recog 1.0.3 → 1.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/recog_verify.rb +10 -7
- data/lib/recog/fingerprint.rb +26 -3
- data/lib/recog/version.rb +1 -1
- data/spec/lib/fingerprint_self_test_spec.rb +3 -8
- data/xml/ftp_banners.xml +6 -3
- data/xml/http_servers.xml +14 -10
- data/xml/ntp_banners.xml +10 -9
- data/xml/rsh_resp.xml +1 -1
- data/xml/smb_native_os.xml +1 -1
- data/xml/smtp_expn.xml +1 -2
- data/xml/smtp_mailfrom.xml +3 -6
- data/xml/snmp_sysdescr.xml +35 -31
- data/xml/snmp_sysobjid.xml +11 -11
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 796c259c3ef2b6768e453d45c6eafecea0d3307e
|
4
|
+
data.tar.gz: 18619b2bc105b2c9f8a607aa42b8a74cd2226416
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 262b8c5243d2700fef9809eac70e68400fb4a40a21f305e9ada37eb48faf2fe2189127d27904b8ea3f1d416c5c786adf1f2604735ed81d42be59f64710ad9316
|
7
|
+
data.tar.gz: 4cbfa966c8268210113965387576182ea7aa4a98267af5bac81b9194db89fac554882a6421b37f2c96cde466b0589ed2165fd9faf9228421214bb49834fb6a5e
|
data/bin/recog_verify.rb
CHANGED
@@ -9,7 +9,7 @@ require 'recog/verifier_factory'
|
|
9
9
|
options = OpenStruct.new(color: false, detail: false)
|
10
10
|
|
11
11
|
option_parser = OptionParser.new do |opts|
|
12
|
-
opts.banner = "Usage: #{$0} [options]
|
12
|
+
opts.banner = "Usage: #{$0} [options] XML_FINGERPRINT_FILE1 ..."
|
13
13
|
opts.separator "Verifies that each fingerprint passes its internal tests."
|
14
14
|
opts.separator ""
|
15
15
|
opts.separator "Options"
|
@@ -34,12 +34,15 @@ option_parser = OptionParser.new do |opts|
|
|
34
34
|
end
|
35
35
|
option_parser.parse!(ARGV)
|
36
36
|
|
37
|
-
if ARGV.
|
37
|
+
if ARGV.empty?
|
38
|
+
$stderr.puts 'Missing XML fingerprint files'
|
38
39
|
puts option_parser
|
39
|
-
exit
|
40
|
+
exit(1)
|
40
41
|
end
|
41
42
|
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
verifier.
|
43
|
+
ARGV.each do |file|
|
44
|
+
ndb = Recog::DB.new(file)
|
45
|
+
options.fingerprints = ndb.fingerprints
|
46
|
+
verifier = Recog::VerifierFactory.build(options)
|
47
|
+
verifier.verify_tests
|
48
|
+
end
|
data/lib/recog/fingerprint.rb
CHANGED
@@ -45,13 +45,36 @@ class Fingerprint
|
|
45
45
|
match_data = @regex.match(match_string)
|
46
46
|
return if match_data.nil?
|
47
47
|
|
48
|
+
# sanity check any positional extractions
|
49
|
+
positions = @params.values.map(&:first).map(&:to_i)
|
50
|
+
captures_size = match_data.captures.size
|
51
|
+
if @params.empty? && captures_size > 0
|
52
|
+
raise "Non-asserting fingerprint with regex #{@regex} captures #{captures_size} time(s); 0 are needed"
|
53
|
+
else
|
54
|
+
if captures_size > 0
|
55
|
+
max_pos = positions.max
|
56
|
+
# if it is actually looking to extract, ensure that there is enough to extract
|
57
|
+
if max_pos > 0 && captures_size < max_pos
|
58
|
+
raise "Regex #{@regex} only has #{captures_size} captures; cannot extract from position #{max_pos}"
|
59
|
+
end
|
60
|
+
# if there is not extraction but capturing is happening, fail since this is a waste
|
61
|
+
if captures_size > max_pos
|
62
|
+
raise "Regex #{@regex} captures #{captures_size - max_pos} too many (#{captures_size} vs #{max_pos})"
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
66
|
+
|
67
|
+
# now do extraction
|
48
68
|
result = { 'matched' => @name }
|
49
69
|
@params.each_pair do |k,v|
|
50
|
-
|
70
|
+
pos = v[0]
|
71
|
+
if pos == 0
|
51
72
|
# A match offset of 0 means this param has a hardcoded value
|
52
73
|
result[k] = v[1]
|
53
74
|
else
|
54
|
-
|
75
|
+
# A match offset other than 0 means the value should come from
|
76
|
+
# the corresponding match result index
|
77
|
+
result[k] = match_data[ pos ]
|
55
78
|
end
|
56
79
|
end
|
57
80
|
return result
|
@@ -105,7 +128,7 @@ class Fingerprint
|
|
105
128
|
# @return [String] Contents of the source XML's `description` tag
|
106
129
|
def parse_description(xml)
|
107
130
|
element = xml.xpath('description')
|
108
|
-
element.empty? ? '' : element.first.content
|
131
|
+
element.empty? ? '' : element.first.content.gsub(/[\r\n]+/, ' ').gsub(/\s{3,}/, ' ').strip
|
109
132
|
end
|
110
133
|
|
111
134
|
# @param xml [Nokogiri::XML::Element]
|
data/lib/recog/version.rb
CHANGED
@@ -17,16 +17,11 @@ describe Recog::DB do
|
|
17
17
|
|
18
18
|
context "#{fp.regex}" do
|
19
19
|
|
20
|
-
|
21
|
-
|
20
|
+
it "has a name" do
|
21
|
+
expect(fp.name).not_to be_nil
|
22
|
+
expect(fp.name).not_to be_empty
|
22
23
|
end
|
23
24
|
|
24
|
-
# Not yet enforced
|
25
|
-
# it "has a name" do
|
26
|
-
# expect(fp.name).not_to be_nil
|
27
|
-
# expect(fp.name).not_to be_empty
|
28
|
-
# end
|
29
|
-
|
30
25
|
it "has a regex" do
|
31
26
|
expect(fp.regex).not_to be_nil
|
32
27
|
expect(fp.regex.class).to be ::Regexp
|
data/xml/ftp_banners.xml
CHANGED
@@ -268,7 +268,7 @@ against these patterns to fingerprint FTP servers.
|
|
268
268
|
<param pos="1" name="os.product"/>
|
269
269
|
<param pos="2" name="os.version"/>
|
270
270
|
</fingerprint>
|
271
|
-
<fingerprint pattern="^(\S+) FTP server \(EMC-SNAS: ([^\)]+)\)(
|
271
|
+
<fingerprint pattern="^(\S+) FTP server \(EMC-SNAS: ([^\)]+)\)(?: \S+)?$">
|
272
272
|
<example>foo2 FTP server (EMC-SNAS: 5.6.47.11)</example>
|
273
273
|
<example>foo2 FTP server (EMC-SNAS: 5.6.50.203) ready.</example>
|
274
274
|
<example>foo4 FTP server (EMC-SNAS: 5.5.31.6) r</example>
|
@@ -304,6 +304,7 @@ against these patterns to fingerprint FTP servers.
|
|
304
304
|
<param pos="0" name="os.device" value="Firewall"/>
|
305
305
|
<param pos="0" name="os.family" value="Firewall-1"/>
|
306
306
|
<param pos="0" name="os.product" value="Firewall-1"/>
|
307
|
+
<param pos="1" name="host.name"/>
|
307
308
|
</fingerprint>
|
308
309
|
<fingerprint pattern="^Blue Coat FTP Service$">
|
309
310
|
<example>Blue Coat FTP Service</example>
|
@@ -355,6 +356,7 @@ against these patterns to fingerprint FTP servers.
|
|
355
356
|
<param pos="0" name="os.vendor" value="D-Link"/>
|
356
357
|
<param pos="0" name="os.product" value="DCS-2100"/>
|
357
358
|
<param pos="0" name="os.device" value="Web cam"/>
|
359
|
+
<param pos="1" name="host.name"/>
|
358
360
|
</fingerprint>
|
359
361
|
<fingerprint pattern="^Secure Gateway FTP server ready\.$">
|
360
362
|
<example>Secure Gateway FTP server ready.</example>
|
@@ -372,8 +374,8 @@ against these patterns to fingerprint FTP servers.
|
|
372
374
|
<param pos="1" name="os.product"/>
|
373
375
|
<param pos="0" name="os.device" value="Storage"/>
|
374
376
|
</fingerprint>
|
375
|
-
<fingerprint pattern="^AXIS (\S+) (?:Network( Fixed Dome)? Camera) ([\d\.]+) .* ready\.?$" flags="REG_ICASE">
|
376
|
-
<example>Axis 2100 Network Camera 2.43 Nov 04 2008 ready.</example>
|
377
|
+
<fingerprint pattern="^AXIS (\S+) (?:Network(?: Fixed Dome)? Camera) ([\d\.]+) .* ready\.?$" flags="REG_ICASE">
|
378
|
+
<example os.product="2100" os.version="2.43">Axis 2100 Network Camera 2.43 Nov 04 2008 ready.</example>
|
377
379
|
<example>AXIS 207 Network Camera 4.40.1 (Apr 16 2007) ready.</example>
|
378
380
|
<example>AXIS 216FD Network Fixed Dome Camera 4.47 (Mar 13 2008) ready.</example>
|
379
381
|
<description>Axis Network Camera</description>
|
@@ -556,6 +558,7 @@ against these patterns to fingerprint FTP servers.
|
|
556
558
|
<param pos="0" name="os.family" value="LinkCom Xpress"/>
|
557
559
|
<param pos="0" name="os.device" value="Print server"/>
|
558
560
|
<param pos="1" name="os.product"/>
|
561
|
+
<param pos="2" name="os.version"/>
|
559
562
|
</fingerprint>
|
560
563
|
<fingerprint pattern="^LinkCom Xpress (.*)$" certainty="1.0">
|
561
564
|
<description>MPI Technologies Linkcom Express FTP Server</description>
|
data/xml/http_servers.xml
CHANGED
@@ -1728,7 +1728,7 @@
|
|
1728
1728
|
<param pos="1" name="service.version"/>
|
1729
1729
|
</fingerprint>
|
1730
1730
|
|
1731
|
-
<fingerprint pattern="^Apache Tomcat/(\d\.[\d.]+)(
|
1731
|
+
<fingerprint pattern="^Apache Tomcat/(\d\.[\d.]+)(?:-LE-jdk14)? \(HTTP/1.1 Connector\)$">
|
1732
1732
|
<example>Apache Tomcat/4.0.6 (HTTP/1.1 Connector)</example>
|
1733
1733
|
<example>Apache Tomcat/4.1.12 (HTTP/1.1 Connector)</example>
|
1734
1734
|
<example>Apache Tomcat/4.1.27-LE-jdk14 (HTTP/1.1 Connector)</example>
|
@@ -2009,6 +2009,7 @@
|
|
2009
2009
|
<param pos="0" name="os.device" value="General"/>
|
2010
2010
|
<param pos="0" name="os.family" value="OS/400"/>
|
2011
2011
|
<param pos="0" name="os.product" value="OS/400"/>
|
2012
|
+
<param pos="1" name="os.version"/>
|
2012
2013
|
</fingerprint>
|
2013
2014
|
|
2014
2015
|
<fingerprint pattern="^(?:IBM_HTTP_Server|IBM_HTTP_SERVER)/([\w.-]+)\s+Apache/([12][\d.]+)\s*(.*)$">
|
@@ -2116,7 +2117,7 @@
|
|
2116
2117
|
<param pos="1" name="service.version"/>
|
2117
2118
|
</fingerprint>
|
2118
2119
|
|
2119
|
-
<fingerprint pattern="^(?:Sun-Java-System-Web-Server|Sun-ONE-Web-Server)/(
|
2120
|
+
<fingerprint pattern="^(?:Sun-Java-System-Web-Server|Sun-ONE-Web-Server)/(?:\d\.[\d_]+)$">
|
2120
2121
|
<example>Sun-Java-System-Web-Server/7.0</example>
|
2121
2122
|
<example>Sun-ONE-Web-Server/6.1</example>
|
2122
2123
|
<description>Sun Java System Web Server (formerly Netscape Enterprise Server, iPlanet Web
|
@@ -2174,7 +2175,7 @@
|
|
2174
2175
|
<param pos="1" name="service.version"/>
|
2175
2176
|
</fingerprint>
|
2176
2177
|
|
2177
|
-
<fingerprint pattern="^Sun-Java-System-Web-Proxy-Server/(4\.\d+)$">
|
2178
|
+
<fingerprint pattern="^Sun-Java-System-Web-Proxy-Server/(?:4\.\d+)$">
|
2178
2179
|
<!-- Some 4.x versions only return a partial version number (4.x instead of 4.x.x). -->
|
2179
2180
|
<example>Sun-Java-System-Web-Proxy-Server/4.0</example>
|
2180
2181
|
<description>Sun Java System Web Proxy Server (formerly iPlanet WebProxy Server,
|
@@ -2185,7 +2186,7 @@
|
|
2185
2186
|
<!-- don't specify the version as it is only partially known -->
|
2186
2187
|
</fingerprint>
|
2187
2188
|
|
2188
|
-
<fingerprint pattern="^Sun-ILOM-Web-Server/(
|
2189
|
+
<fingerprint pattern="^Sun-ILOM-Web-Server/(?:\d\.[\d._]+)$">
|
2189
2190
|
<example>Sun-ILOM-Web-Server/1.0</example>
|
2190
2191
|
<description>Sun Integrated Lights Out Manager (ILOM) usually
|
2191
2192
|
bundled with Sun Fire servers</description>
|
@@ -2322,7 +2323,7 @@
|
|
2322
2323
|
<param pos="0" name="service.family" value="Lotus Domino"/>
|
2323
2324
|
</fingerprint>
|
2324
2325
|
|
2325
|
-
<fingerprint pattern="^Lotus(?:-Domino)?/(?:Release-?)?([4-7][\d.]+)\s*(
|
2326
|
+
<fingerprint pattern="^Lotus(?:-Domino)?/(?:Release-?)?([4-7][\d.]+)\s*(?:.*)$">
|
2326
2327
|
<example>Lotus-Domino/5.0.8</example>
|
2327
2328
|
<example>Lotus-Domino/Release-4.6.7(Intl)</example>
|
2328
2329
|
<description>IBM Lotus Notes/Domino with version info</description>
|
@@ -2332,7 +2333,7 @@
|
|
2332
2333
|
<param pos="1" name="service.version"/>
|
2333
2334
|
</fingerprint>
|
2334
2335
|
|
2335
|
-
<fingerprint pattern="^WebLogic (?:WebLogic )?Server (\d+\.\d+(
|
2336
|
+
<fingerprint pattern="^WebLogic (?:WebLogic )?Server (\d+\.\d+(?:\s+SP\d+)?)\s+.*$">
|
2336
2337
|
<example>WebLogic Server 8.1 SP3 Tue Jun 29 23:11:19 PDT 2004 404973</example>
|
2337
2338
|
<example>WebLogic Server 7.0 SP4 Tue Aug 12 11:22:26 PDT 2003</example>
|
2338
2339
|
<example>WebLogic WebLogic Server 6.1 SP4 11/08/2002 21:50:43 #221641</example>
|
@@ -2379,7 +2380,7 @@
|
|
2379
2380
|
<param pos="0" name="os.product" value="Windows"/>
|
2380
2381
|
</fingerprint>
|
2381
2382
|
|
2382
|
-
<fingerprint pattern="^Abyss/(\d\.[\d.]+)-X1-Win32 AbyssLib/(
|
2383
|
+
<fingerprint pattern="^Abyss/(\d\.[\d.]+)-X1-Win32 AbyssLib/(?:\d\.[\d.]+)$">
|
2383
2384
|
<example>Abyss/2.0.0.20-X1-Win32 AbyssLib/2.0.0.20</example>
|
2384
2385
|
<example>Abyss/2.3.2-X1-Win32 AbyssLib/2.3.2</example>
|
2385
2386
|
<description>Aprelium Technologies Abyss Web Server X1
|
@@ -2608,6 +2609,7 @@
|
|
2608
2609
|
<param pos="0" name="service.vendor" value="HP"/>
|
2609
2610
|
<param pos="0" name="service.product" value="JetDirect"/>
|
2610
2611
|
<param pos="0" name="service.family" value="JetDirect"/>
|
2612
|
+
<param pos="1" name="service.version"/>
|
2611
2613
|
<param pos="0" name="os.vendor" value="HP"/>
|
2612
2614
|
<param pos="0" name="os.device" value="Printer"/>
|
2613
2615
|
<param pos="0" name="os.family" value="JetDirect"/>
|
@@ -2794,6 +2796,7 @@
|
|
2794
2796
|
<param pos="0" name="os.family" value="Raptor"/>
|
2795
2797
|
<param pos="0" name="os.device" value="Firewall"/>
|
2796
2798
|
<param pos="0" name="os.product" value="Raptor"/>
|
2799
|
+
<param pos="1" name="os.version"/>
|
2797
2800
|
</fingerprint>
|
2798
2801
|
|
2799
2802
|
<fingerprint pattern="^NS_(\d\.\d)$">
|
@@ -2873,7 +2876,7 @@
|
|
2873
2876
|
<param pos="0" name="os.product" value="Linux"/>
|
2874
2877
|
</fingerprint>
|
2875
2878
|
|
2876
|
-
<fingerprint pattern="^RealVNC/(
|
2879
|
+
<fingerprint pattern="^RealVNC/(?:\S+)$">
|
2877
2880
|
<description>RealVNC built-in webserver</description>
|
2878
2881
|
<example>RealVNC/4.0</example>
|
2879
2882
|
<param pos="0" name="service.vendor" value="RealVNC Ltd."/>
|
@@ -3266,7 +3269,7 @@
|
|
3266
3269
|
</fingerprint>
|
3267
3270
|
|
3268
3271
|
<!-- Hikvision is OEMd by a number of DVR manufacturers -->
|
3269
|
-
<fingerprint pattern="^(Hikvision|DVRDVS)-Webs$">
|
3272
|
+
<fingerprint pattern="^(?:Hikvision|DVRDVS)-Webs$">
|
3270
3273
|
<description>Web server found on DVR and webcam servers sourced from Hikvision</description>
|
3271
3274
|
<example>Hikvision-Webs</example>
|
3272
3275
|
<example>DVRDVS-Webs</example>
|
@@ -3282,6 +3285,7 @@
|
|
3282
3285
|
<example>NET-DK 1.1</example>
|
3283
3286
|
<param pos="0" name="service.vendor" value="ARRIS"/>
|
3284
3287
|
<param pos="0" name="service.product" value="Net-DK Web Server"/>
|
3288
|
+
<param pos="1" name="service.version"/>
|
3285
3289
|
<param pos="0" name="os.vendor" value="ARRIS"/>
|
3286
3290
|
<param pos="0" name="os.device" value="Cable Modem"/>
|
3287
3291
|
</fingerprint>
|
@@ -3302,7 +3306,7 @@
|
|
3302
3306
|
assert nothing.</description>
|
3303
3307
|
</fingerprint>
|
3304
3308
|
|
3305
|
-
<fingerprint pattern="^Web-Server/(
|
3309
|
+
<fingerprint pattern="^Web-Server/(?:\d+\.+\d+)$">
|
3306
3310
|
<example>Web-Server/3.0</example>
|
3307
3311
|
<!-- Hard to be sure with such a generic name, but I
|
3308
3312
|
suspect this server has been obfuscated. -->
|
data/xml/ntp_banners.xml
CHANGED
@@ -139,7 +139,7 @@ NTP "banners", taken from a readvar response
|
|
139
139
|
</fingerprint>
|
140
140
|
<fingerprint pattern="^.*version="ntpd ([^ ]+)[^"]+",.*processor="([^"]+)",.*system="Darwin/?6\.([^"]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
141
141
|
<description>ntpd running on Mac OSX 10.2/Jaguar</description>
|
142
|
-
<example service.version="4.1.1@1.786" os.version
|
142
|
+
<example service.version="4.1.1@1.786" os.version.version="8">
|
143
143
|
version="ntpd 4.1.1@1.786 Tue Nov 12 09:30:41 PST 2002 (1)", processor="Power Macintosh", system="Darwin6.8",
|
144
144
|
</example>
|
145
145
|
<param pos="0" name="service.family" value="NTP"/>
|
@@ -224,7 +224,7 @@ NTP "banners", taken from a readvar response
|
|
224
224
|
</fingerprint>
|
225
225
|
<fingerprint pattern="^.*processor="([^"]+)".*system="BSD/OS([\d.]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
226
226
|
<description>BSD/OS with a version and arch</description>
|
227
|
-
<example os.arch="i386" os.
|
227
|
+
<example os.arch="i386" os.version="4.3.1">
|
228
228
|
processor="i386", system="BSD/OS4.3.1", leap=0, stratum=2
|
229
229
|
</example>
|
230
230
|
<param pos="0" name="os.vendor" value="Berkeley Software Design Inc."/>
|
@@ -418,6 +418,7 @@ NTP "banners", taken from a readvar response
|
|
418
418
|
<param pos="0" name="os.vendor" value="Sun"/>
|
419
419
|
<param pos="0" name="os.family" value="Solaris"/>
|
420
420
|
<param pos="0" name="os.product" value="Solaris"/>
|
421
|
+
<param pos="1" name="os.version"/>
|
421
422
|
</fingerprint>
|
422
423
|
<fingerprint pattern="^.*version="ntpd ([^ ]+)[^"]+",.*processor="([^ ]+)",.*system="JUNOS/?([^ ]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
423
424
|
<description>ntpd running on Juniper/Netscreen JunOS</description>
|
@@ -436,14 +437,14 @@ NTP "banners", taken from a readvar response
|
|
436
437
|
</fingerprint>
|
437
438
|
<fingerprint pattern="processor="([^ ]+)",.*system="JUNOS/?([^ ]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
438
439
|
<description>Juniper/Netscreen JunOS NTP without a version</description>
|
439
|
-
<example>processor="i386", system="JUNOS7.0R2.7", leap=0, stratum=3</example>
|
440
|
-
<example>processor="i386", system="JUNOS6.4R1.6", leap=3, stratum=16</example>
|
441
|
-
<example>processor="i386", system="JUNOS5.5R2.3", leap=0, stratum=3</example>
|
440
|
+
<example os.arch="i386" os.version="7.0R2.7">processor="i386", system="JUNOS7.0R2.7", leap=0, stratum=3</example>
|
441
|
+
<example os.arch="i386" os.version="6.4R1.6">processor="i386", system="JUNOS6.4R1.6", leap=3, stratum=16</example>
|
442
|
+
<example os.arch="i386" os.version="5.5R2.3">processor="i386", system="JUNOS5.5R2.3", leap=0, stratum=3</example>
|
442
443
|
<param pos="0" name="os.vendor" value="Juniper"/>
|
443
444
|
<param pos="0" name="os.family" value="Junos"/>
|
444
445
|
<param pos="0" name="os.product" value="Junos OS"/>
|
445
|
-
<param pos="
|
446
|
-
<param pos="
|
446
|
+
<param pos="1" name="os.arch"/>
|
447
|
+
<param pos="2" name="os.version"/>
|
447
448
|
</fingerprint>
|
448
449
|
<fingerprint pattern="^.*version="ntpd ([^ ]+)[^"]+",.*processor="([^ ]+)",.*system="Windows/?([^ ]+)?"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
449
450
|
<description>ntpd running on Windows</description>
|
@@ -640,7 +641,7 @@ NTP "banners", taken from a readvar response
|
|
640
641
|
<param pos="0" name="os.product" value="VxWorks"/>
|
641
642
|
<param pos="0" name="os.arch" value="i386"/>
|
642
643
|
</fingerprint>
|
643
|
-
<fingerprint pattern="system="UNIX/
|
644
|
+
<fingerprint pattern="system="UNIX/Unixware([^ ]+)"" flags="REG_ICASE">
|
644
645
|
<description>SCO Unixware NTP</description>
|
645
646
|
<example>
|
646
647
|
system="UNIX/Unixware2", leap=3, stratum=16, rootdelay=0.00,
|
@@ -652,7 +653,7 @@ NTP "banners", taken from a readvar response
|
|
652
653
|
<param pos="0" name="os.vendor" value="SCO"/>
|
653
654
|
<param pos="1" name="os.product"/>
|
654
655
|
</fingerprint>
|
655
|
-
<fingerprint pattern="^.*processor="([^"]+)", system="SCO_SV([\d\.]+)"" flags="REG_ICASE">
|
656
|
+
<fingerprint pattern="^.*processor="([^"]+)", system="SCO_SV([\d\.]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
656
657
|
<description>SCO Unixware NTP</description>
|
657
658
|
<example os.version="3.2" os.arch="i386">
|
658
659
|
processor="i386", system="SCO_SV3.2", leap=0, stratum=2, precision=-18
|
data/xml/rsh_resp.xml
CHANGED
@@ -75,7 +75,7 @@ Rservices responses to requests are matched against these patterns to fingerprin
|
|
75
75
|
<param pos="0" name="os.product" value="AIX"/>
|
76
76
|
</fingerprint>
|
77
77
|
|
78
|
-
<fingerprint pattern="^.remshd: (getservbyname.+|Kerberos Authentication not enabled\..+|Error! Kerberos authentication failed)$" flags="REG_DOT_NEWLINE">
|
78
|
+
<fingerprint pattern="^.remshd: (?:getservbyname.+|Kerberos Authentication not enabled\..+|Error! Kerberos authentication failed)$" flags="REG_DOT_NEWLINE">
|
79
79
|
<example>xremshd: getservbyname
|
80
80
|
</example>
|
81
81
|
<example>xremshd: Kerberos Authentication not enabled.
|
data/xml/smb_native_os.xml
CHANGED
@@ -14,7 +14,7 @@
|
|
14
14
|
<param pos="1" name="os.product"/>
|
15
15
|
</fingerprint>
|
16
16
|
|
17
|
-
<fingerprint pattern="^(Windows (95|98|ME))$">
|
17
|
+
<fingerprint pattern="^(Windows (?:95|98|ME))$">
|
18
18
|
<description>Windows 95/98/ME</description>
|
19
19
|
<example os.product="Windows 95">Windows 95</example>
|
20
20
|
<example os.product="Windows 98">Windows 98</example>
|
data/xml/smtp_expn.xml
CHANGED
@@ -38,8 +38,7 @@ See comment at the top of smtp_banners.xml for additional info.
|
|
38
38
|
</fingerprint>
|
39
39
|
|
40
40
|
<fingerprint pattern="^500[ -]Don't you wish! *$">
|
41
|
-
|
42
|
-
</description>
|
41
|
+
<description>GNAT box SMTP</description>
|
43
42
|
<param pos="0" name="service.vendor" value="Global Technology Associates"/>
|
44
43
|
<param pos="0" name="service.family" value="GNAT Box"/>
|
45
44
|
<param pos="0" name="service.product" value="GNAT Box"/>
|
data/xml/smtp_mailfrom.xml
CHANGED
@@ -5,18 +5,15 @@ This file is currently unused.
|
|
5
5
|
|
6
6
|
<fingerprints>
|
7
7
|
<fingerprint pattern="250 .* is syntactically correct *">
|
8
|
-
|
9
|
-
|
10
|
-
example: 250 <nosuchuser@rapid7.com> is syntactically correct
|
11
|
-
</description>
|
8
|
+
<description>exim</description>
|
9
|
+
<example>250 <nosuchuser@rapid7.com> is syntactically correct</example>
|
12
10
|
<param pos="0" name="service.vendor" value="exim"/>
|
13
11
|
<param pos="0" name="service.family" value="exim"/>
|
14
12
|
<param pos="0" name="service.product" value="exim"/>
|
15
13
|
</fingerprint>
|
16
14
|
|
17
15
|
<fingerprint pattern="501[ -]System error\. *">
|
18
|
-
|
19
|
-
</description>
|
16
|
+
<description>GNAT Box SMTP</description>
|
20
17
|
<param pos="0" name="service.vendor" value="Global Technology Associates"/>
|
21
18
|
<param pos="0" name="service.family" value="GNAT Box"/>
|
22
19
|
<param pos="0" name="service.product" value="GNAT Box"/>
|
data/xml/snmp_sysdescr.xml
CHANGED
@@ -41,9 +41,9 @@
|
|
41
41
|
<param pos="2" name="os.version"/>
|
42
42
|
</fingerprint>
|
43
43
|
|
44
|
-
<fingerprint pattern="^3COM: (AP\S+): .*11.*Access Point, Software v(\S+), Bootrom v
|
44
|
+
<fingerprint pattern="^3COM: (AP\S+): .*11.*Access Point, Software v(\S+), Bootrom v\S+, Hardware \S+$">
|
45
45
|
<description>3COM WAP</description>
|
46
|
-
<example>3COM: AP8760: Dual Radio 11a/b/g Access Point, Software v2.1.13b05_sh, Bootrom v1.2.1, Hardware R02</example>
|
46
|
+
<example os.product="AP8760" os.version="2.1.13b05_sh">3COM: AP8760: Dual Radio 11a/b/g Access Point, Software v2.1.13b05_sh, Bootrom v1.2.1, Hardware R02</example>
|
47
47
|
<param pos="0" name="os.vendor" value="3Com"/>
|
48
48
|
<param pos="0" name="os.family" value="Access Point"/>
|
49
49
|
<param pos="0" name="os.device" value="WAP"/>
|
@@ -411,7 +411,7 @@
|
|
411
411
|
<param pos="2" name="os.version"/>
|
412
412
|
</fingerprint>
|
413
413
|
|
414
|
-
<fingerprint pattern="^3Com (.*Switch.*) \d+-Port.*Software Version (\d\..*(Release|Feature).*)$">
|
414
|
+
<fingerprint pattern="^3Com (.*Switch.*) \d+-Port.*Software Version (\d\..*(?:Release|Feature).*)$">
|
415
415
|
<description>3COM Switch</description>
|
416
416
|
<example>3Com Switch 4210 18-Port Software Version 3.10 Release 2212P01</example>
|
417
417
|
<example>3Com Switch 4210 26-Port Software Version 3.10 Release 2212</example>
|
@@ -461,7 +461,7 @@
|
|
461
461
|
ADTRAN
|
462
462
|
=======================================================================-->
|
463
463
|
|
464
|
-
<fingerprint pattern="^ADTRAN (MX\d+( \S+)?( \S+)?)$" flags="REG_ICASE">
|
464
|
+
<fingerprint pattern="^ADTRAN (MX\d+(?: \S+)?(?: \S+)?)$" flags="REG_ICASE">
|
465
465
|
<description>ADTRAN Multiplexer</description>
|
466
466
|
<example>ADTRAN MX2820 Multiplexer</example>
|
467
467
|
<example>ADTRAN MX2800 DS3 Multiplexer</example>
|
@@ -492,13 +492,11 @@
|
|
492
492
|
<param pos="1" name="os.product"/>
|
493
493
|
</fingerprint>
|
494
494
|
|
495
|
-
<fingerprint pattern="^ADTRAN (TA\S+( \S+)?( \S+)?)$" flags="REG_ICASE">
|
495
|
+
<fingerprint pattern="^ADTRAN (TA\S+(?: \S+)?(?: \S+)?)$" flags="REG_ICASE">
|
496
496
|
<description>ADTRAN TotalAccess</description>
|
497
|
-
<example>ADTRAN TA1448S-CE</example>
|
498
|
-
<example>Adtran TA1124</example>
|
499
|
-
<example>Adtran TA1148</example>
|
500
|
-
<example>Adtran TA1224</example>
|
501
|
-
<example>Adtran TA1248</example>
|
497
|
+
<example os.product="TA1448S-CE">ADTRAN TA1448S-CE</example>
|
498
|
+
<example os.product="TA1124">Adtran TA1124</example>
|
499
|
+
<example os.product="TA1148">Adtran TA1148</example>
|
502
500
|
<param pos="0" name="os.device" value="Media Gateway"/>
|
503
501
|
<param pos="0" name="os.vendor" value="ADTRAN"/>
|
504
502
|
<param pos="0" name="os.family" value="Total Access"/>
|
@@ -710,7 +708,7 @@
|
|
710
708
|
|
711
709
|
<fingerprint pattern="^Apple Base Station V([^\s]+) Compatible$">
|
712
710
|
<description>Apple Airport base station</description>
|
713
|
-
<example>Apple Base Station V3.84 Compatible</example>
|
711
|
+
<example os.version="3.84">Apple Base Station V3.84 Compatible</example>
|
714
712
|
<param pos="0" name="os.vendor" value="Apple"/>
|
715
713
|
<param pos="0" name="os.family" value="Airport"/>
|
716
714
|
<param pos="0" name="os.product" value="Base Station"/>
|
@@ -718,7 +716,7 @@
|
|
718
716
|
<param pos="1" name="os.version"/>
|
719
717
|
</fingerprint>
|
720
718
|
|
721
|
-
<fingerprint pattern="^Apple AirPort - Apple (Inc\.|Computer).*$">
|
719
|
+
<fingerprint pattern="^Apple AirPort - Apple (?:Inc\.|Computer).*$">
|
722
720
|
<description>Apple Airport Extreme</description>
|
723
721
|
<example>Apple AirPort - Apple Inc., 2006-2009. All rights Reserved.</example>
|
724
722
|
<example>Apple AirPort - Apple Computer, 2006. All rights Reserved</example>
|
@@ -1108,6 +1106,7 @@
|
|
1108
1106
|
<param pos="0" name="os.vendor" value="Brother"/>
|
1109
1107
|
<param pos="0" name="os.product" value="Unknown"/>
|
1110
1108
|
<param pos="0" name="os.device" value="Printer"/>
|
1109
|
+
<param pos="1" name="os.version"/>
|
1111
1110
|
</fingerprint>
|
1112
1111
|
|
1113
1112
|
<fingerprint pattern="^Brother (NC-\d+\S+),\s*Firmware Ver\.\s?([^\s,]+).*">
|
@@ -1254,7 +1253,7 @@
|
|
1254
1253
|
CANON
|
1255
1254
|
=======================================================================-->
|
1256
1255
|
|
1257
|
-
<fingerprint pattern="^Canon (iR ?\S+( [A-Z0-9]\S+)?)(?: /P)?(?: EEPROM \S+)?$">
|
1256
|
+
<fingerprint pattern="^Canon (iR ?\S+(?: [A-Z0-9]\S+)?)(?: /P)?(?: EEPROM \S+)?$">
|
1258
1257
|
<description>Canon iR multifunction device</description>
|
1259
1258
|
<example>Canon iR C3220-C1 /P</example>
|
1260
1259
|
<example>Canon iR105PLUS-M3 /P</example>
|
@@ -1283,7 +1282,7 @@
|
|
1283
1282
|
<param pos="1" name="os.product"/>
|
1284
1283
|
</fingerprint>
|
1285
1284
|
|
1286
|
-
<fingerprint pattern="^Canon (iPR ?\S+( [A-Z0-9]\S+)?)(?: /P)?(?: EEPROM \S+)?$">
|
1285
|
+
<fingerprint pattern="^Canon (iPR ?\S+(?: [A-Z0-9]\S+)?)(?: /P)?(?: EEPROM \S+)?$">
|
1287
1286
|
<description>Canon iPR multifunction device</description>
|
1288
1287
|
<example>Canon iPR C1 /P</example>
|
1289
1288
|
<example>Canon iPR C1-Q1 /P</example>
|
@@ -1494,6 +1493,7 @@
|
|
1494
1493
|
<param pos="0" name="os.device" value="Switch"/>
|
1495
1494
|
<param pos="0" name="os.family" value="Packet-Optical"/>
|
1496
1495
|
<param pos="1" name="os.product"/>
|
1496
|
+
<param pos="2" name="os.version"/>
|
1497
1497
|
</fingerprint>
|
1498
1498
|
|
1499
1499
|
|
@@ -1828,7 +1828,7 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
1828
1828
|
</fingerprint>
|
1829
1829
|
|
1830
1830
|
|
1831
|
-
<fingerprint pattern="^Datamax (Printer|.*Print Server).*$">
|
1831
|
+
<fingerprint pattern="^Datamax (?:Printer|.*Print Server).*$">
|
1832
1832
|
<description>Datamax printer</description>
|
1833
1833
|
<example>Datamax DMXrfNet Print Server compatible with an HP JETDIRECT EX</example>
|
1834
1834
|
<example>Datamax Printer</example>
|
@@ -1916,7 +1916,7 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
1916
1916
|
<param pos="2" name="os.version"/>
|
1917
1917
|
</fingerprint>
|
1918
1918
|
|
1919
|
-
<fingerprint pattern="^Dell (\S+)(?: Mono)? Laser Printer(?:;| version)
|
1919
|
+
<fingerprint pattern="^Dell (\S+)(?: Mono)? Laser Printer(?:;| version) \S+;?.*$">
|
1920
1920
|
<description>Dell Laser Printer</description>
|
1921
1921
|
<example>Dell 2330dn Laser Printer version NR.APS.N449 kernel 2.6.18.5 All-N-1</example>
|
1922
1922
|
<example>Dell 2350dn Laser Printer version NR.APS.N449 kernel 2.6.18.5 All-N-1</example>
|
@@ -2223,7 +2223,7 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
2223
2223
|
<param pos="1" name="os.product"/>
|
2224
2224
|
</fingerprint>
|
2225
2225
|
|
2226
|
-
<fingerprint pattern="^EPSON (Internal .* Scanning Card|Network Image Express|Network Scanning Box)$">
|
2226
|
+
<fingerprint pattern="^EPSON (?:Internal .* Scanning Card|Network Image Express|Network Scanning Box)$">
|
2227
2227
|
<description>Epson Network Scanner</description>
|
2228
2228
|
<example>EPSON Internal 10Base-T/100Base-TX Scanning Card</example>
|
2229
2229
|
<example>EPSON Network Image Express</example>
|
@@ -2233,7 +2233,7 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
2233
2233
|
<param pos="0" name="os.product" value="Network Scanner"/>
|
2234
2234
|
</fingerprint>
|
2235
2235
|
|
2236
|
-
<fingerprint pattern="^EPSON UIB
|
2236
|
+
<fingerprint pattern="^EPSON UIB \S+ Ethernet Interface Card$">
|
2237
2237
|
<description>Epson Network Printer</description>
|
2238
2238
|
<example>EPSON UIB 10/100Base-T Ethernet Interface Card</example>
|
2239
2239
|
<example>EPSON UIB 10Base Ethernet Interface Card</example>
|
@@ -2410,7 +2410,7 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
2410
2410
|
<param pos="2" name="os.version"/>
|
2411
2411
|
</fingerprint>
|
2412
2412
|
|
2413
|
-
<fingerprint pattern="^Foundry AP:
|
2413
|
+
<fingerprint pattern="^Foundry AP: \S+ v(\S+)$">
|
2414
2414
|
<description>Foundry Networks APs</description>
|
2415
2415
|
<example>Foundry AP: 01.03.04Tw8 v2.0.0</example>
|
2416
2416
|
<example>Foundry AP: 01.03.05Tw8 v3.0.4</example>
|
@@ -2576,12 +2576,9 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
2576
2576
|
<param pos="2" name="os.version"/>
|
2577
2577
|
</fingerprint>
|
2578
2578
|
|
2579
|
-
<fingerprint pattern="^(\S+) (.*?) (HP|Compaq) Tru64 UNIX V(\S+) \(Rev\. ([^\)]+)\).*TCP/IP$">
|
2579
|
+
<fingerprint pattern="^(\S+) (.*?) (?:HP|Compaq) Tru64 UNIX V(\S+) \(Rev\. ([^\)]+)\).*TCP/IP$">
|
2580
2580
|
<description>Digital/Compaq/HP Tru64 Unix</description>
|
2581
|
-
<example>was1 AlphaServer DS10 466 MHz Compaq Tru64 UNIX V5.1B (Rev. 2650); Wed Feb 25 13:29:07 KST 2004 TCP/IP</example>
|
2582
|
-
<example>wessex.eas.usdfa.ca COMPAQ AlphaServer DS10 617 MHz Compaq Tru64 UNIX V5.1A (Rev. 1885); Thu Nov 29 14:55:23 GMT 2001 TCP/IP</example>
|
2583
|
-
<example>whizbang.geog.usdf.edu COMPAQ Professional Workstation XP1000 Compaq Tru64 UNIX V5.0A (Rev. 1094); Thu Sep 23 11:58:27 PDT 2004 TCP/IP</example>
|
2584
|
-
<example>xian AlphaServer DS25 Compaq Tru64 UNIX V5.1B (Rev. 2650); Tue Mar 23 13:46:38 CST 2004 TCP/IP</example>
|
2581
|
+
<example host.name="was1" hw.product="AlphaServer DS10 466 MHz" os.version="5.1B" os.version.version="2650">was1 AlphaServer DS10 466 MHz Compaq Tru64 UNIX V5.1B (Rev. 2650); Wed Feb 25 13:29:07 KST 2004 TCP/IP</example>
|
2585
2582
|
<param pos="0" name="os.vendor" value="HP"/>
|
2586
2583
|
<param pos="0" name="os.family" value="Unix"/>
|
2587
2584
|
<param pos="0" name="os.product" value="Tru64 Unix"/>
|
@@ -2680,7 +2677,7 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
2680
2677
|
|
2681
2678
|
<fingerprint pattern="^HP Series Router (\S+) HP Comware Platform Software Comware Software Version ([^\s,]+)[,\s]\s*Release ([^,\s]+)?[,\s].*Copyright.*$">
|
2682
2679
|
<description>HP Comware</description>
|
2683
|
-
<example>HP Series Router A-MSR20-40 HP Comware Platform Software Comware Software Version 5.20, Release 2209P15, Standard Copyright(c) 2010-2012 Hewlett-Packard Development Company, L.P.</example>
|
2680
|
+
<example hw.product="A-MSR20-40" os.product="A-MSR20-40" os.version="5.20" os.version.version="2209P15">HP Series Router A-MSR20-40 HP Comware Platform Software Comware Software Version 5.20, Release 2209P15, Standard Copyright(c) 2010-2012 Hewlett-Packard Development Company, L.P.</example>
|
2684
2681
|
<example>HP Series Router A-MSR30-20 HP Comware Platform Software Comware Software Version 5.20, Release 2207P41, Standard Copyright(c) 2010 Hewlett-Packard Development Company, L.P.</example>
|
2685
2682
|
<example>HP Series Router A-MSR900 HP Comware Platform Software Comware Software Version 5.20, Release 2207P41 Copyright(c) 2010 Hewlett-Packard Development Company, L.P.</example>
|
2686
2683
|
<param pos="0" name="os.vendor" value="HP"/>
|
@@ -2694,11 +2691,12 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
2694
2691
|
|
2695
2692
|
<fingerprint pattern="^HP Series Router (\S+) HP Comware Platform Software Comware Software Version ([^,]+), (\S+) Copyright.*$">
|
2696
2693
|
<description>HP Comware</description>
|
2697
|
-
<example>HP Series Router A-MSR20-40 HP Comware Platform Software Comware Software Version 5.20, T2207L16 Copyright(c) 2010-2011 Hewlett-Packard Development Company, L.P.</example>
|
2694
|
+
<example os.product="A-MSR20-40" hw.product="A-MSR20-40" os.version="5.20" os.version.version="T2207L16">HP Series Router A-MSR20-40 HP Comware Platform Software Comware Software Version 5.20, T2207L16 Copyright(c) 2010-2011 Hewlett-Packard Development Company, L.P.</example>
|
2698
2695
|
<param pos="0" name="os.vendor" value="HP"/>
|
2699
2696
|
<param pos="0" name="os.device" value="Router"/>
|
2700
2697
|
<param pos="0" name="os.family" value="Comware"/>
|
2701
2698
|
<param pos="2" name="os.version"/>
|
2699
|
+
<param pos="3" name="os.version.version"/>
|
2702
2700
|
<param pos="1" name="os.product"/>
|
2703
2701
|
<param pos="1" name="hw.product"/>
|
2704
2702
|
</fingerprint>
|
@@ -4324,6 +4322,7 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
4324
4322
|
<param pos="0" name="os.device" value="Terminal Server"/>
|
4325
4323
|
<param pos="1" name="os.product"/>
|
4326
4324
|
<param pos="2" name="os.family"/>
|
4325
|
+
<param pos="3" name="os.version"/>
|
4327
4326
|
</fingerprint>
|
4328
4327
|
|
4329
4328
|
<fingerprint pattern="^Lantronix Inc\. - (Modbus Bridge)$">
|
@@ -5608,9 +5607,9 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
5608
5607
|
<param pos="2" name="os.version.version.version"/>
|
5609
5608
|
</fingerprint>
|
5610
5609
|
|
5611
|
-
<fingerprint pattern="^Nortel Application Switch (\S+)(
|
5610
|
+
<fingerprint pattern="^Nortel Application Switch (\S+)(?:\s+\S+|)$">
|
5612
5611
|
<description>Nortel Application switch</description>
|
5613
|
-
<example>Nortel Application Switch 2424</example>
|
5612
|
+
<example os.product="2424">Nortel Application Switch 2424</example>
|
5614
5613
|
<param pos="0" name="os.vendor" value="Nortel"/>
|
5615
5614
|
<param pos="0" name="os.family" value="Application Switch"/>
|
5616
5615
|
<param pos="0" name="os.device" value="Load balancer"/>
|
@@ -5918,7 +5917,7 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
5918
5917
|
<param pos="0" name="os.device" value="Multifunction Device"/>
|
5919
5918
|
</fingerprint>
|
5920
5919
|
|
5921
|
-
<fingerprint pattern="^Oce, 3165 ([^,]+), Controller
|
5920
|
+
<fingerprint pattern="^Oce, 3165 ([^,]+), Controller \S+$">
|
5922
5921
|
<description>Oce 3165 multifunction device</description>
|
5923
5922
|
<example>Oce, 3165 R8.2, Controller R10.2.8</example>
|
5924
5923
|
<param pos="0" name="os.vendor" value="Oce"/>
|
@@ -6142,6 +6141,7 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
6142
6141
|
<param pos="0" name="os.family" value="NEO"/>
|
6143
6142
|
<param pos="0" name="os.product" value="NEO Tape Library"/>
|
6144
6143
|
<param pos="0" name="os.device" value="Storage"/>
|
6144
|
+
<param pos="1" name="os.version"/>
|
6145
6145
|
</fingerprint>
|
6146
6146
|
|
6147
6147
|
<!--======================================================================
|
@@ -7054,7 +7054,7 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
7054
7054
|
SCO
|
7055
7055
|
=======================================================================-->
|
7056
7056
|
|
7057
|
-
<fingerprint pattern="^SCO TCP/IP Runtime Release
|
7057
|
+
<fingerprint pattern="^SCO TCP/IP Runtime Release \S+$">
|
7058
7058
|
<description>SCO</description>
|
7059
7059
|
<example>SCO TCP/IP Runtime Release 2.0.0</example>
|
7060
7060
|
<param pos="0" name="os.vendor" value="SCO"/>
|
@@ -7660,6 +7660,7 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
7660
7660
|
<param pos="0" name="os.device" value="General"/>
|
7661
7661
|
<param pos="1" name="os.version"/>
|
7662
7662
|
<param pos="2" name="os.arch"/>
|
7663
|
+
<param pos="3" name="hw.product"/>
|
7663
7664
|
</fingerprint>
|
7664
7665
|
|
7665
7666
|
<fingerprint pattern="^SunOS (\S+) 5\.(\S+) \S+ (\S+) \S+ SUNW,([^,]+).*$">
|
@@ -7669,7 +7670,7 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
7669
7670
|
<example>SunOS magppg01 5.10 Generic_127127-11 sun4v sparc SUNW,T5240</example>
|
7670
7671
|
<example>SunOS magppg02 5.10 Generic_127127-11 sun4v sparc SUNW,T5240</example>
|
7671
7672
|
<example>SunOS rs1-s3 5.10 Generic_142900-09 sun4v sparc SUNW,Netra-CP3260</example>
|
7672
|
-
<example>SunOS sn 5.10 Generic_118833-36 sun4v sparc SUNW,Sun-Fire-T200</example>
|
7673
|
+
<example hw.product="Sun-Fire-T200">SunOS sn 5.10 Generic_118833-36 sun4v sparc SUNW,Sun-Fire-T200</example>
|
7673
7674
|
<param pos="0" name="os.vendor" value="Sun"/>
|
7674
7675
|
<param pos="0" name="os.certainty" value="0.9"/>
|
7675
7676
|
<param pos="0" name="os.family" value="Solaris"/>
|
@@ -7678,6 +7679,7 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
7678
7679
|
<param pos="1" name="host.name"/>
|
7679
7680
|
<param pos="2" name="os.version"/>
|
7680
7681
|
<param pos="3" name="os.arch"/>
|
7682
|
+
<param pos="4" name="hw.product"/>
|
7681
7683
|
</fingerprint>
|
7682
7684
|
|
7683
7685
|
<fingerprint pattern="^SunOS 5\.(\S+) \S+ (\S+)$">
|
@@ -7828,6 +7830,7 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
7828
7830
|
<param pos="0" name="os.vendor" value="Tandberg"/>
|
7829
7831
|
<param pos="0" name="os.device" value="Web cam"/>
|
7830
7832
|
<param pos="1" name="os.product"/>
|
7833
|
+
<param pos="2" name="os.version"/>
|
7831
7834
|
</fingerprint>
|
7832
7835
|
|
7833
7836
|
<!--======================================================================
|
@@ -7871,6 +7874,7 @@ Copyright (c) 1995-2005 by Cisco Systems
|
|
7871
7874
|
<param pos="0" name="os.vendor" value="Unisys"/>
|
7872
7875
|
<param pos="0" name="os.device" value="Printer"/>
|
7873
7876
|
<param pos="1" name="os.product"/>
|
7877
|
+
<param pos="2" name="os.version"/>
|
7874
7878
|
</fingerprint>
|
7875
7879
|
|
7876
7880
|
<fingerprint pattern="^VxWorks SNMPv1/v2c Agent">
|
data/xml/snmp_sysobjid.xml
CHANGED
@@ -116,7 +116,7 @@
|
|
116
116
|
<param pos="0" name="os.arch" value="x86"/>
|
117
117
|
</fingerprint>
|
118
118
|
|
119
|
-
<fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware:
|
119
|
+
<fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.0 \(Build 6001.*$">
|
120
120
|
<description>Windows Server 2008 on x86_64</description>
|
121
121
|
<example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6001 Multiprocessor Free)</example>
|
122
122
|
<example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6001 Multiprocessor Free)</example>
|
@@ -127,7 +127,7 @@
|
|
127
127
|
<param pos="0" name="os.arch" value="x86_64"/>
|
128
128
|
</fingerprint>
|
129
129
|
|
130
|
-
<fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware:
|
130
|
+
<fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: \S+64.*Software: Windows Version 6\.0 \(Build 6001.*$">
|
131
131
|
<description>Windows Server 2008 Datacenter on x86_64</description>
|
132
132
|
<example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6001 Multiprocessor Free)</example>
|
133
133
|
<example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6001 Multiprocessor Free)</example>
|
@@ -160,7 +160,7 @@
|
|
160
160
|
<param pos="0" name="os.arch" value="x86"/>
|
161
161
|
</fingerprint>
|
162
162
|
|
163
|
-
<fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware:
|
163
|
+
<fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.0 \(Build 6002.*$">
|
164
164
|
<description>Windows Server 2008 SP2 on x86_64</description>
|
165
165
|
<example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6002 Multiprocessor Free)</example>
|
166
166
|
<example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6002 Multiprocessor Free)</example>
|
@@ -170,9 +170,9 @@
|
|
170
170
|
<param pos="0" name="os.device" value="General"/>
|
171
171
|
<param pos="0" name="os.version" value="SP2"/>
|
172
172
|
<param pos="0" name="os.arch" value="x86_64"/>
|
173
|
-
</fingerprint>
|
173
|
+
</fingerprint>
|
174
174
|
|
175
|
-
<fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware:
|
175
|
+
<fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: \S+64.*Software: Windows Version 6\.0 \(Build 6002.*$">
|
176
176
|
<description>Windows Server 2008 Datacenter SP2 on x86_64</description>
|
177
177
|
<example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6002 Multiprocessor Free)</example>
|
178
178
|
<example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6002 Multiprocessor Free)</example>
|
@@ -182,7 +182,7 @@
|
|
182
182
|
<param pos="0" name="os.device" value="General"/>
|
183
183
|
<param pos="0" name="os.version" value="SP2"/>
|
184
184
|
<param pos="0" name="os.arch" value="x86_64"/>
|
185
|
-
</fingerprint>
|
185
|
+
</fingerprint>
|
186
186
|
|
187
187
|
<fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: x86.*Software: Windows Version 6\.1 \(Build 7600.*$">
|
188
188
|
<description>Windows Server 2008 R2 on x86</description>
|
@@ -204,7 +204,7 @@
|
|
204
204
|
<param pos="0" name="os.arch" value="x86"/>
|
205
205
|
</fingerprint>
|
206
206
|
|
207
|
-
<fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware:
|
207
|
+
<fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.1 \(Build 7600.*$">
|
208
208
|
<description>Windows Server 2008 R2 on x86_64</description>
|
209
209
|
<example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7600 Multiprocessor Free)</example>
|
210
210
|
<example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7600 Multiprocessor Free)</example>
|
@@ -215,7 +215,7 @@
|
|
215
215
|
<param pos="0" name="os.arch" value="x86_64"/>
|
216
216
|
</fingerprint>
|
217
217
|
|
218
|
-
<fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware:
|
218
|
+
<fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: \S+64.*Software: Windows Version 6\.1 \(Build 7600.*$">
|
219
219
|
<description>Windows Server 2008 Datacenter R2 on x86_64</description>
|
220
220
|
<example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7600 Multiprocessor Free)</example>
|
221
221
|
<example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7600 Multiprocessor Free)</example>
|
@@ -248,7 +248,7 @@
|
|
248
248
|
<param pos="0" name="os.arch" value="x86"/>
|
249
249
|
</fingerprint>
|
250
250
|
|
251
|
-
<fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware:
|
251
|
+
<fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.1 \(Build 7601.*$">
|
252
252
|
<description>Windows Server 2008 R2 SP1 on x86_64</description>
|
253
253
|
<example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)</example>
|
254
254
|
<example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)</example>
|
@@ -260,7 +260,7 @@
|
|
260
260
|
<param pos="0" name="os.arch" value="x86_64"/>
|
261
261
|
</fingerprint>
|
262
262
|
|
263
|
-
<fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware:
|
263
|
+
<fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: \S+64.*Software: Windows Version 6\.1 \(Build 7601.*$">
|
264
264
|
<description>Windows Server 2008 Datacenter R2 SP1 on x86_64</description>
|
265
265
|
<example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)</example>
|
266
266
|
<example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)</example>
|
@@ -272,7 +272,7 @@
|
|
272
272
|
<param pos="0" name="os.arch" value="x86_64"/>
|
273
273
|
</fingerprint>
|
274
274
|
|
275
|
-
<fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware:
|
275
|
+
<fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.2 \(Build 9200.*$">
|
276
276
|
<description>Windows Server 2012 on x86_64</description>
|
277
277
|
<example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: Intel64 Family 6 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.2 (Build 9200 Multiprocessor Free)</example>
|
278
278
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: recog
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rapid7 Research
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-10-
|
11
|
+
date: 2014-10-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rspec
|