recog 2.3.20 → 2.3.23
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +8 -0
- data/.github/workflows/ci.yml +1 -1
- data/.github/workflows/verify.yml +89 -0
- data/.vscode/bin/monitor-recog-fingerprints.sh +54 -0
- data/.vscode/extensions.json +5 -0
- data/.vscode/settings.json +8 -0
- data/.vscode/tasks.json +77 -0
- data/CONTRIBUTING.md +8 -0
- data/README.md +17 -0
- data/bin/recog_standardize +28 -13
- data/bin/recog_verify +42 -8
- data/cpe-remap.yaml +62 -3
- data/features/data/schema_failure.xml +4 -0
- data/features/data/tests_with_failures.xml +6 -0
- data/features/support/hooks.rb +9 -0
- data/features/verify.feature +85 -21
- data/identifiers/fields.txt +6 -5
- data/identifiers/hw_device.txt +8 -0
- data/identifiers/hw_family.txt +8 -0
- data/identifiers/hw_product.txt +54 -0
- data/identifiers/os_device.txt +2 -0
- data/identifiers/os_family.txt +2 -0
- data/identifiers/os_product.txt +18 -2
- data/identifiers/service_product.txt +26 -0
- data/identifiers/vendor.txt +62 -1
- data/lib/recog/db.rb +2 -1
- data/lib/recog/fingerprint.rb +33 -6
- data/lib/recog/fingerprint_parse_error.rb +10 -0
- data/lib/recog/nizer.rb +1 -82
- data/lib/recog/verifier.rb +9 -9
- data/lib/recog/verify_reporter.rb +17 -6
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
- data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
- data/spec/data/external_example_fingerprint.xml +8 -0
- data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
- data/spec/lib/fingerprint_self_test_spec.rb +1 -0
- data/spec/lib/recog/db_spec.rb +84 -61
- data/spec/lib/recog/fingerprint_spec.rb +4 -4
- data/spec/lib/recog/verify_reporter_spec.rb +73 -4
- data/tools/dev/hooks/pre-commit +21 -0
- data/update_cpes.py +130 -37
- data/xml/apache_os.xml +98 -56
- data/xml/architecture.xml +15 -1
- data/xml/dhcp_vendor_class.xml +206 -0
- data/xml/dns_versionbind.xml +26 -13
- data/xml/favicons.xml +236 -47
- data/xml/fingerprints.xsd +9 -1
- data/xml/ftp_banners.xml +213 -197
- data/xml/h323_callresp.xml +101 -101
- data/xml/hp_pjl_id.xml +84 -84
- data/xml/html_title.xml +715 -45
- data/xml/http_cookies.xml +143 -80
- data/xml/http_servers.xml +510 -310
- data/xml/http_wwwauth.xml +177 -75
- data/xml/imap_banners.xml +10 -10
- data/xml/mdns_device-info_txt.xml +421 -26
- data/xml/mysql_banners.xml +3 -2
- data/xml/nntp_banners.xml +12 -9
- data/xml/ntp_banners.xml +97 -97
- data/xml/operating_system.xml +98 -83
- data/xml/pop_banners.xml +27 -27
- data/xml/rsh_resp.xml +3 -3
- data/xml/sip_banners.xml +46 -8
- data/xml/sip_user_agents.xml +180 -27
- data/xml/smb_native_lm.xml +5 -5
- data/xml/smb_native_os.xml +28 -25
- data/xml/smtp_banners.xml +258 -254
- data/xml/smtp_ehlo.xml +1 -1
- data/xml/smtp_help.xml +11 -11
- data/xml/smtp_noop.xml +2 -2
- data/xml/snmp_sysdescr.xml +1554 -1429
- data/xml/snmp_sysobjid.xml +27 -27
- data/xml/ssh_banners.xml +27 -20
- data/xml/telnet_banners.xml +256 -57
- data/xml/tls_jarm.xml +48 -6
- data/xml/x11_banners.xml +3 -3
- data/xml/x509_issuers.xml +69 -2
- data/xml/x509_subjects.xml +144 -33
- metadata +24 -4
- data/lib/recog/verifier_factory.rb +0 -13
data/xml/smtp_ehlo.xml
CHANGED
@@ -21,7 +21,7 @@
|
|
21
21
|
a very precise MS IIS SMTP service or MS Exchange Server fingerprint found with the
|
22
22
|
help of smtp_banners.xml. Instead, this case is handled specially by the Jess rule
|
23
23
|
smtp-iis-xexch50-svc-fingerprint. -mrb
|
24
|
-
<fingerprint pattern="^250[ -] *XEXCH50
|
24
|
+
<fingerprint pattern="^250[ -] *XEXCH50">
|
25
25
|
<description>
|
26
26
|
Microsoft Exchange/IIS server
|
27
27
|
</description>
|
data/xml/smtp_help.xml
CHANGED
@@ -43,7 +43,7 @@
|
|
43
43
|
<param pos="0" name="os.vendor" value="Apple"/>
|
44
44
|
<param pos="0" name="os.family" value="Mac OS"/>
|
45
45
|
<param pos="0" name="os.product" value="Mac OS"/>
|
46
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:apple:
|
46
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:macos:-"/>
|
47
47
|
</fingerprint>
|
48
48
|
|
49
49
|
<fingerprint pattern="^214[ -]([^ ]+) is running the IBM VM operating system$">
|
@@ -59,7 +59,7 @@
|
|
59
59
|
in smtp_ehlo.xml ? -mrb
|
60
60
|
-->
|
61
61
|
|
62
|
-
<fingerprint pattern="^214[ -].* XEXCH50
|
62
|
+
<fingerprint pattern="^214[ -].* XEXCH50 *">
|
63
63
|
<description>Microsoft Exchange/IIS server</description>
|
64
64
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
65
65
|
<param pos="0" name="service.family" value="Exchange Server"/>
|
@@ -84,7 +84,7 @@
|
|
84
84
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
85
85
|
</fingerprint>
|
86
86
|
|
87
|
-
<fingerprint pattern="^214[ -].*This is MERAK ([^ ]+\.[^ ]+\.[^ ]+)
|
87
|
+
<fingerprint pattern="^214[ -].*This is MERAK ([^ ]+\.[^ ]+\.[^ ]+)">
|
88
88
|
<description> Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)</description>
|
89
89
|
<param pos="0" name="service.vendor" value="Merak"/>
|
90
90
|
<param pos="0" name="service.family" value="Mail Server"/>
|
@@ -92,7 +92,7 @@
|
|
92
92
|
<param pos="1" name="service.version"/>
|
93
93
|
</fingerprint>
|
94
94
|
|
95
|
-
<fingerprint pattern="^214[ -].*This is Merak ([^ ]+\.[^ ]+\.[^ ]+)
|
95
|
+
<fingerprint pattern="^214[ -].*This is Merak ([^ ]+\.[^ ]+\.[^ ]+)">
|
96
96
|
<description>Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x) - variant 1</description>
|
97
97
|
<param pos="0" name="service.vendor" value="Merak"/>
|
98
98
|
<param pos="0" name="service.family" value="Mail Server"/>
|
@@ -100,14 +100,14 @@
|
|
100
100
|
<param pos="1" name="service.version"/>
|
101
101
|
</fingerprint>
|
102
102
|
|
103
|
-
<fingerprint pattern="^214[ -].*bugs@merakmail\.com
|
103
|
+
<fingerprint pattern="^214[ -].*bugs@merakmail\.com">
|
104
104
|
<description>Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x) - email variant</description>
|
105
105
|
<param pos="0" name="service.vendor" value="Merak"/>
|
106
106
|
<param pos="0" name="service.family" value="Mail Server"/>
|
107
107
|
<param pos="0" name="service.product" value="Mail Server"/>
|
108
108
|
</fingerprint>
|
109
109
|
|
110
|
-
<fingerprint pattern="^214[ -].*bugs@icewarp\.com
|
110
|
+
<fingerprint pattern="^214[ -].*bugs@icewarp\.com">
|
111
111
|
<description>Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x) - icewarp variant </description>
|
112
112
|
<param pos="0" name="service.vendor" value="Merak"/>
|
113
113
|
<param pos="0" name="service.family" value="Mail Server"/>
|
@@ -122,7 +122,7 @@
|
|
122
122
|
<param pos="0" name="service.product" value="qmail"/>
|
123
123
|
</fingerprint>
|
124
124
|
|
125
|
-
<fingerprint pattern="^214[ -].*contact the Digital Customer Support Center at 1-800-354-9000
|
125
|
+
<fingerprint pattern="^214[ -].*contact the Digital Customer Support Center at 1-800-354-9000">
|
126
126
|
<description>Sendmail on Digital OSF UNIX</description>
|
127
127
|
<param pos="0" name="service.family" value="Sendmail"/>
|
128
128
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -148,27 +148,27 @@
|
|
148
148
|
|
149
149
|
<fingerprint pattern="^502[ -]5\.3\.0 Sendmail ([^ ]+) -- HELP not implemented$">
|
150
150
|
<description>Sendmail - help not implemented variant</description>
|
151
|
-
<example>502 5.3.0 Sendmail 8.11.2 -- HELP not implemented</example>
|
151
|
+
<example service.version="8.11.2">502 5.3.0 Sendmail 8.11.2 -- HELP not implemented</example>
|
152
152
|
<param pos="0" name="service.family" value="Sendmail"/>
|
153
153
|
<param pos="0" name="service.product" value="Sendmail"/>
|
154
154
|
<param pos="1" name="service.version"/>
|
155
155
|
</fingerprint>
|
156
156
|
|
157
|
-
<fingerprint pattern="^214[ -].*sendmail-bugs@sendmail\.org
|
157
|
+
<fingerprint pattern="^214[ -].*sendmail-bugs@sendmail\.org">
|
158
158
|
<description>Sendmail often returns version information for HELP - email variant</description>
|
159
159
|
<param pos="0" name="service.family" value="Sendmail"/>
|
160
160
|
<param pos="0" name="service.product" value="Sendmail"/>
|
161
161
|
<param pos="0" name="service.certainty" value="0.85"/>
|
162
162
|
</fingerprint>
|
163
163
|
|
164
|
-
<fingerprint pattern="^241[ -]
|
164
|
+
<fingerprint pattern="^241[ -]">
|
165
165
|
<description>ZMailer versions earlier than 2.99.21 mistakenly return the status code 241 on some HELP response lines (instead of 214).</description>
|
166
166
|
<param pos="0" name="service.vendor" value="ZMailer"/>
|
167
167
|
<param pos="0" name="service.family" value="ZMailer"/>
|
168
168
|
<param pos="0" name="service.product" value="ZMailer"/>
|
169
169
|
</fingerprint>
|
170
170
|
|
171
|
-
<fingerprint pattern="^214[ -].*Yoyodyne Propulsion
|
171
|
+
<fingerprint pattern="^214[ -].*Yoyodyne Propulsion">
|
172
172
|
<description>ZMailer has distinctive default HELP text in smtpserver.conf</description>
|
173
173
|
<param pos="0" name="service.vendor" value="ZMailer"/>
|
174
174
|
<param pos="0" name="service.family" value="ZMailer"/>
|
data/xml/smtp_noop.xml
CHANGED
@@ -8,7 +8,7 @@
|
|
8
8
|
of SMTP related fingerprint databases as described in 'smtp_banners.xml'.
|
9
9
|
-->
|
10
10
|
|
11
|
-
<fingerprint pattern="^220 OK
|
11
|
+
<fingerprint pattern="^220 OK">
|
12
12
|
<description>CheckPoint FireWall-1 returns code 220 for NOOP command (instead of 250)</description>
|
13
13
|
<param pos="0" name="service.vendor" value="Check Point"/>
|
14
14
|
<param pos="0" name="service.family" value="Check Point"/>
|
@@ -25,7 +25,7 @@
|
|
25
25
|
<param pos="0" name="os.vendor" value="Apple"/>
|
26
26
|
<param pos="0" name="os.family" value="Mac OS"/>
|
27
27
|
<param pos="0" name="os.product" value="Mac OS"/>
|
28
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:apple:
|
28
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:macos:-"/>
|
29
29
|
</fingerprint>
|
30
30
|
|
31
31
|
<fingerprint pattern="^250[ -]Why is there an NOOP instruction\?$">
|