rapid7 / recog

Pattern recognition for hosts, services, and content

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

hw.vendor not set in SNMP signature

nstylepro opened this issue · comments

<fingerprint pattern="^HP (?:Color )?LaserJet (\S+)$">

Hi, looks like someone forgot that this device has hw attributes. is that on purpose?

Most of the older fingerprints are missing hw.* attributes and these need to be mapped to os.* instead today.

The vague logic we use in Rumble: if the thing being fingerprinted is a printer, multifunction device, or one of another small class of device types (os.device as the key), and the os.* attributes are set, and the hw.* flags are not set, map the hw.product to the os.product. There is more to it to handle corner cases, but unless Recog is updated to add hw keys to ALL of the fingerprints where they are missing, this kind of workaround is mostly fine.

is that correct for all the os.* in those signatures?
I mean, os.vendor etc as well?

It's not always correct, but it's what we have (there are a bunch of special cases). I would love to see consistent hw fields on everything at some point.