recog 2.3.23 → 3.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE +1 -1
- data/README.md +25 -16
- data/Rakefile +2 -9
- data/lib/recog/db_manager.rb +1 -1
- data/lib/recog/version.rb +1 -1
- data/{bin → recog/bin}/recog_match +0 -1
- data/{xml → recog/xml}/apache_modules.xml +0 -0
- data/{xml → recog/xml}/apache_os.xml +0 -0
- data/{xml → recog/xml}/architecture.xml +0 -0
- data/{xml → recog/xml}/dhcp_vendor_class.xml +9 -9
- data/{xml → recog/xml}/dns_versionbind.xml +0 -0
- data/{xml → recog/xml}/favicons.xml +63 -1
- data/{xml → recog/xml}/fingerprints.xsd +0 -0
- data/{xml → recog/xml}/ftp_banners.xml +0 -0
- data/{xml → recog/xml}/h323_callresp.xml +0 -0
- data/{xml → recog/xml}/hp_pjl_id.xml +0 -0
- data/{xml → recog/xml}/html_title.xml +47 -0
- data/{xml → recog/xml}/http_cookies.xml +19 -0
- data/{xml → recog/xml}/http_servers.xml +74 -1
- data/{xml → recog/xml}/http_wwwauth.xml +13 -0
- data/{xml → recog/xml}/imap_banners.xml +0 -0
- data/{xml → recog/xml}/ldap_searchresult.xml +0 -0
- data/{xml → recog/xml}/mdns_device-info_txt.xml +0 -0
- data/{xml → recog/xml}/mdns_workstation_txt.xml +0 -0
- data/{xml → recog/xml}/mysql_banners.xml +0 -0
- data/{xml → recog/xml}/mysql_error.xml +0 -0
- data/{xml → recog/xml}/nntp_banners.xml +0 -0
- data/{xml → recog/xml}/ntp_banners.xml +0 -0
- data/{xml → recog/xml}/operating_system.xml +0 -0
- data/{xml → recog/xml}/pop_banners.xml +0 -0
- data/{xml → recog/xml}/rsh_resp.xml +0 -0
- data/{xml → recog/xml}/rtsp_servers.xml +0 -0
- data/{xml → recog/xml}/sip_banners.xml +0 -0
- data/{xml → recog/xml}/sip_user_agents.xml +0 -0
- data/{xml → recog/xml}/smb_native_lm.xml +0 -0
- data/{xml → recog/xml}/smb_native_os.xml +0 -0
- data/{xml → recog/xml}/smtp_banners.xml +0 -0
- data/{xml → recog/xml}/smtp_debug.xml +0 -0
- data/{xml → recog/xml}/smtp_ehlo.xml +0 -0
- data/{xml → recog/xml}/smtp_expn.xml +0 -0
- data/{xml → recog/xml}/smtp_help.xml +0 -0
- data/{xml → recog/xml}/smtp_mailfrom.xml +0 -0
- data/{xml → recog/xml}/smtp_noop.xml +0 -0
- data/{xml → recog/xml}/smtp_quit.xml +0 -0
- data/{xml → recog/xml}/smtp_rcptto.xml +0 -0
- data/{xml → recog/xml}/smtp_rset.xml +0 -0
- data/{xml → recog/xml}/smtp_turn.xml +0 -0
- data/{xml → recog/xml}/smtp_vrfy.xml +0 -0
- data/{xml → recog/xml}/snmp_sysdescr.xml +21 -6
- data/{xml → recog/xml}/snmp_sysobjid.xml +11 -0
- data/{xml → recog/xml}/ssh_banners.xml +0 -0
- data/{xml → recog/xml}/telnet_banners.xml +34 -1
- data/{xml → recog/xml}/tls_jarm.xml +8 -0
- data/{xml → recog/xml}/x11_banners.xml +0 -0
- data/{xml → recog/xml}/x509_issuers.xml +13 -2
- data/{xml → recog/xml}/x509_subjects.xml +0 -0
- data/recog.gemspec +9 -5
- data/spec/spec_helper.rb +4 -0
- metadata +56 -145
- data/.github/ISSUE_TEMPLATE/bug_report.md +0 -37
- data/.github/ISSUE_TEMPLATE/feature_request.md +0 -17
- data/.github/ISSUE_TEMPLATE/fingerprint_request.md +0 -27
- data/.github/PULL_REQUEST_TEMPLATE +0 -24
- data/.github/SECURITY.md +0 -35
- data/.github/dependabot.yml +0 -8
- data/.github/workflows/ci.yml +0 -26
- data/.github/workflows/verify.yml +0 -89
- data/.gitignore +0 -23
- data/.rspec +0 -3
- data/.ruby-gemset +0 -1
- data/.ruby-version +0 -1
- data/.snyk +0 -10
- data/.travis.yml +0 -25
- data/.vscode/bin/monitor-recog-fingerprints.sh +0 -54
- data/.vscode/extensions.json +0 -5
- data/.vscode/settings.json +0 -8
- data/.vscode/tasks.json +0 -77
- data/CONTRIBUTING.md +0 -278
- data/bin/recog_cleanup +0 -16
- data/bin/recog_export +0 -81
- data/bin/recog_standardize +0 -163
- data/bin/recog_verify +0 -98
- data/cpe-remap.yaml +0 -374
- data/features/data/failing_banners_fingerprints.xml +0 -20
- data/features/data/matching_banners_fingerprints.xml +0 -23
- data/features/data/multiple_banners_fingerprints.xml +0 -32
- data/features/data/no_tests.xml +0 -3
- data/features/data/sample_banner.txt +0 -2
- data/features/data/schema_failure.xml +0 -4
- data/features/data/successful_tests.xml +0 -18
- data/features/data/tests_with_failures.xml +0 -26
- data/features/data/tests_with_warnings.xml +0 -17
- data/features/match.feature +0 -36
- data/features/support/aruba.rb +0 -3
- data/features/support/env.rb +0 -6
- data/features/support/hooks.rb +0 -9
- data/features/verify.feature +0 -112
- data/identifiers/README.md +0 -70
- data/identifiers/fields.txt +0 -105
- data/identifiers/hw_device.txt +0 -86
- data/identifiers/hw_family.txt +0 -121
- data/identifiers/hw_product.txt +0 -463
- data/identifiers/os_architecture.txt +0 -10
- data/identifiers/os_device.txt +0 -77
- data/identifiers/os_family.txt +0 -235
- data/identifiers/os_product.txt +0 -357
- data/identifiers/service_family.txt +0 -249
- data/identifiers/service_product.txt +0 -778
- data/identifiers/vendor.txt +0 -859
- data/misc/convert_mysql_err +0 -61
- data/misc/order.xsl +0 -17
- data/requirements.txt +0 -2
- data/spec/lib/fingerprint_self_test_spec.rb +0 -175
- data/tools/dev/hooks/pre-commit +0 -21
- data/update_cpes.py +0 -343
@@ -1,20 +0,0 @@
|
|
1
|
-
<?xml version="1.0"?>
|
2
|
-
<fingerprints>
|
3
|
-
<fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-$">
|
4
|
-
<example>=(<*>)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(<*>)=-</example>
|
5
|
-
<description>Older Pure-FTPd versions</description>
|
6
|
-
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
7
|
-
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
8
|
-
<param pos="1" name="service.version"/>
|
9
|
-
</fingerprint>
|
10
|
-
<fingerprint pattern="^(\S+) FTP Server \(Solaris (\S+)\) ready\.?$" flags="REG_ICASE">
|
11
|
-
<description>SunOS/Solaris</description>
|
12
|
-
<example>example.com FTP server (Solaris 5.7) ready.</example>
|
13
|
-
<param pos="0" name="os.vendor" value="Sun"/>
|
14
|
-
<param pos="0" name="os.family" value="Solaris"/>
|
15
|
-
<param pos="0" name="os.product" value="Solaris"/>
|
16
|
-
<param pos="0" name="os.device" value="General"/>
|
17
|
-
<param pos="1" name="host.name"/>
|
18
|
-
<param pos="2" name="os.version"/>
|
19
|
-
</fingerprint>
|
20
|
-
</fingerprints>
|
@@ -1,23 +0,0 @@
|
|
1
|
-
<?xml version="1.0"?>
|
2
|
-
<fingerprints protocol="ftp" database_type="service">
|
3
|
-
<fingerprint pattern="^-{10} Welcome to Pure-FTPd (.*)-{10}$">
|
4
|
-
<example>---------- Welcome to Pure-FTPd ----------</example>
|
5
|
-
<description>Pure-FTPd
|
6
|
-
Config data can be zero or more of: [privsep] [TLS]
|
7
|
-
</description>
|
8
|
-
<param pos="1" name="pureftpd.config"/>
|
9
|
-
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
10
|
-
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
11
|
-
<param pos="0" name="service.protocol" value="ftp"/>
|
12
|
-
</fingerprint>
|
13
|
-
<fingerprint pattern="^(\S+) FTP Server \(SunOS (\S+)\) ready\.?$" flags="REG_ICASE">
|
14
|
-
<description>SunOS/Solaris</description>
|
15
|
-
<example>example.com FTP server (SunOS 5.7) ready.</example>
|
16
|
-
<param pos="0" name="os.vendor" value="Sun"/>
|
17
|
-
<param pos="0" name="os.family" value="Solaris"/>
|
18
|
-
<param pos="0" name="os.product" value="Solaris"/>
|
19
|
-
<param pos="0" name="os.device" value="General"/>
|
20
|
-
<param pos="1" name="host.name"/>
|
21
|
-
<param pos="2" name="os.version"/>
|
22
|
-
</fingerprint>
|
23
|
-
</fingerprints>
|
@@ -1,32 +0,0 @@
|
|
1
|
-
<?xml version="1.0"?>
|
2
|
-
<fingerprints>
|
3
|
-
<fingerprint pattern="FTP">
|
4
|
-
<example>---- FTP Stuff ----</example>
|
5
|
-
<example>FTP server</example>
|
6
|
-
<description>Generic FTP,
|
7
|
-
Checks for the existence of the word FTP in the line
|
8
|
-
</description>
|
9
|
-
<!-- Asserting nothing -->
|
10
|
-
</fingerprint>
|
11
|
-
<fingerprint pattern="^-{10} Welcome to Pure-FTPd (.*)-{10}$">
|
12
|
-
<example>---------- Welcome to Pure-FTPd ----------</example>
|
13
|
-
<description>Pure-FTPd
|
14
|
-
Config data can be zero or more of: [privsep] [TLS]
|
15
|
-
</description>
|
16
|
-
<param pos="1" name="pureftpd.config"/>
|
17
|
-
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
18
|
-
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
19
|
-
<param pos="0" name="service.protocol" value="ftp"/>
|
20
|
-
</fingerprint>
|
21
|
-
<fingerprint pattern="^(\S+) FTP Server \(SunOS (\S+)\) ready\.?$" flags="REG_ICASE">
|
22
|
-
<description>SunOS/Solaris</description>
|
23
|
-
<example>example.com FTP server (SunOS 5.7) ready.</example>
|
24
|
-
<param pos="0" name="service.protocol" value="ftp"/>
|
25
|
-
<param pos="0" name="os.vendor" value="Sun"/>
|
26
|
-
<param pos="0" name="os.family" value="Solaris"/>
|
27
|
-
<param pos="0" name="os.product" value="Solaris"/>
|
28
|
-
<param pos="0" name="os.device" value="General"/>
|
29
|
-
<param pos="1" name="host.name"/>
|
30
|
-
<param pos="2" name="os.version"/>
|
31
|
-
</fingerprint>
|
32
|
-
</fingerprints>
|
data/features/data/no_tests.xml
DELETED
@@ -1,18 +0,0 @@
|
|
1
|
-
<?xml version="1.0"?>
|
2
|
-
<fingerprints>
|
3
|
-
<fingerprint pattern="^Cisco-SIPGateway/IOS-([\d\.x]+)$">
|
4
|
-
<description>Cisco SIPGateway</description>
|
5
|
-
<example os.version="12.x">Cisco-SIPGateway/IOS-12.x</example>
|
6
|
-
<param pos="0" name="os.vendor" value="Cisco"/>
|
7
|
-
<param pos="0" name="os.product" value="IOS"/>
|
8
|
-
<param pos="1" name="os.version"/>
|
9
|
-
</fingerprint>
|
10
|
-
<fingerprint pattern="^bar ([\d.]+)$">
|
11
|
-
<description>bar test</description>
|
12
|
-
<example os.version="1.0" >bar 1.0</example>
|
13
|
-
<example os.version="2.0" >bar 2.0</example>
|
14
|
-
<example os.version="2.1" >bar 2.1</example>
|
15
|
-
<param pos="1" name="os.version" />
|
16
|
-
<param pos="0" name="os.name" value="Bar" />
|
17
|
-
</fingerprint>
|
18
|
-
</fingerprints>
|
@@ -1,26 +0,0 @@
|
|
1
|
-
<?xml version="1.0"?>
|
2
|
-
<fingerprints>
|
3
|
-
<fingerprint pattern="^foo$">
|
4
|
-
<description>foo test</description>
|
5
|
-
<!-- Fail: doesn't match -->
|
6
|
-
<example>bar</example>
|
7
|
-
</fingerprint>
|
8
|
-
<fingerprint pattern="^This matches$">
|
9
|
-
<!-- Warn: no name -->
|
10
|
-
<!-- Fail: doesn't match -->
|
11
|
-
<example>This almost matches</example>
|
12
|
-
</fingerprint>
|
13
|
-
<fingerprint pattern="^(\S+) ([\d.]+)$">
|
14
|
-
<description>bar test</description>
|
15
|
-
<!-- Fail: expected os.version doesn't match the capture group -->
|
16
|
-
<example os.version="5.0" >bar 1.0</example>
|
17
|
-
<param pos="2" name="os.version" />
|
18
|
-
<param pos="1" name="os.name" value="Bar" />
|
19
|
-
</fingerprint>
|
20
|
-
<fingerprint pattern="^(\S+) ([\d.]+)$">
|
21
|
-
<description>example with untested parameter</description>
|
22
|
-
<!-- Fail: missing example test os.version parameter -->
|
23
|
-
<example>bar 1.0</example>
|
24
|
-
<param pos="1" name="os.version" />
|
25
|
-
</fingerprint>
|
26
|
-
</fingerprints>
|
@@ -1,17 +0,0 @@
|
|
1
|
-
<?xml version="1.0"?>
|
2
|
-
<fingerprints>
|
3
|
-
<fingerprint pattern="^-{10} Welcome to Pure-FTPd (.*)-{10}$">
|
4
|
-
<example pureftpd.config="">---------- Welcome to Pure-FTPd ----------</example>
|
5
|
-
<description>Pure-FTPd</description>
|
6
|
-
<param pos="1" name="pureftpd.config"/>
|
7
|
-
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
8
|
-
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
9
|
-
</fingerprint>
|
10
|
-
<fingerprint pattern="^-{10} Welcome to Pure-FTPd (.*)-{10}$">
|
11
|
-
<!-- should warn with no examples -->
|
12
|
-
<description>Pure-FTPd</description>
|
13
|
-
<param pos="1" name="pureftpd.config"/>
|
14
|
-
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
15
|
-
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
16
|
-
</fingerprint>
|
17
|
-
</fingerprints>
|
data/features/match.feature
DELETED
@@ -1,36 +0,0 @@
|
|
1
|
-
Feature: Match
|
2
|
-
@no-clobber
|
3
|
-
Scenario: Finds matches
|
4
|
-
When I run `recog_match matching_banners_fingerprints.xml sample_banner.txt`
|
5
|
-
Then it should pass with:
|
6
|
-
"""
|
7
|
-
MATCH: {"matched"=>"Pure-FTPd Config data can be zero or more of: [privsep] [TLS]", "pureftpd.config"=>"[privsep] [TLS] ", "service.family"=>"Pure-FTPd", "service.product"=>"Pure-FTPd", "service.protocol"=>"ftp", "fingerprint_db"=>"matching_banners_fingerprints", "data"=>"---------- Welcome to Pure-FTPd [privsep] [TLS] ----------"}
|
8
|
-
MATCH: {"matched"=>"SunOS/Solaris", "os.vendor"=>"Sun", "os.family"=>"Solaris", "os.product"=>"Solaris", "os.device"=>"General", "host.name"=>"polaris", "os.version"=>"5.8", "service.protocol"=>"ftp", "fingerprint_db"=>"matching_banners_fingerprints", "data"=>"polaris FTP server (SunOS 5.8) ready."}
|
9
|
-
"""
|
10
|
-
|
11
|
-
@no-clobber
|
12
|
-
Scenario: Fails at finding matches
|
13
|
-
When I run `recog_match failing_banners_fingerprints.xml sample_banner.txt`
|
14
|
-
Then it should pass with:
|
15
|
-
"""
|
16
|
-
FAIL: ---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
|
17
|
-
FAIL: polaris FTP server (SunOS 5.8) ready
|
18
|
-
"""
|
19
|
-
|
20
|
-
@no-clobber
|
21
|
-
Scenario: Finds multiple matches
|
22
|
-
When I run `recog_match multiple_banners_fingerprints.xml sample_banner.txt --multi-match`
|
23
|
-
Then it should pass with:
|
24
|
-
"""
|
25
|
-
MATCHES: {"matched"=>"Generic FTP, Checks for the existence of the word FTP in the line", "service.protocol"=>"", "fingerprint_db"=>"multiple_banners_fingerprints", "data"=>"---------- Welcome to Pure-FTPd [privsep] [TLS] ----------"},{"matched"=>"Pure-FTPd Config data can be zero or more of: [privsep] [TLS]", "pureftpd.config"=>"[privsep] [TLS] ", "service.family"=>"Pure-FTPd", "service.product"=>"Pure-FTPd", "service.protocol"=>"ftp", "fingerprint_db"=>"multiple_banners_fingerprints", "data"=>"---------- Welcome to Pure-FTPd [privsep] [TLS] ----------"}
|
26
|
-
MATCHES: {"matched"=>"Generic FTP, Checks for the existence of the word FTP in the line", "service.protocol"=>"", "fingerprint_db"=>"multiple_banners_fingerprints", "data"=>"polaris FTP server (SunOS 5.8) ready."},{"matched"=>"SunOS/Solaris", "service.protocol"=>"ftp", "os.vendor"=>"Sun", "os.family"=>"Solaris", "os.product"=>"Solaris", "os.device"=>"General", "host.name"=>"polaris", "os.version"=>"5.8", "fingerprint_db"=>"multiple_banners_fingerprints", "data"=>"polaris FTP server (SunOS 5.8) ready."}
|
27
|
-
"""
|
28
|
-
|
29
|
-
@no-clobber
|
30
|
-
Scenario: Finds first matches using no-multi-match flag
|
31
|
-
When I run `recog_match multiple_banners_fingerprints.xml sample_banner.txt --no-multi-match`
|
32
|
-
Then it should pass with:
|
33
|
-
"""
|
34
|
-
MATCH: {"matched"=>"Generic FTP, Checks for the existence of the word FTP in the line", "service.protocol"=>"", "fingerprint_db"=>"multiple_banners_fingerprints", "data"=>"---------- Welcome to Pure-FTPd [privsep] [TLS] ----------"}
|
35
|
-
MATCH: {"matched"=>"Generic FTP, Checks for the existence of the word FTP in the line", "service.protocol"=>"", "fingerprint_db"=>"multiple_banners_fingerprints", "data"=>"polaris FTP server (SunOS 5.8) ready."}
|
36
|
-
"""
|
data/features/support/aruba.rb
DELETED
data/features/support/env.rb
DELETED
data/features/support/hooks.rb
DELETED
data/features/verify.feature
DELETED
@@ -1,112 +0,0 @@
|
|
1
|
-
Feature: Verify
|
2
|
-
@no-clobber
|
3
|
-
Scenario: No tests
|
4
|
-
When I run `recog_verify no_tests.xml`
|
5
|
-
Then it should pass with exactly:
|
6
|
-
"""
|
7
|
-
no_tests.xml: SUMMARY: Test completed with 0 successful, 0 warnings, and 0 failures
|
8
|
-
"""
|
9
|
-
|
10
|
-
@no-clobber
|
11
|
-
Scenario: Successful tests
|
12
|
-
When I run `recog_verify successful_tests.xml`
|
13
|
-
Then it should pass with exactly:
|
14
|
-
"""
|
15
|
-
successful_tests.xml: SUMMARY: Test completed with 4 successful, 0 warnings, and 0 failures
|
16
|
-
"""
|
17
|
-
|
18
|
-
@no-clobber
|
19
|
-
Scenario: Tests with warnings, warnings disabled
|
20
|
-
When I run `recog_verify --no-warnings tests_with_warnings.xml`
|
21
|
-
Then it should pass with exactly:
|
22
|
-
"""
|
23
|
-
tests_with_warnings.xml: SUMMARY: Test completed with 1 successful, 0 warnings, and 0 failures
|
24
|
-
"""
|
25
|
-
|
26
|
-
# These tests vary due to line numbering issues in Nokogiri, so there are different versions
|
27
|
-
# of the same test depending on the ruby runtime. Nokogiri uses libxml under CRuby, and a custom
|
28
|
-
# java-based parser under JRuby. The Java-based parser only approximates line numbers, which are
|
29
|
-
# typically off if XML prolog or comments are present.
|
30
|
-
#
|
31
|
-
# See https://github.com/sparklemotion/nokogiri/issues/2380
|
32
|
-
@no-clobber
|
33
|
-
@unsupported-on-platform-java
|
34
|
-
Scenario: Tests with warnings, warnings enabled (CRuby)
|
35
|
-
When I run `recog_verify tests_with_warnings.xml`
|
36
|
-
Then it should fail with:
|
37
|
-
"""
|
38
|
-
tests_with_warnings.xml:10: WARN: 'Pure-FTPd' has no test cases
|
39
|
-
tests_with_warnings.xml: SUMMARY: Test completed with 1 successful, 1 warnings, and 0 failures
|
40
|
-
"""
|
41
|
-
And the exit status should be 1
|
42
|
-
|
43
|
-
# JRuby 9.2.20.1 and 9.3.3.0 differ in how they parse XML, where the latter is more close to libxml
|
44
|
-
# and Nokogiri. We use a regex test to match results from both versions.
|
45
|
-
@no-clobber
|
46
|
-
@requires-ruby-platform-java
|
47
|
-
Scenario: Tests with warnings, warnings enabled (JRuby)
|
48
|
-
When I run `recog_verify tests_with_warnings.xml`
|
49
|
-
Then it should fail with regex:
|
50
|
-
"""
|
51
|
-
tests_with_warnings.xml:\d+: WARN: 'Pure-FTPd' has no test cases
|
52
|
-
tests_with_warnings.xml: SUMMARY: Test completed with 1 successful, 1 warnings, and 0 failures
|
53
|
-
"""
|
54
|
-
And the exit status should be 1
|
55
|
-
|
56
|
-
@no-clobber
|
57
|
-
@unsupported-on-platform-java
|
58
|
-
Scenario: Tests with failures (CRuby)
|
59
|
-
When I run `recog_verify tests_with_failures.xml`
|
60
|
-
Then it should fail with:
|
61
|
-
"""
|
62
|
-
tests_with_failures.xml:3: FAIL: 'foo test' failed to match "bar" with (?-mix:^foo$)'
|
63
|
-
tests_with_failures.xml:8: FAIL: '' failed to match "This almost matches" with (?-mix:^This matches$)'
|
64
|
-
tests_with_failures.xml:13: FAIL: 'bar test's os.name is a non-zero pos but specifies a value of 'Bar'
|
65
|
-
tests_with_failures.xml:13: FAIL: 'bar test' failed to find expected capture group os.version '5.0'. Result was 1.0
|
66
|
-
tests_with_failures.xml:20: FAIL: 'example with untested parameter' is missing an example that checks for parameter 'os.version' which is derived from a capture group
|
67
|
-
tests_with_failures.xml: SUMMARY: Test completed with 1 successful, 0 warnings, and 5 failures
|
68
|
-
"""
|
69
|
-
And the exit status should be 5
|
70
|
-
|
71
|
-
# JRuby 9.2.20.1 and 9.3.3.0 differ in how they parse XML, where the latter is more close to libxml
|
72
|
-
# and Nokogiri. We use a regex test to match results from both versions.
|
73
|
-
@no-clobber
|
74
|
-
@requires-ruby-platform-java
|
75
|
-
Scenario: Tests with failures (JRuby)
|
76
|
-
When I run `recog_verify tests_with_failures.xml`
|
77
|
-
Then it should fail with regex:
|
78
|
-
"""
|
79
|
-
tests_with_failures.xml:\d+: FAIL: 'foo test' failed to match "bar" with \(\?-mix:\^foo\$\)'
|
80
|
-
tests_with_failures.xml:\d+: FAIL: '' failed to match "This almost matches" with \(\?-mix:\^This matches\$\)'
|
81
|
-
tests_with_failures.xml:\d+: FAIL: 'bar test's os\.name is a non-zero pos but specifies a value of 'Bar'
|
82
|
-
tests_with_failures.xml:\d+: FAIL: 'bar test' failed to find expected capture group os\.version '5\.0'. Result was 1\.0
|
83
|
-
tests_with_failures.xml:\d+: FAIL: 'example with untested parameter' is missing an example that checks for parameter 'os\.version' which is derived from a capture group
|
84
|
-
tests_with_failures.xml: SUMMARY: Test completed with 1 successful, 0 warnings, and 5 failures
|
85
|
-
"""
|
86
|
-
And the exit status should be 5
|
87
|
-
|
88
|
-
@no-clobber
|
89
|
-
@unsupported-on-platform-java
|
90
|
-
Scenario: recog_verify produces XML errors from the XSD with a malformed XML document (CRuby)
|
91
|
-
When I run `recog_verify --schema-location ../../xml/fingerprints.xsd schema_failure.xml`
|
92
|
-
Then it should fail with:
|
93
|
-
"""
|
94
|
-
schema_failure.xml:3: FAIL: 3:0: ERROR: Element 'fingerprint', attribute 'name': The attribute 'name' is not allowed.
|
95
|
-
schema_failure.xml:3: FAIL: 3:0: ERROR: Element 'fingerprint': The attribute 'pattern' is required but missing.
|
96
|
-
schema_failure.xml:3: FAIL: 3:0: ERROR: Element 'fingerprint': Missing child element(s). Expected is ( description ).
|
97
|
-
schema_failure.xml: SUMMARY: Test completed with 0 successful, 0 warnings, and 3 failures
|
98
|
-
"""
|
99
|
-
And the exit status should be 3
|
100
|
-
|
101
|
-
@no-clobber
|
102
|
-
@requires-ruby-platform-java
|
103
|
-
Scenario: recog_verify produces XML errors from the XSD with a malformed XML document (JRuby)
|
104
|
-
When I run `recog_verify --schema_location ../../xml/fingerprints.xsd schema_failure.xml`
|
105
|
-
Then it should fail with:
|
106
|
-
"""
|
107
|
-
schema_failure.xml:-1: FAIL: -1:-1: ERROR: cvc-complex-type.3.2.2: Attribute 'name' is not allowed to appear in element 'fingerprint'.
|
108
|
-
schema_failure.xml:-1: FAIL: -1:-1: ERROR: cvc-complex-type.4: Attribute 'pattern' must appear on element 'fingerprint'.
|
109
|
-
schema_failure.xml:-1: FAIL: -1:-1: ERROR: cvc-complex-type.2.4.b: The content of element 'fingerprint' is not complete. One of '{description}' is expected.
|
110
|
-
schema_failure.xml: SUMMARY: Test completed with 0 successful, 0 warnings, and 3 failures
|
111
|
-
"""
|
112
|
-
And the exit status should be 3
|
data/identifiers/README.md
DELETED
@@ -1,70 +0,0 @@
|
|
1
|
-
# Recog: Identifiers
|
2
|
-
|
3
|
-
This directory contains lists of standard identifiers for mapping Recog matches.
|
4
|
-
The goal is define a standard set of constants to represent known software,
|
5
|
-
hardware, vendors, and categories.
|
6
|
-
|
7
|
-
This is currently incomplete and will be updated as standardization work moves
|
8
|
-
forward.
|
9
|
-
|
10
|
-
Fingerprints should use these identifiers whenever possible; if a different name
|
11
|
-
or syntax for a given identifier is preferred, this should be implemented in the
|
12
|
-
application through a mapping function.
|
13
|
-
|
14
|
-
## Lists
|
15
|
-
|
16
|
-
### Fields
|
17
|
-
|
18
|
-
`fields.txt` defines the various fields (`os.vendor`, etc.) used to assert
|
19
|
-
information about a match.
|
20
|
-
|
21
|
-
### Vendors
|
22
|
-
|
23
|
-
`vendor.txt` defines known vendor names, covering services, operating systems,
|
24
|
-
and hardware.
|
25
|
-
|
26
|
-
### Operating Systems
|
27
|
-
|
28
|
-
`os_architecture.txt` defines known CPU types.
|
29
|
-
|
30
|
-
`os_product.txt` defines known operating system names.
|
31
|
-
|
32
|
-
`os_family.txt` defines known operating system families.
|
33
|
-
|
34
|
-
`os_device.txt` defines known types of devices by function or purpose.
|
35
|
-
|
36
|
-
### Hardware
|
37
|
-
|
38
|
-
`hw_product.txt` defines known hardware product names.
|
39
|
-
|
40
|
-
`hw_family.txt` defines known hardware product families.
|
41
|
-
|
42
|
-
`hw_device.txt` defines known types of devices by function or purpose (overlaps
|
43
|
-
with `os_device.txt`).
|
44
|
-
|
45
|
-
### Services
|
46
|
-
|
47
|
-
`service_product.txt` defines known service product names.
|
48
|
-
|
49
|
-
`service_family.txt` defines known service product families.
|
50
|
-
|
51
|
-
### Software
|
52
|
-
|
53
|
-
`software_product.txt` defines known software product names.
|
54
|
-
|
55
|
-
`software_family.txt` defines known software product families.
|
56
|
-
|
57
|
-
`software_class.txt` defines known types of software by function or purpose.
|
58
|
-
|
59
|
-
## Pending Work
|
60
|
-
|
61
|
-
* All existing fingerprints should be correlated against these lists to
|
62
|
-
identify mismatches and updated accordingly.
|
63
|
-
|
64
|
-
* All net new identifiers from the existing fingerprints should be merged into
|
65
|
-
these lists.
|
66
|
-
|
67
|
-
* All fingerprint assertions should be enumerated, documented, and standardized
|
68
|
-
where possible (`host.mac`, etc).
|
69
|
-
|
70
|
-
* Hardware identifiers should be enumerated, consolidated, and standardized.
|
data/identifiers/fields.txt
DELETED
@@ -1,105 +0,0 @@
|
|
1
|
-
agilent.serial
|
2
|
-
apache.info
|
3
|
-
apache.variant
|
4
|
-
apache.variant.version
|
5
|
-
aptinex.model
|
6
|
-
chromecast.capabilities
|
7
|
-
chromecast.generation
|
8
|
-
cisco.imc_model
|
9
|
-
cisco.model
|
10
|
-
cookie
|
11
|
-
dell.service_tag
|
12
|
-
digi.serial_number
|
13
|
-
extron.model
|
14
|
-
host.domain
|
15
|
-
host.ip
|
16
|
-
host.mac
|
17
|
-
host.mac_eui64
|
18
|
-
host.mac_local
|
19
|
-
host.name
|
20
|
-
host.time
|
21
|
-
hw.certainty
|
22
|
-
hw.cpe23
|
23
|
-
hw.device
|
24
|
-
hw.family
|
25
|
-
hw.model
|
26
|
-
hw.product
|
27
|
-
hw.serial_number
|
28
|
-
hw.series
|
29
|
-
hw.vendor
|
30
|
-
hw.version
|
31
|
-
imail.eval
|
32
|
-
jetty.info
|
33
|
-
junction.cookie
|
34
|
-
junction.name
|
35
|
-
lantronix.serial_number
|
36
|
-
lenovo.machine_model
|
37
|
-
lenovo.machine_type
|
38
|
-
linux.kernel.version
|
39
|
-
loadbalancer.poolname
|
40
|
-
mdaemon.unregistered
|
41
|
-
mercur.os.info
|
42
|
-
metainfo.version
|
43
|
-
metainfo.version.version
|
44
|
-
ms.nttp.version
|
45
|
-
notes.build.version
|
46
|
-
ntmail.id
|
47
|
-
openssh.comment
|
48
|
-
openssh.cvepatch
|
49
|
-
os.arch
|
50
|
-
os.build
|
51
|
-
os.certainty
|
52
|
-
os.cpe23
|
53
|
-
os.device
|
54
|
-
os.edition
|
55
|
-
os.family
|
56
|
-
os.model
|
57
|
-
os.product
|
58
|
-
os.rev
|
59
|
-
os.vendor
|
60
|
-
os.version
|
61
|
-
os.version.version
|
62
|
-
os.version.version.version
|
63
|
-
postfix.os.info
|
64
|
-
postoffice.build
|
65
|
-
postoffice.id
|
66
|
-
procurve.model
|
67
|
-
proftpd.server.name
|
68
|
-
pureftpd.config
|
69
|
-
python.version
|
70
|
-
qpopper.version
|
71
|
-
securetransport.build
|
72
|
-
sendmail.config.version
|
73
|
-
sendmail.hpux.phne.version
|
74
|
-
sendmail.vendor.version
|
75
|
-
service.certainty
|
76
|
-
service.component.cpe23
|
77
|
-
service.component.family
|
78
|
-
service.component.product
|
79
|
-
service.component.vendor
|
80
|
-
service.component.version
|
81
|
-
service.cpe23
|
82
|
-
service.device
|
83
|
-
service.edition
|
84
|
-
service.family
|
85
|
-
service.node
|
86
|
-
service.product
|
87
|
-
service.protocol
|
88
|
-
service.vendor
|
89
|
-
service.version
|
90
|
-
service.version.version
|
91
|
-
service.version.version.version
|
92
|
-
service.version.version.version.version
|
93
|
-
siemens.model
|
94
|
-
snmp.fpmib.oid.1
|
95
|
-
snmp.fpmib.oid.2
|
96
|
-
system.time
|
97
|
-
system.time.format
|
98
|
-
system.time.micros
|
99
|
-
system.time.millis
|
100
|
-
tandberg.model
|
101
|
-
thttpd.mx-patch
|
102
|
-
tomcat.info
|
103
|
-
unify.model
|
104
|
-
wd2go.device_id
|
105
|
-
zmailer.ident
|
data/identifiers/hw_device.txt
DELETED
@@ -1,86 +0,0 @@
|
|
1
|
-
ADSL Modem
|
2
|
-
AV Receiver
|
3
|
-
Access Control
|
4
|
-
Alarm Panel
|
5
|
-
Appliance
|
6
|
-
Audio Encoder
|
7
|
-
Broadband Router
|
8
|
-
Building Automation
|
9
|
-
Cable Modem
|
10
|
-
Check Scanner
|
11
|
-
DOCSIS Cable Modem
|
12
|
-
DSL Modem
|
13
|
-
DVR
|
14
|
-
Data Terminal
|
15
|
-
Desktop
|
16
|
-
Device
|
17
|
-
Device Hub
|
18
|
-
Device Server
|
19
|
-
Display Controller
|
20
|
-
Environment Control
|
21
|
-
Ethernet Adapter
|
22
|
-
Firewall
|
23
|
-
HMI Controller
|
24
|
-
Handheld Scanner
|
25
|
-
Hypervisor
|
26
|
-
IP Camera
|
27
|
-
IPS
|
28
|
-
IPTV
|
29
|
-
Industrial Control
|
30
|
-
JTAG Adapter
|
31
|
-
KVM
|
32
|
-
Laptop
|
33
|
-
Light Bulb
|
34
|
-
Lights Out Management
|
35
|
-
Media Player
|
36
|
-
Media Receiver
|
37
|
-
Media Server
|
38
|
-
Mobile Phone
|
39
|
-
Monitoring
|
40
|
-
Multifunction Device
|
41
|
-
NAS
|
42
|
-
Network Appliance
|
43
|
-
Network Audio
|
44
|
-
Network Management Device
|
45
|
-
PLC
|
46
|
-
Power Device
|
47
|
-
Power Meter
|
48
|
-
Power Relay
|
49
|
-
Powerline
|
50
|
-
Print Server
|
51
|
-
Printer
|
52
|
-
Relay Controller
|
53
|
-
Router
|
54
|
-
SD-WAN Appliance
|
55
|
-
SIP Device
|
56
|
-
SIP Gateway
|
57
|
-
Scanner
|
58
|
-
Security Appliance
|
59
|
-
Sensor
|
60
|
-
Smart TV
|
61
|
-
Storage
|
62
|
-
Storage Appliance
|
63
|
-
Support Appliance
|
64
|
-
Switch
|
65
|
-
Tablet
|
66
|
-
Tape Library
|
67
|
-
Telecom
|
68
|
-
Test Instrument
|
69
|
-
Thin Client
|
70
|
-
UPS
|
71
|
-
VPN
|
72
|
-
Video Conference
|
73
|
-
Video Conferencing
|
74
|
-
Video Decoder
|
75
|
-
Video Encoder
|
76
|
-
VoIP
|
77
|
-
VoIP Gateway
|
78
|
-
VoIP Server
|
79
|
-
VoIP Switch
|
80
|
-
Voice Appliance
|
81
|
-
WAP
|
82
|
-
WLAN Repeater
|
83
|
-
Web Cam
|
84
|
-
Whiteboard
|
85
|
-
Wireless Controller
|
86
|
-
Wireless Presenter
|