recog 2.3.14 → 2.3.15

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c46efafef760f2701e6eeee565e715ac04544300ebfb08f0083db856e4c81603
-  data.tar.gz: 4e66bbd5ec6364325c9c7130aeb7434ab20242def9d7200d0e7d8e588f577c40
+  metadata.gz: 563ed349556c084c9c46b32ec41eece72724826ae355a639bd2dd55d4a990f3d
+  data.tar.gz: 03e767f4fd9557af69c716515e74595fbb5f287883c6d4e742a1aea1a6cdb0ef
 SHA512:
-  metadata.gz: 61ca19b2266100f66d6c220459941ddbc0aa795cbcd2bc52c6782cd66feeb6787a3d1657486ff2af99c196592b5cdabcb2c4d9b33e7efe136f175d2bf5c12bbc
-  data.tar.gz: dd5718510eb4780815fda18496c37afcbb4971246d2b9c6e439ca4697ac17ca1f9e70d3f634b04b5b9be7374e4fc15a346d3177ac5cf827c50e9136f48169009
+  metadata.gz: a5a458eef93bb3f5b9f298523f38f728e74bac390b22978af2bbf1c74b1ff55354128df657210ae49542b4a4338a3bdf8d69387c02a06ae7b0f59dc45e237775
+  data.tar.gz: 38d28282042fa32e206f795d63968fd45362563359e2a5d8a93070ac84b85e766c8bd8accebc518e6a06b8cd9d97a52cd5856928bc95de02857783b8669dbacc

data/.github/SECURITY.md

@@ -0,0 +1,35 @@
+# Reporting security issues
+
+Thanks for your interest in making Recog more secure! If you feel
+that you have found a security issue involving Metasploit, Meterpreter,
+Recog, or any other Rapid7 open source project, you are welcome to let
+us know in the way that's most comfortable for you.
+
+## Via ZenDesk
+
+You can click on the big blue button at [Rapid7's Vulnerability
+Disclosure][r7-vulns] page, which will get you to our general
+vulnerability reporting system. While this does require a (free) ZenDesk
+account to use, you'll get regular updates on your issue as our software
+support teams work through it. As it happens [that page][r7-vulns] also
+will tell you what to expect when it comes to reporting vulns, how fast
+we'll fix and respond, and all the rest, so it's a pretty good read
+regardless.
+
+## Via email
+
+If you're more of a traditionalist, you can email your finding to
+security@rapid7.com. If you like, you can use our [PGP key][pgp] to
+encrypt your messages, but we certainly don't mind cleartext reports
+over email.
+
+## NOT via GitHub Issues
+
+Please don't! Disclosing security vulnerabilities to public bug trackers
+is kind of mean, even when it's well-intentioned, since you end up
+dropping 0-day on pretty much everyone right out of the gate. We'd prefer
+you didn't!
+
+[r7-vulns]:https://www.rapid7.com/security/disclosure/
+[pgp]:https://keybase.io/rapid7/pgp_keys.asc?fingerprint=9a90aea0576cbcafa39c502ba5e16807959d3eda
+

data/lib/recog/version.rb

@@ -1,3 +1,3 @@
 module Recog
-  VERSION = '2.3.14'
+  VERSION = '2.3.15'
 end

data/xml/snmp_sysdescr.xml

@@ -6099,6 +6099,19 @@ Copyright (c) 1995-2005 by Cisco Systems
     <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:{os.version}"/>
   </fingerprint>
 
+
+  <fingerprint pattern="^SonicWALL (\S+).*?\(SonicOS \S+ ((?:\d\.)+\d+-\d+[a-zA-Z]).*\)">
+    <description>SonicWall - SonicOS Enhanced variant without hardware model</description>
+    <example hw.product="SOHO" os.version="5.9.1.4-4o">SonicWALL SOHO (SonicOS Enhanced 5.9.1.4-4o)</example>
+    <example hw.product="SOHO" os.version="6.2.5.1-26n">SonicWALL SOHO wireless-N (SonicOS Enhanced 6.2.5.1-26n--HF175723-2n)</example>
+    <param pos="0" name="os.vendor" value="SonicWall"/>
+    <param pos="0" name="os.device" value="Firewall"/>
+    <param pos="0" name="os.product" value="SonicOS"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:{os.version}"/>
+  </fingerprint>
+
   <fingerprint pattern="^SonicWALL (.*?)\s+\(([^\)]+)\)\s*$">
     <description>SonicWall</description>
     <example>SonicWALL StrongARM / 233 Mhz (PRO 200)</example>
@@ -6314,96 +6327,121 @@ Copyright (c) 1995-2005 by Cisco Systems
 
   <fingerprint pattern="^Siemens, SIMATIC HMI, ([^,]+),.*FW:\s*V([^,]+).*$">
     <description>Siemens HMI - firmware variant</description>
-    <example>Siemens, SIMATIC HMI, KTP1000 Basic PN, 6AV6 647-0AF11-3AX0, HW: 1, FW: V01.06.00, Revision: 1</example>
-    <example>Siemens, SIMATIC HMI, KTP600 Basic Mono PN, 6AV6647-0AB11-3AX0, HW:1, FW:V01.06.00</example>
+    <example hw.product="KTP1000 Basic PN">Siemens, SIMATIC HMI, KTP1000 Basic PN, 6AV6 647-0AF11-3AX0, HW: 1, FW: V01.06.00, Revision: 1</example>
+    <example hw.version="01.06.00">Siemens, SIMATIC HMI, KTP600 Basic Mono PN, 6AV6647-0AB11-3AX0, HW:1, FW:V01.06.00</example>
     <example>Siemens, SIMATIC HMI, KTP600 Basic color PN, 6AV6 647-0AD11-3AX0, HW:1, FW:V11.00.02.00</example>
-    <param pos="0" name="os.vendor" value="Siemens"/>
-    <param pos="0" name="os.device" value="Monitoring"/>
-    <param pos="0" name="os.family" value="Simatic HMI"/>
-    <param pos="1" name="os.product"/>
-    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.device" value="HMI Controller"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows CE"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:-"/>
+    <param pos="0" name="hw.vendor" value="Siemens"/>
+    <param pos="0" name="hw.family" value="Simatic HMI"/>
+    <param pos="0" name="hw.device" value="HMI Controller"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="2" name="hw.version"/>
   </fingerprint>
 
   <fingerprint pattern="^Siemens, SIMATIC HMI, ([^,]+),.*SW:\s*V\s*(\d+ \d+ \d+).*$">
     <description>Siemens HMI</description>
-    <example>Siemens, SIMATIC HMI, MP177, 6AV6 642-0EA01-3AX0, HW: 0, SW: V 1 0 0</example>
-    <example>Siemens, SIMATIC HMI, TP177B, 6AV6 642-0BD01-3AX0, HW: 0, SW: V 1 0 2</example>
+    <example hw.product="MP177">Siemens, SIMATIC HMI, MP177, 6AV6 642-0EA01-3AX0, HW: 0, SW: V 1 0 0</example>
+    <example hw.version="1 0 2">Siemens, SIMATIC HMI, TP177B, 6AV6 642-0BD01-3AX0, HW: 0, SW: V 1 0 2</example>
     <example>Siemens, SIMATIC HMI, XP277, 6AV6 643-0CB01-1AX0, HW: 0, SW: V 1 1 2</example>
     <example>Siemens, SIMATIC HMI, unknown, 6AV2 124-0GC01-0AX0, HW: 0, SW: V 11 0 2</example>
     <example>Siemens, SIMATIC HMI, unknown, 6AV2 124-0JC01-0AX0, HW: 0, SW: V 11 0 0</example>
-    <param pos="0" name="os.vendor" value="Siemens"/>
-    <param pos="0" name="os.device" value="Monitoring"/>
-    <param pos="0" name="os.family" value="Simatic HMI"/>
-    <param pos="1" name="os.product"/>
-    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.device" value="HMI Controller"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows CE"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:-"/>
+    <param pos="0" name="hw.vendor" value="Siemens"/>
+    <param pos="0" name="hw.family" value="Simatic HMI"/>
+    <param pos="0" name="hw.device" value="HMI Controller"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="2" name="hw.version"/>
   </fingerprint>
 
   <fingerprint pattern="^Siemens, SIMATIC NET, ([^,]+),.*FW:\s*(?:Version )?V?([^,]+).*$">
     <description>Siemens NET - verbose variant</description>
-    <example os.product="CP 343-1 Advanced" os.version="1.2.3">Siemens, SIMATIC NET, CP 343-1 Advanced, 6GK7 343-1GX30-0XE0, HW: Version 3, FW: Version V1.2.3, VPB9502953</example>
-    <example os.product="CP 343-1 Lean" os.version="2.6.0">Siemens, SIMATIC NET, CP 343-1 Lean, 6GK7 343-1CX10-0XE0, HW: Version 6, FW: Version V2.6.0, VPC3513639</example>
-    <example os.product="CP 343-1" os.version="2.2.20">Siemens, SIMATIC NET, CP 343-1, 6GK7 343-1EX30-0XE0, HW: Version 3, FW: Version V2.2.20, VPXN545808</example>
-    <example os.product="SCALANCE X204-2" os.version="4.01">Siemens, SIMATIC NET, SCALANCE X204-2, 6GK5 204-2BB10-2AA3, HW: 4, FW: V4.01</example>
-    <example os.product="Scalance S612" os.version="T03.00.00.00_25.00.00.01">Siemens, SIMATIC NET, Scalance S612, 6GK56120BA102AA3, HW: Version 6, FW: Version T03.00.00.00_25.00.00.01, VPB9542952</example>
-    <param pos="0" name="os.vendor" value="Siemens"/>
-    <param pos="0" name="os.device" value="Monitoring"/>
-    <param pos="0" name="os.family" value="Simatic NET"/>
-    <param pos="1" name="os.product"/>
-    <param pos="2" name="os.version"/>
+    <example hw.product="CP 343-1 Advanced" hw.version="1.2.3">Siemens, SIMATIC NET, CP 343-1 Advanced, 6GK7 343-1GX30-0XE0, HW: Version 3, FW: Version V1.2.3, VPB9502953</example>
+    <example hw.product="CP 343-1 Lean" hw.version="2.6.0">Siemens, SIMATIC NET, CP 343-1 Lean, 6GK7 343-1CX10-0XE0, HW: Version 6, FW: Version V2.6.0, VPC3513639</example>
+    <example hw.product="CP 343-1" hw.version="2.2.20">Siemens, SIMATIC NET, CP 343-1, 6GK7 343-1EX30-0XE0, HW: Version 3, FW: Version V2.2.20, VPXN545808</example>
+    <example hw.product="SCALANCE X204-2" hw.version="4.01">Siemens, SIMATIC NET, SCALANCE X204-2, 6GK5 204-2BB10-2AA3, HW: 4, FW: V4.01</example>
+    <example hw.product="Scalance S612" hw.version="T03.00.00.00_25.00.00.01">Siemens, SIMATIC NET, Scalance S612, 6GK56120BA102AA3, HW: Version 6, FW: Version T03.00.00.00_25.00.00.01, VPB9542952</example>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows 7"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_7:-"/>
+    <param pos="0" name="hw.vendor" value="Siemens"/>
+    <param pos="0" name="hw.family" value="Simatic NET"/>
+    <param pos="0" name="hw.device" value="Monitoring"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="2" name="hw.version"/>
   </fingerprint>
 
   <fingerprint pattern="^Siemens, SIMATIC NET (\S+) FW V (\S+)$">
     <description>Siemens NET</description>
-    <example>Siemens, SIMATIC NET CP1613 FW V 06.33</example>
-    <param pos="0" name="os.vendor" value="Siemens"/>
-    <param pos="0" name="os.device" value="Monitoring"/>
-    <param pos="0" name="os.family" value="Simatic NET"/>
-    <param pos="1" name="os.product"/>
-    <param pos="2" name="os.version"/>
+    <example hw.product="CP1613" hw.version="06.33">Siemens, SIMATIC NET CP1613 FW V 06.33</example>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows 7"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_7:-"/>
+    <param pos="0" name="hw.vendor" value="Siemens"/>
+    <param pos="0" name="hw.family" value="Simatic NET"/>
+    <param pos="0" name="hw.device" value="Monitoring"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="2" name="hw.version"/>
   </fingerprint>
 
   <fingerprint pattern="^Siemens, SIMATIC S7, ([^,]+), .*?FW: (?:Version )?V?\.?([^,]+).*$">
     <description>Siemens S7</description>
-    <example os.product="CPU-1200" os.version="2.0.2">Siemens, SIMATIC S7, CPU-1200, 6ES7 211-1BD30-0XB0, HW: 1, FW: V.2.0.2, SZVX8YU9000553</example>
-    <example os.product="CPU315-2 PN/DP" os.version="2.5.0">Siemens, SIMATIC S7, CPU315-2 PN/DP, 6ES7 315-2EH13-0AB0 , HW: 3, FW: V2.5.0, S C-V4P07826200</example>
-    <example os.product="IM151-8" os.version="3.2.3">Siemens, SIMATIC S7, IM151-8, 6ES7 151-8AB01-0AB0 , HW: 2, FW: V3.2.3, S C-B3UC78192011</example>
-    <param pos="0" name="os.vendor" value="Siemens"/>
-    <param pos="0" name="os.device" value="Monitoring"/>
-    <param pos="0" name="os.family" value="Simatic S7"/>
-    <param pos="1" name="os.product"/>
-    <param pos="2" name="os.version"/>
+    <example hw.product="CPU-1200" hw.version="2.0.2">Siemens, SIMATIC S7, CPU-1200, 6ES7 211-1BD30-0XB0, HW: 1, FW: V.2.0.2, SZVX8YU9000553</example>
+    <example hw.product="CPU315-2 PN/DP" hw.version="2.5.0">Siemens, SIMATIC S7, CPU315-2 PN/DP, 6ES7 315-2EH13-0AB0 , HW: 3, FW: V2.5.0, S C-V4P07826200</example>
+    <example hw.product="IM151-8" hw.version="3.2.3">Siemens, SIMATIC S7, IM151-8, 6ES7 151-8AB01-0AB0 , HW: 2, FW: V3.2.3, S C-B3UC78192011</example>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="hw.vendor" value="Siemens"/>
+    <param pos="0" name="hw.family" value="Simatic S7"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="2" name="hw.version"/>
   </fingerprint>
 
   <fingerprint pattern="^Siemens, SIMATIC S7, ([^,]+), .*?, V\.([^,]+).*$">
     <description>Siemens S7 - variant 1</description>
-    <example>Siemens, SIMATIC S7, CPU-1200, 6ES7 212-1BD30-0XB0 SZVA1YU6008610 , 1, V.1.0.1, SZVA1YU6008610</example>
-    <example>Siemens, SIMATIC S7, CPU-1200, 6ES7 212-1HD30-0XB0 SZVA3YU7002312 , 1, V.1.0.1, SZVA3YU7002312</example>
+    <example hw.product="CPU-1200">Siemens, SIMATIC S7, CPU-1200, 6ES7 212-1BD30-0XB0 SZVA1YU6008610 , 1, V.1.0.1, SZVA1YU6008610</example>
+    <example hw.version="1.0.1">Siemens, SIMATIC S7, CPU-1200, 6ES7 212-1HD30-0XB0 SZVA3YU7002312 , 1, V.1.0.1, SZVA3YU7002312</example>
     <example>Siemens, SIMATIC S7, CPU-1200, 6ES7 214-1BE30-0XB0 SZVA2YYY007305 , 1, V.1.0.2, SZVA2YYY007305</example>
-    <param pos="0" name="os.vendor" value="Siemens"/>
-    <param pos="0" name="os.device" value="Monitoring"/>
-    <param pos="0" name="os.family" value="Simatic S7"/>
-    <param pos="1" name="os.product"/>
-    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="hw.vendor" value="Siemens"/>
+    <param pos="0" name="hw.family" value="Simatic S7"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="2" name="hw.version"/>
   </fingerprint>
 
   <fingerprint pattern="^Siemens, SIMATIC, (\S+)$">
     <description>Siemens S7 - model only variant</description>
-    <example>Siemens, SIMATIC, S7-300</example>
-    <param pos="0" name="os.vendor" value="Siemens"/>
-    <param pos="0" name="os.device" value="Monitoring"/>
-    <param pos="0" name="os.family" value="Simatic S7"/>
-    <param pos="1" name="os.product"/>
+    <example hw.product="S7-300">Siemens, SIMATIC, S7-300</example>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="hw.vendor" value="Siemens"/>
+    <param pos="0" name="hw.family" value="Simatic S7"/>
+    <param pos="1" name="hw.product"/>
   </fingerprint>
 
   <fingerprint pattern="^Siemens, SINUMERIK, solution line ([^,]+),.*?FW:V([^,]+).*$">
     <description>Siemens Sinumerik Solution Line</description>
-    <example>Siemens, SINUMERIK, solution line PCU50, , HW:1, FW:V00.00.00,</example>
-    <example>Siemens, SINUMERIK, solution line PCU50.3B-P 1GB XP, 6FC5210-0DF33-2AB0, HW:A, FW:V00.00.00, ST-BN2040231</example>
-    <param pos="0" name="os.vendor" value="Siemens"/>
+    <example hw.product="PCU50">Siemens, SINUMERIK, solution line PCU50, , HW:1, FW:V00.00.00,</example>
+    <example hw.version="00.00.00">Siemens, SINUMERIK, solution line PCU50.3B-P 1GB XP, 6FC5210-0DF33-2AB0, HW:A, FW:V00.00.00, ST-BN2040231</example>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.device" value="Monitoring"/>
-    <param pos="0" name="os.family" value="Simatic Sinumerik"/>
-    <param pos="1" name="os.product"/>
-    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows 10"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_10:-"/>
+    <param pos="0" name="hw.vendor" value="Siemens"/>
+    <param pos="0" name="hw.family" value="Simatic Sinumerik"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="2" name="hw.version"/>
   </fingerprint>
 
   <fingerprint pattern="^Name:(ReliantUNIX)-. release:(\S+) version:(\S+) machine:(\S+)$">

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: recog
 version: !ruby/object:Gem::Version
-  version: 2.3.14
+  version: 2.3.15
 platform: ruby
 authors:
 - Rapid7 Research
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-08-07 00:00:00.000000000 Z
+date: 2020-10-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -127,6 +127,7 @@ files:
 - ".github/ISSUE_TEMPLATE/feature_request.md"
 - ".github/ISSUE_TEMPLATE/fingerprint_request.md"
 - ".github/PULL_REQUEST_TEMPLATE"
+- ".github/SECURITY.md"
 - ".gitignore"
 - ".rspec"
 - ".ruby-gemset"