recog 2.3.20 → 2.3.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (83) hide show
  1. checksums.yaml +4 -4
  2. data/.github/dependabot.yml +8 -0
  3. data/.github/workflows/ci.yml +1 -1
  4. data/.github/workflows/verify.yml +89 -0
  5. data/.vscode/bin/monitor-recog-fingerprints.sh +54 -0
  6. data/.vscode/extensions.json +5 -0
  7. data/.vscode/settings.json +8 -0
  8. data/.vscode/tasks.json +77 -0
  9. data/CONTRIBUTING.md +8 -0
  10. data/README.md +17 -0
  11. data/bin/recog_standardize +28 -13
  12. data/bin/recog_verify +42 -8
  13. data/cpe-remap.yaml +62 -3
  14. data/features/data/schema_failure.xml +4 -0
  15. data/features/data/tests_with_failures.xml +6 -0
  16. data/features/support/hooks.rb +9 -0
  17. data/features/verify.feature +85 -21
  18. data/identifiers/fields.txt +6 -5
  19. data/identifiers/hw_device.txt +8 -0
  20. data/identifiers/hw_family.txt +8 -0
  21. data/identifiers/hw_product.txt +54 -0
  22. data/identifiers/os_device.txt +2 -0
  23. data/identifiers/os_family.txt +2 -0
  24. data/identifiers/os_product.txt +18 -2
  25. data/identifiers/service_product.txt +26 -0
  26. data/identifiers/vendor.txt +62 -1
  27. data/lib/recog/db.rb +2 -1
  28. data/lib/recog/fingerprint.rb +33 -6
  29. data/lib/recog/fingerprint_parse_error.rb +10 -0
  30. data/lib/recog/nizer.rb +1 -82
  31. data/lib/recog/verifier.rb +9 -9
  32. data/lib/recog/verify_reporter.rb +17 -6
  33. data/lib/recog/version.rb +1 -1
  34. data/requirements.txt +1 -1
  35. data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
  36. data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
  37. data/spec/data/external_example_fingerprint.xml +8 -0
  38. data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
  39. data/spec/lib/fingerprint_self_test_spec.rb +1 -0
  40. data/spec/lib/recog/db_spec.rb +84 -61
  41. data/spec/lib/recog/fingerprint_spec.rb +4 -4
  42. data/spec/lib/recog/verify_reporter_spec.rb +73 -4
  43. data/tools/dev/hooks/pre-commit +21 -0
  44. data/update_cpes.py +130 -37
  45. data/xml/apache_os.xml +98 -56
  46. data/xml/architecture.xml +15 -1
  47. data/xml/dhcp_vendor_class.xml +206 -0
  48. data/xml/dns_versionbind.xml +26 -13
  49. data/xml/favicons.xml +236 -47
  50. data/xml/fingerprints.xsd +9 -1
  51. data/xml/ftp_banners.xml +213 -197
  52. data/xml/h323_callresp.xml +101 -101
  53. data/xml/hp_pjl_id.xml +84 -84
  54. data/xml/html_title.xml +715 -45
  55. data/xml/http_cookies.xml +143 -80
  56. data/xml/http_servers.xml +510 -310
  57. data/xml/http_wwwauth.xml +177 -75
  58. data/xml/imap_banners.xml +10 -10
  59. data/xml/mdns_device-info_txt.xml +421 -26
  60. data/xml/mysql_banners.xml +3 -2
  61. data/xml/nntp_banners.xml +12 -9
  62. data/xml/ntp_banners.xml +97 -97
  63. data/xml/operating_system.xml +98 -83
  64. data/xml/pop_banners.xml +27 -27
  65. data/xml/rsh_resp.xml +3 -3
  66. data/xml/sip_banners.xml +46 -8
  67. data/xml/sip_user_agents.xml +180 -27
  68. data/xml/smb_native_lm.xml +5 -5
  69. data/xml/smb_native_os.xml +28 -25
  70. data/xml/smtp_banners.xml +258 -254
  71. data/xml/smtp_ehlo.xml +1 -1
  72. data/xml/smtp_help.xml +11 -11
  73. data/xml/smtp_noop.xml +2 -2
  74. data/xml/snmp_sysdescr.xml +1554 -1429
  75. data/xml/snmp_sysobjid.xml +27 -27
  76. data/xml/ssh_banners.xml +27 -20
  77. data/xml/telnet_banners.xml +256 -57
  78. data/xml/tls_jarm.xml +48 -6
  79. data/xml/x11_banners.xml +3 -3
  80. data/xml/x509_issuers.xml +69 -2
  81. data/xml/x509_subjects.xml +144 -33
  82. metadata +24 -4
  83. data/lib/recog/verifier_factory.rb +0 -13
data/xml/smtp_ehlo.xml CHANGED
@@ -21,7 +21,7 @@
21
21
  a very precise MS IIS SMTP service or MS Exchange Server fingerprint found with the
22
22
  help of smtp_banners.xml. Instead, this case is handled specially by the Jess rule
23
23
  smtp-iis-xexch50-svc-fingerprint. -mrb
24
- <fingerprint pattern="^250[ -] *XEXCH50.*$">
24
+ <fingerprint pattern="^250[ -] *XEXCH50">
25
25
  <description>
26
26
  Microsoft Exchange/IIS server
27
27
  </description>
data/xml/smtp_help.xml CHANGED
@@ -43,7 +43,7 @@
43
43
  <param pos="0" name="os.vendor" value="Apple"/>
44
44
  <param pos="0" name="os.family" value="Mac OS"/>
45
45
  <param pos="0" name="os.product" value="Mac OS"/>
46
- <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os:-"/>
46
+ <param pos="0" name="os.cpe23" value="cpe:/o:apple:macos:-"/>
47
47
  </fingerprint>
48
48
 
49
49
  <fingerprint pattern="^214[ -]([^ ]+) is running the IBM VM operating system$">
@@ -59,7 +59,7 @@
59
59
  in smtp_ehlo.xml ? -mrb
60
60
  -->
61
61
 
62
- <fingerprint pattern="^214[ -].* XEXCH50 *.*$">
62
+ <fingerprint pattern="^214[ -].* XEXCH50 *">
63
63
  <description>Microsoft Exchange/IIS server</description>
64
64
  <param pos="0" name="service.vendor" value="Microsoft"/>
65
65
  <param pos="0" name="service.family" value="Exchange Server"/>
@@ -84,7 +84,7 @@
84
84
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
85
85
  </fingerprint>
86
86
 
87
- <fingerprint pattern="^214[ -].*This is MERAK ([^ ]+\.[^ ]+\.[^ ]+).*$">
87
+ <fingerprint pattern="^214[ -].*This is MERAK ([^ ]+\.[^ ]+\.[^ ]+)">
88
88
  <description> Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)</description>
89
89
  <param pos="0" name="service.vendor" value="Merak"/>
90
90
  <param pos="0" name="service.family" value="Mail Server"/>
@@ -92,7 +92,7 @@
92
92
  <param pos="1" name="service.version"/>
93
93
  </fingerprint>
94
94
 
95
- <fingerprint pattern="^214[ -].*This is Merak ([^ ]+\.[^ ]+\.[^ ]+).*$">
95
+ <fingerprint pattern="^214[ -].*This is Merak ([^ ]+\.[^ ]+\.[^ ]+)">
96
96
  <description>Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x) - variant 1</description>
97
97
  <param pos="0" name="service.vendor" value="Merak"/>
98
98
  <param pos="0" name="service.family" value="Mail Server"/>
@@ -100,14 +100,14 @@
100
100
  <param pos="1" name="service.version"/>
101
101
  </fingerprint>
102
102
 
103
- <fingerprint pattern="^214[ -].*bugs@merakmail\.com.*$">
103
+ <fingerprint pattern="^214[ -].*bugs@merakmail\.com">
104
104
  <description>Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x) - email variant</description>
105
105
  <param pos="0" name="service.vendor" value="Merak"/>
106
106
  <param pos="0" name="service.family" value="Mail Server"/>
107
107
  <param pos="0" name="service.product" value="Mail Server"/>
108
108
  </fingerprint>
109
109
 
110
- <fingerprint pattern="^214[ -].*bugs@icewarp\.com.*$">
110
+ <fingerprint pattern="^214[ -].*bugs@icewarp\.com">
111
111
  <description>Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x) - icewarp variant </description>
112
112
  <param pos="0" name="service.vendor" value="Merak"/>
113
113
  <param pos="0" name="service.family" value="Mail Server"/>
@@ -122,7 +122,7 @@
122
122
  <param pos="0" name="service.product" value="qmail"/>
123
123
  </fingerprint>
124
124
 
125
- <fingerprint pattern="^214[ -].*contact the Digital Customer Support Center at 1-800-354-9000.*$">
125
+ <fingerprint pattern="^214[ -].*contact the Digital Customer Support Center at 1-800-354-9000">
126
126
  <description>Sendmail on Digital OSF UNIX</description>
127
127
  <param pos="0" name="service.family" value="Sendmail"/>
128
128
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -148,27 +148,27 @@
148
148
 
149
149
  <fingerprint pattern="^502[ -]5\.3\.0 Sendmail ([^ ]+) -- HELP not implemented$">
150
150
  <description>Sendmail - help not implemented variant</description>
151
- <example>502 5.3.0 Sendmail 8.11.2 -- HELP not implemented</example>
151
+ <example service.version="8.11.2">502 5.3.0 Sendmail 8.11.2 -- HELP not implemented</example>
152
152
  <param pos="0" name="service.family" value="Sendmail"/>
153
153
  <param pos="0" name="service.product" value="Sendmail"/>
154
154
  <param pos="1" name="service.version"/>
155
155
  </fingerprint>
156
156
 
157
- <fingerprint pattern="^214[ -].*sendmail-bugs@sendmail\.org.*$">
157
+ <fingerprint pattern="^214[ -].*sendmail-bugs@sendmail\.org">
158
158
  <description>Sendmail often returns version information for HELP - email variant</description>
159
159
  <param pos="0" name="service.family" value="Sendmail"/>
160
160
  <param pos="0" name="service.product" value="Sendmail"/>
161
161
  <param pos="0" name="service.certainty" value="0.85"/>
162
162
  </fingerprint>
163
163
 
164
- <fingerprint pattern="^241[ -].*$">
164
+ <fingerprint pattern="^241[ -]">
165
165
  <description>ZMailer versions earlier than 2.99.21 mistakenly return the status code 241 on some HELP response lines (instead of 214).</description>
166
166
  <param pos="0" name="service.vendor" value="ZMailer"/>
167
167
  <param pos="0" name="service.family" value="ZMailer"/>
168
168
  <param pos="0" name="service.product" value="ZMailer"/>
169
169
  </fingerprint>
170
170
 
171
- <fingerprint pattern="^214[ -].*Yoyodyne Propulsion.*$">
171
+ <fingerprint pattern="^214[ -].*Yoyodyne Propulsion">
172
172
  <description>ZMailer has distinctive default HELP text in smtpserver.conf</description>
173
173
  <param pos="0" name="service.vendor" value="ZMailer"/>
174
174
  <param pos="0" name="service.family" value="ZMailer"/>
data/xml/smtp_noop.xml CHANGED
@@ -8,7 +8,7 @@
8
8
  of SMTP related fingerprint databases as described in 'smtp_banners.xml'.
9
9
  -->
10
10
 
11
- <fingerprint pattern="^220 OK.*$">
11
+ <fingerprint pattern="^220 OK">
12
12
  <description>CheckPoint FireWall-1 returns code 220 for NOOP command (instead of 250)</description>
13
13
  <param pos="0" name="service.vendor" value="Check Point"/>
14
14
  <param pos="0" name="service.family" value="Check Point"/>
@@ -25,7 +25,7 @@
25
25
  <param pos="0" name="os.vendor" value="Apple"/>
26
26
  <param pos="0" name="os.family" value="Mac OS"/>
27
27
  <param pos="0" name="os.product" value="Mac OS"/>
28
- <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os:-"/>
28
+ <param pos="0" name="os.cpe23" value="cpe:/o:apple:macos:-"/>
29
29
  </fingerprint>
30
30
 
31
31
  <fingerprint pattern="^250[ -]Why is there an NOOP instruction\?$">