense
|
38
45
|
AirMagnet
|
46
|
+
Aircookie
|
39
47
|
Airties
|
40
48
|
Akamai
|
41
49
|
Algo
|
@@ -43,6 +51,8 @@ AlienVault
|
|
43
51
|
Allegro Software
|
44
52
|
Allen-Bradley
|
45
53
|
Allied Telesyn
|
54
|
+
Allworx
|
55
|
+
Alpha Technologies
|
46
56
|
Alpha Telecom, Inc. U.S.A.
|
47
57
|
Alpine
|
48
58
|
Alt-N
|
@@ -53,6 +63,7 @@ AnyBus
|
|
53
63
|
Apache
|
54
64
|
Apple
|
55
65
|
Aprelium Technologies
|
66
|
+
Aptinex
|
56
67
|
ArGoSoft
|
57
68
|
Arachni
|
58
69
|
Araknis Networks
|
@@ -77,6 +88,7 @@ AudioCodes
|
|
77
88
|
Avaya
|
78
89
|
Avery Dennison
|
79
90
|
Avigilon
|
91
|
+
Avleen Vig
|
80
92
|
Avocent
|
81
93
|
Axis
|
82
94
|
Axonius
|
@@ -87,13 +99,18 @@ BT
|
|
87
99
|
Bandura Labs
|
88
100
|
Bangteng
|
89
101
|
Barco
|
102
|
+
Barix
|
103
|
+
Barracuda
|
90
104
|
Berkeley Software Design Inc.
|
91
105
|
Bftpd Project
|
92
106
|
Bigfoot
|
107
|
+
Bird Home Automation
|
93
108
|
Bitvise
|
109
|
+
BlackBox
|
94
110
|
Blue Coat
|
95
111
|
BlueCat
|
96
112
|
Boa
|
113
|
+
Bobcat
|
97
114
|
Bomgar
|
98
115
|
Bosch
|
99
116
|
Bose
|
@@ -106,10 +123,12 @@ Buffalo
|
|
106
123
|
C&D Technologies
|
107
124
|
C-Phone Corporation
|
108
125
|
CA
|
126
|
+
CBT
|
109
127
|
CDVI
|
110
128
|
CSM
|
111
129
|
Cabletron
|
112
130
|
CaddyServer
|
131
|
+
Calibre-Web Project
|
113
132
|
Calient
|
114
133
|
Calnex
|
115
134
|
Cambium Networks
|
@@ -126,6 +145,7 @@ Cesanta
|
|
126
145
|
Chainpoint
|
127
146
|
Check Point
|
128
147
|
Checkpoint
|
148
|
+
Cherokee Project
|
129
149
|
CherryPy
|
130
150
|
Ciena
|
131
151
|
Cintech Tele-Management
|
@@ -153,12 +173,16 @@ Compuware
|
|
153
173
|
Conectiva
|
154
174
|
Conexant
|
155
175
|
Congruency, Inc.
|
176
|
+
ConnectWise
|
177
|
+
Control Solutions
|
156
178
|
Couchbase
|
157
179
|
Cradlepoint
|
158
180
|
Crestron
|
159
181
|
Critical Path
|
160
182
|
CrushFTP
|
161
183
|
CrystalVoice Communications
|
184
|
+
Cumulus
|
185
|
+
CyberPower
|
162
186
|
Cyberoam
|
163
187
|
D J Bernstein
|
164
188
|
D-Link
|
@@ -176,11 +200,13 @@ Debian
|
|
176
200
|
Dell
|
177
201
|
Deutsche Telekom
|
178
202
|
Device42
|
203
|
+
Dialogic
|
179
204
|
Digi
|
180
205
|
Digitronic Computersysteme GmbH
|
181
206
|
Digium
|
182
207
|
DirectLOGIC
|
183
208
|
DocuWiki
|
209
|
+
Dokuwiki
|
184
210
|
Double Precision
|
185
211
|
Dovecot
|
186
212
|
Dr. Neuhaus Mikroelektronik
|
@@ -206,12 +232,15 @@ Embedthis
|
|
206
232
|
Emby
|
207
233
|
Emerson
|
208
234
|
Emulex
|
235
|
+
Encode
|
209
236
|
Enterasys
|
237
|
+
Envoy Proxy
|
210
238
|
Epson
|
211
239
|
EqualLogic
|
212
240
|
Equivalence (OpenH323)
|
213
241
|
Ericsson
|
214
242
|
Eudora
|
243
|
+
Evolis
|
215
244
|
ExtraHop
|
216
245
|
Extreme Networks
|
217
246
|
Extron
|
@@ -222,6 +251,7 @@ Facebook
|
|
222
251
|
FarSite Communications
|
223
252
|
FatWire
|
224
253
|
Fedora Project
|
254
|
+
Ferner
|
225
255
|
Ferrari Electronik GmbH
|
226
256
|
Fidelis
|
227
257
|
Fidelix
|
@@ -231,6 +261,7 @@ Firefly
|
|
231
261
|
Floosietek
|
232
262
|
FlowPoint
|
233
263
|
Flussonic
|
264
|
+
Flyspray
|
234
265
|
Folding@home
|
235
266
|
Fortinet
|
236
267
|
Foscam
|
@@ -238,6 +269,9 @@ Foundry
|
|
238
269
|
Foundry Networks
|
239
270
|
FreeBSD
|
240
271
|
FreePBX
|
272
|
+
FreeSWITCH
|
273
|
+
Freebox
|
274
|
+
FreshTomato
|
241
275
|
Fuji Xerox
|
242
276
|
Fujitsu
|
243
277
|
Fujitsu Siemens
|
@@ -255,12 +289,16 @@ Genivia
|
|
255
289
|
Genscape
|
256
290
|
Gentoo
|
257
291
|
Gerrit
|
292
|
+
GigaBlue
|
258
293
|
Gigamon
|
294
|
+
Gigaset
|
259
295
|
GitHub
|
260
296
|
GitLab
|
261
297
|
Gitea
|
262
298
|
Global Technology Associates
|
263
299
|
GlobalScape
|
300
|
+
GoGogate
|
301
|
+
Gogs
|
264
302
|
Google
|
265
303
|
Gordano
|
266
304
|
Grafana
|
@@ -277,6 +315,7 @@ HP
|
|
277
315
|
HPE
|
278
316
|
Hadoop
|
279
317
|
Haivision
|
318
|
+
Hak5
|
280
319
|
Hanwha Techwin
|
281
320
|
HashiCorp
|
282
321
|
Hauni Elektronik
|
@@ -298,6 +337,7 @@ ISC
|
|
298
337
|
ISDN Communications
|
299
338
|
ITO Communications
|
300
339
|
Idea
|
340
|
+
Ignite Realtime
|
301
341
|
ImageCom
|
302
342
|
Imagistics
|
303
343
|
Inari Inc.
|
@@ -313,7 +353,10 @@ Internet Archive
|
|
313
353
|
Inveo
|
314
354
|
Ipswitch
|
315
355
|
Isilon
|
356
|
+
Istio
|
357
|
+
JFrog
|
316
358
|
Jamf
|
359
|
+
Jellyfin
|
317
360
|
Jenkins
|
318
361
|
JetBrains
|
319
362
|
Juniper
|
@@ -338,6 +381,7 @@ Kyocera
|
|
338
381
|
Kyocera Mita
|
339
382
|
LANCOM Systems
|
340
383
|
LANDesk
|
384
|
+
LG
|
341
385
|
LINX
|
342
386
|
Labtam
|
343
387
|
Lanier
|
@@ -352,10 +396,14 @@ LibreNMS
|
|
352
396
|
Liebert
|
353
397
|
Lifesize
|
354
398
|
LigoWave
|
399
|
+
Ligowave
|
400
|
+
Lime Technologies
|
355
401
|
Linksys
|
356
402
|
Linux
|
357
403
|
LiteSpeed Technologies
|
358
404
|
LiveWorks Limited
|
405
|
+
Logitech
|
406
|
+
Lorex
|
359
407
|
Lotus
|
360
408
|
Loxone
|
361
409
|
Lucent
|
@@ -381,12 +429,15 @@ Media5 Corporation
|
|
381
429
|
MediaGate
|
382
430
|
Mediatrix Telecom
|
383
431
|
Merak
|
432
|
+
Meraki
|
384
433
|
Mercury Security
|
385
434
|
Merit LILIN
|
386
435
|
Mersive
|
387
436
|
MetaInfo
|
437
|
+
Metabase
|
388
438
|
MiBridge Inc.
|
389
439
|
Michael Tokarev
|
440
|
+
MicroStrategy
|
390
441
|
Microplex
|
391
442
|
Microsoft
|
392
443
|
MikroTik
|
@@ -396,11 +447,13 @@ Mitel
|
|
396
447
|
Mobatek
|
397
448
|
Mobotix
|
398
449
|
Mocana
|
450
|
+
MoinMoin
|
399
451
|
Moodle
|
400
452
|
Mort Bay
|
401
453
|
Motion Media Technology
|
402
454
|
Motorola
|
403
455
|
Moxa
|
456
|
+
Mozilla
|
404
457
|
MultiTech
|
405
458
|
Multicraft
|
406
459
|
Munin
|
@@ -413,6 +466,7 @@ NLnet Labs
|
|
413
466
|
NTP
|
414
467
|
NVIDIA
|
415
468
|
Nagios
|
469
|
+
Nanoleaf
|
416
470
|
NcFTP Software
|
417
471
|
Neoscale
|
418
472
|
Nero
|
@@ -435,14 +489,17 @@ Netwave
|
|
435
489
|
Network Alchemy Limited
|
436
490
|
Network Equipment Technologies
|
437
491
|
Neustar
|
492
|
+
Nextcloud
|
438
493
|
Nokia
|
439
494
|
Nokia-Siemens
|
440
495
|
Nominum
|
441
496
|
Nortel
|
442
497
|
Norton
|
443
498
|
Novell
|
499
|
+
Nuuo
|
444
500
|
OPNsense
|
445
501
|
Objective Communications
|
502
|
+
Observium
|
446
503
|
Oce
|
447
504
|
Octopus
|
448
505
|
Oki
|
@@ -453,6 +510,8 @@ OpenLDAP
|
|
453
510
|
OpenMediaVault
|
454
511
|
OpenNAC
|
455
512
|
OpenResty
|
513
|
+
OpenSER
|
514
|
+
OpenSIPS
|
456
515
|
OpenSUSE
|
457
516
|
OpenStack
|
458
517
|
OpenVMS
|
@@ -464,6 +523,7 @@ Oracle
|
|
464
523
|
Overland
|
465
524
|
Oversee
|
466
525
|
PHP
|
526
|
+
PIAF
|
467
527
|
PLD
|
468
528
|
PRTG
|
469
529
|
Pagoo, Inc.
|
@@ -475,16 +535,22 @@ Panduit
|
|
475
535
|
Paradyne
|
476
536
|
Parallels
|
477
537
|
Paramiko
|
538
|
+
Patton
|
478
539
|
Paul Smith Computer Services
|
540
|
+
Pelco
|
479
541
|
Percona
|
542
|
+
Perl
|
543
|
+
Phacility
|
480
544
|
Philips
|
481
545
|
Philips Video Conferencing Systems
|
546
|
+
Phoenix Contact
|
482
547
|
Pi-hole
|
483
548
|
PictureTel
|
484
549
|
Plain Black
|
485
550
|
Plex
|
486
551
|
Plixer
|
487
552
|
Polatis
|
553
|
+
Poly
|
488
554
|
Polycom
|
489
555
|
Portainer
|
490
556
|
Postfix
|
@@ -494,10 +560,13 @@ PowerWare
|
|
494
560
|
Pragma Systems
|
495
561
|
Pro Group
|
496
562
|
ProFTPD Project
|
563
|
+
ProSoft Technology
|
497
564
|
Process Software
|
498
565
|
Progress
|
499
566
|
Prometheus
|
500
567
|
Pronet
|
568
|
+
Proxmox
|
569
|
+
Psion Teklogix
|
501
570
|
Pulse Secure
|
502
571
|
Pure Storage
|
503
572
|
PureFTPd
|
@@ -522,11 +591,13 @@ RealVNC Ltd.
|
|
522
591
|
Rectifier Technologies
|
523
592
|
Red Hat
|
524
593
|
Redback Networks
|
594
|
+
Redline
|
525
595
|
Redmine
|
526
596
|
Rhino Software
|
527
597
|
Ricoh
|
528
598
|
Ridgeway Systems and Software
|
529
599
|
Rifatron
|
600
|
+
Riverbed
|
530
601
|
Riverstone
|
531
602
|
Rockliffe
|
532
603
|
Rockwell Automation
|
@@ -550,8 +621,10 @@ SMA Solar Technology Ag
|
|
550
621
|
SMC Networks
|
551
622
|
SPIP
|
552
623
|
SSH Communications Security
|
624
|
+
STARFACE GmhH
|
553
625
|
SUSE
|
554
626
|
SafeNet
|
627
|
+
Sage
|
555
628
|
Samba
|
556
629
|
Samsung
|
557
630
|
Sangoma
|
@@ -559,6 +632,7 @@ SapporoWorks
|
|
559
632
|
Satelitech
|
560
633
|
Savin
|
561
634
|
Scalix
|
635
|
+
Schneider Electric
|
562
636
|
Schneider Rundfunkwerke AG
|
563
637
|
Science Dynamics Corporation
|
564
638
|
Science Logic
|
@@ -576,6 +650,7 @@ Serv-U
|
|
576
650
|
ServerTech
|
577
651
|
Sharp
|
578
652
|
ShellInABox
|
653
|
+
Shelly
|
579
654
|
Shenzhen Reecam Tech. Ltd.
|
580
655
|
ShoreTel
|
581
656
|
Siebel
|
@@ -585,8 +660,10 @@ Silver Peak
|
|
585
660
|
Siqura
|
586
661
|
Slackware
|
587
662
|
SmoothWall
|
663
|
+
SnapServer
|
588
664
|
Sofrel
|
589
665
|
Softing
|
666
|
+
Software House
|
590
667
|
SolarWinds
|
591
668
|
SonarQube
|
592
669
|
SonicWall
|
@@ -599,12 +676,14 @@ Spiceworks
|
|
599
676
|
Spirent Communications
|
600
677
|
SpliceCom
|
601
678
|
Splunk
|
679
|
+
SpotterRF
|
602
680
|
Squid Cache
|
603
681
|
Standard Networks
|
604
682
|
StarNet Communications Corp.
|
605
683
|
StarVox, Inc.
|
606
684
|
StartCom
|
607
685
|
Steinsvik
|
686
|
+
Strategic Cyber LLC
|
608
687
|
StreamComm
|
609
688
|
SuSE
|
610
689
|
Sun
|
@@ -616,6 +695,7 @@ Symantec
|
|
616
695
|
Symbol
|
617
696
|
Symbol Technologies Inc.
|
618
697
|
Symplified
|
698
|
+
Synacor
|
619
699
|
Syndeo Corp.
|
620
700
|
Synology
|
621
701
|
SysMaster Corporation
|
@@ -626,29 +706,36 @@ TP-LINK
|
|
626
706
|
TRENDnet
|
627
707
|
TVersity
|
628
708
|
TYPO3
|
709
|
+
Tableau
|
629
710
|
Tandberg
|
630
711
|
Taobao
|
631
712
|
Tasman Networks
|
713
|
+
Technicolor
|
632
714
|
Tektronix
|
633
715
|
Teldat H. Kruszynski, M. Cichocki Sp. J.
|
634
716
|
TeleStream Technologies, Inc.
|
635
717
|
TeleWare
|
718
|
+
Teledyne FLIR
|
636
719
|
Telliris
|
637
720
|
Telxon Corporation
|
638
721
|
Tenable
|
639
722
|
Tencent
|
723
|
+
Teradici
|
640
724
|
Thekelleys
|
641
725
|
Thomson
|
642
726
|
TigerVNC
|
643
727
|
TightVNC
|
728
|
+
Tildeslash
|
644
729
|
Tilgin
|
645
730
|
Tintro
|
646
731
|
Tinyproxy Project
|
647
732
|
Tivo
|
648
733
|
Tobit Software
|
649
734
|
Tokutek
|
735
|
+
Tor Project
|
650
736
|
TornadoWeb
|
651
737
|
Toshiba
|
738
|
+
Traefik Labs
|
652
739
|
Treck
|
653
740
|
Tridium
|
654
741
|
Troy
|
@@ -663,10 +750,14 @@ Ubiquiti
|
|
663
750
|
Ubuntu
|
664
751
|
UnboundID
|
665
752
|
Unica
|
753
|
+
Unify
|
666
754
|
Unisys
|
667
755
|
UnitedLinux
|
756
|
+
VBrick
|
668
757
|
VMware
|
669
758
|
VTEL
|
759
|
+
Vaddio
|
760
|
+
Valcom
|
670
761
|
VanDyke Software
|
671
762
|
Vanguard Managed Solutions
|
672
763
|
Varnish-cache
|
@@ -679,6 +770,7 @@ VideoServer
|
|
679
770
|
Vignette
|
680
771
|
Vine
|
681
772
|
Vircom
|
773
|
+
Visuality Systems
|
682
774
|
Vizio
|
683
775
|
VocalTec Communications, Inc.
|
684
776
|
Västgöta-Data AB
|
@@ -688,13 +780,18 @@ Washington University
|
|
688
780
|
WatchGuard
|
689
781
|
WeOnlyDo
|
690
782
|
WebTrends
|
783
|
+
Webmin
|
784
|
+
Weidmüller
|
691
785
|
Westbay Engineers
|
692
786
|
Westell
|
693
787
|
Western Digital
|
694
788
|
White Box
|
789
|
+
Wifx
|
695
790
|
Wildix
|
696
791
|
Wind River
|
792
|
+
Wowza
|
697
793
|
Wowza Media Systems
|
794
|
+
Wyze
|
698
795
|
X.Org
|
699
796
|
XAMPP
|
700
797
|
XFree86
|
@@ -707,6 +804,7 @@ Xitami
|
|
707
804
|
Xlight
|
708
805
|
Xubuntu
|
709
806
|
Xyplex
|
807
|
+
Xytronix
|
710
808
|
Yamaha
|
711
809
|
Yealink
|
712
810
|
Yocto
|
@@ -723,18 +821,24 @@ cPanel
|
|
723
821
|
cz.nic
|
724
822
|
enGenius
|
725
823
|
estos
|
824
|
+
etherpad
|
726
825
|
exim
|
727
826
|
gdnsd
|
728
827
|
home.pl
|
729
828
|
i.LON
|
829
|
+
iRobot
|
830
|
+
iStar
|
730
831
|
iTach
|
832
|
+
iXsystems
|
731
833
|
innovaphone
|
732
834
|
libssh
|
733
835
|
lighttpd
|
734
836
|
mod_ssl
|
735
837
|
mod_wsgi
|
736
838
|
nginx
|
839
|
+
ninenines
|
737
840
|
noVNC
|
841
|
+
ntop
|
738
842
|
ownCloud
|
739
843
|
pfSense
|
740
844
|
port25
|
data/lib/recog/db.rb
CHANGED
@@ -66,10 +66,11 @@ class DB
|
|
66
66
|
|
67
67
|
end
|
68
68
|
|
69
|
+
filepath = self.path.sub(/\.xml$/, '')
|
69
70
|
@match_key = File.basename(self.path).sub(/\.xml$/, '') unless @match_key
|
70
71
|
|
71
72
|
xml.xpath('/fingerprints/fingerprint').each do |fprint|
|
72
|
-
@fingerprints << Fingerprint.new(fprint, @match_key, @protocol)
|
73
|
+
@fingerprints << Fingerprint.new(fprint, @match_key, @protocol, filepath)
|
73
74
|
end
|
74
75
|
|
75
76
|
xml = nil
|
data/lib/recog/fingerprint.rb
CHANGED
@@ -31,7 +31,8 @@ class Fingerprint
|
|
31
31
|
# @param xml [Nokogiri::XML::Element]
|
32
32
|
# @param match_key [String] See Recog::DB
|
33
33
|
# @param protocol [String] Protocol such as ftp, mssql, http, etc.
|
34
|
-
|
34
|
+
# @param filepath [String] Directory path for fingerprint example files
|
35
|
+
def initialize(xml, match_key=nil, protocol=nil, filepath=nil)
|
35
36
|
@match_key = match_key
|
36
37
|
@protocol = protocol
|
37
38
|
@name = parse_description(xml)
|
@@ -40,7 +41,7 @@ class Fingerprint
|
|
40
41
|
@tests = []
|
41
42
|
|
42
43
|
@protocol.downcase! if @protocol
|
43
|
-
parse_examples(xml)
|
44
|
+
parse_examples(xml, filepath)
|
44
45
|
parse_params(xml)
|
45
46
|
end
|
46
47
|
|
@@ -176,6 +177,7 @@ class Fingerprint
|
|
176
177
|
# out correctly and match the capture group values we expect.
|
177
178
|
test.attributes.each do |k, v|
|
178
179
|
next if k == '_encoding'
|
180
|
+
next if k == '_filename'
|
179
181
|
if !result.has_key?(k) || result[k] != v
|
180
182
|
message = "'#{@name}' failed to find expected capture group #{k} '#{v}'. Result was #{result[k]}"
|
181
183
|
status = :fail
|
@@ -223,7 +225,7 @@ class Fingerprint
|
|
223
225
|
capture_group_used.each do |param_name, param_used|
|
224
226
|
if !param_used
|
225
227
|
message = "'#{@name}' is missing an example that checks for parameter '#{param_name}' " +
|
226
|
-
"
|
228
|
+
"which is derived from a capture group"
|
227
229
|
yield :warn, message
|
228
230
|
end
|
229
231
|
end
|
@@ -247,14 +249,25 @@ class Fingerprint
|
|
247
249
|
end
|
248
250
|
|
249
251
|
# @param xml [Nokogiri::XML::Element]
|
252
|
+
# @param filepath [String] Directory path for fingerprint example files
|
250
253
|
# @return [void]
|
251
|
-
def parse_examples(xml)
|
254
|
+
def parse_examples(xml, filepath)
|
252
255
|
elements = xml.xpath('example')
|
253
256
|
|
254
257
|
elements.each do |elem|
|
255
258
|
# convert nokogiri Attributes into a hash of name => value
|
256
259
|
attrs = elem.attributes.values.reduce({}) { |a,e| a.merge(e.name => e.value) }
|
257
|
-
|
260
|
+
if attrs["_filename"]
|
261
|
+
contents = ""
|
262
|
+
fn = File.join(filepath, attrs["_filename"])
|
263
|
+
File.open(fn, "rb") do |file|
|
264
|
+
contents = file.read
|
265
|
+
contents.force_encoding(Encoding::ASCII_8BIT)
|
266
|
+
end
|
267
|
+
@tests << Test.new(contents, attrs)
|
268
|
+
else
|
269
|
+
@tests << Test.new(elem.content, attrs)
|
270
|
+
end
|
258
271
|
end
|
259
272
|
|
260
273
|
nil
|
data/lib/recog/nizer.rb
CHANGED
@@ -8,13 +8,13 @@ class Nizer
|
|
8
8
|
# Non-weighted host attributes that can be extracted from fingerprint matches
|
9
9
|
HOST_ATTRIBUTES = %W{
|
10
10
|
host.domain
|
11
|
-
host.id
|
12
11
|
host.ip
|
13
12
|
host.mac
|
14
13
|
host.name
|
15
14
|
host.time
|
16
15
|
hw.device
|
17
16
|
hw.family
|
17
|
+
hw.serial_number
|
18
18
|
hw.product
|
19
19
|
hw.vendor
|
20
20
|
}
|
@@ -264,84 +264,3 @@ class Nizer
|
|
264
264
|
|
265
265
|
end
|
266
266
|
end
|
267
|
-
|
268
|
-
=begin
|
269
|
-
|
270
|
-
Current key names:
|
271
|
-
|
272
|
-
apache.info
|
273
|
-
apache.variant
|
274
|
-
apache.variant.version
|
275
|
-
cookie
|
276
|
-
host.domain
|
277
|
-
host.id
|
278
|
-
host.ip
|
279
|
-
host.mac
|
280
|
-
host.name
|
281
|
-
host.time
|
282
|
-
hw.device
|
283
|
-
hw.family
|
284
|
-
hw.product
|
285
|
-
hw.vendor
|
286
|
-
imail.eval
|
287
|
-
jetty.info
|
288
|
-
junction.cookie
|
289
|
-
junction.name
|
290
|
-
linux.kernel.version
|
291
|
-
loadbalancer.poolname
|
292
|
-
mdaemon.unregistered
|
293
|
-
mercur.os.info
|
294
|
-
metainfo.version
|
295
|
-
metainfo.version.version
|
296
|
-
ms.nttp.version
|
297
|
-
notes.build.version
|
298
|
-
notes.intl
|
299
|
-
ntmail.id
|
300
|
-
openssh.comment
|
301
|
-
openssh.cvepatch
|
302
|
-
os.arch
|
303
|
-
os.build
|
304
|
-
os.certainty
|
305
|
-
os.device
|
306
|
-
os.edition
|
307
|
-
os.family
|
308
|
-
os.product
|
309
|
-
os.vendor
|
310
|
-
os.version
|
311
|
-
os.version.version
|
312
|
-
os.version.version.version
|
313
|
-
postfix.os.info
|
314
|
-
postoffice.build
|
315
|
-
postoffice.id
|
316
|
-
proftpd.server.name
|
317
|
-
pureftpd.config
|
318
|
-
qpopper.version
|
319
|
-
sendmail.config.version
|
320
|
-
sendmail.hpux.phne.version
|
321
|
-
sendmail.vendor.version
|
322
|
-
service.certainty
|
323
|
-
service.component.family
|
324
|
-
service.component.product
|
325
|
-
service.component.vendor
|
326
|
-
service.component.version
|
327
|
-
service.family
|
328
|
-
service.product
|
329
|
-
service.vendor
|
330
|
-
service.version
|
331
|
-
service.version.version
|
332
|
-
service.version.version.version
|
333
|
-
service.version.version.version.version
|
334
|
-
service.version.version.version.version.version
|
335
|
-
siemens.model
|
336
|
-
snmp.fpmib.oid.1
|
337
|
-
snmp.fpmib.oid.2
|
338
|
-
system.time
|
339
|
-
system.time.format
|
340
|
-
system.time.micros
|
341
|
-
system.time.millis
|
342
|
-
thttpd.mx-patch
|
343
|
-
timeout
|
344
|
-
tomcat.info
|
345
|
-
zmailer.ident
|
346
|
-
|
347
|
-
=end
|
data/lib/recog/verifier.rb
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
module Recog
|
2
2
|
class Verifier
|
3
|
-
attr_reader :
|
3
|
+
attr_reader :db, :reporter
|
4
4
|
|
5
|
-
def initialize(
|
6
|
-
@
|
5
|
+
def initialize(db, reporter)
|
6
|
+
@db = db
|
7
7
|
@reporter = reporter
|
8
8
|
end
|
9
9
|
|
10
10
|
def verify
|
11
|
-
reporter.report(fingerprints.count) do
|
12
|
-
fingerprints.each do |fp|
|
11
|
+
reporter.report(db.fingerprints.count) do
|
12
|
+
db.fingerprints.each do |fp|
|
13
13
|
reporter.print_name fp
|
14
14
|
|
15
15
|
fp.verify_params do |status, message|
|
@@ -4,10 +4,10 @@ require 'recog/verify_reporter'
|
|
4
4
|
|
5
5
|
module Recog
|
6
6
|
module VerifierFactory
|
7
|
-
def self.build(options)
|
7
|
+
def self.build(options, db)
|
8
8
|
formatter = Formatter.new(options, $stdout)
|
9
|
-
reporter = VerifyReporter.new(options, formatter)
|
10
|
-
Verifier.new(
|
9
|
+
reporter = VerifyReporter.new(options, formatter, db.path)
|
10
|
+
Verifier.new(db, reporter)
|
11
11
|
end
|
12
12
|
end
|
13
13
|
end
|