recog 3.0.2 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +1 -2
  3. data/README.md +45 -2
  4. data/lib/recog/fingerprint.rb +9 -2
  5. data/lib/recog/version.rb +1 -1
  6. data/recog/xml/dhcp_vendor_class.xml +753 -2
  7. data/recog/xml/dns_versionbind.xml +3 -3
  8. data/recog/xml/favicons.xml +289 -49
  9. data/recog/xml/ftp_banners.xml +34 -9
  10. data/recog/xml/html_title.xml +256 -25
  11. data/recog/xml/http_cookies.xml +89 -2
  12. data/recog/xml/http_servers.xml +335 -9
  13. data/recog/xml/http_wwwauth.xml +21 -1
  14. data/recog/xml/imap_banners.xml +19 -8
  15. data/recog/xml/smb_native_os.xml +1 -1
  16. data/recog/xml/smtp_banners.xml +7 -7
  17. data/recog/xml/snmp_sysdescr.xml +26 -5
  18. data/recog/xml/ssh_banners.xml +2 -2
  19. data/recog/xml/tls_jarm.xml +6 -6
  20. data.tar.gz.sig +0 -0
  21. metadata +2 -2
  22. metadata.gz.sig +0 -0
data/recog/xml/snmp_sysdescr.xml CHANGED
@@ -3772,7 +3772,7 @@ Copyright (c) 1995-2005 by Cisco Systems
3772
3772
 
3773
3773
  <!-- These devices are all some form of device/terminal/serial/console server -->
3774
3774
 
3775
- <fingerprint pattern="^(?i:Lantronix) ((MSS|SCS|LRS|ETS|EDS)\S+) (?:Version |[VB])?([^/\(\s]+)[/\(\s]?">
3775
+ <fingerprint pattern="(?i)^Lantronix ((MSS|SCS|LRS|ETS|EDS)\S+) (?:Version |[VB])?([^/\(\s]+)[/\(\s]?">
3776
3776
  <description>Lantronix terminal server</description>
3777
3777
  <example os.product="MSS100" os.family="MSS" os.version="V3.6">Lantronix MSS100 Version V3.6/9(030114)</example>
3778
3778
  <example os.product="EDS8PS" os.family="EDS" os.version="4.1.0.2R17">Lantronix EDS8PS V4.1.0.2R17 (03111515KK9H)</example>
@@ -6264,6 +6264,22 @@ Copyright (c) 1995-2005 by Cisco Systems
6264
6264
  <param pos="1" name="os.product"/>
6265
6265
  </fingerprint>
6266
6266
 
6267
+ <!--======================================================================
6268
+ Server Technology
6269
+ =======================================================================-->
6270
+
6271
+ <fingerprint pattern="^(Sentry Switched (?:CDU|(?:DC )*PDU))$">
6272
+ <description>Server Technology Sentry Switched Device</description>
6273
+ <example hw.product="Sentry Switched CDU" os.product="Sentry Switched CDU Firmware">Sentry Switched CDU</example>
6274
+ <example hw.product="Sentry Switched PDU" os.product="Sentry Switched PDU Firmware">Sentry Switched PDU</example>
6275
+ <example hw.product="Sentry Switched DC PDU" os.product="Sentry Switched DC PDU Firmware">Sentry Switched DC PDU</example>
6276
+ <param pos="0" name="os.vendor" value="Server Technology"/>
6277
+ <param pos="0" name="os.product" value="{hw.product} Firmware"/>
6278
+ <param pos="0" name="hw.vendor" value="Server Technology"/>
6279
+ <param pos="1" name="hw.product"/>
6280
+ <param pos="0" name="hw.device" value="Power Device"/>
6281
+ </fingerprint>
6282
+
6267
6283
  <!--======================================================================
6268
6284
  SonicWall
6269
6285
  =======================================================================-->
@@ -7489,15 +7505,20 @@ Copyright (c) 1995-2005 by Cisco Systems
7489
7505
  </fingerprint>
7490
7506
 
7491
7507
  <!--======================================================================
7492
- ZEBRANET
7508
+ Zebra
7493
7509
  =======================================================================-->
7494
7510
 
7495
7511
  <fingerprint pattern="^ZebraNet PrintServer$">
7496
- <description>ZebraNet PrintServer</description>
7512
+ <description>Zebra ZebraNet PrintServer</description>
7497
7513
  <example>ZebraNet PrintServer</example>
7498
- <param pos="0" name="os.vendor" value="ZebraNet"/>
7499
- <param pos="0" name="os.product" value="PrintServer"/>
7514
+ <param pos="0" name="os.vendor" value="Zebra"/>
7515
+ <param pos="0" name="os.family" value="ZebraNet"/>
7516
+ <param pos="0" name="os.product" value="ZebraNet PrintServer Firmware"/>
7500
7517
  <param pos="0" name="os.device" value="Print Server"/>
7518
+ <param pos="0" name="hw.vendor" value="Zebra"/>
7519
+ <param pos="0" name="hw.family" value="ZebraNet"/>
7520
+ <param pos="0" name="hw.product" value="ZebraNet PrintServer"/>
7521
+ <param pos="0" name="hw.device" value="Print Server"/>
7501
7522
  </fingerprint>
7502
7523
 
7503
7524
  <!--======================================================================
data/recog/xml/ssh_banners.xml CHANGED
@@ -1787,7 +1787,7 @@
1787
1787
  <param pos="1" name="os.version"/>
1788
1788
  </fingerprint>
1789
1789
 
1790
- <fingerprint pattern="^([\d.]{1,8})[ _]sshlib:? (?i:GlobalScape)$">
1790
+ <fingerprint pattern="(?i)^([\d.]{1,8})[ _]sshlib:? GlobalScape$">
1791
1791
  <description>GlobalScape SSH (which uses Bitvise sshlib)</description>
1792
1792
  <example service.component.version="1.36">1.36_sshlib GlobalSCAPE</example>
1793
1793
  <example service.component.version="1.82">1.82_sshlib Globalscape</example>
@@ -1953,7 +1953,7 @@
1953
1953
  <param pos="0" name="service.cpe23" value="cpe:/a:vandyke:vshell:{service.version}"/>
1954
1954
  </fingerprint>
1955
1955
 
1956
- <fingerprint pattern="^WRQReflection(?i:F)orSecureIT_(.*)$">
1956
+ <fingerprint pattern="^WRQReflection[Ff]orSecureIT_(.*)$">
1957
1957
  <description>Attachmate Reflection (formerly WRQ Reflection for Secure IT)</description>
1958
1958
  <example service.version="6.1 Build 21">WRQReflectionForSecureIT_6.1 Build 21</example>
1959
1959
  <example service.version="8.2 Build 117">WRQReflectionforSecureIT_8.2 Build 117</example>
data/recog/xml/tls_jarm.xml CHANGED
@@ -4,7 +4,7 @@
4
4
  Fingerprint based on https://github.com/salesforce/jarm
5
5
  -->
6
6
 
7
- <fingerprint pattern="^2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa|2ad2ad16d2ad2ad22c2ad2ad2ad2adce2e4c8c53174ecbf5529ce7584d5518$|2ad2ad16d2ad2ad22c42d42d000000d342d5966a57139eeaff9f8bc4841b25$">
7
+ <fingerprint pattern="^(?:2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa|2ad2ad16d2ad2ad22c2ad2ad2ad2adce2e4c8c53174ecbf5529ce7584d5518|2ad2ad16d2ad2ad22c42d42d000000d342d5966a57139eeaff9f8bc4841b25)$">
8
8
  <description>Tor relay</description>
9
9
  <example>2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa</example>
10
10
  <example>2ad2ad16d2ad2ad22c2ad2ad2ad2adce2e4c8c53174ecbf5529ce7584d5518</example>
@@ -14,7 +14,7 @@
14
14
  <param pos="0" name="service.cpe23" value="cpe:/a:torproject:tor:-"/>
15
15
  </fingerprint>
16
16
 
17
- <fingerprint pattern="^2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d|29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5|2ad2ad0002ad2ad0002ad2ad2ad2ad5bf44aec534289dfa8e33148b66cd6c3|29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b$">
17
+ <fingerprint pattern="^(?:2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d|29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5|2ad2ad0002ad2ad0002ad2ad2ad2ad5bf44aec534289dfa8e33148b66cd6c3|29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b)$">
18
18
  <description>Synology NAS DSM 6</description>
19
19
  <example>29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5</example>
20
20
  <example>29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b</example>
@@ -29,7 +29,7 @@
29
29
  <param pos="0" name="hw.device" value="NAS"/>
30
30
  </fingerprint>
31
31
 
32
- <fingerprint pattern="^00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64|29d29d15d29d29d00042d42d00000068f5dc63852f94da932cd6b61b1cd9e3|29d29d15d29d29d21c42d42d000000bf85d79ff39d9f5079675604a74fc04b|29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762|29d29d15d29d29d21c42d42d000000790cb01ea78cc2a73fe8428d61afc0c8$">
32
+ <fingerprint pattern="^(?:00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64|29d29d15d29d29d00042d42d00000068f5dc63852f94da932cd6b61b1cd9e3|29d29d15d29d29d21c42d42d000000bf85d79ff39d9f5079675604a74fc04b|29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762|29d29d15d29d29d21c42d42d000000790cb01ea78cc2a73fe8428d61afc0c8)$">
33
33
  <description>Synology NAS DSM 7</description>
34
34
  <example>00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64</example>
35
35
  <example>29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762</example>
@@ -56,7 +56,7 @@
56
56
  <param pos="0" name="os.device" value="Router"/>
57
57
  </fingerprint>
58
58
 
59
- <fingerprint pattern="^07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d|07d14d16d21d21d07c42d43d000000f50d155305214cf247147c43c0f1a823|07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac|07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac|07d14d16d21d21d00007d14d07d21d0ae59125bcd90b8876b50928af8f6cd4$">
59
+ <fingerprint pattern="^(?:07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d|07d14d16d21d21d07c42d43d000000f50d155305214cf247147c43c0f1a823|07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac|07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac|07d14d16d21d21d00007d14d07d21d0ae59125bcd90b8876b50928af8f6cd4)$">
60
60
  <description>Metasploit listener</description>
61
61
  <example>07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac</example>
62
62
  <example>07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac</example>
@@ -71,7 +71,7 @@
71
71
  <!-- This fingerprint matches Java's TLS stack,
72
72
  see https://blog.cobaltstrike.com/2020/12/08/a-red-teamer-plays-with-jarm/ for details -->
73
73
 
74
- <fingerprint pattern="^07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1|07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2$">
74
+ <fingerprint pattern="^(?:07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1|07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2)$">
75
75
  <description>Cobalt Strike listener</description>
76
76
  <example>07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1</example>
77
77
  <example>07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2</example>
@@ -146,7 +146,7 @@
146
146
  <param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
147
147
  </fingerprint>
148
148
 
149
- <fingerprint pattern="^21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601|2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d$">
149
+ <fingerprint pattern="^(?:21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601|2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d)$">
150
150
  <description>VMware ESXi</description>
151
151
  <example>21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601</example>
152
152
  <example>2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d</example>
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: recog
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.2
4
+ version: 3.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rapid7 Research
@@ -93,7 +93,7 @@ cert_chain:
93
93
  EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
94
94
  9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
95
95
  -----END CERTIFICATE-----
96
- date: 2022-08-24 00:00:00.000000000 Z
96
+ date: 2023-03-17 00:00:00.000000000 Z
97
97
  dependencies:
98
98
  - !ruby/object:Gem::Dependency
99
99
  name: rspec
metadata.gz.sig CHANGED
Binary file