recog 2.3.22 → 3.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (128) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +2 -0
  3. data/LICENSE +1 -1
  4. data/README.md +25 -16
  5. data/Rakefile +2 -9
  6. data/lib/recog/db_manager.rb +1 -1
  7. data/lib/recog/fingerprint.rb +21 -7
  8. data/lib/recog/fingerprint_parse_error.rb +10 -0
  9. data/lib/recog/match_reporter.rb +37 -3
  10. data/lib/recog/matcher.rb +5 -10
  11. data/lib/recog/verifier.rb +4 -4
  12. data/lib/recog/verify_reporter.rb +7 -6
  13. data/lib/recog/version.rb +1 -1
  14. data/{bin → recog/bin}/recog_match +20 -7
  15. data/{xml → recog/xml}/apache_modules.xml +0 -0
  16. data/{xml → recog/xml}/apache_os.xml +61 -19
  17. data/{xml → recog/xml}/architecture.xml +15 -1
  18. data/{xml → recog/xml}/dhcp_vendor_class.xml +10 -10
  19. data/{xml → recog/xml}/dns_versionbind.xml +16 -13
  20. data/{xml → recog/xml}/favicons.xml +167 -9
  21. data/{xml → recog/xml}/fingerprints.xsd +9 -1
  22. data/{xml → recog/xml}/ftp_banners.xml +131 -141
  23. data/{xml → recog/xml}/h323_callresp.xml +2 -2
  24. data/{xml → recog/xml}/hp_pjl_id.xml +81 -81
  25. data/{xml → recog/xml}/html_title.xml +250 -9
  26. data/{xml → recog/xml}/http_cookies.xml +111 -34
  27. data/{xml → recog/xml}/http_servers.xml +483 -270
  28. data/{xml → recog/xml}/http_wwwauth.xml +83 -37
  29. data/{xml → recog/xml}/imap_banners.xml +10 -10
  30. data/{xml → recog/xml}/ldap_searchresult.xml +0 -0
  31. data/{xml → recog/xml}/mdns_device-info_txt.xml +0 -0
  32. data/{xml → recog/xml}/mdns_workstation_txt.xml +0 -0
  33. data/{xml → recog/xml}/mysql_banners.xml +0 -0
  34. data/{xml → recog/xml}/mysql_error.xml +0 -0
  35. data/{xml → recog/xml}/nntp_banners.xml +8 -5
  36. data/{xml → recog/xml}/ntp_banners.xml +33 -33
  37. data/{xml → recog/xml}/operating_system.xml +92 -77
  38. data/{xml → recog/xml}/pop_banners.xml +25 -25
  39. data/{xml → recog/xml}/rsh_resp.xml +0 -0
  40. data/{xml → recog/xml}/rtsp_servers.xml +0 -0
  41. data/{xml → recog/xml}/sip_banners.xml +16 -5
  42. data/{xml → recog/xml}/sip_user_agents.xml +122 -27
  43. data/{xml → recog/xml}/smb_native_lm.xml +5 -5
  44. data/{xml → recog/xml}/smb_native_os.xml +25 -25
  45. data/{xml → recog/xml}/smtp_banners.xml +132 -131
  46. data/{xml → recog/xml}/smtp_debug.xml +0 -0
  47. data/{xml → recog/xml}/smtp_ehlo.xml +0 -0
  48. data/{xml → recog/xml}/smtp_expn.xml +0 -0
  49. data/{xml → recog/xml}/smtp_help.xml +1 -1
  50. data/{xml → recog/xml}/smtp_mailfrom.xml +0 -0
  51. data/{xml → recog/xml}/smtp_noop.xml +0 -0
  52. data/{xml → recog/xml}/smtp_quit.xml +0 -0
  53. data/{xml → recog/xml}/smtp_rcptto.xml +0 -0
  54. data/{xml → recog/xml}/smtp_rset.xml +0 -0
  55. data/{xml → recog/xml}/smtp_turn.xml +0 -0
  56. data/{xml → recog/xml}/smtp_vrfy.xml +0 -0
  57. data/{xml → recog/xml}/snmp_sysdescr.xml +1248 -1233
  58. data/{xml → recog/xml}/snmp_sysobjid.xml +13 -2
  59. data/{xml → recog/xml}/ssh_banners.xml +9 -5
  60. data/{xml → recog/xml}/telnet_banners.xml +83 -1
  61. data/{xml → recog/xml}/tls_jarm.xml +30 -2
  62. data/{xml → recog/xml}/x11_banners.xml +3 -3
  63. data/{xml → recog/xml}/x509_issuers.xml +24 -4
  64. data/{xml → recog/xml}/x509_subjects.xml +32 -3
  65. data/recog.gemspec +9 -5
  66. data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
  67. data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
  68. data/spec/data/external_example_fingerprint.xml +8 -0
  69. data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
  70. data/spec/lib/recog/db_spec.rb +84 -61
  71. data/spec/lib/recog/fingerprint_spec.rb +4 -4
  72. data/spec/lib/recog/match_reporter_spec.rb +22 -8
  73. data/spec/lib/recog/verify_reporter_spec.rb +8 -8
  74. data/spec/spec_helper.rb +4 -0
  75. data.tar.gz.sig +0 -0
  76. metadata +154 -142
  77. metadata.gz.sig +0 -0
  78. data/.github/ISSUE_TEMPLATE/bug_report.md +0 -37
  79. data/.github/ISSUE_TEMPLATE/feature_request.md +0 -17
  80. data/.github/ISSUE_TEMPLATE/fingerprint_request.md +0 -27
  81. data/.github/PULL_REQUEST_TEMPLATE +0 -24
  82. data/.github/SECURITY.md +0 -35
  83. data/.github/dependabot.yml +0 -8
  84. data/.github/workflows/ci.yml +0 -26
  85. data/.github/workflows/verify.yml +0 -89
  86. data/.gitignore +0 -23
  87. data/.rspec +0 -3
  88. data/.ruby-gemset +0 -1
  89. data/.ruby-version +0 -1
  90. data/.snyk +0 -10
  91. data/.travis.yml +0 -25
  92. data/CONTRIBUTING.md +0 -276
  93. data/bin/recog_cleanup +0 -16
  94. data/bin/recog_export +0 -81
  95. data/bin/recog_standardize +0 -163
  96. data/bin/recog_verify +0 -63
  97. data/cpe-remap.yaml +0 -356
  98. data/features/data/failing_banners_fingerprints.xml +0 -20
  99. data/features/data/matching_banners_fingerprints.xml +0 -23
  100. data/features/data/multiple_banners_fingerprints.xml +0 -32
  101. data/features/data/no_tests.xml +0 -3
  102. data/features/data/sample_banner.txt +0 -2
  103. data/features/data/successful_tests.xml +0 -18
  104. data/features/data/tests_with_failures.xml +0 -20
  105. data/features/data/tests_with_warnings.xml +0 -17
  106. data/features/match.feature +0 -36
  107. data/features/support/aruba.rb +0 -3
  108. data/features/support/env.rb +0 -6
  109. data/features/verify.feature +0 -48
  110. data/identifiers/README.md +0 -70
  111. data/identifiers/fields.txt +0 -105
  112. data/identifiers/hw_device.txt +0 -84
  113. data/identifiers/hw_family.txt +0 -121
  114. data/identifiers/hw_product.txt +0 -461
  115. data/identifiers/os_architecture.txt +0 -10
  116. data/identifiers/os_device.txt +0 -75
  117. data/identifiers/os_family.txt +0 -234
  118. data/identifiers/os_product.txt +0 -350
  119. data/identifiers/service_family.txt +0 -249
  120. data/identifiers/service_product.txt +0 -764
  121. data/identifiers/vendor.txt +0 -847
  122. data/lib/recog/verifier_factory.rb +0 -13
  123. data/misc/convert_mysql_err +0 -61
  124. data/misc/order.xsl +0 -17
  125. data/requirements.txt +0 -2
  126. data/spec/lib/fingerprint_self_test_spec.rb +0 -175
  127. data/tools/dev/hooks/pre-commit +0 -21
  128. data/update_cpes.py +0 -250
@@ -89,8 +89,8 @@
89
89
 
90
90
  <fingerprint pattern="^Microsoft Windows CE Version ([\d.]+)">
91
91
  <description>Windows CE</description>
92
- <example>Microsoft Windows CE Version 4.20 (Build 0)</example>
93
- <example>Microsoft Windows CE Version 4.20 (Build 1088)</example>
92
+ <example os.version="4.20">Microsoft Windows CE Version 4.20 (Build 0)</example>
93
+ <example os.version="4.20">Microsoft Windows CE Version 4.20 (Build 1088)</example>
94
94
  <param pos="0" name="os.vendor" value="Microsoft"/>
95
95
  <param pos="0" name="os.family" value="Windows"/>
96
96
  <param pos="0" name="os.product" value="Windows CE"/>
@@ -472,4 +472,15 @@
472
472
  <param pos="0" name="service.cpe23" value="cpe:/a:net-snmp:net-snmp:-"/>
473
473
  </fingerprint>
474
474
 
475
+ <fingerprint pattern="^1\.3\.6\.1\.4\.1\.11\.2\.3\.7\.11\.181\.21\sAruba\s(JL\d+A)\s(\d+[A-Z]?)\S+\sSwitch.+ROM\s([A-Z]+(?:\.\d+)+)">
476
+ <description>HP Aruba Network Switch</description>
477
+ <example hw.model="JL256A" hw.product="2930F" os.version="WC.16.01.0010">1.3.6.1.4.1.11.2.3.7.11.181.21 Aruba JL256A 2930F-48G-PoE+-4SFP+ Switch, revision WC.16.11.0004, ROM WC.16.01.0010</example>
478
+ <param pos="0" name="os.vendor" value="Aruba Networks"/>
479
+ <param pos="3" name="os.version"/>
480
+ <param pos="0" name="hw.vendor" value="Aruba Networks"/>
481
+ <param pos="2" name="hw.product"/>
482
+ <param pos="1" name="hw.model"/>
483
+ <param pos="0" name="hw.device" value="Switch"/>
484
+ </fingerprint>
485
+
475
486
  </fingerprints>
@@ -653,7 +653,7 @@
653
653
  <fingerprint pattern="^OpenSSH_(4\.2p1) (Debian-7ubuntu\d+(?:\.\d+)?)$">
654
654
  <description>OpenSSH running on Ubuntu 6.04</description>
655
655
  <example service.version="4.2p1" openssh.comment="Debian-7ubuntu3.1">OpenSSH_4.2p1 Debian-7ubuntu3.1</example>
656
- <example>OpenSSH_4.2p1 Debian-7ubuntu3.2</example>
656
+ <example service.version="4.2p1" openssh.comment="Debian-7ubuntu3.2">OpenSSH_4.2p1 Debian-7ubuntu3.2</example>
657
657
  <param pos="1" name="service.version"/>
658
658
  <param pos="2" name="openssh.comment"/>
659
659
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -686,9 +686,9 @@
686
686
  <fingerprint pattern="^OpenSSH_(4\.6p1) (Debian-5ubuntu\d+(?:\.\d+)?)$">
687
687
  <description>OpenSSH running on Ubuntu 7.10</description>
688
688
  <example service.version="4.6p1" openssh.comment="Debian-5ubuntu0.2">OpenSSH_4.6p1 Debian-5ubuntu0.2</example>
689
- <example>OpenSSH_4.6p1 Debian-5ubuntu0.5</example>
690
- <example>OpenSSH_4.6p1 Debian-5ubuntu0.6</example>
691
- <example>OpenSSH_4.6p1 Debian-5ubuntu0</example>
689
+ <example service.version="4.6p1" openssh.comment="Debian-5ubuntu0.5">OpenSSH_4.6p1 Debian-5ubuntu0.5</example>
690
+ <example service.version="4.6p1" openssh.comment="Debian-5ubuntu0.6">OpenSSH_4.6p1 Debian-5ubuntu0.6</example>
691
+ <example service.version="4.6p1" openssh.comment="Debian-5ubuntu0">OpenSSH_4.6p1 Debian-5ubuntu0</example>
692
692
  <param pos="1" name="service.version"/>
693
693
  <param pos="2" name="openssh.comment"/>
694
694
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -858,7 +858,7 @@
858
858
  <fingerprint pattern="^OpenSSH_(6\.0p1) (Debian-3ubuntu\d(?:\.\d)?)$">
859
859
  <description>OpenSSH running on Ubuntu 12.10</description>
860
860
  <example service.version="6.0p1" openssh.comment="Debian-3ubuntu1">OpenSSH_6.0p1 Debian-3ubuntu1</example>
861
- <example>OpenSSH_6.0p1 Debian-3ubuntu1.2</example>
861
+ <example service.version="6.0p1" openssh.comment="Debian-3ubuntu1.2">OpenSSH_6.0p1 Debian-3ubuntu1.2</example>
862
862
  <param pos="1" name="service.version"/>
863
863
  <param pos="2" name="openssh.comment"/>
864
864
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -1732,6 +1732,7 @@
1732
1732
 
1733
1733
  <fingerprint pattern="^SSH Protocol Compatible Server SCS (.*)$">
1734
1734
  <description>Netscreen with version</description>
1735
+ <example service.version="2.0">SSH Protocol Compatible Server SCS 2.0</example>
1735
1736
  <param pos="1" name="service.version"/>
1736
1737
  <param pos="0" name="service.vendor" value="Juniper"/>
1737
1738
  <param pos="0" name="service.family" value="NetScreen"/>
@@ -1859,6 +1860,7 @@
1859
1860
 
1860
1861
  <fingerprint pattern="^([\d.]{1,8}) sshlib: MOVEit DMZ SSH (.*)$">
1861
1862
  <description>MOVEit DMZ (which uses Bitvise sshlib)</description>
1863
+ <example service.component.version="1.29" service.version="3.0.5.0">1.29 sshlib: MOVEit DMZ SSH 3.0.5.0</example>
1862
1864
  <param pos="1" name="service.component.version"/>
1863
1865
  <param pos="2" name="service.version"/>
1864
1866
  <param pos="0" name="service.component.vendor" value="Bitvise"/>
@@ -1886,6 +1888,7 @@
1886
1888
 
1887
1889
  <fingerprint pattern="^Pragma SecureShell\s*(.*)$">
1888
1890
  <description>Pragma SecureShell</description>
1891
+ <example service.version="3.0">Pragma SecureShell 3.0</example>
1889
1892
  <param pos="1" name="service.version"/>
1890
1893
  <param pos="0" name="service.vendor" value="Pragma Systems"/>
1891
1894
  <param pos="0" name="service.family" value="FortressSSH Server"/>
@@ -2047,6 +2050,7 @@
2047
2050
 
2048
2051
  <fingerprint pattern="MultiNet">
2049
2052
  <description>Process Software MultiNet is a suite of network apps for OpenVMS</description>
2053
+ <example>Process Software SSH 6.1.5.0 MultiNet</example>
2050
2054
  <param pos="0" name="service.vendor" value="Process Software"/>
2051
2055
  <param pos="0" name="service.family" value="MultiNet"/>
2052
2056
  <param pos="0" name="service.product" value="MultiNet"/>
@@ -1095,7 +1095,7 @@
1095
1095
  </example>
1096
1096
  <param pos="0" name="os.vendor" value="Red Hat"/>
1097
1097
  <param pos="0" name="os.family" value="Linux"/>
1098
- <param pos="0" name="os.device" value="Linux"/>
1098
+ <param pos="0" name="os.product" value="Linux"/>
1099
1099
  <param pos="1" name="os.version"/>
1100
1100
  </fingerprint>
1101
1101
 
@@ -2238,6 +2238,55 @@
2238
2238
  <param pos="3" name="hw.version"/>
2239
2239
  </fingerprint>
2240
2240
 
2241
+ <fingerprint pattern="^(TAU-\d+[A-Z]*(?:\.IP)?) login:$$">
2242
+ <description>Eltex TAU model VoIP gateway</description>
2243
+ <example hw.product="TAU-8">TAU-8 login:</example>
2244
+ <example hw.product="TAU-2M.IP">TAU-2M.IP login:</example>
2245
+ <param pos="0" name="os.vendor" value="Eltex"/>
2246
+ <param pos="0" name="os.product" value="{hw.product} Firmware"/>
2247
+ <param pos="0" name="os.device" value="VoIP Gateway"/>
2248
+ <param pos="0" name="hw.vendor" value="Eltex"/>
2249
+ <param pos="1" name="hw.product"/>
2250
+ <param pos="0" name="hw.device" value="VoIP Gateway"/>
2251
+ </fingerprint>
2252
+
2253
+ <fingerprint pattern="(?m)^\**(?:\r|\n)*\**\s*Welcome to (SMG-?\d+[A-Z]?)\s*\**(?:\r|\n)*\**(?:\r|\n)+(\S+) login:\s*$">
2254
+ <description>Eltex SMG model VoIP gateway - banner with model number</description>
2255
+ <!--
2256
+ ********************************************
2257
+ * Welcome to SMG1016M *
2258
+ ********************************************
2259
+
2260
+ foo.bar.baz login:
2261
+ -->
2262
+ <example hw.product="SMG1016M" host.name="foo.bar.baz" _encoding="base64">
2263
+ DQ0KDQoNKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioNCg0qI
2264
+ CAgICAgICAgICAgV2VsY29tZSB0byBTTUcxMDE2TSAgICAgICAgICAgKg0KDSoqKioqKioqKi
2265
+ oqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqDQoNDQoNZm9vLmJhci5iYXogbG9
2266
+ naW46IA==
2267
+ </example>
2268
+ <param pos="0" name="os.vendor" value="Eltex"/>
2269
+ <param pos="0" name="os.product" value="{hw.product} Firmware"/>
2270
+ <param pos="0" name="os.device" value="VoIP Gateway"/>
2271
+ <param pos="0" name="hw.vendor" value="Eltex"/>
2272
+ <param pos="1" name="hw.product"/>
2273
+ <param pos="0" name="hw.device" value="VoIP Gateway"/>
2274
+ <param pos="2" name="host.name"/>
2275
+ </fingerprint>
2276
+
2277
+ <fingerprint pattern="^eltex-nv(\d+) login:$">
2278
+ <description>Eltex - NV model IPTV set top box</description>
2279
+ <example hw.model="101">eltex-nv101 login:</example>
2280
+ <example hw.product="NV102">eltex-nv102 login:</example>
2281
+ <param pos="0" name="os.vendor" value="Eltex"/>
2282
+ <param pos="0" name="os.product" value="{hw.product} Firmware"/>
2283
+ <param pos="0" name="os.device" value="IPTV"/>
2284
+ <param pos="1" name="hw.model"/>
2285
+ <param pos="0" name="hw.vendor" value="Eltex"/>
2286
+ <param pos="0" name="hw.product" value="NV{hw.model}"/>
2287
+ <param pos="0" name="hw.device" value="IPTV"/>
2288
+ </fingerprint>
2289
+
2241
2290
  <fingerprint pattern="&quot;BeerTemp&quot;:.*&quot;FridgeTemp&quot;:">
2242
2291
  <description>Fermentrack Beer Brewing Monitor</description>
2243
2292
  <example>T:{"BeerTemp":null,"BeerSet":null,"BeerAnn":null,"FridgeTemp":null,"FridgeSet":null,"FridgeAnn":null,"State":0}</example>
@@ -2245,4 +2294,37 @@
2245
2294
  <param pos="0" name="os.product" value="Fermentrack"/>
2246
2295
  </fingerprint>
2247
2296
 
2297
+ <fingerprint pattern="(?m)^Welcome to the SIGMA Spectrum Diagnostic Terminal(?:\r|\n)*Wireless Battery Module \(802\.11[abgn\/]+\)(?:\r|\n)*MAC Address: ((?:[0-9a-f]{2}-?){6}) SW: \d+[\sD]*\d+\s*(?:\r|\n)*Sigma Spectrum SN: (\d+) SW: v([\d.]+)(?:\r|\n)*Radio up since: [\w\s:]+(?:\r|\n)*login:\s*$">
2298
+ <description>Baxter SIGMA Spectrum Infusion System with Wireless Battery Module</description>
2299
+ <!--
2300
+ Welcome to the SIGMA Spectrum Diagnostic Terminal
2301
+
2302
+ Wireless Battery Module (802.11a/b/g/n)
2303
+ MAC Address: 00-40-9d-12-34-56 SW: 20 D29
2304
+ Sigma Spectrum SN: 1234567 SW: v8.00.01
2305
+ Radio up since: Fri Mar 1 03:14:24 2019
2306
+
2307
+ login:
2308
+ -->
2309
+
2310
+ <example host.mac="00-40-9d-12-34-56" hw.serial_number="1234567" os.version="8.00.01" _encoding="base64">
2311
+ V2VsY29tZSB0byB0aGUgU0lHTUEgU3BlY3RydW0gRGlhZ25vc3RpYyBUZXJtaW5hbA0KDQpXa
2312
+ XJlbGVzcyBCYXR0ZXJ5IE1vZHVsZSAoODAyLjExYS9iL2cvbikNCk1BQyBBZGRyZXNzOiAwMC
2313
+ 00MC05ZC0xMi0zNC01NiBTVzogMjAgRDI5DQpTaWdtYSBTcGVjdHJ1bSBTTjogMTIzNDU2NyB
2314
+ TVzogdjguMDAuMDENClJhZGlvIHVwIHNpbmNlOiBGcmkgTWFyICAxIDAzOjE0OjI0IDIwMTkN
2315
+ Cg0KbG9naW46IA==
2316
+ </example>
2317
+ <param pos="0" name="os.vendor" value="Baxter"/>
2318
+ <param pos="0" name="os.product" value="SIGMA Spectrum Infusion System Firmware"/>
2319
+ <param pos="0" name="os.device" value="Medical"/>
2320
+ <param pos="3" name="os.version"/>
2321
+ <param pos="0" name="os.cpe23" value="cpe:/o:baxter:sigma_spectrum_infusion_system_firmware:{os.version}"/>
2322
+ <param pos="0" name="hw.vendor" value="Baxter"/>
2323
+ <param pos="0" name="hw.product" value="SIGMA Spectrum Infusion System"/>
2324
+ <param pos="0" name="hw.device" value="Medical"/>
2325
+ <param pos="2" name="hw.serial_number"/>
2326
+ <param pos="0" name="hw.cpe23" value="cpe:/h:baxter:sigma_spectrum_infusion_system:-"/>
2327
+ <param pos="1" name="host.mac"/>
2328
+ </fingerprint>
2329
+
2248
2330
  </fingerprints>
@@ -56,9 +56,13 @@
56
56
  <param pos="0" name="os.device" value="Router"/>
57
57
  </fingerprint>
58
58
 
59
- <fingerprint pattern="^07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d$">
59
+ <fingerprint pattern="^07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d|07d14d16d21d21d07c42d43d000000f50d155305214cf247147c43c0f1a823|07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac|07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac|07d14d16d21d21d00007d14d07d21d0ae59125bcd90b8876b50928af8f6cd4$">
60
60
  <description>Metasploit listener</description>
61
+ <example>07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac</example>
62
+ <example>07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac</example>
63
+ <example>07d14d16d21d21d00007d14d07d21d0ae59125bcd90b8876b50928af8f6cd4</example>
61
64
  <example>07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d</example>
65
+ <example>07d14d16d21d21d07c42d43d000000f50d155305214cf247147c43c0f1a823</example>
62
66
  <param pos="0" name="service.vendor" value="Rapid7"/>
63
67
  <param pos="0" name="service.product" value="Metasploit"/>
64
68
  <param pos="0" name="service.cpe23" value="cpe:/a:rapid7:metasploit:-"/>
@@ -67,9 +71,10 @@
67
71
  <!-- This fingerprint matches Java's TLS stack,
68
72
  see https://blog.cobaltstrike.com/2020/12/08/a-red-teamer-plays-with-jarm/ for details -->
69
73
 
70
- <fingerprint pattern="^07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1$">
74
+ <fingerprint pattern="^07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1|07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2$">
71
75
  <description>Cobalt Strike listener</description>
72
76
  <example>07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1</example>
77
+ <example>07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2</example>
73
78
  <param pos="0" name="service.vendor" value="Strategic Cyber LLC"/>
74
79
  <param pos="0" name="service.product" value="Cobalt Strike Listener"/>
75
80
  <param pos="0" name="service.certainty" value="0.3"/>
@@ -159,4 +164,27 @@
159
164
  <param pos="0" name="service.product" value="Merlin"/>
160
165
  </fingerprint>
161
166
 
167
+ <fingerprint pattern="^21d14d00000000000021d14d21d21d16c46827964490e6024618c0a3d7d893$">
168
+ <description>Covenant .NET C2 framework</description>
169
+ <example>21d14d00000000000021d14d21d21d16c46827964490e6024618c0a3d7d893</example>
170
+ <param pos="0" name="service.product" value="Covenant"/>
171
+ </fingerprint>
172
+
173
+ <fingerprint pattern="^16d16d16d14d16d00016d16d16d16da6fda484e06f95db4f56339284c90672$">
174
+ <description>HP Printer</description>
175
+ <example>16d16d16d14d16d00016d16d16d16da6fda484e06f95db4f56339284c90672</example>
176
+ <param pos="0" name="hw.device" value="Printer"/>
177
+ <param pos="0" name="hw.vendor" value="HP"/>
178
+ <param pos="0" name="os.vendor" value="HP"/>
179
+ <param pos="0" name="os.device" value="Printer"/>
180
+ </fingerprint>
181
+
182
+ <fingerprint pattern="^27d27d27d00027d00041d41d00041dea7155aeeb5fe0855bcdf1e51aa692cd$">
183
+ <description>openHAB - open-source home automation</description>
184
+ <example>27d27d27d00027d00041d41d00041dea7155aeeb5fe0855bcdf1e51aa692cd</example>
185
+ <param pos="0" name="service.vendor" value="openHAB"/>
186
+ <param pos="0" name="service.product" value="openHAB"/>
187
+ <param pos="0" name="service.cpe23" value="cpe:/a:openhab:openhab:-"/>
188
+ </fingerprint>
189
+
162
190
  </fingerprints>
@@ -62,13 +62,13 @@
62
62
  <fingerprint pattern="^Fedora Project$">
63
63
  <description>Fedora Project</description>
64
64
  <example>Fedora Project</example>
65
- <param pos="0" name="os.vendor" value="Red Hat"/>
65
+ <param pos="0" name="os.vendor" value="Fedora Project"/>
66
66
  <param pos="0" name="service.vendor" value="X.Org"/>
67
67
  <param pos="0" name="service.product" value="X.Org X11"/>
68
68
  <param pos="0" name="service.cpe23" value="cpe:/a:x.org:x11:-"/>
69
- <param pos="0" name="os.product" value="Fedora Core Linux"/>
69
+ <param pos="0" name="os.product" value="Fedora Core"/>
70
70
  <param pos="0" name="os.family" value="Linux"/>
71
- <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:-"/>
71
+ <param pos="0" name="os.cpe23" value="cpe:/o:fedoraproject:fedora_core:-"/>
72
72
  </fingerprint>
73
73
 
74
74
  <fingerprint pattern="^freedesktop\.org$">
@@ -227,7 +227,7 @@
227
227
  <fingerprint pattern="^CN=Temporary CA [a-fA-F0-9]{8}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{12},OU=Temporary CA">
228
228
  <description>Cisco Video Communication Server</description>
229
229
  <example>CN=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74,OU=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74,O=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74</example>
230
- <param pos="0" name="hw.device" value="Video Conference"/>
230
+ <param pos="0" name="hw.device" value="Video Conferencing"/>
231
231
  <param pos="0" name="hw.vendor" value="Cisco"/>
232
232
  <param pos="0" name="hw.product" value="TelePresence"/>
233
233
  </fingerprint>
@@ -363,7 +363,7 @@
363
363
  <description>Avaya Video Conferencing Device - CU360</description>
364
364
  <example hw.serial_number="11YT11111111">CN=Avaya cu360 11YT11111111</example>
365
365
  <param pos="0" name="hw.vendor" value="Avaya"/>
366
- <param pos="0" name="hw.device" value="Video Conference"/>
366
+ <param pos="0" name="hw.device" value="Video Conferencing"/>
367
367
  <param pos="0" name="hw.product" value="CU360"/>
368
368
  <param pos="1" name="hw.serial_number"/>
369
369
  </fingerprint>
@@ -377,10 +377,11 @@
377
377
  </fingerprint>
378
378
 
379
379
  <fingerprint pattern="(?i)^CN=\S+,OU=FreshTomato Team,O=FreshTomato,L=Columbus,ST=Ohio,C=US(?:.*)$">
380
- <description>FreshTomato Router Fireware</description>
380
+ <description>FreshTomato Router Firmware</description>
381
381
  <example>CN=192.168.1.1,OU=FreshTomato Team,O=FreshTomato,L=Columbus,ST=Ohio,C=US</example>
382
382
  <param pos="0" name="os.vendor" value="FreshTomato"/>
383
- <param pos="0" name="os.product" value="Linux"/>
383
+ <param pos="0" name="os.family" value="Linux"/>
384
+ <param pos="0" name="os.product" value="FreshTomato"/>
384
385
  <param pos="0" name="os.device" value="Router"/>
385
386
  </fingerprint>
386
387
 
@@ -393,4 +394,23 @@
393
394
  <param pos="2" name="host.mac"/>
394
395
  </fingerprint>
395
396
 
397
+ <fingerprint pattern="^CN=Proxmox Virtual Environment,OU=[a-f0-9-]+,O=PVE Cluster Manager CA$">
398
+ <description>Proxmox open-source virtualization platform</description>
399
+ <example>CN=Proxmox Virtual Environment,OU=dd69676f-e203-490e-b040-79b75ed6a9d7,O=PVE Cluster Manager CA</example>
400
+ <param pos="0" name="service.vendor" value="Proxmox"/>
401
+ <param pos="0" name="service.product" value="Virtual Environment"/>
402
+ <param pos="0" name="service.cpe23" value="cpe:/a:proxmox:virtual_environment:-"/>
403
+ <param pos="0" name="os.vendor" value="Proxmox"/>
404
+ <param pos="0" name="os.family" value="Linux"/>
405
+ <param pos="0" name="os.product" value="Proxmox"/>
406
+ </fingerprint>
407
+
408
+ <fingerprint pattern="^CN=minikubeCA$">
409
+ <description>Kubernetes minikube</description>
410
+ <example>CN=minikubeCA</example>
411
+ <param pos="0" name="service.vendor" value="Kubernetes"/>
412
+ <param pos="0" name="service.product" value="minikube"/>
413
+ <param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:minikube:-"/>
414
+ </fingerprint>
415
+
396
416
  </fingerprints>
@@ -248,7 +248,7 @@
248
248
  <fingerprint pattern="^CN=OA\-([a-fA-F0-9]+),OU=Onboard Administrator,">
249
249
  <description>HP iLO (Onboard Administrator)</description>
250
250
  <example host.mac="001F296E21A3">CN=OA-001F296E21A3,OU=Onboard Administrator,O=Corp.,L=Location,ST=N/A,C=US</example>
251
- <example>CN=OA-80C16E999999,OU=Onboard Administrator,O=Hewlett-Packard</example>
251
+ <example host.mac="80C16E999999">CN=OA-80C16E999999,OU=Onboard Administrator,O=Hewlett-Packard</example>
252
252
  <param pos="0" name="hw.device" value="Lights Out Management"/>
253
253
  <param pos="0" name="hw.vendor" value="HP"/>
254
254
  <param pos="0" name="hw.family" value="iLO"/>
@@ -353,8 +353,8 @@
353
353
 
354
354
  <fingerprint pattern="^CN=HP Jetdirect [a-zA-Z0-9]+,OU=([a-fA-F0-9]{12})\+OU=([a-zA-Z0-9]+),O=Hewlett-Packard Co\.$">
355
355
  <description>HP Jet Direct - with host MAC and product</description>
356
- <example host.mac="2C413883186A" hw.product="J8028E">CN=HP Jetdirect 38831831,OU=2C413883186A+OU=J8028E,O=Hewlett-Packard Co.</example>
357
- <example os.product="J8016E">CN=HP Jetdirect FBFA31E7,OU=8851FBE33ABB+OU=J8016E,O=Hewlett-Packard Co.</example>
356
+ <example host.mac="2C413883186A" hw.product="J8028E" os.product="J8028E">CN=HP Jetdirect 38831831,OU=2C413883186A+OU=J8028E,O=Hewlett-Packard Co.</example>
357
+ <example os.product="J8016E" host.mac="8851FBE33ABB" hw.product="J8016E">CN=HP Jetdirect FBFA31E7,OU=8851FBE33ABB+OU=J8016E,O=Hewlett-Packard Co.</example>
358
358
  <param pos="0" name="hw.device" value="Printer"/>
359
359
  <param pos="0" name="hw.vendor" value="HP"/>
360
360
  <param pos="0" name="hw.family" value="JetDirect"/>
@@ -1755,4 +1755,33 @@
1755
1755
  <param pos="0" name="os.product" value="Proxmox"/>
1756
1756
  </fingerprint>
1757
1757
 
1758
+ <fingerprint pattern="^CN=(\S{1,512}),OU=Endpoint Health,O=Duo Security\\, Inc.,L=Ann Arbor,ST=Michigan,C=US(?:,\S+)?$">
1759
+ <description>Duo Device Health</description>
1760
+ <example host.name="127.0.0.1">CN=127.0.0.1,OU=Endpoint Health,O=Duo Security\, Inc.,L=Ann Arbor,ST=Michigan,C=US,1.2.840.113549.1.9.1=#0c1e656e64706f696e746865616c74684064756f73656375726974792e636f6d</example>
1761
+ <param pos="0" name="service.vendor" value="Duo"/>
1762
+ <param pos="0" name="service.product" value="Duo Device Health"/>
1763
+ <param pos="1" name="host.name"/>
1764
+ </fingerprint>
1765
+
1766
+ <fingerprint pattern="^CN=(\S{1,512}),OU=Mac Certifier,O=Duo Security\\, Inc.,L=Ann Arbor,ST=Michigan,C=US(?:,\S+)?$">
1767
+ <description>Duo Certifier</description>
1768
+ <example host.name="localhost">CN=localhost,OU=Mac Certifier,O=Duo Security\, Inc.,L=Ann Arbor,ST=Michigan,C=US,1.2.840.113549.1.9.1=#0c18656e64706f696e744064756f73656375726974792e636f6d</example>
1769
+ <param pos="0" name="service.vendor" value="Duo"/>
1770
+ <param pos="0" name="service.product" value="Duo Certifier"/>
1771
+ <param pos="0" name="os.vendor" value="Apple"/>
1772
+ <param pos="0" name="os.family" value="Mac OS"/>
1773
+ <param pos="0" name="os.product" value="Mac OS"/>
1774
+ <param pos="0" name="os.cpe23" value="cpe:/o:apple:macos:-"/>
1775
+ <param pos="1" name="host.name"/>
1776
+ </fingerprint>
1777
+
1778
+ <fingerprint pattern="^CN=(\S{1,512}),OU=Zimbra Collaboration Server$">
1779
+ <description>Zimbra Collaboration Server</description>
1780
+ <example host.name="foo.bar">CN=foo.bar,OU=Zimbra Collaboration Server</example>
1781
+ <param pos="0" name="service.vendor" value="Zimbra"/>
1782
+ <param pos="0" name="service.product" value="Collaboration Server"/>
1783
+ <param pos="0" name="service.cpe23" value="cpe:/a:zimbra:collaboration_server:-"/>
1784
+ <param pos="1" name="host.name"/>
1785
+ </fingerprint>
1786
+
1758
1787
  </fingerprints>
data/recog.gemspec CHANGED
@@ -12,7 +12,7 @@ Gem::Specification.new do |s|
12
12
  s.email = [
13
13
  'research@rapid7.com'
14
14
  ]
15
- s.homepage = "https://www.github.com/rapid7/recog"
15
+ s.homepage = "https://www.github.com/rapid7/recog-ruby"
16
16
  s.summary = %q{Network service fingerprint database, classes, and utilities}
17
17
  s.description = %q{
18
18
  Recog is a framework for identifying products, services, operating systems, and hardware by matching
@@ -20,9 +20,14 @@ Gem::Specification.new do |s|
20
20
  information from web server banners, snmp system description fields, and a whole lot more.
21
21
  }.gsub(/\s+/, ' ').strip
22
22
 
23
- s.files = `git ls-files`.split("\n")
24
- s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
25
- s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
23
+ s.bindir = 'recog/bin'
24
+ s.files = %w(Gemfile Rakefile COPYING LICENSE README.md recog.gemspec .yardopts) +
25
+ Dir.glob('lib/**/*.rb') +
26
+ Dir.glob('spec/**/*') +
27
+ Dir.glob('recog/xml/*') +
28
+ Dir.glob('recog/bin/recog_match')
29
+ s.test_files = s.files.grep(%r{^(test|spec|features)/})
30
+ s.executables = s.files.grep(%r{^recog/bin/}).map{ |f| File.basename(f) }
26
31
  s.require_paths = ['lib']
27
32
 
28
33
  # ---- Dependencies ----
@@ -36,7 +41,6 @@ Gem::Specification.new do |s|
36
41
  # markdown formatting for yard
37
42
  s.add_development_dependency 'redcarpet'
38
43
  end
39
- s.add_development_dependency 'cucumber'
40
44
  s.add_development_dependency 'aruba'
41
45
  s.add_development_dependency 'simplecov'
42
46
 
@@ -0,0 +1 @@
1
+ HP LaserJet 4100 Series
@@ -0,0 +1 @@
1
+ HP LaserJet 2200
@@ -0,0 +1,8 @@
1
+ <fingerprints>
2
+ <fingerprint pattern="laserjet (.*)(?: series)?" flags="REG_ICASE">
3
+ <description>HP JetDirect Printer</description>
4
+ <example _filename="hp_printer_ex_01.txt"/>
5
+ <example _filename="hp_printer_ex_02.txt"/>
6
+ <param pos="0" name="service.vendor" value="HP"/>
7
+ </fingerprint>
8
+ </fingerprints>
@@ -0,0 +1,7 @@
1
+ <fingerprints>
2
+ <fingerprint pattern="laserjet (.*)(?: series)?" flags="REG_ICASE">
3
+ <description>HP JetDirect Printer</description>
4
+ <example _filename="../bad_path.txt"/>
5
+ <param pos="0" name="service.vendor" value="HP"/>
6
+ </fingerprint>
7
+ </fingerprints>
@@ -1,97 +1,120 @@
1
1
  require 'recog/db'
2
2
 
3
3
  describe Recog::DB do
4
- let(:xml_file) { File.expand_path File.join('spec', 'data', 'test_fingerprints.xml') }
5
- subject { Recog::DB.new(xml_file) }
6
4
 
7
5
  describe "#fingerprints" do
8
- subject(:fingerprints) { described_class.new(xml_file).fingerprints }
6
+ context "with inline example content" do
7
+ let(:xml_file) { File.expand_path File.join('spec', 'data', 'test_fingerprints.xml') }
8
+ subject { Recog::DB.new(xml_file) }
9
9
 
10
- it { is_expected.to be_a(Enumerable) }
10
+ subject(:fingerprints) { described_class.new(xml_file).fingerprints }
11
11
 
12
- context "with only a pattern" do
13
- subject(:entry) { described_class.new(xml_file).fingerprints[0] }
12
+ it { is_expected.to be_a(Enumerable) }
14
13
 
15
- it "has a blank name with no description" do
16
- expect(entry.name).to be_empty
17
- end
14
+ context "with only a pattern" do
15
+ subject(:entry) { described_class.new(xml_file).fingerprints[0] }
18
16
 
19
- it "has a pattern" do
20
- expect(entry.regex.source).to eq(".*\\(iSeries\\).*")
21
- end
17
+ it "has a blank name with no description" do
18
+ expect(entry.name).to be_empty
19
+ end
22
20
 
23
- it "has no params" do
24
- expect(entry.params).to be_empty
25
- end
21
+ it "has a pattern" do
22
+ expect(entry.regex.source).to eq(".*\\(iSeries\\).*")
23
+ end
24
+
25
+ it "has no params" do
26
+ expect(entry.params).to be_empty
27
+ end
26
28
 
27
- it "has no tests" do
28
- expect(entry.tests).to be_empty
29
+ it "has no tests" do
30
+ expect(entry.tests).to be_empty
31
+ end
29
32
  end
30
- end
31
33
 
32
- context "with params" do
33
- subject(:entry) { described_class.new(xml_file).fingerprints[1] }
34
+ context "with params" do
35
+ subject(:entry) { described_class.new(xml_file).fingerprints[1] }
34
36
 
35
- it "has a name" do
36
- expect(entry.name).to eq('PalmOS')
37
- end
37
+ it "has a name" do
38
+ expect(entry.name).to eq('PalmOS')
39
+ end
38
40
 
39
- it "has a pattern" do
40
- expect(entry.regex.source).to eq(".*\\(PalmOS\\).*")
41
- end
41
+ it "has a pattern" do
42
+ expect(entry.regex.source).to eq(".*\\(PalmOS\\).*")
43
+ end
42
44
 
43
- it "has params" do
44
- expect(entry.params).to eq({"os.vendor"=>[1, "Palm"], "os.device"=>[2, "General"]})
45
- end
45
+ it "has params" do
46
+ expect(entry.params).to eq({"os.vendor"=>[1, "Palm"], "os.device"=>[2, "General"]})
47
+ end
46
48
 
47
- it "has no tests" do
48
- expect(entry.tests).to be_empty
49
+ it "has no tests" do
50
+ expect(entry.tests).to be_empty
51
+ end
49
52
  end
50
- end
51
53
 
52
- context "with pattern flags" do
53
- subject(:entry) { described_class.new(xml_file).fingerprints[2] }
54
+ context "with pattern flags" do
55
+ subject(:entry) { described_class.new(xml_file).fingerprints[2] }
54
56
 
55
- it "has a name and only uses the first value" do
56
- expect(entry.name).to eq('HP Designjet printer')
57
- end
57
+ it "has a name and only uses the first value" do
58
+ expect(entry.name).to eq('HP Designjet printer')
59
+ end
58
60
 
59
- it 'creates a Regexp with expected flags' do
60
- expect(entry.regex).to be_a(Regexp)
61
- expect(entry.regex.options).to eq(Recog::Fingerprint::RegexpFactory::DEFAULT_FLAGS | Regexp::IGNORECASE)
62
- end
61
+ it 'creates a Regexp with expected flags' do
62
+ expect(entry.regex).to be_a(Regexp)
63
+ expect(entry.regex.options).to eq(Recog::Fingerprint::RegexpFactory::DEFAULT_FLAGS | Regexp::IGNORECASE)
64
+ end
63
65
 
64
- it "has a pattern" do
65
- expect(entry.regex).to be_a(Regexp)
66
- expect(entry.regex.source).to eq("(designjet \\S+)")
67
- end
66
+ it "has a pattern" do
67
+ expect(entry.regex).to be_a(Regexp)
68
+ expect(entry.regex.source).to eq("(designjet \\S+)")
69
+ end
70
+
71
+ it "has params" do
72
+ expect(entry.params).to eq({"service.vendor"=>[0, "HP"]})
73
+ end
68
74
 
69
- it "has params" do
70
- expect(entry.params).to eq({"service.vendor"=>[0, "HP"]})
75
+ it "has no tests" do
76
+ expect(entry.tests).to be_empty
77
+ end
71
78
  end
72
79
 
73
- it "has no tests" do
74
- expect(entry.tests).to be_empty
80
+ context "with test" do
81
+ subject(:entry) { described_class.new(xml_file).fingerprints[3] }
82
+
83
+ it "has a name" do
84
+ expect(entry.name).to eq('HP JetDirect Printer')
85
+ end
86
+
87
+ it "has a pattern" do
88
+ expect(entry.regex.source).to eq("laserjet (.*)(?: series)?")
89
+ end
90
+
91
+ it "has params" do
92
+ expect(entry.params).to eq({"service.vendor"=>[0, "HP"]})
93
+ end
94
+
95
+ it "has tests" do
96
+ expect(entry.tests.map(&:content)).to match_array(["HP LaserJet 4100 Series", "HP LaserJet 2200"])
97
+ end
75
98
  end
76
99
  end
77
100
 
78
- context "with test" do
79
- subject(:entry) { described_class.new(xml_file).fingerprints[3] }
101
+ context "with external example content" do
102
+ let(:xml_file) { File.expand_path File.join('spec', 'data', 'external_example_fingerprint.xml') }
103
+ subject { Recog::DB.new(xml_file) }
80
104
 
81
- it "has a name" do
82
- expect(entry.name).to eq('HP JetDirect Printer')
83
- end
105
+ subject(:entry) { described_class.new(xml_file).fingerprints[0] }
84
106
 
85
- it "has a pattern" do
86
- expect(entry.regex.source).to eq("laserjet (.*)(?: series)?")
107
+ it "has tests" do
108
+ expect(entry.tests.map(&:content)).to match_array(["HP LaserJet 4100 Series", "HP LaserJet 2200"])
87
109
  end
110
+ end
88
111
 
89
- it "has params" do
90
- expect(entry.params).to eq({"service.vendor"=>[0, "HP"]})
91
- end
112
+ context "with external example content illegal path" do
113
+ let(:xml_file) { File.expand_path File.join('spec', 'data', 'external_example_illegal_path_fingerprint.xml') }
114
+ subject { Recog::DB.new(xml_file) }
92
115
 
93
- it "has no tests" do
94
- expect(entry.tests.map(&:content)).to match_array(["HP LaserJet 4100 Series", "HP LaserJet 2200"])
116
+ it "raises an illegal file path error" do
117
+ expect { subject }.to raise_error(/an example specifies an illegal file path '.+'/)
95
118
  end
96
119
  end
97
120
  end