recog 1.0.3 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1068e270c672aa9dd8c71a5e8fb476c14cacf85a
4
- data.tar.gz: f07af0de32f1d6472e2c9e965dc959ea9e65f6e4
3
+ metadata.gz: 796c259c3ef2b6768e453d45c6eafecea0d3307e
4
+ data.tar.gz: 18619b2bc105b2c9f8a607aa42b8a74cd2226416
5
5
  SHA512:
6
- metadata.gz: 8c10dd6f2c687f34097cd0d437fccd5f72d68b944203d532b7cd2cde8eac463bf192e7a6e776ba6d73dfeedda33c9fe2dde7bb98622ddf4b1278c3a4d2de9a0f
7
- data.tar.gz: d36667a29f1920331406a429925fa79043288ae5807fd18397164fed0e783e0c4aa80754c5e8bfdb55da99de22ca3f3667d9e9957c3664760a2324749d6c10e2
6
+ metadata.gz: 262b8c5243d2700fef9809eac70e68400fb4a40a21f305e9ada37eb48faf2fe2189127d27904b8ea3f1d416c5c786adf1f2604735ed81d42be59f64710ad9316
7
+ data.tar.gz: 4cbfa966c8268210113965387576182ea7aa4a98267af5bac81b9194db89fac554882a6421b37f2c96cde466b0589ed2165fd9faf9228421214bb49834fb6a5e
data/bin/recog_verify.rb CHANGED
@@ -9,7 +9,7 @@ require 'recog/verifier_factory'
9
9
  options = OpenStruct.new(color: false, detail: false)
10
10
 
11
11
  option_parser = OptionParser.new do |opts|
12
- opts.banner = "Usage: #{$0} [options] XML_FINGERPRINTS_FILE"
12
+ opts.banner = "Usage: #{$0} [options] XML_FINGERPRINT_FILE1 ..."
13
13
  opts.separator "Verifies that each fingerprint passes its internal tests."
14
14
  opts.separator ""
15
15
  opts.separator "Options"
@@ -34,12 +34,15 @@ option_parser = OptionParser.new do |opts|
34
34
  end
35
35
  option_parser.parse!(ARGV)
36
36
 
37
- if ARGV.count != 1
37
+ if ARGV.empty?
38
+ $stderr.puts 'Missing XML fingerprint files'
38
39
  puts option_parser
39
- exit
40
+ exit(1)
40
41
  end
41
42
 
42
- ndb = Recog::DB.new(ARGV.shift)
43
- options.fingerprints = ndb.fingerprints
44
- verifier = Recog::VerifierFactory.build(options)
45
- verifier.verify_tests
43
+ ARGV.each do |file|
44
+ ndb = Recog::DB.new(file)
45
+ options.fingerprints = ndb.fingerprints
46
+ verifier = Recog::VerifierFactory.build(options)
47
+ verifier.verify_tests
48
+ end
@@ -45,13 +45,36 @@ class Fingerprint
45
45
  match_data = @regex.match(match_string)
46
46
  return if match_data.nil?
47
47
 
48
+ # sanity check any positional extractions
49
+ positions = @params.values.map(&:first).map(&:to_i)
50
+ captures_size = match_data.captures.size
51
+ if @params.empty? && captures_size > 0
52
+ raise "Non-asserting fingerprint with regex #{@regex} captures #{captures_size} time(s); 0 are needed"
53
+ else
54
+ if captures_size > 0
55
+ max_pos = positions.max
56
+ # if it is actually looking to extract, ensure that there is enough to extract
57
+ if max_pos > 0 && captures_size < max_pos
58
+ raise "Regex #{@regex} only has #{captures_size} captures; cannot extract from position #{max_pos}"
59
+ end
60
+ # if there is not extraction but capturing is happening, fail since this is a waste
61
+ if captures_size > max_pos
62
+ raise "Regex #{@regex} captures #{captures_size - max_pos} too many (#{captures_size} vs #{max_pos})"
63
+ end
64
+ end
65
+ end
66
+
67
+ # now do extraction
48
68
  result = { 'matched' => @name }
49
69
  @params.each_pair do |k,v|
50
- if v[0] == 0
70
+ pos = v[0]
71
+ if pos == 0
51
72
  # A match offset of 0 means this param has a hardcoded value
52
73
  result[k] = v[1]
53
74
  else
54
- result[k] = match_data[ v[0] ]
75
+ # A match offset other than 0 means the value should come from
76
+ # the corresponding match result index
77
+ result[k] = match_data[ pos ]
55
78
  end
56
79
  end
57
80
  return result
@@ -105,7 +128,7 @@ class Fingerprint
105
128
  # @return [String] Contents of the source XML's `description` tag
106
129
  def parse_description(xml)
107
130
  element = xml.xpath('description')
108
- element.empty? ? '' : element.first.content
131
+ element.empty? ? '' : element.first.content.gsub(/[\r\n]+/, ' ').gsub(/\s{3,}/, ' ').strip
109
132
  end
110
133
 
111
134
  # @param xml [Nokogiri::XML::Element]
data/lib/recog/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Recog
2
- VERSION = "1.0.3"
2
+ VERSION = "1.0.4"
3
3
  end
@@ -17,16 +17,11 @@ describe Recog::DB do
17
17
 
18
18
  context "#{fp.regex}" do
19
19
 
20
- if fp.name.nil? || fp.name.empty?
21
- skip "has a name"
20
+ it "has a name" do
21
+ expect(fp.name).not_to be_nil
22
+ expect(fp.name).not_to be_empty
22
23
  end
23
24
 
24
- # Not yet enforced
25
- # it "has a name" do
26
- # expect(fp.name).not_to be_nil
27
- # expect(fp.name).not_to be_empty
28
- # end
29
-
30
25
  it "has a regex" do
31
26
  expect(fp.regex).not_to be_nil
32
27
  expect(fp.regex.class).to be ::Regexp
data/xml/ftp_banners.xml CHANGED
@@ -268,7 +268,7 @@ against these patterns to fingerprint FTP servers.
268
268
  <param pos="1" name="os.product"/>
269
269
  <param pos="2" name="os.version"/>
270
270
  </fingerprint>
271
- <fingerprint pattern="^(\S+) FTP server \(EMC-SNAS: ([^\)]+)\)(:? \S+)?$">
271
+ <fingerprint pattern="^(\S+) FTP server \(EMC-SNAS: ([^\)]+)\)(?: \S+)?$">
272
272
  <example>foo2 FTP server (EMC-SNAS: 5.6.47.11)</example>
273
273
  <example>foo2 FTP server (EMC-SNAS: 5.6.50.203) ready.</example>
274
274
  <example>foo4 FTP server (EMC-SNAS: 5.5.31.6) r</example>
@@ -304,6 +304,7 @@ against these patterns to fingerprint FTP servers.
304
304
  <param pos="0" name="os.device" value="Firewall"/>
305
305
  <param pos="0" name="os.family" value="Firewall-1"/>
306
306
  <param pos="0" name="os.product" value="Firewall-1"/>
307
+ <param pos="1" name="host.name"/>
307
308
  </fingerprint>
308
309
  <fingerprint pattern="^Blue Coat FTP Service$">
309
310
  <example>Blue Coat FTP Service</example>
@@ -355,6 +356,7 @@ against these patterns to fingerprint FTP servers.
355
356
  <param pos="0" name="os.vendor" value="D-Link"/>
356
357
  <param pos="0" name="os.product" value="DCS-2100"/>
357
358
  <param pos="0" name="os.device" value="Web cam"/>
359
+ <param pos="1" name="host.name"/>
358
360
  </fingerprint>
359
361
  <fingerprint pattern="^Secure Gateway FTP server ready\.$">
360
362
  <example>Secure Gateway FTP server ready.</example>
@@ -372,8 +374,8 @@ against these patterns to fingerprint FTP servers.
372
374
  <param pos="1" name="os.product"/>
373
375
  <param pos="0" name="os.device" value="Storage"/>
374
376
  </fingerprint>
375
- <fingerprint pattern="^AXIS (\S+) (?:Network( Fixed Dome)? Camera) ([\d\.]+) .* ready\.?$" flags="REG_ICASE">
376
- <example>Axis 2100 Network Camera 2.43 Nov 04 2008 ready.</example>
377
+ <fingerprint pattern="^AXIS (\S+) (?:Network(?: Fixed Dome)? Camera) ([\d\.]+) .* ready\.?$" flags="REG_ICASE">
378
+ <example os.product="2100" os.version="2.43">Axis 2100 Network Camera 2.43 Nov 04 2008 ready.</example>
377
379
  <example>AXIS 207 Network Camera 4.40.1 (Apr 16 2007) ready.</example>
378
380
  <example>AXIS 216FD Network Fixed Dome Camera 4.47 (Mar 13 2008) ready.</example>
379
381
  <description>Axis Network Camera</description>
@@ -556,6 +558,7 @@ against these patterns to fingerprint FTP servers.
556
558
  <param pos="0" name="os.family" value="LinkCom Xpress"/>
557
559
  <param pos="0" name="os.device" value="Print server"/>
558
560
  <param pos="1" name="os.product"/>
561
+ <param pos="2" name="os.version"/>
559
562
  </fingerprint>
560
563
  <fingerprint pattern="^LinkCom Xpress (.*)$" certainty="1.0">
561
564
  <description>MPI Technologies Linkcom Express FTP Server</description>
data/xml/http_servers.xml CHANGED
@@ -1728,7 +1728,7 @@
1728
1728
  <param pos="1" name="service.version"/>
1729
1729
  </fingerprint>
1730
1730
 
1731
- <fingerprint pattern="^Apache Tomcat/(\d\.[\d.]+)(-LE-jdk14)? \(HTTP/1.1 Connector\)$">
1731
+ <fingerprint pattern="^Apache Tomcat/(\d\.[\d.]+)(?:-LE-jdk14)? \(HTTP/1.1 Connector\)$">
1732
1732
  <example>Apache Tomcat/4.0.6 (HTTP/1.1 Connector)</example>
1733
1733
  <example>Apache Tomcat/4.1.12 (HTTP/1.1 Connector)</example>
1734
1734
  <example>Apache Tomcat/4.1.27-LE-jdk14 (HTTP/1.1 Connector)</example>
@@ -2009,6 +2009,7 @@
2009
2009
  <param pos="0" name="os.device" value="General"/>
2010
2010
  <param pos="0" name="os.family" value="OS/400"/>
2011
2011
  <param pos="0" name="os.product" value="OS/400"/>
2012
+ <param pos="1" name="os.version"/>
2012
2013
  </fingerprint>
2013
2014
 
2014
2015
  <fingerprint pattern="^(?:IBM_HTTP_Server|IBM_HTTP_SERVER)/([\w.-]+)\s+Apache/([12][\d.]+)\s*(.*)$">
@@ -2116,7 +2117,7 @@
2116
2117
  <param pos="1" name="service.version"/>
2117
2118
  </fingerprint>
2118
2119
 
2119
- <fingerprint pattern="^(?:Sun-Java-System-Web-Server|Sun-ONE-Web-Server)/(\d\.[\d_]+)$">
2120
+ <fingerprint pattern="^(?:Sun-Java-System-Web-Server|Sun-ONE-Web-Server)/(?:\d\.[\d_]+)$">
2120
2121
  <example>Sun-Java-System-Web-Server/7.0</example>
2121
2122
  <example>Sun-ONE-Web-Server/6.1</example>
2122
2123
  <description>Sun Java System Web Server (formerly Netscape Enterprise Server, iPlanet Web
@@ -2174,7 +2175,7 @@
2174
2175
  <param pos="1" name="service.version"/>
2175
2176
  </fingerprint>
2176
2177
 
2177
- <fingerprint pattern="^Sun-Java-System-Web-Proxy-Server/(4\.\d+)$">
2178
+ <fingerprint pattern="^Sun-Java-System-Web-Proxy-Server/(?:4\.\d+)$">
2178
2179
  <!-- Some 4.x versions only return a partial version number (4.x instead of 4.x.x). -->
2179
2180
  <example>Sun-Java-System-Web-Proxy-Server/4.0</example>
2180
2181
  <description>Sun Java System Web Proxy Server (formerly iPlanet WebProxy Server,
@@ -2185,7 +2186,7 @@
2185
2186
  <!-- don't specify the version as it is only partially known -->
2186
2187
  </fingerprint>
2187
2188
 
2188
- <fingerprint pattern="^Sun-ILOM-Web-Server/(\d\.[\d._]+)$">
2189
+ <fingerprint pattern="^Sun-ILOM-Web-Server/(?:\d\.[\d._]+)$">
2189
2190
  <example>Sun-ILOM-Web-Server/1.0</example>
2190
2191
  <description>Sun Integrated Lights Out Manager (ILOM) usually
2191
2192
  bundled with Sun Fire servers</description>
@@ -2322,7 +2323,7 @@
2322
2323
  <param pos="0" name="service.family" value="Lotus Domino"/>
2323
2324
  </fingerprint>
2324
2325
 
2325
- <fingerprint pattern="^Lotus(?:-Domino)?/(?:Release-?)?([4-7][\d.]+)\s*(.*)$">
2326
+ <fingerprint pattern="^Lotus(?:-Domino)?/(?:Release-?)?([4-7][\d.]+)\s*(?:.*)$">
2326
2327
  <example>Lotus-Domino/5.0.8</example>
2327
2328
  <example>Lotus-Domino/Release-4.6.7(Intl)</example>
2328
2329
  <description>IBM Lotus Notes/Domino with version info</description>
@@ -2332,7 +2333,7 @@
2332
2333
  <param pos="1" name="service.version"/>
2333
2334
  </fingerprint>
2334
2335
 
2335
- <fingerprint pattern="^WebLogic (?:WebLogic )?Server (\d+\.\d+(\s+SP\d+)?)\s+.*$">
2336
+ <fingerprint pattern="^WebLogic (?:WebLogic )?Server (\d+\.\d+(?:\s+SP\d+)?)\s+.*$">
2336
2337
  <example>WebLogic Server 8.1 SP3 Tue Jun 29 23:11:19 PDT 2004 404973</example>
2337
2338
  <example>WebLogic Server 7.0 SP4 Tue Aug 12 11:22:26 PDT 2003</example>
2338
2339
  <example>WebLogic WebLogic Server 6.1 SP4 11/08/2002 21:50:43 #221641</example>
@@ -2379,7 +2380,7 @@
2379
2380
  <param pos="0" name="os.product" value="Windows"/>
2380
2381
  </fingerprint>
2381
2382
 
2382
- <fingerprint pattern="^Abyss/(\d\.[\d.]+)-X1-Win32 AbyssLib/(\d\.[\d.]+)$">
2383
+ <fingerprint pattern="^Abyss/(\d\.[\d.]+)-X1-Win32 AbyssLib/(?:\d\.[\d.]+)$">
2383
2384
  <example>Abyss/2.0.0.20-X1-Win32 AbyssLib/2.0.0.20</example>
2384
2385
  <example>Abyss/2.3.2-X1-Win32 AbyssLib/2.3.2</example>
2385
2386
  <description>Aprelium Technologies Abyss Web Server X1
@@ -2608,6 +2609,7 @@
2608
2609
  <param pos="0" name="service.vendor" value="HP"/>
2609
2610
  <param pos="0" name="service.product" value="JetDirect"/>
2610
2611
  <param pos="0" name="service.family" value="JetDirect"/>
2612
+ <param pos="1" name="service.version"/>
2611
2613
  <param pos="0" name="os.vendor" value="HP"/>
2612
2614
  <param pos="0" name="os.device" value="Printer"/>
2613
2615
  <param pos="0" name="os.family" value="JetDirect"/>
@@ -2794,6 +2796,7 @@
2794
2796
  <param pos="0" name="os.family" value="Raptor"/>
2795
2797
  <param pos="0" name="os.device" value="Firewall"/>
2796
2798
  <param pos="0" name="os.product" value="Raptor"/>
2799
+ <param pos="1" name="os.version"/>
2797
2800
  </fingerprint>
2798
2801
 
2799
2802
  <fingerprint pattern="^NS_(\d\.\d)$">
@@ -2873,7 +2876,7 @@
2873
2876
  <param pos="0" name="os.product" value="Linux"/>
2874
2877
  </fingerprint>
2875
2878
 
2876
- <fingerprint pattern="^RealVNC/(\S+)$">
2879
+ <fingerprint pattern="^RealVNC/(?:\S+)$">
2877
2880
  <description>RealVNC built-in webserver</description>
2878
2881
  <example>RealVNC/4.0</example>
2879
2882
  <param pos="0" name="service.vendor" value="RealVNC Ltd."/>
@@ -3266,7 +3269,7 @@
3266
3269
  </fingerprint>
3267
3270
 
3268
3271
  <!-- Hikvision is OEMd by a number of DVR manufacturers -->
3269
- <fingerprint pattern="^(Hikvision|DVRDVS)-Webs$">
3272
+ <fingerprint pattern="^(?:Hikvision|DVRDVS)-Webs$">
3270
3273
  <description>Web server found on DVR and webcam servers sourced from Hikvision</description>
3271
3274
  <example>Hikvision-Webs</example>
3272
3275
  <example>DVRDVS-Webs</example>
@@ -3282,6 +3285,7 @@
3282
3285
  <example>NET-DK 1.1</example>
3283
3286
  <param pos="0" name="service.vendor" value="ARRIS"/>
3284
3287
  <param pos="0" name="service.product" value="Net-DK Web Server"/>
3288
+ <param pos="1" name="service.version"/>
3285
3289
  <param pos="0" name="os.vendor" value="ARRIS"/>
3286
3290
  <param pos="0" name="os.device" value="Cable Modem"/>
3287
3291
  </fingerprint>
@@ -3302,7 +3306,7 @@
3302
3306
  assert nothing.</description>
3303
3307
  </fingerprint>
3304
3308
 
3305
- <fingerprint pattern="^Web-Server/((?:\d+\.)+\d+)$">
3309
+ <fingerprint pattern="^Web-Server/(?:\d+\.+\d+)$">
3306
3310
  <example>Web-Server/3.0</example>
3307
3311
  <!-- Hard to be sure with such a generic name, but I
3308
3312
  suspect this server has been obfuscated. -->
data/xml/ntp_banners.xml CHANGED
@@ -139,7 +139,7 @@ NTP "banners", taken from a readvar response
139
139
  </fingerprint>
140
140
  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^&quot;]+)&quot;,.*system=&quot;Darwin/?6\.([^&quot;]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
141
141
  <description>ntpd running on Mac OSX 10.2/Jaguar</description>
142
- <example service.version="4.1.1@1.786" os.version="10.2" os.version.version="8">
142
+ <example service.version="4.1.1@1.786" os.version.version="8">
143
143
  version="ntpd 4.1.1@1.786 Tue Nov 12 09:30:41 PST 2002 (1)", processor="Power Macintosh", system="Darwin6.8",
144
144
  </example>
145
145
  <param pos="0" name="service.family" value="NTP"/>
@@ -224,7 +224,7 @@ NTP "banners", taken from a readvar response
224
224
  </fingerprint>
225
225
  <fingerprint pattern="^.*processor=&quot;([^&quot;]+)&quot;.*system=&quot;BSD/OS([\d.]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
226
226
  <description>BSD/OS with a version and arch</description>
227
- <example os.arch="i386" os.product="BSD/OS" os.version="4.3.1">
227
+ <example os.arch="i386" os.version="4.3.1">
228
228
  processor="i386", system="BSD/OS4.3.1", leap=0, stratum=2
229
229
  </example>
230
230
  <param pos="0" name="os.vendor" value="Berkeley Software Design Inc."/>
@@ -418,6 +418,7 @@ NTP "banners", taken from a readvar response
418
418
  <param pos="0" name="os.vendor" value="Sun"/>
419
419
  <param pos="0" name="os.family" value="Solaris"/>
420
420
  <param pos="0" name="os.product" value="Solaris"/>
421
+ <param pos="1" name="os.version"/>
421
422
  </fingerprint>
422
423
  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;JUNOS/?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
423
424
  <description>ntpd running on Juniper/Netscreen JunOS</description>
@@ -436,14 +437,14 @@ NTP "banners", taken from a readvar response
436
437
  </fingerprint>
437
438
  <fingerprint pattern="processor=&quot;([^ ]+)&quot;,.*system=&quot;JUNOS/?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
438
439
  <description>Juniper/Netscreen JunOS NTP without a version</description>
439
- <example>processor="i386", system="JUNOS7.0R2.7", leap=0, stratum=3</example>
440
- <example>processor="i386", system="JUNOS6.4R1.6", leap=3, stratum=16</example>
441
- <example>processor="i386", system="JUNOS5.5R2.3", leap=0, stratum=3</example>
440
+ <example os.arch="i386" os.version="7.0R2.7">processor="i386", system="JUNOS7.0R2.7", leap=0, stratum=3</example>
441
+ <example os.arch="i386" os.version="6.4R1.6">processor="i386", system="JUNOS6.4R1.6", leap=3, stratum=16</example>
442
+ <example os.arch="i386" os.version="5.5R2.3">processor="i386", system="JUNOS5.5R2.3", leap=0, stratum=3</example>
442
443
  <param pos="0" name="os.vendor" value="Juniper"/>
443
444
  <param pos="0" name="os.family" value="Junos"/>
444
445
  <param pos="0" name="os.product" value="Junos OS"/>
445
- <param pos="2" name="os.arch"/>
446
- <param pos="3" name="os.version"/>
446
+ <param pos="1" name="os.arch"/>
447
+ <param pos="2" name="os.version"/>
447
448
  </fingerprint>
448
449
  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;Windows/?([^ ]+)?&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
449
450
  <description>ntpd running on Windows</description>
@@ -640,7 +641,7 @@ NTP "banners", taken from a readvar response
640
641
  <param pos="0" name="os.product" value="VxWorks"/>
641
642
  <param pos="0" name="os.arch" value="i386"/>
642
643
  </fingerprint>
643
- <fingerprint pattern="system=&quot;UNIX/(Unixware([^ ]+))&quot;" flags="REG_ICASE">
644
+ <fingerprint pattern="system=&quot;UNIX/Unixware([^ ]+)&quot;" flags="REG_ICASE">
644
645
  <description>SCO Unixware NTP</description>
645
646
  <example>
646
647
  system="UNIX/Unixware2", leap=3, stratum=16, rootdelay=0.00,
@@ -652,7 +653,7 @@ NTP "banners", taken from a readvar response
652
653
  <param pos="0" name="os.vendor" value="SCO"/>
653
654
  <param pos="1" name="os.product"/>
654
655
  </fingerprint>
655
- <fingerprint pattern="^.*processor=&quot;([^&quot;]+)&quot;, system=&quot;SCO_SV([\d\.]+)&quot;" flags="REG_ICASE">
656
+ <fingerprint pattern="^.*processor=&quot;([^&quot;]+)&quot;, system=&quot;SCO_SV([\d\.]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
656
657
  <description>SCO Unixware NTP</description>
657
658
  <example os.version="3.2" os.arch="i386">
658
659
  processor="i386", system="SCO_SV3.2", leap=0, stratum=2, precision=-18
data/xml/rsh_resp.xml CHANGED
@@ -75,7 +75,7 @@ Rservices responses to requests are matched against these patterns to fingerprin
75
75
  <param pos="0" name="os.product" value="AIX"/>
76
76
  </fingerprint>
77
77
 
78
- <fingerprint pattern="^.remshd: (getservbyname.+|Kerberos Authentication not enabled\..+|Error! Kerberos authentication failed)$" flags="REG_DOT_NEWLINE">
78
+ <fingerprint pattern="^.remshd: (?:getservbyname.+|Kerberos Authentication not enabled\..+|Error! Kerberos authentication failed)$" flags="REG_DOT_NEWLINE">
79
79
  <example>xremshd: getservbyname
80
80
  </example>
81
81
  <example>xremshd: Kerberos Authentication not enabled.
@@ -14,7 +14,7 @@
14
14
  <param pos="1" name="os.product"/>
15
15
  </fingerprint>
16
16
 
17
- <fingerprint pattern="^(Windows (95|98|ME))$">
17
+ <fingerprint pattern="^(Windows (?:95|98|ME))$">
18
18
  <description>Windows 95/98/ME</description>
19
19
  <example os.product="Windows 95">Windows 95</example>
20
20
  <example os.product="Windows 98">Windows 98</example>
data/xml/smtp_expn.xml CHANGED
@@ -38,8 +38,7 @@ See comment at the top of smtp_banners.xml for additional info.
38
38
  </fingerprint>
39
39
 
40
40
  <fingerprint pattern="^500[ -]Don't you wish! *$">
41
- <description>
42
- </description>
41
+ <description>GNAT box SMTP</description>
43
42
  <param pos="0" name="service.vendor" value="Global Technology Associates"/>
44
43
  <param pos="0" name="service.family" value="GNAT Box"/>
45
44
  <param pos="0" name="service.product" value="GNAT Box"/>
@@ -5,18 +5,15 @@ This file is currently unused.
5
5
 
6
6
  <fingerprints>
7
7
  <fingerprint pattern="250 .* is syntactically correct *">
8
- <description>
9
- Exim
10
- example: 250 &lt;nosuchuser@rapid7.com&gt; is syntactically correct
11
- </description>
8
+ <description>exim</description>
9
+ <example>250 &lt;nosuchuser@rapid7.com&gt; is syntactically correct</example>
12
10
  <param pos="0" name="service.vendor" value="exim"/>
13
11
  <param pos="0" name="service.family" value="exim"/>
14
12
  <param pos="0" name="service.product" value="exim"/>
15
13
  </fingerprint>
16
14
 
17
15
  <fingerprint pattern="501[ -]System error\. *">
18
- <description>
19
- </description>
16
+ <description>GNAT Box SMTP</description>
20
17
  <param pos="0" name="service.vendor" value="Global Technology Associates"/>
21
18
  <param pos="0" name="service.family" value="GNAT Box"/>
22
19
  <param pos="0" name="service.product" value="GNAT Box"/>
@@ -41,9 +41,9 @@
41
41
  <param pos="2" name="os.version"/>
42
42
  </fingerprint>
43
43
 
44
- <fingerprint pattern="^3COM: (AP\S+): .*11.*Access Point, Software v(\S+), Bootrom v(\S+), Hardware (\S+)$">
44
+ <fingerprint pattern="^3COM: (AP\S+): .*11.*Access Point, Software v(\S+), Bootrom v\S+, Hardware \S+$">
45
45
  <description>3COM WAP</description>
46
- <example>3COM: AP8760: Dual Radio 11a/b/g Access Point, Software v2.1.13b05_sh, Bootrom v1.2.1, Hardware R02</example>
46
+ <example os.product="AP8760" os.version="2.1.13b05_sh">3COM: AP8760: Dual Radio 11a/b/g Access Point, Software v2.1.13b05_sh, Bootrom v1.2.1, Hardware R02</example>
47
47
  <param pos="0" name="os.vendor" value="3Com"/>
48
48
  <param pos="0" name="os.family" value="Access Point"/>
49
49
  <param pos="0" name="os.device" value="WAP"/>
@@ -411,7 +411,7 @@
411
411
  <param pos="2" name="os.version"/>
412
412
  </fingerprint>
413
413
 
414
- <fingerprint pattern="^3Com (.*Switch.*) \d+-Port.*Software Version (\d\..*(Release|Feature).*)$">
414
+ <fingerprint pattern="^3Com (.*Switch.*) \d+-Port.*Software Version (\d\..*(?:Release|Feature).*)$">
415
415
  <description>3COM Switch</description>
416
416
  <example>3Com Switch 4210 18-Port Software Version 3.10 Release 2212P01</example>
417
417
  <example>3Com Switch 4210 26-Port Software Version 3.10 Release 2212</example>
@@ -461,7 +461,7 @@
461
461
  ADTRAN
462
462
  =======================================================================-->
463
463
 
464
- <fingerprint pattern="^ADTRAN (MX\d+( \S+)?( \S+)?)$" flags="REG_ICASE">
464
+ <fingerprint pattern="^ADTRAN (MX\d+(?: \S+)?(?: \S+)?)$" flags="REG_ICASE">
465
465
  <description>ADTRAN Multiplexer</description>
466
466
  <example>ADTRAN MX2820 Multiplexer</example>
467
467
  <example>ADTRAN MX2800 DS3 Multiplexer</example>
@@ -492,13 +492,11 @@
492
492
  <param pos="1" name="os.product"/>
493
493
  </fingerprint>
494
494
 
495
- <fingerprint pattern="^ADTRAN (TA\S+( \S+)?( \S+)?)$" flags="REG_ICASE">
495
+ <fingerprint pattern="^ADTRAN (TA\S+(?: \S+)?(?: \S+)?)$" flags="REG_ICASE">
496
496
  <description>ADTRAN TotalAccess</description>
497
- <example>ADTRAN TA1448S-CE</example>
498
- <example>Adtran TA1124</example>
499
- <example>Adtran TA1148</example>
500
- <example>Adtran TA1224</example>
501
- <example>Adtran TA1248</example>
497
+ <example os.product="TA1448S-CE">ADTRAN TA1448S-CE</example>
498
+ <example os.product="TA1124">Adtran TA1124</example>
499
+ <example os.product="TA1148">Adtran TA1148</example>
502
500
  <param pos="0" name="os.device" value="Media Gateway"/>
503
501
  <param pos="0" name="os.vendor" value="ADTRAN"/>
504
502
  <param pos="0" name="os.family" value="Total Access"/>
@@ -710,7 +708,7 @@
710
708
 
711
709
  <fingerprint pattern="^Apple Base Station V([^\s]+) Compatible$">
712
710
  <description>Apple Airport base station</description>
713
- <example>Apple Base Station V3.84 Compatible</example>
711
+ <example os.version="3.84">Apple Base Station V3.84 Compatible</example>
714
712
  <param pos="0" name="os.vendor" value="Apple"/>
715
713
  <param pos="0" name="os.family" value="Airport"/>
716
714
  <param pos="0" name="os.product" value="Base Station"/>
@@ -718,7 +716,7 @@
718
716
  <param pos="1" name="os.version"/>
719
717
  </fingerprint>
720
718
 
721
- <fingerprint pattern="^Apple AirPort - Apple (Inc\.|Computer).*$">
719
+ <fingerprint pattern="^Apple AirPort - Apple (?:Inc\.|Computer).*$">
722
720
  <description>Apple Airport Extreme</description>
723
721
  <example>Apple AirPort - Apple Inc., 2006-2009. All rights Reserved.</example>
724
722
  <example>Apple AirPort - Apple Computer, 2006. All rights Reserved</example>
@@ -1108,6 +1106,7 @@
1108
1106
  <param pos="0" name="os.vendor" value="Brother"/>
1109
1107
  <param pos="0" name="os.product" value="Unknown"/>
1110
1108
  <param pos="0" name="os.device" value="Printer"/>
1109
+ <param pos="1" name="os.version"/>
1111
1110
  </fingerprint>
1112
1111
 
1113
1112
  <fingerprint pattern="^Brother (NC-\d+\S+),\s*Firmware Ver\.\s?([^\s,]+).*">
@@ -1254,7 +1253,7 @@
1254
1253
  CANON
1255
1254
  =======================================================================-->
1256
1255
 
1257
- <fingerprint pattern="^Canon (iR ?\S+( [A-Z0-9]\S+)?)(?: /P)?(?: EEPROM \S+)?$">
1256
+ <fingerprint pattern="^Canon (iR ?\S+(?: [A-Z0-9]\S+)?)(?: /P)?(?: EEPROM \S+)?$">
1258
1257
  <description>Canon iR multifunction device</description>
1259
1258
  <example>Canon iR C3220-C1 /P</example>
1260
1259
  <example>Canon iR105PLUS-M3 /P</example>
@@ -1283,7 +1282,7 @@
1283
1282
  <param pos="1" name="os.product"/>
1284
1283
  </fingerprint>
1285
1284
 
1286
- <fingerprint pattern="^Canon (iPR ?\S+( [A-Z0-9]\S+)?)(?: /P)?(?: EEPROM \S+)?$">
1285
+ <fingerprint pattern="^Canon (iPR ?\S+(?: [A-Z0-9]\S+)?)(?: /P)?(?: EEPROM \S+)?$">
1287
1286
  <description>Canon iPR multifunction device</description>
1288
1287
  <example>Canon iPR C1 /P</example>
1289
1288
  <example>Canon iPR C1-Q1 /P</example>
@@ -1494,6 +1493,7 @@
1494
1493
  <param pos="0" name="os.device" value="Switch"/>
1495
1494
  <param pos="0" name="os.family" value="Packet-Optical"/>
1496
1495
  <param pos="1" name="os.product"/>
1496
+ <param pos="2" name="os.version"/>
1497
1497
  </fingerprint>
1498
1498
 
1499
1499
 
@@ -1828,7 +1828,7 @@ Copyright (c) 1995-2005 by Cisco Systems
1828
1828
  </fingerprint>
1829
1829
 
1830
1830
 
1831
- <fingerprint pattern="^Datamax (Printer|.*Print Server).*$">
1831
+ <fingerprint pattern="^Datamax (?:Printer|.*Print Server).*$">
1832
1832
  <description>Datamax printer</description>
1833
1833
  <example>Datamax DMXrfNet Print Server compatible with an HP JETDIRECT EX</example>
1834
1834
  <example>Datamax Printer</example>
@@ -1916,7 +1916,7 @@ Copyright (c) 1995-2005 by Cisco Systems
1916
1916
  <param pos="2" name="os.version"/>
1917
1917
  </fingerprint>
1918
1918
 
1919
- <fingerprint pattern="^Dell (\S+)(?: Mono)? Laser Printer(?:;| version) (\S+);?.*$">
1919
+ <fingerprint pattern="^Dell (\S+)(?: Mono)? Laser Printer(?:;| version) \S+;?.*$">
1920
1920
  <description>Dell Laser Printer</description>
1921
1921
  <example>Dell 2330dn Laser Printer version NR.APS.N449 kernel 2.6.18.5 All-N-1</example>
1922
1922
  <example>Dell 2350dn Laser Printer version NR.APS.N449 kernel 2.6.18.5 All-N-1</example>
@@ -2223,7 +2223,7 @@ Copyright (c) 1995-2005 by Cisco Systems
2223
2223
  <param pos="1" name="os.product"/>
2224
2224
  </fingerprint>
2225
2225
 
2226
- <fingerprint pattern="^EPSON (Internal .* Scanning Card|Network Image Express|Network Scanning Box)$">
2226
+ <fingerprint pattern="^EPSON (?:Internal .* Scanning Card|Network Image Express|Network Scanning Box)$">
2227
2227
  <description>Epson Network Scanner</description>
2228
2228
  <example>EPSON Internal 10Base-T/100Base-TX Scanning Card</example>
2229
2229
  <example>EPSON Network Image Express</example>
@@ -2233,7 +2233,7 @@ Copyright (c) 1995-2005 by Cisco Systems
2233
2233
  <param pos="0" name="os.product" value="Network Scanner"/>
2234
2234
  </fingerprint>
2235
2235
 
2236
- <fingerprint pattern="^EPSON UIB (\S+) Ethernet Interface Card$">
2236
+ <fingerprint pattern="^EPSON UIB \S+ Ethernet Interface Card$">
2237
2237
  <description>Epson Network Printer</description>
2238
2238
  <example>EPSON UIB 10/100Base-T Ethernet Interface Card</example>
2239
2239
  <example>EPSON UIB 10Base Ethernet Interface Card</example>
@@ -2410,7 +2410,7 @@ Copyright (c) 1995-2005 by Cisco Systems
2410
2410
  <param pos="2" name="os.version"/>
2411
2411
  </fingerprint>
2412
2412
 
2413
- <fingerprint pattern="^Foundry AP: (\S+) v(\S+)$">
2413
+ <fingerprint pattern="^Foundry AP: \S+ v(\S+)$">
2414
2414
  <description>Foundry Networks APs</description>
2415
2415
  <example>Foundry AP: 01.03.04Tw8 v2.0.0</example>
2416
2416
  <example>Foundry AP: 01.03.05Tw8 v3.0.4</example>
@@ -2576,12 +2576,9 @@ Copyright (c) 1995-2005 by Cisco Systems
2576
2576
  <param pos="2" name="os.version"/>
2577
2577
  </fingerprint>
2578
2578
 
2579
- <fingerprint pattern="^(\S+) (.*?) (HP|Compaq) Tru64 UNIX V(\S+) \(Rev\. ([^\)]+)\).*TCP/IP$">
2579
+ <fingerprint pattern="^(\S+) (.*?) (?:HP|Compaq) Tru64 UNIX V(\S+) \(Rev\. ([^\)]+)\).*TCP/IP$">
2580
2580
  <description>Digital/Compaq/HP Tru64 Unix</description>
2581
- <example>was1 AlphaServer DS10 466 MHz Compaq Tru64 UNIX V5.1B (Rev. 2650); Wed Feb 25 13:29:07 KST 2004 TCP/IP</example>
2582
- <example>wessex.eas.usdfa.ca COMPAQ AlphaServer DS10 617 MHz Compaq Tru64 UNIX V5.1A (Rev. 1885); Thu Nov 29 14:55:23 GMT 2001 TCP/IP</example>
2583
- <example>whizbang.geog.usdf.edu COMPAQ Professional Workstation XP1000 Compaq Tru64 UNIX V5.0A (Rev. 1094); Thu Sep 23 11:58:27 PDT 2004 TCP/IP</example>
2584
- <example>xian AlphaServer DS25 Compaq Tru64 UNIX V5.1B (Rev. 2650); Tue Mar 23 13:46:38 CST 2004 TCP/IP</example>
2581
+ <example host.name="was1" hw.product="AlphaServer DS10 466 MHz" os.version="5.1B" os.version.version="2650">was1 AlphaServer DS10 466 MHz Compaq Tru64 UNIX V5.1B (Rev. 2650); Wed Feb 25 13:29:07 KST 2004 TCP/IP</example>
2585
2582
  <param pos="0" name="os.vendor" value="HP"/>
2586
2583
  <param pos="0" name="os.family" value="Unix"/>
2587
2584
  <param pos="0" name="os.product" value="Tru64 Unix"/>
@@ -2680,7 +2677,7 @@ Copyright (c) 1995-2005 by Cisco Systems
2680
2677
 
2681
2678
  <fingerprint pattern="^HP Series Router (\S+) HP Comware Platform Software Comware Software Version ([^\s,]+)[,\s]\s*Release ([^,\s]+)?[,\s].*Copyright.*$">
2682
2679
  <description>HP Comware</description>
2683
- <example>HP Series Router A-MSR20-40 HP Comware Platform Software Comware Software Version 5.20, Release 2209P15, Standard Copyright(c) 2010-2012 Hewlett-Packard Development Company, L.P.</example>
2680
+ <example hw.product="A-MSR20-40" os.product="A-MSR20-40" os.version="5.20" os.version.version="2209P15">HP Series Router A-MSR20-40 HP Comware Platform Software Comware Software Version 5.20, Release 2209P15, Standard Copyright(c) 2010-2012 Hewlett-Packard Development Company, L.P.</example>
2684
2681
  <example>HP Series Router A-MSR30-20 HP Comware Platform Software Comware Software Version 5.20, Release 2207P41, Standard Copyright(c) 2010 Hewlett-Packard Development Company, L.P.</example>
2685
2682
  <example>HP Series Router A-MSR900 HP Comware Platform Software Comware Software Version 5.20, Release 2207P41 Copyright(c) 2010 Hewlett-Packard Development Company, L.P.</example>
2686
2683
  <param pos="0" name="os.vendor" value="HP"/>
@@ -2694,11 +2691,12 @@ Copyright (c) 1995-2005 by Cisco Systems
2694
2691
 
2695
2692
  <fingerprint pattern="^HP Series Router (\S+) HP Comware Platform Software Comware Software Version ([^,]+), (\S+) Copyright.*$">
2696
2693
  <description>HP Comware</description>
2697
- <example>HP Series Router A-MSR20-40 HP Comware Platform Software Comware Software Version 5.20, T2207L16 Copyright(c) 2010-2011 Hewlett-Packard Development Company, L.P.</example>
2694
+ <example os.product="A-MSR20-40" hw.product="A-MSR20-40" os.version="5.20" os.version.version="T2207L16">HP Series Router A-MSR20-40 HP Comware Platform Software Comware Software Version 5.20, T2207L16 Copyright(c) 2010-2011 Hewlett-Packard Development Company, L.P.</example>
2698
2695
  <param pos="0" name="os.vendor" value="HP"/>
2699
2696
  <param pos="0" name="os.device" value="Router"/>
2700
2697
  <param pos="0" name="os.family" value="Comware"/>
2701
2698
  <param pos="2" name="os.version"/>
2699
+ <param pos="3" name="os.version.version"/>
2702
2700
  <param pos="1" name="os.product"/>
2703
2701
  <param pos="1" name="hw.product"/>
2704
2702
  </fingerprint>
@@ -4324,6 +4322,7 @@ Copyright (c) 1995-2005 by Cisco Systems
4324
4322
  <param pos="0" name="os.device" value="Terminal Server"/>
4325
4323
  <param pos="1" name="os.product"/>
4326
4324
  <param pos="2" name="os.family"/>
4325
+ <param pos="3" name="os.version"/>
4327
4326
  </fingerprint>
4328
4327
 
4329
4328
  <fingerprint pattern="^Lantronix Inc\. - (Modbus Bridge)$">
@@ -5608,9 +5607,9 @@ Copyright (c) 1995-2005 by Cisco Systems
5608
5607
  <param pos="2" name="os.version.version.version"/>
5609
5608
  </fingerprint>
5610
5609
 
5611
- <fingerprint pattern="^Nortel Application Switch (\S+)(\s+\S+|)$">
5610
+ <fingerprint pattern="^Nortel Application Switch (\S+)(?:\s+\S+|)$">
5612
5611
  <description>Nortel Application switch</description>
5613
- <example>Nortel Application Switch 2424</example>
5612
+ <example os.product="2424">Nortel Application Switch 2424</example>
5614
5613
  <param pos="0" name="os.vendor" value="Nortel"/>
5615
5614
  <param pos="0" name="os.family" value="Application Switch"/>
5616
5615
  <param pos="0" name="os.device" value="Load balancer"/>
@@ -5918,7 +5917,7 @@ Copyright (c) 1995-2005 by Cisco Systems
5918
5917
  <param pos="0" name="os.device" value="Multifunction Device"/>
5919
5918
  </fingerprint>
5920
5919
 
5921
- <fingerprint pattern="^Oce, 3165 ([^,]+), Controller (\S+)$">
5920
+ <fingerprint pattern="^Oce, 3165 ([^,]+), Controller \S+$">
5922
5921
  <description>Oce 3165 multifunction device</description>
5923
5922
  <example>Oce, 3165 R8.2, Controller R10.2.8</example>
5924
5923
  <param pos="0" name="os.vendor" value="Oce"/>
@@ -6142,6 +6141,7 @@ Copyright (c) 1995-2005 by Cisco Systems
6142
6141
  <param pos="0" name="os.family" value="NEO"/>
6143
6142
  <param pos="0" name="os.product" value="NEO Tape Library"/>
6144
6143
  <param pos="0" name="os.device" value="Storage"/>
6144
+ <param pos="1" name="os.version"/>
6145
6145
  </fingerprint>
6146
6146
 
6147
6147
  <!--======================================================================
@@ -7054,7 +7054,7 @@ Copyright (c) 1995-2005 by Cisco Systems
7054
7054
  SCO
7055
7055
  =======================================================================-->
7056
7056
 
7057
- <fingerprint pattern="^SCO TCP/IP Runtime Release (\S+)$">
7057
+ <fingerprint pattern="^SCO TCP/IP Runtime Release \S+$">
7058
7058
  <description>SCO</description>
7059
7059
  <example>SCO TCP/IP Runtime Release 2.0.0</example>
7060
7060
  <param pos="0" name="os.vendor" value="SCO"/>
@@ -7660,6 +7660,7 @@ Copyright (c) 1995-2005 by Cisco Systems
7660
7660
  <param pos="0" name="os.device" value="General"/>
7661
7661
  <param pos="1" name="os.version"/>
7662
7662
  <param pos="2" name="os.arch"/>
7663
+ <param pos="3" name="hw.product"/>
7663
7664
  </fingerprint>
7664
7665
 
7665
7666
  <fingerprint pattern="^SunOS (\S+) 5\.(\S+) \S+ (\S+) \S+ SUNW,([^,]+).*$">
@@ -7669,7 +7670,7 @@ Copyright (c) 1995-2005 by Cisco Systems
7669
7670
  <example>SunOS magppg01 5.10 Generic_127127-11 sun4v sparc SUNW,T5240</example>
7670
7671
  <example>SunOS magppg02 5.10 Generic_127127-11 sun4v sparc SUNW,T5240</example>
7671
7672
  <example>SunOS rs1-s3 5.10 Generic_142900-09 sun4v sparc SUNW,Netra-CP3260</example>
7672
- <example>SunOS sn 5.10 Generic_118833-36 sun4v sparc SUNW,Sun-Fire-T200</example>
7673
+ <example hw.product="Sun-Fire-T200">SunOS sn 5.10 Generic_118833-36 sun4v sparc SUNW,Sun-Fire-T200</example>
7673
7674
  <param pos="0" name="os.vendor" value="Sun"/>
7674
7675
  <param pos="0" name="os.certainty" value="0.9"/>
7675
7676
  <param pos="0" name="os.family" value="Solaris"/>
@@ -7678,6 +7679,7 @@ Copyright (c) 1995-2005 by Cisco Systems
7678
7679
  <param pos="1" name="host.name"/>
7679
7680
  <param pos="2" name="os.version"/>
7680
7681
  <param pos="3" name="os.arch"/>
7682
+ <param pos="4" name="hw.product"/>
7681
7683
  </fingerprint>
7682
7684
 
7683
7685
  <fingerprint pattern="^SunOS 5\.(\S+) \S+ (\S+)$">
@@ -7828,6 +7830,7 @@ Copyright (c) 1995-2005 by Cisco Systems
7828
7830
  <param pos="0" name="os.vendor" value="Tandberg"/>
7829
7831
  <param pos="0" name="os.device" value="Web cam"/>
7830
7832
  <param pos="1" name="os.product"/>
7833
+ <param pos="2" name="os.version"/>
7831
7834
  </fingerprint>
7832
7835
 
7833
7836
  <!--======================================================================
@@ -7871,6 +7874,7 @@ Copyright (c) 1995-2005 by Cisco Systems
7871
7874
  <param pos="0" name="os.vendor" value="Unisys"/>
7872
7875
  <param pos="0" name="os.device" value="Printer"/>
7873
7876
  <param pos="1" name="os.product"/>
7877
+ <param pos="2" name="os.version"/>
7874
7878
  </fingerprint>
7875
7879
 
7876
7880
  <fingerprint pattern="^VxWorks SNMPv1/v2c Agent">
@@ -116,7 +116,7 @@
116
116
  <param pos="0" name="os.arch" value="x86"/>
117
117
  </fingerprint>
118
118
 
119
- <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: (\S+64).*Software: Windows Version 6\.0 \(Build 6001.*$">
119
+ <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.0 \(Build 6001.*$">
120
120
  <description>Windows Server 2008 on x86_64</description>
121
121
  <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6001 Multiprocessor Free)</example>
122
122
  <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6001 Multiprocessor Free)</example>
@@ -127,7 +127,7 @@
127
127
  <param pos="0" name="os.arch" value="x86_64"/>
128
128
  </fingerprint>
129
129
 
130
- <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: (\S+64).*Software: Windows Version 6\.0 \(Build 6001.*$">
130
+ <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: \S+64.*Software: Windows Version 6\.0 \(Build 6001.*$">
131
131
  <description>Windows Server 2008 Datacenter on x86_64</description>
132
132
  <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6001 Multiprocessor Free)</example>
133
133
  <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6001 Multiprocessor Free)</example>
@@ -160,7 +160,7 @@
160
160
  <param pos="0" name="os.arch" value="x86"/>
161
161
  </fingerprint>
162
162
 
163
- <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: (\S+64).*Software: Windows Version 6\.0 \(Build 6002.*$">
163
+ <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.0 \(Build 6002.*$">
164
164
  <description>Windows Server 2008 SP2 on x86_64</description>
165
165
  <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6002 Multiprocessor Free)</example>
166
166
  <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6002 Multiprocessor Free)</example>
@@ -170,9 +170,9 @@
170
170
  <param pos="0" name="os.device" value="General"/>
171
171
  <param pos="0" name="os.version" value="SP2"/>
172
172
  <param pos="0" name="os.arch" value="x86_64"/>
173
- </fingerprint>
173
+ </fingerprint>
174
174
 
175
- <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: (\S+64).*Software: Windows Version 6\.0 \(Build 6002.*$">
175
+ <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: \S+64.*Software: Windows Version 6\.0 \(Build 6002.*$">
176
176
  <description>Windows Server 2008 Datacenter SP2 on x86_64</description>
177
177
  <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6002 Multiprocessor Free)</example>
178
178
  <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6002 Multiprocessor Free)</example>
@@ -182,7 +182,7 @@
182
182
  <param pos="0" name="os.device" value="General"/>
183
183
  <param pos="0" name="os.version" value="SP2"/>
184
184
  <param pos="0" name="os.arch" value="x86_64"/>
185
- </fingerprint>
185
+ </fingerprint>
186
186
 
187
187
  <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: x86.*Software: Windows Version 6\.1 \(Build 7600.*$">
188
188
  <description>Windows Server 2008 R2 on x86</description>
@@ -204,7 +204,7 @@
204
204
  <param pos="0" name="os.arch" value="x86"/>
205
205
  </fingerprint>
206
206
 
207
- <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: (\S+64).*Software: Windows Version 6\.1 \(Build 7600.*$">
207
+ <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.1 \(Build 7600.*$">
208
208
  <description>Windows Server 2008 R2 on x86_64</description>
209
209
  <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7600 Multiprocessor Free)</example>
210
210
  <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7600 Multiprocessor Free)</example>
@@ -215,7 +215,7 @@
215
215
  <param pos="0" name="os.arch" value="x86_64"/>
216
216
  </fingerprint>
217
217
 
218
- <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: (\S+64).*Software: Windows Version 6\.1 \(Build 7600.*$">
218
+ <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: \S+64.*Software: Windows Version 6\.1 \(Build 7600.*$">
219
219
  <description>Windows Server 2008 Datacenter R2 on x86_64</description>
220
220
  <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7600 Multiprocessor Free)</example>
221
221
  <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7600 Multiprocessor Free)</example>
@@ -248,7 +248,7 @@
248
248
  <param pos="0" name="os.arch" value="x86"/>
249
249
  </fingerprint>
250
250
 
251
- <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: (\S+64).*Software: Windows Version 6\.1 \(Build 7601.*$">
251
+ <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.1 \(Build 7601.*$">
252
252
  <description>Windows Server 2008 R2 SP1 on x86_64</description>
253
253
  <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)</example>
254
254
  <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)</example>
@@ -260,7 +260,7 @@
260
260
  <param pos="0" name="os.arch" value="x86_64"/>
261
261
  </fingerprint>
262
262
 
263
- <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: (\S+64).*Software: Windows Version 6\.1 \(Build 7601.*$">
263
+ <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.3 Hardware: \S+64.*Software: Windows Version 6\.1 \(Build 7601.*$">
264
264
  <description>Windows Server 2008 Datacenter R2 SP1 on x86_64</description>
265
265
  <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: AMD64 Family 16 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)</example>
266
266
  <example>1.3.6.1.4.1.311.1.1.3.1.3 Hardware: Intel64 Family 15 Model 2 Stepping 5 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)</example>
@@ -272,7 +272,7 @@
272
272
  <param pos="0" name="os.arch" value="x86_64"/>
273
273
  </fingerprint>
274
274
 
275
- <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: (\S+64).*Software: Windows Version 6\.2 \(Build 9200.*$">
275
+ <fingerprint pattern="^1\.3\.6\.1\.4\.1\.311\.1\.1\.3\.1\.2 Hardware: \S+64.*Software: Windows Version 6\.2 \(Build 9200.*$">
276
276
  <description>Windows Server 2012 on x86_64</description>
277
277
  <example>1.3.6.1.4.1.311.1.1.3.1.2 Hardware: Intel64 Family 6 Model 2 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.2 (Build 9200 Multiprocessor Free)</example>
278
278
  <param pos="0" name="os.vendor" value="Microsoft"/>
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: recog
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.3
4
+ version: 1.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rapid7 Research
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-10-09 00:00:00.000000000 Z
11
+ date: 2014-10-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec