./net/ruby-recog, Framework to send network probes for identification

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.1.23, Package name: ruby24-recog-2.1.23, Maintainer: minskim

Recog is a framework for identifying products, services, operating
systems, and hardware by matching fingerprints against data returned
from various network probes. Recog makes it simply to extract useful
information from web server banners, snmp system description fields,
and a whole lot more.


Required to run:
[textproc/py-yaml] [textproc/ruby-nokogiri] [lang/python27] [lang/ruby24-base]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: d884b20061d93daa9573138029ac87c160be25a7
RMD160: 0cc8a2e48f86579480fadbc4090547c158876731
Filesize: 217.5 KB

Version history: (Expand)


CVS history: (Expand)


   2018-09-23 17:57:32 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
net/ruby-recog: update to 2.1.23

v2.1.23 (2018/09/20)

* use yaml for remapping; remove json transpose code (#177)

  - use yaml for remapping; remove json transpose code
  - temporarily revert cpe change on win2k3

* TELNET: Initial commit (#178)

* Add better support for Array networks/ArrayOS

v.2.1.22 - 2018.09.04

* New fingerprint coverage: apache_modules.xml #174

  - Adds support for performing version detection of Apache modules in HTTP
    Server headers.
  - Client software calling Recog is expected to split an Apache banner based
    on spaces and toss the individual values at Recog.
  - This is a first pass, more work will be required to fully flesh this out.

* Improved coverage: http_servers.xml #175

  - Leveraging Project Sonar data from 2018.08.13 has resulted in significant
    (multiple millions) improvement of fingerprinting against that data set.
  - hw.* values added where possible

* Minor FTP tweaks

v.2.1.22 - 2018.08.29

* New capability: CPE 2.3 data #172

  - Added preliminary support for returning CPE 2.3 information via a new
    fingerprint param named service.cpe23 which can be literal strings or
    interpolated values.

    Example:

    <param pos="0" name="service.cpe23" \ 
value="cpe:/a:vmware:zimbra_desktop:1"/>

    or

    <param pos="0" name="service.cpe23" \ 
value="cpe:/a:vmware:zimbra_desktop:{service.version}"/>

  - Software, other than Ruby Recog, that leverage the XML directly will need
    to support interpolating the values in order to fully utilize this
    capability.
  - Future changes to enhance this capability and make creating interpolated
    results easier are expected in the near future.
  - See PR #172 for more details

* Misc fingerprint updates and changes, some of which were to support CPE
  changes.

  - Changed the use of 'F5 Labs' to 'F5' in multiple files #171
  - Change certain Cisco PIX fingerprints from 'service.' to 'os.' #170

v.2.1.20 - 2018.06.27

* Compatibility: Adjustments to the regex of multiple fingerprints to remove
  negative lookaheads and other contructs that Golang doesn't support. #162

v.2.1.19 - 2018.04.16

* Improved coverage: xml/smtp_banners.xml #160

  - Note: Due to effort to cleanup description lines (remove duplicates,
    remove multilines, provide context, standardize format) almost every value
    for <description> has changed. This will impact the value returned as
    matched with tools such as DAP.
  - Project Sonar SMTP survey data was used to enhance and improve the
    coverage. Full details and metrics can be found in #160
  - Improved the accuracy and/or flexibility of multiple fingerprints.
  - Changed ALL instances of flags="REG_ICASE" to an inline flag (?i:) in
    order to make the regex compatible with more languages.
  - Implemented fingerprint examples for those fingerprints where examples
    could be found.
  - This sometimes resulted in removing fingerprints that were actually
    duplicates or trivially different.
  - Reworked description values so as to remove examples and ensure that this
    field is unique within the file as the value of description serves as an
    identifier when processing fingerprints. Multiline descriptions were
    reduced to single line where possible. Many descriptions were modified.
  - Fixed multiple instances where captures where under/over capturing. For
    example, some fingerprints would have captured the examples but the
    examples were missing leading or ending spaces. Other fingerprints were
    over-broad in what they would capture leading to fall positives or
    misidentification.
  - Fixed multiple instances where the portion of the version banner that was
    captured was different between two products in the same family.
  - Removed various real and example hostnames from examples and standardized
    on 'foo.bar'
  - Corrected system.time.format so as to match timestamp provided by service
  - Reworked date regex for multiple matches to remove inadvertent requirement
    for two digit day value when the banner included a single digit day.
   2018-03-21 12:40:16 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
net/ruby-recog: update to 2.1.18

2.1.16				2017/10/26

* Improve MariaDB on Ubunto - Issue #156

2.1.17				2017/11/28

* Improve Exim coverage, add examples

2.1.18				2018/02/23

* ssh update - data from 2017.11.30
* Removed honeypot fingerprint
* Add Debian 8.0 (jessie) MariaDB fingerprint
   2017-09-16 23:45:00 by Min Sik Kim | Files touched by this commit (5)
Log message:
net/ruby-recog: Import version 2.1.15

Recog is a framework for identifying products, services, operating
systems, and hardware by matching fingerprints against data returned
from various network probes. Recog makes it simply to extract useful
information from web server banners, snmp system description fields,
and a whole lot more.