recog 2.1.17 → 2.1.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/recog/version.rb +1 -1
  3. data/xml/mysql_banners.xml +14 -0
  4. data/xml/ssh_banners.xml +179 -28
  5. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 2e23a820ea5a298e2e5ecc215acd180ffd100095
4
- data.tar.gz: ea80caf394aac4842db49260f0f2ce78d2e7b175
3
+ metadata.gz: 2dfccd0a5a515fd50d6e1b37df8eecc70c1d66b2
4
+ data.tar.gz: af23bc1ecb8338a683a5d9a0ad08b46ef111a545
5
5
  SHA512:
6
- metadata.gz: bedc6d3512f4f840db3fb475fffa0f765e7b7e4aa92388a6b06c43233adef2712e6e015cfe513162be543cb8d89dfb3f40d8d11d437535d97ba0a13a488b37bc
7
- data.tar.gz: 8e04f84a8f9cb40e66dfc9e64bbb76b1ca7934239c0a28c641e2c3c55a7d37dab538f8d327ee2f4b8fdf1a56ba7ea3c7e84f950ad62f020e8cb449ba918a3aa0
6
+ metadata.gz: 69850c82b9b6e62ffffaa4e90337e89cdf404c467c3ca9097a0726246b2ddda82fe771810d3d1cf166da4bf67bcd675db63cb49571f65f372ca03dae8ed086f4
7
+ data.tar.gz: 47d6cd3edbd0ef2d24761a88273955e4d5d9a38b128b961369326384c7900576338675389c403d327138eb1591d67ed69c4bffcd1345dad6573769ca3a38bfed
data/lib/recog/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Recog
2
- VERSION = '2.1.17'
2
+ VERSION = '2.1.18'
3
3
  end
data/xml/mysql_banners.xml CHANGED
@@ -679,6 +679,20 @@
679
679
  <param pos="0" name="os.family" value="Linux"/>
680
680
  <param pos="0" name="os.product" value="Linux"/>
681
681
  </fingerprint>
682
+ <fingerprint pattern="^(?:\d{1,2}\.\d{1,3}\.[a-f\d]{1,3}-)?(\d{1,2}\.\d{1,3}\.[a-f\d]{1,4})-MariaDB.+~jessie(?:-log)?$" flags="REG_ICASE">
683
+ <description>MariaDB MariaDB on Debian 8.0 (jessie)</description>
684
+ <example service.version="5.5.37">5.5.37-MariaDB-1~jessie-log</example>
685
+ <example service.version="10.0.11">10.0.11-MariaDB-1~jessie-log</example>
686
+ <example service.version="10.0.14">5.5.5-10.0.14-MariaDB-1~jessie-log</example>
687
+ <param pos="1" name="service.version"/>
688
+ <param pos="0" name="service.vendor" value="MariaDB"/>
689
+ <param pos="0" name="service.family" value="MySQL"/>
690
+ <param pos="0" name="service.product" value="MariaDB"/>
691
+ <param pos="0" name="os.vendor" value="Debian"/>
692
+ <param pos="0" name="os.family" value="Linux"/>
693
+ <param pos="0" name="os.product" value="Linux"/>
694
+ <param pos="0" name="os.version" value="8.0"/>
695
+ </fingerprint>
682
696
  <fingerprint pattern="^(?:\d{1,2}\.\d{1,3}\.[a-f\d]{1,3}-)?(\d{1,2}\.\d{1,3}\.[a-f\d]{1,4})-MariaDB.+~wheezy(?:-log)?$" flags="REG_ICASE">
683
697
  <description>MariaDB MariaDB on Debian 7.0 (wheezy)</description>
684
698
  <example service.version="5.5.37">5.5.37-MariaDB-1~wheezy-log</example>
data/xml/ssh_banners.xml CHANGED
@@ -5,10 +5,6 @@ the identification string after "SSH-x.x-") are matched against these patterns t
5
5
  fingerprint SSH servers.
6
6
  -->
7
7
  <fingerprints matches="ssh.banner" protocol="ssh" database_type="service" preference="0.90">
8
- <!-- Honeypot SSH server banners are useless for fingerprinting -->
9
- <fingerprint pattern="honeypot" flags="REG_ICASE">
10
- <description>Honeypot SSH</description>
11
- </fingerprint>
12
8
  <fingerprint pattern="^RomSShell_([\d\.]+)$">
13
9
  <description>Allegro RomSShell SSH</description>
14
10
  <example service.version="4.62">RomSShell_4.62</example>
@@ -46,6 +42,7 @@ fingerprint SSH servers.
46
42
  </fingerprint>
47
43
  <fingerprint pattern="^OpenSSH_([^\s]+)\s+(FreeBSD[ -].*)$">
48
44
  <description>OpenSSH running on FreeBSD</description>
45
+ <example service.version="7.2" openssh.comment="FreeBSD-20160310">OpenSSH_7.2 FreeBSD-20160310</example>
49
46
  <param pos="1" name="service.version"/>
50
47
  <param pos="2" name="openssh.comment"/>
51
48
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -56,8 +53,10 @@ fingerprint SSH servers.
56
53
  <param pos="0" name="os.family" value="FreeBSD"/>
57
54
  <param pos="0" name="os.product" value="FreeBSD"/>
58
55
  </fingerprint>
59
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+(NetBSD[ -].*)$">
56
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(NetBSD(?:_Secure_Shell)?[ -].*)$">
60
57
  <description>OpenSSH running on NetBSD</description>
58
+ <example service.version="7.2" openssh.comment="NetBSD-20100308">OpenSSH_7.2 NetBSD-20100308</example>
59
+ <example service.version="4.4" openssh.comment="NetBSD_Secure_Shell-20061114">OpenSSH_4.4 NetBSD_Secure_Shell-20061114</example>
61
60
  <param pos="1" name="service.version"/>
62
61
  <param pos="2" name="openssh.comment"/>
63
62
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -344,6 +343,20 @@ fingerprint SSH servers.
344
343
  <param pos="0" name="os.product" value="Linux"/>
345
344
  <param pos="0" name="os.version" value="15.04"/>
346
345
  </fingerprint>
346
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Ubuntu-\d\d?)$">
347
+ <description>OpenSSH running on Ubuntu (unknown release)</description>
348
+ <example service.version="7.4p1" openssh.comment="Ubuntu-10">OpenSSH_7.4p1 Ubuntu-10</example>
349
+ <example service.version="7.6p1" openssh.comment="Ubuntu-2">OpenSSH_7.6p1 Ubuntu-2</example>
350
+ <param pos="1" name="service.version"/>
351
+ <param pos="2" name="openssh.comment"/>
352
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
353
+ <param pos="0" name="service.family" value="OpenSSH"/>
354
+ <param pos="0" name="service.product" value="OpenSSH"/>
355
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
356
+ <param pos="0" name="os.device" value="General"/>
357
+ <param pos="0" name="os.family" value="Linux"/>
358
+ <param pos="0" name="os.product" value="Linux"/>
359
+ </fingerprint>
347
360
  <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian-4(?:\+deb7u\d+)?)$">
348
361
  <description>OpenSSH running on Debian 7.x (wheezy)</description>
349
362
  <example service.version="6.0p1" openssh.comment="Debian-4">OpenSSH_6.0p1 Debian-4</example>
@@ -360,11 +373,25 @@ fingerprint SSH servers.
360
373
  <param pos="0" name="os.product" value="Linux"/>
361
374
  <param pos="0" name="os.version" value="7.0"/>
362
375
  </fingerprint>
363
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian-5(?:\+deb8u\d+)?)$">
376
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian-\d~bpo7\d?\+\d+)$">
377
+ <description>OpenSSH backport running on Debian 7.x (wheezy)</description>
378
+ <example service.version="6.6.1p1" openssh.comment="Debian-4~bpo70+1">OpenSSH_6.6.1p1 Debian-4~bpo70+1</example>
379
+ <example service.version="6.4p1" openssh.comment="Debian-1~bpo70+2">OpenSSH_6.4p1 Debian-1~bpo70+2</example>
380
+ <param pos="1" name="service.version"/>
381
+ <param pos="2" name="openssh.comment"/>
382
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
383
+ <param pos="0" name="service.family" value="OpenSSH"/>
384
+ <param pos="0" name="service.product" value="OpenSSH"/>
385
+ <param pos="0" name="os.vendor" value="Debian"/>
386
+ <param pos="0" name="os.device" value="General"/>
387
+ <param pos="0" name="os.family" value="Linux"/>
388
+ <param pos="0" name="os.product" value="Linux"/>
389
+ <param pos="0" name="os.version" value="7.0"/>
390
+ </fingerprint>
391
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian-5\+deb8u\d+.*)$">
364
392
  <description>OpenSSH running on Debian 8.x (jessie)</description>
365
- <example service.version="6.7p1" openssh.comment="Debian-5">OpenSSH_6.7p1 Debian-5</example>
366
- <example service.version="6.7p1" openssh.comment="Debian-5+deb8u1">OpenSSH_6.7p1 Debian-5+deb8u1</example>
367
393
  <example service.version="6.7p1" openssh.comment="Debian-5+deb8u2">OpenSSH_6.7p1 Debian-5+deb8u2</example>
394
+ <example service.version="6.7p1" openssh.comment="Debian-5+deb8u1~ui80+7">OpenSSH_6.7p1 Debian-5+deb8u1~ui80+7</example>
368
395
  <param pos="1" name="service.version"/>
369
396
  <param pos="2" name="openssh.comment"/>
370
397
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -376,26 +403,26 @@ fingerprint SSH servers.
376
403
  <param pos="0" name="os.product" value="Linux"/>
377
404
  <param pos="0" name="os.version" value="8.0"/>
378
405
  </fingerprint>
379
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Raspbian-5(?:\+deb8u\d+)?)$">
380
- <description>OpenSSH running on Raspbian 8.x (jessie)</description>
381
- <example service.version="6.7p1" openssh.comment="Raspbian-5">OpenSSH_6.7p1 Raspbian-5</example>
382
- <example service.version="6.7p1" openssh.comment="Raspbian-5+deb8u1">OpenSSH_6.7p1 Raspbian-5+deb8u1</example>
383
- <example service.version="6.7p1" openssh.comment="Raspbian-5+deb8u2">OpenSSH_6.7p1 Raspbian-5+deb8u2</example>
406
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian-\d\d?\+deb9u\d+)$">
407
+ <description>OpenSSH running on Debian 9.x (stretch)</description>
408
+ <example service.version="7.4p1" openssh.comment="Debian-10+deb9u1">OpenSSH_7.4p1 Debian-10+deb9u1</example>
409
+ <example service.version="6.0p1" openssh.comment="Debian-4+deb9u6">OpenSSH_6.0p1 Debian-4+deb9u6</example>
384
410
  <param pos="1" name="service.version"/>
385
411
  <param pos="2" name="openssh.comment"/>
386
412
  <param pos="0" name="service.vendor" value="OpenBSD"/>
387
413
  <param pos="0" name="service.family" value="OpenSSH"/>
388
414
  <param pos="0" name="service.product" value="OpenSSH"/>
389
- <param pos="0" name="os.vendor" value="Raspbian"/>
415
+ <param pos="0" name="os.vendor" value="Debian"/>
390
416
  <param pos="0" name="os.device" value="General"/>
391
417
  <param pos="0" name="os.family" value="Linux"/>
392
418
  <param pos="0" name="os.product" value="Linux"/>
393
- <param pos="0" name="os.version" value="8.0"/>
419
+ <param pos="0" name="os.version" value="9.0"/>
394
420
  </fingerprint>
395
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian-6(?:squeeze)?.*)$">
421
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian-\d+[+~]squeeze.*)$">
396
422
  <description>OpenSSH running on Debian 6.0 (squeeze)</description>
397
423
  <example service.version="5.5p1" openssh.comment="Debian-6+squeeze4">OpenSSH_5.5p1 Debian-6+squeeze4</example>
398
- <example service.version="5.5p1" openssh.comment="Debian-6">OpenSSH_5.5p1 Debian-6</example>
424
+ <example service.version="5.5p1" openssh.comment="Debian-26+squeeze7">OpenSSH_5.5p1 Debian-26+squeeze7</example>
425
+ <example service.version="5.8p1" openssh.comment="Debian-4~squeeze+1">OpenSSH_5.8p1 Debian-4~squeeze+1</example>
399
426
  <param pos="1" name="service.version"/>
400
427
  <param pos="2" name="openssh.comment"/>
401
428
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -409,6 +436,7 @@ fingerprint SSH servers.
409
436
  </fingerprint>
410
437
  <fingerprint pattern="^OpenSSH_([^\s]+)\s+((?:Debian|Ubuntu).+ubuntu.*)$">
411
438
  <description>OpenSSH running on Ubuntu</description>
439
+ <example service.version="7.2p2" openssh.comment="Ubuntu-4ubuntu2.2">OpenSSH_7.2p2 Ubuntu-4ubuntu2.2</example>
412
440
  <param pos="1" name="service.version"/>
413
441
  <param pos="2" name="openssh.comment"/>
414
442
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -422,6 +450,7 @@ fingerprint SSH servers.
422
450
  </fingerprint>
423
451
  <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+etch.*)$">
424
452
  <description>OpenSSH running on Debian 4.0 (etch)</description>
453
+ <example service.version="4.3p2" openssh.comment="Debian-9etch3">OpenSSH_4.3p2 Debian-9etch3</example>
425
454
  <param pos="1" name="service.version"/>
426
455
  <param pos="2" name="openssh.comment"/>
427
456
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -435,6 +464,7 @@ fingerprint SSH servers.
435
464
  </fingerprint>
436
465
  <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+sarge.*)$">
437
466
  <description>OpenSSH running on Debian 3.1 (sarge)</description>
467
+ <example service.version="3.8.1p1" openssh.comment="Debian-8.sarge.4">OpenSSH_3.8.1p1 Debian-8.sarge.4</example>
438
468
  <param pos="1" name="service.version"/>
439
469
  <param pos="2" name="openssh.comment"/>
440
470
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -448,6 +478,7 @@ fingerprint SSH servers.
448
478
  </fingerprint>
449
479
  <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+woody.*)$">
450
480
  <description>OpenSSH running on Debian 3.0 (woody)</description>
481
+ <example service.version="3.4p1" openssh.comment="Debian 1:3.4p1-1.woody.3">OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3</example>
451
482
  <param pos="1" name="service.version"/>
452
483
  <param pos="2" name="openssh.comment"/>
453
484
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -459,8 +490,69 @@ fingerprint SSH servers.
459
490
  <param pos="0" name="os.product" value="Linux"/>
460
491
  <param pos="0" name="os.version" value="3.0"/>
461
492
  </fingerprint>
493
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian-\d+(?:[~]?bpo[.]?\d+)?)$">
494
+ <description>OpenSSH running on Debian (unknown release)</description>
495
+ <example service.version="5.5p1" openssh.comment="Debian-6">OpenSSH_5.5p1 Debian-6</example>
496
+ <example service.version="4.3p2" openssh.comment="Debian-5~bpo.1">OpenSSH_4.3p2 Debian-5~bpo.1</example>
497
+ <example service.version="4.2p1" openssh.comment="Debian-4bpo1">OpenSSH_4.2p1 Debian-4bpo1</example>
498
+ <example service.version="7.4p1" openssh.comment="Debian-10">OpenSSH_7.4p1 Debian-10</example>
499
+ <param pos="1" name="service.version"/>
500
+ <param pos="2" name="openssh.comment"/>
501
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
502
+ <param pos="0" name="service.family" value="OpenSSH"/>
503
+ <param pos="0" name="service.product" value="OpenSSH"/>
504
+ <param pos="0" name="os.vendor" value="Debian"/>
505
+ <param pos="0" name="os.device" value="General"/>
506
+ <param pos="0" name="os.family" value="Linux"/>
507
+ <param pos="0" name="os.product" value="Linux"/>
508
+ </fingerprint>
509
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Raspbian-\d\d?\+deb9u\d+)$">
510
+ <description>OpenSSH running on Raspbian (Debian 9 "Stretch" based)</description>
511
+ <example service.version="7.4p1" openssh.comment="Raspbian-10+deb9u1">OpenSSH_7.4p1 Raspbian-10+deb9u1</example>
512
+ <example service.version="7.4p1" openssh.comment="Raspbian-9+deb9u1">OpenSSH_7.4p1 Raspbian-9+deb9u1</example>
513
+ <param pos="1" name="service.version"/>
514
+ <param pos="2" name="openssh.comment"/>
515
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
516
+ <param pos="0" name="service.family" value="OpenSSH"/>
517
+ <param pos="0" name="service.product" value="OpenSSH"/>
518
+ <param pos="0" name="os.vendor" value="Raspbian"/>
519
+ <param pos="0" name="os.device" value="General"/>
520
+ <param pos="0" name="os.family" value="Linux"/>
521
+ <param pos="0" name="os.product" value="Linux"/>
522
+ <param pos="0" name="os.version" value="9.0"/>
523
+ </fingerprint>
524
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Raspbian-5\+deb8u\d+)$">
525
+ <description>OpenSSH running on Raspbian (Debian 8 "Jessie" based)</description>
526
+ <example service.version="6.7p1" openssh.comment="Raspbian-5+deb8u1">OpenSSH_6.7p1 Raspbian-5+deb8u1</example>
527
+ <example service.version="6.7p1" openssh.comment="Raspbian-5+deb8u2">OpenSSH_6.7p1 Raspbian-5+deb8u2</example>
528
+ <param pos="1" name="service.version"/>
529
+ <param pos="2" name="openssh.comment"/>
530
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
531
+ <param pos="0" name="service.family" value="OpenSSH"/>
532
+ <param pos="0" name="service.product" value="OpenSSH"/>
533
+ <param pos="0" name="os.vendor" value="Raspbian"/>
534
+ <param pos="0" name="os.device" value="General"/>
535
+ <param pos="0" name="os.family" value="Linux"/>
536
+ <param pos="0" name="os.product" value="Linux"/>
537
+ <param pos="0" name="os.version" value="8.0"/>
538
+ </fingerprint>
539
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Raspbian-\d\d?)$">
540
+ <description>OpenSSH running on Raspbian (Debian, unknown release)</description>
541
+ <example service.version="7.5p1" openssh.comment="Raspbian-10">OpenSSH_7.5p1 Raspbian-10</example>
542
+ <example service.version="6.9p1" openssh.comment="Raspbian-3">OpenSSH_6.9p1 Raspbian-3</example>
543
+ <param pos="1" name="service.version"/>
544
+ <param pos="2" name="openssh.comment"/>
545
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
546
+ <param pos="0" name="service.family" value="OpenSSH"/>
547
+ <param pos="0" name="service.product" value="OpenSSH"/>
548
+ <param pos="0" name="os.vendor" value="Raspbian"/>
549
+ <param pos="0" name="os.device" value="General"/>
550
+ <param pos="0" name="os.family" value="Linux"/>
551
+ <param pos="0" name="os.product" value="Linux"/>
552
+ </fingerprint>
462
553
  <fingerprint pattern="^OpenSSH_(.*)\+(CAN-[0-9]{4}-[0-9]{4})$">
463
554
  <description>OpenSSH with CVE patch, as seen in Mac OS X</description>
555
+ <example service.version="3.4p1" openssh.cvepatch="CAN-2004-0175">OpenSSH_3.4p1+CAN-2004-0175</example>
464
556
  <param pos="1" name="service.version"/>
465
557
  <param pos="2" name="openssh.cvepatch"/>
466
558
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -473,6 +565,7 @@ fingerprint SSH servers.
473
565
  </fingerprint>
474
566
  <fingerprint pattern="^OpenSSH_(.*)_Mikrotik_v(.*)$">
475
567
  <description>OpenSSH on MikroTik</description>
568
+ <example service.version="2.3.0" os.version="2.9">OpenSSH_2.3.0_Mikrotik_v2.9</example>
476
569
  <param pos="1" name="service.version"/>
477
570
  <param pos="2" name="os.version"/>
478
571
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -497,6 +590,7 @@ fingerprint SSH servers.
497
590
  </fingerprint>
498
591
  <fingerprint pattern="^OpenSSH_(.*) in DesktopAuthority (?:.*)$">
499
592
  <description>DesktopAuthority SSH</description>
593
+ <example service.version="3.8">OpenSSH_3.8 in DesktopAuthority 7.1.091</example>
500
594
  <param pos="1" name="service.version"/>
501
595
  <param pos="0" name="service.vendor" value="OpenBSD"/>
502
596
  <param pos="0" name="service.family" value="OpenSSH"/>
@@ -516,17 +610,24 @@ fingerprint SSH servers.
516
610
  <param pos="0" name="service.family" value="OpenSSH"/>
517
611
  <param pos="0" name="service.product" value="OpenSSH"/>
518
612
  </fingerprint>
519
- <fingerprint pattern="^OpenSSH_(\d+\.\d+(?:\.\d+)?(?:p\d+)?)$">
613
+ <fingerprint pattern="^OpenSSH_(\d+\.\d+(?:\.\d+)?(?:p\d+)?) *$">
520
614
  <description>OpenSSH with just a version, no comment by vendor</description>
521
615
  <example service.version="5.9p1">OpenSSH_5.9p1</example>
522
616
  <example service.version="5.9">OpenSSH_5.9</example>
523
- <example service.version="3.8.1p1">OpenSSH_3.8.1p1</example>
617
+ <example service.version="3.8.1p1">OpenSSH_3.8.1p1 </example>
524
618
  <example service.version="6.6.1">OpenSSH_6.6.1</example>
525
619
  <param pos="1" name="service.version"/>
526
620
  <param pos="0" name="service.vendor" value="OpenBSD"/>
527
621
  <param pos="0" name="service.family" value="OpenSSH"/>
528
622
  <param pos="0" name="service.product" value="OpenSSH"/>
529
623
  </fingerprint>
624
+ <fingerprint pattern="^OpenSSH$">
625
+ <description>OpenSSH w/o version or comment</description>
626
+ <example>OpenSSH</example>
627
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
628
+ <param pos="0" name="service.family" value="OpenSSH"/>
629
+ <param pos="0" name="service.product" value="OpenSSH"/>
630
+ </fingerprint>
530
631
  <!-- SSH-1.99-OpenSSH_4.3p2-4.cern-hpn-CERN-4.3p2-4.cern -->
531
632
  <!--<fingerprint pattern="^OpenSSH_?([^\s]*)\s*(.*)$">
532
633
  <description>Catch all for OpenSSH based SSH servers
@@ -545,6 +646,7 @@ fingerprint SSH servers.
545
646
  <fingerprint pattern="^Cisco-(.*)$">
546
647
  <description>Cisco SSH banner (could be IOS or PIX).
547
648
  The version always seems to be 1.25</description>
649
+ <example service.version="1.25">Cisco-1.25</example>
548
650
  <param pos="1" name="service.version"/>
549
651
  <param pos="0" name="service.vendor" value="Cisco"/>
550
652
  <param pos="0" name="service.product" value="SSH"/>
@@ -562,6 +664,7 @@ fingerprint SSH servers.
562
664
  </fingerprint>
563
665
  <fingerprint pattern="^Sun_SSH_(.*)$">
564
666
  <description>Sun SSH banner</description>
667
+ <example service.version="1.1">Sun_SSH_1.1</example>
565
668
  <param pos="1" name="service.version"/>
566
669
  <param pos="0" name="service.vendor" value="Sun"/>
567
670
  <param pos="0" name="service.product" value="SSH"/>
@@ -582,6 +685,7 @@ fingerprint SSH servers.
582
685
  </fingerprint>
583
686
  <fingerprint pattern="^NetScreen$">
584
687
  <description>Netscreen</description>
688
+ <example>NetScreen</example>
585
689
  <param pos="0" name="service.vendor" value="Juniper"/>
586
690
  <param pos="0" name="service.family" value="NetScreen"/>
587
691
  <param pos="0" name="service.product" value="NetScreen"/>
@@ -603,8 +707,11 @@ fingerprint SSH servers.
603
707
  <param pos="0" name="os.product" value="VRP"/>
604
708
  <param pos="1" name="os.version"/>
605
709
  </fingerprint>
606
- <fingerprint pattern="^([^\s]+) sshlib: GlobalScape$">
710
+ <fingerprint pattern="^([\d.]+)[ _]sshlib:? (?i:GlobalScape)$">
607
711
  <description>GlobalScape SSH (which uses Bitvise sshlib)</description>
712
+ <example service.component.version="1.36">1.36_sshlib GlobalSCAPE</example>
713
+ <example service.component.version="1.82">1.82_sshlib Globalscape</example>
714
+ <example service.component.version="1.36">1.36 sshlib: GlobalScape</example>
608
715
  <param pos="1" name="service.component.version"/>
609
716
  <param pos="0" name="service.component.vendor" value="Bitvise"/>
610
717
  <param pos="0" name="service.component.family" value="sshlib"/>
@@ -618,6 +725,7 @@ fingerprint SSH servers.
618
725
  </fingerprint>
619
726
  <fingerprint pattern="^([^\s]+) sshlib: WinSSHD (.*)$">
620
727
  <description>Bitvise WinSSHD (which uses Bitvise sshlib)</description>
728
+ <example service.component.version="1.78" service.version="4.15a">1.78 sshlib: WinSSHD 4.15a</example>
621
729
  <param pos="1" name="service.component.version"/>
622
730
  <param pos="2" name="service.version"/>
623
731
  <param pos="0" name="service.component.vendor" value="Bitvise"/>
@@ -671,6 +779,19 @@ fingerprint SSH servers.
671
779
  <param pos="0" name="os.family" value="Windows"/>
672
780
  <param pos="0" name="os.product" value="Windows"/>
673
781
  </fingerprint>
782
+ <fingerprint pattern="^Pragma FortressSSH\s+([\d.]+)(?:\s+\[([\d.:]+)\])?$">
783
+ <description>Pragma FortressSSH</description>
784
+ <example service.version="5.0.9.2031">Pragma FortressSSH 5.0.9.2031</example>
785
+ <example service.version="5.0.9.2680" host.ip="10.10.10.10">Pragma FortressSSH 5.0.9.2680 [10.10.10.10]</example>
786
+ <param pos="1" name="service.version"/>
787
+ <param pos="2" name="host.ip"/>
788
+ <param pos="0" name="service.vendor" value="Pragma Systems"/>
789
+ <param pos="0" name="service.family" value="FortressSSH Server"/>
790
+ <param pos="0" name="service.product" value="FortressSSH Server"/>
791
+ <param pos="0" name="os.vendor" value="Microsoft"/>
792
+ <param pos="0" name="os.family" value="Windows"/>
793
+ <param pos="0" name="os.product" value="Windows"/>
794
+ </fingerprint>
674
795
  <fingerprint pattern="^VShell_(?:Special_Edition_)?(\d+)_(\d+)_(\d+)_(\d+) VShell$">
675
796
  <description>VanDyke VShell</description>
676
797
  <example service.version="3" service.version.version="6" service.version.version.version="2" service.version.version.version.version="446">VShell_3_6_2_446 VShell</example>
@@ -690,9 +811,11 @@ fingerprint SSH servers.
690
811
  <param pos="0" name="service.family" value="VShell"/>
691
812
  <param pos="0" name="service.product" value="VShell"/>
692
813
  </fingerprint>
693
- <fingerprint pattern="^WRQReflectionForSecureIT_(.*)$">
814
+ <fingerprint pattern="^WRQReflection(?i:F)orSecureIT_(.*)$">
694
815
  <description>Attachmate Reflection (formerly WRQ Reflection for Secure IT)
695
816
  </description>
817
+ <example service.version="6.1 Build 21">WRQReflectionForSecureIT_6.1 Build 21</example>
818
+ <example service.version="8.2 Build 117">WRQReflectionforSecureIT_8.2 Build 117</example>
696
819
  <param pos="1" name="service.version"/>
697
820
  <param pos="0" name="service.vendor" value="Attachmate"/>
698
821
  <param pos="0" name="service.family" value="Reflection"/>
@@ -701,6 +824,7 @@ fingerprint SSH servers.
701
824
  <fingerprint pattern="^([^\s]*)\s*F-Secure SSH\s*(?:.*)$">
702
825
  <description>Attachmate Reflection (formerly F-Secure SSH)
703
826
  </description>
827
+ <example service.version="3.2.3">3.2.3 F-Secure SSH Windows NT Server</example>
704
828
  <param pos="1" name="service.version"/>
705
829
  <param pos="0" name="service.vendor" value="Attachmate"/>
706
830
  <param pos="0" name="service.family" value="Reflection"/>
@@ -708,6 +832,7 @@ fingerprint SSH servers.
708
832
  </fingerprint>
709
833
  <fingerprint pattern="^([^\s]*)\s*SSH Tectia Server$">
710
834
  <description>SSH Communications Security Tectia Server</description>
835
+ <example service.version="6.4.12.353">6.4.12.353 SSH Tectia Server</example>
711
836
  <param pos="1" name="service.version"/>
712
837
  <param pos="0" name="service.vendor" value="SSH Communications Security"/>
713
838
  <param pos="0" name="service.family" value="SSH Tectia Server"/>
@@ -715,9 +840,9 @@ fingerprint SSH servers.
715
840
  </fingerprint>
716
841
  <fingerprint pattern="^([0-9\.]+) SSH Secure Shell(?: \(non-commercial\))?$">
717
842
  <description>SSH Communications Security Tectia Server</description>
718
- <example>3.2.9.1 SSH Secure Shell (non-commercial)</example>
719
- <example>4.0.3 SSH Secure Shell</example>
720
- <example>4.4.2.3 SSH Secure Shell</example>
843
+ <example service.version="3.2.9.1">3.2.9.1 SSH Secure Shell (non-commercial)</example>
844
+ <example service.version="4.0.3">4.0.3 SSH Secure Shell</example>
845
+ <example service.version="4.4.2.3">4.4.2.3 SSH Secure Shell</example>
721
846
  <param pos="1" name="service.version"/>
722
847
  <param pos="0" name="service.vendor" value="SSH Communications Security"/>
723
848
  <param pos="0" name="service.family" value="SSH Tectia Server"/>
@@ -725,7 +850,7 @@ fingerprint SSH servers.
725
850
  </fingerprint>
726
851
  <fingerprint pattern="^([0-9\.]+) SSH Secure Shell Windows NT Server$">
727
852
  <description>Unknown Windows SSH server</description>
728
- <example>4.0.3 SSH Secure Shell Windows NT Server</example>
853
+ <example service.version="4.0.3">4.0.3 SSH Secure Shell Windows NT Server</example>
729
854
  <param pos="0" name="os.vendor" value="Microsoft"/>
730
855
  <param pos="0" name="os.family" value="Windows"/>
731
856
  <param pos="0" name="os.product" value="Windows"/>
@@ -736,27 +861,32 @@ fingerprint SSH servers.
736
861
  </fingerprint>
737
862
  <fingerprint pattern="^ARRIS_(.*)$">
738
863
  <description>ARRIS device (though not clear which) - www.arrisi.com</description>
864
+ <example service.version="0.50">ARRIS_0.50</example>
739
865
  <param pos="1" name="service.version"/>
740
866
  <param pos="0" name="service.vendor" value="ARRIS"/>
741
867
  <param pos="0" name="service.product" value="ARRIS"/>
742
868
  <param pos="0" name="os.vendor" value="ARRIS"/>
743
869
  <param pos="0" name="os.product" value="Unknown"/>
744
870
  </fingerprint>
745
- <fingerprint pattern="^Mocana SSH.*$">
746
- <description>Mocana Embedded SSH (note, there seem to be spaces at the
747
- end of the returned banner, thus the .*</description>
871
+ <fingerprint pattern="^Mocana SSH\s?(?:([\d.]+))?$">
872
+ <description>Mocana Embedded SSH</description>
873
+ <example service.version="5.3.1">Mocana SSH 5.3.1</example>
874
+ <example>Mocana SSH </example>
875
+ <param pos="1" name="service.version"/>
748
876
  <param pos="0" name="service.vendor" value="Mocana"/>
749
877
  <param pos="0" name="service.family" value="Embedded SSH Server"/>
750
878
  <param pos="0" name="service.product" value="Embedded SSH Server"/>
751
879
  </fingerprint>
752
880
  <fingerprint pattern="^FreSSH\.(.*)$">
753
881
  <description>FreSSH</description>
882
+ <example service.version="0.8">FreSSH.0.8</example>
754
883
  <param pos="1" name="service.version"/>
755
884
  <param pos="0" name="service.family" value="FreSSH"/>
756
885
  <param pos="0" name="service.product" value="FreSSH"/>
757
886
  </fingerprint>
758
887
  <fingerprint pattern="^RomCliSecure_(.*)$">
759
888
  <description>RomCliSecure appears to be the Adtran NetVanta products</description>
889
+ <example service.version="4.12">RomCliSecure_4.12</example>
760
890
  <param pos="1" name="service.version"/>
761
891
  <param pos="0" name="service.vendor" value="Adtran"/>
762
892
  <param pos="0" name="service.family" value="NetVanta"/>
@@ -774,14 +904,23 @@ fingerprint SSH servers.
774
904
  <param pos="0" name="os.family" value="OpenVMS"/>
775
905
  <param pos="0" name="os.product" value="OpenVMS"/>
776
906
  </fingerprint>
907
+ <fingerprint pattern="^dropbear$">
908
+ <description>Dropbear w/o version - http://matt.ucc.asn.au/dropbear/dropbear.html</description>
909
+ <example>dropbear</example>
910
+ <param pos="0" name="service.family" value="Dropbear"/>
911
+ <param pos="0" name="service.product" value="Dropbear"/>
912
+ </fingerprint>
777
913
  <fingerprint pattern="^dropbear_(.*)$">
778
914
  <description>Dropbear - http://matt.ucc.asn.au/dropbear/dropbear.html</description>
915
+ <example service.version="2015.67">dropbear_2015.67</example>
916
+ <example service.version="0.49">dropbear_0.49</example>
779
917
  <param pos="1" name="service.version"/>
780
918
  <param pos="0" name="service.family" value="Dropbear"/>
781
919
  <param pos="0" name="service.product" value="Dropbear"/>
782
920
  </fingerprint>
783
921
  <fingerprint pattern="^lancom$">
784
922
  <description>LANCOM Systems - http://www.lancom-systems.de/</description>
923
+ <example>lancom</example>
785
924
  <param pos="0" name="service.vendor" value="LANCOM Systems"/>
786
925
  <param pos="0" name="service.family" value="SSH"/>
787
926
  <param pos="0" name="service.product" value="SSH"/>
@@ -790,6 +929,7 @@ fingerprint SSH servers.
790
929
  </fingerprint>
791
930
  <fingerprint pattern="^0$">
792
931
  <description>MOVEit DMZ</description>
932
+ <example>0</example>
793
933
  <param pos="0" name="service.vendor" value="Standard Networks"/>
794
934
  <param pos="0" name="service.family" value="MOVEit DMZ"/>
795
935
  <param pos="0" name="service.product" value="MOVEit DMZ"/>
@@ -868,6 +1008,17 @@ fingerprint SSH servers.
868
1008
  <param pos="0" name="os.family" value="RouterOS"/>
869
1009
  <param pos="0" name="os.product" value="RouterOS"/>
870
1010
  </fingerprint>
1011
+ <fingerprint pattern="^xlightftpd_release_([\d.]+)$">
1012
+ <description>Xlight FTP Server</description>
1013
+ <example service.version="3.8.3.6.1">xlightftpd_release_3.8.3.6.1</example>
1014
+ <param pos="1" name="service.version"/>
1015
+ <param pos="0" name="service.vendor" value="Xlight"/>
1016
+ <param pos="0" name="service.family" value="FTP Server"/>
1017
+ <param pos="0" name="service.product" value="FTP Server"/>
1018
+ <param pos="0" name="os.vendor" value="Microsoft"/>
1019
+ <param pos="0" name="os.family" value="Windows"/>
1020
+ <param pos="0" name="os.product" value="Windows"/>
1021
+ </fingerprint>
871
1022
  <!--
872
1023
  1.2.22j4rad
873
1024
  2.40
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: recog
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.17
4
+ version: 2.1.18
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rapid7 Research
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-11-28 00:00:00.000000000 Z
11
+ date: 2018-02-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec
@@ -239,7 +239,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
239
239
  version: '0'
240
240
  requirements: []
241
241
  rubyforge_project:
242
- rubygems_version: 2.6.6
242
+ rubygems_version: 2.6.11
243
243
  signing_key:
244
244
  specification_version: 4
245
245
  summary: Network service fingerprint database, classes, and utilities