RubyGems - recog - Versions diffs - 2.3.20 → 2.3.23 - Mend

recog 2.3.20 → 2.3.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (83) hide show

checksums.yaml +4 -4
data/.github/dependabot.yml +8 -0
data/.github/workflows/ci.yml +1 -1
data/.github/workflows/verify.yml +89 -0
data/.vscode/bin/monitor-recog-fingerprints.sh +54 -0
data/.vscode/extensions.json +5 -0
data/.vscode/settings.json +8 -0
data/.vscode/tasks.json +77 -0
data/CONTRIBUTING.md +8 -0
data/README.md +17 -0
data/bin/recog_standardize +28 -13
data/bin/recog_verify +42 -8
data/cpe-remap.yaml +62 -3
data/features/data/schema_failure.xml +4 -0
data/features/data/tests_with_failures.xml +6 -0
data/features/support/hooks.rb +9 -0
data/features/verify.feature +85 -21
data/identifiers/fields.txt +6 -5
data/identifiers/hw_device.txt +8 -0
data/identifiers/hw_family.txt +8 -0
data/identifiers/hw_product.txt +54 -0
data/identifiers/os_device.txt +2 -0
data/identifiers/os_family.txt +2 -0
data/identifiers/os_product.txt +18 -2
data/identifiers/service_product.txt +26 -0
data/identifiers/vendor.txt +62 -1
data/lib/recog/db.rb +2 -1
data/lib/recog/fingerprint.rb +33 -6
data/lib/recog/fingerprint_parse_error.rb +10 -0
data/lib/recog/nizer.rb +1 -82
data/lib/recog/verifier.rb +9 -9
data/lib/recog/verify_reporter.rb +17 -6
data/lib/recog/version.rb +1 -1
data/requirements.txt +1 -1
data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
data/spec/data/external_example_fingerprint.xml +8 -0
data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
data/spec/lib/fingerprint_self_test_spec.rb +1 -0
data/spec/lib/recog/db_spec.rb +84 -61
data/spec/lib/recog/fingerprint_spec.rb +4 -4
data/spec/lib/recog/verify_reporter_spec.rb +73 -4
data/tools/dev/hooks/pre-commit +21 -0
data/update_cpes.py +130 -37
data/xml/apache_os.xml +98 -56
data/xml/architecture.xml +15 -1
data/xml/dhcp_vendor_class.xml +206 -0
data/xml/dns_versionbind.xml +26 -13
data/xml/favicons.xml +236 -47
data/xml/fingerprints.xsd +9 -1
data/xml/ftp_banners.xml +213 -197
data/xml/h323_callresp.xml +101 -101
data/xml/hp_pjl_id.xml +84 -84
data/xml/html_title.xml +715 -45
data/xml/http_cookies.xml +143 -80
data/xml/http_servers.xml +510 -310
data/xml/http_wwwauth.xml +177 -75
data/xml/imap_banners.xml +10 -10
data/xml/mdns_device-info_txt.xml +421 -26
data/xml/mysql_banners.xml +3 -2
data/xml/nntp_banners.xml +12 -9
data/xml/ntp_banners.xml +97 -97
data/xml/operating_system.xml +98 -83
data/xml/pop_banners.xml +27 -27
data/xml/rsh_resp.xml +3 -3
data/xml/sip_banners.xml +46 -8
data/xml/sip_user_agents.xml +180 -27
data/xml/smb_native_lm.xml +5 -5
data/xml/smb_native_os.xml +28 -25
data/xml/smtp_banners.xml +258 -254
data/xml/smtp_ehlo.xml +1 -1
data/xml/smtp_help.xml +11 -11
data/xml/smtp_noop.xml +2 -2
data/xml/snmp_sysdescr.xml +1554 -1429
data/xml/snmp_sysobjid.xml +27 -27
data/xml/ssh_banners.xml +27 -20
data/xml/telnet_banners.xml +256 -57
data/xml/tls_jarm.xml +48 -6
data/xml/x11_banners.xml +3 -3
data/xml/x509_issuers.xml +69 -2
data/xml/x509_subjects.xml +144 -33
metadata +24 -4
data/lib/recog/verifier_factory.rb +0 -13

data/xml/smtp_ehlo.xml CHANGED Viewed

@@ -21,7 +21,7 @@
    a very precise MS IIS SMTP service or MS Exchange Server fingerprint found with the
    help of smtp_banners.xml. Instead, this case is handled specially by the Jess rule
    smtp-iis-xexch50-svc-fingerprint. -mrb
-   <fingerprint pattern="^250[ -] *XEXCH50.*$">
+   <fingerprint pattern="^250[ -] *XEXCH50">
       <description>
          Microsoft Exchange/IIS server
       </description>

data/xml/smtp_help.xml CHANGED Viewed

@@ -43,7 +43,7 @@
     <param pos="0" name="os.vendor" value="Apple"/>
     <param pos="0" name="os.family" value="Mac OS"/>
     <param pos="0" name="os.product" value="Mac OS"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os:-"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:apple:macos:-"/>
   </fingerprint>
   <fingerprint pattern="^214[ -]([^ ]+) is running the IBM VM operating system$">
@@ -59,7 +59,7 @@
    in smtp_ehlo.xml ? -mrb
    -->
-  <fingerprint pattern="^214[ -].* XEXCH50 *.*$">
+  <fingerprint pattern="^214[ -].* XEXCH50 *">
     <description>Microsoft Exchange/IIS server</description>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.family" value="Exchange Server"/>
@@ -84,7 +84,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
-  <fingerprint pattern="^214[ -].*This is MERAK ([^ ]+\.[^ ]+\.[^ ]+).*$">
+  <fingerprint pattern="^214[ -].*This is MERAK ([^ ]+\.[^ ]+\.[^ ]+)">
     <description> Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)</description>
     <param pos="0" name="service.vendor" value="Merak"/>
     <param pos="0" name="service.family" value="Mail Server"/>
@@ -92,7 +92,7 @@
     <param pos="1" name="service.version"/>
   </fingerprint>
-  <fingerprint pattern="^214[ -].*This is Merak ([^ ]+\.[^ ]+\.[^ ]+).*$">
+  <fingerprint pattern="^214[ -].*This is Merak ([^ ]+\.[^ ]+\.[^ ]+)">
     <description>Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x) - variant 1</description>
     <param pos="0" name="service.vendor" value="Merak"/>
     <param pos="0" name="service.family" value="Mail Server"/>
@@ -100,14 +100,14 @@
     <param pos="1" name="service.version"/>
   </fingerprint>
-  <fingerprint pattern="^214[ -].*bugs@merakmail\.com.*$">
+  <fingerprint pattern="^214[ -].*bugs@merakmail\.com">
     <description>Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x) - email variant</description>
     <param pos="0" name="service.vendor" value="Merak"/>
     <param pos="0" name="service.family" value="Mail Server"/>
     <param pos="0" name="service.product" value="Mail Server"/>
   </fingerprint>
-  <fingerprint pattern="^214[ -].*bugs@icewarp\.com.*$">
+  <fingerprint pattern="^214[ -].*bugs@icewarp\.com">
     <description>Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x) - icewarp variant </description>
     <param pos="0" name="service.vendor" value="Merak"/>
     <param pos="0" name="service.family" value="Mail Server"/>
@@ -122,7 +122,7 @@
     <param pos="0" name="service.product" value="qmail"/>
   </fingerprint>
-  <fingerprint pattern="^214[ -].*contact the Digital Customer Support Center at 1-800-354-9000.*$">
+  <fingerprint pattern="^214[ -].*contact the Digital Customer Support Center at 1-800-354-9000">
     <description>Sendmail on Digital OSF UNIX</description>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
@@ -148,27 +148,27 @@
   <fingerprint pattern="^502[ -]5\.3\.0 Sendmail ([^ ]+) -- HELP not implemented$">
     <description>Sendmail - help not implemented variant</description>
-    <example>502 5.3.0 Sendmail 8.11.2 -- HELP not implemented</example>
+    <example service.version="8.11.2">502 5.3.0 Sendmail 8.11.2 -- HELP not implemented</example>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
-  <fingerprint pattern="^214[ -].*sendmail-bugs@sendmail\.org.*$">
+  <fingerprint pattern="^214[ -].*sendmail-bugs@sendmail\.org">
     <description>Sendmail often returns version information for HELP - email variant</description>
     <param pos="0" name="service.family" value="Sendmail"/>
     <param pos="0" name="service.product" value="Sendmail"/>
     <param pos="0" name="service.certainty" value="0.85"/>
   </fingerprint>
-  <fingerprint pattern="^241[ -].*$">
+  <fingerprint pattern="^241[ -]">
     <description>ZMailer versions earlier than 2.99.21 mistakenly return the status code 241 on some HELP response lines (instead of 214).</description>
     <param pos="0" name="service.vendor" value="ZMailer"/>
     <param pos="0" name="service.family" value="ZMailer"/>
     <param pos="0" name="service.product" value="ZMailer"/>
   </fingerprint>
-  <fingerprint pattern="^214[ -].*Yoyodyne Propulsion.*$">
+  <fingerprint pattern="^214[ -].*Yoyodyne Propulsion">
     <description>ZMailer has distinctive default HELP text in smtpserver.conf</description>
     <param pos="0" name="service.vendor" value="ZMailer"/>
     <param pos="0" name="service.family" value="ZMailer"/>

data/xml/smtp_noop.xml CHANGED Viewed

@@ -8,7 +8,7 @@
     of SMTP related fingerprint databases as described in 'smtp_banners.xml'.
   -->
-  <fingerprint pattern="^220 OK.*$">
+  <fingerprint pattern="^220 OK">
     <description>CheckPoint FireWall-1 returns code 220 for NOOP command (instead of 250)</description>
     <param pos="0" name="service.vendor" value="Check Point"/>
     <param pos="0" name="service.family" value="Check Point"/>
@@ -25,7 +25,7 @@
     <param pos="0" name="os.vendor" value="Apple"/>
     <param pos="0" name="os.family" value="Mac OS"/>
     <param pos="0" name="os.product" value="Mac OS"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os:-"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:apple:macos:-"/>
   </fingerprint>
   <fingerprint pattern="^250[ -]Why is there an NOOP instruction\?$">