RubyGems - recog - Versions diffs - 2.3.22 → 2.3.23 - Mend

recog 2.3.22 → 2.3.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (69) hide show

checksums.yaml +4 -4
data/.github/workflows/ci.yml +1 -1
data/.github/workflows/verify.yml +1 -1
data/.vscode/bin/monitor-recog-fingerprints.sh +54 -0
data/.vscode/extensions.json +5 -0
data/.vscode/settings.json +8 -0
data/.vscode/tasks.json +77 -0
data/CONTRIBUTING.md +2 -0
data/bin/recog_verify +42 -7
data/cpe-remap.yaml +20 -2
data/features/data/schema_failure.xml +4 -0
data/features/data/tests_with_failures.xml +6 -0
data/features/support/hooks.rb +9 -0
data/features/verify.feature +81 -17
data/identifiers/hw_device.txt +2 -0
data/identifiers/hw_product.txt +2 -0
data/identifiers/os_device.txt +2 -0
data/identifiers/os_family.txt +1 -0
data/identifiers/os_product.txt +8 -1
data/identifiers/service_product.txt +14 -0
data/identifiers/vendor.txt +13 -1
data/lib/recog/fingerprint.rb +21 -7
data/lib/recog/fingerprint_parse_error.rb +10 -0
data/lib/recog/verifier.rb +4 -4
data/lib/recog/verify_reporter.rb +7 -6
data/lib/recog/version.rb +1 -1
data/requirements.txt +1 -1
data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
data/spec/data/external_example_fingerprint.xml +8 -0
data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
data/spec/lib/recog/db_spec.rb +84 -61
data/spec/lib/recog/fingerprint_spec.rb +4 -4
data/spec/lib/recog/verify_reporter_spec.rb +8 -8
data/update_cpes.py +129 -36
data/xml/apache_os.xml +61 -19
data/xml/architecture.xml +15 -1
data/xml/dhcp_vendor_class.xml +1 -1
data/xml/dns_versionbind.xml +16 -13
data/xml/favicons.xml +87 -5
data/xml/fingerprints.xsd +9 -1
data/xml/ftp_banners.xml +131 -141
data/xml/h323_callresp.xml +2 -2
data/xml/hp_pjl_id.xml +81 -81
data/xml/html_title.xml +178 -9
data/xml/http_cookies.xml +83 -27
data/xml/http_servers.xml +409 -269
data/xml/http_wwwauth.xml +70 -37
data/xml/imap_banners.xml +2 -2
data/xml/nntp_banners.xml +8 -5
data/xml/ntp_banners.xml +33 -33
data/xml/operating_system.xml +92 -77
data/xml/pop_banners.xml +17 -17
data/xml/sip_banners.xml +16 -5
data/xml/sip_user_agents.xml +122 -27
data/xml/smb_native_lm.xml +5 -5
data/xml/smb_native_os.xml +25 -25
data/xml/smtp_banners.xml +132 -131
data/xml/smtp_help.xml +1 -1
data/xml/snmp_sysdescr.xml +1227 -1227
data/xml/snmp_sysobjid.xml +2 -2
data/xml/ssh_banners.xml +9 -5
data/xml/telnet_banners.xml +49 -0
data/xml/tls_jarm.xml +22 -2
data/xml/x11_banners.xml +3 -3
data/xml/x509_issuers.xml +3 -2
data/xml/x509_subjects.xml +3 -3
metadata +19 -3
data/lib/recog/verifier_factory.rb +0 -13

data/xml/http_cookies.xml CHANGED Viewed

@@ -79,17 +79,31 @@
   <fingerprint pattern="^ANsession\d+=(\S+);">
     <description>Array Networks Secure Access Gateway / SSL VPN</description>
-    <example>ANsession0002262072457555=IPMI; path=/;secure</example>
+    <example cookie="IPMI">ANsession0002262072457555=IPMI; path=/;secure</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Array Networks"/>
     <param pos="0" name="service.family" value="Secure Access Gateway"/>
     <param pos="0" name="hw.device" value="VPN"/>
   </fingerprint>
-  <fingerprint pattern="^(Apache)=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.([0-9]+);">
-    <description>Apache</description>
-    <param pos="1" name="cookie"/>
-    <param pos="2" name="system.time.micros"/>
+  <fingerprint pattern="^Apache=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\.[0-9]+(?:\.[0-9]+)?;">
+    <description>Apache with session ID containing IP and timestamp (timestamp can be micros, millis or seconds)</description>
+    <example host.ip="10.10.130.165">Apache=10.10.130.165.1643670182768255; path=/</example>
+    <example host.ip="10.0.101.6">Apache=10.0.101.6.1643663969718158; path=/; expires=Wed, 31-Jan-24 21:19:29 GMT; domain=.contoso.com</example>
+    <example host.ip="10.10.20.18">Apache=10.10.20.18.1643510579.1915; domain=foo.com; path=/; expires=Mon, 30-Jan-2023 02:42:58 GMT</example>
+    <example host.ip="10.23.219.241">Apache=10.23.219.241.1643541709604; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT</example>
+    <param pos="0" name="cookie" value="Apache"/>
+    <param pos="1" name="host.ip"/>
+    <param pos="0" name="service.vendor" value="Apache"/>
+    <param pos="0" name="service.family" value="Apache"/>
+    <param pos="0" name="service.product" value="HTTPD"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Apache=[0-9a-z]{8}\.[0-9a-z]{13};">
+    <description>Apache with opaque session ID</description>
+    <example>Apache=1148b9c3.5d6e61e36f2f9; path=/; domain=.foo.com</example>
+    <param pos="0" name="cookie" value="Apache"/>
     <param pos="0" name="service.vendor" value="Apache"/>
     <param pos="0" name="service.family" value="Apache"/>
     <param pos="0" name="service.product" value="HTTPD"/>
@@ -123,27 +137,20 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:mozilla:bugzilla:-"/>
   </fingerprint>
-  <fingerprint pattern="^(WebLogicSession)=[^!]+![^!]+!([0-9]+);">
-    <description>BEA WebLogic (with timestamp)</description>
-    <param pos="1" name="cookie"/>
-    <param pos="2" name="system.time.millis"/>
-    <param pos="0" name="service.vendor" value="BEA"/>
-    <param pos="0" name="service.family" value="WebLogic"/>
-    <param pos="0" name="service.product" value="WebLogic"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
-  </fingerprint>
-  <fingerprint pattern="^(WebLogicSession)=">
+  <fingerprint pattern="^WebLogicSession=">
     <description>BEA WebLogic (no timestamp)</description>
-    <param pos="1" name="cookie"/>
+    <example>WebLogicSession=YfifY2Ck8aWILbJPiaoY3L8aKBjh2MZhUAjHXypG6IBwvWXrun3i|-3385140432258369694/-900104935/6/7009/7009/7010/7010/7009/-1; path=/</example>
+    <example>WebLogicSession=QKRlJZbj0b948CrXnoQw8FNuSWvO6fXaJNadlcCWwA3qm6CtqD5a; path=/</example>
+    <param pos="0" name="cookie" value="WebLogicSession"/>
     <param pos="0" name="service.vendor" value="BEA"/>
     <param pos="0" name="service.family" value="WebLogic"/>
     <param pos="0" name="service.product" value="WebLogic"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
   </fingerprint>
-  <fingerprint pattern="^(BCSI-CSC[0-9A-Za-z]+)=">
+  <fingerprint pattern="^(BCSI-CS-[0-9A-Za-z]+)=">
     <description>BlueCoat Proxy</description>
+    <example cookie="BCSI-CS-2f6c78bdf64f3b32">BCSI-CS-2f6c78bdf64f3b32=2; Path=/</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Blue Coat"/>
     <param pos="0" name="service.family" value="Proxy"/>
@@ -208,6 +215,7 @@
   <fingerprint pattern="^st8id=">
     <description>Citrix Application Protection System, Enterprise - http://support.citrix.com/article/CTX109330</description>
+    <example>st8id=1e1bcc1010b6de32734c584317443b31.00.641b86ac5ed3ebb0799138f83af9b63f;</example>
     <param pos="0" name="cookie" value="st8id"/>
     <param pos="0" name="service.vendor" value="Citrix"/>
     <param pos="0" name="service.family" value="Application Protection System"/>
@@ -271,7 +279,7 @@
   <fingerprint pattern="(?i)^(BIGipServer([^=]+))=">
     <description>F5 BIG-IP LTM - Server variant</description>
-    <example loadbalancer.poolname="CustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
+    <example loadbalancer.poolname="CustomerRP" cookie="BigIpServerCustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
     <param pos="1" name="cookie"/>
     <param pos="2" name="loadbalancer.poolname"/>
     <param pos="0" name="service.vendor" value="F5"/>
@@ -365,6 +373,9 @@
   <fingerprint pattern="^IBMCBR=">
     <description>IBM WebSphere Load Balancer</description>
+    <!-- Replace with a valid example if one is discovered -->
+    <example>IBMCBR=fakevalue</example>
     <param pos="0" name="cookie" value="IBMCBR"/>
     <param pos="0" name="service.vendor" value="IBM"/>
     <param pos="0" name="service.family" value="WebSphere"/>
@@ -382,12 +393,14 @@
   <fingerprint pattern="^_mastodon_session=">
     <description>Mastodon</description>
+    <example>_mastodon_session=U09wSzlaMHNuZVI3RGJjR1M2d2lqNFhXc1BXNlJtOXBueTdoM1J2Ykk3UjRXa2V3WkNUNm5BUmY4Z0NISk9FaEtrOVQrMXJCRldvbk1kY3BUaDZkMlRuZkNBUDVXU01EakN3S1JEZDdjbzhNQ0t5MHpXZE9WSGlTOVhKNkhlZWhlaWsxM3Mvd0poU1NHWkZjWUNucmJoeDdNdU85ekpkQVJSbkhDeXdKZ08wMkNuUm1BYnE3cGVBK2FBN1FTUU9SLS1EdUVoNWtLOFFWaWsxNmY2bzErbFVRPT0%3D--4b6087906fdfa25f0bfd46b13d3c1c3a9fb379cd; path=/; secure; HttpOnly</example>
     <param pos="0" name="cookie" value="_mastodon_session"/>
     <param pos="0" name="service.product" value="Mastodon"/>
   </fingerprint>
   <fingerprint pattern="^(MSCSAuth|MSCSProfile)=">
     <description>Microsoft Commerce Server - http://msdn2.microsoft.com/en-us/library/ms953828.aspx</description>
+    <example cookie="MSCSProfile">MSCSProfile=287001FD2674671C7869448243193407F294F4F921DD7D627A0F4EE0CC7F3FAC36B5E45588612D30B2A6C57F1D461CB5EE0887989EE7F09E4529B0795EF87BB095FFF1DE42BD5E8F00273BCAACB9DC80733367D09A4B6A48A6802C4DCD6EB029BF5B207BCE523E8BF2EE3EBCDF5776BAC6B6BCD4BF54EF9C178F9605E75D0DDA; path=/</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.family" value="Commerce Server"/>
@@ -399,7 +412,7 @@
     <description>Nextcloud</description>
     <example cookie="nc_sameSiteCookiestrict">nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict</example>
     <example cookie="nc_sameSiteCookielax">nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax</example>
-    <example>oc_sessionPassphrase=Y%2BZjBn8Gn%2B8jIJPVx468Tlt8qDNm%2B5IVXLxgtwlY%2BQU2T7edVmDS4091nQrT; path=/nextcloud; secure; HttpOnly</example>
+    <example cookie="oc_sessionPassphrase">oc_sessionPassphrase=Y%2BZjBn8Gn%2B8jIJPVx468Tlt8qDNm%2B5IVXLxgtwlY%2BQU2T7edVmDS4091nQrT; path=/nextcloud; secure; HttpOnly</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Nextcloud"/>
     <param pos="0" name="service.product" value="Nextcloud Server"/>
@@ -426,6 +439,8 @@
   <fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=">
     <description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
+    <example cookie="SS_X_CSINTERSESSIONID">SS_X_CSINTERSESSIONID=0001P73k2FUEYEU4Ks5TtKxcs2K:vv0b9pej; path=/</example>
+    <example cookie="CSINTERSESSIONID">CSINTERSESSIONID=0001xquPwAx2NFUFvi7yw-43f35:vv7sdeqs;Path=/</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="FatWire"/>
     <param pos="0" name="service.family" value="Content Server"/>
@@ -434,6 +449,7 @@
   <fingerprint pattern="^parkinglot=">
     <description>Oversee Webserver</description>
+    <example>parkinglot=1; domain=.foo.com; path=/; expires=Sun, 11-May-2008 13:51:17 GMT</example>
     <param pos="0" name="cookie" value="parkinglot"/>
     <param pos="0" name="service.vendor" value="Oversee"/>
     <param pos="0" name="service.family" value="Webserver"/>
@@ -491,6 +507,7 @@
   <fingerprint pattern="^NSES40Session=">
     <description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
+    <example>NSES40Session=2%253A3e57d375%253Adc59172283a7e72c;path=/;expires=Sat, 22-Feb-2003 20:15:57 GMT</example>
     <param pos="0" name="cookie" value="NSES40Session"/>
     <param pos="0" name="service.vendor" value="Sun"/>
     <param pos="0" name="service.family" value="Java System Web Server"/>
@@ -517,8 +534,10 @@
     <param pos="0" name="service.product" value="Sage X3 Syracuse Web Server"/>
   </fingerprint>
-  <fingerprint pattern="^(gx_session_id|JROUTE)=">
+  <fingerprint pattern="^(GX_SESSION_ID|JROUTE)=">
     <description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
+    <example cookie="GX_SESSION_ID">GX_SESSION_ID=ji7vouPhPt5CAtGF%2BWPMXBrhjjxWZAD9HRNeEEITGCA%3D</example>
+    <example cookie="JROUTE">JROUTE=KbDs; Path=/</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Sun"/>
     <param pos="0" name="service.family" value="Java System Application Server"/>
@@ -565,6 +584,7 @@
   <fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=">
     <description>Vignette</description>
+    <example cookie="vgnvisitor">vgnvisitor=2KM2OM00bZ40000PovANt0Dgn0; path=/; expires=Saturday, 06-Sep-2014 23:50:08 GMT</example>
     <param pos="1" name="cookie"/>
     <param pos="0" name="service.vendor" value="Vignette"/>
     <param pos="0" name="service.family" value="Vignette"/>
@@ -607,10 +627,11 @@
     <param pos="0" name="service.product" value="Zope"/>
   </fingerprint>
-  <fingerprint pattern="^(portal)=([0-9]+\.[0-9]+\.[0-9]+)">
+  <fingerprint pattern="^portal=([0-9]+\.[0-9]+\.[0-9]+)">
     <description>OracleAS Portal default cookie name - http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_f.htm</description>
-    <param pos="1" name="cookie"/>
-    <param pos="2" name="service.version"/>
+    <example service.version="2173348032.20480.0000">portal=2173348032.20480.0000;</example>
+    <param pos="0" name="cookie" value="portal"/>
+    <param pos="1" name="service.version"/>
     <param pos="0" name="service.vendor" value="Oracle"/>
     <param pos="0" name="service.family" value="OracleAS"/>
     <param pos="0" name="service.product" value="Application Server Portal"/>
@@ -650,6 +671,32 @@
     <param pos="0" name="service.certainty" value="0.5"/>
   </fingerprint>
+  <fingerprint pattern="^phpMyAdmin=">
+    <description>phpMyAdmin web interface for MySQL and MariaDB</description>
+    <example>phpMyAdmin=28600e9ff9772c871dacec70f9c5edaa; path=/; HttpOnly</example>
+    <param pos="0" name="service.vendor" value="phpMyAdmin"/>
+    <param pos="0" name="service.product" value="phpMyAdmin"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:phpmyadmin:phpmyadmin:-"/>
+  </fingerprint>
+  <fingerprint pattern="^(adminer_(?:sid|key))=">
+    <description>Adminer database management tool</description>
+    <example cookie="adminer_sid">adminer_sid=6580f6449f9572f817ec99600bc619d2; path=/; HttpOnly</example>
+    <example cookie="adminer_key">adminer_key=b8eebd6de0deabc8b30c26a67e01c5b9; path=/; HttpOnly; SameSite=lax</example>
+    <param pos="1" name="cookie"/>
+    <param pos="0" name="service.vendor" value="Adminer"/>
+    <param pos="0" name="service.product" value="Adminer"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:adminer:adminer:-"/>
+  </fingerprint>
+  <fingerprint pattern="^mongo-express=">
+    <description>mongo-express web-based MongoDB admin interface</description>
+    <example>mongo-express=s%3A1qAVXDHaoFE5J0G4wkYKfyjuv6_0Zd9E.l2DGc0YAb7MJQfUleYVEla5i79pbkhDYVayvCEPFCDc; Path=/; HttpOnly</example>
+    <param pos="0" name="service.vendor" value="mongo-express Project"/>
+    <param pos="0" name="service.product" value="mongo-express"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:mongo-express_project:mongo-express:-"/>
+  </fingerprint>
   <!--
         Ignore various cookies that are very generic cookies for session IDs
         that are not necessarily indicative of any particular
@@ -659,23 +706,32 @@
     -->
   <fingerprint pattern="(?i)^JSESSIONID(?:\.[^=]+)?=[^;]+;">
-    <description>Ignore simple JSESSIONID and related cookies</description>
+    <description>Ignore simple JSESSIONID and related cookies -- assert nothing</description>
     <example>JSESSIONID=6ooov35i4l3n36qtaf8csvg0;Path=/</example>
     <example>jsessionid=6nkp66iogcdc92720%2Dc6e4%2D4989%2Db7b2%2D5021624cfdff;Path=/;secure</example>
     <example>JSESSIONID.c00a9623=v216643eijh19p9duve5srgf;Path=/;HttpOnly</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
   <fingerprint pattern="(?i)^_?SESSION_?ID\s*=\s*[^;]+;">
-    <description>Ignore simple SESSIONID and related cookies</description>
+    <description>Ignore simple SESSIONID and related cookies -- assert nothing</description>
     <example>sessionId=7dba3249cfcd4b59854055311099a294; path=/;</example>
     <example>_session_id=7fe933db0fea13e9c872103ba2d142db; path=/; HttpOnly</example>
     <example>sessionId =0VrS6Ro6uC5QPXKgNdqGvyUgUFtUOVwv6OWAEWcWQ3jLRtAk2TVAgAApN9yTWVz;postId=; path=/;</example>
     <example>_session_id=18b3e173aa11db0533fd01752e81f583; path=/; HttpOnly</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
   <fingerprint pattern="(?i)^sid=[^;]+;">
-    <description>Ignore simple SID and related cookies</description>
+    <description>Ignore simple SID and related cookies -- assert nothing</description>
     <example>sid=sfd10bf73-654458f687aa3c68b3874915f651e0ca;path=/;"</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
   </fingerprint>
 </fingerprints>