recog 2.3.21 → 3.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE +1 -1
- data/README.md +42 -16
- data/Rakefile +2 -9
- data/lib/recog/db.rb +2 -1
- data/lib/recog/db_manager.rb +1 -1
- data/lib/recog/fingerprint.rb +33 -6
- data/lib/recog/fingerprint_parse_error.rb +10 -0
- data/lib/recog/verifier.rb +9 -9
- data/lib/recog/verify_reporter.rb +17 -6
- data/lib/recog/version.rb +1 -1
- data/{bin → recog/bin}/recog_match +0 -1
- data/{xml → recog/xml}/apache_modules.xml +0 -0
- data/{xml → recog/xml}/apache_os.xml +98 -56
- data/{xml → recog/xml}/architecture.xml +15 -1
- data/recog/xml/dhcp_vendor_class.xml +206 -0
- data/{xml → recog/xml}/dns_versionbind.xml +16 -13
- data/{xml → recog/xml}/favicons.xml +297 -47
- data/{xml → recog/xml}/fingerprints.xsd +9 -1
- data/{xml → recog/xml}/ftp_banners.xml +160 -156
- data/{xml → recog/xml}/h323_callresp.xml +101 -101
- data/{xml → recog/xml}/hp_pjl_id.xml +84 -84
- data/{xml → recog/xml}/html_title.xml +727 -34
- data/{xml → recog/xml}/http_cookies.xml +160 -77
- data/{xml → recog/xml}/http_servers.xml +556 -283
- data/{xml → recog/xml}/http_wwwauth.xml +190 -75
- data/{xml → recog/xml}/imap_banners.xml +5 -5
- data/{xml → recog/xml}/ldap_searchresult.xml +0 -0
- data/{xml → recog/xml}/mdns_device-info_txt.xml +389 -26
- data/{xml → recog/xml}/mdns_workstation_txt.xml +0 -0
- data/{xml → recog/xml}/mysql_banners.xml +1 -1
- data/{xml → recog/xml}/mysql_error.xml +0 -0
- data/{xml → recog/xml}/nntp_banners.xml +11 -8
- data/{xml → recog/xml}/ntp_banners.xml +97 -97
- data/{xml → recog/xml}/operating_system.xml +95 -80
- data/{xml → recog/xml}/pop_banners.xml +23 -23
- data/{xml → recog/xml}/rsh_resp.xml +3 -3
- data/{xml → recog/xml}/rtsp_servers.xml +0 -0
- data/{xml → recog/xml}/sip_banners.xml +43 -5
- data/{xml → recog/xml}/sip_user_agents.xml +175 -27
- data/{xml → recog/xml}/smb_native_lm.xml +5 -5
- data/{xml → recog/xml}/smb_native_os.xml +25 -25
- data/{xml → recog/xml}/smtp_banners.xml +147 -146
- data/{xml → recog/xml}/smtp_debug.xml +0 -0
- data/{xml → recog/xml}/smtp_ehlo.xml +1 -1
- data/{xml → recog/xml}/smtp_expn.xml +0 -0
- data/{xml → recog/xml}/smtp_help.xml +11 -11
- data/{xml → recog/xml}/smtp_mailfrom.xml +0 -0
- data/{xml → recog/xml}/smtp_noop.xml +2 -2
- data/{xml → recog/xml}/smtp_quit.xml +0 -0
- data/{xml → recog/xml}/smtp_rcptto.xml +0 -0
- data/{xml → recog/xml}/smtp_rset.xml +0 -0
- data/{xml → recog/xml}/smtp_turn.xml +0 -0
- data/{xml → recog/xml}/smtp_vrfy.xml +0 -0
- data/{xml → recog/xml}/snmp_sysdescr.xml +1570 -1430
- data/{xml → recog/xml}/snmp_sysobjid.xml +38 -27
- data/{xml → recog/xml}/ssh_banners.xml +16 -10
- data/{xml → recog/xml}/telnet_banners.xml +238 -21
- data/{xml → recog/xml}/tls_jarm.xml +56 -6
- data/{xml → recog/xml}/x11_banners.xml +3 -3
- data/{xml → recog/xml}/x509_issuers.xml +49 -1
- data/{xml → recog/xml}/x509_subjects.xml +139 -38
- data/recog.gemspec +9 -5
- data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
- data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
- data/spec/data/external_example_fingerprint.xml +8 -0
- data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
- data/spec/lib/recog/db_spec.rb +84 -61
- data/spec/lib/recog/fingerprint_spec.rb +4 -4
- data/spec/lib/recog/verify_reporter_spec.rb +73 -4
- data/spec/spec_helper.rb +4 -0
- metadata +65 -134
- data/.github/ISSUE_TEMPLATE/bug_report.md +0 -37
- data/.github/ISSUE_TEMPLATE/feature_request.md +0 -17
- data/.github/ISSUE_TEMPLATE/fingerprint_request.md +0 -27
- data/.github/PULL_REQUEST_TEMPLATE +0 -24
- data/.github/SECURITY.md +0 -35
- data/.github/workflows/ci.yml +0 -26
- data/.gitignore +0 -23
- data/.rspec +0 -3
- data/.ruby-gemset +0 -1
- data/.ruby-version +0 -1
- data/.snyk +0 -10
- data/.travis.yml +0 -25
- data/CONTRIBUTING.md +0 -270
- data/bin/recog_cleanup +0 -16
- data/bin/recog_export +0 -81
- data/bin/recog_standardize +0 -148
- data/bin/recog_verify +0 -64
- data/cpe-remap.yaml +0 -343
- data/features/data/failing_banners_fingerprints.xml +0 -20
- data/features/data/matching_banners_fingerprints.xml +0 -23
- data/features/data/multiple_banners_fingerprints.xml +0 -32
- data/features/data/no_tests.xml +0 -3
- data/features/data/sample_banner.txt +0 -2
- data/features/data/successful_tests.xml +0 -18
- data/features/data/tests_with_failures.xml +0 -20
- data/features/data/tests_with_warnings.xml +0 -17
- data/features/match.feature +0 -36
- data/features/support/aruba.rb +0 -3
- data/features/support/env.rb +0 -6
- data/features/verify.feature +0 -48
- data/identifiers/README.md +0 -70
- data/identifiers/fields.txt +0 -104
- data/identifiers/hw_device.txt +0 -78
- data/identifiers/hw_family.txt +0 -113
- data/identifiers/hw_product.txt +0 -410
- data/identifiers/os_architecture.txt +0 -10
- data/identifiers/os_device.txt +0 -75
- data/identifiers/os_family.txt +0 -233
- data/identifiers/os_product.txt +0 -340
- data/identifiers/service_family.txt +0 -249
- data/identifiers/service_product.txt +0 -752
- data/identifiers/vendor.txt +0 -798
- data/lib/recog/verifier_factory.rb +0 -13
- data/misc/convert_mysql_err +0 -61
- data/misc/order.xsl +0 -17
- data/requirements.txt +0 -2
- data/spec/lib/fingerprint_self_test_spec.rb +0 -174
- data/update_cpes.py +0 -250
@@ -69,13 +69,12 @@
|
|
69
69
|
|
70
70
|
<fingerprint pattern="^SERIALNUMBER=PID:([^ ]+) SN:([^,]+),CN=(?:[a-zA-Z0-9\-]+)-SEP([a-fA-F0-9]{12}),OU=[CV]TG,O=Cisco Systems Inc\.$">
|
71
71
|
<description>Cisco IP phone with serial number</description>
|
72
|
-
<example host.mac="B07D47D33A1C" hw.product="CP-8851"
|
73
|
-
<example host.mac="64D989000000" hw.product="CP-9951"
|
72
|
+
<example host.mac="B07D47D33A1C" hw.product="CP-8851" hw.serial_number="FCH1924AHCA">SERIALNUMBER=PID:CP-8851 SN:FCH1924AHCA,CN=CP-8851-SEPB07D47D33A1C,OU=CTG,O=Cisco Systems Inc.</example>
|
73
|
+
<example host.mac="64D989000000" hw.product="CP-9951" hw.serial_number="FCH15200000">SERIALNUMBER=PID:CP-9951 SN:FCH15200000,CN=CP-9951-SEP64D989000000,OU=VTG,O=Cisco Systems Inc.</example>
|
74
74
|
<param pos="0" name="hw.device" value="VoIP"/>
|
75
75
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
76
76
|
<param pos="1" name="hw.product"/>
|
77
77
|
<param pos="2" name="hw.serial_number"/>
|
78
|
-
<param pos="2" name="cisco.serial_number"/>
|
79
78
|
<param pos="3" name="host.mac"/>
|
80
79
|
</fingerprint>
|
81
80
|
|
@@ -217,7 +216,7 @@
|
|
217
216
|
|
218
217
|
<fingerprint pattern="^CN=([A-Za-z0-9\_\-\.]+),OU=ISS,O=Hewlett-Packard Company,L=Houston,ST=Texas,C=US$">
|
219
218
|
<description>HP iLO</description>
|
220
|
-
<example>CN=SERVER-1231,OU=ISS,O=Hewlett-Packard Company,L=Houston,ST=Texas,C=US</example>
|
219
|
+
<example host.name="SERVER-1231">CN=SERVER-1231,OU=ISS,O=Hewlett-Packard Company,L=Houston,ST=Texas,C=US</example>
|
221
220
|
<param pos="0" name="hw.device" value="Lights Out Management"/>
|
222
221
|
<param pos="0" name="hw.vendor" value="HP"/>
|
223
222
|
<param pos="0" name="hw.family" value="iLO"/>
|
@@ -248,8 +247,8 @@
|
|
248
247
|
|
249
248
|
<fingerprint pattern="^CN=OA\-([a-fA-F0-9]+),OU=Onboard Administrator,">
|
250
249
|
<description>HP iLO (Onboard Administrator)</description>
|
251
|
-
<example>CN=OA-001F296E21A3,OU=Onboard Administrator,O=Corp.,L=Location,ST=N/A,C=US</example>
|
252
|
-
<example>CN=OA-80C16E999999,OU=Onboard Administrator,O=Hewlett-Packard</example>
|
250
|
+
<example host.mac="001F296E21A3">CN=OA-001F296E21A3,OU=Onboard Administrator,O=Corp.,L=Location,ST=N/A,C=US</example>
|
251
|
+
<example host.mac="80C16E999999">CN=OA-80C16E999999,OU=Onboard Administrator,O=Hewlett-Packard</example>
|
253
252
|
<param pos="0" name="hw.device" value="Lights Out Management"/>
|
254
253
|
<param pos="0" name="hw.vendor" value="HP"/>
|
255
254
|
<param pos="0" name="hw.family" value="iLO"/>
|
@@ -265,7 +264,7 @@
|
|
265
264
|
|
266
265
|
<fingerprint pattern="^CN=([A-Za-z0-9\_\-\.]+),OU=Hewlett Packard Enterprise Network Management Software \(SMH\),O=Hewlett Packard Enterprise,L=Houston,ST=Texas,C=US$">
|
267
266
|
<description>HP iLO - Enterprise Mgmt variant</description>
|
268
|
-
<example>CN=bigsrv99,OU=Hewlett Packard Enterprise Network Management Software (SMH),O=Hewlett Packard Enterprise,L=Houston,ST=Texas,C=US</example>
|
267
|
+
<example host.name="bigsrv99">CN=bigsrv99,OU=Hewlett Packard Enterprise Network Management Software (SMH),O=Hewlett Packard Enterprise,L=Houston,ST=Texas,C=US</example>
|
269
268
|
<param pos="0" name="hw.device" value="Lights Out Management"/>
|
270
269
|
<param pos="0" name="hw.vendor" value="HP"/>
|
271
270
|
<param pos="0" name="hw.family" value="iLO"/>
|
@@ -309,29 +308,27 @@
|
|
309
308
|
|
310
309
|
<fingerprint pattern="^CN=C-series CIMC,OU=PID:([^ ]+) SERIAL:([^,]+),O=Cisco">
|
311
310
|
<description>Cisco Integrated Management Controller</description>
|
312
|
-
<example
|
311
|
+
<example hw.serial_number="FCH18999AAA" cisco.imc_model="UCSC-C220-M3S">CN=C-series CIMC,OU=PID:UCSC-C220-M3S SERIAL:FCH18999AAA,O=Cisco Self Signed,L=San Jose,ST=California,C=US</example>
|
313
312
|
<param pos="0" name="hw.device" value="Lights Out Management"/>
|
314
313
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
315
314
|
<param pos="0" name="hw.product" value="IMC"/>
|
316
|
-
<param pos="2" name="hw.serial_number"/>
|
317
315
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
318
316
|
<param pos="0" name="os.family" value="Linux"/>
|
319
317
|
<param pos="0" name="os.product" value="IMC"/>
|
320
|
-
<param pos="2" name="
|
318
|
+
<param pos="2" name="hw.serial_number"/>
|
321
319
|
<param pos="1" name="cisco.imc_model"/>
|
322
320
|
</fingerprint>
|
323
321
|
|
324
322
|
<fingerprint pattern="^CN=C220-(FCH[^,]+),OU=null,O=Cisco Systems Inc">
|
325
323
|
<description>Cisco Integrated Management Controller C220</description>
|
326
|
-
<example
|
324
|
+
<example hw.serial_number="FCH17999AAA">CN=C220-FCH17999AAA,OU=null,O=Cisco Systems Inc.,L=San Jose,ST=California,C=US</example>
|
327
325
|
<param pos="0" name="hw.device" value="Lights Out Management"/>
|
328
326
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
329
327
|
<param pos="0" name="hw.product" value="IMC"/>
|
330
|
-
<param pos="1" name="hw.serial_number"/>
|
331
328
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
332
329
|
<param pos="0" name="os.family" value="Linux"/>
|
333
330
|
<param pos="0" name="os.product" value="IMC"/>
|
334
|
-
<param pos="1" name="
|
331
|
+
<param pos="1" name="hw.serial_number"/>
|
335
332
|
</fingerprint>
|
336
333
|
|
337
334
|
<fingerprint pattern="^CN=avocent.com,OU=AESS,O=Avocent,L=Sunrise,ST=FL,C=US$">
|
@@ -356,8 +353,8 @@
|
|
356
353
|
|
357
354
|
<fingerprint pattern="^CN=HP Jetdirect [a-zA-Z0-9]+,OU=([a-fA-F0-9]{12})\+OU=([a-zA-Z0-9]+),O=Hewlett-Packard Co\.$">
|
358
355
|
<description>HP Jet Direct - with host MAC and product</description>
|
359
|
-
<example host.mac="2C413883186A" hw.product="J8028E">CN=HP Jetdirect 38831831,OU=2C413883186A+OU=J8028E,O=Hewlett-Packard Co.</example>
|
360
|
-
<example os.product="J8016E">CN=HP Jetdirect FBFA31E7,OU=8851FBE33ABB+OU=J8016E,O=Hewlett-Packard Co.</example>
|
356
|
+
<example host.mac="2C413883186A" hw.product="J8028E" os.product="J8028E">CN=HP Jetdirect 38831831,OU=2C413883186A+OU=J8028E,O=Hewlett-Packard Co.</example>
|
357
|
+
<example os.product="J8016E" host.mac="8851FBE33ABB" hw.product="J8016E">CN=HP Jetdirect FBFA31E7,OU=8851FBE33ABB+OU=J8016E,O=Hewlett-Packard Co.</example>
|
361
358
|
<param pos="0" name="hw.device" value="Printer"/>
|
362
359
|
<param pos="0" name="hw.vendor" value="HP"/>
|
363
360
|
<param pos="0" name="hw.family" value="JetDirect"/>
|
@@ -411,12 +408,11 @@
|
|
411
408
|
|
412
409
|
<fingerprint pattern="^SERIALNUMBER=([a-zA-Z0-9]+),CN=DEVICE-vWLC,O=Cisco Virtual WLC$">
|
413
410
|
<description>Cisco vWLC</description>
|
414
|
-
<example
|
411
|
+
<example hw.serial_number="9C89M2088D1">SERIALNUMBER=9C89M2088D1,CN=DEVICE-vWLC,O=Cisco Virtual WLC</example>
|
415
412
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
416
413
|
<param pos="0" name="os.device" value="Wireless Controller"/>
|
417
414
|
<param pos="0" name="os.product" value="Wireless LAN Controller"/>
|
418
415
|
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller_software:-"/>
|
419
|
-
<param pos="1" name="cisco.serial_number"/>
|
420
416
|
<param pos="1" name="hw.serial_number"/>
|
421
417
|
</fingerprint>
|
422
418
|
|
@@ -508,7 +504,7 @@
|
|
508
504
|
|
509
505
|
<fingerprint pattern="^CN=([a-zA-Z0-9\.\-\_]+),OU=VMware ESX Server Default Certificate,O=VMware\\, Inc,L=Palo Alto,ST=California,C=US$">
|
510
506
|
<description>VMware ESX</description>
|
511
|
-
<example>CN=server99.,OU=VMware ESX Server Default Certificate,O=VMware\, Inc,L=Palo Alto,ST=California,C=US</example>
|
507
|
+
<example host.name="server99.">CN=server99.,OU=VMware ESX Server Default Certificate,O=VMware\, Inc,L=Palo Alto,ST=California,C=US</example>
|
512
508
|
<param pos="0" name="service.vendor" value="VMware"/>
|
513
509
|
<param pos="0" name="os.vendor" value="VMware"/>
|
514
510
|
<param pos="0" name="os.family" value="VMware ESX/ESXi"/>
|
@@ -619,8 +615,8 @@
|
|
619
615
|
|
620
616
|
<fingerprint pattern="^CN=([a-zA-Z0-9]{5,12}) ([a-zA-Z0-9]{12}),OU=(?:Cast|Google TV),O=Google Inc,L=Mountain View,ST=California,C=US$">
|
621
617
|
<description>Google Chromecast</description>
|
622
|
-
<example
|
623
|
-
<example
|
618
|
+
<example host.mac_local="FA8FCA67413D" hw.serial_number="LVDZG5">CN=LVDZG5 FA8FCA67413D,OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
|
619
|
+
<example host.mac_local="FA8FCA7DE87D" hw.serial_number="YRBLE">CN=YRBLE FA8FCA7DE87D,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US</example>
|
624
620
|
<param pos="0" name="os.vendor" value="Google"/>
|
625
621
|
<param pos="0" name="os.product" value="Chrome OS"/>
|
626
622
|
<param pos="0" name="os.certainty" value="0.5"/>
|
@@ -628,9 +624,9 @@
|
|
628
624
|
<param pos="0" name="hw.device" value="Media Server"/>
|
629
625
|
<param pos="0" name="hw.vendor" value="Google"/>
|
630
626
|
<param pos="0" name="hw.product" value="Chromecast"/>
|
631
|
-
<param pos="1" name="hw.serial_number"/>
|
632
627
|
<param pos="0" name="hw.certainty" value="0.5"/>
|
633
|
-
<param pos="1" name="
|
628
|
+
<param pos="1" name="hw.serial_number"/>
|
629
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
|
634
630
|
<!-- This is the hotspot-mode MAC address (clear bit 2) -->
|
635
631
|
|
636
632
|
<param pos="2" name="host.mac_local"/>
|
@@ -638,7 +634,7 @@
|
|
638
634
|
|
639
635
|
<fingerprint pattern="^CN=([a-zA-Z0-9]{5,12}) ([a-zA-Z0-9]{12}),OU=Cast TV \(Vizio\),O=Google Inc,L=Mountain View,ST=California,C=US$">
|
640
636
|
<description>Vizio SmartTV (Android) with Google Cast</description>
|
641
|
-
<example
|
637
|
+
<example hw.serial_number="9V039WC9" host.mac_local="FA8FCA697898">CN=9V039WC9 FA8FCA697898,OU=Cast TV (Vizio),O=Google Inc,L=Mountain View,ST=California,C=US</example>
|
642
638
|
<param pos="0" name="os.vendor" value="Google"/>
|
643
639
|
<param pos="0" name="os.family" value="Linux"/>
|
644
640
|
<param pos="0" name="os.product" value="Android"/>
|
@@ -646,7 +642,6 @@
|
|
646
642
|
<param pos="0" name="hw.device" value="Smart TV"/>
|
647
643
|
<param pos="0" name="hw.vendor" value="Vizio"/>
|
648
644
|
<param pos="1" name="hw.serial_number"/>
|
649
|
-
<param pos="1" name="chromecast.serial_number"/>
|
650
645
|
<!-- This is the hotspot-mode MAC address (clear bit 2) -->
|
651
646
|
|
652
647
|
<param pos="2" name="host.mac_local"/>
|
@@ -885,31 +880,29 @@
|
|
885
880
|
|
886
881
|
<fingerprint pattern="^CN=([A-Za-z0-9]+),OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US$">
|
887
882
|
<description>Fortinet Gateway</description>
|
888
|
-
<example
|
889
|
-
<example
|
883
|
+
<example hw.serial_number="FG100ETK1800118">CN=FG100ETK1800118,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
|
884
|
+
<example hw.serial_number="FGT30D3X15038375">CN=FGT30D3X15038375,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
|
890
885
|
<param pos="0" name="hw.vendor" value="Fortinet"/>
|
891
886
|
<param pos="0" name="hw.device" value="Firewall"/>
|
892
|
-
<param pos="1" name="hw.serial_number"/>
|
893
887
|
<param pos="0" name="os.vendor" value="Fortinet"/>
|
894
888
|
<param pos="0" name="os.family" value="Linux"/>
|
895
889
|
<param pos="0" name="os.device" value="Firewall"/>
|
896
890
|
<param pos="0" name="os.product" value="FortiOS"/>
|
897
891
|
<param pos="0" name="os.cpe23" value="cpe:/o:fortinet:fortios:-"/>
|
898
|
-
<param pos="1" name="
|
892
|
+
<param pos="1" name="hw.serial_number"/>
|
899
893
|
</fingerprint>
|
900
894
|
|
901
895
|
<fingerprint pattern="^CN=([A-Za-z0-9]+),O=Fortinet Ltd\.$">
|
902
896
|
<description>Fortinet Gateway (Older)</description>
|
903
|
-
<example
|
897
|
+
<example hw.serial_number="FG100D3G13803999">CN=FG100D3G13803999,O=Fortinet Ltd.</example>
|
904
898
|
<param pos="0" name="hw.vendor" value="Fortinet"/>
|
905
899
|
<param pos="0" name="hw.device" value="Firewall"/>
|
906
|
-
<param pos="1" name="hw.serial_number"/>
|
907
900
|
<param pos="0" name="os.vendor" value="Fortinet"/>
|
908
901
|
<param pos="0" name="os.family" value="Linux"/>
|
909
902
|
<param pos="0" name="os.device" value="Firewall"/>
|
910
903
|
<param pos="0" name="os.product" value="FortiOS"/>
|
911
904
|
<param pos="0" name="os.cpe23" value="cpe:/o:fortinet:fortios:-"/>
|
912
|
-
<param pos="1" name="
|
905
|
+
<param pos="1" name="hw.serial_number"/>
|
913
906
|
</fingerprint>
|
914
907
|
|
915
908
|
<fingerprint pattern="^CN=FortiMail,OU=FortiMail,O=Fortinet,L=Sunnyvale,ST=California,C=US$">
|
@@ -1139,10 +1132,11 @@
|
|
1139
1132
|
<param pos="0" name="os.product" value="Linux"/>
|
1140
1133
|
</fingerprint>
|
1141
1134
|
|
1142
|
-
<fingerprint pattern="^CN=MAC([a-fA-F0-9]{12}),OU=([^,]+),O=Mercury Security Products\\, LLC,L=Long Beach,ST=CA,C=US
|
1135
|
+
<fingerprint pattern="^CN=MAC([a-fA-F0-9]{12}),OU=([^,]+),O=Mercury Security Products\\, LLC,L=Long Beach,ST=CA,C=US(?:,\S+)?$">
|
1143
1136
|
<description>Mercurity Security (now HID Global)</description>
|
1144
1137
|
<example hw.product="M5IC" host.mac="000FE507A1F1">CN=MAC000FE507A1F1,OU=M5IC,O=Mercury Security Products\, LLC,L=Long Beach,ST=CA,C=US</example>
|
1145
1138
|
<example hw.product="EP-1502" host.mac="000FE508BC71">CN=MAC000FE508BC71,OU=EP-1502,O=Mercury Security Products\, LLC,L=Long Beach,ST=CA,C=US</example>
|
1139
|
+
<example hw.product="LP-1501" host.mac="000FE5091111">CN=MAC000FE5091111,OU=LP-1501,O=Mercury Security Products\, LLC,L=Long Beach,ST=CA,C=US,2.5.4.4=#111111111111111111</example>
|
1146
1140
|
<param pos="0" name="hw.vendor" value="Mercury Security"/>
|
1147
1141
|
<param pos="0" name="hw.device" value="Access Control"/>
|
1148
1142
|
<param pos="1" name="host.mac"/>
|
@@ -1242,7 +1236,7 @@
|
|
1242
1236
|
|
1243
1237
|
<fingerprint pattern="^CN=Canon (iR-[a-zA-Z0-9\.\-\_]+)$">
|
1244
1238
|
<description>Canon iR-ADV Printer with product info</description>
|
1245
|
-
<example os.product="iR-ADV">CN=Canon iR-ADV</example>
|
1239
|
+
<example os.product="iR-ADV" hw.product="iR-ADV">CN=Canon iR-ADV</example>
|
1246
1240
|
<param pos="0" name="hw.device" value="Printer"/>
|
1247
1241
|
<param pos="0" name="hw.vendor" value="Canon"/>
|
1248
1242
|
<param pos="0" name="os.device" value="Printer"/>
|
@@ -1307,20 +1301,28 @@
|
|
1307
1301
|
|
1308
1302
|
<fingerprint pattern="^CN=Ruckus Wireless ZoneDirector SN-(\d+),O=Ruckus Wireless\\, Inc\.,ST=CA,C=US$">
|
1309
1303
|
<description>Ruckus Zone Director</description>
|
1310
|
-
<example
|
1304
|
+
<example hw.serial_number="221301007591">CN=Ruckus Wireless ZoneDirector SN-221301007591,O=Ruckus Wireless\, Inc.,ST=CA,C=US</example>
|
1311
1305
|
<param pos="0" name="hw.device" value="Wireless Controller"/>
|
1312
1306
|
<param pos="0" name="hw.vendor" value="Ruckus"/>
|
1313
1307
|
<param pos="0" name="hw.product" value="Zone Director"/>
|
1314
|
-
<param pos="1" name="hw.serial_number"/>
|
1315
1308
|
<param pos="0" name="os.device" value="Wireless Controller"/>
|
1316
1309
|
<param pos="0" name="os.vendor" value="Ruckus"/>
|
1317
1310
|
<param pos="0" name="os.product" value="Zone Director"/>
|
1318
|
-
<param pos="1" name="
|
1311
|
+
<param pos="1" name="hw.serial_number"/>
|
1312
|
+
</fingerprint>
|
1313
|
+
|
1314
|
+
<fingerprint pattern="^CN=SN-(\d+),O=Ruckus Wireless Inc.,L=Sunnyvale,ST=California,C=US$">
|
1315
|
+
<description>Ruckus Wireless Access Point</description>
|
1316
|
+
<example hw.serial_number="010101010101">CN=SN-010101010101,O=Ruckus Wireless Inc.,L=Sunnyvale,ST=California,C=US</example>
|
1317
|
+
<param pos="0" name="hw.device" value="WAP"/>
|
1318
|
+
<param pos="0" name="hw.vendor" value="Ruckus"/>
|
1319
|
+
<param pos="0" name="hw.product" value="Access Point"/>
|
1320
|
+
<param pos="1" name="hw.serial_number"/>
|
1319
1321
|
</fingerprint>
|
1320
1322
|
|
1321
1323
|
<fingerprint pattern="^CN=DT([^\s]+) Series,O=NEC Corporation,ST=Tokyo,C=JP$">
|
1322
1324
|
<description>NEC DT Series IP Phone</description>
|
1323
|
-
<example>CN=DT800 Series,O=NEC Corporation,ST=Tokyo,C=JP</example>
|
1325
|
+
<example hw.product="800">CN=DT800 Series,O=NEC Corporation,ST=Tokyo,C=JP</example>
|
1324
1326
|
<param pos="0" name="os.vendor" value="NEC"/>
|
1325
1327
|
<param pos="0" name="os.device" value="VoIP"/>
|
1326
1328
|
<param pos="0" name="hw.vendor" value="NEC"/>
|
@@ -1469,9 +1471,10 @@
|
|
1469
1471
|
<param pos="0" name="hw.product" value="Sensor"/>
|
1470
1472
|
</fingerprint>
|
1471
1473
|
|
1472
|
-
<fingerprint pattern="^CN=HiveAP,OU=Default,O=Aerohive,ST=California,C=US$">
|
1474
|
+
<fingerprint pattern="^CN=HiveAP,OU=Default,O=Aerohive,(?:L=Sunnyvale,)?ST=California,C=US$">
|
1473
1475
|
<description>Aerohive Access Point</description>
|
1474
1476
|
<example>CN=HiveAP,OU=Default,O=Aerohive,ST=California,C=US</example>
|
1477
|
+
<example>CN=HiveAP,OU=Default,O=Aerohive,L=Sunnyvale,ST=California,C=US</example>
|
1475
1478
|
<param pos="0" name="hw.vendor" value="Aerohive"/>
|
1476
1479
|
<param pos="0" name="hw.device" value="WAP"/>
|
1477
1480
|
<param pos="0" name="hw.product" value="Access Point"/>
|
@@ -1654,4 +1657,102 @@
|
|
1654
1657
|
<param pos="1" name="host.name"/>
|
1655
1658
|
</fingerprint>
|
1656
1659
|
|
1660
|
+
<fingerprint pattern="^CN=Freebox Intermediate CA,O=Freebox,ST=France,C=FR$">
|
1661
|
+
<description>Freebox Device</description>
|
1662
|
+
<example>CN=Freebox Intermediate CA,O=Freebox,ST=France,C=FR</example>
|
1663
|
+
<param pos="0" name="hw.vendor" value="Freebox"/>
|
1664
|
+
</fingerprint>
|
1665
|
+
|
1666
|
+
<fingerprint pattern="^CN=TP-LINK CA,O=TP-LINK Technologies CO.\\, LTD.,L=Shenzhen,ST=Guangdong,C=CN(?:,\S+)?$">
|
1667
|
+
<description>TP-LINK Device</description>
|
1668
|
+
<example>CN=TP-LINK CA,O=TP-LINK Technologies CO.\, LTD.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c16736572766963654074702d6c696e6b2e636f6d2e636e</example>
|
1669
|
+
<param pos="0" name="hw.vendor" value="TP-LINK"/>
|
1670
|
+
</fingerprint>
|
1671
|
+
|
1672
|
+
<fingerprint pattern="^CN=BHA-([0-9a-fA-F]{12}),O=Bird Home Automation$">
|
1673
|
+
<description>Bird Home Automation</description>
|
1674
|
+
<example host.mac="0123456789AB">CN=BHA-0123456789AB,O=Bird Home Automation</example>
|
1675
|
+
<param pos="0" name="hw.device" value="Device"/>
|
1676
|
+
<param pos="0" name="hw.vendor" value="Bird Home Automation"/>
|
1677
|
+
<param pos="1" name="host.mac"/>
|
1678
|
+
</fingerprint>
|
1679
|
+
|
1680
|
+
<fingerprint pattern="^CN=\S+,OU=Media Server,O=Avaya Inc\.,C=US">
|
1681
|
+
<description>Avaya Media Server</description>
|
1682
|
+
<example>CN=192.168.0.3,OU=Media Server,O=Avaya Inc.,C=US</example>
|
1683
|
+
<param pos="0" name="os.vendor" value="Avaya"/>
|
1684
|
+
<param pos="0" name="os.device" value="Media Gateway"/>
|
1685
|
+
<param pos="0" name="os.product" value="Media Server"/>
|
1686
|
+
</fingerprint>
|
1687
|
+
|
1688
|
+
<fingerprint pattern="^CN=iSTAR Ultra">
|
1689
|
+
<description>iSTAR Ultra</description>
|
1690
|
+
<example>CN=iSTAR Ultra,OU=Access Control and Video Division,O=Johnson Controls,L=Westford,ST=Massachusetts,C=US</example>
|
1691
|
+
<param pos="0" name="os.vendor" value="Software House"/>
|
1692
|
+
<param pos="0" name="os.family" value="Linux"/>
|
1693
|
+
<param pos="0" name="os.product" value="{hw.product} Firmware"/>
|
1694
|
+
<param pos="0" name="hw.vendor" value="Software House"/>
|
1695
|
+
<param pos="0" name="hw.device" value="Access Control"/>
|
1696
|
+
<param pos="0" name="hw.family" value="iSTAR Door Controllers"/>
|
1697
|
+
<param pos="0" name="hw.product" value="iSTAR Ultra"/>
|
1698
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:swhouse:istar_ultra:-"/>
|
1699
|
+
</fingerprint>
|
1700
|
+
|
1701
|
+
<fingerprint pattern="^O=SpotteRF - NetworkedIO$">
|
1702
|
+
<description>SpotterRF</description>
|
1703
|
+
<example>O=SpotteRF - NetworkedIO</example>
|
1704
|
+
<param pos="0" name="os.vendor" value="SpotterRF"/>
|
1705
|
+
<param pos="0" name="os.family" value="Linux"/>
|
1706
|
+
<param pos="0" name="os.certainty" value="0.90"/>
|
1707
|
+
<param pos="0" name="hw.vendor" value="SpotterRF"/>
|
1708
|
+
<param pos="0" name="hw.device" value="Sensor"/>
|
1709
|
+
<param pos="0" name="hw.product" value="Drone Detector"/>
|
1710
|
+
</fingerprint>
|
1711
|
+
|
1712
|
+
<fingerprint pattern="(?i)^CN=.{0,1000}myboschcam.net,O=Bosch Sicherheitssysteme">
|
1713
|
+
<description>Bosch AutoDome IP Camera</description>
|
1714
|
+
<example>CN=local.myboschcam.net,O=Bosch Sicherheitssysteme GmbH,L=Grasbrunn,ST=Bayern,C=DE</example>
|
1715
|
+
<param pos="0" name="hw.vendor" value="Bosch"/>
|
1716
|
+
<param pos="0" name="hw.device" value="Web Cam"/>
|
1717
|
+
<param pos="0" name="hw.product" value="AutoDome"/>
|
1718
|
+
<param pos="0" name="hw.certainty" value="0.50"/>
|
1719
|
+
</fingerprint>
|
1720
|
+
|
1721
|
+
<fingerprint pattern="(?i)CN=(\w+),OU=BWI,O=Redline Communications Inc">
|
1722
|
+
<description>Redline Communication Radios</description>
|
1723
|
+
<example hw.product="an80i">CN=an80i,OU=BWI,O=Redline Communications Inc.,C=CA</example>
|
1724
|
+
<param pos="0" name="hw.vendor" value="Redline"/>
|
1725
|
+
<param pos="0" name="hw.device" value="WAP"/>
|
1726
|
+
<param pos="1" name="hw.product"/>
|
1727
|
+
</fingerprint>
|
1728
|
+
|
1729
|
+
<fingerprint pattern="(?i)CN=Vaddio Device,O=Vaddio,L=Minnetonka,ST=MN,C=US">
|
1730
|
+
<description>Vadio DocCom</description>
|
1731
|
+
<example>CN=Vaddio Device,O=Vaddio,L=Minnetonka,ST=MN,C=US</example>
|
1732
|
+
<param pos="0" name="hw.vendor" value="Vaddio"/>
|
1733
|
+
<param pos="0" name="hw.device" value="Web Cam"/>
|
1734
|
+
<param pos="0" name="hw.product" value="DocCam"/>
|
1735
|
+
<param pos="0" name="hw.certainty" value="0.50"/>
|
1736
|
+
</fingerprint>
|
1737
|
+
|
1738
|
+
<fingerprint pattern="(?i)CN=.{0,1000},OU=2N IP Intercoms,O=2N Telekomunikace a.s.,L=Prague,ST=Czech Republic,C=CZ">
|
1739
|
+
<description>2N IP Intercoms</description>
|
1740
|
+
<example>CN=11111111111d,OU=2N IP Intercoms,O=2N Telekomunikace a.s.,L=Prague,ST=Czech Republic,C=CZ</example>
|
1741
|
+
<param pos="0" name="hw.vendor" value="2N Telekomunikace"/>
|
1742
|
+
<param pos="0" name="hw.device" value="IP Camera"/>
|
1743
|
+
<param pos="0" name="hw.certainty" value="0.50"/>
|
1744
|
+
</fingerprint>
|
1745
|
+
|
1746
|
+
<fingerprint pattern="^CN=(.{1,256}),OU=PVE Cluster Node,O=Proxmox Virtual Environment$">
|
1747
|
+
<description>Proxmox open-source virtualization platform</description>
|
1748
|
+
<example host.name="pve.example.org">CN=pve.example.org,OU=PVE Cluster Node,O=Proxmox Virtual Environment</example>
|
1749
|
+
<param pos="1" name="host.name"/>
|
1750
|
+
<param pos="0" name="service.vendor" value="Proxmox"/>
|
1751
|
+
<param pos="0" name="service.product" value="Virtual Environment"/>
|
1752
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:proxmox:virtual_environment:-"/>
|
1753
|
+
<param pos="0" name="os.vendor" value="Proxmox"/>
|
1754
|
+
<param pos="0" name="os.family" value="Linux"/>
|
1755
|
+
<param pos="0" name="os.product" value="Proxmox"/>
|
1756
|
+
</fingerprint>
|
1757
|
+
|
1657
1758
|
</fingerprints>
|
data/recog.gemspec
CHANGED
@@ -12,7 +12,7 @@ Gem::Specification.new do |s|
|
|
12
12
|
s.email = [
|
13
13
|
'research@rapid7.com'
|
14
14
|
]
|
15
|
-
s.homepage = "https://www.github.com/rapid7/recog"
|
15
|
+
s.homepage = "https://www.github.com/rapid7/recog-ruby"
|
16
16
|
s.summary = %q{Network service fingerprint database, classes, and utilities}
|
17
17
|
s.description = %q{
|
18
18
|
Recog is a framework for identifying products, services, operating systems, and hardware by matching
|
@@ -20,9 +20,14 @@ Gem::Specification.new do |s|
|
|
20
20
|
information from web server banners, snmp system description fields, and a whole lot more.
|
21
21
|
}.gsub(/\s+/, ' ').strip
|
22
22
|
|
23
|
-
s.
|
24
|
-
s.
|
25
|
-
|
23
|
+
s.bindir = 'recog/bin'
|
24
|
+
s.files = %w(Gemfile Rakefile COPYING LICENSE README.md recog.gemspec .yardopts) +
|
25
|
+
Dir.glob('lib/**/*.rb') +
|
26
|
+
Dir.glob('spec/**/*') +
|
27
|
+
Dir.glob('recog/xml/*') +
|
28
|
+
Dir.glob('recog/bin/recog_match')
|
29
|
+
s.test_files = s.files.grep(%r{^(test|spec|features)/})
|
30
|
+
s.executables = s.files.grep(%r{^recog/bin/}).map{ |f| File.basename(f) }
|
26
31
|
s.require_paths = ['lib']
|
27
32
|
|
28
33
|
# ---- Dependencies ----
|
@@ -36,7 +41,6 @@ Gem::Specification.new do |s|
|
|
36
41
|
# markdown formatting for yard
|
37
42
|
s.add_development_dependency 'redcarpet'
|
38
43
|
end
|
39
|
-
s.add_development_dependency 'cucumber'
|
40
44
|
s.add_development_dependency 'aruba'
|
41
45
|
s.add_development_dependency 'simplecov'
|
42
46
|
|
@@ -0,0 +1 @@
|
|
1
|
+
HP LaserJet 4100 Series
|
@@ -0,0 +1 @@
|
|
1
|
+
HP LaserJet 2200
|
@@ -0,0 +1,8 @@
|
|
1
|
+
<fingerprints>
|
2
|
+
<fingerprint pattern="laserjet (.*)(?: series)?" flags="REG_ICASE">
|
3
|
+
<description>HP JetDirect Printer</description>
|
4
|
+
<example _filename="hp_printer_ex_01.txt"/>
|
5
|
+
<example _filename="hp_printer_ex_02.txt"/>
|
6
|
+
<param pos="0" name="service.vendor" value="HP"/>
|
7
|
+
</fingerprint>
|
8
|
+
</fingerprints>
|
data/spec/lib/recog/db_spec.rb
CHANGED
@@ -1,97 +1,120 @@
|
|
1
1
|
require 'recog/db'
|
2
2
|
|
3
3
|
describe Recog::DB do
|
4
|
-
let(:xml_file) { File.expand_path File.join('spec', 'data', 'test_fingerprints.xml') }
|
5
|
-
subject { Recog::DB.new(xml_file) }
|
6
4
|
|
7
5
|
describe "#fingerprints" do
|
8
|
-
|
6
|
+
context "with inline example content" do
|
7
|
+
let(:xml_file) { File.expand_path File.join('spec', 'data', 'test_fingerprints.xml') }
|
8
|
+
subject { Recog::DB.new(xml_file) }
|
9
9
|
|
10
|
-
|
10
|
+
subject(:fingerprints) { described_class.new(xml_file).fingerprints }
|
11
11
|
|
12
|
-
|
13
|
-
subject(:entry) { described_class.new(xml_file).fingerprints[0] }
|
12
|
+
it { is_expected.to be_a(Enumerable) }
|
14
13
|
|
15
|
-
|
16
|
-
|
17
|
-
end
|
14
|
+
context "with only a pattern" do
|
15
|
+
subject(:entry) { described_class.new(xml_file).fingerprints[0] }
|
18
16
|
|
19
|
-
|
20
|
-
|
21
|
-
|
17
|
+
it "has a blank name with no description" do
|
18
|
+
expect(entry.name).to be_empty
|
19
|
+
end
|
22
20
|
|
23
|
-
|
24
|
-
|
25
|
-
|
21
|
+
it "has a pattern" do
|
22
|
+
expect(entry.regex.source).to eq(".*\\(iSeries\\).*")
|
23
|
+
end
|
24
|
+
|
25
|
+
it "has no params" do
|
26
|
+
expect(entry.params).to be_empty
|
27
|
+
end
|
26
28
|
|
27
|
-
|
28
|
-
|
29
|
+
it "has no tests" do
|
30
|
+
expect(entry.tests).to be_empty
|
31
|
+
end
|
29
32
|
end
|
30
|
-
end
|
31
33
|
|
32
|
-
|
33
|
-
|
34
|
+
context "with params" do
|
35
|
+
subject(:entry) { described_class.new(xml_file).fingerprints[1] }
|
34
36
|
|
35
|
-
|
36
|
-
|
37
|
-
|
37
|
+
it "has a name" do
|
38
|
+
expect(entry.name).to eq('PalmOS')
|
39
|
+
end
|
38
40
|
|
39
|
-
|
40
|
-
|
41
|
-
|
41
|
+
it "has a pattern" do
|
42
|
+
expect(entry.regex.source).to eq(".*\\(PalmOS\\).*")
|
43
|
+
end
|
42
44
|
|
43
|
-
|
44
|
-
|
45
|
-
|
45
|
+
it "has params" do
|
46
|
+
expect(entry.params).to eq({"os.vendor"=>[1, "Palm"], "os.device"=>[2, "General"]})
|
47
|
+
end
|
46
48
|
|
47
|
-
|
48
|
-
|
49
|
+
it "has no tests" do
|
50
|
+
expect(entry.tests).to be_empty
|
51
|
+
end
|
49
52
|
end
|
50
|
-
end
|
51
53
|
|
52
|
-
|
53
|
-
|
54
|
+
context "with pattern flags" do
|
55
|
+
subject(:entry) { described_class.new(xml_file).fingerprints[2] }
|
54
56
|
|
55
|
-
|
56
|
-
|
57
|
-
|
57
|
+
it "has a name and only uses the first value" do
|
58
|
+
expect(entry.name).to eq('HP Designjet printer')
|
59
|
+
end
|
58
60
|
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
61
|
+
it 'creates a Regexp with expected flags' do
|
62
|
+
expect(entry.regex).to be_a(Regexp)
|
63
|
+
expect(entry.regex.options).to eq(Recog::Fingerprint::RegexpFactory::DEFAULT_FLAGS | Regexp::IGNORECASE)
|
64
|
+
end
|
63
65
|
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
66
|
+
it "has a pattern" do
|
67
|
+
expect(entry.regex).to be_a(Regexp)
|
68
|
+
expect(entry.regex.source).to eq("(designjet \\S+)")
|
69
|
+
end
|
70
|
+
|
71
|
+
it "has params" do
|
72
|
+
expect(entry.params).to eq({"service.vendor"=>[0, "HP"]})
|
73
|
+
end
|
68
74
|
|
69
|
-
|
70
|
-
|
75
|
+
it "has no tests" do
|
76
|
+
expect(entry.tests).to be_empty
|
77
|
+
end
|
71
78
|
end
|
72
79
|
|
73
|
-
|
74
|
-
|
80
|
+
context "with test" do
|
81
|
+
subject(:entry) { described_class.new(xml_file).fingerprints[3] }
|
82
|
+
|
83
|
+
it "has a name" do
|
84
|
+
expect(entry.name).to eq('HP JetDirect Printer')
|
85
|
+
end
|
86
|
+
|
87
|
+
it "has a pattern" do
|
88
|
+
expect(entry.regex.source).to eq("laserjet (.*)(?: series)?")
|
89
|
+
end
|
90
|
+
|
91
|
+
it "has params" do
|
92
|
+
expect(entry.params).to eq({"service.vendor"=>[0, "HP"]})
|
93
|
+
end
|
94
|
+
|
95
|
+
it "has tests" do
|
96
|
+
expect(entry.tests.map(&:content)).to match_array(["HP LaserJet 4100 Series", "HP LaserJet 2200"])
|
97
|
+
end
|
75
98
|
end
|
76
99
|
end
|
77
100
|
|
78
|
-
context "with
|
79
|
-
|
101
|
+
context "with external example content" do
|
102
|
+
let(:xml_file) { File.expand_path File.join('spec', 'data', 'external_example_fingerprint.xml') }
|
103
|
+
subject { Recog::DB.new(xml_file) }
|
80
104
|
|
81
|
-
|
82
|
-
expect(entry.name).to eq('HP JetDirect Printer')
|
83
|
-
end
|
105
|
+
subject(:entry) { described_class.new(xml_file).fingerprints[0] }
|
84
106
|
|
85
|
-
it "has
|
86
|
-
expect(entry.
|
107
|
+
it "has tests" do
|
108
|
+
expect(entry.tests.map(&:content)).to match_array(["HP LaserJet 4100 Series", "HP LaserJet 2200"])
|
87
109
|
end
|
110
|
+
end
|
88
111
|
|
89
|
-
|
90
|
-
|
91
|
-
|
112
|
+
context "with external example content illegal path" do
|
113
|
+
let(:xml_file) { File.expand_path File.join('spec', 'data', 'external_example_illegal_path_fingerprint.xml') }
|
114
|
+
subject { Recog::DB.new(xml_file) }
|
92
115
|
|
93
|
-
it "
|
94
|
-
expect
|
116
|
+
it "raises an illegal file path error" do
|
117
|
+
expect { subject }.to raise_error(/an example specifies an illegal file path '.+'/)
|
95
118
|
end
|
96
119
|
end
|
97
120
|
end
|