recog 3.0.2 → 3.1.0

data/recog/xml/snmp_sysdescr.xml

@@ -3772,7 +3772,7 @@ Copyright (c) 1995-2005 by Cisco Systems
 
   <!-- These devices are all some form of device/terminal/serial/console server -->
 
-  <fingerprint pattern="^(?i:Lantronix) ((MSS|SCS|LRS|ETS|EDS)\S+) (?:Version |[VB])?([^/\(\s]+)[/\(\s]?">
+  <fingerprint pattern="(?i)^Lantronix ((MSS|SCS|LRS|ETS|EDS)\S+) (?:Version |[VB])?([^/\(\s]+)[/\(\s]?">
     <description>Lantronix terminal server</description>
     <example os.product="MSS100" os.family="MSS" os.version="V3.6">Lantronix MSS100 Version V3.6/9(030114)</example>
     <example os.product="EDS8PS" os.family="EDS" os.version="4.1.0.2R17">Lantronix EDS8PS V4.1.0.2R17 (03111515KK9H)</example>
@@ -6264,6 +6264,22 @@ Copyright (c) 1995-2005 by Cisco Systems
     <param pos="1" name="os.product"/>
   </fingerprint>
 
+  <!--======================================================================
+                               Server Technology
+   =======================================================================-->
+
+  <fingerprint pattern="^(Sentry Switched (?:CDU|(?:DC )*PDU))$">
+    <description>Server Technology Sentry Switched Device</description>
+    <example hw.product="Sentry Switched CDU" os.product="Sentry Switched CDU Firmware">Sentry Switched CDU</example>
+    <example hw.product="Sentry Switched PDU" os.product="Sentry Switched PDU Firmware">Sentry Switched PDU</example>
+    <example hw.product="Sentry Switched DC PDU" os.product="Sentry Switched DC PDU Firmware">Sentry Switched DC PDU</example>
+    <param pos="0" name="os.vendor" value="Server Technology"/>
+    <param pos="0" name="os.product" value="{hw.product} Firmware"/>
+    <param pos="0" name="hw.vendor" value="Server Technology"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="Power Device"/>
+  </fingerprint>
+
   <!--======================================================================
                               SonicWall
    =======================================================================-->
@@ -7489,15 +7505,20 @@ Copyright (c) 1995-2005 by Cisco Systems
   </fingerprint>
 
   <!--======================================================================
-                              ZEBRANET
+                              Zebra
    =======================================================================-->
 
   <fingerprint pattern="^ZebraNet PrintServer$">
-    <description>ZebraNet PrintServer</description>
+    <description>Zebra ZebraNet PrintServer</description>
     <example>ZebraNet PrintServer</example>
-    <param pos="0" name="os.vendor" value="ZebraNet"/>
-    <param pos="0" name="os.product" value="PrintServer"/>
+    <param pos="0" name="os.vendor" value="Zebra"/>
+    <param pos="0" name="os.family" value="ZebraNet"/>
+    <param pos="0" name="os.product" value="ZebraNet PrintServer Firmware"/>
     <param pos="0" name="os.device" value="Print Server"/>
+    <param pos="0" name="hw.vendor" value="Zebra"/>
+    <param pos="0" name="hw.family" value="ZebraNet"/>
+    <param pos="0" name="hw.product" value="ZebraNet PrintServer"/>
+    <param pos="0" name="hw.device" value="Print Server"/>
   </fingerprint>
 
   <!--======================================================================

data/recog/xml/ssh_banners.xml

@@ -1787,7 +1787,7 @@
     <param pos="1" name="os.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^([\d.]{1,8})[ _]sshlib:? (?i:GlobalScape)$">
+  <fingerprint pattern="(?i)^([\d.]{1,8})[ _]sshlib:? GlobalScape$">
     <description>GlobalScape SSH (which uses Bitvise sshlib)</description>
     <example service.component.version="1.36">1.36_sshlib GlobalSCAPE</example>
     <example service.component.version="1.82">1.82_sshlib Globalscape</example>
@@ -1953,7 +1953,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:vandyke:vshell:{service.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^WRQReflection(?i:F)orSecureIT_(.*)$">
+  <fingerprint pattern="^WRQReflection[Ff]orSecureIT_(.*)$">
     <description>Attachmate Reflection (formerly WRQ Reflection for Secure IT)</description>
     <example service.version="6.1 Build 21">WRQReflectionForSecureIT_6.1 Build 21</example>
     <example service.version="8.2 Build 117">WRQReflectionforSecureIT_8.2 Build 117</example>

data/recog/xml/tls_jarm.xml

@@ -4,7 +4,7 @@
     Fingerprint based on https://github.com/salesforce/jarm
   -->
 
-  <fingerprint pattern="^2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa|2ad2ad16d2ad2ad22c2ad2ad2ad2adce2e4c8c53174ecbf5529ce7584d5518$|2ad2ad16d2ad2ad22c42d42d000000d342d5966a57139eeaff9f8bc4841b25$">
+  <fingerprint pattern="^(?:2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa|2ad2ad16d2ad2ad22c2ad2ad2ad2adce2e4c8c53174ecbf5529ce7584d5518|2ad2ad16d2ad2ad22c42d42d000000d342d5966a57139eeaff9f8bc4841b25)$">
     <description>Tor relay</description>
     <example>2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa</example>
     <example>2ad2ad16d2ad2ad22c2ad2ad2ad2adce2e4c8c53174ecbf5529ce7584d5518</example>
@@ -14,7 +14,7 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:torproject:tor:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d|29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5|2ad2ad0002ad2ad0002ad2ad2ad2ad5bf44aec534289dfa8e33148b66cd6c3|29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b$">
+  <fingerprint pattern="^(?:2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d|29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5|2ad2ad0002ad2ad0002ad2ad2ad2ad5bf44aec534289dfa8e33148b66cd6c3|29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b)$">
     <description>Synology NAS DSM 6</description>
     <example>29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5</example>
     <example>29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b</example>
@@ -29,7 +29,7 @@
     <param pos="0" name="hw.device" value="NAS"/>
   </fingerprint>
 
-  <fingerprint pattern="^00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64|29d29d15d29d29d00042d42d00000068f5dc63852f94da932cd6b61b1cd9e3|29d29d15d29d29d21c42d42d000000bf85d79ff39d9f5079675604a74fc04b|29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762|29d29d15d29d29d21c42d42d000000790cb01ea78cc2a73fe8428d61afc0c8$">
+  <fingerprint pattern="^(?:00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64|29d29d15d29d29d00042d42d00000068f5dc63852f94da932cd6b61b1cd9e3|29d29d15d29d29d21c42d42d000000bf85d79ff39d9f5079675604a74fc04b|29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762|29d29d15d29d29d21c42d42d000000790cb01ea78cc2a73fe8428d61afc0c8)$">
     <description>Synology NAS DSM 7</description>
     <example>00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64</example>
     <example>29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762</example>
@@ -56,7 +56,7 @@
     <param pos="0" name="os.device" value="Router"/>
   </fingerprint>
 
-  <fingerprint pattern="^07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d|07d14d16d21d21d07c42d43d000000f50d155305214cf247147c43c0f1a823|07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac|07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac|07d14d16d21d21d00007d14d07d21d0ae59125bcd90b8876b50928af8f6cd4$">
+  <fingerprint pattern="^(?:07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d|07d14d16d21d21d07c42d43d000000f50d155305214cf247147c43c0f1a823|07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac|07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac|07d14d16d21d21d00007d14d07d21d0ae59125bcd90b8876b50928af8f6cd4)$">
     <description>Metasploit listener</description>
     <example>07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac</example>
     <example>07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac</example>
@@ -71,7 +71,7 @@
   <!-- This fingerprint matches Java's TLS stack,
     see https://blog.cobaltstrike.com/2020/12/08/a-red-teamer-plays-with-jarm/ for details -->
 
-  <fingerprint pattern="^07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1|07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2$">
+  <fingerprint pattern="^(?:07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1|07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2)$">
     <description>Cobalt Strike listener</description>
     <example>07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1</example>
     <example>07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2</example>
@@ -146,7 +146,7 @@
     <param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601|2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d$">
+  <fingerprint pattern="^(?:21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601|2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d)$">
     <description>VMware ESXi</description>
     <example>21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601</example>
     <example>2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d</example>

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: recog
 version: !ruby/object:Gem::Version
-  version: 3.0.2
+  version: 3.1.0
 platform: ruby
 authors:
 - Rapid7 Research
@@ -93,7 +93,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2022-08-24 00:00:00.000000000 Z
+date: 2023-03-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec