Improved Telnet fingerprinting on Windows

v2.1.33

Version 2.1.33

Improved MDNS fingerprinting

• Fingerprinting of Apple Mac OS X, iPads and various other hardware using MDNS has improved to cover more recent releases
• Unnecessary usage of flags was reduced

v2.1.31 Improved CPEs

• This release updates CPEs for SSH, telnet and UPnP.

v2.1.30 Improved telnet fingerprinting

• We have improved recog's telnet coverage by adding various fingerprints that were previously missing. Most notably the addition of Red Hat, Fedora, AIX and SuSE telnet coverage, as well as adding to the already Cisco coverage that was previously being used. (#188)

v2.1.29

• Adds fingerprinting for libssh

v2.1.28

• Improve NNTP fingerprint coverage (kerio, ccproxy, generic, lyris)
• Improve Ubuntu UPnP fingerprints
• Improve HTTP Set-Cookie fingerprints (Cisco ASA, Array networks)
• Improve SIP coverage (Cisco, Linksys, ZTE, Media5, Tilgin)
• Add recog "product" support for interpolating values used in fingerprints
• Enforce <= 20 examples per fingerprint

v2.1.27

Version 2.1.27

v.2.1.22 - 2018.09.04

• New fingerprint coverage: apache_modules.xml #174

  • Adds support for performing version detection of Apache modules in HTTP Server headers.
  • Client software calling Recog is expected to split an Apache banner based on spaces and toss the individual values at Recog.
  • This is a first pass, more work will be required to fully flesh this out.

• Improved coverage: http_servers.xml #175

  • Leveraging Project Sonar data from 2018.08.13 has resulted in significant (multiple millions) improvement of fingerprinting against that data set.
  • hw.* values added where possible

• Minor FTP tweaks

v.2.1.22 - 2018.08.29

• New capability: CPE 2.3 data #172

  • Added preliminary support for returning CPE 2.3 information via a new fingerprint param named service.cpe23 which can be literal strings or interpolated values.

    Example:
    <param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:1"/>
    or
    <param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:{service.version}"/>

  • Software, other than Ruby Recog, that leverage the XML directly will need to support interpolating the values in order to fully utilize this capability.

  • Future changes to enhance this capability and make creating interpolated results easier are expected in the near future.

  • See PR #172 for more details

• Misc fingerprint updates and changes, some of which were to support CPE changes.

  • Changed the use of 'F5 Labs' to 'F5' in multiple files #171
  • Change certain Cisco PIX fingerprints from 'service.' to 'os.' #170

v.2.1.20 - 2018.06.27

• Compatibility: Adjustments to the regex of multiple fingerprints to remove negative lookaheads and other contructs that Golang doesn't support. #162