recog 2.1.17 → 2.1.18

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/recog/version.rb +1 -1
  3. data/xml/mysql_banners.xml +14 -0
  4. data/xml/ssh_banners.xml +179 -28
  5. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 2e23a820ea5a298e2e5ecc215acd180ffd100095
4
- data.tar.gz: ea80caf394aac4842db49260f0f2ce78d2e7b175
3
+ metadata.gz: 2dfccd0a5a515fd50d6e1b37df8eecc70c1d66b2
4
+ data.tar.gz: af23bc1ecb8338a683a5d9a0ad08b46ef111a545
5
5
  SHA512:
6
- metadata.gz: bedc6d3512f4f840db3fb475fffa0f765e7b7e4aa92388a6b06c43233adef2712e6e015cfe513162be543cb8d89dfb3f40d8d11d437535d97ba0a13a488b37bc
7
- data.tar.gz: 8e04f84a8f9cb40e66dfc9e64bbb76b1ca7934239c0a28c641e2c3c55a7d37dab538f8d327ee2f4b8fdf1a56ba7ea3c7e84f950ad62f020e8cb449ba918a3aa0
6
+ metadata.gz: 69850c82b9b6e62ffffaa4e90337e89cdf404c467c3ca9097a0726246b2ddda82fe771810d3d1cf166da4bf67bcd675db63cb49571f65f372ca03dae8ed086f4
7
+ data.tar.gz: 47d6cd3edbd0ef2d24761a88273955e4d5d9a38b128b961369326384c7900576338675389c403d327138eb1591d67ed69c4bffcd1345dad6573769ca3a38bfed
data/lib/recog/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Recog
2
- VERSION = '2.1.17'
2
+ VERSION = '2.1.18'
3
3
  end
data/xml/mysql_banners.xml CHANGED
@@ -679,6 +679,20 @@
679
679
  <param pos="0" name="os.family" value="Linux"/>
680
680
  <param pos="0" name="os.product" value="Linux"/>
681
681
  </fingerprint>
682
+ <fingerprint pattern="^(?:\d{1,2}\.\d{1,3}\.[a-f\d]{1,3}-)?(\d{1,2}\.\d{1,3}\.[a-f\d]{1,4})-MariaDB.+~jessie(?:-log)?$" flags="REG_ICASE">
683
+ <description>MariaDB MariaDB on Debian 8.0 (jessie)</description>
684
+ <example service.version="5.5.37">5.5.37-MariaDB-1~jessie-log</example>
685
+ <example service.version="10.0.11">10.0.11-MariaDB-1~jessie-log</example>
686
+ <example service.version="10.0.14">5.5.5-10.0.14-MariaDB-1~jessie-log</example>
687
+ <param pos="1" name="service.version"/>
688
+ <param pos="0" name="service.vendor" value="MariaDB"/>
689
+ <param pos="0" name="service.family" value="MySQL"/>
690
+ <param pos="0" name="service.product" value="MariaDB"/>
691
+ <param pos="0" name="os.vendor" value="Debian"/>
692
+ <param pos="0" name="os.family" value="Linux"/>
693
+ <param pos="0" name="os.product" value="Linux"/>
694
+ <param pos="0" name="os.version" value="8.0"/>
695
+ </fingerprint>
682
696
  <fingerprint pattern="^(?:\d{1,2}\.\d{1,3}\.[a-f\d]{1,3}-)?(\d{1,2}\.\d{1,3}\.[a-f\d]{1,4})-MariaDB.+~wheezy(?:-log)?$" flags="REG_ICASE">
683
697
  <description>MariaDB MariaDB on Debian 7.0 (wheezy)</description>
684
698
  <example service.version="5.5.37">5.5.37-MariaDB-1~wheezy-log</example>
data/xml/ssh_banners.xml CHANGED
@@ -5,10 +5,6 @@ the identification string after "SSH-x.x-") are matched against these patterns t
5
5
  fingerprint SSH servers.
6
6
  -->
7
7
  <fingerprints matches="ssh.banner" protocol="ssh" database_type="service" preference="0.90">
8
- <!-- Honeypot SSH server banners are useless for fingerprinting -->
9
- <fingerprint pattern="honeypot" flags="REG_ICASE">
10
- <description>Honeypot SSH</description>
11
- </fingerprint>
12
8
  <fingerprint pattern="^RomSShell_([\d\.]+)$">
13
9
  <description>Allegro RomSShell SSH</description>
14
10
  <example service.version="4.62">RomSShell_4.62</example>
@@ -46,6 +42,7 @@ fingerprint SSH servers.
46
42
  </fingerprint>
47
43
  <fingerprint pattern="^OpenSSH_([^\s]+)\s+(FreeBSD[ -].*)$">
48
44
  <description>OpenSSH running on FreeBSD</description>
45
+ <example service.version="7.2" openssh.comment="FreeBSD-20160310">OpenSSH_7.2 FreeBSD-20160310</example>
49
46
  <param pos="1" name="service.version"/>
50
47
  <param pos="2" name="openssh.comment"/>
51
48
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -56,8 +53,10 @@ fingerprint SSH servers.
56
53
  <param pos="0" name="os.family" value="FreeBSD"/>
57
54
  <param pos="0" name="os.product" value="FreeBSD"/>
58
55
  </fingerprint>
59
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+(NetBSD[ -].*)$">
56
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(NetBSD(?:_Secure_Shell)?[ -].*)$">
60
57
  <description>OpenSSH running on NetBSD</description>
58
+ <example service.version="7.2" openssh.comment="NetBSD-20100308">OpenSSH_7.2 NetBSD-20100308</example>
59
+ <example service.version="4.4" openssh.comment="NetBSD_Secure_Shell-20061114">OpenSSH_4.4 NetBSD_Secure_Shell-20061114</example>
61
60
  <param pos="1" name="service.version"/>
62
61
  <param pos="2" name="openssh.comment"/>
63
62
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -344,6 +343,20 @@ fingerprint SSH servers.
344
343
  <param pos="0" name="os.product" value="Linux"/>
345
344
  <param pos="0" name="os.version" value="15.04"/>
346
345
  </fingerprint>
346
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Ubuntu-\d\d?)$">
347
+ <description>OpenSSH running on Ubuntu (unknown release)</description>
348
+ <example service.version="7.4p1" openssh.comment="Ubuntu-10">OpenSSH_7.4p1 Ubuntu-10</example>
349
+ <example service.version="7.6p1" openssh.comment="Ubuntu-2">OpenSSH_7.6p1 Ubuntu-2</example>
350
+ <param pos="1" name="service.version"/>
351
+ <param pos="2" name="openssh.comment"/>
352
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
353
+ <param pos="0" name="service.family" value="OpenSSH"/>
354
+ <param pos="0" name="service.product" value="OpenSSH"/>
355
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
356
+ <param pos="0" name="os.device" value="General"/>
357
+ <param pos="0" name="os.family" value="Linux"/>
358
+ <param pos="0" name="os.product" value="Linux"/>
359
+ </fingerprint>
347
360
  <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian-4(?:\+deb7u\d+)?)$">
348
361
  <description>OpenSSH running on Debian 7.x (wheezy)</description>
349
362
  <example service.version="6.0p1" openssh.comment="Debian-4">OpenSSH_6.0p1 Debian-4</example>
@@ -360,11 +373,25 @@ fingerprint SSH servers.
360
373
  <param pos="0" name="os.product" value="Linux"/>
361
374
  <param pos="0" name="os.version" value="7.0"/>
362
375
  </fingerprint>
363
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian-5(?:\+deb8u\d+)?)$">
376
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian-\d~bpo7\d?\+\d+)$">
377
+ <description>OpenSSH backport running on Debian 7.x (wheezy)</description>
378
+ <example service.version="6.6.1p1" openssh.comment="Debian-4~bpo70+1">OpenSSH_6.6.1p1 Debian-4~bpo70+1</example>
379
+ <example service.version="6.4p1" openssh.comment="Debian-1~bpo70+2">OpenSSH_6.4p1 Debian-1~bpo70+2</example>
380
+ <param pos="1" name="service.version"/>
381
+ <param pos="2" name="openssh.comment"/>
382
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
383
+ <param pos="0" name="service.family" value="OpenSSH"/>
384
+ <param pos="0" name="service.product" value="OpenSSH"/>
385
+ <param pos="0" name="os.vendor" value="Debian"/>
386
+ <param pos="0" name="os.device" value="General"/>
387
+ <param pos="0" name="os.family" value="Linux"/>
388
+ <param pos="0" name="os.product" value="Linux"/>
389
+ <param pos="0" name="os.version" value="7.0"/>
390
+ </fingerprint>
391
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian-5\+deb8u\d+.*)$">
364
392
  <description>OpenSSH running on Debian 8.x (jessie)</description>
365
- <example service.version="6.7p1" openssh.comment="Debian-5">OpenSSH_6.7p1 Debian-5</example>
366
- <example service.version="6.7p1" openssh.comment="Debian-5+deb8u1">OpenSSH_6.7p1 Debian-5+deb8u1</example>
367
393
  <example service.version="6.7p1" openssh.comment="Debian-5+deb8u2">OpenSSH_6.7p1 Debian-5+deb8u2</example>
394
+ <example service.version="6.7p1" openssh.comment="Debian-5+deb8u1~ui80+7">OpenSSH_6.7p1 Debian-5+deb8u1~ui80+7</example>
368
395
  <param pos="1" name="service.version"/>
369
396
  <param pos="2" name="openssh.comment"/>
370
397
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -376,26 +403,26 @@ fingerprint SSH servers.
376
403
  <param pos="0" name="os.product" value="Linux"/>
377
404
  <param pos="0" name="os.version" value="8.0"/>
378
405
  </fingerprint>
379
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Raspbian-5(?:\+deb8u\d+)?)$">
380
- <description>OpenSSH running on Raspbian 8.x (jessie)</description>
381
- <example service.version="6.7p1" openssh.comment="Raspbian-5">OpenSSH_6.7p1 Raspbian-5</example>
382
- <example service.version="6.7p1" openssh.comment="Raspbian-5+deb8u1">OpenSSH_6.7p1 Raspbian-5+deb8u1</example>
383
- <example service.version="6.7p1" openssh.comment="Raspbian-5+deb8u2">OpenSSH_6.7p1 Raspbian-5+deb8u2</example>
406
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian-\d\d?\+deb9u\d+)$">
407
+ <description>OpenSSH running on Debian 9.x (stretch)</description>
408
+ <example service.version="7.4p1" openssh.comment="Debian-10+deb9u1">OpenSSH_7.4p1 Debian-10+deb9u1</example>
409
+ <example service.version="6.0p1" openssh.comment="Debian-4+deb9u6">OpenSSH_6.0p1 Debian-4+deb9u6</example>
384
410
  <param pos="1" name="service.version"/>
385
411
  <param pos="2" name="openssh.comment"/>
386
412
  <param pos="0" name="service.vendor" value="OpenBSD"/>
387
413
  <param pos="0" name="service.family" value="OpenSSH"/>
388
414
  <param pos="0" name="service.product" value="OpenSSH"/>
389
- <param pos="0" name="os.vendor" value="Raspbian"/>
415
+ <param pos="0" name="os.vendor" value="Debian"/>
390
416
  <param pos="0" name="os.device" value="General"/>
391
417
  <param pos="0" name="os.family" value="Linux"/>
392
418
  <param pos="0" name="os.product" value="Linux"/>
393
- <param pos="0" name="os.version" value="8.0"/>
419
+ <param pos="0" name="os.version" value="9.0"/>
394
420
  </fingerprint>
395
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian-6(?:squeeze)?.*)$">
421
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian-\d+[+~]squeeze.*)$">
396
422
  <description>OpenSSH running on Debian 6.0 (squeeze)</description>
397
423
  <example service.version="5.5p1" openssh.comment="Debian-6+squeeze4">OpenSSH_5.5p1 Debian-6+squeeze4</example>
398
- <example service.version="5.5p1" openssh.comment="Debian-6">OpenSSH_5.5p1 Debian-6</example>
424
+ <example service.version="5.5p1" openssh.comment="Debian-26+squeeze7">OpenSSH_5.5p1 Debian-26+squeeze7</example>
425
+ <example service.version="5.8p1" openssh.comment="Debian-4~squeeze+1">OpenSSH_5.8p1 Debian-4~squeeze+1</example>
399
426
  <param pos="1" name="service.version"/>
400
427
  <param pos="2" name="openssh.comment"/>
401
428
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -409,6 +436,7 @@ fingerprint SSH servers.
409
436
  </fingerprint>
410
437
  <fingerprint pattern="^OpenSSH_([^\s]+)\s+((?:Debian|Ubuntu).+ubuntu.*)$">
411
438
  <description>OpenSSH running on Ubuntu</description>
439
+ <example service.version="7.2p2" openssh.comment="Ubuntu-4ubuntu2.2">OpenSSH_7.2p2 Ubuntu-4ubuntu2.2</example>
412
440
  <param pos="1" name="service.version"/>
413
441
  <param pos="2" name="openssh.comment"/>
414
442
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -422,6 +450,7 @@ fingerprint SSH servers.
422
450
  </fingerprint>
423
451
  <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+etch.*)$">
424
452
  <description>OpenSSH running on Debian 4.0 (etch)</description>
453
+ <example service.version="4.3p2" openssh.comment="Debian-9etch3">OpenSSH_4.3p2 Debian-9etch3</example>
425
454
  <param pos="1" name="service.version"/>
426
455
  <param pos="2" name="openssh.comment"/>
427
456
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -435,6 +464,7 @@ fingerprint SSH servers.
435
464
  </fingerprint>
436
465
  <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+sarge.*)$">
437
466
  <description>OpenSSH running on Debian 3.1 (sarge)</description>
467
+ <example service.version="3.8.1p1" openssh.comment="Debian-8.sarge.4">OpenSSH_3.8.1p1 Debian-8.sarge.4</example>
438
468
  <param pos="1" name="service.version"/>
439
469
  <param pos="2" name="openssh.comment"/>
440
470
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -448,6 +478,7 @@ fingerprint SSH servers.
448
478
  </fingerprint>
449
479
  <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+woody.*)$">
450
480
  <description>OpenSSH running on Debian 3.0 (woody)</description>
481
+ <example service.version="3.4p1" openssh.comment="Debian 1:3.4p1-1.woody.3">OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3</example>
451
482
  <param pos="1" name="service.version"/>
452
483
  <param pos="2" name="openssh.comment"/>
453
484
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -459,8 +490,69 @@ fingerprint SSH servers.
459
490
  <param pos="0" name="os.product" value="Linux"/>
460
491
  <param pos="0" name="os.version" value="3.0"/>
461
492
  </fingerprint>
493
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian-\d+(?:[~]?bpo[.]?\d+)?)$">
494
+ <description>OpenSSH running on Debian (unknown release)</description>
495
+ <example service.version="5.5p1" openssh.comment="Debian-6">OpenSSH_5.5p1 Debian-6</example>
496
+ <example service.version="4.3p2" openssh.comment="Debian-5~bpo.1">OpenSSH_4.3p2 Debian-5~bpo.1</example>
497
+ <example service.version="4.2p1" openssh.comment="Debian-4bpo1">OpenSSH_4.2p1 Debian-4bpo1</example>
498
+ <example service.version="7.4p1" openssh.comment="Debian-10">OpenSSH_7.4p1 Debian-10</example>
499
+ <param pos="1" name="service.version"/>
500
+ <param pos="2" name="openssh.comment"/>
501
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
502
+ <param pos="0" name="service.family" value="OpenSSH"/>
503
+ <param pos="0" name="service.product" value="OpenSSH"/>
504
+ <param pos="0" name="os.vendor" value="Debian"/>
505
+ <param pos="0" name="os.device" value="General"/>
506
+ <param pos="0" name="os.family" value="Linux"/>
507
+ <param pos="0" name="os.product" value="Linux"/>
508
+ </fingerprint>
509
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Raspbian-\d\d?\+deb9u\d+)$">
510
+ <description>OpenSSH running on Raspbian (Debian 9 "Stretch" based)</description>
511
+ <example service.version="7.4p1" openssh.comment="Raspbian-10+deb9u1">OpenSSH_7.4p1 Raspbian-10+deb9u1</example>
512
+ <example service.version="7.4p1" openssh.comment="Raspbian-9+deb9u1">OpenSSH_7.4p1 Raspbian-9+deb9u1</example>
513
+ <param pos="1" name="service.version"/>
514
+ <param pos="2" name="openssh.comment"/>
515
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
516
+ <param pos="0" name="service.family" value="OpenSSH"/>
517
+ <param pos="0" name="service.product" value="OpenSSH"/>
518
+ <param pos="0" name="os.vendor" value="Raspbian"/>
519
+ <param pos="0" name="os.device" value="General"/>
520
+ <param pos="0" name="os.family" value="Linux"/>
521
+ <param pos="0" name="os.product" value="Linux"/>
522
+ <param pos="0" name="os.version" value="9.0"/>
523
+ </fingerprint>
524
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Raspbian-5\+deb8u\d+)$">
525
+ <description>OpenSSH running on Raspbian (Debian 8 "Jessie" based)</description>
526
+ <example service.version="6.7p1" openssh.comment="Raspbian-5+deb8u1">OpenSSH_6.7p1 Raspbian-5+deb8u1</example>
527
+ <example service.version="6.7p1" openssh.comment="Raspbian-5+deb8u2">OpenSSH_6.7p1 Raspbian-5+deb8u2</example>
528
+ <param pos="1" name="service.version"/>
529
+ <param pos="2" name="openssh.comment"/>
530
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
531
+ <param pos="0" name="service.family" value="OpenSSH"/>
532
+ <param pos="0" name="service.product" value="OpenSSH"/>
533
+ <param pos="0" name="os.vendor" value="Raspbian"/>
534
+ <param pos="0" name="os.device" value="General"/>
535
+ <param pos="0" name="os.family" value="Linux"/>
536
+ <param pos="0" name="os.product" value="Linux"/>
537
+ <param pos="0" name="os.version" value="8.0"/>
538
+ </fingerprint>
539
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Raspbian-\d\d?)$">
540
+ <description>OpenSSH running on Raspbian (Debian, unknown release)</description>
541
+ <example service.version="7.5p1" openssh.comment="Raspbian-10">OpenSSH_7.5p1 Raspbian-10</example>
542
+ <example service.version="6.9p1" openssh.comment="Raspbian-3">OpenSSH_6.9p1 Raspbian-3</example>
543
+ <param pos="1" name="service.version"/>
544
+ <param pos="2" name="openssh.comment"/>
545
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
546
+ <param pos="0" name="service.family" value="OpenSSH"/>
547
+ <param pos="0" name="service.product" value="OpenSSH"/>
548
+ <param pos="0" name="os.vendor" value="Raspbian"/>
549
+ <param pos="0" name="os.device" value="General"/>
550
+ <param pos="0" name="os.family" value="Linux"/>
551
+ <param pos="0" name="os.product" value="Linux"/>
552
+ </fingerprint>
462
553
  <fingerprint pattern="^OpenSSH_(.*)\+(CAN-[0-9]{4}-[0-9]{4})$">
463
554
  <description>OpenSSH with CVE patch, as seen in Mac OS X</description>
555
+ <example service.version="3.4p1" openssh.cvepatch="CAN-2004-0175">OpenSSH_3.4p1+CAN-2004-0175</example>
464
556
  <param pos="1" name="service.version"/>
465
557
  <param pos="2" name="openssh.cvepatch"/>
466
558
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -473,6 +565,7 @@ fingerprint SSH servers.
473
565
  </fingerprint>
474
566
  <fingerprint pattern="^OpenSSH_(.*)_Mikrotik_v(.*)$">
475
567
  <description>OpenSSH on MikroTik</description>
568
+ <example service.version="2.3.0" os.version="2.9">OpenSSH_2.3.0_Mikrotik_v2.9</example>
476
569
  <param pos="1" name="service.version"/>
477
570
  <param pos="2" name="os.version"/>
478
571
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -497,6 +590,7 @@ fingerprint SSH servers.
497
590
  </fingerprint>
498
591
  <fingerprint pattern="^OpenSSH_(.*) in DesktopAuthority (?:.*)$">
499
592
  <description>DesktopAuthority SSH</description>
593
+ <example service.version="3.8">OpenSSH_3.8 in DesktopAuthority 7.1.091</example>
500
594
  <param pos="1" name="service.version"/>
501
595
  <param pos="0" name="service.vendor" value="OpenBSD"/>
502
596
  <param pos="0" name="service.family" value="OpenSSH"/>
@@ -516,17 +610,24 @@ fingerprint SSH servers.
516
610
  <param pos="0" name="service.family" value="OpenSSH"/>
517
611
  <param pos="0" name="service.product" value="OpenSSH"/>
518
612
  </fingerprint>
519
- <fingerprint pattern="^OpenSSH_(\d+\.\d+(?:\.\d+)?(?:p\d+)?)$">
613
+ <fingerprint pattern="^OpenSSH_(\d+\.\d+(?:\.\d+)?(?:p\d+)?) *$">
520
614
  <description>OpenSSH with just a version, no comment by vendor</description>
521
615
  <example service.version="5.9p1">OpenSSH_5.9p1</example>
522
616
  <example service.version="5.9">OpenSSH_5.9</example>
523
- <example service.version="3.8.1p1">OpenSSH_3.8.1p1</example>
617
+ <example service.version="3.8.1p1">OpenSSH_3.8.1p1 </example>
524
618
  <example service.version="6.6.1">OpenSSH_6.6.1</example>
525
619
  <param pos="1" name="service.version"/>
526
620
  <param pos="0" name="service.vendor" value="OpenBSD"/>
527
621
  <param pos="0" name="service.family" value="OpenSSH"/>
528
622
  <param pos="0" name="service.product" value="OpenSSH"/>
529
623
  </fingerprint>
624
+ <fingerprint pattern="^OpenSSH$">
625
+ <description>OpenSSH w/o version or comment</description>
626
+ <example>OpenSSH</example>
627
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
628
+ <param pos="0" name="service.family" value="OpenSSH"/>
629
+ <param pos="0" name="service.product" value="OpenSSH"/>
630
+ </fingerprint>
530
631
  <!-- SSH-1.99-OpenSSH_4.3p2-4.cern-hpn-CERN-4.3p2-4.cern -->
531
632
  <!--<fingerprint pattern="^OpenSSH_?([^\s]*)\s*(.*)$">
532
633
  <description>Catch all for OpenSSH based SSH servers
@@ -545,6 +646,7 @@ fingerprint SSH servers.
545
646
  <fingerprint pattern="^Cisco-(.*)$">
546
647
  <description>Cisco SSH banner (could be IOS or PIX).
547
648
  The version always seems to be 1.25</description>
649
+ <example service.version="1.25">Cisco-1.25</example>
548
650
  <param pos="1" name="service.version"/>
549
651
  <param pos="0" name="service.vendor" value="Cisco"/>
550
652
  <param pos="0" name="service.product" value="SSH"/>
@@ -562,6 +664,7 @@ fingerprint SSH servers.
562
664
  </fingerprint>
563
665
  <fingerprint pattern="^Sun_SSH_(.*)$">
564
666
  <description>Sun SSH banner</description>
667
+ <example service.version="1.1">Sun_SSH_1.1</example>
565
668
  <param pos="1" name="service.version"/>
566
669
  <param pos="0" name="service.vendor" value="Sun"/>
567
670
  <param pos="0" name="service.product" value="SSH"/>
@@ -582,6 +685,7 @@ fingerprint SSH servers.
582
685
  </fingerprint>
583
686
  <fingerprint pattern="^NetScreen$">
584
687
  <description>Netscreen</description>
688
+ <example>NetScreen</example>
585
689
  <param pos="0" name="service.vendor" value="Juniper"/>
586
690
  <param pos="0" name="service.family" value="NetScreen"/>
587
691
  <param pos="0" name="service.product" value="NetScreen"/>
@@ -603,8 +707,11 @@ fingerprint SSH servers.
603
707
  <param pos="0" name="os.product" value="VRP"/>
604
708
  <param pos="1" name="os.version"/>
605
709
  </fingerprint>
606
- <fingerprint pattern="^([^\s]+) sshlib: GlobalScape$">
710
+ <fingerprint pattern="^([\d.]+)[ _]sshlib:? (?i:GlobalScape)$">
607
711
  <description>GlobalScape SSH (which uses Bitvise sshlib)</description>
712
+ <example service.component.version="1.36">1.36_sshlib GlobalSCAPE</example>
713
+ <example service.component.version="1.82">1.82_sshlib Globalscape</example>
714
+ <example service.component.version="1.36">1.36 sshlib: GlobalScape</example>
608
715
  <param pos="1" name="service.component.version"/>
609
716
  <param pos="0" name="service.component.vendor" value="Bitvise"/>
610
717
  <param pos="0" name="service.component.family" value="sshlib"/>
@@ -618,6 +725,7 @@ fingerprint SSH servers.
618
725
  </fingerprint>
619
726
  <fingerprint pattern="^([^\s]+) sshlib: WinSSHD (.*)$">
620
727
  <description>Bitvise WinSSHD (which uses Bitvise sshlib)</description>
728
+ <example service.component.version="1.78" service.version="4.15a">1.78 sshlib: WinSSHD 4.15a</example>
621
729
  <param pos="1" name="service.component.version"/>
622
730
  <param pos="2" name="service.version"/>
623
731
  <param pos="0" name="service.component.vendor" value="Bitvise"/>
@@ -671,6 +779,19 @@ fingerprint SSH servers.
671
779
  <param pos="0" name="os.family" value="Windows"/>
672
780
  <param pos="0" name="os.product" value="Windows"/>
673
781
  </fingerprint>
782
+ <fingerprint pattern="^Pragma FortressSSH\s+([\d.]+)(?:\s+\[([\d.:]+)\])?$">
783
+ <description>Pragma FortressSSH</description>
784
+ <example service.version="5.0.9.2031">Pragma FortressSSH 5.0.9.2031</example>
785
+ <example service.version="5.0.9.2680" host.ip="10.10.10.10">Pragma FortressSSH 5.0.9.2680 [10.10.10.10]</example>
786
+ <param pos="1" name="service.version"/>
787
+ <param pos="2" name="host.ip"/>
788
+ <param pos="0" name="service.vendor" value="Pragma Systems"/>
789
+ <param pos="0" name="service.family" value="FortressSSH Server"/>
790
+ <param pos="0" name="service.product" value="FortressSSH Server"/>
791
+ <param pos="0" name="os.vendor" value="Microsoft"/>
792
+ <param pos="0" name="os.family" value="Windows"/>
793
+ <param pos="0" name="os.product" value="Windows"/>
794
+ </fingerprint>
674
795
  <fingerprint pattern="^VShell_(?:Special_Edition_)?(\d+)_(\d+)_(\d+)_(\d+) VShell$">
675
796
  <description>VanDyke VShell</description>
676
797
  <example service.version="3" service.version.version="6" service.version.version.version="2" service.version.version.version.version="446">VShell_3_6_2_446 VShell</example>
@@ -690,9 +811,11 @@ fingerprint SSH servers.
690
811
  <param pos="0" name="service.family" value="VShell"/>
691
812
  <param pos="0" name="service.product" value="VShell"/>
692
813
  </fingerprint>
693
- <fingerprint pattern="^WRQReflectionForSecureIT_(.*)$">
814
+ <fingerprint pattern="^WRQReflection(?i:F)orSecureIT_(.*)$">
694
815
  <description>Attachmate Reflection (formerly WRQ Reflection for Secure IT)
695
816
  </description>
817
+ <example service.version="6.1 Build 21">WRQReflectionForSecureIT_6.1 Build 21</example>
818
+ <example service.version="8.2 Build 117">WRQReflectionforSecureIT_8.2 Build 117</example>
696
819
  <param pos="1" name="service.version"/>
697
820
  <param pos="0" name="service.vendor" value="Attachmate"/>
698
821
  <param pos="0" name="service.family" value="Reflection"/>
@@ -701,6 +824,7 @@ fingerprint SSH servers.
701
824
  <fingerprint pattern="^([^\s]*)\s*F-Secure SSH\s*(?:.*)$">
702
825
  <description>Attachmate Reflection (formerly F-Secure SSH)
703
826
  </description>
827
+ <example service.version="3.2.3">3.2.3 F-Secure SSH Windows NT Server</example>
704
828
  <param pos="1" name="service.version"/>
705
829
  <param pos="0" name="service.vendor" value="Attachmate"/>
706
830
  <param pos="0" name="service.family" value="Reflection"/>
@@ -708,6 +832,7 @@ fingerprint SSH servers.
708
832
  </fingerprint>
709
833
  <fingerprint pattern="^([^\s]*)\s*SSH Tectia Server$">
710
834
  <description>SSH Communications Security Tectia Server</description>
835
+ <example service.version="6.4.12.353">6.4.12.353 SSH Tectia Server</example>
711
836
  <param pos="1" name="service.version"/>
712
837
  <param pos="0" name="service.vendor" value="SSH Communications Security"/>
713
838
  <param pos="0" name="service.family" value="SSH Tectia Server"/>
@@ -715,9 +840,9 @@ fingerprint SSH servers.
715
840
  </fingerprint>
716
841
  <fingerprint pattern="^([0-9\.]+) SSH Secure Shell(?: \(non-commercial\))?$">
717
842
  <description>SSH Communications Security Tectia Server</description>
718
- <example>3.2.9.1 SSH Secure Shell (non-commercial)</example>
719
- <example>4.0.3 SSH Secure Shell</example>
720
- <example>4.4.2.3 SSH Secure Shell</example>
843
+ <example service.version="3.2.9.1">3.2.9.1 SSH Secure Shell (non-commercial)</example>
844
+ <example service.version="4.0.3">4.0.3 SSH Secure Shell</example>
845
+ <example service.version="4.4.2.3">4.4.2.3 SSH Secure Shell</example>
721
846
  <param pos="1" name="service.version"/>
722
847
  <param pos="0" name="service.vendor" value="SSH Communications Security"/>
723
848
  <param pos="0" name="service.family" value="SSH Tectia Server"/>
@@ -725,7 +850,7 @@ fingerprint SSH servers.
725
850
  </fingerprint>
726
851
  <fingerprint pattern="^([0-9\.]+) SSH Secure Shell Windows NT Server$">
727
852
  <description>Unknown Windows SSH server</description>
728
- <example>4.0.3 SSH Secure Shell Windows NT Server</example>
853
+ <example service.version="4.0.3">4.0.3 SSH Secure Shell Windows NT Server</example>
729
854
  <param pos="0" name="os.vendor" value="Microsoft"/>
730
855
  <param pos="0" name="os.family" value="Windows"/>
731
856
  <param pos="0" name="os.product" value="Windows"/>
@@ -736,27 +861,32 @@ fingerprint SSH servers.
736
861
  </fingerprint>
737
862
  <fingerprint pattern="^ARRIS_(.*)$">
738
863
  <description>ARRIS device (though not clear which) - www.arrisi.com</description>
864
+ <example service.version="0.50">ARRIS_0.50</example>
739
865
  <param pos="1" name="service.version"/>
740
866
  <param pos="0" name="service.vendor" value="ARRIS"/>
741
867
  <param pos="0" name="service.product" value="ARRIS"/>
742
868
  <param pos="0" name="os.vendor" value="ARRIS"/>
743
869
  <param pos="0" name="os.product" value="Unknown"/>
744
870
  </fingerprint>
745
- <fingerprint pattern="^Mocana SSH.*$">
746
- <description>Mocana Embedded SSH (note, there seem to be spaces at the
747
- end of the returned banner, thus the .*</description>
871
+ <fingerprint pattern="^Mocana SSH\s?(?:([\d.]+))?$">
872
+ <description>Mocana Embedded SSH</description>
873
+ <example service.version="5.3.1">Mocana SSH 5.3.1</example>
874
+ <example>Mocana SSH </example>
875
+ <param pos="1" name="service.version"/>
748
876
  <param pos="0" name="service.vendor" value="Mocana"/>
749
877
  <param pos="0" name="service.family" value="Embedded SSH Server"/>
750
878
  <param pos="0" name="service.product" value="Embedded SSH Server"/>
751
879
  </fingerprint>
752
880
  <fingerprint pattern="^FreSSH\.(.*)$">
753
881
  <description>FreSSH</description>
882
+ <example service.version="0.8">FreSSH.0.8</example>
754
883
  <param pos="1" name="service.version"/>
755
884
  <param pos="0" name="service.family" value="FreSSH"/>
756
885
  <param pos="0" name="service.product" value="FreSSH"/>
757
886
  </fingerprint>
758
887
  <fingerprint pattern="^RomCliSecure_(.*)$">
759
888
  <description>RomCliSecure appears to be the Adtran NetVanta products</description>
889
+ <example service.version="4.12">RomCliSecure_4.12</example>
760
890
  <param pos="1" name="service.version"/>
761
891
  <param pos="0" name="service.vendor" value="Adtran"/>
762
892
  <param pos="0" name="service.family" value="NetVanta"/>
@@ -774,14 +904,23 @@ fingerprint SSH servers.
774
904
  <param pos="0" name="os.family" value="OpenVMS"/>
775
905
  <param pos="0" name="os.product" value="OpenVMS"/>
776
906
  </fingerprint>
907
+ <fingerprint pattern="^dropbear$">
908
+ <description>Dropbear w/o version - http://matt.ucc.asn.au/dropbear/dropbear.html</description>
909
+ <example>dropbear</example>
910
+ <param pos="0" name="service.family" value="Dropbear"/>
911
+ <param pos="0" name="service.product" value="Dropbear"/>
912
+ </fingerprint>
777
913
  <fingerprint pattern="^dropbear_(.*)$">
778
914
  <description>Dropbear - http://matt.ucc.asn.au/dropbear/dropbear.html</description>
915
+ <example service.version="2015.67">dropbear_2015.67</example>
916
+ <example service.version="0.49">dropbear_0.49</example>
779
917
  <param pos="1" name="service.version"/>
780
918
  <param pos="0" name="service.family" value="Dropbear"/>
781
919
  <param pos="0" name="service.product" value="Dropbear"/>
782
920
  </fingerprint>
783
921
  <fingerprint pattern="^lancom$">
784
922
  <description>LANCOM Systems - http://www.lancom-systems.de/</description>
923
+ <example>lancom</example>
785
924
  <param pos="0" name="service.vendor" value="LANCOM Systems"/>
786
925
  <param pos="0" name="service.family" value="SSH"/>
787
926
  <param pos="0" name="service.product" value="SSH"/>
@@ -790,6 +929,7 @@ fingerprint SSH servers.
790
929
  </fingerprint>
791
930
  <fingerprint pattern="^0$">
792
931
  <description>MOVEit DMZ</description>
932
+ <example>0</example>
793
933
  <param pos="0" name="service.vendor" value="Standard Networks"/>
794
934
  <param pos="0" name="service.family" value="MOVEit DMZ"/>
795
935
  <param pos="0" name="service.product" value="MOVEit DMZ"/>
@@ -868,6 +1008,17 @@ fingerprint SSH servers.
868
1008
  <param pos="0" name="os.family" value="RouterOS"/>
869
1009
  <param pos="0" name="os.product" value="RouterOS"/>
870
1010
  </fingerprint>
1011
+ <fingerprint pattern="^xlightftpd_release_([\d.]+)$">
1012
+ <description>Xlight FTP Server</description>
1013
+ <example service.version="3.8.3.6.1">xlightftpd_release_3.8.3.6.1</example>
1014
+ <param pos="1" name="service.version"/>
1015
+ <param pos="0" name="service.vendor" value="Xlight"/>
1016
+ <param pos="0" name="service.family" value="FTP Server"/>
1017
+ <param pos="0" name="service.product" value="FTP Server"/>
1018
+ <param pos="0" name="os.vendor" value="Microsoft"/>
1019
+ <param pos="0" name="os.family" value="Windows"/>
1020
+ <param pos="0" name="os.product" value="Windows"/>
1021
+ </fingerprint>
871
1022
  <!--
872
1023
  1.2.22j4rad
873
1024
  2.40
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: recog
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.17
4
+ version: 2.1.18
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rapid7 Research
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-11-28 00:00:00.000000000 Z
11
+ date: 2018-02-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec
@@ -239,7 +239,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
239
239
  version: '0'
240
240
  requirements: []
241
241
  rubyforge_project:
242
- rubygems_version: 2.6.6
242
+ rubygems_version: 2.6.11
243
243
  signing_key:
244
244
  specification_version: 4
245
245
  summary: Network service fingerprint database, classes, and utilities