RubyGems - recog - Versions diffs - 2.3.20 → 2.3.21 - Mend

recog 2.3.20 → 2.3.21

Files changed (32) hide show

checksums.yaml +4 -4
data/cpe-remap.yaml +29 -1
data/identifiers/fields.txt +1 -1
data/identifiers/hw_product.txt +1 -0
data/identifiers/os_product.txt +0 -1
data/lib/recog/nizer.rb +1 -82
data/lib/recog/version.rb +1 -1
data/xml/apache_os.xml +1 -1
data/xml/dns_versionbind.xml +10 -0
data/xml/favicons.xml +1 -0
data/xml/ftp_banners.xml +56 -44
data/xml/html_title.xml +36 -12
data/xml/http_cookies.xml +2 -3
data/xml/http_servers.xml +28 -28
data/xml/http_wwwauth.xml +3 -3
data/xml/imap_banners.xml +5 -5
data/xml/mdns_device-info_txt.xml +32 -0
data/xml/mysql_banners.xml +2 -1
data/xml/nntp_banners.xml +1 -1
data/xml/ntp_banners.xml +1 -1
data/xml/operating_system.xml +4 -4
data/xml/pop_banners.xml +4 -4
data/xml/sip_banners.xml +3 -3
data/xml/sip_user_agents.xml +5 -0
data/xml/smb_native_os.xml +3 -0
data/xml/smtp_banners.xml +130 -127
data/xml/snmp_sysdescr.xml +26 -26
data/xml/ssh_banners.xml +12 -11
data/xml/telnet_banners.xml +59 -44
data/xml/x509_issuers.xml +32 -2
data/xml/x509_subjects.xml +23 -13
metadata +2 -2

data/xml/x509_issuers.xml CHANGED Viewed

@@ -13,54 +13,84 @@
   <fingerprint pattern="^CN=R3,O=Let's Encrypt,C=US$">
     <description>Lets Encrypt R3 - generic -- assert nothing.</description>
     <example>CN=R3,O=Let's Encrypt,C=US</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
   <fingerprint pattern="^CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US$">
     <description>Lets Encrypt X3 - generic -- assert nothing.</description>
     <example>CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
   <fingerprint pattern="^CN=Amazon,OU=Server CA 1B,O=Amazon,C=US$">
     <description>Amazon AWS Server CA 1B - generic -- assert nothing.</description>
     <example>CN=Amazon,OU=Server CA 1B,O=Amazon,C=US</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
   <fingerprint pattern="^CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US$">
     <description>DigiCert SHA2 - generic -- assert nothing.</description>
     <example>CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
   <fingerprint pattern="^CN=DigiCert TLS (?:RSA SHA256|Hybrid ECC SHA384) 2020 CA1,O=DigiCert Inc,C=US$">
     <description>DigiCert SHA256 2020 CA1 - generic -- assert nothing.</description>
     <example>CN=DigiCert TLS RSA SHA256 2020 CA1,O=DigiCert Inc,C=US</example>
     <example>CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1,O=DigiCert Inc,C=US</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
   <fingerprint pattern="^CN=DigiCert Secure Site ECC CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US$">
     <description>DigiCert ECC CA-1 - generic -- assert nothing.</description>
     <example>CN=DigiCert Secure Site ECC CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
   <fingerprint pattern="^CN=DigiCert SHA2 (?:Extended Validation|High Assurance) Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US$">
     <description>DigiCert SHA2 EV - generic -- assert nothing.</description>
     <example>CN=DigiCert SHA2 Extended Validation Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
     <example>CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
   <fingerprint pattern="^CN=Sectigo RSA (?:Domain|Organization) Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB$">
     <description>Sectigo RSA - generic -- assert nothing.</description>
     <example>CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB</example>
     <example>CN=Sectigo RSA Organization Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
   <fingerprint pattern="^CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US$">
     <description>GeoTrust RSA CA 2018 - generic -- assert nothing.</description>
     <example>CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
   <fingerprint pattern="^CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs\.godaddy\.com/repository/,O=GoDaddy.com\\, Inc\.,L=Scottsdale,ST=Arizona,C=US$">
     <description>Go Daddy G2 - generic -- assert nothing.</description>
     <example>CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
   <!-- Chromecast and various devices that support the Cast protocol -->
@@ -304,10 +334,10 @@
     <param pos="0" name="service.vendor" value="Traefik Labs"/>
     <param pos="0" name="service.family" value="Traefik"/>
     <param pos="0" name="service.product" value="Traefik Proxy"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:containous:traefik:-"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:traefik:traefik:-"/>
   </fingerprint>
-  <fingerprint pattern="^(?i)CN=Fireware web CA,OU=Fireware,O=WatchGuard(?: CA)?$">
+  <fingerprint pattern="(?i)^CN=Fireware web CA,OU=Fireware,O=WatchGuard(?: CA)?$">
     <description>WatchGuard Fireware</description>
     <example>CN=Fireware web ca,OU=Fireware,O=WatchGuard</example>
     <example>CN=Fireware web CA,OU=Fireware,O=Watchguard CA</example>

data/xml/x509_subjects.xml CHANGED Viewed

@@ -69,11 +69,12 @@
   <fingerprint pattern="^SERIALNUMBER=PID:([^ ]+) SN:([^,]+),CN=(?:[a-zA-Z0-9\-]+)-SEP([a-fA-F0-9]{12}),OU=[CV]TG,O=Cisco Systems Inc\.$">
     <description>Cisco IP phone with serial number</description>
-    <example host.mac="B07D47D33A1C" hw.product="CP-8851" cisco.serial_number="FCH1924AHCA">SERIALNUMBER=PID:CP-8851 SN:FCH1924AHCA,CN=CP-8851-SEPB07D47D33A1C,OU=CTG,O=Cisco Systems Inc.</example>
-    <example host.mac="64D989000000" hw.product="CP-9951" cisco.serial_number="FCH15200000">SERIALNUMBER=PID:CP-9951 SN:FCH15200000,CN=CP-9951-SEP64D989000000,OU=VTG,O=Cisco Systems Inc.</example>
+    <example host.mac="B07D47D33A1C" hw.product="CP-8851" cisco.serial_number="FCH1924AHCA" hw.serial_number="FCH1924AHCA">SERIALNUMBER=PID:CP-8851 SN:FCH1924AHCA,CN=CP-8851-SEPB07D47D33A1C,OU=CTG,O=Cisco Systems Inc.</example>
+    <example host.mac="64D989000000" hw.product="CP-9951" cisco.serial_number="FCH15200000" hw.serial_number="FCH15200000">SERIALNUMBER=PID:CP-9951 SN:FCH15200000,CN=CP-9951-SEP64D989000000,OU=VTG,O=Cisco Systems Inc.</example>
     <param pos="0" name="hw.device" value="VoIP"/>
     <param pos="0" name="hw.vendor" value="Cisco"/>
     <param pos="1" name="hw.product"/>
+    <param pos="2" name="hw.serial_number"/>
     <param pos="2" name="cisco.serial_number"/>
     <param pos="3" name="host.mac"/>
   </fingerprint>
@@ -289,6 +290,7 @@
     <param pos="0" name="os.vendor" value="Oracle"/>
     <param pos="0" name="os.family" value="ILOM"/>
     <param pos="0" name="os.product" value="ILOM"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:oracle:integrated_lights_out_manager_firmware:-"/>
   </fingerprint>
   <fingerprint pattern="^CN=AMI,OU=Service Processors,O=American Megatrends Inc">
@@ -307,10 +309,11 @@
   <fingerprint pattern="^CN=C-series CIMC,OU=PID:([^ ]+) SERIAL:([^,]+),O=Cisco">
     <description>Cisco Integrated Management Controller</description>
-    <example cisco.serial_number="FCH18999AAA" cisco.imc_model="UCSC-C220-M3S">CN=C-series CIMC,OU=PID:UCSC-C220-M3S SERIAL:FCH18999AAA,O=Cisco Self Signed,L=San Jose,ST=California,C=US</example>
+    <example cisco.serial_number="FCH18999AAA" hw.serial_number="FCH18999AAA" cisco.imc_model="UCSC-C220-M3S">CN=C-series CIMC,OU=PID:UCSC-C220-M3S SERIAL:FCH18999AAA,O=Cisco Self Signed,L=San Jose,ST=California,C=US</example>
     <param pos="0" name="hw.device" value="Lights Out Management"/>
     <param pos="0" name="hw.vendor" value="Cisco"/>
     <param pos="0" name="hw.product" value="IMC"/>
+    <param pos="2" name="hw.serial_number"/>
     <param pos="0" name="os.vendor" value="Cisco"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="IMC"/>
@@ -320,10 +323,11 @@
   <fingerprint pattern="^CN=C220-(FCH[^,]+),OU=null,O=Cisco Systems Inc">
     <description>Cisco Integrated Management Controller C220</description>
-    <example cisco.serial_number="FCH17999AAA">CN=C220-FCH17999AAA,OU=null,O=Cisco Systems Inc.,L=San Jose,ST=California,C=US</example>
+    <example cisco.serial_number="FCH17999AAA" hw.serial_number="FCH17999AAA">CN=C220-FCH17999AAA,OU=null,O=Cisco Systems Inc.,L=San Jose,ST=California,C=US</example>
     <param pos="0" name="hw.device" value="Lights Out Management"/>
     <param pos="0" name="hw.vendor" value="Cisco"/>
     <param pos="0" name="hw.product" value="IMC"/>
+    <param pos="1" name="hw.serial_number"/>
     <param pos="0" name="os.vendor" value="Cisco"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="IMC"/>
@@ -407,12 +411,13 @@
   <fingerprint pattern="^SERIALNUMBER=([a-zA-Z0-9]+),CN=DEVICE-vWLC,O=Cisco Virtual WLC$">
     <description>Cisco vWLC</description>
-    <example cisco.serial_number="9C89M2088D1">SERIALNUMBER=9C89M2088D1,CN=DEVICE-vWLC,O=Cisco Virtual WLC</example>
+    <example cisco.serial_number="9C89M2088D1" hw.serial_number="9C89M2088D1">SERIALNUMBER=9C89M2088D1,CN=DEVICE-vWLC,O=Cisco Virtual WLC</example>
     <param pos="0" name="os.vendor" value="Cisco"/>
     <param pos="0" name="os.device" value="Wireless Controller"/>
     <param pos="0" name="os.product" value="Wireless LAN Controller"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller_software:-"/>
     <param pos="1" name="cisco.serial_number"/>
+    <param pos="1" name="hw.serial_number"/>
   </fingerprint>
   <fingerprint pattern="^CN=[a-zA-Z0-9\.\-\_]+,OU=DeviceSSL \(WebAdmin\),O=Cisco Systems Inc\.,C=US$">
@@ -588,7 +593,7 @@
     <param pos="0" name="service.vendor" value="Traefik Labs"/>
     <param pos="0" name="service.family" value="Traefik"/>
     <param pos="0" name="service.product" value="Traefik Proxy"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:containous:traefik:-"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:traefik:traefik:-"/>
   </fingerprint>
   <fingerprint pattern="^CN=default(?: [A-Z]+)?,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US$">
@@ -614,8 +619,8 @@
   <fingerprint pattern="^CN=([a-zA-Z0-9]{5,12}) ([a-zA-Z0-9]{12}),OU=(?:Cast|Google TV),O=Google Inc,L=Mountain View,ST=California,C=US$">
     <description>Google Chromecast</description>
-    <example chromecast.serial_number="LVDZG5" host.mac_local="FA8FCA67413D">CN=LVDZG5 FA8FCA67413D,OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
-    <example chromecast.serial_number="YRBLE" host.mac_local="FA8FCA7DE87D">CN=YRBLE FA8FCA7DE87D,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US</example>
+    <example chromecast.serial_number="LVDZG5" host.mac_local="FA8FCA67413D" hw.serial_number="LVDZG5">CN=LVDZG5 FA8FCA67413D,OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
+    <example chromecast.serial_number="YRBLE" host.mac_local="FA8FCA7DE87D" hw.serial_number="YRBLE">CN=YRBLE FA8FCA7DE87D,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US</example>
     <param pos="0" name="os.vendor" value="Google"/>
     <param pos="0" name="os.product" value="Chrome OS"/>
     <param pos="0" name="os.certainty" value="0.5"/>
@@ -623,6 +628,7 @@
     <param pos="0" name="hw.device" value="Media Server"/>
     <param pos="0" name="hw.vendor" value="Google"/>
     <param pos="0" name="hw.product" value="Chromecast"/>
+    <param pos="1" name="hw.serial_number"/>
     <param pos="0" name="hw.certainty" value="0.5"/>
     <param pos="1" name="chromecast.serial_number"/>
     <!-- This is the hotspot-mode MAC address (clear bit 2) -->
@@ -632,13 +638,14 @@
   <fingerprint pattern="^CN=([a-zA-Z0-9]{5,12}) ([a-zA-Z0-9]{12}),OU=Cast TV \(Vizio\),O=Google Inc,L=Mountain View,ST=California,C=US$">
     <description>Vizio SmartTV (Android) with Google Cast</description>
-    <example chromecast.serial_number="9V039WC9" host.mac_local="FA8FCA697898">CN=9V039WC9 FA8FCA697898,OU=Cast TV (Vizio),O=Google Inc,L=Mountain View,ST=California,C=US</example>
+    <example chromecast.serial_number="9V039WC9" hw.serial_number="9V039WC9" host.mac_local="FA8FCA697898">CN=9V039WC9 FA8FCA697898,OU=Cast TV (Vizio),O=Google Inc,L=Mountain View,ST=California,C=US</example>
     <param pos="0" name="os.vendor" value="Google"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Android"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:google:android:-"/>
     <param pos="0" name="hw.device" value="Smart TV"/>
     <param pos="0" name="hw.vendor" value="Vizio"/>
+    <param pos="1" name="hw.serial_number"/>
     <param pos="1" name="chromecast.serial_number"/>
     <!-- This is the hotspot-mode MAC address (clear bit 2) -->
@@ -878,10 +885,11 @@
   <fingerprint pattern="^CN=([A-Za-z0-9]+),OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US$">
     <description>Fortinet Gateway</description>
-    <example fortinet.serial_number="FG100ETK1800118">CN=FG100ETK1800118,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
-    <example fortinet.serial_number="FGT30D3X15038375">CN=FGT30D3X15038375,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
+    <example fortinet.serial_number="FG100ETK1800118" hw.serial_number="FG100ETK1800118">CN=FG100ETK1800118,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
+    <example fortinet.serial_number="FGT30D3X15038375" hw.serial_number="FGT30D3X15038375">CN=FGT30D3X15038375,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
     <param pos="0" name="hw.vendor" value="Fortinet"/>
     <param pos="0" name="hw.device" value="Firewall"/>
+    <param pos="1" name="hw.serial_number"/>
     <param pos="0" name="os.vendor" value="Fortinet"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.device" value="Firewall"/>
@@ -892,9 +900,10 @@
   <fingerprint pattern="^CN=([A-Za-z0-9]+),O=Fortinet Ltd\.$">
     <description>Fortinet Gateway (Older)</description>
-    <example fortinet.serial_number="FG100D3G13803999">CN=FG100D3G13803999,O=Fortinet Ltd.</example>
+    <example fortinet.serial_number="FG100D3G13803999" hw.serial_number="FG100D3G13803999">CN=FG100D3G13803999,O=Fortinet Ltd.</example>
     <param pos="0" name="hw.vendor" value="Fortinet"/>
     <param pos="0" name="hw.device" value="Firewall"/>
+    <param pos="1" name="hw.serial_number"/>
     <param pos="0" name="os.vendor" value="Fortinet"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.device" value="Firewall"/>
@@ -1298,10 +1307,11 @@
   <fingerprint pattern="^CN=Ruckus Wireless ZoneDirector SN-(\d+),O=Ruckus Wireless\\, Inc\.,ST=CA,C=US$">
     <description>Ruckus Zone Director</description>
-    <example ruckus.serial_number="221301007591">CN=Ruckus Wireless ZoneDirector SN-221301007591,O=Ruckus Wireless\, Inc.,ST=CA,C=US</example>
+    <example ruckus.serial_number="221301007591" hw.serial_number="221301007591">CN=Ruckus Wireless ZoneDirector SN-221301007591,O=Ruckus Wireless\, Inc.,ST=CA,C=US</example>
     <param pos="0" name="hw.device" value="Wireless Controller"/>
     <param pos="0" name="hw.vendor" value="Ruckus"/>
     <param pos="0" name="hw.product" value="Zone Director"/>
+    <param pos="1" name="hw.serial_number"/>
     <param pos="0" name="os.device" value="Wireless Controller"/>
     <param pos="0" name="os.vendor" value="Ruckus"/>
     <param pos="0" name="os.product" value="Zone Director"/>

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: recog
 version: !ruby/object:Gem::Version
-  version: 2.3.20
+  version: 2.3.21
 platform: ruby
 authors:
 - Rapid7 Research
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-13 00:00:00.000000000 Z
+date: 2021-08-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec