recog 2.3.21 → 3.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE +1 -1
- data/README.md +42 -16
- data/Rakefile +2 -9
- data/lib/recog/db.rb +2 -1
- data/lib/recog/db_manager.rb +1 -1
- data/lib/recog/fingerprint.rb +33 -6
- data/lib/recog/fingerprint_parse_error.rb +10 -0
- data/lib/recog/verifier.rb +9 -9
- data/lib/recog/verify_reporter.rb +17 -6
- data/lib/recog/version.rb +1 -1
- data/{bin → recog/bin}/recog_match +0 -1
- data/{xml → recog/xml}/apache_modules.xml +0 -0
- data/{xml → recog/xml}/apache_os.xml +98 -56
- data/{xml → recog/xml}/architecture.xml +15 -1
- data/recog/xml/dhcp_vendor_class.xml +206 -0
- data/{xml → recog/xml}/dns_versionbind.xml +16 -13
- data/{xml → recog/xml}/favicons.xml +297 -47
- data/{xml → recog/xml}/fingerprints.xsd +9 -1
- data/{xml → recog/xml}/ftp_banners.xml +160 -156
- data/{xml → recog/xml}/h323_callresp.xml +101 -101
- data/{xml → recog/xml}/hp_pjl_id.xml +84 -84
- data/{xml → recog/xml}/html_title.xml +727 -34
- data/{xml → recog/xml}/http_cookies.xml +160 -77
- data/{xml → recog/xml}/http_servers.xml +556 -283
- data/{xml → recog/xml}/http_wwwauth.xml +190 -75
- data/{xml → recog/xml}/imap_banners.xml +5 -5
- data/{xml → recog/xml}/ldap_searchresult.xml +0 -0
- data/{xml → recog/xml}/mdns_device-info_txt.xml +389 -26
- data/{xml → recog/xml}/mdns_workstation_txt.xml +0 -0
- data/{xml → recog/xml}/mysql_banners.xml +1 -1
- data/{xml → recog/xml}/mysql_error.xml +0 -0
- data/{xml → recog/xml}/nntp_banners.xml +11 -8
- data/{xml → recog/xml}/ntp_banners.xml +97 -97
- data/{xml → recog/xml}/operating_system.xml +95 -80
- data/{xml → recog/xml}/pop_banners.xml +23 -23
- data/{xml → recog/xml}/rsh_resp.xml +3 -3
- data/{xml → recog/xml}/rtsp_servers.xml +0 -0
- data/{xml → recog/xml}/sip_banners.xml +43 -5
- data/{xml → recog/xml}/sip_user_agents.xml +175 -27
- data/{xml → recog/xml}/smb_native_lm.xml +5 -5
- data/{xml → recog/xml}/smb_native_os.xml +25 -25
- data/{xml → recog/xml}/smtp_banners.xml +147 -146
- data/{xml → recog/xml}/smtp_debug.xml +0 -0
- data/{xml → recog/xml}/smtp_ehlo.xml +1 -1
- data/{xml → recog/xml}/smtp_expn.xml +0 -0
- data/{xml → recog/xml}/smtp_help.xml +11 -11
- data/{xml → recog/xml}/smtp_mailfrom.xml +0 -0
- data/{xml → recog/xml}/smtp_noop.xml +2 -2
- data/{xml → recog/xml}/smtp_quit.xml +0 -0
- data/{xml → recog/xml}/smtp_rcptto.xml +0 -0
- data/{xml → recog/xml}/smtp_rset.xml +0 -0
- data/{xml → recog/xml}/smtp_turn.xml +0 -0
- data/{xml → recog/xml}/smtp_vrfy.xml +0 -0
- data/{xml → recog/xml}/snmp_sysdescr.xml +1570 -1430
- data/{xml → recog/xml}/snmp_sysobjid.xml +38 -27
- data/{xml → recog/xml}/ssh_banners.xml +16 -10
- data/{xml → recog/xml}/telnet_banners.xml +238 -21
- data/{xml → recog/xml}/tls_jarm.xml +56 -6
- data/{xml → recog/xml}/x11_banners.xml +3 -3
- data/{xml → recog/xml}/x509_issuers.xml +49 -1
- data/{xml → recog/xml}/x509_subjects.xml +139 -38
- data/recog.gemspec +9 -5
- data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
- data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
- data/spec/data/external_example_fingerprint.xml +8 -0
- data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
- data/spec/lib/recog/db_spec.rb +84 -61
- data/spec/lib/recog/fingerprint_spec.rb +4 -4
- data/spec/lib/recog/verify_reporter_spec.rb +73 -4
- data/spec/spec_helper.rb +4 -0
- metadata +65 -134
- data/.github/ISSUE_TEMPLATE/bug_report.md +0 -37
- data/.github/ISSUE_TEMPLATE/feature_request.md +0 -17
- data/.github/ISSUE_TEMPLATE/fingerprint_request.md +0 -27
- data/.github/PULL_REQUEST_TEMPLATE +0 -24
- data/.github/SECURITY.md +0 -35
- data/.github/workflows/ci.yml +0 -26
- data/.gitignore +0 -23
- data/.rspec +0 -3
- data/.ruby-gemset +0 -1
- data/.ruby-version +0 -1
- data/.snyk +0 -10
- data/.travis.yml +0 -25
- data/CONTRIBUTING.md +0 -270
- data/bin/recog_cleanup +0 -16
- data/bin/recog_export +0 -81
- data/bin/recog_standardize +0 -148
- data/bin/recog_verify +0 -64
- data/cpe-remap.yaml +0 -343
- data/features/data/failing_banners_fingerprints.xml +0 -20
- data/features/data/matching_banners_fingerprints.xml +0 -23
- data/features/data/multiple_banners_fingerprints.xml +0 -32
- data/features/data/no_tests.xml +0 -3
- data/features/data/sample_banner.txt +0 -2
- data/features/data/successful_tests.xml +0 -18
- data/features/data/tests_with_failures.xml +0 -20
- data/features/data/tests_with_warnings.xml +0 -17
- data/features/match.feature +0 -36
- data/features/support/aruba.rb +0 -3
- data/features/support/env.rb +0 -6
- data/features/verify.feature +0 -48
- data/identifiers/README.md +0 -70
- data/identifiers/fields.txt +0 -104
- data/identifiers/hw_device.txt +0 -78
- data/identifiers/hw_family.txt +0 -113
- data/identifiers/hw_product.txt +0 -410
- data/identifiers/os_architecture.txt +0 -10
- data/identifiers/os_device.txt +0 -75
- data/identifiers/os_family.txt +0 -233
- data/identifiers/os_product.txt +0 -340
- data/identifiers/service_family.txt +0 -249
- data/identifiers/service_product.txt +0 -752
- data/identifiers/vendor.txt +0 -798
- data/lib/recog/verifier_factory.rb +0 -13
- data/misc/convert_mysql_err +0 -61
- data/misc/order.xsl +0 -17
- data/requirements.txt +0 -2
- data/spec/lib/fingerprint_self_test_spec.rb +0 -174
- data/update_cpes.py +0 -250
data/cpe-remap.yaml
DELETED
@@ -1,343 +0,0 @@
|
|
1
|
-
mappings:
|
2
|
-
# The following section contains CPE application or 'a' remappings. These will
|
3
|
-
# ONLY be used for mapping Recog 'service' attributes.
|
4
|
-
a:
|
5
|
-
akamai:
|
6
|
-
products:
|
7
|
-
ghost: akamaighost
|
8
|
-
amazon:
|
9
|
-
products:
|
10
|
-
s3: amazon_simple_storage_service
|
11
|
-
cloudfront_load_balancer: amazon_cloudfront
|
12
|
-
apache:
|
13
|
-
products:
|
14
|
-
httpd: http_server
|
15
|
-
aprelium_technologies:
|
16
|
-
vendor: aprelium
|
17
|
-
alt-n:
|
18
|
-
vendor: altn
|
19
|
-
aruba_networks:
|
20
|
-
vendor: arubanetworks
|
21
|
-
bea:
|
22
|
-
products:
|
23
|
-
weblogic: weblogic_server
|
24
|
-
blue_coat:
|
25
|
-
vendor: bluecoat
|
26
|
-
carnegie_mellon_university:
|
27
|
-
vendor: cmu
|
28
|
-
products:
|
29
|
-
cyrus_imap: cyrus_imap_server
|
30
|
-
centos_webpanel:
|
31
|
-
vendor: centos-webpanel
|
32
|
-
check_point:
|
33
|
-
vendor: checkpoint
|
34
|
-
cherokee_project:
|
35
|
-
vendor: cherokee-project
|
36
|
-
cisco:
|
37
|
-
products:
|
38
|
-
apic: application_policy_infrastructure_controller
|
39
|
-
cloudflare:
|
40
|
-
products:
|
41
|
-
cloudflare_load_balancer: load_balancing
|
42
|
-
cpanel:
|
43
|
-
products:
|
44
|
-
cpanel_service_daemon: cpanel
|
45
|
-
crushftp:
|
46
|
-
products:
|
47
|
-
crushftp_web_interface: crushftp
|
48
|
-
cz.nic:
|
49
|
-
vendor: knot-dns
|
50
|
-
drupal:
|
51
|
-
products:
|
52
|
-
cms: drupal
|
53
|
-
embedthis:
|
54
|
-
products:
|
55
|
-
goahead_webserver: goahead
|
56
|
-
envoy_proxy:
|
57
|
-
vendor: envoyproxy
|
58
|
-
f5:
|
59
|
-
products:
|
60
|
-
big-ip: big-ip_local_traffic_manager
|
61
|
-
big-ip_ltm: big-ip_local_traffic_manager
|
62
|
-
fedora_project:
|
63
|
-
vendor: fedoraproject
|
64
|
-
google:
|
65
|
-
products:
|
66
|
-
google_web_services: web_server
|
67
|
-
ibm:
|
68
|
-
products:
|
69
|
-
lotus_domino: lotus_domino_server
|
70
|
-
ibm_domino: lotus_domino
|
71
|
-
ignite_realtime:
|
72
|
-
vendor: igniterealtime
|
73
|
-
intel:
|
74
|
-
products:
|
75
|
-
intel(r)_active_management_technology: active_management_technology
|
76
|
-
intel(r)_standard_manageability: standard_manageability
|
77
|
-
jamf:
|
78
|
-
products:
|
79
|
-
jamf_pro: jamf
|
80
|
-
kibana:
|
81
|
-
vendor: elasticsearch
|
82
|
-
kubernetes:
|
83
|
-
products:
|
84
|
-
nginx_ingress_controller: ingress-nginx
|
85
|
-
kodi:
|
86
|
-
products:
|
87
|
-
media_server: kodi
|
88
|
-
kong:
|
89
|
-
vendor: konghq
|
90
|
-
products:
|
91
|
-
gateway: kong_gateway
|
92
|
-
litespeed_technologies:
|
93
|
-
vendor: litespeedtech
|
94
|
-
lotus:
|
95
|
-
vendor: ibm
|
96
|
-
lynx_technology:
|
97
|
-
vendor: lynxtechnology
|
98
|
-
products:
|
99
|
-
twonky_media_server: twonky_server
|
100
|
-
mailenable:
|
101
|
-
products:
|
102
|
-
mail_server: mailenable
|
103
|
-
manageengine:
|
104
|
-
vendor: zohocorp
|
105
|
-
products:
|
106
|
-
adaudit_plus: manageengine_adaudit_plus
|
107
|
-
desktop_central: manageengine_desktop_central
|
108
|
-
opmanager: manageengine_opmanager
|
109
|
-
microsoft:
|
110
|
-
products:
|
111
|
-
active_directory_controller: active_directory
|
112
|
-
exchange_server_5.5: exchange_server
|
113
|
-
exchange_2000_server: exchange_server
|
114
|
-
exchange_2003_server: exchange_server
|
115
|
-
exchange_2007_server: exchange_server
|
116
|
-
lightweight_directory_server: active_directory_lightweight_directory_service
|
117
|
-
pws: personal_web_server
|
118
|
-
mod_ssl:
|
119
|
-
vendor: modssl
|
120
|
-
mod_wsgi:
|
121
|
-
vendor: modwsgi
|
122
|
-
# NIST took the vendor name from the website but apparently missed the `.in`
|
123
|
-
# in moinmo.in was part of the name
|
124
|
-
moinmoin:
|
125
|
-
vendor: moinmo
|
126
|
-
mort_bay:
|
127
|
-
vendor: mortbay
|
128
|
-
munin:
|
129
|
-
vendor: munin-monitoring
|
130
|
-
nlnet_labs:
|
131
|
-
vendor: nlnetlabs
|
132
|
-
products:
|
133
|
-
dnsd: name_server_daemon
|
134
|
-
net-snmp:
|
135
|
-
products:
|
136
|
-
snmp_agent: net-snmp
|
137
|
-
owncloud:
|
138
|
-
products:
|
139
|
-
owncloud_server: owncloud
|
140
|
-
parallels:
|
141
|
-
products:
|
142
|
-
plesk: parallels_plesk_panel
|
143
|
-
plesk:
|
144
|
-
vendor: parallels
|
145
|
-
proftpd_project:
|
146
|
-
vendor: proftpd
|
147
|
-
progress:
|
148
|
-
products:
|
149
|
-
openedge_explorer: openedge
|
150
|
-
pulse_secure:
|
151
|
-
vendor: pulsesecure
|
152
|
-
realvnc_ltd.:
|
153
|
-
vendor: realvnc
|
154
|
-
red_hat:
|
155
|
-
vendor: redhat
|
156
|
-
products:
|
157
|
-
cygwin_x_server_project: cygwin
|
158
|
-
jboss_as: jboss_wildfly_application_server
|
159
|
-
jboss_eap: jboss_enterprise_application_platform
|
160
|
-
jbossweb: jboss_web_framework_kit
|
161
|
-
red_hat_directory_server: directory_server
|
162
|
-
serv-u:
|
163
|
-
vendor: solarwinds
|
164
|
-
squid_cache:
|
165
|
-
vendor: squid-cache
|
166
|
-
ssh_communications_security:
|
167
|
-
vendor: ssh
|
168
|
-
products:
|
169
|
-
ssh_tectia_server: tectia_server
|
170
|
-
standard_networks:
|
171
|
-
vendor: ipswitch
|
172
|
-
swagger:
|
173
|
-
vendor: smartbear
|
174
|
-
synology:
|
175
|
-
products:
|
176
|
-
dsm: diskstation_manager
|
177
|
-
tightvnc:
|
178
|
-
products:
|
179
|
-
desktop: tightvnc
|
180
|
-
tor_project:
|
181
|
-
vendor: torproject
|
182
|
-
traefik_labs:
|
183
|
-
vendor: traefik
|
184
|
-
products:
|
185
|
-
traefik_proxy: traefik
|
186
|
-
twistedmatrix:
|
187
|
-
products:
|
188
|
-
twisted_web: twistedweb
|
189
|
-
ubiquiti:
|
190
|
-
vendor: ui
|
191
|
-
vandyke_software:
|
192
|
-
vendor: vandyke
|
193
|
-
vmware:
|
194
|
-
products:
|
195
|
-
zimbra: zimbra_desktop
|
196
|
-
vcenter: vcenter_server
|
197
|
-
x.org:
|
198
|
-
products:
|
199
|
-
x.org_x11: x11
|
200
|
-
|
201
|
-
# The following section contains CPE operating system or 'o' remappings. These will
|
202
|
-
# ONLY be used for mapping Recog 'os' attributes.
|
203
|
-
o:
|
204
|
-
alpine:
|
205
|
-
vendor: alpinelinux
|
206
|
-
products:
|
207
|
-
linux: alpine_linux
|
208
|
-
apple:
|
209
|
-
products:
|
210
|
-
ios: iphone_os
|
211
|
-
brocade:
|
212
|
-
vendor: broadcom
|
213
|
-
products:
|
214
|
-
fabric_os: fabric_operating_system
|
215
|
-
centos:
|
216
|
-
products:
|
217
|
-
linux: centos
|
218
|
-
check_point:
|
219
|
-
vendor: checkpoint
|
220
|
-
cisco:
|
221
|
-
products:
|
222
|
-
adaptive_security_appliance: adaptive_security_appliance_software
|
223
|
-
nam: network_analysis_module_software
|
224
|
-
pix: pix_firewall_software
|
225
|
-
telepresence: telepresence_video_communication_server_software
|
226
|
-
vpn_3000_concentrator: vpn_3000_concentrator_series_software
|
227
|
-
wireless_lan_controller: wireless_lan_controller_software
|
228
|
-
citrix:
|
229
|
-
products:
|
230
|
-
netscaler: netscaler_firmware
|
231
|
-
netscaler_gateway: netscaler_gateway_firmware
|
232
|
-
cumulus:
|
233
|
-
vendor: cumulusnetworks
|
234
|
-
data_domain:
|
235
|
-
vendor: dell
|
236
|
-
products:
|
237
|
-
dd_os: emc_data_domain_os
|
238
|
-
debian:
|
239
|
-
products:
|
240
|
-
linux: debian_linux
|
241
|
-
hp:
|
242
|
-
products:
|
243
|
-
ilo: integrated_lights-out_firmware
|
244
|
-
ilo_firmware: integrated_lights-out_firmware
|
245
|
-
ilo_2: integrated_lights-out_2_firmware
|
246
|
-
ilo_3: integrated_lights-out_3_firmware
|
247
|
-
ilo_4: integrated_lights-out_4_firmware
|
248
|
-
ilo_5: integrated_lights-out_5_firmware
|
249
|
-
tru64_unix: tru64
|
250
|
-
ibm:
|
251
|
-
products:
|
252
|
-
os/400: os_400
|
253
|
-
i5/os: i5os
|
254
|
-
juniper:
|
255
|
-
products:
|
256
|
-
junos_os: junos
|
257
|
-
linux:
|
258
|
-
products:
|
259
|
-
linux: linux_kernel
|
260
|
-
microsoft:
|
261
|
-
products:
|
262
|
-
windows_server_2003_datacenter_edition: windows_server_2003
|
263
|
-
windows_server_2003_r2: windows_server_2003
|
264
|
-
windows_2008_r2: windows_server_2008
|
265
|
-
windows_server_2008_datacenter_edition: windows_server_2008
|
266
|
-
windows_server_2008_r2: windows_server_2008
|
267
|
-
windows_server_2008_r2_datacenter_edition: windows_server_2008
|
268
|
-
windows_server_2012_r2: windows_server_2012
|
269
|
-
nt: windows_nt
|
270
|
-
windows_nt_desktop: windows_nt
|
271
|
-
windows_nt_server: windows_nt
|
272
|
-
windows_server_2000: windows_2000
|
273
|
-
windows_2000_server: windows_2000
|
274
|
-
windows_2000_datacenter_server: windows_2000
|
275
|
-
oracle:
|
276
|
-
products:
|
277
|
-
ilom: integrated_lights_out_manager_firmware
|
278
|
-
palo_alto_networks:
|
279
|
-
vendor: paloaltonetworks
|
280
|
-
red_hat:
|
281
|
-
vendor: redhat
|
282
|
-
products:
|
283
|
-
fedora_core_linux: fedora_core
|
284
|
-
sun:
|
285
|
-
products:
|
286
|
-
solaris: sunos
|
287
|
-
ubiquiti:
|
288
|
-
vendor: ui
|
289
|
-
ubuntu:
|
290
|
-
vendor: canonical
|
291
|
-
products:
|
292
|
-
linux: ubuntu_linux
|
293
|
-
vmware:
|
294
|
-
products:
|
295
|
-
photon_linux: photon_os
|
296
|
-
vmware_esx_server: esx
|
297
|
-
vmware_esxi_server: esxi
|
298
|
-
wind_river:
|
299
|
-
vendor: windriver
|
300
|
-
|
301
|
-
# The following section contains CPE hardware or 'h' remappings. These will
|
302
|
-
# ONLY be used for mapping Recog 'hw' attributes.
|
303
|
-
h:
|
304
|
-
apple:
|
305
|
-
products:
|
306
|
-
imac_(retina_4k_21.5-inch_2019): imac
|
307
|
-
imac_(retina_5k_27-inch_2017): imac
|
308
|
-
imac_(retina_5k_27-inch_2019): imac
|
309
|
-
imac_(retina_5k_27-inch_2020): imac
|
310
|
-
macbook_air_(13-inch_2017): macbook_air
|
311
|
-
macbook_air_(m1_2020): macbook_air
|
312
|
-
macbook_air_(retina_13-inch_2018): macbook_air
|
313
|
-
macbook_air_(retina_13-inch_2019): macbook_air
|
314
|
-
macbook_air_(retina_13-inch_2020): macbook_air
|
315
|
-
macbook_pro_(13-inch_2018_four_thunderbolt_3_ports): macbook_pro
|
316
|
-
macbook_pro_(13-inch_2019_two_thunderbolt_3_ports): macbook_pro
|
317
|
-
macbook_pro_(13-inch_2020): macbook_pro
|
318
|
-
macbook_pro_(13-inch_m1_2020): macbook_pro
|
319
|
-
macbook_pro_(15-inch_2018): macbook_pro
|
320
|
-
macbook_pro_(15-inch_2019): macbook_pro
|
321
|
-
macbook_pro_(16-inch_2019): macbook_pro
|
322
|
-
macbook_pro_(retina_13-inch_early_2015): macbook_pro
|
323
|
-
macbook_pro_(retina_15-inch_mid_2015): macbook_pro
|
324
|
-
cisco:
|
325
|
-
products:
|
326
|
-
nam: network_analysis_module
|
327
|
-
citrix:
|
328
|
-
products:
|
329
|
-
netscaler_sdx_gateway: netscaler_sdx
|
330
|
-
emc:
|
331
|
-
products:
|
332
|
-
celerra: celerra_network_attached_storage
|
333
|
-
hp:
|
334
|
-
products:
|
335
|
-
ilo: integrated_lights-out
|
336
|
-
kace:
|
337
|
-
vendor: dell
|
338
|
-
products:
|
339
|
-
k1000: kace_k1000_systems_management_appliance
|
340
|
-
tandberg:
|
341
|
-
vendor: cisco
|
342
|
-
ubiquiti:
|
343
|
-
vendor: ui
|
@@ -1,20 +0,0 @@
|
|
1
|
-
<?xml version="1.0"?>
|
2
|
-
<fingerprints>
|
3
|
-
<fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-$">
|
4
|
-
<example>=(<*>)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(<*>)=-</example>
|
5
|
-
<description>Older Pure-FTPd versions</description>
|
6
|
-
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
7
|
-
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
8
|
-
<param pos="1" name="service.version"/>
|
9
|
-
</fingerprint>
|
10
|
-
<fingerprint pattern="^(\S+) FTP Server \(Solaris (\S+)\) ready\.?$" flags="REG_ICASE">
|
11
|
-
<description>SunOS/Solaris</description>
|
12
|
-
<example>example.com FTP server (Solaris 5.7) ready.</example>
|
13
|
-
<param pos="0" name="os.vendor" value="Sun"/>
|
14
|
-
<param pos="0" name="os.family" value="Solaris"/>
|
15
|
-
<param pos="0" name="os.product" value="Solaris"/>
|
16
|
-
<param pos="0" name="os.device" value="General"/>
|
17
|
-
<param pos="1" name="host.name"/>
|
18
|
-
<param pos="2" name="os.version"/>
|
19
|
-
</fingerprint>
|
20
|
-
</fingerprints>
|
@@ -1,23 +0,0 @@
|
|
1
|
-
<?xml version="1.0"?>
|
2
|
-
<fingerprints protocol="ftp" database_type="service">
|
3
|
-
<fingerprint pattern="^-{10} Welcome to Pure-FTPd (.*)-{10}$">
|
4
|
-
<example>---------- Welcome to Pure-FTPd ----------</example>
|
5
|
-
<description>Pure-FTPd
|
6
|
-
Config data can be zero or more of: [privsep] [TLS]
|
7
|
-
</description>
|
8
|
-
<param pos="1" name="pureftpd.config"/>
|
9
|
-
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
10
|
-
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
11
|
-
<param pos="0" name="service.protocol" value="ftp"/>
|
12
|
-
</fingerprint>
|
13
|
-
<fingerprint pattern="^(\S+) FTP Server \(SunOS (\S+)\) ready\.?$" flags="REG_ICASE">
|
14
|
-
<description>SunOS/Solaris</description>
|
15
|
-
<example>example.com FTP server (SunOS 5.7) ready.</example>
|
16
|
-
<param pos="0" name="os.vendor" value="Sun"/>
|
17
|
-
<param pos="0" name="os.family" value="Solaris"/>
|
18
|
-
<param pos="0" name="os.product" value="Solaris"/>
|
19
|
-
<param pos="0" name="os.device" value="General"/>
|
20
|
-
<param pos="1" name="host.name"/>
|
21
|
-
<param pos="2" name="os.version"/>
|
22
|
-
</fingerprint>
|
23
|
-
</fingerprints>
|
@@ -1,32 +0,0 @@
|
|
1
|
-
<?xml version="1.0"?>
|
2
|
-
<fingerprints>
|
3
|
-
<fingerprint pattern="FTP">
|
4
|
-
<example>---- FTP Stuff ----</example>
|
5
|
-
<example>FTP server</example>
|
6
|
-
<description>Generic FTP,
|
7
|
-
Checks for the existence of the word FTP in the line
|
8
|
-
</description>
|
9
|
-
<!-- Asserting nothing -->
|
10
|
-
</fingerprint>
|
11
|
-
<fingerprint pattern="^-{10} Welcome to Pure-FTPd (.*)-{10}$">
|
12
|
-
<example>---------- Welcome to Pure-FTPd ----------</example>
|
13
|
-
<description>Pure-FTPd
|
14
|
-
Config data can be zero or more of: [privsep] [TLS]
|
15
|
-
</description>
|
16
|
-
<param pos="1" name="pureftpd.config"/>
|
17
|
-
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
18
|
-
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
19
|
-
<param pos="0" name="service.protocol" value="ftp"/>
|
20
|
-
</fingerprint>
|
21
|
-
<fingerprint pattern="^(\S+) FTP Server \(SunOS (\S+)\) ready\.?$" flags="REG_ICASE">
|
22
|
-
<description>SunOS/Solaris</description>
|
23
|
-
<example>example.com FTP server (SunOS 5.7) ready.</example>
|
24
|
-
<param pos="0" name="service.protocol" value="ftp"/>
|
25
|
-
<param pos="0" name="os.vendor" value="Sun"/>
|
26
|
-
<param pos="0" name="os.family" value="Solaris"/>
|
27
|
-
<param pos="0" name="os.product" value="Solaris"/>
|
28
|
-
<param pos="0" name="os.device" value="General"/>
|
29
|
-
<param pos="1" name="host.name"/>
|
30
|
-
<param pos="2" name="os.version"/>
|
31
|
-
</fingerprint>
|
32
|
-
</fingerprints>
|
data/features/data/no_tests.xml
DELETED
@@ -1,18 +0,0 @@
|
|
1
|
-
<?xml version="1.0"?>
|
2
|
-
<fingerprints>
|
3
|
-
<fingerprint pattern="^Cisco-SIPGateway/IOS-([\d\.x]+)$">
|
4
|
-
<description>Cisco SIPGateway</description>
|
5
|
-
<example os.version="12.x">Cisco-SIPGateway/IOS-12.x</example>
|
6
|
-
<param pos="0" name="os.vendor" value="Cisco"/>
|
7
|
-
<param pos="0" name="os.product" value="IOS"/>
|
8
|
-
<param pos="1" name="os.version"/>
|
9
|
-
</fingerprint>
|
10
|
-
<fingerprint pattern="^bar ([\d.]+)$">
|
11
|
-
<description>bar test</description>
|
12
|
-
<example os.version="1.0" >bar 1.0</example>
|
13
|
-
<example os.version="2.0" >bar 2.0</example>
|
14
|
-
<example os.version="2.1" >bar 2.1</example>
|
15
|
-
<param pos="1" name="os.version" />
|
16
|
-
<param pos="0" name="os.name" value="Bar" />
|
17
|
-
</fingerprint>
|
18
|
-
</fingerprints>
|
@@ -1,20 +0,0 @@
|
|
1
|
-
<?xml version="1.0"?>
|
2
|
-
<fingerprints>
|
3
|
-
<fingerprint pattern="^foo$">
|
4
|
-
<description>foo test</description>
|
5
|
-
<!-- Fail: doesn't match -->
|
6
|
-
<example>bar</example>
|
7
|
-
</fingerprint>
|
8
|
-
<fingerprint pattern="^This matches$">
|
9
|
-
<!-- Warn: no name -->
|
10
|
-
<!-- Fail: doesn't match -->
|
11
|
-
<example>This almost matches</example>
|
12
|
-
</fingerprint>
|
13
|
-
<fingerprint pattern="^(\S+) ([\d.]+)$">
|
14
|
-
<description>bar test</description>
|
15
|
-
<!-- Fail: expected os.version doesn't match the capture group -->
|
16
|
-
<example os.version="5.0" >bar 1.0</example>
|
17
|
-
<param pos="2" name="os.version" />
|
18
|
-
<param pos="1" name="os.name" value="Bar" />
|
19
|
-
</fingerprint>
|
20
|
-
</fingerprints>
|
@@ -1,17 +0,0 @@
|
|
1
|
-
<?xml version="1.0"?>
|
2
|
-
<fingerprints>
|
3
|
-
<fingerprint pattern="^-{10} Welcome to Pure-FTPd (.*)-{10}$">
|
4
|
-
<example pureftpd.config="">---------- Welcome to Pure-FTPd ----------</example>
|
5
|
-
<description>Pure-FTPd</description>
|
6
|
-
<param pos="1" name="pureftpd.config"/>
|
7
|
-
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
8
|
-
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
9
|
-
</fingerprint>
|
10
|
-
<fingerprint pattern="^-{10} Welcome to Pure-FTPd (.*)-{10}$">
|
11
|
-
<!-- should warn with no examples -->
|
12
|
-
<description>Pure-FTPd</description>
|
13
|
-
<param pos="1" name="pureftpd.config"/>
|
14
|
-
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
15
|
-
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
16
|
-
</fingerprint>
|
17
|
-
</fingerprints>
|
data/features/match.feature
DELETED
@@ -1,36 +0,0 @@
|
|
1
|
-
Feature: Match
|
2
|
-
@no-clobber
|
3
|
-
Scenario: Finds matches
|
4
|
-
When I run `recog_match matching_banners_fingerprints.xml sample_banner.txt`
|
5
|
-
Then it should pass with:
|
6
|
-
"""
|
7
|
-
MATCH: {"matched"=>"Pure-FTPd Config data can be zero or more of: [privsep] [TLS]", "pureftpd.config"=>"[privsep] [TLS] ", "service.family"=>"Pure-FTPd", "service.product"=>"Pure-FTPd", "service.protocol"=>"ftp", "fingerprint_db"=>"matching_banners_fingerprints", "data"=>"---------- Welcome to Pure-FTPd [privsep] [TLS] ----------"}
|
8
|
-
MATCH: {"matched"=>"SunOS/Solaris", "os.vendor"=>"Sun", "os.family"=>"Solaris", "os.product"=>"Solaris", "os.device"=>"General", "host.name"=>"polaris", "os.version"=>"5.8", "service.protocol"=>"ftp", "fingerprint_db"=>"matching_banners_fingerprints", "data"=>"polaris FTP server (SunOS 5.8) ready."}
|
9
|
-
"""
|
10
|
-
|
11
|
-
@no-clobber
|
12
|
-
Scenario: Fails at finding matches
|
13
|
-
When I run `recog_match failing_banners_fingerprints.xml sample_banner.txt`
|
14
|
-
Then it should pass with:
|
15
|
-
"""
|
16
|
-
FAIL: ---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
|
17
|
-
FAIL: polaris FTP server (SunOS 5.8) ready
|
18
|
-
"""
|
19
|
-
|
20
|
-
@no-clobber
|
21
|
-
Scenario: Finds multiple matches
|
22
|
-
When I run `recog_match multiple_banners_fingerprints.xml sample_banner.txt --multi-match`
|
23
|
-
Then it should pass with:
|
24
|
-
"""
|
25
|
-
MATCHES: {"matched"=>"Generic FTP, Checks for the existence of the word FTP in the line", "service.protocol"=>"", "fingerprint_db"=>"multiple_banners_fingerprints", "data"=>"---------- Welcome to Pure-FTPd [privsep] [TLS] ----------"},{"matched"=>"Pure-FTPd Config data can be zero or more of: [privsep] [TLS]", "pureftpd.config"=>"[privsep] [TLS] ", "service.family"=>"Pure-FTPd", "service.product"=>"Pure-FTPd", "service.protocol"=>"ftp", "fingerprint_db"=>"multiple_banners_fingerprints", "data"=>"---------- Welcome to Pure-FTPd [privsep] [TLS] ----------"}
|
26
|
-
MATCHES: {"matched"=>"Generic FTP, Checks for the existence of the word FTP in the line", "service.protocol"=>"", "fingerprint_db"=>"multiple_banners_fingerprints", "data"=>"polaris FTP server (SunOS 5.8) ready."},{"matched"=>"SunOS/Solaris", "service.protocol"=>"ftp", "os.vendor"=>"Sun", "os.family"=>"Solaris", "os.product"=>"Solaris", "os.device"=>"General", "host.name"=>"polaris", "os.version"=>"5.8", "fingerprint_db"=>"multiple_banners_fingerprints", "data"=>"polaris FTP server (SunOS 5.8) ready."}
|
27
|
-
"""
|
28
|
-
|
29
|
-
@no-clobber
|
30
|
-
Scenario: Finds first matches using no-multi-match flag
|
31
|
-
When I run `recog_match multiple_banners_fingerprints.xml sample_banner.txt --no-multi-match`
|
32
|
-
Then it should pass with:
|
33
|
-
"""
|
34
|
-
MATCH: {"matched"=>"Generic FTP, Checks for the existence of the word FTP in the line", "service.protocol"=>"", "fingerprint_db"=>"multiple_banners_fingerprints", "data"=>"---------- Welcome to Pure-FTPd [privsep] [TLS] ----------"}
|
35
|
-
MATCH: {"matched"=>"Generic FTP, Checks for the existence of the word FTP in the line", "service.protocol"=>"", "fingerprint_db"=>"multiple_banners_fingerprints", "data"=>"polaris FTP server (SunOS 5.8) ready."}
|
36
|
-
"""
|
data/features/support/aruba.rb
DELETED
data/features/support/env.rb
DELETED
data/features/verify.feature
DELETED
@@ -1,48 +0,0 @@
|
|
1
|
-
Feature: Verify
|
2
|
-
@no-clobber
|
3
|
-
Scenario: No tests
|
4
|
-
When I run `recog_verify no_tests.xml`
|
5
|
-
Then it should pass with:
|
6
|
-
"""
|
7
|
-
SUMMARY: Test completed with 0 successful, 0 warnings, and 0 failures
|
8
|
-
"""
|
9
|
-
|
10
|
-
@no-clobber
|
11
|
-
Scenario: Successful tests
|
12
|
-
When I run `recog_verify successful_tests.xml`
|
13
|
-
Then it should pass with:
|
14
|
-
"""
|
15
|
-
SUMMARY: Test completed with 4 successful, 0 warnings, and 0 failures
|
16
|
-
"""
|
17
|
-
|
18
|
-
@no-clobber
|
19
|
-
Scenario: Tests with warnings, warnings enabled
|
20
|
-
When I run `recog_verify tests_with_warnings.xml`
|
21
|
-
Then it should fail with:
|
22
|
-
"""
|
23
|
-
WARN: 'Pure-FTPd' has no test cases
|
24
|
-
WARN: 'Pure-FTPd' is missing an example that checks for parameter 'pureftpd.config' messsage which is derived from a capture group
|
25
|
-
SUMMARY: Test completed with 1 successful, 2 warnings, and 0 failures
|
26
|
-
"""
|
27
|
-
And the exit status should be 2
|
28
|
-
|
29
|
-
@no-clobber
|
30
|
-
Scenario: Tests with warnings, warnings disabled
|
31
|
-
When I run `recog_verify --no-warnings tests_with_warnings.xml`
|
32
|
-
Then it should pass with:
|
33
|
-
"""
|
34
|
-
SUMMARY: Test completed with 1 successful, 0 warnings, and 0 failures
|
35
|
-
"""
|
36
|
-
|
37
|
-
@no-clobber
|
38
|
-
Scenario: Tests with failures
|
39
|
-
When I run `recog_verify tests_with_failures.xml`
|
40
|
-
Then it should fail with:
|
41
|
-
"""
|
42
|
-
FAIL: 'foo test' failed to match "bar" with (?-mix:^foo$)'
|
43
|
-
FAIL: '' failed to match "This almost matches" with (?-mix:^This matches$)'
|
44
|
-
FAIL: 'bar test's os.name is a non-zero pos but specifies a value of 'Bar'
|
45
|
-
FAIL: 'bar test' failed to find expected capture group os.version '5.0'. Result was 1.0
|
46
|
-
SUMMARY: Test completed with 0 successful, 0 warnings, and 4 failures
|
47
|
-
"""
|
48
|
-
And the exit status should be 4
|
data/identifiers/README.md
DELETED
@@ -1,70 +0,0 @@
|
|
1
|
-
# Recog: Identifiers
|
2
|
-
|
3
|
-
This directory contains lists of standard identifiers for mapping Recog matches.
|
4
|
-
The goal is define a standard set of constants to represent known software,
|
5
|
-
hardware, vendors, and categories.
|
6
|
-
|
7
|
-
This is currently incomplete and will be updated as standardization work moves
|
8
|
-
forward.
|
9
|
-
|
10
|
-
Fingerprints should use these identifiers whenever possible; if a different name
|
11
|
-
or syntax for a given identifier is preferred, this should be implemented in the
|
12
|
-
application through a mapping function.
|
13
|
-
|
14
|
-
## Lists
|
15
|
-
|
16
|
-
### Fields
|
17
|
-
|
18
|
-
`fields.txt` defines the various fields (`os.vendor`, etc.) used to assert
|
19
|
-
information about a match.
|
20
|
-
|
21
|
-
### Vendors
|
22
|
-
|
23
|
-
`vendor.txt` defines known vendor names, covering services, operating systems,
|
24
|
-
and hardware.
|
25
|
-
|
26
|
-
### Operating Systems
|
27
|
-
|
28
|
-
`os_architecture.txt` defines known CPU types.
|
29
|
-
|
30
|
-
`os_product.txt` defines known operating system names.
|
31
|
-
|
32
|
-
`os_family.txt` defines known operating system families.
|
33
|
-
|
34
|
-
`os_device.txt` defines known types of devices by function or purpose.
|
35
|
-
|
36
|
-
### Hardware
|
37
|
-
|
38
|
-
`hw_product.txt` defines known hardware product names.
|
39
|
-
|
40
|
-
`hw_family.txt` defines known hardware product families.
|
41
|
-
|
42
|
-
`hw_device.txt` defines known types of devices by function or purpose (overlaps
|
43
|
-
with `os_device.txt`).
|
44
|
-
|
45
|
-
### Services
|
46
|
-
|
47
|
-
`service_product.txt` defines known service product names.
|
48
|
-
|
49
|
-
`service_family.txt` defines known service product families.
|
50
|
-
|
51
|
-
### Software
|
52
|
-
|
53
|
-
`software_product.txt` defines known software product names.
|
54
|
-
|
55
|
-
`software_family.txt` defines known software product families.
|
56
|
-
|
57
|
-
`software_class.txt` defines known types of software by function or purpose.
|
58
|
-
|
59
|
-
## Pending Work
|
60
|
-
|
61
|
-
* All existing fingerprints should be correlated against these lists to
|
62
|
-
identify mismatches and updated accordingly.
|
63
|
-
|
64
|
-
* All net new identifiers from the existing fingerprints should be merged into
|
65
|
-
these lists.
|
66
|
-
|
67
|
-
* All fingerprint assertions should be enumerated, documented, and standardized
|
68
|
-
where possible (`host.mac`, etc).
|
69
|
-
|
70
|
-
* Hardware identifiers should be enumerated, consolidated, and standardized.
|