recog 2.3.3 → 2.3.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +11 -5
- data/.ruby-gemset +1 -0
- data/.ruby-version +1 -0
- data/.travis.yml +7 -4
- data/Gemfile +2 -5
- data/README.md +22 -19
- data/bin/recog_standardize +118 -0
- data/cpe-remap.yaml +21 -0
- data/features/data/successful_tests.xml +1 -1
- data/features/data/tests_with_warnings.xml +1 -1
- data/features/match.feature +4 -0
- data/features/support/aruba.rb +3 -0
- data/features/verify.feature +8 -4
- data/identifiers/README.md +47 -0
- data/identifiers/os_architecture.txt +20 -0
- data/identifiers/os_device.txt +52 -0
- data/identifiers/os_family.txt +160 -0
- data/identifiers/os_product.txt +199 -0
- data/identifiers/service_family.txt +185 -0
- data/identifiers/service_product.txt +255 -0
- data/identifiers/software_class.txt +26 -0
- data/identifiers/software_family.txt +91 -0
- data/identifiers/software_product.txt +333 -0
- data/identifiers/vendor.txt +405 -0
- data/lib/recog/fingerprint.rb +46 -0
- data/lib/recog/version.rb +1 -1
- data/spec/data/verification_fingerprints.xml +86 -0
- data/spec/lib/fingerprint_self_test_spec.rb +1 -1
- data/spec/lib/recog/fingerprint/regexp_factory_spec.rb +1 -1
- data/spec/lib/recog/fingerprint_spec.rb +89 -0
- data/update_cpes.py +1 -1
- data/xml/apache_os.xml +9 -0
- data/xml/architecture.xml +9 -5
- data/xml/dns_versionbind.xml +37 -3
- data/xml/ftp_banners.xml +147 -4
- data/xml/html_title.xml +1134 -13
- data/xml/http_cookies.xml +22 -2
- data/xml/http_servers.xml +157 -4
- data/xml/http_wwwauth.xml +13 -1
- data/xml/mdns_device-info_txt.xml +20 -16
- data/xml/mysql_banners.xml +420 -38
- data/xml/ntp_banners.xml +16 -8
- data/xml/operating_system.xml +1 -0
- data/xml/rtsp_servers.xml +76 -0
- data/xml/sip_banners.xml +159 -15
- data/xml/sip_user_agents.xml +40 -1
- data/xml/smb_native_os.xml +1 -0
- data/xml/smtp_banners.xml +20 -2
- data/xml/snmp_sysdescr.xml +204 -106
- data/xml/ssh_banners.xml +983 -192
- data/xml/telnet_banners.xml +75 -2
- data/xml/x11_banners.xml +1 -1
- data/xml/x509_issuers.xml +9 -9
- data/xml/x509_subjects.xml +349 -37
- metadata +26 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: be02bd17e124bbded970024eb6634e60ce5a3764da67faecb0da21157179d6ed
|
4
|
+
data.tar.gz: 04eacbfe28e565b359b4b798f0ef171c97274f9d5a43f273b8f09972b999ad46
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bc69e881e5a68c16227bff868480d9f68760ddb72ea8203e89c5ce2bef06a5558ba5a0a730f44e1976f4481b9c7e543b1ec2685a4dc9755b6cfa967d69fe8b66
|
7
|
+
data.tar.gz: 87a4cc900949a643cb89c7c2058939fb5e49a2d875b72687dc7cb739b3969fdbc6e5dafc7dceace9e4c89e16b0e94ac0f9b0327ef563a74ac7f247c7173f58ff
|
data/.gitignore
CHANGED
@@ -1,11 +1,17 @@
|
|
1
|
+
# Ruby and tooling specific
|
1
2
|
.yardoc
|
2
3
|
coverage/
|
3
4
|
doc/
|
4
5
|
pkg/
|
5
|
-
|
6
|
-
.vscode/
|
6
|
+
|
7
7
|
/Gemfile.lock
|
8
8
|
|
9
|
-
#
|
10
|
-
|
11
|
-
|
9
|
+
#Python specific
|
10
|
+
venv
|
11
|
+
|
12
|
+
# IDE specific
|
13
|
+
.vscode/
|
14
|
+
.idea
|
15
|
+
|
16
|
+
# Misc
|
17
|
+
**/.DS_Store
|
data/.ruby-gemset
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
recog
|
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
2.6.6
|
data/.travis.yml
CHANGED
@@ -2,11 +2,14 @@ language: ruby
|
|
2
2
|
sudo: false
|
3
3
|
cache: bundler
|
4
4
|
rvm:
|
5
|
-
- '2.
|
6
|
-
- '2.
|
7
|
-
- '2.5.3'
|
8
|
-
- '2.6.1'
|
5
|
+
- '2.5.8'
|
6
|
+
- '2.6.6'
|
9
7
|
- 'jruby-9.1.9.0'
|
8
|
+
jdk:
|
9
|
+
- openjdk8
|
10
|
+
matrix:
|
11
|
+
allow_failures:
|
12
|
+
- rvm: 'jruby-9.1.9.0'
|
10
13
|
before_install:
|
11
14
|
- "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
|
12
15
|
- rake --version
|
data/Gemfile
CHANGED
@@ -1,13 +1,10 @@
|
|
1
1
|
source 'https://rubygems.org'
|
2
2
|
|
3
|
-
gemspec
|
3
|
+
gemspec name: 'recog'
|
4
4
|
|
5
5
|
gem 'nokogiri'
|
6
6
|
|
7
7
|
group :test do
|
8
8
|
gem 'rake'
|
9
|
-
gem '
|
10
|
-
gem 'cucumber', '~> 1.3.8'
|
11
|
-
gem 'aruba', '~> 0.5.3'
|
12
|
-
gem 'regexp_parser', '~> 0.2.0'
|
9
|
+
gem 'regexp_parser'
|
13
10
|
end
|
data/README.md
CHANGED
@@ -1,18 +1,21 @@
|
|
1
|
-
Recog: A Recognition Framework
|
2
|
-
=====
|
3
|
-
|
4
|
-
Recog is a framework for identifying products, services, operating systems, and hardware by matching fingerprints against data returned from various network probes. Recog makes it simple to extract useful information from web server banners, snmp system description fields, and a whole lot more. Recog is open source, please see the [LICENSE](https://raw.githubusercontent.com/rapid7/recog/master/LICENSE) file for more information.
|
5
|
-
|
1
|
+
# Recog: A Recognition Framework
|
6
2
|
[![Gem Version](https://badge.fury.io/rb/recog.svg)](http://badge.fury.io/rb/recog)
|
7
3
|
[![Build Status](https://travis-ci.org/rapid7/recog.svg?branch=master)](https://travis-ci.org/rapid7/recog)
|
8
4
|
|
5
|
+
|
6
|
+
Recog is a framework for identifying products, services, operating systems, and hardware by matching fingerprints against data returned from various network probes. Recog makes it simple to extract useful information from web server banners, snmp system description fields, and a whole lot more.
|
7
|
+
|
8
|
+
Recog is open source, please see the [LICENSE](https://raw.githubusercontent.com/rapid7/recog/master/LICENSE) file for more information.
|
9
|
+
|
9
10
|
## Installation
|
10
11
|
|
11
|
-
Recog consists of both XML fingerprint files and an assortment of code, mostly in Ruby, that makes it easy to develop, test, and use the contained fingerprints. In order to use the included ruby code, a recent version of Ruby (2.
|
12
|
+
Recog consists of both XML fingerprint files and an assortment of code, mostly in Ruby, that makes it easy to develop, test, and use the contained fingerprints. In order to use the included ruby code, a recent version of Ruby (2.31+) is required, along with Rubygems and the `bundler` gem. Once these dependencies are in place, use the following commands to grab the latest source code and install any additional dependencies.
|
12
13
|
|
13
|
-
|
14
|
-
|
15
|
-
|
14
|
+
```shell
|
15
|
+
$ git clone git@github.com:rapid7/recog.git
|
16
|
+
$ cd recog
|
17
|
+
$ bundle install
|
18
|
+
```
|
16
19
|
|
17
20
|
## Maturity
|
18
21
|
|
@@ -24,7 +27,7 @@ The fingerprints within Recog are stored in XML files, each of which is designed
|
|
24
27
|
|
25
28
|
A fingerprint file consists of an XML document like the following:
|
26
29
|
|
27
|
-
```
|
30
|
+
```xml
|
28
31
|
<fingerprints matches="ssh.banner">
|
29
32
|
<fingerprint pattern="^RomSShell_([\d\.]+)$">
|
30
33
|
<description>Allegro RomSShell SSH</description>
|
@@ -36,15 +39,15 @@ A fingerprint file consists of an XML document like the following:
|
|
36
39
|
</fingerprints>
|
37
40
|
```
|
38
41
|
|
39
|
-
The first line should always consist of the XML version declaration. The first element should always be a `
|
42
|
+
The first line should always consist of the XML version declaration. The first element should always be a `fingerprints` block with a `matches` attribute indicating what data this fingerprint file is supposed to match. The `matches` attribute is normally in the form of `protocol.field`.
|
40
43
|
|
41
44
|
Inside of the `fingerprints` element there should be one or more `fingerprint` elements. Every `fingerprint` must contain a `pattern` attribute, which contains the regular expression to be used to match against the data. An optional `flags` attribute can be specified to control how the regular expression is to be interpreted. See [the Recog documentation for `FLAG_MAP`](http://www.rubydoc.info/gems/recog/Recog/Fingerprint/RegexpFactory#FLAG_MAP-constant) for more information.
|
42
45
|
|
43
46
|
Inside of the fingerprint, a `description` element should contain a human-readable string describing this fingerprint.
|
44
47
|
|
45
|
-
At least one `example` element should be present, however multiple `example` elements are preferred. These elements are used as part of the test coverage present in rspec which validates that the provided data matches the specified regular expression. Additionally, if the fingerprint is using the `param` elements to extract field values from the data (described next), you can add these expected extractions as attributes for the `example` elements. In the example above, this:
|
48
|
+
At least one `example` element should be present, however multiple `example` elements are preferred. These elements are used as part of the test coverage present in `rspec` which validates that the provided data matches the specified regular expression. Additionally, if the fingerprint is using the `param` elements to extract field values from the data (described next), you can add these expected extractions as attributes for the `example` elements. In the example above, this:
|
46
49
|
|
47
|
-
```
|
50
|
+
```xml
|
48
51
|
<example service.version="4.62">RomSShell_4.62</example>
|
49
52
|
```
|
50
53
|
|
@@ -54,7 +57,7 @@ The `param` elements contain a `pos` attribute, which indicates what capture fie
|
|
54
57
|
|
55
58
|
The `example` string can be base64 encoded to permit the use of unprintable characters. To signal this to Recog an `_encoding` attribute with the value of `base64` is added to the `example` element. Based64 encoded text that is longer than 80 characters may be wrapped with newlines as shown below to aid in readability.
|
56
59
|
|
57
|
-
````
|
60
|
+
````xml
|
58
61
|
<example _encoding="base64">
|
59
62
|
dGllczGEAAAAlQQWMS4yLjg0MC4xMTM1NTYuMS40LjgwMAQuZGF0YS5yZW1vdmVkLjCEAAAAK
|
60
63
|
AQdZG9tYWluQ29udHJvbGxlckZ1bmN0aW9uYWxpdHkxhAAAAAMEATc=
|
@@ -65,15 +68,15 @@ The `example` string can be base64 encoded to permit the use of unprintable char
|
|
65
68
|
|
66
69
|
Once a fingerprint has been added, the `example` entries can be tested by executing `bin/recog_verify` against the fingerprint file:
|
67
70
|
|
68
|
-
```
|
69
|
-
|
71
|
+
```shell
|
72
|
+
$ bin/recog_verify xml/ssh_banners.xml
|
70
73
|
```
|
71
74
|
|
72
75
|
Matches can be tested on the command-line in a similar fashion:
|
73
76
|
|
74
|
-
```
|
75
|
-
|
76
|
-
|
77
|
+
```shell
|
78
|
+
$ echo 'OpenSSH_6.6p1 Ubuntu-2ubuntu1' | bin/recog_match xml/ssh_banners.xml -
|
79
|
+
MATCH: {"matched"=>"OpenSSH running on Ubuntu 14.04", "service.version"=>"6.6p1", "openssh.comment"=>"Ubuntu-2ubuntu1", "service.vendor"=>"OpenBSD", "service.family"=>"OpenSSH", "service.product"=>"OpenSSH", "os.vendor"=>"Ubuntu", "os.device"=>"General", "os.family"=>"Linux", "os.product"=>"Linux", "os.version"=>"14.04", "service.protocol"=>"ssh", "fingerprint_db"=>"ssh.banner", "data"=>"OpenSSH_6.6p1 Ubuntu-2ubuntu1"}
|
77
80
|
```
|
78
81
|
|
79
82
|
### Best Practices
|
@@ -0,0 +1,118 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
$:.unshift(File.expand_path(File.join(File.dirname(__FILE__), "..", "lib")))
|
4
|
+
require 'optparse'
|
5
|
+
require 'ostruct'
|
6
|
+
require 'recog'
|
7
|
+
|
8
|
+
def load_identifiers(path)
|
9
|
+
res = {}
|
10
|
+
File.readlines(path).map{|line| line.strip}.each do |ident|
|
11
|
+
res[ident] = true
|
12
|
+
end
|
13
|
+
return res
|
14
|
+
end
|
15
|
+
|
16
|
+
def write_identifiers(vals, path)
|
17
|
+
res = []
|
18
|
+
vals.each_pair do |k,v|
|
19
|
+
res = res.push(k)
|
20
|
+
end
|
21
|
+
res = res.sort.uniq
|
22
|
+
File.write(path, res.join("\n") + "\n")
|
23
|
+
end
|
24
|
+
|
25
|
+
bdir = File.expand_path(File.join(File.dirname(__FILE__), "..", "identifiers"))
|
26
|
+
|
27
|
+
options = OpenStruct.new(write: false)
|
28
|
+
option_parser = OptionParser.new do |opts|
|
29
|
+
opts.banner = "Usage: #{$0} [options] XML_FINGERPRINT_FILE1 ..."
|
30
|
+
opts.separator "Verifies that each fingerprint asserts known identifiers."
|
31
|
+
opts.separator ""
|
32
|
+
opts.separator "Options"
|
33
|
+
|
34
|
+
opts.on("-w", "--write") do
|
35
|
+
options.write = true
|
36
|
+
end
|
37
|
+
|
38
|
+
opts.on("-h", "--help", "Show this message.") do
|
39
|
+
puts opts
|
40
|
+
exit
|
41
|
+
end
|
42
|
+
end
|
43
|
+
option_parser.parse!(ARGV)
|
44
|
+
|
45
|
+
if ARGV.empty?
|
46
|
+
$stderr.puts 'Missing XML fingerprint files'
|
47
|
+
puts option_parser
|
48
|
+
exit(1)
|
49
|
+
end
|
50
|
+
|
51
|
+
# Load the unique identifiers
|
52
|
+
vendors = load_identifiers(File.join(bdir, "vendor.txt"))
|
53
|
+
os_arch = load_identifiers(File.join(bdir, "os_architecture.txt"))
|
54
|
+
os_prod = load_identifiers(File.join(bdir, "os_product.txt"))
|
55
|
+
os_family = load_identifiers(File.join(bdir, "os_family.txt"))
|
56
|
+
os_device = load_identifiers(File.join(bdir, "os_device.txt"))
|
57
|
+
svc_prod = load_identifiers(File.join(bdir, "service_product.txt"))
|
58
|
+
svc_family = load_identifiers(File.join(bdir, "service_family.txt"))
|
59
|
+
|
60
|
+
ARGV.each do |arg|
|
61
|
+
Dir.glob(arg).each do |file|
|
62
|
+
ndb = Recog::DB.new(file)
|
63
|
+
ndb.fingerprints.each do |f|
|
64
|
+
f.params.each do |k,v|
|
65
|
+
paramIndex, val = v
|
66
|
+
next if paramIndex != 0
|
67
|
+
case k
|
68
|
+
when "os.vendor", "service.vendor", "service.component.vendor", "hw.vendor"
|
69
|
+
if ! vendors[val]
|
70
|
+
puts "VENDOR MISSING: #{val}"
|
71
|
+
vendors[val] = true
|
72
|
+
end
|
73
|
+
when "os.product"
|
74
|
+
if ! os_prod[val]
|
75
|
+
puts "OS PRODUCT MISSING: #{val}"
|
76
|
+
os_prod[val] = true
|
77
|
+
end
|
78
|
+
when "os.arch"
|
79
|
+
if ! os_arch[val]
|
80
|
+
puts "OS ARCH MISSING: #{val}"
|
81
|
+
os_arch[val] = true
|
82
|
+
end
|
83
|
+
when "os.family"
|
84
|
+
if ! os_family[val]
|
85
|
+
puts "OS FAMILY MISSING: #{val}"
|
86
|
+
os_family[val] = true
|
87
|
+
end
|
88
|
+
when "os.device"
|
89
|
+
if ! os_device[val]
|
90
|
+
puts "OS DEVICE MISSING: #{val}"
|
91
|
+
os_device[val] = true
|
92
|
+
end
|
93
|
+
when "service.product"
|
94
|
+
if ! svc_prod[val]
|
95
|
+
puts "SERVICE PRODUCT MISSING: #{val}"
|
96
|
+
svc_prod[val] = true
|
97
|
+
end
|
98
|
+
when "service.family"
|
99
|
+
if ! svc_family[val]
|
100
|
+
puts "SERVICE FAMILY MISSING: #{val}"
|
101
|
+
svc_family[val] = true
|
102
|
+
end
|
103
|
+
end
|
104
|
+
end
|
105
|
+
end
|
106
|
+
end
|
107
|
+
end
|
108
|
+
|
109
|
+
exit if ! options.write
|
110
|
+
|
111
|
+
# Write back the unique identifiers
|
112
|
+
write_identifiers(vendors, File.join(bdir, "vendor.txt"))
|
113
|
+
write_identifiers(os_arch, File.join(bdir, "os_architecture.txt"))
|
114
|
+
write_identifiers(os_prod, File.join(bdir, "os_product.txt"))
|
115
|
+
write_identifiers(os_family, File.join(bdir, "os_family.txt"))
|
116
|
+
write_identifiers(os_device, File.join(bdir, "os_device.txt"))
|
117
|
+
write_identifiers(svc_prod, File.join(bdir, "service_product.txt"))
|
118
|
+
write_identifiers(svc_family, File.join(bdir, "service_family.txt"))
|
data/cpe-remap.yaml
CHANGED
@@ -1,4 +1,6 @@
|
|
1
1
|
mappings:
|
2
|
+
alpine:
|
3
|
+
vendor: alpinelinux
|
2
4
|
apache:
|
3
5
|
vendor: apache
|
4
6
|
products:
|
@@ -45,10 +47,17 @@ mappings:
|
|
45
47
|
vendor: ibm
|
46
48
|
products:
|
47
49
|
lotus_domino: lotus_domino_server
|
50
|
+
os/400: os_400
|
51
|
+
z/os: z\/os
|
52
|
+
jamf:
|
53
|
+
products:
|
54
|
+
jamf_pro: jamf
|
48
55
|
juniper:
|
49
56
|
vendor: juniper
|
50
57
|
products:
|
51
58
|
junos_os: junos
|
59
|
+
kibana:
|
60
|
+
vendor: elasticsearch
|
52
61
|
linux:
|
53
62
|
vendor: linux
|
54
63
|
products:
|
@@ -94,6 +103,11 @@ mappings:
|
|
94
103
|
vendor: paloaltonetworks
|
95
104
|
products:
|
96
105
|
pa_firewall: pan-os
|
106
|
+
parallels:
|
107
|
+
products:
|
108
|
+
plesk: parallels_plesk_panel
|
109
|
+
plesk:
|
110
|
+
vendor: parallels
|
97
111
|
proftpd_project:
|
98
112
|
vendor: proftpd
|
99
113
|
realvnc_ltd.:
|
@@ -113,6 +127,13 @@ mappings:
|
|
113
127
|
vendor: sun
|
114
128
|
products:
|
115
129
|
solaris: sunos
|
130
|
+
tandberg:
|
131
|
+
vendor: cisco
|
132
|
+
tightvnc:
|
133
|
+
products:
|
134
|
+
desktop: tightvnc
|
135
|
+
ubiquiti:
|
136
|
+
vendor: ui
|
116
137
|
ubuntu:
|
117
138
|
vendor: canonical
|
118
139
|
products:
|
@@ -2,7 +2,7 @@
|
|
2
2
|
<fingerprints>
|
3
3
|
<fingerprint pattern="^Cisco-SIPGateway/IOS-([\d\.x]+)$">
|
4
4
|
<description>Cisco SIPGateway</description>
|
5
|
-
<example>Cisco-SIPGateway/IOS-12.x</example>
|
5
|
+
<example os.version="12.x">Cisco-SIPGateway/IOS-12.x</example>
|
6
6
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
7
7
|
<param pos="0" name="os.product" value="IOS"/>
|
8
8
|
<param pos="1" name="os.version"/>
|
@@ -1,7 +1,7 @@
|
|
1
1
|
<?xml version="1.0"?>
|
2
2
|
<fingerprints>
|
3
3
|
<fingerprint pattern="^-{10} Welcome to Pure-FTPd (.*)-{10}$">
|
4
|
-
<example>---------- Welcome to Pure-FTPd ----------</example>
|
4
|
+
<example pureftpd.config="">---------- Welcome to Pure-FTPd ----------</example>
|
5
5
|
<description>Pure-FTPd</description>
|
6
6
|
<param pos="1" name="pureftpd.config"/>
|
7
7
|
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
data/features/match.feature
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
Feature: Match
|
2
|
+
@no-clobber
|
2
3
|
Scenario: Finds matches
|
3
4
|
When I run `recog_match matching_banners_fingerprints.xml sample_banner.txt`
|
4
5
|
Then it should pass with:
|
@@ -7,6 +8,7 @@ Feature: Match
|
|
7
8
|
MATCH: {"matched"=>"SunOS/Solaris", "os.vendor"=>"Sun", "os.family"=>"Solaris", "os.product"=>"Solaris", "os.device"=>"General", "host.name"=>"polaris", "os.version"=>"5.8", "service.protocol"=>"ftp", "fingerprint_db"=>"matching_banners_fingerprints", "data"=>"polaris FTP server (SunOS 5.8) ready."}
|
8
9
|
"""
|
9
10
|
|
11
|
+
@no-clobber
|
10
12
|
Scenario: Fails at finding matches
|
11
13
|
When I run `recog_match failing_banners_fingerprints.xml sample_banner.txt`
|
12
14
|
Then it should pass with:
|
@@ -15,6 +17,7 @@ Feature: Match
|
|
15
17
|
FAIL: polaris FTP server (SunOS 5.8) ready
|
16
18
|
"""
|
17
19
|
|
20
|
+
@no-clobber
|
18
21
|
Scenario: Finds multiple matches
|
19
22
|
When I run `recog_match multiple_banners_fingerprints.xml sample_banner.txt --multi-match`
|
20
23
|
Then it should pass with:
|
@@ -23,6 +26,7 @@ Feature: Match
|
|
23
26
|
MATCHES: {"matched"=>"Generic FTP, Checks for the existence of the word FTP in the line", "service.protocol"=>"", "fingerprint_db"=>"multiple_banners_fingerprints", "data"=>"polaris FTP server (SunOS 5.8) ready."},{"matched"=>"SunOS/Solaris", "service.protocol"=>"ftp", "os.vendor"=>"Sun", "os.family"=>"Solaris", "os.product"=>"Solaris", "os.device"=>"General", "host.name"=>"polaris", "os.version"=>"5.8", "fingerprint_db"=>"multiple_banners_fingerprints", "data"=>"polaris FTP server (SunOS 5.8) ready."}
|
24
27
|
"""
|
25
28
|
|
29
|
+
@no-clobber
|
26
30
|
Scenario: Finds first matches using no-multi-match flag
|
27
31
|
When I run `recog_match multiple_banners_fingerprints.xml sample_banner.txt --no-multi-match`
|
28
32
|
Then it should pass with:
|
data/features/verify.feature
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
Feature: Verify
|
2
|
+
@no-clobber
|
2
3
|
Scenario: No tests
|
3
4
|
When I run `recog_verify no_tests.xml`
|
4
5
|
Then it should pass with:
|
@@ -6,6 +7,7 @@ Feature: Verify
|
|
6
7
|
SUMMARY: Test completed with 0 successful, 0 warnings, and 0 failures
|
7
8
|
"""
|
8
9
|
|
10
|
+
@no-clobber
|
9
11
|
Scenario: Successful tests
|
10
12
|
When I run `recog_verify successful_tests.xml`
|
11
13
|
Then it should pass with:
|
@@ -13,15 +15,18 @@ Feature: Verify
|
|
13
15
|
SUMMARY: Test completed with 4 successful, 0 warnings, and 0 failures
|
14
16
|
"""
|
15
17
|
|
18
|
+
@no-clobber
|
16
19
|
Scenario: Tests with warnings, warnings enabled
|
17
20
|
When I run `recog_verify tests_with_warnings.xml`
|
18
21
|
Then it should fail with:
|
19
22
|
"""
|
20
23
|
WARN: 'Pure-FTPd' has no test cases
|
21
|
-
|
24
|
+
WARN: 'Pure-FTPd' is missing an example that checks for parameter 'pureftpd.config' messsage which is derived from a capture group
|
25
|
+
SUMMARY: Test completed with 1 successful, 2 warnings, and 0 failures
|
22
26
|
"""
|
23
|
-
And the exit status should be
|
27
|
+
And the exit status should be 2
|
24
28
|
|
29
|
+
@no-clobber
|
25
30
|
Scenario: Tests with warnings, warnings disabled
|
26
31
|
When I run `recog_verify --no-warnings tests_with_warnings.xml`
|
27
32
|
Then it should pass with:
|
@@ -29,6 +34,7 @@ Feature: Verify
|
|
29
34
|
SUMMARY: Test completed with 1 successful, 0 warnings, and 0 failures
|
30
35
|
"""
|
31
36
|
|
37
|
+
@no-clobber
|
32
38
|
Scenario: Tests with failures
|
33
39
|
When I run `recog_verify tests_with_failures.xml`
|
34
40
|
Then it should fail with:
|
@@ -40,5 +46,3 @@ Feature: Verify
|
|
40
46
|
SUMMARY: Test completed with 0 successful, 0 warnings, and 4 failures
|
41
47
|
"""
|
42
48
|
And the exit status should be 4
|
43
|
-
|
44
|
-
|
@@ -0,0 +1,47 @@
|
|
1
|
+
# Recog: Identifiers
|
2
|
+
|
3
|
+
This directory contains lists of standard identifiers for mapping Recog matches. The goal is define a standard set of constants to represent known software, hardware, vendors, and categories.
|
4
|
+
|
5
|
+
This is currently incomplete and will be updated as standardization work moves forward.
|
6
|
+
|
7
|
+
Fingerprints should use these identifiers whenever possible; if a different name or syntax for a given identifier is preferred, this should be implemented in the application through a mapping function.
|
8
|
+
|
9
|
+
## Lists
|
10
|
+
|
11
|
+
### Vendors
|
12
|
+
|
13
|
+
`vendor.txt` defines known vendor names, covering services, operating systems, and hardware.
|
14
|
+
|
15
|
+
### Operating Systems
|
16
|
+
|
17
|
+
`os_architecture.txt` defines known CPU types.
|
18
|
+
|
19
|
+
`os_product.txt` defines known operating system names.
|
20
|
+
|
21
|
+
`os_family.txt` defines known operating system families.
|
22
|
+
|
23
|
+
`os_device.txt` defines known types of devices by function or purpose.
|
24
|
+
|
25
|
+
### Services
|
26
|
+
|
27
|
+
`service_product.txt` defines known service product names.
|
28
|
+
|
29
|
+
`service_family.txt` defines known service product families.
|
30
|
+
|
31
|
+
### Software
|
32
|
+
|
33
|
+
`software_product.txt` defines known software product names.
|
34
|
+
|
35
|
+
`software_family.txt` defines known software product families.
|
36
|
+
|
37
|
+
`software_class.txt` defines known types of software by function or purpose.
|
38
|
+
|
39
|
+
## Pending Work
|
40
|
+
|
41
|
+
* All existing fingerprints should be correlated against these lists to identify mismatches and updated accordingly.
|
42
|
+
|
43
|
+
* All net new identifiers from the existing fingerprints should be merged into these lists.
|
44
|
+
|
45
|
+
* All fingerprint assertions should be enumerated, documented, and standardized where possible (`host.mac`, etc).
|
46
|
+
|
47
|
+
* Hardware identifiers should be enumerated, consolidated, and standardized.
|