recog 3.0.2 → 3.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +1 -2
- data/README.md +45 -2
- data/lib/recog/fingerprint.rb +9 -2
- data/lib/recog/version.rb +1 -1
- data/recog/xml/dhcp_vendor_class.xml +753 -2
- data/recog/xml/dns_versionbind.xml +3 -3
- data/recog/xml/favicons.xml +289 -49
- data/recog/xml/ftp_banners.xml +34 -9
- data/recog/xml/html_title.xml +256 -25
- data/recog/xml/http_cookies.xml +89 -2
- data/recog/xml/http_servers.xml +335 -9
- data/recog/xml/http_wwwauth.xml +21 -1
- data/recog/xml/imap_banners.xml +19 -8
- data/recog/xml/smb_native_os.xml +1 -1
- data/recog/xml/smtp_banners.xml +7 -7
- data/recog/xml/snmp_sysdescr.xml +26 -5
- data/recog/xml/ssh_banners.xml +2 -2
- data/recog/xml/tls_jarm.xml +6 -6
- data.tar.gz.sig +0 -0
- metadata +2 -2
- metadata.gz.sig +0 -0
data/recog/xml/snmp_sysdescr.xml
CHANGED
@@ -3772,7 +3772,7 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
3772
3772
|
|
3773
3773
|
<!-- These devices are all some form of device/terminal/serial/console server -->
|
3774
3774
|
|
3775
|
-
<fingerprint pattern="
|
3775
|
+
<fingerprint pattern="(?i)^Lantronix ((MSS|SCS|LRS|ETS|EDS)\S+) (?:Version |[VB])?([^/\(\s]+)[/\(\s]?">
|
3776
3776
|
<description>Lantronix terminal server</description>
|
3777
3777
|
<example os.product="MSS100" os.family="MSS" os.version="V3.6">Lantronix MSS100 Version V3.6/9(030114)</example>
|
3778
3778
|
<example os.product="EDS8PS" os.family="EDS" os.version="4.1.0.2R17">Lantronix EDS8PS V4.1.0.2R17 (03111515KK9H)</example>
|
@@ -6264,6 +6264,22 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
6264
6264
|
<param pos="1" name="os.product"/>
|
6265
6265
|
</fingerprint>
|
6266
6266
|
|
6267
|
+
<!--======================================================================
|
6268
|
+
Server Technology
|
6269
|
+
=======================================================================-->
|
6270
|
+
|
6271
|
+
<fingerprint pattern="^(Sentry Switched (?:CDU|(?:DC )*PDU))$">
|
6272
|
+
<description>Server Technology Sentry Switched Device</description>
|
6273
|
+
<example hw.product="Sentry Switched CDU" os.product="Sentry Switched CDU Firmware">Sentry Switched CDU</example>
|
6274
|
+
<example hw.product="Sentry Switched PDU" os.product="Sentry Switched PDU Firmware">Sentry Switched PDU</example>
|
6275
|
+
<example hw.product="Sentry Switched DC PDU" os.product="Sentry Switched DC PDU Firmware">Sentry Switched DC PDU</example>
|
6276
|
+
<param pos="0" name="os.vendor" value="Server Technology"/>
|
6277
|
+
<param pos="0" name="os.product" value="{hw.product} Firmware"/>
|
6278
|
+
<param pos="0" name="hw.vendor" value="Server Technology"/>
|
6279
|
+
<param pos="1" name="hw.product"/>
|
6280
|
+
<param pos="0" name="hw.device" value="Power Device"/>
|
6281
|
+
</fingerprint>
|
6282
|
+
|
6267
6283
|
<!--======================================================================
|
6268
6284
|
SonicWall
|
6269
6285
|
=======================================================================-->
|
@@ -7489,15 +7505,20 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
7489
7505
|
</fingerprint>
|
7490
7506
|
|
7491
7507
|
<!--======================================================================
|
7492
|
-
|
7508
|
+
Zebra
|
7493
7509
|
=======================================================================-->
|
7494
7510
|
|
7495
7511
|
<fingerprint pattern="^ZebraNet PrintServer$">
|
7496
|
-
<description>ZebraNet PrintServer</description>
|
7512
|
+
<description>Zebra ZebraNet PrintServer</description>
|
7497
7513
|
<example>ZebraNet PrintServer</example>
|
7498
|
-
<param pos="0" name="os.vendor" value="
|
7499
|
-
<param pos="0" name="os.
|
7514
|
+
<param pos="0" name="os.vendor" value="Zebra"/>
|
7515
|
+
<param pos="0" name="os.family" value="ZebraNet"/>
|
7516
|
+
<param pos="0" name="os.product" value="ZebraNet PrintServer Firmware"/>
|
7500
7517
|
<param pos="0" name="os.device" value="Print Server"/>
|
7518
|
+
<param pos="0" name="hw.vendor" value="Zebra"/>
|
7519
|
+
<param pos="0" name="hw.family" value="ZebraNet"/>
|
7520
|
+
<param pos="0" name="hw.product" value="ZebraNet PrintServer"/>
|
7521
|
+
<param pos="0" name="hw.device" value="Print Server"/>
|
7501
7522
|
</fingerprint>
|
7502
7523
|
|
7503
7524
|
<!--======================================================================
|
data/recog/xml/ssh_banners.xml
CHANGED
@@ -1787,7 +1787,7 @@
|
|
1787
1787
|
<param pos="1" name="os.version"/>
|
1788
1788
|
</fingerprint>
|
1789
1789
|
|
1790
|
-
<fingerprint pattern="^([\d.]{1,8})[ _]sshlib:?
|
1790
|
+
<fingerprint pattern="(?i)^([\d.]{1,8})[ _]sshlib:? GlobalScape$">
|
1791
1791
|
<description>GlobalScape SSH (which uses Bitvise sshlib)</description>
|
1792
1792
|
<example service.component.version="1.36">1.36_sshlib GlobalSCAPE</example>
|
1793
1793
|
<example service.component.version="1.82">1.82_sshlib Globalscape</example>
|
@@ -1953,7 +1953,7 @@
|
|
1953
1953
|
<param pos="0" name="service.cpe23" value="cpe:/a:vandyke:vshell:{service.version}"/>
|
1954
1954
|
</fingerprint>
|
1955
1955
|
|
1956
|
-
<fingerprint pattern="^WRQReflection
|
1956
|
+
<fingerprint pattern="^WRQReflection[Ff]orSecureIT_(.*)$">
|
1957
1957
|
<description>Attachmate Reflection (formerly WRQ Reflection for Secure IT)</description>
|
1958
1958
|
<example service.version="6.1 Build 21">WRQReflectionForSecureIT_6.1 Build 21</example>
|
1959
1959
|
<example service.version="8.2 Build 117">WRQReflectionforSecureIT_8.2 Build 117</example>
|
data/recog/xml/tls_jarm.xml
CHANGED
@@ -4,7 +4,7 @@
|
|
4
4
|
Fingerprint based on https://github.com/salesforce/jarm
|
5
5
|
-->
|
6
6
|
|
7
|
-
<fingerprint pattern="^2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa|2ad2ad16d2ad2ad22c2ad2ad2ad2adce2e4c8c53174ecbf5529ce7584d5518
|
7
|
+
<fingerprint pattern="^(?:2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa|2ad2ad16d2ad2ad22c2ad2ad2ad2adce2e4c8c53174ecbf5529ce7584d5518|2ad2ad16d2ad2ad22c42d42d000000d342d5966a57139eeaff9f8bc4841b25)$">
|
8
8
|
<description>Tor relay</description>
|
9
9
|
<example>2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa</example>
|
10
10
|
<example>2ad2ad16d2ad2ad22c2ad2ad2ad2adce2e4c8c53174ecbf5529ce7584d5518</example>
|
@@ -14,7 +14,7 @@
|
|
14
14
|
<param pos="0" name="service.cpe23" value="cpe:/a:torproject:tor:-"/>
|
15
15
|
</fingerprint>
|
16
16
|
|
17
|
-
<fingerprint pattern="^2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d|29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5|2ad2ad0002ad2ad0002ad2ad2ad2ad5bf44aec534289dfa8e33148b66cd6c3|29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b$">
|
17
|
+
<fingerprint pattern="^(?:2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d|29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5|2ad2ad0002ad2ad0002ad2ad2ad2ad5bf44aec534289dfa8e33148b66cd6c3|29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b)$">
|
18
18
|
<description>Synology NAS DSM 6</description>
|
19
19
|
<example>29d29d15d29d29d21c29d29d29d29d10d7a07cb776562eccb97246005feba5</example>
|
20
20
|
<example>29d29d15d29d29d21c29d29d29d29de857600fcd9f89735d87c3704c4e141b</example>
|
@@ -29,7 +29,7 @@
|
|
29
29
|
<param pos="0" name="hw.device" value="NAS"/>
|
30
30
|
</fingerprint>
|
31
31
|
|
32
|
-
<fingerprint pattern="^00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64|29d29d15d29d29d00042d42d00000068f5dc63852f94da932cd6b61b1cd9e3|29d29d15d29d29d21c42d42d000000bf85d79ff39d9f5079675604a74fc04b|29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762|29d29d15d29d29d21c42d42d000000790cb01ea78cc2a73fe8428d61afc0c8$">
|
32
|
+
<fingerprint pattern="^(?:00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64|29d29d15d29d29d00042d42d00000068f5dc63852f94da932cd6b61b1cd9e3|29d29d15d29d29d21c42d42d000000bf85d79ff39d9f5079675604a74fc04b|29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762|29d29d15d29d29d21c42d42d000000790cb01ea78cc2a73fe8428d61afc0c8)$">
|
33
33
|
<description>Synology NAS DSM 7</description>
|
34
34
|
<example>00000000000000000042d42d0000009535d5979f591ae8e547c5e5743e5b64</example>
|
35
35
|
<example>29d29d15d29d29d00042d42d000000038eaaf490bec8dc33757f165ce01762</example>
|
@@ -56,7 +56,7 @@
|
|
56
56
|
<param pos="0" name="os.device" value="Router"/>
|
57
57
|
</fingerprint>
|
58
58
|
|
59
|
-
<fingerprint pattern="^07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d|07d14d16d21d21d07c42d43d000000f50d155305214cf247147c43c0f1a823|07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac|07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac|07d14d16d21d21d00007d14d07d21d0ae59125bcd90b8876b50928af8f6cd4$">
|
59
|
+
<fingerprint pattern="^(?:07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d|07d14d16d21d21d07c42d43d000000f50d155305214cf247147c43c0f1a823|07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac|07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac|07d14d16d21d21d00007d14d07d21d0ae59125bcd90b8876b50928af8f6cd4)$">
|
60
60
|
<description>Metasploit listener</description>
|
61
61
|
<example>07b08b09b21b21b07b07b08b07b21b23aeefb38b723c523befb314af6e95ac</example>
|
62
62
|
<example>07c08c09c21c21c07c07c08c07c21c23aeefb38b723c523befb314af6e95ac</example>
|
@@ -71,7 +71,7 @@
|
|
71
71
|
<!-- This fingerprint matches Java's TLS stack,
|
72
72
|
see https://blog.cobaltstrike.com/2020/12/08/a-red-teamer-plays-with-jarm/ for details -->
|
73
73
|
|
74
|
-
<fingerprint pattern="^07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1|07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2$">
|
74
|
+
<fingerprint pattern="^(?:07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1|07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2)$">
|
75
75
|
<description>Cobalt Strike listener</description>
|
76
76
|
<example>07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1</example>
|
77
77
|
<example>07d14d16d21d21d00042d41d00041de5fb3038104f457d92ba02e9311512c2</example>
|
@@ -146,7 +146,7 @@
|
|
146
146
|
<param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
|
147
147
|
</fingerprint>
|
148
148
|
|
149
|
-
<fingerprint pattern="^21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601|2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d$">
|
149
|
+
<fingerprint pattern="^(?:21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601|2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d)$">
|
150
150
|
<description>VMware ESXi</description>
|
151
151
|
<example>21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601</example>
|
152
152
|
<example>2ad2ad0002ad2ad0002ad2ad2ad2ad755a2cec4b52fb1bce1ac7f1e48c8a7d</example>
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: recog
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.0
|
4
|
+
version: 3.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rapid7 Research
|
@@ -93,7 +93,7 @@ cert_chain:
|
|
93
93
|
EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
|
94
94
|
9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
|
95
95
|
-----END CERTIFICATE-----
|
96
|
-
date:
|
96
|
+
date: 2023-03-17 00:00:00.000000000 Z
|
97
97
|
dependencies:
|
98
98
|
- !ruby/object:Gem::Dependency
|
99
99
|
name: rspec
|
metadata.gz.sig
CHANGED
Binary file
|