recog 2.3.20 → 2.3.23
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +8 -0
- data/.github/workflows/ci.yml +1 -1
- data/.github/workflows/verify.yml +89 -0
- data/.vscode/bin/monitor-recog-fingerprints.sh +54 -0
- data/.vscode/extensions.json +5 -0
- data/.vscode/settings.json +8 -0
- data/.vscode/tasks.json +77 -0
- data/CONTRIBUTING.md +8 -0
- data/README.md +17 -0
- data/bin/recog_standardize +28 -13
- data/bin/recog_verify +42 -8
- data/cpe-remap.yaml +62 -3
- data/features/data/schema_failure.xml +4 -0
- data/features/data/tests_with_failures.xml +6 -0
- data/features/support/hooks.rb +9 -0
- data/features/verify.feature +85 -21
- data/identifiers/fields.txt +6 -5
- data/identifiers/hw_device.txt +8 -0
- data/identifiers/hw_family.txt +8 -0
- data/identifiers/hw_product.txt +54 -0
- data/identifiers/os_device.txt +2 -0
- data/identifiers/os_family.txt +2 -0
- data/identifiers/os_product.txt +18 -2
- data/identifiers/service_product.txt +26 -0
- data/identifiers/vendor.txt +62 -1
- data/lib/recog/db.rb +2 -1
- data/lib/recog/fingerprint.rb +33 -6
- data/lib/recog/fingerprint_parse_error.rb +10 -0
- data/lib/recog/nizer.rb +1 -82
- data/lib/recog/verifier.rb +9 -9
- data/lib/recog/verify_reporter.rb +17 -6
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
- data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
- data/spec/data/external_example_fingerprint.xml +8 -0
- data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
- data/spec/lib/fingerprint_self_test_spec.rb +1 -0
- data/spec/lib/recog/db_spec.rb +84 -61
- data/spec/lib/recog/fingerprint_spec.rb +4 -4
- data/spec/lib/recog/verify_reporter_spec.rb +73 -4
- data/tools/dev/hooks/pre-commit +21 -0
- data/update_cpes.py +130 -37
- data/xml/apache_os.xml +98 -56
- data/xml/architecture.xml +15 -1
- data/xml/dhcp_vendor_class.xml +206 -0
- data/xml/dns_versionbind.xml +26 -13
- data/xml/favicons.xml +236 -47
- data/xml/fingerprints.xsd +9 -1
- data/xml/ftp_banners.xml +213 -197
- data/xml/h323_callresp.xml +101 -101
- data/xml/hp_pjl_id.xml +84 -84
- data/xml/html_title.xml +715 -45
- data/xml/http_cookies.xml +143 -80
- data/xml/http_servers.xml +510 -310
- data/xml/http_wwwauth.xml +177 -75
- data/xml/imap_banners.xml +10 -10
- data/xml/mdns_device-info_txt.xml +421 -26
- data/xml/mysql_banners.xml +3 -2
- data/xml/nntp_banners.xml +12 -9
- data/xml/ntp_banners.xml +97 -97
- data/xml/operating_system.xml +98 -83
- data/xml/pop_banners.xml +27 -27
- data/xml/rsh_resp.xml +3 -3
- data/xml/sip_banners.xml +46 -8
- data/xml/sip_user_agents.xml +180 -27
- data/xml/smb_native_lm.xml +5 -5
- data/xml/smb_native_os.xml +28 -25
- data/xml/smtp_banners.xml +258 -254
- data/xml/smtp_ehlo.xml +1 -1
- data/xml/smtp_help.xml +11 -11
- data/xml/smtp_noop.xml +2 -2
- data/xml/snmp_sysdescr.xml +1554 -1429
- data/xml/snmp_sysobjid.xml +27 -27
- data/xml/ssh_banners.xml +27 -20
- data/xml/telnet_banners.xml +256 -57
- data/xml/tls_jarm.xml +48 -6
- data/xml/x11_banners.xml +3 -3
- data/xml/x509_issuers.xml +69 -2
- data/xml/x509_subjects.xml +144 -33
- metadata +24 -4
- data/lib/recog/verifier_factory.rb +0 -13
data/xml/mysql_banners.xml
CHANGED
@@ -1354,9 +1354,10 @@
|
|
1354
1354
|
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:10.04"/>
|
1355
1355
|
</fingerprint>
|
1356
1356
|
|
1357
|
-
<fingerprint pattern="^(?:\d{1,2}\.\d{1,3}\.[a-f\d]{1,3}-)?(\d{1,2}\.\d{1,3}\.[a-f\d]{1,4})-MariaDB-\d\:.*\+maria\~focal
|
1357
|
+
<fingerprint pattern="^(?:\d{1,2}\.\d{1,3}\.[a-f\d]{1,3}-)?(\d{1,2}\.\d{1,3}\.[a-f\d]{1,4})-MariaDB-\d\:.*\+maria\~focal(?:-log)?$" flags="REG_ICASE">
|
1358
1358
|
<description>MariaDB MariaDB on Ubuntu 20.04 (Focal Fossa)</description>
|
1359
1359
|
<example service.version="10.5.2">5.5.5-10.5.2-MariaDB-1:10.5.2+maria~focal</example>
|
1360
|
+
<example service.version="10.1.1">5.5.5-10.1.1-MariaDB-1:10.1.1+maria~focal-log</example>
|
1360
1361
|
<param pos="1" name="service.version"/>
|
1361
1362
|
<param pos="0" name="service.vendor" value="MariaDB"/>
|
1362
1363
|
<param pos="0" name="service.family" value="MySQL"/>
|
@@ -1384,7 +1385,7 @@
|
|
1384
1385
|
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:10.10"/>
|
1385
1386
|
</fingerprint>
|
1386
1387
|
|
1387
|
-
<fingerprint pattern="^(?:\d{1,2}\.\d{1,3}\.[a-f\d]{1,3}-)?(\d{1,2}\.\d{1,3}\.[a-f\d]{1,4}(?:\-\d)?)-MariaDB-alt\d{1,2}(?:-log)
|
1388
|
+
<fingerprint pattern="^(?:\d{1,2}\.\d{1,3}\.[a-f\d]{1,3}-)?(\d{1,2}\.\d{1,3}\.[a-f\d]{1,4}(?:\-\d)?)-MariaDB-alt\d{1,2}(?:-log)?" flags="REG_ICASE">
|
1388
1389
|
<description>MariaDB MariaDB on a ALT Linux</description>
|
1389
1390
|
<example service.version="10.1.29">5.5.5-10.1.29-MariaDB-alt1.M80P.1</example>
|
1390
1391
|
<example service.version="10.2.15">5.5.5-10.2.15-MariaDB-alt2.M80P.3.S1</example>
|
data/xml/nntp_banners.xml
CHANGED
@@ -13,7 +13,7 @@
|
|
13
13
|
<param pos="0" name="service.product" value="CCProxy"/>
|
14
14
|
</fingerprint>
|
15
15
|
|
16
|
-
<fingerprint pattern="^(\S
|
16
|
+
<fingerprint pattern="^(\S{1,512}) Lyris ListManager NNTP Service ready">
|
17
17
|
<description>Lyris Listmanager</description>
|
18
18
|
<example host.name="blah">blah Lyris ListManager NNTP Service ready (posting ok).</example>
|
19
19
|
<param pos="0" name="service.vendor" value="Lyris"/>
|
@@ -22,10 +22,10 @@
|
|
22
22
|
<param pos="1" name="host.name"/>
|
23
23
|
</fingerprint>
|
24
24
|
|
25
|
-
<fingerprint pattern="^NNTP Service (?:.*) Version: (5.0.2195.[0-9]+)
|
25
|
+
<fingerprint pattern="^NNTP Service (?:.*) Version: (5.0.2195.[0-9]+)">
|
26
26
|
<description>Microsoft IIS NNTP Server on Windows 2000</description>
|
27
|
-
<example>NNTP Service 5.00.0984 Version: 5.0.2195.7034 Posting Allowed</example>
|
28
|
-
<example>NNTP Service 5.00.0984 Version: 5.0.2195.5329 Posting Allowed</example>
|
27
|
+
<example service.version="5.0.2195.7034" ms.nttp.version="5.0.2195.7034">NNTP Service 5.00.0984 Version: 5.0.2195.7034 Posting Allowed</example>
|
28
|
+
<example service.version="5.0.2195.5329" ms.nttp.version="5.0.2195.5329">NNTP Service 5.00.0984 Version: 5.0.2195.5329 Posting Allowed</example>
|
29
29
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
30
30
|
<param pos="0" name="service.product" value="IIS"/>
|
31
31
|
<param pos="0" name="service.family" value="IIS"/>
|
@@ -38,10 +38,10 @@
|
|
38
38
|
<param pos="1" name="ms.nttp.version"/>
|
39
39
|
</fingerprint>
|
40
40
|
|
41
|
-
<fingerprint pattern="^NNTP Service (?:.*) Version: (6.0.3790.[0-9]+)
|
41
|
+
<fingerprint pattern="^NNTP Service (?:.*) Version: (6.0.3790.[0-9]+)">
|
42
42
|
<description>Microsoft IIS NNTP Server on Windows Server 2003</description>
|
43
|
-
<example>NNTP Service 6.0.3790.3959 Version: 6.0.3790.3959 Posting Allowed</example>
|
44
|
-
<example>NNTP Service 6.0.3790.206 Version: 6.0.3790.206 Posting Allowed</example>
|
43
|
+
<example service.version="6.0.3790.3959" ms.nttp.version="6.0.3790.3959">NNTP Service 6.0.3790.3959 Version: 6.0.3790.3959 Posting Allowed</example>
|
44
|
+
<example service.version="6.0.3790.206" ms.nttp.version="6.0.3790.206">NNTP Service 6.0.3790.206 Version: 6.0.3790.206 Posting Allowed</example>
|
45
45
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
46
46
|
<param pos="0" name="service.product" value="IIS"/>
|
47
47
|
<param pos="0" name="service.family" value="IIS"/>
|
@@ -54,7 +54,7 @@
|
|
54
54
|
<param pos="1" name="ms.nttp.version"/>
|
55
55
|
</fingerprint>
|
56
56
|
|
57
|
-
<fingerprint pattern="^NNTP Service Microsoft. Internet Services (?:.*) Version: (?:[^ ]+)
|
57
|
+
<fingerprint pattern="^NNTP Service Microsoft. Internet Services (?:.*) Version: (?:[^ ]+)">
|
58
58
|
<description>Older Microsoft IIS NNTP Servers</description>
|
59
59
|
<example>NNTP Service Microsoft. Internet Services 5.00 Version: 5.0.2068.0 Posting Allowed</example>
|
60
60
|
<example>NNTP Service Microsoft. Internet Services 5.00.7515. Version: 5.0.0.7515 Posting Allowed</example>
|
@@ -82,9 +82,12 @@
|
|
82
82
|
</fingerprint>
|
83
83
|
|
84
84
|
<fingerprint pattern="^NNTP server ready(?: \(no posting\))?$">
|
85
|
-
<description>Non-specific NNTP</description>
|
85
|
+
<description>Non-specific NNTP -- assert nothing</description>
|
86
86
|
<example>NNTP server ready (no posting)</example>
|
87
87
|
<example>NNTP server ready</example>
|
88
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
89
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
90
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
88
91
|
</fingerprint>
|
89
92
|
|
90
93
|
</fingerprints>
|