recog 2.1.9 → 2.1.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +0 -2
- data/lib/recog/version.rb +1 -1
- data/xml/ftp_banners.xml +4 -4
- data/xml/operating_system.xml +32 -4
- data/xml/pop_banners.xml +48 -2
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f381a8f2b1504e89989bed8c8d3fbc042816e54b
|
4
|
+
data.tar.gz: bba130a2b6bc4920b4c915e48dc9a867f479df7a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f9a5ca3666a99314d29c230baab785276bc11918645acf9d6d5f1589207204e7996775f22a1d4b146f128a35ee22a2a5f57e1bfe71d5747a89c156a83e468c6a
|
7
|
+
data.tar.gz: 4993c56920a826cf9f713dd49002f73057e2dc6463bae25bb19e60273b887ddc9a0b8c7c13ffa71e68bf1b64c770ce6e9ccf7df9a72dab95acef839d3813803e
|
data/README.md
CHANGED
@@ -6,8 +6,6 @@ Recog is a framework for identifying products, services, operating systems, and
|
|
6
6
|
[![Gem Version](https://badge.fury.io/rb/recog.svg)](http://badge.fury.io/rb/recog)
|
7
7
|
[![Build Status](https://travis-ci.org/rapid7/recog.svg?branch=master)](https://travis-ci.org/rapid7/recog)
|
8
8
|
|
9
|
-
==
|
10
|
-
|
11
9
|
## Installation
|
12
10
|
|
13
11
|
Recog consists of both XML fingerprint files and an assortment of code, mostly in Ruby, that makes it easy to develop, test, and use the contained fingerprints. In order to use the included ruby code, a recent version of Ruby (2.1+) is required, along with Rubygems and the `bundler` gem. Once these dependencies are in place, use the following commands to grab the latest source code and install any additional dependencies.
|
data/lib/recog/version.rb
CHANGED
data/xml/ftp_banners.xml
CHANGED
@@ -216,7 +216,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
216
216
|
<param pos="0" name="service.product" value="ProFTPD"/>
|
217
217
|
<param pos="1" name="host.name"/>
|
218
218
|
</fingerprint>
|
219
|
-
<fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[[\
|
219
|
+
<fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[[[a-f\d].:\]]*$">
|
220
220
|
<description>ProFTPD with version info - truncated</description>
|
221
221
|
<example service.version="1.3.2c">ProFTPD 1.3.2c Server (ProFTPD Default Installation) [</example>
|
222
222
|
<example proftpd.server.name="svrname.hosting.com">ProFTPD 1.3.0 Server (svrname.hosting.com) [10.10.10.</example>
|
@@ -1123,7 +1123,7 @@ more text</example>
|
|
1123
1123
|
<param pos="0" name="service.vendor" value="Multicraft"/>
|
1124
1124
|
<param pos="1" name="service.version"/>
|
1125
1125
|
</fingerprint>
|
1126
|
-
<fingerprint pattern="^bftpd ([\d.]+) at ([\
|
1126
|
+
<fingerprint pattern="^bftpd ([\d.]+) at ([[a-f\d].:]+) ready\.$">
|
1127
1127
|
<description>Bftpd FTPD Server</description>
|
1128
1128
|
<example service.version="2.2.1" host.ip="192.168.0.1">bftpd 2.2.1 at 192.168.0.1 ready.</example>
|
1129
1129
|
<example service.version="2.2" host.ip="::ffff:192.168.1.1">bftpd 2.2 at ::ffff:192.168.1.1 ready.</example>
|
@@ -1133,7 +1133,7 @@ more text</example>
|
|
1133
1133
|
<param pos="1" name="service.version"/>
|
1134
1134
|
<param pos="2" name="host.ip"/>
|
1135
1135
|
</fingerprint>
|
1136
|
-
<fingerprint pattern="^NASFTPD Turbo station (?:2.x )?([\w.]+) Server \(ProFTPD\) \[([\
|
1136
|
+
<fingerprint pattern="^NASFTPD Turbo station (?:2.x )?([\w.]+) Server \(ProFTPD\) \[([[a-f\d].:]+)\]$">
|
1137
1137
|
<description>ProFTPD on QNAP Turbo Station NAS</description>
|
1138
1138
|
<example service.version="1.3.5a" host.ip="192.168.1.100">NASFTPD Turbo station 1.3.5a Server (ProFTPD) [192.168.1.100]</example>
|
1139
1139
|
<example service.version="1.3.1rc2" host.ip="192.168.1.100">NASFTPD Turbo station 2.x 1.3.1rc2 Server (ProFTPD) [192.168.1.100]</example>
|
@@ -1191,7 +1191,7 @@ more text</example>
|
|
1191
1191
|
<param pos="0" name="os.family" value="Windows"/>
|
1192
1192
|
<param pos="0" name="os.product" value="Windows"/>
|
1193
1193
|
</fingerprint>
|
1194
|
-
<fingerprint pattern="^FTP Server \(ZyWALL (USG\s?[\w-]+)\) \[([\
|
1194
|
+
<fingerprint pattern="^FTP Server \(ZyWALL (USG\s?[\w-]+)\) \[([[a-f\d]:.]+)\]$">
|
1195
1195
|
<description>ZyXEL Unified Security Gateway</description>
|
1196
1196
|
<example hw.product="USG 20" host.ip="::ffff:192.168.0.2">FTP Server (ZyWALL USG 20) [::ffff:192.168.0.2]</example>
|
1197
1197
|
<example hw.product="USG100-PLUS" host.ip="::ffff:192.168.5.101">FTP Server (ZyWALL USG100-PLUS) [::ffff:192.168.5.101]</example>
|
data/xml/operating_system.xml
CHANGED
@@ -4,10 +4,11 @@
|
|
4
4
|
-->
|
5
5
|
<fingerprints matches="operating_system.name" database_type="util.os" preference="0.80">
|
6
6
|
<!-- Windows begin -->
|
7
|
-
<fingerprint pattern="^(?i:(?:Microsoft )?(Windows (?:[a-z]+\s[a-z]+\s|[a-z]+\s)?Server (?:\d{4} R2|\d{4}))(?:,\s|\s)?([a-z]+)?(?: Edition)?(?:\s|\swith(?:out)? Hyper-V\s)?(SP\d|SP \d|Service Pack \d)?)$">
|
7
|
+
<fingerprint pattern="^(?i:(?:Microsoft )?(Windows (?:[a-z]+\s[a-z]+\s|[a-z]+\s)?Server (?:\d{4} R2|\d{4}))(?:,\s|\s)?([a-z]+)?(?: Evaluation)?(?: Edition)?(?:\s|\swith(?:out)? Hyper-V\s)?(SP\d|SP \d|Service Pack \d)?)$">
|
8
8
|
<description>Windows Server 2003 and later</description>
|
9
9
|
<example os.product="Windows Compute Cluster Server 2003">Windows Compute Cluster Server 2003</example>
|
10
10
|
<example os.product="Windows Server 2003" os.edition="Standard">Windows Server 2003, Standard Edition</example>
|
11
|
+
<example os.product="Windows Server 2012 R2" os.edition="Standard">Windows Server 2012 R2 Standard Evaluation</example>
|
11
12
|
<example os.product="Windows Server 2003 R2" os.edition="Datacenter">Windows Server 2003 R2, Datacenter Edition</example>
|
12
13
|
<example os.product="Windows Small Business Server 2003 R2">Windows Small Business Server 2003 R2</example>
|
13
14
|
<example os.product="Windows Server 2008" os.edition="Enterprise">Windows Server 2008 Enterprise Edition</example>
|
@@ -89,15 +90,42 @@
|
|
89
90
|
<param pos="0" name="os.family" value="Windows"/>
|
90
91
|
<param pos="1" name="os.product"/>
|
91
92
|
</fingerprint>
|
92
|
-
<fingerprint pattern="^(?i:(?:Microsoft )?Windows(?:\
|
93
|
+
<fingerprint pattern="^(?i:(?:Microsoft )?Windows(?:\sNT)? 6.1)$">
|
94
|
+
<description>Windows version 6.1 (Windows 7 or Windows Server 2008 R2)</description>
|
95
|
+
<example>Windows 6.1</example>
|
96
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
97
|
+
<param pos="0" name="os.family" value="Windows"/>
|
98
|
+
<param pos="0" name="os.product" value="Windows 7 or Windows Server 2008 R2"/>
|
99
|
+
</fingerprint>
|
100
|
+
<fingerprint pattern="^(?i:(?:Microsoft )?Windows(?:\sNT)? 6.2)$">
|
101
|
+
<description>Windows version 6.2 (Windows 8 or Windows Server 2012)</description>
|
102
|
+
<example>Windows 6.2</example>
|
103
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
104
|
+
<param pos="0" name="os.family" value="Windows"/>
|
105
|
+
<param pos="0" name="os.product" value="Windows 8 or Windows Server 2012"/>
|
106
|
+
</fingerprint>
|
107
|
+
<fingerprint pattern="^(?i:(?:Microsoft )?Windows(?:\sNT)? 6.3)$">
|
108
|
+
<description>Windows version 6.3 (Windows 8.1 or Windows Server 2012 R2)</description>
|
109
|
+
<example>Windows 6.3</example>
|
110
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
111
|
+
<param pos="0" name="os.family" value="Windows"/>
|
112
|
+
<param pos="0" name="os.product" value="Windows 8.1 or Windows Server 2012 R2"/>
|
113
|
+
</fingerprint>
|
114
|
+
<fingerprint pattern="^(?i:(?:Microsoft )?Windows(?:\sNT)? 10.0)$">
|
115
|
+
<description>Windows version 10.0 (Windows 10 or Windows Server 2016)</description>
|
116
|
+
<example>Windows 10.0</example>
|
117
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
118
|
+
<param pos="0" name="os.family" value="Windows"/>
|
119
|
+
<param pos="0" name="os.product" value="Windows 10 or Windows Server 2016"/>
|
120
|
+
</fingerprint>
|
121
|
+
<fingerprint pattern="^(?i:(?:Microsoft )?Windows.*)$">
|
93
122
|
<description>Windows catch-all</description>
|
94
|
-
<example
|
123
|
+
<example>Windows for Workgroups 3.11</example>
|
95
124
|
<example>Microsoft Windows</example>
|
96
125
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
97
126
|
<param pos="0" name="os.family" value="Windows"/>
|
98
127
|
<param pos="0" name="os.product" value="Windows"/>
|
99
128
|
<param pos="0" name="os.certainty" value="0.5"/>
|
100
|
-
<param pos="1" name="os.version"/>
|
101
129
|
</fingerprint>
|
102
130
|
<!-- Windows end -->
|
103
131
|
|
data/xml/pop_banners.xml
CHANGED
@@ -216,8 +216,54 @@ matched against these patterns to fingerprint POP3 servers.
|
|
216
216
|
<param pos="0" name="service.family" value="Courier MTA"/>
|
217
217
|
<param pos="0" name="service.product" value="Courier POP"/>
|
218
218
|
</fingerprint>
|
219
|
-
|
220
|
-
|
219
|
+
<fingerprint pattern= "^CMailServer ([\d\.]+) POP3 Service Ready$">
|
220
|
+
<description>CMailServer</description>
|
221
|
+
<example service.version="5.0.0">CMailServer 5.0.0 POP3 Service Ready</example>
|
222
|
+
<param pos="0" name="service.product" value="CMailServer"/>
|
223
|
+
<param pos="0" name="service.vendor" value="Youngzsoft"/>
|
224
|
+
<param pos="0" name="os.family" value="Windows" />
|
225
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
226
|
+
<param pos= "1" name="service.version"/>
|
227
|
+
</fingerprint>
|
228
|
+
<fingerprint pattern= "^POP3 Bigfoot v(\d\.\d) server ready$">
|
229
|
+
<description>POP3 Bigfoot server</description>
|
230
|
+
<example service.version="1.0">POP3 Bigfoot v1.0 server ready</example>
|
231
|
+
<param pos="0" name="service.vendor" value="Bigfoot"/>
|
232
|
+
<param pos="0" name="service.family" value="Bigfoot Email Tools"/>
|
233
|
+
<param pos="0" name="service.product" value="Bigfoot Email Tools"/>
|
234
|
+
<param pos="1" name="service.version"/>
|
235
|
+
</fingerprint>
|
236
|
+
<fingerprint pattern="^CCProxy ([\d.]+) POP3 Service Ready$">
|
237
|
+
<description>CCProxy POP3 server</description>
|
238
|
+
<example service.version="8.0">CCProxy 8.0 POP3 Service Ready</example>
|
239
|
+
<example service.version="2010">CCProxy 2010 POP3 Service Ready</example>
|
240
|
+
<example service.version="6.4.2">CCProxy 6.4.2 POP3 Service Ready</example>
|
241
|
+
<param pos="0" name="service.vendor" value="Youngzsoft"/>
|
242
|
+
<param pos="0" name="service.family" value="CCProxy"/>
|
243
|
+
<param pos="0" name="service.product" value="CCProxy"/>
|
244
|
+
<param pos="1" name="service.version"/>
|
245
|
+
</fingerprint>
|
246
|
+
<fingerprint pattern= "^POP3 on WinWebMail \[([\d.]+)\] ready\.$">
|
247
|
+
<description>WinWebmail POP3</description>
|
248
|
+
<example service.version="1.1.1.1">POP3 on WinWebMail [1.1.1.1] ready.</example>
|
249
|
+
<param pos="0" name="service.product" value="WinWebMail"/>
|
250
|
+
<param pos="0" name="service.vendor" value="Ma Jian"/>
|
251
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
252
|
+
<param pos="0" name="os.family" value="Windows"/>
|
253
|
+
<param pos="0" name="os.product" value="Windows"/>
|
254
|
+
<param pos="1" name="service.version"/>
|
255
|
+
</fingerprint>
|
256
|
+
<fingerprint pattern= "^BlackJumboDog \(Version ([\d\.]+)\) ready$">
|
257
|
+
<description>BlackJumboDog</description>
|
258
|
+
<example service.version="5.7.5.0">BlackJumboDog (Version 5.7.5.0) ready</example>
|
259
|
+
<param pos="0" name="service.vendor" value= "SapporoWorks"/>
|
260
|
+
<param pos="0" name="service.product" value="BlackJumboDog"/>
|
261
|
+
<param pos="0" name="os.family" value="Windows"/>
|
262
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
263
|
+
<param pos="0" name="os.product" value="Windows"/>
|
264
|
+
<param pos="1" name="service.version"/>
|
265
|
+
</fingerprint>
|
266
|
+
<!--
|
221
267
|
; Mandrake 8.1 - uses UW IMAP
|
222
268
|
; +OK POP3 mandrake81-f540k v2000.70mdk server ready
|
223
269
|
// wu-imap?
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: recog
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.1.
|
4
|
+
version: 2.1.10
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rapid7 Research
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-06-
|
11
|
+
date: 2017-06-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rspec
|