recog 3.1.4 → 3.1.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 557c1d99485c8380bbe7b061b885dc4df9a327ab4f095dbee845f782fcf966df
-  data.tar.gz: 55e270af569dd15e9c8ca1cbfcd486f530d4ff2addc31952bae90c90551a7ce7
+  metadata.gz: 0c9b6f01ea5204e6bd877f0896ad0341c2c85d6f5b49f8fd4212ea1bb8478b74
+  data.tar.gz: ad552bc83c666faab4328a1acac910a47173b24fd2e6cf61b350d7c592f6ade6
 SHA512:
-  metadata.gz: c10d317a7ece06a0d34693405af50cde4d93f6400517e314f9e6b8e5f99c516ef8334527f7ba9fb11c1cae93b48b54862ea79ae11bdc0c9526ec0b9da62e5ccd
-  data.tar.gz: 603370bb6a3f30b948ca6bbfc21da7ca00699ec6d9734e3cf32ff955030dc44931a6515140b94bb707363175316ca29bc3a27e2bf0411b47c1c0467ad03fab96
+  metadata.gz: 8f200a41aa9921e4c00ffc0070225a59804bf5fafc0c3c8caf5bd7e306225e1b85b94a0e45a1ca6c37b6c275128053d50aa14fe365f285557a0afe1a288bef03
+  data.tar.gz: f4140eb456538153b6b8f8ede0652c39f0329b47e1529578701c1a37d81ca5278bdfbb37ef1fd6801e6faf19aa0017d5a7279636d3378ecc1c6cf6f4ffe227aa

data/lib/recog/fingerprint.rb

@@ -222,7 +222,7 @@ module Recog
 
       # match up the fingerprint parameters with test attributes
       tests.each do |test|
-        test.attributes.each do |k, _v|
+        test.attributes.each_key do |k|
           capture_group_used[k] = true if capture_group_used.key?(k)
         end
       end

data/lib/recog/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Recog
-  VERSION = '3.1.4'
+  VERSION = '3.1.5'
 end

data/recog/xml/favicons.xml

@@ -30,16 +30,16 @@
     <param pos="0" name="service.product" value="Media Server"/>
   </fingerprint>
 
-  <fingerprint pattern="^(?:1a60f7f928a659f763204d525b3cf90d|6d4c72194ecff7ead96f65db45851be9|55ece828b1329741c1d553a6575d71f1)$">
+  <fingerprint pattern="^(?:1a60f7f928a659f763204d525b3cf90d|6d4c72194ecff7ead96f65db45851be9|55ece828b1329741c1d553a6575d71f1|6e5e9d5cf722ba7dca6ffe417c3bb678)$">
     <description>Radarr</description>
     <!-- favicon-16x16.png -->
-
     <example>1a60f7f928a659f763204d525b3cf90d</example>
-    <!-- favicon-32x32.png -->
 
+    <!-- favicon-32x32.png -->
     <example>6d4c72194ecff7ead96f65db45851be9</example>
-    <!-- favicon.ico -->
+    <example>6e5e9d5cf722ba7dca6ffe417c3bb678</example>
 
+    <!-- favicon.ico -->
     <example>55ece828b1329741c1d553a6575d71f1</example>
     <param pos="0" name="service.vendor" value="Radarr"/>
     <param pos="0" name="service.product" value="Radarr"/>
@@ -1216,13 +1216,20 @@
   <fingerprint pattern="^e4fd990b4b8a5d61bd5ddb98cdfc7190$">
     <description>OPNsense Firewall</description>
     <example>e4fd990b4b8a5d61bd5ddb98cdfc7190</example>
+    <param pos="0" name="service.vendor" value="OPNSense"/>
+    <param pos="0" name="service.product" value="OPNSense"/>
+    <param pos="0" name="service.device" value="Firewall"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:opnsense:opnsense:-"/>
+    <param pos="0" name="service.component.vendor" value="lighttpd"/>
+    <param pos="0" name="service.component.product" value="lighttpd"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:lighttpd:lighttpd:-"/>
+    <param pos="0" name="os.vendor" value="FreeBSD"/>
+    <param pos="0" name="os.product" value="FreeBSD"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:freebsd:freebsd:-"/>
     <param pos="0" name="hw.vendor" value="OPNsense"/>
     <param pos="0" name="hw.device" value="Firewall"/>
     <param pos="0" name="hw.product" value="Firewall"/>
     <param pos="0" name="hw.certainty" value="0.5"/>
-    <param pos="0" name="os.vendor" value="OPNsense"/>
-    <param pos="0" name="os.product" value="FreeBSD"/>
-    <param pos="0" name="os.certainty" value="0.5"/>
   </fingerprint>
 
   <fingerprint pattern="^979d9a884c322862e6830f61e2c378e6$">
@@ -1987,7 +1994,6 @@
     <example>1b786be7a46bd96a503a81b7faf86263</example>
     <param pos="0" name="service.vendor" value="AdGuard"/>
     <param pos="0" name="service.product" value="AdGuard Home"/>
-    <param pos="0" name="service.certainty" value="0.5"/>
   </fingerprint>
 
   <fingerprint pattern="^4f52bd9a74742b08b0a152559da4d32a$">
@@ -2503,7 +2509,7 @@
     <param pos="0" name="service.product" value="SYNAPSE Medical Platform"/>
     <param pos="0" name="service.certainty" value="0.5"/>
   </fingerprint>
-  
+
   <fingerprint pattern="^6daa3eca79787964627179fd5a1c724d">
     <description>b-rayZ</description>
     <example>6daa3eca79787964627179fd5a1c724d</example>
@@ -2552,4 +2558,4 @@
     <param pos="0" name="service.certainty" value="0.5"/>
   </fingerprint>
 
-</fingerprints>
+</fingerprints>

data/recog/xml/html_title.xml

@@ -3952,6 +3952,21 @@
     <param pos="0" name="os.product" value="FreeBSD"/>
   </fingerprint>
 
+  <fingerprint pattern="^Login \| OPNsense$">
+    <description>OPNSense Firewall</description>
+    <example>Login | OPNsense</example>
+    <param pos="0" name="service.vendor" value="OPNSense"/>
+    <param pos="0" name="service.product" value="OPNSense"/>
+    <param pos="0" name="service.device" value="Firewall"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:opnsense:opnsense:-"/>
+    <param pos="0" name="service.component.vendor" value="lighttpd"/>
+    <param pos="0" name="service.component.product" value="lighttpd"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:lighttpd:lighttpd:-"/>
+    <param pos="0" name="os.vendor" value="FreeBSD"/>
+    <param pos="0" name="os.product" value="FreeBSD"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:freebsd:freebsd:-"/>
+  </fingerprint>
+
   <fingerprint pattern="^Vigor Login Page$">
     <description>DrayTek Vigor network equipment - without model or version</description>
     <example>Vigor Login Page</example>
@@ -4337,4 +4352,12 @@
     <param pos="0" name="hw.device" value="SD-WAN Appliance"/>
   </fingerprint>
 
+  <fingerprint pattern="^Sign In - Miniflux$">
+    <description>Miniflux</description>
+    <example>Sign In - Miniflux</example>
+    <param pos="0" name="service.vendor" value="Miniflux"/>
+    <param pos="0" name="service.product" value="Miniflux"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:miniflux:miniflux:-"/>
+  </fingerprint>
+
 </fingerprints>

data/recog/xml/http_servers.xml

@@ -4398,11 +4398,16 @@
   <fingerprint pattern="^OPNsense$">
     <description>OPNsense Firewall</description>
     <example>OPNsense</example>
-    <param pos="0" name="hw.vendor" value="OPNsense"/>
-    <param pos="0" name="hw.device" value="Firewall"/>
-    <param pos="0" name="hw.product" value="Firewall"/>
-    <param pos="0" name="os.vendor" value="OPNsense"/>
+    <param pos="0" name="service.vendor" value="OPNSense"/>
+    <param pos="0" name="service.product" value="OPNSense"/>
+    <param pos="0" name="service.device" value="Firewall"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:opnsense:opnsense:-"/>
+    <param pos="0" name="service.component.vendor" value="lighttpd"/>
+    <param pos="0" name="service.component.product" value="lighttpd"/>
+    <param pos="0" name="service.component.cpe23" value="cpe:/a:lighttpd:lighttpd:-"/>
+    <param pos="0" name="os.vendor" value="FreeBSD"/>
     <param pos="0" name="os.product" value="FreeBSD"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:freebsd:freebsd:-"/>
   </fingerprint>
 
   <fingerprint pattern="^ELAN Controller$">
@@ -5175,4 +5180,14 @@
     <param pos="2" name="os.arch"/>
   </fingerprint>
 
+  <fingerprint pattern="^FbxWSD/1[.]0$">
+    <description>Freebox Device</description>
+    <example >FbxWSD/1.0</example>
+    <param pos="0" name="os.vendor" value="Freebox"/>
+    <param pos="0" name="os.product" value="Freebox OS"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="hw.vendor" value="Freebox"/>
+    <param pos="0" name="hw.device" value="Device"/>
+  </fingerprint>
+
 </fingerprints>

data/recog/xml/http_wwwauth.xml

@@ -726,6 +726,12 @@
     <param pos="0" name="hw.device" value="Power Device"/>
   </fingerprint>
 
+  <fingerprint pattern="(?i)^Basic realm=&quot;Lidarr&quot;">
+    <description>Lidarr</description>
+    <param pos="0" name="service.vendor" value="Lidarr"/>
+    <param pos="0" name="service.product" value="Lidarr"/>
+  </fingerprint>
+
   <!-- a variety of headers we currently just ignore -->
 
   <fingerprint pattern="(?i)^NTLM$">

data/recog/xml/http_xpoweredby.xml

@@ -0,0 +1,15 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<fingerprints matches="http_header.x-powered-by" protocol="http" database_type="service" preference="0.90">
+  <!-- HTTP X-Powered_by headers are matched against these patterns to fingerprint HTTP services. -->
+
+  <fingerprint pattern="^PHP/([0-9.]+)$">
+    <description>PHP</description>
+    <example service.version="8.2.14">PHP/8.2.14</example>
+    <param pos="0" name="service.vendor" value="PHP"/>
+    <param pos="0" name="service.family" value="PHP"/>
+    <param pos="0" name="service.product" value="PHP"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:php:php:{service.version}"/>
+  </fingerprint>
+
+</fingerprints>

data/recog/xml/rtsp_servers.xml

@@ -100,12 +100,14 @@
     <param pos="0" name="hw.device" value="IP Camera"/>
   </fingerprint>
 
-  <fingerprint pattern="^fbxrtspd/[0-9.]+ Freebox RTSP server$">
+  <fingerprint pattern="^fbxrtspd/([0-9.]+) Freebox RTSP server$">
     <description>Freebox OS on Freebox Set-top Box Devices</description>
+    <example os.version="1.2">fbxrtspd/1.2 Freebox RTSP server</example>
     <param pos="0" name="os.vendor" value="Freebox"/>
     <param pos="0" name="os.product" value="Freebox OS"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="hw.vendor" value="Freebox"/>
+    <param pos="1" name="os.version"/>
   </fingerprint>
 
 </fingerprints>

data/recog/xml/sip_user_agents.xml

@@ -312,7 +312,7 @@
     <param pos="2" name="hw.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^PolycomRealPresenceGroup(\d+)/([\d\._]+)+$">
+  <fingerprint pattern="^PolycomRealPresenceGroup(\d+)/([\d\._]+)$">
     <description>Polycom RealPresence Group Video Conferencing</description>
     <example hw.model="700" hw.product="RealPresence Group 700" hw.version="6.2.0">PolycomRealPresenceGroup700/6.2.0</example>
     <param pos="0" name="hw.vendor" value="Polycom"/>
@@ -712,4 +712,4 @@
     <param pos="0" name="hw.device" value="Broadband Router"/>
   </fingerprint>
 
-</fingerprints>
+</fingerprints>

data/recog/xml/snmp_sysdescr.xml

@@ -1820,6 +1820,47 @@ Copyright (c) 1995-2005 by Cisco Systems
     <param pos="0" name="os.product" value="Wireless Controller"/>
   </fingerprint>
 
+  <fingerprint pattern="Meraki (MX[A-Z0-9]{2,10})">
+    <description>Meraki MX Cloud-Managed Security and SD-WAN</description>
+    <example hw.model="MX68">Meraki MX68 Router/Security Appliance</example>
+    <example hw.model="MX84">Meraki MX84 Cloud Managed Router</example>
+    <param pos="0" name="os.certainty" value="0.7"/>
+    <param pos="0" name="os.vendor" value="Cisco"/>
+    <param pos="0" name="os.family" value="Meraki"/>
+    <param pos="0" name="os.product" value="Meraki MX"/>
+    <param pos="0" name="os.device" value="Security Appliance"/>
+    <param pos="0" name="hw.series" value="Meraki MX"/>
+    <param pos="1" name="hw.model"/>
+  </fingerprint>
+
+  <fingerprint pattern="Meraki (MR[A-Z0-9]{2,10})">
+    <description>Meraki MR Cloud-Managed Wi-Fi Access Points</description>
+    <example hw.model="MR46E">Meraki MR46E Cloud Managed AP</example>
+    <example hw.model="MR90">Meraki MR90 Cloud Managed AP</example>
+    <param pos="0" name="os.certainty" value="0.7"/>
+    <param pos="0" name="os.vendor" value="Cisco"/>
+    <param pos="0" name="os.family" value="Meraki"/>
+    <param pos="0" name="os.product" value="Meraki MR"/>
+    <param pos="0" name="os.device" value="WAP"/>
+    <param pos="0" name="hw.series" value="Meraki MR"/>
+    <param pos="1" name="hw.model"/>
+  </fingerprint>
+
+  <fingerprint pattern="Meraki (MS[A-Z0-9-]{2,15})">
+    <description>Meraki MS Cloud-Managed Network Switches</description>
+    <example hw.model="MS120-8LP">Meraki MS120-8LP Cloud Managed PoE Switch</example>
+    <example hw.model="MS225-24P">Meraki MS225-24P Cloud Managed PoE Switch</example>
+    <example hw.model="MS220-8P">Meraki MS220-8P Cloud Managed PoE Switch</example>
+    <example hw.model="MS250-48">Cisco Meraki MS250-48 Cloud Managed Switch</example>
+    <param pos="0" name="os.certainty" value="0.7"/>
+    <param pos="0" name="os.vendor" value="Cisco"/>
+    <param pos="0" name="os.family" value="Meraki"/>
+    <param pos="0" name="os.product" value="Meraki MS"/>
+    <param pos="0" name="os.device" value="Switch"/>
+    <param pos="0" name="hw.series" value="Meraki MS"/>
+    <param pos="1" name="hw.model"/>
+  </fingerprint>
+
   <!--======================================================================
                              Crestron
    =======================================================================-->

data/recog/xml/telnet_banners.xml

@@ -2257,9 +2257,9 @@
       ********************************************
       *            Welcome to SMG1016M           *
       ********************************************
-
       foo.bar.baz login:
     -->
+
     <example hw.product="SMG1016M" host.name="foo.bar.baz" _encoding="base64">
       DQ0KDQoNKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioNCg0qI
       CAgICAgICAgICAgV2VsY29tZSB0byBTTUcxMDE2TSAgICAgICAgICAgKg0KDSoqKioqKioqKi
@@ -2299,12 +2299,10 @@
     <description>Baxter SIGMA Spectrum Infusion System with Wireless Battery Module</description>
     <!--
       Welcome to the SIGMA Spectrum Diagnostic Terminal
-
       Wireless Battery Module (802.11a/b/g/n)
       MAC Address: 00-40-9d-12-34-56 SW: 20 D29
       Sigma Spectrum SN: 1234567 SW: v8.00.01
       Radio up since: Fri Mar  1 03:14:24 2019
-
       login:
     -->
 

data/recog/xml/x509_issuers.xml

@@ -120,6 +120,7 @@
     <example chromecast.generation="9" chromecast.capabilities="Audio Assist">CN=Chromecast ICA 9 (Audio Assist),OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
     <example chromecast.generation="11" chromecast.capabilities="Video Assist">CN=Chromecast ICA 11 (Video Assist),OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
     <example chromecast.generation="12">CN=Chromecast ICA 12,OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
+    <example chromecast.generation="21" chromecast.capabilities="ATV">CN=Chromecast ICA 21 (ATV),OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
     <param pos="0" name="os.vendor" value="Google"/>
     <param pos="0" name="os.product" value="Chrome OS"/>
     <param pos="0" name="os.certainty" value="0.5"/>
@@ -133,6 +134,21 @@
     <param pos="2" name="chromecast.capabilities"/>
   </fingerprint>
 
+  <fingerprint pattern="^CN=atvremote/[a-z_]+/([a-z]+)/Chromecast/">
+    <description>Google Chromecast - mDNS</description>
+    <example chromecast.codename="sabrina">CN=atvremote/sabrina_prod_stable/sabrina/Chromecast/13:37:F0:0B:AR:42</example>
+    <param pos="0" name="os.vendor" value="Google"/>
+    <param pos="0" name="os.product" value="Chrome OS"/>
+    <param pos="0" name="os.certainty" value="0.5"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:google:chrome_os:-"/>
+    <param pos="0" name="hw.device" value="Media Server"/>
+    <param pos="0" name="hw.vendor" value="Google"/>
+    <param pos="0" name="hw.product" value="Chromecast"/>
+    <param pos="0" name="hw.certainty" value="0.5"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:google:chromecast:-"/>
+    <param pos="1" name="chromecast.codename"/>
+  </fingerprint>
+
   <fingerprint pattern="^CN=Asus fugu Cast ICA,OU=Widevine,O=Google Inc,L=Kirkland,ST=Washington,C=US$">
     <description>ASUS Nexus Player (Android) with Google Cast</description>
     <example>CN=Asus fugu Cast ICA,OU=Widevine,O=Google Inc,L=Kirkland,ST=Washington,C=US</example>

data/recog/xml/x509_subjects.xml

@@ -1091,9 +1091,10 @@
     <param pos="0" name="os.product" value="FreeBSD"/>
   </fingerprint>
 
-  <fingerprint pattern="^O=OPNsense,L=Middelharnis,ST=Zuid-Holland,C=NL$">
+  <fingerprint pattern="^O=OPNsense(?:[.]localdomain)?,L=Middelharnis,ST=Zuid-Holland,C=NL$">
     <description>OPNsense Firewall</description>
     <example>O=OPNsense,L=Middelharnis,ST=Zuid-Holland,C=NL</example>
+    <example>O=OPNsense.localdomain,L=Middelharnis,ST=Zuid-Holland,C=NL</example>
     <param pos="0" name="hw.vendor" value="OPNsense"/>
     <param pos="0" name="hw.device" value="Firewall"/>
     <param pos="0" name="hw.product" value="Firewall"/>
@@ -1657,7 +1658,7 @@
   </fingerprint>
 
   <fingerprint pattern="^CN=Freebox Intermediate CA,O=Freebox,ST=France,C=FR$">
-    <description>Freebox Device</description>
+    <description>Freebox Device - Intermediate CA</description>
     <example>CN=Freebox Intermediate CA,O=Freebox,ST=France,C=FR</example>
     <param pos="0" name="os.vendor" value="Freebox"/>
     <param pos="0" name="os.product" value="Freebox OS"/>
@@ -1666,6 +1667,16 @@
     <param pos="0" name="hw.device" value="Device"/>
   </fingerprint>
 
+  <fingerprint pattern="^CN=[0-9a-z]+[.]fbxos[.]fr,C=FR$">
+    <description>Freebox Device</description>
+    <example>CN=d36ob5re.fbxos.fr,C=FR</example>
+    <param pos="0" name="os.vendor" value="Freebox"/>
+    <param pos="0" name="os.product" value="Freebox OS"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="hw.vendor" value="Freebox"/>
+    <param pos="0" name="hw.device" value="Device"/>
+  </fingerprint>
+
   <fingerprint pattern="^CN=TP-LINK CA,O=TP-LINK Technologies CO.\\, LTD.,L=Shenzhen,ST=Guangdong,C=CN(?:,\S+)?$">
     <description>TP-LINK Device</description>
     <example>CN=TP-LINK CA,O=TP-LINK Technologies CO.\, LTD.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c16736572766963654074702d6c696e6b2e636f6d2e636e</example>

data/recog.gemspec

@@ -31,9 +31,12 @@ Gem::Specification.new do |s|
   s.executables   = s.files.grep(%r{^recog/bin/}).map { |f| File.basename(f) }
   s.require_paths = ['lib']
 
-  if ENV['GEM_PUBLIC_CERT'] && ENV['GEM_PRIVATE_KEY']	
-    s.cert_chain  = [ENV["GEM_PUBLIC_CERT"]]	
-    s.signing_key = File.expand_path(ENV["GEM_PRIVATE_KEY"])	
+  gem_public_cert = ENV['GEM_PUBLIC_CERT']
+  gem_private_key = ENV['GEM_PRIVATE_KEY']
+
+  if gem_public_cert && gem_private_key
+    s.cert_chain  = [gem_public_cert]
+    s.signing_key = File.expand_path(gem_private_key)
   end
 
   # ---- Dependencies ----

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: recog
 version: !ruby/object:Gem::Version
-  version: 3.1.4
+  version: 3.1.5
 platform: ruby
 authors:
 - Rapid7 Research
@@ -34,7 +34,7 @@ cert_chain:
   DgscAao7wB3xW2BWEp1KnaDWkf1x9ttgoBEYyuYwU7uatB67kBQG1PKvLt79wHvz
   Dxs+KOjGbBRfMnPgVGYkORKVrZIwlaboHbDKxcVW5xv+oZc7KYXWGg==
   -----END CERTIFICATE-----
-date: 2023-12-20 00:00:00.000000000 Z
+date: 2024-04-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -168,6 +168,7 @@ files:
 - recog/xml/http_cookies.xml
 - recog/xml/http_servers.xml
 - recog/xml/http_wwwauth.xml
+- recog/xml/http_xpoweredby.xml
 - recog/xml/imap_banners.xml
 - recog/xml/ldap_searchresult.xml
 - recog/xml/mdns_device-info_txt.xml