recog 2.1.9 → 2.1.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: aec04b98aff91267d646e20ed78d90fccf0949d0
-  data.tar.gz: 9e30dc5c4c0b41d67fb8da72ab4beec6adf375aa
+  metadata.gz: f381a8f2b1504e89989bed8c8d3fbc042816e54b
+  data.tar.gz: bba130a2b6bc4920b4c915e48dc9a867f479df7a
 SHA512:
-  metadata.gz: 6d463c1022993e48d8eec6d8f307f47b61ef9394f4469e961ffab1d79022ed2a1e1dd503ea71ee26cedd019ff65573563073ea9dfc920559b9be2938d1bc03f4
-  data.tar.gz: f8b10d30593f596baf37ab34ac4f3b8c257a2f45268bf32436defacbea04a25b16686497be6e5c4046798589197a3589d784927cf2edbe0f22aefe3801bec35b
+  metadata.gz: f9a5ca3666a99314d29c230baab785276bc11918645acf9d6d5f1589207204e7996775f22a1d4b146f128a35ee22a2a5f57e1bfe71d5747a89c156a83e468c6a
+  data.tar.gz: 4993c56920a826cf9f713dd49002f73057e2dc6463bae25bb19e60273b887ddc9a0b8c7c13ffa71e68bf1b64c770ce6e9ccf7df9a72dab95acef839d3813803e

data/README.md

@@ -6,8 +6,6 @@ Recog is a framework for identifying products, services, operating systems, and
 [![Gem Version](https://badge.fury.io/rb/recog.svg)](http://badge.fury.io/rb/recog)
 [![Build Status](https://travis-ci.org/rapid7/recog.svg?branch=master)](https://travis-ci.org/rapid7/recog)
 
-==
-
 ## Installation
 
 Recog consists of both XML fingerprint files and an assortment of code, mostly in Ruby, that makes it easy to develop, test, and use the contained fingerprints. In order to use the included ruby code, a recent version of Ruby (2.1+) is required, along with Rubygems and the `bundler` gem. Once these dependencies are in place, use the following commands to grab the latest source code and install any additional dependencies.

data/lib/recog/version.rb

@@ -1,3 +1,3 @@
 module Recog
-  VERSION = '2.1.9'
+  VERSION = '2.1.10'
 end

data/xml/ftp_banners.xml

@@ -216,7 +216,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.</example>
     <param pos="0" name="service.product" value="ProFTPD"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
-  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[[\h.:\]]*$">
+  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[[[a-f\d].:\]]*$">
     <description>ProFTPD with version info - truncated</description>
     <example service.version="1.3.2c">ProFTPD 1.3.2c Server (ProFTPD Default Installation) [</example>
     <example proftpd.server.name="svrname.hosting.com">ProFTPD 1.3.0 Server (svrname.hosting.com) [10.10.10.</example>
@@ -1123,7 +1123,7 @@ more text</example>
     <param pos="0" name="service.vendor" value="Multicraft"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
-  <fingerprint pattern="^bftpd ([\d.]+) at ([\h.:]+) ready\.$">
+  <fingerprint pattern="^bftpd ([\d.]+) at ([[a-f\d].:]+) ready\.$">
     <description>Bftpd FTPD Server</description>
     <example service.version="2.2.1" host.ip="192.168.0.1">bftpd 2.2.1 at 192.168.0.1 ready.</example>
     <example service.version="2.2" host.ip="::ffff:192.168.1.1">bftpd 2.2 at ::ffff:192.168.1.1 ready.</example>
@@ -1133,7 +1133,7 @@ more text</example>
     <param pos="1" name="service.version"/>
     <param pos="2" name="host.ip"/>
   </fingerprint>
-  <fingerprint pattern="^NASFTPD Turbo station (?:2.x )?([\w.]+) Server \(ProFTPD\) \[([\h.:]+)\]$">
+  <fingerprint pattern="^NASFTPD Turbo station (?:2.x )?([\w.]+) Server \(ProFTPD\) \[([[a-f\d].:]+)\]$">
     <description>ProFTPD on QNAP Turbo Station NAS</description>
     <example service.version="1.3.5a" host.ip="192.168.1.100">NASFTPD Turbo station 1.3.5a Server (ProFTPD) [192.168.1.100]</example>
     <example service.version="1.3.1rc2" host.ip="192.168.1.100">NASFTPD Turbo station 2.x 1.3.1rc2 Server (ProFTPD) [192.168.1.100]</example>
@@ -1191,7 +1191,7 @@ more text</example>
     <param pos="0" name="os.family" value="Windows"/>
     <param pos="0" name="os.product" value="Windows"/>
   </fingerprint>
-  <fingerprint pattern="^FTP Server \(ZyWALL (USG\s?[\w-]+)\) \[([\h:.]+)\]$">
+  <fingerprint pattern="^FTP Server \(ZyWALL (USG\s?[\w-]+)\) \[([[a-f\d]:.]+)\]$">
     <description>ZyXEL Unified Security Gateway</description>
     <example hw.product="USG 20" host.ip="::ffff:192.168.0.2">FTP Server (ZyWALL USG 20) [::ffff:192.168.0.2]</example>
     <example hw.product="USG100-PLUS" host.ip="::ffff:192.168.5.101">FTP Server (ZyWALL USG100-PLUS) [::ffff:192.168.5.101]</example>

data/xml/operating_system.xml

@@ -4,10 +4,11 @@
   -->
 <fingerprints matches="operating_system.name" database_type="util.os" preference="0.80">
   <!-- Windows begin -->
-  <fingerprint pattern="^(?i:(?:Microsoft )?(Windows (?:[a-z]+\s[a-z]+\s|[a-z]+\s)?Server (?:\d{4} R2|\d{4}))(?:,\s|\s)?([a-z]+)?(?: Edition)?(?:\s|\swith(?:out)? Hyper-V\s)?(SP\d|SP \d|Service Pack \d)?)$">
+  <fingerprint pattern="^(?i:(?:Microsoft )?(Windows (?:[a-z]+\s[a-z]+\s|[a-z]+\s)?Server (?:\d{4} R2|\d{4}))(?:,\s|\s)?([a-z]+)?(?: Evaluation)?(?: Edition)?(?:\s|\swith(?:out)? Hyper-V\s)?(SP\d|SP \d|Service Pack \d)?)$">
     <description>Windows Server 2003 and later</description>
     <example os.product="Windows Compute Cluster Server 2003">Windows Compute Cluster Server 2003</example>
     <example os.product="Windows Server 2003" os.edition="Standard">Windows Server 2003, Standard Edition</example>
+    <example os.product="Windows Server 2012 R2" os.edition="Standard">Windows Server 2012 R2 Standard Evaluation</example>
     <example os.product="Windows Server 2003 R2" os.edition="Datacenter">Windows Server 2003 R2, Datacenter Edition</example>
     <example os.product="Windows Small Business Server 2003 R2">Windows Small Business Server 2003 R2</example>
     <example os.product="Windows Server 2008" os.edition="Enterprise">Windows Server 2008 Enterprise Edition</example>
@@ -89,15 +90,42 @@
     <param pos="0" name="os.family" value="Windows"/>
     <param pos="1" name="os.product"/>
   </fingerprint>
-  <fingerprint pattern="^(?i:(?:Microsoft )?Windows(?:\s?\w+?)*?\s?(\d+?(?:\.\d+?)*?)?)$">
+  <fingerprint pattern="^(?i:(?:Microsoft )?Windows(?:\sNT)? 6.1)$">
+    <description>Windows version 6.1 (Windows 7 or Windows Server 2008 R2)</description>
+    <example>Windows 6.1</example>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows 7 or Windows Server 2008 R2"/>
+  </fingerprint>
+  <fingerprint pattern="^(?i:(?:Microsoft )?Windows(?:\sNT)? 6.2)$">
+    <description>Windows version 6.2 (Windows 8 or Windows Server 2012)</description>
+    <example>Windows 6.2</example>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows 8 or Windows Server 2012"/>
+  </fingerprint>
+    <fingerprint pattern="^(?i:(?:Microsoft )?Windows(?:\sNT)? 6.3)$">
+    <description>Windows version 6.3 (Windows 8.1 or Windows Server 2012 R2)</description>
+    <example>Windows 6.3</example>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows 8.1 or Windows Server 2012 R2"/>
+  </fingerprint>
+  <fingerprint pattern="^(?i:(?:Microsoft )?Windows(?:\sNT)? 10.0)$">
+    <description>Windows version 10.0 (Windows 10 or Windows Server 2016)</description>
+    <example>Windows 10.0</example>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows 10 or Windows Server 2016"/>
+  </fingerprint>
+  <fingerprint pattern="^(?i:(?:Microsoft )?Windows.*)$">
     <description>Windows catch-all</description>
-    <example os.version="3.11">Windows for Workgroups 3.11</example>
+    <example>Windows for Workgroups 3.11</example>
     <example>Microsoft Windows</example>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.family" value="Windows"/>
     <param pos="0" name="os.product" value="Windows"/>
     <param pos="0" name="os.certainty" value="0.5"/>
-    <param pos="1" name="os.version"/>
   </fingerprint>
   <!-- Windows end -->
 

data/xml/pop_banners.xml

@@ -216,8 +216,54 @@ matched against these patterns to fingerprint POP3 servers.
     <param pos="0" name="service.family" value="Courier MTA"/>
     <param pos="0" name="service.product" value="Courier POP"/>
   </fingerprint>
-  <!--
-
+  <fingerprint pattern= "^CMailServer ([\d\.]+) POP3 Service Ready$">
+    <description>CMailServer</description>
+    <example service.version="5.0.0">CMailServer 5.0.0 POP3 Service Ready</example>
+    <param pos="0" name="service.product" value="CMailServer"/>
+    <param pos="0" name="service.vendor" value="Youngzsoft"/>
+    <param pos="0" name="os.family" value="Windows" />
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos= "1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern= "^POP3 Bigfoot v(\d\.\d) server ready$">
+    <description>POP3 Bigfoot server</description>
+    <example service.version="1.0">POP3 Bigfoot v1.0 server ready</example>
+    <param pos="0" name="service.vendor" value="Bigfoot"/>
+    <param pos="0" name="service.family" value="Bigfoot Email Tools"/>
+    <param pos="0" name="service.product" value="Bigfoot Email Tools"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^CCProxy ([\d.]+) POP3 Service Ready$">
+    <description>CCProxy POP3 server</description>
+    <example service.version="8.0">CCProxy 8.0 POP3 Service Ready</example>
+    <example service.version="2010">CCProxy 2010 POP3 Service Ready</example>
+    <example service.version="6.4.2">CCProxy 6.4.2 POP3 Service Ready</example>
+    <param pos="0" name="service.vendor" value="Youngzsoft"/>
+    <param pos="0" name="service.family" value="CCProxy"/>
+    <param pos="0" name="service.product" value="CCProxy"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern= "^POP3 on WinWebMail \[([\d.]+)\] ready\.$">
+    <description>WinWebmail POP3</description>
+    <example service.version="1.1.1.1">POP3 on WinWebMail [1.1.1.1] ready.</example>
+    <param pos="0" name="service.product" value="WinWebMail"/>
+    <param pos="0" name="service.vendor" value="Ma Jian"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern= "^BlackJumboDog \(Version ([\d\.]+)\) ready$">
+    <description>BlackJumboDog</description>
+    <example service.version="5.7.5.0">BlackJumboDog (Version 5.7.5.0) ready</example>
+    <param pos="0" name="service.vendor" value= "SapporoWorks"/>
+    <param pos="0" name="service.product" value="BlackJumboDog"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+<!--
 ; Mandrake 8.1 - uses UW IMAP
 ; +OK POP3 mandrake81-f540k v2000.70mdk server ready
 // wu-imap?

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: recog
 version: !ruby/object:Gem::Version
-  version: 2.1.9
+  version: 2.1.10
 platform: ruby
 authors:
 - Rapid7 Research
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-06-15 00:00:00.000000000 Z
+date: 2017-06-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec