recog 2.0.21 → 2.0.22

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 969c6735f1e28f4b06b58cf6aeb2387e7a879d43
4
- data.tar.gz: 80407444535dd5bf122f235efb832e3b947afebd
3
+ metadata.gz: bd3c438c8bd1fa45fd97d61cf0fb2f798b4166dd
4
+ data.tar.gz: a59354bf42cdd3f6ad4149364f9e85cb62e63cf3
5
5
  SHA512:
6
- metadata.gz: 62da53601bfd944679ce5dd786c0217fc592e16063e5743e8b41729cd7e8ec4a9108ff99bd79ec93755c4d810333edf7b3c081de56d4db762a5bb9a7e6356992
7
- data.tar.gz: 7f679e4e3159371bace557257ffe512a40bc340440c6120b7c6d5b015052978dcf5e17ec3e81e695648569784542a91d23a5a116648e9b2deadbe1f29e477b96
6
+ metadata.gz: 70a970a5568193b9b7fade9de7a0e69c338f0d9155a63efeeab22076e86ded23444b2fc60f0d6c5fa7a3b6ce16cc4006b5516eb9169d70eab53cb71bee4cfd25
7
+ data.tar.gz: f7bcb0e369837077cc964b2ce6da33665bc7a37af36b8f019376e6e46909aec11022c68d1bb95053336b25fcb311135eef7c11a5f9d04399fcf6fecdfeb73461
data/README.md CHANGED
@@ -3,7 +3,7 @@ Recog: A Recognition Framework
3
3
 
4
4
  Recog is a framework for identifying products, services, operating systems, and hardware by matching fingerprints against data returned from various network probes. Recog makes it simple to extract useful information from web server banners, snmp system description fields, and a whole lot more. Recog is open source, please see the [LICENSE](https://raw.githubusercontent.com/rapid7/recog/master/LICENSE) file for more information.
5
5
 
6
- [![Gem Version](https://badge.fury.io/rb/recog.svg)](http://badge.fury.io/rb/recog)
6
+ [![Gem Version](https://badge.fury.io/rb/recog.svg)](http://badge.fury.io/rb/recog)
7
7
  [![Build Status](https://travis-ci.org/rapid7/recog.svg?branch=master)](https://travis-ci.org/rapid7/recog)
8
8
 
9
9
  ==
@@ -54,6 +54,15 @@ tests that `RomSShell_4.62` matches the provided regular expression and that the
54
54
 
55
55
  The `param` elements contain a `pos` attribute, which indicates what capture field from the `pattern` should be extracted, or `0` for a static string. The `name` attribute is the key that will be reported in the case of a successful match and the `value` will either be a static string for `pos` values of `0` or missing and taken from the captured field.
56
56
 
57
+ The `example` string can be base64 encoded to permit the use of unprintable characters. To signal this to Recog an `_encoding` attribute with the value of `base64` is added to the `example` element. Based64 encoded text that is longer than 80 characters may be wrapped with newlines as shown below to aid in readability.
58
+
59
+ ````
60
+ <example _encoding="base64">
61
+ dGllczGEAAAAlQQWMS4yLjg0MC4xMTM1NTYuMS40LjgwMAQuZGF0YS5yZW1vdmVkLjCEAAAAK
62
+ AQdZG9tYWluQ29udHJvbGxlckZ1bmN0aW9uYWxpdHkxhAAAAAMEATc=
63
+ </example>
64
+ ````
65
+
57
66
  ### Testing
58
67
 
59
68
  Once a fingerprint has been added, the `example` entries can be tested by executing `bin/recog_verify` against the fingerprint file:
@@ -73,4 +82,3 @@ Matches can be tested on the command-line in a similar fashion:
73
82
 
74
83
  * Create a single fingerprint for each product as long as the pattern remains clear and readable. If that is not possible, the pattern should be logically decomposed into additional fingerprints.
75
84
  * Create regular expressions that allow for flexible version number matching. This ensures greater probability of matching a product. For example, all known public releases of a product report either `major.minor` or `major.minor.build` format version numbers. If the fingerprint strictly matches this version number format, it would fail to match a modified build of the product that reports only a `major` version number format.
76
-
@@ -100,6 +100,7 @@ class Fingerprint
100
100
  # Ensure that all the attributes as provided by the example were parsed
101
101
  # out correctly and match the capture group values we expect.
102
102
  test.attributes.each do |k, v|
103
+ next if k == '_encoding'
103
104
  if !result.has_key?(k) || result[k] != v
104
105
  message = "'#{@name}' failed to find expected capture group #{k} '#{v}'"
105
106
  status = :fail
@@ -3,8 +3,13 @@ class Recog::Fingerprint::Test
3
3
  attr_accessor :content
4
4
  attr_accessor :attributes
5
5
  def initialize(content, attributes=[])
6
- @content = content
7
6
  @attributes = attributes
7
+
8
+ if @attributes['_encoding'] && @attributes['_encoding'] == 'base64'
9
+ @content = content.to_s.unpack('m*').first
10
+ else
11
+ @content = content
12
+ end
8
13
  end
9
14
 
10
15
  def to_s
@@ -1,3 +1,3 @@
1
1
  module Recog
2
- VERSION = '2.0.21'
2
+ VERSION = '2.0.22'
3
3
  end
@@ -71,6 +71,7 @@ describe Recog::DB do
71
71
  expect(match).to_not be_nil, 'Regex did not match'
72
72
  # test any extractions specified in the example
73
73
  example.attributes.each_pair do |k,v|
74
+ next if k == '_encoding'
74
75
  expect(match[k]).to eq(v), "Regex didn't extract expected value for fingerprint attribute #{k} -- got #{match[k]} instead of #{v}"
75
76
  end
76
77
  end
@@ -0,0 +1,735 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <!--
3
+ Notes: Ruby will fail to build the RegExp if it contains \x84 which is a standard
4
+ byte in ASN.1 Sequence length fields.
5
+ -->
6
+ <fingerprints matches="ldap.search_result">
7
+
8
+ <!--
9
+ Samba - position prior to Windows entries due to regex. When testing new
10
+ Samba fingerprints make sure you disable the matches for the version of
11
+ Windows that Samba is eumlating or else the Windows fallback fingerprint for
12
+ the given OS version may match.
13
+ -->
14
+ <fingerprint pattern="(?m:vendorName1.\x04.Samba.*domainControllerFunctionality1.{1,5}\x04\x014)">
15
+ <description>Samba Active Directory Controller</description>
16
+ <example _encoding="base64">
17
+ dmVuZG9yTmFtZTEfBB1TYW1iYSBUZWFtIChodHRwOi8vc2FtYmEub3JnKS5kYXRhLnJlbW92Z
18
+ WQuBB1kb21haW5Db250cm9sbGVyRnVuY3Rpb25hbGl0eTEDBAE0MB4=
19
+ </example>
20
+ <param pos="0" name="service.vendor" value="Samba"/>
21
+ <param pos="0" name="service.product" value="Active Directory Controller"/>
22
+ </fingerprint>
23
+
24
+ <fingerprint pattern="(?m:vendorName1.\x04.Samba.*domainFunctionality1.\x04\x0100.\x04\x13forestFunctionality1\x03\x04\x0100)">
25
+ <description>Samba Active Directory Controller emulating Windows 2000</description>
26
+ <example _encoding="base64">
27
+ dmVuZG9yTmFtZTEfBB1TYW1iYSBUZWFtIChodHRwOi8vc2FtYmEub3JnKS5kYXRhLnJlbW92Z
28
+ WQuZG9tYWluRnVuY3Rpb25hbGl0eTEDBAEwMBoEE2ZvcmVzdEZ1bmN0aW9uYWxpdHkxAwQBMD
29
+ AeBBQ=
30
+ </example>
31
+ <param pos="0" name="service.vendor" value="Samba"/>
32
+ <param pos="0" name="service.product" value="Active Directory Controller"/>
33
+ </fingerprint>
34
+
35
+
36
+ <!--
37
+ Windows Active Directory and Lightweight Directory Server (ADAM)
38
+
39
+ domainControllerFunctionality reference:
40
+ https://msdn.microsoft.com/en-us/library/cc223272.aspx
41
+
42
+ supportedCapabilities reference (for Windows 2000)
43
+ https://msdn.microsoft.com/en-us/library/cc223359.aspx
44
+
45
+ 1.2.840.113556.1.4.800 = Active Directory Controller
46
+ 1.2.840.113556.1.4.1851 = Lightweight Directory Server / ADAM
47
+ -->
48
+
49
+ <!-- Windows 2016 -->
50
+ <fingerprint pattern="(?im:1.2.840.113556.1.4.800.*domainControllerFunctionality1.{1,5}\x04\x017)">
51
+ <description>Active Directory Controller on Windows Server 2016</description>
52
+ <example _encoding="base64">
53
+ dGllczGEAAAAlQQWMS4yLjg0MC4xMTM1NTYuMS40LjgwMAQuZGF0YS5yZW1vdmVkLjCEAAAAK
54
+ AQdZG9tYWluQ29udHJvbGxlckZ1bmN0aW9uYWxpdHkxhAAAAAMEATc=
55
+ </example>
56
+ <param pos="0" name="service.vendor" value="Microsoft"/>
57
+ <param pos="0" name="service.product" value="Active Directory Controller"/>
58
+ <param pos="0" name="os.vendor" value="Microsoft"/>
59
+ <param pos="0" name="os.family" value="Windows"/>
60
+ <param pos="0" name="os.product" value="Windows Server 2016"/>
61
+ </fingerprint>
62
+
63
+ <fingerprint pattern="(?im:1.2.840.113556.1.4.1851.*domainControllerFunctionality1.{1,5}\x04\x017)">
64
+ <description>Microsoft LDS on Windows Server Server 2016</description>
65
+ <example _encoding="base64">
66
+ aWVzMYQAAACvBBcxLjIuODQwLjExMzU1Ni4xLjQuMTg1MQQuZGF0YS5yZW1vdmVkLjCEAAAAK
67
+ AQdZG9tYWluQ29udHJvbGxlckZ1bmN0aW9uYWxpdHkxhAAAAAMEATc=
68
+ </example>
69
+ <param pos="0" name="service.vendor" value="Microsoft"/>
70
+ <param pos="0" name="service.product" value="Lightweight Directory Server"/>
71
+ <param pos="0" name="os.vendor" value="Microsoft"/>
72
+ <param pos="0" name="os.family" value="Windows"/>
73
+ <param pos="0" name="os.product" value="Windows Server 2016"/>
74
+ </fingerprint>
75
+
76
+ <fingerprint pattern="(?im:domainControllerFunctionality1.{1,5}\x04\x017)">
77
+ <description>Windows Server Server 2016</description>
78
+ <example _encoding="base64">
79
+ MIQAAAAoBB1kb21haW5Db250cm9sbGVyRnVuY3Rpb25hbGl0eTGEAAAAAwQBNw==
80
+ </example>
81
+ <param pos="0" name="os.vendor" value="Microsoft"/>
82
+ <param pos="0" name="os.family" value="Windows"/>
83
+ <param pos="0" name="os.product" value="Windows Server 2016"/>
84
+ </fingerprint>
85
+
86
+
87
+
88
+ <!-- Windows 2012 R2 -->
89
+ <fingerprint pattern="(?im:1.2.840.113556.1.4.800.*domainControllerFunctionality1.{1,5}\x04\x016)">
90
+ <description>Active Directory Controller on Windows Server 2012 R2</description>
91
+ <example _encoding="base64">
92
+ ZXMxhAAAAJUEFjEuMi44NDAuMTEzNTU2LjEuNC44MDAELmRhdGEucmVtb3ZlZC6EAAAAKAQdZ
93
+ G9tYWluQ29udHJvbGxlckZ1bmN0aW9uYWxpdHkxhAAAAAMEATYw
94
+ </example>
95
+ <param pos="0" name="service.vendor" value="Microsoft"/>
96
+ <param pos="0" name="service.product" value="Active Directory Controller"/>
97
+ <param pos="0" name="os.vendor" value="Microsoft"/>
98
+ <param pos="0" name="os.family" value="Windows"/>
99
+ <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
100
+ </fingerprint>
101
+
102
+ <fingerprint pattern="(?im:1.2.840.113556.1.4.1851.*domainControllerFunctionality1.{1,5}\x04\x016)">
103
+ <description>Microsoft LDS on Windows Server Server 2012 R2</description>
104
+ <example _encoding="base64">
105
+ aWVzMYQAAACvBBcxLjIuODQwLjExMzU1Ni4xLjQuMTg1MQQuZGF0YS5yZW1vdmVkLoQAAAAoB
106
+ B1kb21haW5Db250cm9sbGVyRnVuY3Rpb25hbGl0eTGEAAAAAwQBNjA=
107
+ </example>
108
+ <param pos="0" name="service.vendor" value="Microsoft"/>
109
+ <param pos="0" name="service.product" value="Lightweight Directory Server"/>
110
+ <param pos="0" name="os.vendor" value="Microsoft"/>
111
+ <param pos="0" name="os.family" value="Windows"/>
112
+ <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
113
+ </fingerprint>
114
+
115
+ <fingerprint pattern="(?im:domainControllerFunctionality1.{1,5}\x04\x016)">
116
+ <description>Windows Server Server 2012 R2</description>
117
+ <example _encoding="base64">
118
+ MIQAAAAoBB1kb21haW5Db250cm9sbGVyRnVuY3Rpb25hbGl0eTGEAAAAAwQBNjA=
119
+ </example>
120
+ <param pos="0" name="os.vendor" value="Microsoft"/>
121
+ <param pos="0" name="os.family" value="Windows"/>
122
+ <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
123
+ </fingerprint>
124
+
125
+
126
+
127
+ <!-- Windows 2012 -->
128
+ <fingerprint pattern="(?im:1.2.840.113556.1.4.800.*domainControllerFunctionality1.{1,5}\x04\x015)">
129
+ <description>Active Directory Controller on Windows Server 2012</description>
130
+ <example _encoding="base64">
131
+ aWVzMYQAAACVBBYxLjIuODQwLjExMzU1Ni4xLjQuODAwBC5kYXRhLnJlbW92ZWQwhAAAACgEH
132
+ WRvbWFpbkNvbnRyb2xsZXJGdW5jdGlvbmFsaXR5MYQAAAADBAE1MA==
133
+ </example>
134
+ <param pos="0" name="service.vendor" value="Microsoft"/>
135
+ <param pos="0" name="service.product" value="Active Directory Controller"/>
136
+ <param pos="0" name="os.vendor" value="Microsoft"/>
137
+ <param pos="0" name="os.family" value="Windows"/>
138
+ <param pos="0" name="os.product" value="Windows Server 2012"/>
139
+ </fingerprint>
140
+
141
+ <fingerprint pattern="(?im:1.2.840.113556.1.4.1851.*domainControllerFunctionality1.{1,5}\x04\x015)">
142
+ <description>Microsoft LDS on Windows Server 2012 R2</description>
143
+ <example _encoding="base64">
144
+ ZXMxhAAAAK8EFzEuMi44NDAuMTEzNTU2LjEuNC4xODUxBC5kYXRhLnJlbW92ZWQuMIQAAAAoB
145
+ B1kb21haW5Db250cm9sbGVyRnVuY3Rpb25hbGl0eTGEAAAAAwQBNTA=
146
+ </example>
147
+ <param pos="0" name="service.vendor" value="Microsoft"/>
148
+ <param pos="0" name="service.product" value="Lightweight Directory Server"/>
149
+ <param pos="0" name="os.vendor" value="Microsoft"/>
150
+ <param pos="0" name="os.family" value="Windows"/>
151
+ <param pos="0" name="os.product" value="Windows Server 2012"/>
152
+ </fingerprint>
153
+
154
+ <fingerprint pattern="(?im:domainControllerFunctionality1.{1,5}\x04\x015)">
155
+ <description>Windows Server Server 2012</description>
156
+ <example _encoding="base64">
157
+ MIQAAAAoBB1kb21haW5Db250cm9sbGVyRnVuY3Rpb25hbGl0eTGEAAAAAwQBNTA=
158
+ </example>
159
+ <param pos="0" name="os.vendor" value="Microsoft"/>
160
+ <param pos="0" name="os.family" value="Windows"/>
161
+ <param pos="0" name="os.product" value="Windows Server 2012"/>
162
+ </fingerprint>
163
+
164
+ <!-- Windows 2008 R2 -->
165
+ <fingerprint pattern="(?im:1.2.840.113556.1.4.800.*domainControllerFunctionality1.{1,5}\x04\x014)">
166
+ <description>Active Directory Controller on Windows Server 2008 R2</description>
167
+ <example _encoding="base64">
168
+ aWVzMYQAAACVBBYxLjIuODQwLjExMzU1Ni4xLjQuODAwBC5kYXRhLnJlbW92ZWQuMIQAAAAoB
169
+ B1kb21haW5Db250cm9sbGVyRnVuY3Rpb25hbGl0eTGEAAAAAwQBNDA=
170
+ </example>
171
+ <param pos="0" name="service.vendor" value="Microsoft"/>
172
+ <param pos="0" name="service.product" value="Active Directory Controller"/>
173
+ <param pos="0" name="os.vendor" value="Microsoft"/>
174
+ <param pos="0" name="os.family" value="Windows"/>
175
+ <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
176
+ </fingerprint>
177
+
178
+ <fingerprint pattern="(?im:1.2.840.113556.1.4.1851.*domainControllerFunctionality1.{1,5}\x04\x014)">
179
+ <description>Microsoft LDS on Windows Server Server 2008 R2</description>
180
+ <example _encoding="base64">
181
+ aWVzMYQAAACvBBcxLjIuODQwLjExMzU1Ni4xLjQuMTg1MQQuZGF0YS5yZW1vdmVkLoQAAAAoB
182
+ B1kb21haW5Db250cm9sbGVyRnVuY3Rpb25hbGl0eTGEAAAAAwQBNDA=
183
+ </example>
184
+ <param pos="0" name="service.vendor" value="Microsoft"/>
185
+ <param pos="0" name="service.product" value="Lightweight Directory Server"/>
186
+ <param pos="0" name="os.vendor" value="Microsoft"/>
187
+ <param pos="0" name="os.family" value="Windows"/>
188
+ <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
189
+ </fingerprint>
190
+
191
+ <!--
192
+ This generic match for domainControllerFunctionality = 4 will capture
193
+ current Samba implementations. Disable the fingerprint below when testing Samba
194
+ -->
195
+ <fingerprint pattern="(?im:domainControllerFunctionality1.{1,5}\x04\x014)">
196
+ <description>Windows Server Server 2008 R2</description>
197
+ <example _encoding="base64">
198
+ MIQAAAAoBB1kb21haW5Db250cm9sbGVyRnVuY3Rpb25hbGl0eTGEAAAAAwQBNDA=
199
+ </example>
200
+ <param pos="0" name="os.vendor" value="Microsoft"/>
201
+ <param pos="0" name="os.family" value="Windows"/>
202
+ <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
203
+ </fingerprint>
204
+
205
+ <!-- Windows 2008 -->
206
+ <fingerprint pattern="(?im:1.2.840.113556.1.4.800.*domainControllerFunctionality1.{1,5}\x04\x013)">
207
+ <description>Active Directory Controller on Windows Server 2008</description>
208
+ <example _encoding="base64">
209
+ aWVzMYQAAACVBBYxLjIuODQwLjExMzU1Ni4xLjQuODAwBC5kYXRhLnJlbW92ZWQuMIQAAAAoB
210
+ B1kb21haW5Db250cm9sbGVyRnVuY3Rpb25hbGl0eTGEAAAAAwQBMzA=
211
+ </example>
212
+ <param pos="0" name="service.vendor" value="Microsoft"/>
213
+ <param pos="0" name="service.product" value="Active Directory Controller"/>
214
+ <param pos="0" name="os.vendor" value="Microsoft"/>
215
+ <param pos="0" name="os.family" value="Windows"/>
216
+ <param pos="0" name="os.product" value="Windows Server 2008"/>
217
+ </fingerprint>
218
+
219
+ <fingerprint pattern="(?im:1.2.840.113556.1.4.1851.*domainControllerFunctionality1.{1,5}\x04\x013)">
220
+ <description>Microsoft LDS on Windows Server 2008</description>
221
+ <example _encoding="base64">
222
+ aWVzMYQAAACvBBcxLjIuODQwLjExMzU1Ni4xLjQuMTg1MQQuZGF0YS5yZW1vdmVkLjCEAAAAK
223
+ AQdZG9tYWluQ29udHJvbGxlckZ1bmN0aW9uYWxpdHkxhAAAAAMEATMw
224
+ </example>
225
+ <param pos="0" name="service.vendor" value="Microsoft"/>
226
+ <param pos="0" name="service.product" value="Lightweight Directory Server"/>
227
+ <param pos="0" name="os.vendor" value="Microsoft"/>
228
+ <param pos="0" name="os.family" value="Windows"/>
229
+ <param pos="0" name="os.product" value="Windows Server 2008"/>
230
+ </fingerprint>
231
+
232
+ <fingerprint pattern="(?im:domainControllerFunctionality1.{1,5}\x04\x013)">
233
+ <description>Windows Server Server 2008</description>
234
+ <example _encoding="base64">
235
+ MIQAAAAoBB1kb21haW5Db250cm9sbGVyRnVuY3Rpb25hbGl0eTGEAAAAAwQBMzA=
236
+ </example>
237
+ <param pos="0" name="os.vendor" value="Microsoft"/>
238
+ <param pos="0" name="os.family" value="Windows"/>
239
+ <param pos="0" name="os.product" value="Windows Server 2008"/>
240
+ </fingerprint>
241
+
242
+ <!-- Windows 2003 -->
243
+ <fingerprint pattern="(?im:1.2.840.113556.1.4.800.*domainControllerFunctionality1.{1,5}\x04\x012)">
244
+ <description>Active Directory Controller on Windows Server 2003</description>
245
+ <example _encoding="base64">
246
+ aWVzMYQAAACVBBYxLjIuODQwLjExMzU1Ni4xLjQuODAwBC5kYXRhLnJlbW92ZWQuMIQAAAAoB
247
+ B1kb21haW5Db250cm9sbGVyRnVuY3Rpb25hbGl0eTGEAAAAAwQBMjA=
248
+ </example>
249
+ <param pos="0" name="service.vendor" value="Microsoft"/>
250
+ <param pos="0" name="service.product" value="Active Directory Controller"/>
251
+ <param pos="0" name="os.vendor" value="Microsoft"/>
252
+ <param pos="0" name="os.family" value="Windows"/>
253
+ <param pos="0" name="os.product" value="Windows Server 2003"/>
254
+ </fingerprint>
255
+
256
+ <fingerprint pattern="(?im:1.2.840.113556.1.4.1851.*domainControllerFunctionality1.{1,5}\x04\x012)">
257
+ <description>Microsoft LDS on Windows Server 2003</description>
258
+ <example _encoding="base64">
259
+ aWVzMYQAAACvBBcxLjIuODQwLjExMzU1Ni4xLjQuMTg1MQQuZGF0YS5yZW1vdmVkLjCEAAAAK
260
+ AQdZG9tYWluQ29udHJvbGxlckZ1bmN0aW9uYWxpdHkxhAAAAAMEATIw
261
+ </example>
262
+ <param pos="0" name="service.vendor" value="Microsoft"/>
263
+ <param pos="0" name="service.product" value="Lightweight Directory Server"/>
264
+ <param pos="0" name="os.vendor" value="Microsoft"/>
265
+ <param pos="0" name="os.family" value="Windows"/>
266
+ <param pos="0" name="os.product" value="Windows Server 2003"/>
267
+ </fingerprint>
268
+
269
+ <fingerprint pattern="(?im:domainControllerFunctionality1.{1,5}\x04\x012)">
270
+ <description>Windows Server Server 2003</description>
271
+ <example _encoding="base64">
272
+ MIQAAAAoBB1kb21haW5Db250cm9sbGVyRnVuY3Rpb25hbGl0eTGEAAAAAwQBMjA=
273
+ </example>
274
+ <param pos="0" name="os.vendor" value="Microsoft"/>
275
+ <param pos="0" name="os.family" value="Windows"/>
276
+ <param pos="0" name="os.product" value="Windows Server 2003"/>
277
+ </fingerprint>
278
+
279
+ <!-- Win Server 2000 Service Pack 3 only has two matching supportedCapabilities OIDs, match them and look for explicit end-->
280
+ <fingerprint pattern="(?im:supportedCapabilities1.{1,5}\x04\x161.2.840.113556.1.4.800\x04\x171.2.840.113556.1.4.17910.{1,5}\x04.(?:supportedControl|isSynchronized))">
281
+ <description>Active Directory Controller on Windows Server 2000 SP 3</description>
282
+ <example _encoding="base64">
283
+ c3VwcG9ydGVkQ2FwYWJpbGl0aWVzMTEEFjEuMi44NDAuMTEzNTU2LjEuNC44MDAEFzEuMi44N
284
+ DAuMTEzNTU2LjEuNC4xNzkxMEQEEHN1cHBvcnRlZENvbnRyb2x8
285
+ </example>
286
+ <example _encoding="base64">
287
+ c3VwcG9ydGVkQ2FwYWJpbGl0aWVzMTEEFjEuMi44NDAuMTEzNTU2LjEuNC44MDAEFzEuMi44N
288
+ DAuMTEzNTU2LjEuNC4xNzkxMIQAAAAcBA5pc1N5bmNocm9uaXplZDE=
289
+ </example>
290
+ <param pos="0" name="service.vendor" value="Microsoft"/>
291
+ <param pos="0" name="service.product" value="Active Directory Controller"/>
292
+ <param pos="0" name="os.vendor" value="Microsoft"/>
293
+ <param pos="0" name="os.family" value="Windows"/>
294
+ <param pos="0" name="os.product" value="Windows Server 2000"/>
295
+ <param pos="0" name="os.version" value="Windows Server 2000 SP3"/>
296
+ </fingerprint>
297
+
298
+ <!-- Win Server 2000 RTM only has a single matching supportedCapabilities OID, match it and look for explicit end-->
299
+ <fingerprint pattern="(?im:supportedCapabilities1.{1,5}\x04\x161.2.840.113556.1.4.8000.{1,5}\x04.isSynchronized1)">
300
+ <description>Active Directory Controller on Windows Server 2000</description>
301
+ <example _encoding="base64">
302
+ c3VwcG9ydGVkQ2FwYWJpbGl0aWVzMYQAAAAYBBYxLjIuODQwLjExMzU1Ni4xLjQuODAwMIQAA
303
+ AAcBA5pc1N5bmNocm9uaXplZDE=
304
+ </example>
305
+ <param pos="0" name="service.vendor" value="Microsoft"/>
306
+ <param pos="0" name="service.product" value="Active Directory Controller"/>
307
+ <param pos="0" name="os.vendor" value="Microsoft"/>
308
+ <param pos="0" name="os.family" value="Windows"/>
309
+ <param pos="0" name="os.product" value="Windows Server 2000"/>
310
+ </fingerprint>
311
+
312
+ <!-- End of Microsoft Windows Section -->
313
+
314
+ <fingerprint pattern="(?im:top\x04..penLDAProotDSE)">
315
+ <description>OpenLDAP</description>
316
+ <example _encoding="base64">
317
+ dm9iamVjdENsYXNzMRYEA3RvcAQPT3BlbkxEQVByb290RFNFMA==
318
+ </example>
319
+ <param pos="0" name="service.vendor" value="OpenLDAP"/>
320
+ <param pos="0" name="service.product" value="OpenLDAP"/>
321
+ </fingerprint>
322
+
323
+ <fingerprint pattern="(?i:namingcontexts1.\x04.fn=ContactRoot0.[\x02\x04])">
324
+ <description>Kerio Connect</description>
325
+ <example service.product="Connect" _encoding="base64">
326
+ bmFtaW5nQ29udGV4dHMxEAQOZm49Q29udGFjdFJvb3QwKAQUZGVmYXVsdE5hbWluZ0NvbnRle
327
+ HQx
328
+ </example>
329
+ <param pos="0" name="service.vendor" value="Kerio"/>
330
+ <param pos="0" name="service.product" value="Connect"/>
331
+ </fingerprint>
332
+
333
+ <fingerprint pattern="(?im:vmwPlatformServicesControllerVersion1.\x04.(\d\.\d\.\d)0.)">
334
+ <description>VMware Platform Services Controller</description>
335
+ <example service.version="6.0.0" _encoding="base64">
336
+ dm13UGxhdGZvcm1TZXJ2aWNlc0NvbnRyb2xsZXJWZXJzaW9uMQcEBTYuMC4wMCc=
337
+ </example>
338
+ <param pos="0" name="service.vendor" value="VMware"/>
339
+ <param pos="0" name="service.product" value="Platform Services Controller"/>
340
+ <param pos="1" name="service.version"/>
341
+ </fingerprint>
342
+
343
+ <!-- Fedora / 389 Project family -->
344
+ <!-- http://directory.fedoraproject.org/docs/389ds/FAQ/history.html -->
345
+ <fingerprint pattern="(?i:vendorname1.\x04.Fedora Project0.\x04\rvendorversion1.\x04.Fedora-Directory/(\d\.\d[\w.]* B\d+\.\d+\.\d+))">
346
+ <description>Fedora Project Fedora Directory Server</description>
347
+ <example service.version="1.0.4 B2006.312.5450" _encoding="base64">
348
+ dmVuZG9yTmFtZTEQBA5GZWRvcmEgUHJvamVjdDA3BA12ZW5kb3JWZXJzaW9uMSYEJEZlZG9yY
349
+ S1EaXJlY3RvcnkvMS4wLjQgQjIwMDYuMzEyLjU0NTA=
350
+ </example>
351
+ <example service.version="1.0.4 B2007.304.11380" _encoding="base64">
352
+ dmVuZG9yTmFtZTEQBA5GZWRvcmEgUHJvamVjdDA4BA12ZW5kb3JWZXJzaW9uMScEJUZlZG9yY
353
+ S1EaXJlY3RvcnkvMS4wLjQgQjIwMDcuMzA0LjExMzgw
354
+ </example>
355
+ <param pos="0" name="service.vendor" value="Fedora Project"/>
356
+ <param pos="0" name="service.product" value="Fedora Directory Server"/>
357
+ <param pos="1" name="service.version"/>
358
+ </fingerprint>
359
+
360
+ <fingerprint pattern="(?i:vendorname1.\x04.389 Project0.\x04\rvendorversion1.\x04.389-Directory/(\d\.\d[\w.]* B\d+\.\d+\.\d+))">
361
+ <description>389 Project 389 Directory Server</description>
362
+ <example service.version="1.2.11.25 B2013.325.19510" _encoding="base64">
363
+ dmVuZG9yTmFtZTENBAszODkgUHJvamVjdDA5BA12ZW5kb3JWZXJzaW9uMSgEJjM4OS1EaXJlY
364
+ 3RvcnkvMS4yLjExLjI1IEIyMDEzLjMyNS4xOTUxMA==
365
+ </example>
366
+ <param pos="0" name="service.vendor" value="389 Project"/>
367
+ <param pos="0" name="service.product" value="389 Directory Server"/>
368
+ <param pos="1" name="service.version"/>
369
+ </fingerprint>
370
+
371
+ <fingerprint pattern="(?im:vendorName1.\x04.CentOS0.\x04\rvendorVersion1.\x04.CentOS-Directory/(\d\.\d[\w.]* B\d+\.\d+\.\d+).\x04\v)">
372
+ <description>CentOS CentOS Directory Server</description>
373
+ <example service.version="8.2.8 B2012.041.12270" _encoding="base64">
374
+ dmVuZG9yTmFtZTEIBAZDZW50T1MwOAQNdmVuZG9yVmVyc2lvbjEnBCVDZW50T1MtRGlyZWN0b
375
+ 3J5LzguMi44IEIyMDEyLjA0MS4xMjI3MC8ECw==
376
+ </example>
377
+ <param pos="0" name="service.vendor" value="CentOS"/>
378
+ <param pos="0" name="service.product" value="CentOS Directory Server"/>
379
+ <param pos="1" name="service.version"/>
380
+ </fingerprint>
381
+
382
+ <fingerprint pattern="(?im:vendorName1.\x04.Red Hat(?:, Inc.)?0.\x04\rvendorVersion1.\x04.Red Hat-Directory/(\d\.\d[\w.]* B\d+\.\d+\.\d+).\x04\v)">
383
+ <description>Red Hat Red Hat Directory Server</description>
384
+ <example service.version="8.2.0 B2010.210.0590" _encoding="base64">
385
+ dmVuZG9yTmFtZTEJBAdSZWQgSGF0MDgEDXZlbmRvclZlcnNpb24xJwQlUmVkIEhhdC1EaXJlY
386
+ 3RvcnkvOC4yLjAgQjIwMTAuMjEwLjA1OTAgBAs=
387
+ </example>
388
+ <param pos="0" name="service.vendor" value="Red Hat"/>
389
+ <param pos="0" name="service.product" value="Red Hat Directory Server"/>
390
+ <param pos="1" name="service.version"/>
391
+ </fingerprint>
392
+
393
+ <fingerprint pattern="(?i:vendorname1.\x04.Netscape Communications Corp.0.\x04\rvendorversion1.\x04.Netscape-Directory/(\d\.\d[\d.]* B\d+\.\d+\.\d+).\x04\v)">
394
+ <description>Netscape Directory Server</description>
395
+ <example service.version="6.11 B2002.281.08530" _encoding="base64">
396
+ dmVuZG9yTmFtZTEfBB1OZXRzY2FwZSBDb21tdW5pY2F0aW9ucyBDb3JwLjA5BA12ZW5kb3JWZ
397
+ XJzaW9uMSgEJk5ldHNjYXBlLURpcmVjdG9yeS82LjExIEIyMDAyLjI4MS4wODUzMC8ECw==
398
+ </example>
399
+ <example service.version="6.11 B2002.281.08530" _encoding="base64">
400
+ dmVuZG9ybmFtZTEfBB1OZXRzY2FwZSBDb21tdW5pY2F0aW9ucyBDb3JwLjA5BA12ZW5kb3J2Z
401
+ XJzaW9uMSgEJk5ldHNjYXBlLURpcmVjdG9yeS82LjExIEIyMDAyLjI4MS4wODUzMC8ECw==
402
+ </example>
403
+ <param pos="0" name="service.vendor" value="Netscape"/>
404
+ <param pos="0" name="service.product" value="Netscape Directory Server"/>
405
+ <param pos="1" name="service.version"/>
406
+ </fingerprint>
407
+
408
+ <fingerprint pattern="(?im:IBM Lotus Software0.\x04\rvendorversion1.\x04.Release (\d+\.\d+[\w .]*)0.\x04.dominomajminversion)">
409
+ <description>IBM (Lotus) Domino LDAP Server</description>
410
+ <example service.version="8.5.3" _encoding="base64">
411
+ SUJNIExvdHVzIFNvZnR3YXJlMCAEDXZlbmRvcnZlcnNpb24xDwQNUmVsZWFzZSA4LjUuMzAeB
412
+ BNkb21pbm9tYWptaW52ZXJzaW9uMQcE
413
+ </example>
414
+ <example service.version="9.0.1FP6 HF130" _encoding="base64">
415
+ SUJNIExvdHVzIFNvZnR3YXJlMCkEDXZlbmRvcnZlcnNpb24xGAQWUmVsZWFzZSA5LjAuMUZQN
416
+ iBIRjEzMDAeBBNkb21pbm9tYWptaW52ZXJzaW9uMQcE
417
+ </example>
418
+ <param pos="0" name="service.vendor" value="IBM"/>
419
+ <param pos="0" name="service.product" value="Domino LDAP Server"/>
420
+ <param pos="1" name="service.version"/>
421
+ </fingerprint>
422
+
423
+ <fingerprint pattern="(?im:IBM Lotus Software0.\x04\rvendorversion1.\x04.Release (\d+\.\d+[\w .]*)0\f)">
424
+ <description>IBM (Lotus) Domino LDAP Server</description>
425
+ <example service.version="9.0.1FP4 HF523" _encoding="base64">
426
+ dmVuZG9ybmFtZTEUBBJJQk0gTG90dXMgU29mdHdhcmUwKQQNdmVuZG9ydmVyc2lvbjEYBBZSZ
427
+ WxlYXNlIDkuMC4xRlA0IEhGNTIzMAwC
428
+ </example>
429
+ <param pos="0" name="service.vendor" value="IBM"/>
430
+ <param pos="0" name="service.product" value="Domino LDAP Server"/>
431
+ <param pos="1" name="service.version"/>
432
+ </fingerprint>
433
+
434
+ <fingerprint pattern="(?im:IBM Lotus Software0.\x04\rvendorversion1.\x04.Build (V[\w .]*)0.\x04.dominomajminversion)">
435
+ <description>IBM (Lotus) Domino LDAP Server</description>
436
+ <example service.version="V902_12302013" _encoding="base64">
437
+ SUJNIExvdHVzIFNvZnR3YXJlMCYEDXZlbmRvcnZlcnNpb24xFQQTQnVpbGQgVjkwMl8xMjMwM
438
+ jAxMzAeBBNkb21pbm9tYWptaW52ZXJzaW9uMQcE
439
+ </example>
440
+ <param pos="0" name="service.vendor" value="IBM"/>
441
+ <param pos="0" name="service.product" value="Domino LDAP Server"/>
442
+ <param pos="1" name="service.version"/>
443
+ </fingerprint>
444
+
445
+ <!-- Attachmate Group (NetIQ) purchased Novell in 2011, and then merged w/ Micro Focus in 2014 -->
446
+ <fingerprint pattern="(?im:vendorName1\x13\x04\x11NetIQ Corporation0.\x04\rvendorVersion.{4}LDAP Agent for NetIQ eDirectory (\d+\.\d+[\d.]* [\w ]*\([\d.]+\))0.\x04)">
447
+ <description>NetIQ LDAP Agent for eDirectory</description>
448
+ <example service.version="8.8 SP8 (20808.06)" _encoding="base64">
449
+ eDA0CnZlbmRvck5hbWUxEwQRTmV0SVEgQ29ycG9yYXRpb24wRQQNdmVuZG9yVmVyc2lvbjE0B
450
+ DJMREFQIEFnZW50IGZvciBOZXRJUSBlRGlyZWN0b3J5IDguOCBTUDggKDIwODA4LjA2KTBJBA
451
+ ==
452
+ </example>
453
+ <param pos="0" name="service.vendor" value="NetIQ"/>
454
+ <param pos="0" name="service.product" value="LDAP Agent for eDirectory"/>
455
+ <param pos="1" name="service.version"/>
456
+ </fingerprint>
457
+
458
+ <fingerprint pattern="(?im:vendorName1\x0E\x04\fNovell, Inc.0.\x04\rvendorVersion.{4}LDAP Agent for Novell eDirectory (\d+\.\d+[\d.]* [\w ]*\([\d.]+\))0.\x04)">
459
+ <description>Novell LDAP Agent for eDirectory</description>
460
+ <example service.version="8.7.3.8 (10554.99)" _encoding="base64">
461
+ dmVuZG9yTmFtZTEOBAxOb3ZlbGwsIEluYy4wRgQNdmVuZG9yVmVyc2lvbjE1BDNMREFQIEFnZ
462
+ W50IGZvciBOb3ZlbGwgZURpcmVjdG9yeSA4LjcuMy44ICgxMDU1NC45OSkwKQQ=
463
+ </example>
464
+ <example service.version="8.8 SP4 (20217.05)" _encoding="base64">
465
+ dmVuZG9yTmFtZTEOBAxOb3ZlbGwsIEluYy4wRgQNdmVuZG9yVmVyc2lvbjE1BDNMREFQIEFnZ
466
+ W50IGZvciBOb3ZlbGwgZURpcmVjdG9yeSA4LjggU1A0ICgyMDIxNy4wNSkwHQQ=
467
+ </example>
468
+ <param pos="0" name="service.vendor" value="Novell"/>
469
+ <param pos="0" name="service.product" value="LDAP Agent for eDirectory"/>
470
+ <param pos="1" name="service.version"/>
471
+ </fingerprint>
472
+
473
+ <fingerprint pattern="(?im:vendorName1\x0E\x04\fNovell, Inc.0/\x04\rvendorVersion1\x1E\x04\x1CeDirectory v(\d+\.\d+[\d.]* [\w ]*\([\d.]+\))0.\x04)">
474
+ <description>Novell eDirectory</description>
475
+ <example service.version="8.6.2 (10350.18)" _encoding="base64">
476
+ dmVuZG9yTmFtZTEOBAxOb3ZlbGwsIEluYy4wLwQNdmVuZG9yVmVyc2lvbjEeBBxlRGlyZWN0b
477
+ 3J5IHY4LjYuMiAoMTAzNTAuMTgpMCcE
478
+ </example>
479
+ <param pos="0" name="service.vendor" value="Novell"/>
480
+ <param pos="0" name="service.product" value="eDirectory"/>
481
+ <param pos="1" name="service.version"/>
482
+ </fingerprint>
483
+
484
+ <!-- Various iterations of Sun, now Oracle, Directory Server -->
485
+ <fingerprint pattern="(?i:vendorname1\x18\x04\x16Sun Microsystems, Inc.0.+\x04\rvendorversion1.{1,2}\x04.{1,2}Sun[- ]Java\(tm\)[- ]System[- ]Directory(?: Server)?/(\d\.\d+[\w.]*)0.{1,3}\x04)">
486
+ <description>Sun Java(TM) System Directory Server</description>
487
+ <example service.version="5.2_Patch_6" _encoding="base64">
488
+ dmVuZG9yTmFtZTEYBBZTdW4gTWljcm9zeXN0ZW1zLCBJbmMuMEMEDXZlbmRvclZlcnNpb24xM
489
+ gQwU3VuIEphdmEoVE0pIFN5c3RlbSBEaXJlY3RvcnkgU2VydmVyLzUuMl9QYXRjaF82MC8E
490
+ </example>
491
+ <example service.version="6.2_PR_CUMULATIVE_6_2_6597523_6527909" _encoding="base64">
492
+ dmVuZG9yTmFtZTEYBBZTdW4gTWljcm9zeXN0ZW1zLCBJbmMuMFYEDXZlbmRvclZlcnNpb24xR
493
+ QRDU3VuLUphdmEodG0pLVN5c3RlbS1EaXJlY3RvcnkvNi4yX1BSX0NVTVVMQVRJVkVfNl8yXz
494
+ Y1OTc1MjNfNjUyNzkwOTBNBA==
495
+ </example>
496
+ <example service.version="6.3.1" _encoding="base64">
497
+ dmVuZG9yTmFtZTEYBBZTdW4gTWljcm9zeXN0ZW1zLCBJbmMuMDYEDXZlbmRvclZlcnNpb24xJ
498
+ QQjU3VuLUphdmEodG0pLVN5c3RlbS1EaXJlY3RvcnkvNi4zLjEwLwQ=
499
+ </example>
500
+ <example service.version="6.3.1.1.1" _encoding="base64">
501
+ dmVuZG9yTmFtZTEYBBZTdW4gTWljcm9zeXN0ZW1zLCBJbmMuMDoEDXZlbmRvclZlcnNpb24xK
502
+ QQnU3VuLUphdmEodG0pLVN5c3RlbS1EaXJlY3RvcnkvNi4zLjEuMS4xMIGJBA==
503
+ </example>
504
+ <param pos="0" name="service.vendor" value="Sun Microsystems"/>
505
+ <param pos="0" name="service.product" value="Sun Java System Directory Server"/>
506
+ <param pos="1" name="service.version"/>
507
+ </fingerprint>
508
+
509
+ <fingerprint pattern="(?i:vendorname1\x18\x04\x16Sun Microsystems, Inc.0.\x04\rvendorversion1.\x04.Sun-Directory-Server/([\w.]+)0.{1,3}\x04)">
510
+ <description>Sun Directory Server</description>
511
+ <example service.version="7.0" _encoding="base64">
512
+ dmVuZG9ybmFtZTEYBBZTdW4gTWljcm9zeXN0ZW1zLCBJbmMuMCsEDXZlbmRvcnZlcnNpb24xG
513
+ gQYU3VuLURpcmVjdG9yeS1TZXJ2ZXIvNy4wMC8E
514
+ </example>
515
+ <example service.version="7.0_sec" _encoding="base64">
516
+ dmVuZG9yTmFtZTEYBBZTdW4gTWljcm9zeXN0ZW1zLCBJbmMuMC8EDXZlbmRvclZlcnNpb24xH
517
+ gQcU3VuLURpcmVjdG9yeS1TZXJ2ZXIvNy4wX3NlYzAgBA==
518
+ </example>
519
+ <example service.version="11.1.1.3.0" _encoding="base64">
520
+ dmVuZG9yTmFtZTEYBBZTdW4gTWljcm9zeXN0ZW1zLCBJbmMuMDIEDXZlbmRvclZlcnNpb24xI
521
+ QQfU3VuLURpcmVjdG9yeS1TZXJ2ZXIvMTEuMS4xLjMuMDAgBA==
522
+ </example>
523
+ <param pos="0" name="service.vendor" value="Sun Microsystems"/>
524
+ <param pos="0" name="service.product" value="Sun Directory Server"/>
525
+ <param pos="1" name="service.version"/>
526
+ </fingerprint>
527
+
528
+ <fingerprint pattern="(?i:vendorname1\x14\x04\x12Oracle Corporation0.\x04\rvendorversion1.\x04.Sun-Directory-Server/([\w.]+)[0 ].{1,3}\x04)">
529
+ <description>Oracle Sun Directory Server</description>
530
+ <example service.version="11.1.1.7.2" _encoding="base64">
531
+ dmVuZG9yTmFtZTEUBBJPcmFjbGUgQ29ycG9yYXRpb24wMgQNdmVuZG9yVmVyc2lvbjEhBB9Td
532
+ W4tRGlyZWN0b3J5LVNlcnZlci8xMS4xLjEuNy4yMCAE
533
+ </example>
534
+ <example service.version="11.1.1.7.0_PR_16776826_16841985" _encoding="base64">
535
+ dmVuZG9yTmFtZTEUBBJPcmFjbGUgQ29ycG9yYXRpb24wRwQNdmVuZG9yVmVyc2lvbjE2BDRTd
536
+ W4tRGlyZWN0b3J5LVNlcnZlci8xMS4xLjEuNy4wX1BSXzE2Nzc2ODI2XzE2ODQxOTg1ME0E
537
+ </example>
538
+ <param pos="0" name="service.vendor" value="Oracle"/>
539
+ <param pos="0" name="service.product" value="Sun Directory Server"/>
540
+ <param pos="1" name="service.version"/>
541
+ </fingerprint>
542
+
543
+ <fingerprint pattern="(?im:vendorName1\x17\x04\x15Sun Microsystems, Inc0.\x04\rvendorVersion1.\x04.Directory Proxy Server ([\w.]+)0.\x04)">
544
+ <description>Sun Directory Proxy Server</description>
545
+ <example service.version="11.1.1.7.1" _encoding="base64">
546
+ dmVuZG9yTmFtZTEXBBVTdW4gTWljcm9zeXN0ZW1zLCBJbmMwNAQNdmVuZG9yVmVyc2lvbjEjB
547
+ CFEaXJlY3RvcnkgUHJveHkgU2VydmVyIDExLjEuMS43LjEwRQQ=
548
+ </example>
549
+ <param pos="0" name="service.vendor" value="Sun Microsystems"/>
550
+ <param pos="0" name="service.product" value="Sun Directory Proxy Server"/>
551
+ <param pos="1" name="service.version"/>
552
+ </fingerprint>
553
+
554
+ <!-- Very old, rare, same family as above. Roll into those? -->
555
+ <fingerprint pattern="(?i:vendorname1.\x04.Sun Microsystems, Inc.0.\x04\rvendorversion1.\x04.Sun-ONE-Directory/([\w.]+)0.\x04)">
556
+ <description>Sun ONE Directory Server</description>
557
+ <example service.version="5.2" _encoding="base64">
558
+ dmVuZG9yTmFtZTEYBBZTdW4gTWljcm9zeXN0ZW1zLCBJbmMuMCgEDXZlbmRvclZlcnNpb24xF
559
+ wQVU3VuLU9ORS1EaXJlY3RvcnkvNS4yMC8E
560
+ </example>
561
+ <example service.version="5.2_Patch_1" _encoding="base64">
562
+ dmVuZG9yTmFtZTEYBBZTdW4gTWljcm9zeXN0ZW1zLCBJbmMuMDAEDXZlbmRvclZlcnNpb24xH
563
+ wQdU3VuLU9ORS1EaXJlY3RvcnkvNS4yX1BhdGNoXzEwPgQ=
564
+ </example>
565
+ <param pos="0" name="service.vendor" value="Sun Microsystems"/>
566
+ <param pos="0" name="service.product" value="Sun ONE Directory Server"/>
567
+ <param pos="1" name="service.version"/>
568
+ </fingerprint>
569
+
570
+ <!-- IBM [Tivoli | Security] Directory Server -->
571
+
572
+ <fingerprint pattern="(?im:International Business Machines \(IBM\)0.*\x04\rvendorversion1.\x00\x00\x00.\x04.([\d.]+)0.\x00.*ibm-osregistrycontext1.\x00\x00\x00.\x04.OS400-SYS=)">
573
+ <description>IBM Security Directory Server on OS/400 (IBM i)</description>
574
+ <example service.version="5.2" _encoding="base64">
575
+ SW50ZXJuYXRpb25hbCBCdXNpbmVzcyBNYWNoaW5lcyAoSUJNKTCEAAAAGgQNdmVuZG9ydmVyc
576
+ 2lvbjGEAAAABQQDNS4yMIQAAAArBBxpYm0tc2xhcGRpc2NvbmZpZ3VyYXRpb25tb2RlMYQAAA
577
+ AHBAVGQUxTRTCEAAAARAQVaWJtLW9zcmVnaXN0cnljb250ZXh0MYQAAAAnBCVPUzQwMC1TWVM9
578
+ </example>
579
+ <param pos="0" name="os.vendor" value="IBM"/>
580
+ <param pos="0" name="os.family" value="OS/400"/>
581
+ <param pos="0" name="os.product" value="OS/400 (IBM i)"/>
582
+ <param pos="0" name="service.vendor" value="IBM"/>
583
+ <param pos="0" name="service.product" value="Security Directory Server"/>
584
+ <param pos="1" name="service.version"/>
585
+ </fingerprint>
586
+
587
+ <fingerprint pattern="(?im:vendorname1.+?\x04%International Business Machines \(IBM\)0.+?\x04\rvendorversion1.+?\x04.([\d.]+)0.[\x00\x02\x04])">
588
+ <description>IBM Security Directory Server</description>
589
+ <example service.version="5.1" _encoding="base64">
590
+ dmVuZG9ybmFtZTGEAAAAJwQlSW50ZXJuYXRpb25hbCBCdXNpbmVzcyBNYWNoaW5lcyAoSUJNK
591
+ TCEAAAAGgQNdmVuZG9ydmVyc2lvbjGEAAAABQQDNS4xMIQA
592
+ </example>
593
+ <example service.version="6.3.1" _encoding="base64">
594
+ dmVuZG9ybmFtZTGEAAAAJwQlSW50ZXJuYXRpb25hbCBCdXNpbmVzcyBNYWNoaW5lcyAoSUJNK
595
+ TCEAAAAHAQNdmVuZG9ydmVyc2lvbjGEAAAABwQFNi4zLjEwhAA=
596
+ </example>
597
+ <param pos="0" name="service.vendor" value="IBM"/>
598
+ <param pos="0" name="service.product" value="Security Directory Server"/>
599
+ <param pos="1" name="service.version"/>
600
+ </fingerprint>
601
+
602
+ <fingerprint pattern="(?im:vendorName1.\x00\x00\x00\v\x04\tMirapoint0.\x00\x00\x00.\x04\rvendorVersion1.\x00\x00\x00.\x04.([\d.]+)0.\x00)">
603
+ <description>Mirapoint LDAP Server</description>
604
+ <example service.version="3.2" _encoding="base64">
605
+ dmVuZG9yTmFtZTGEAAAACwQJTWlyYXBvaW50MIQAAAAaBA12ZW5kb3JWZXJzaW9uMYQAAAAFB
606
+ AMzLjIwhAA=
607
+ </example>
608
+ <param pos="0" name="service.vendor" value="Mirapoint"/>
609
+ <param pos="0" name="service.product" value="LDAP Server"/>
610
+ <param pos="1" name="service.version"/>
611
+ </fingerprint>
612
+
613
+ <fingerprint pattern="(?im:orcldirectoryversion1.{1,5}\x04.OID ([\d.]+)0.\x00\x00)">
614
+ <description>Oracle Internet Directory</description>
615
+ <example service.version="9.0.4.0.0" _encoding="base64">
616
+ b3JjbGRpcmVjdG9yeXZlcnNpb24xhAAAAA8EDU9JRCA5LjAuNC4wLjAwhAAAAA==
617
+ </example>
618
+ <param pos="0" name="service.vendor" value="Oracle"/>
619
+ <param pos="0" name="service.product" value="Internet Directory Server"/>
620
+ <param pos="1" name="service.version"/>
621
+ </fingerprint>
622
+
623
+ <fingerprint pattern="(?im:orcldirectoryversion1.{1,5}\x04.OVD ([\d.]+)0.\x04)">
624
+ <description>Oracle Virtual Directory</description>
625
+ <example service.version="11.1.1.6.0" _encoding="base64">
626
+ b3JjbGRpcmVjdG9yeXZlcnNpb24xEAQOT1ZEIDExLjEuMS42LjAwLgQSc3VwcG9ydGVkRQ==
627
+ </example>
628
+ <param pos="0" name="service.vendor" value="Oracle"/>
629
+ <param pos="0" name="service.product" value="Virtual Directory Server"/>
630
+ <param pos="1" name="service.version"/>
631
+ </fingerprint>
632
+
633
+ <fingerprint pattern="(?im:metaProductID.*\x04\vmetaVersion1\r\x04.([\d.]+)0.\x04)">
634
+ <description>estos MetaDirectory</description>
635
+ <example service.version="3.5.22.4291" _encoding="base64">
636
+ BA1tZXRhUHJvZHVjdElEMQYEBDExMDIwHAQLbWV0YVZlcnNpb24xDQQLMy41LjIyLjQyOTEwF
637
+ gQ=
638
+ </example>
639
+ <param pos="0" name="service.vendor" value="estos"/>
640
+ <param pos="0" name="service.product" value="MetaDirectory Server"/>
641
+ <param pos="1" name="service.version"/>
642
+ <param pos="0" name="os.vendor" value="Microsoft"/>
643
+ <param pos="0" name="os.family" value="Windows"/>
644
+ </fingerprint>
645
+
646
+ <fingerprint pattern="(?im:dsaVersion1.\x04,DC Directory Server v(\d+\.\d+[\d.]* \([\w. ]+\))0.\x04)">
647
+ <description>Cisco Data Connection Directory</description>
648
+ <example service.version="8.1.00 (build 20150305)" _encoding="base64">
649
+ ZHNhVmVyc2lvbjEuBCxEQyBEaXJlY3RvcnkgU2VydmVyIHY4LjEuMDAgKGJ1aWxkIDIwMTUwM
650
+ zA1KTBeBAs=
651
+ </example>
652
+ <param pos="0" name="service.vendor" value="Cisco"/>
653
+ <param pos="0" name="service.product" value="Data Connection Directory"/>
654
+ <param pos="1" name="service.version"/>
655
+ </fingerprint>
656
+
657
+ <!-- Unbound -->
658
+ <fingerprint pattern="(?im:vendorName1.\x04.UnboundID Corp.0.\x04\rvendorVersion1.\x04.UnboundID Directory Server ([\d.]+)0\f)">
659
+ <description>UnboundID Directory Server</description>
660
+ <example service.version="5.1.5.2" _encoding="base64">
661
+ dmVuZG9yTmFtZTERBA9VbmJvdW5kSUQgQ29ycC4wNQQNdmVuZG9yVmVyc2lvbjEkBCJVbmJvd
662
+ W5kSUQgRGlyZWN0b3J5IFNlcnZlciA1LjEuNS4yMAw=
663
+ </example>
664
+ <param pos="0" name="service.vendor" value="UnboundID"/>
665
+ <param pos="0" name="service.product" value="UnboundID Directory Server"/>
666
+ <param pos="1" name="service.version"/>
667
+ </fingerprint>
668
+
669
+ <fingerprint pattern="(?im:vendorName1.\x04.UnboundID Corp.0.\x04\rvendorVersion1.\x04.UnboundID Directory Proxy Server ([\d.]+)0\f)">
670
+ <description>UnboundID Directory Proxy Server</description>
671
+ <example service.version="4.7.0.7" _encoding="base64">
672
+ dmVuZG9yTmFtZTERBA9VbmJvdW5kSUQgQ29ycC4wOwQNdmVuZG9yVmVyc2lvbjEqBChVbmJvd
673
+ W5kSUQgRGlyZWN0b3J5IFByb3h5IFNlcnZlciA0LjcuMC43MAw=
674
+ </example>
675
+ <param pos="0" name="service.vendor" value="UnboundID"/>
676
+ <param pos="0" name="service.product" value="UnboundID Directory Proxy Server"/>
677
+ <param pos="1" name="service.version"/>
678
+ </fingerprint>
679
+
680
+ <fingerprint pattern="(?im:namingContexts1.\x04.cn=.?pbx.*\x04.ldapServiceName1.\x04.IPVA-\w+-)">
681
+ <description>innovaphone VoIP Gateway Virtual Appliance</description>
682
+ <example _encoding="base64">
683
+ Dm5hbWluZ0NvbnRleHRzMQoECGNuPUtQQlgwMCIED2xkYXBTZXJ2aWNlTmFtZTEPBA1JUFZBL
684
+ TNmLTAwLTBjMAwC
685
+ </example>
686
+ <param pos="0" name="service.vendor" value="innovaphone"/>
687
+ <param pos="0" name="service.family" value="VoiP Gateway"/>
688
+ <param pos="0" name="service.product" value="IPVA"/>
689
+ </fingerprint>
690
+
691
+ <fingerprint pattern="(?im:namingContexts1.\x04.cn=.?pbx.*\x04.ldapServiceName1.\x04.(IP\d+)-\w+-)">
692
+ <description>innovaphone VoIP Gateway</description>
693
+ <example service.product="IP800" _encoding="base64">
694
+ bmFtaW5nQ29udGV4dHMxCgQIY249S1BCWDAwIwQPbGRhcFNlcnZpY2VOYW1lMRAEDklQODAwL
695
+ TA2LTJiLTYxMA==
696
+ </example>
697
+ <param pos="0" name="service.vendor" value="innovaphone"/>
698
+ <param pos="0" name="service.family" value="VoiP Gateway"/>
699
+ <param pos="1" name="service.product"/>
700
+ </fingerprint>
701
+
702
+ <fingerprint pattern="(?im:namingContexts1.\x04.cn=.?pbx.*\x04.ldapServiceName1.\x04.(IPBS\d*)-\w+-)">
703
+ <description>Ascom IP-DECT Base Station</description>
704
+ <example service.product="IPBS2" _encoding="base64">
705
+ bmFtaW5nQ29udGV4dHMxCQQHY249UEJYMDAjBA9sZGFwU2VydmljZU5hbWUxEAQOSVBCUzItM
706
+ TktYjEtZTcw
707
+ </example>
708
+ <param pos="0" name="service.vendor" value="Ascom"/>
709
+ <param pos="0" name="service.family" value="IP-DECT Base Station"/>
710
+ <param pos="1" name="service.product"/>
711
+ </fingerprint>
712
+
713
+ <fingerprint pattern="(?im:namingContexts1.\x04.cn=.?pbx.*\x04.ldapServiceName1.\x04.(IPBL\d*)-\w+-)">
714
+ <description>Ascom IP-DECT Gateway</description>
715
+ <example service.product="IPBL" _encoding="base64">
716
+ bmFtaW5nQ29udGV4dHMxCQQHY249UEJYMDAiBA9sZGFwU2VydmljZU5hbWUxDwQNSVBCTC0zM
717
+ C0yYy0yNTA=
718
+ </example>
719
+ <param pos="0" name="service.vendor" value="Ascom"/>
720
+ <param pos="0" name="service.family" value="IP-DECT Gateway"/>
721
+ <param pos="1" name="service.product"/>
722
+ </fingerprint>
723
+
724
+ <fingerprint pattern="(?im:o=Scalix0.\x04.subschemasubentry1.\x04.cn=subSchema,o=Scalix0.\x04.*\x04.xserverversion1.\x04.(\d\d\.\d+\.[\w.-]+)0.\x02)">
725
+ <description>Scalix LDAP Server</description>
726
+ <example service.version="11.4.6.13676" _encoding="base64">
727
+ bz1NeUNvbnRhY3RzBAhvPVNjYWxpeDAsBBFzdWJzY2hlbWFzdWJlbnRyeTEXBBVjbj1zdWJTY
728
+ 2hlbWEsbz1TY2FsaXgwDQQJYWx0c2VydmVyMQAwHgQUc3VwcG9ydGVkbGRhcHZlcnNpb24xBg
729
+ QBMgQBMzAgBA54c2VydmVydmVyc2lvbjEOBAwxMS40LjYuMTM2NzYwDAI=
730
+ </example>
731
+ <param pos="0" name="service.vendor" value="Scalix"/>
732
+ <param pos="0" name="service.product" value="LDAP Server"/>
733
+ <param pos="1" name="service.version"/>
734
+ </fingerprint>
735
+ </fingerprints>
metadata CHANGED
@@ -1,111 +1,111 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: recog
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.21
4
+ version: 2.0.22
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rapid7 Research
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-05-10 00:00:00.000000000 Z
11
+ date: 2016-08-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - '>='
17
+ - - ">="
18
18
  - !ruby/object:Gem::Version
19
19
  version: '0'
20
20
  type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - '>='
24
+ - - ">="
25
25
  - !ruby/object:Gem::Version
26
26
  version: '0'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: yard
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - '>='
31
+ - - ">="
32
32
  - !ruby/object:Gem::Version
33
33
  version: '0'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - '>='
38
+ - - ">="
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: redcarpet
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - '>='
45
+ - - ">="
46
46
  - !ruby/object:Gem::Version
47
47
  version: '0'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - '>='
52
+ - - ">="
53
53
  - !ruby/object:Gem::Version
54
54
  version: '0'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: cucumber
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
- - - '>='
59
+ - - ">="
60
60
  - !ruby/object:Gem::Version
61
61
  version: '0'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
- - - '>='
66
+ - - ">="
67
67
  - !ruby/object:Gem::Version
68
68
  version: '0'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: aruba
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
- - - '>='
73
+ - - ">="
74
74
  - !ruby/object:Gem::Version
75
75
  version: '0'
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
- - - '>='
80
+ - - ">="
81
81
  - !ruby/object:Gem::Version
82
82
  version: '0'
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: simplecov
85
85
  requirement: !ruby/object:Gem::Requirement
86
86
  requirements:
87
- - - '>='
87
+ - - ">="
88
88
  - !ruby/object:Gem::Version
89
89
  version: '0'
90
90
  type: :development
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
- - - '>='
94
+ - - ">="
95
95
  - !ruby/object:Gem::Version
96
96
  version: '0'
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: nokogiri
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
- - - '>='
101
+ - - ">="
102
102
  - !ruby/object:Gem::Version
103
103
  version: '0'
104
104
  type: :runtime
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
- - - '>='
108
+ - - ">="
109
109
  - !ruby/object:Gem::Version
110
110
  version: '0'
111
111
  description: Recog is a framework for identifying products, services, operating systems,
@@ -121,10 +121,10 @@ executables:
121
121
  extensions: []
122
122
  extra_rdoc_files: []
123
123
  files:
124
- - .gitignore
125
- - .rspec
126
- - .travis.yml
127
- - .yardopts
124
+ - ".gitignore"
125
+ - ".rspec"
126
+ - ".travis.yml"
127
+ - ".yardopts"
128
128
  - CONTRIBUTING.md
129
129
  - COPYING
130
130
  - Gemfile
@@ -188,6 +188,7 @@ files:
188
188
  - xml/http_servers.xml
189
189
  - xml/http_wwwauth.xml
190
190
  - xml/imap_banners.xml
191
+ - xml/ldap_searchresult.xml
191
192
  - xml/mdns_device-info_txt.xml
192
193
  - xml/mdns_workstation_txt.xml
193
194
  - xml/mysql_banners.xml
@@ -226,19 +227,45 @@ require_paths:
226
227
  - lib
227
228
  required_ruby_version: !ruby/object:Gem::Requirement
228
229
  requirements:
229
- - - '>='
230
+ - - ">="
230
231
  - !ruby/object:Gem::Version
231
232
  version: '2.1'
232
233
  required_rubygems_version: !ruby/object:Gem::Requirement
233
234
  requirements:
234
- - - '>='
235
+ - - ">="
235
236
  - !ruby/object:Gem::Version
236
237
  version: '0'
237
238
  requirements: []
238
239
  rubyforge_project:
239
- rubygems_version: 2.2.2
240
+ rubygems_version: 2.2.5
240
241
  signing_key:
241
242
  specification_version: 4
242
243
  summary: Network service fingerprint database, classes, and utilities
243
- test_files: []
244
+ test_files:
245
+ - features/data/failing_banners_fingerprints.xml
246
+ - features/data/matching_banners_fingerprints.xml
247
+ - features/data/multiple_banners_fingerprints.xml
248
+ - features/data/no_tests.xml
249
+ - features/data/sample_banner.txt
250
+ - features/data/successful_tests.xml
251
+ - features/data/tests_with_failures.xml
252
+ - features/data/tests_with_warnings.xml
253
+ - features/match.feature
254
+ - features/support/env.rb
255
+ - features/verify.feature
256
+ - spec/data/best_os_match_1.yml
257
+ - spec/data/best_os_match_2.yml
258
+ - spec/data/best_service_match_1.yml
259
+ - spec/data/smb_native_os.txt
260
+ - spec/data/test_fingerprints.xml
261
+ - spec/data/whitespaced_fingerprint.xml
262
+ - spec/lib/fingerprint_self_test_spec.rb
263
+ - spec/lib/recog/db_spec.rb
264
+ - spec/lib/recog/fingerprint/regexp_factory_spec.rb
265
+ - spec/lib/recog/fingerprint_spec.rb
266
+ - spec/lib/recog/formatter_spec.rb
267
+ - spec/lib/recog/match_reporter_spec.rb
268
+ - spec/lib/recog/nizer_spec.rb
269
+ - spec/lib/recog/verify_reporter_spec.rb
270
+ - spec/spec_helper.rb
244
271
  has_rdoc: