RubyGems - intrigue-ident - Versions diffs - 0.2 → 0.9.9 - Mend

intrigue-ident 0.2 → 0.9.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (484) hide show

checksums.yaml +4 -4
data/.circleci/config.yml +21 -0
data/.gitignore +3 -0
data/.ruby-version +1 -0
data/Dockerfile +39 -0
data/Gemfile +10 -3
data/Gemfile.lock +35 -20
data/LICENSE.md +12 -0
data/README.md +79 -0
data/checks/ftp/base.rb +15 -0
data/checks/ftp/filezilla.rb +28 -0
data/checks/ftp/microsoft.rb +27 -0
data/checks/ftp/proftp.rb +28 -0
data/checks/ftp/pureftpd.rb +27 -0
data/checks/ftp/vsftp.rb +28 -0
data/checks/http/123reg.rb +31 -0
data/checks/http/acme.rb +28 -0
data/checks/http/acquia.rb +28 -0
data/checks/http/adeptia.rb +30 -0
data/checks/http/adobe.rb +168 -0
data/checks/http/advantshop.rb +33 -0
data/checks/http/afrihost.rb +29 -0
data/checks/http/aftermarketpl.rb +46 -0
data/checks/http/agility.rb +34 -0
data/checks/http/akamai.rb +88 -0
data/checks/http/alkacon.rb +30 -0
data/checks/http/allegro.rb +28 -0
data/checks/http/almuba.rb +30 -0
data/checks/http/amazon.rb +263 -0
data/checks/http/amirocms.rb +30 -0
data/checks/http/anelectron.rb +29 -0
data/checks/http/anquanbao.rb +32 -0
data/checks/http/aol.rb +29 -0
data/checks/http/apache.rb +358 -0
data/checks/http/appdynamics.rb +43 -0
data/checks/http/arris.rb +30 -0
data/checks/http/artifactory.rb +30 -0
data/checks/http/aruba.rb +27 -0
data/checks/http/atlassian.rb +152 -0
data/checks/http/auth0.rb +44 -0
data/checks/http/automattic.rb +292 -0
data/checks/http/axinom.rb +30 -0
data/checks/http/axios.rb +29 -0
data/checks/http/axis.rb +27 -0
data/checks/http/axway.rb +33 -0
data/checks/http/backdrop.rb +30 -0
data/checks/http/banu.rb +30 -0
data/checks/http/barracuda.rb +99 -0
data/checks/http/base.rb +139 -0
data/checks/http/beehive.rb +30 -0
data/checks/http/bigcartel.rb +33 -0
data/checks/http/bigcommerce.rb +33 -0
data/checks/http/binarysec.rb +47 -0
data/checks/http/bitly.rb +40 -0
data/checks/http/blackboard.rb +44 -0
data/checks/http/blueimp.rb +27 -0
data/checks/http/bomgar.rb +27 -0
data/checks/http/bootstrap.rb +27 -0
data/checks/http/bower.rb +28 -0
data/checks/http/broadcom.rb +29 -0
data/checks/http/brocade.rb +39 -0
data/checks/http/browsermedia.rb +29 -0
data/checks/http/bsm.rb +29 -0
data/checks/http/bynder.rb +31 -0
data/checks/http/calibre.rb +33 -0
data/checks/http/centos.rb +28 -0
data/checks/http/cerberus.rb +28 -0
data/checks/http/charity_engine.rb +27 -0
data/checks/http/checkpoint.rb +56 -0
data/checks/http/cherokee.rb +29 -0
data/checks/http/cisco.rb +134 -0
data/checks/http/citrix.rb +137 -0
data/checks/http/cloud_city.rb +30 -0
data/checks/http/cloudflare.rb +219 -0
data/checks/http/cmsimple.rb +30 -0
data/checks/http/codeigniter.rb +26 -0
data/checks/http/communigate.rb +32 -0
data/checks/http/concrete5.rb +30 -0
data/checks/http/contenido.rb +33 -0
data/checks/http/content/analytics.rb +40 -0
data/checks/http/content/authentication.rb +111 -0
data/checks/http/content/content.rb +92 -0
data/checks/http/content/security_headers.rb +70 -0
data/checks/http/cpanel.rb +56 -0
data/checks/http/cradlepoint.rb +30 -0
data/checks/http/craft.rb +42 -0
data/checks/http/crazydomains.rb +31 -0
data/checks/http/crowdstrike.rb +27 -0
data/checks/http/dan.rb +30 -0
data/checks/http/danneo.rb +30 -0
data/checks/http/day.rb +31 -0
data/checks/http/debian.rb +27 -0
data/checks/http/dell.rb +43 -0
data/checks/http/dev_php.rb +30 -0
data/checks/http/discourse.rb +30 -0
data/checks/http/discuz!.rb +30 -0
data/checks/http/distil.rb +27 -0
data/checks/http/django.rb +27 -0
data/checks/http/dmanager.rb +29 -0
data/checks/http/dns_made_easy.rb +29 -0
data/checks/http/docuwiki.rb +27 -0
data/checks/http/docverify.rb +29 -0
data/checks/http/domain_parking_ru.rb +31 -0
data/checks/http/domainname_shop.rb +30 -0
data/checks/http/dosarrest.rb +29 -0
data/checks/http/dreamhost.rb +31 -0
data/checks/http/drupal.rb +91 -0
data/checks/http/duo.rb +45 -0
data/checks/http/dyn.rb +41 -0
data/checks/http/dynamicweb.rb +29 -0
data/checks/http/dynatrace.rb +40 -0
data/checks/http/easyname.rb +44 -0
data/checks/http/eclipse.rb +64 -0
data/checks/http/enservio.rb +29 -0
data/checks/http/envoy.rb +26 -0
data/checks/http/epiccom.rb +31 -0
data/checks/http/ergon.rb +31 -0
data/checks/http/expressjs.rb +27 -0
data/checks/http/ezproxy.rb +28 -0
data/checks/http/f5.rb +122 -0
data/checks/http/facebook.rb +27 -0
data/checks/http/fastly.rb +67 -0
data/checks/http/first_domains.rb +31 -0
data/checks/http/flywheel.rb +30 -0
data/checks/http/forgerock.rb +43 -0
data/checks/http/fortinet.rb +29 -0
data/checks/http/fresh_service.rb +30 -0
data/checks/http/frontify.rb +29 -0
data/checks/http/generic.rb +272 -0
data/checks/http/github.rb +40 -0
data/checks/http/gitlab.rb +30 -0
data/checks/http/glimpse.rb +32 -0
data/checks/http/globalscape.rb +27 -0
data/checks/http/goahead.rb +31 -0
data/checks/http/godaddy.rb +31 -0
data/checks/http/google.rb +164 -0
data/checks/http/google_cloud.rb +27 -0
data/checks/http/grafana.rb +27 -0
data/checks/http/gunicorn.rb +30 -0
data/checks/http/haskell.rb +31 -0
data/checks/http/heroku.rb +77 -0
data/checks/http/hikvision.rb +29 -0
data/checks/http/hp.rb +27 -0
data/checks/http/hubspot.rb +104 -0
data/checks/http/ibm.rb +182 -0
data/checks/http/icewarp.rb +29 -0
data/checks/http/impresspages.rb +30 -0
data/checks/http/imunify360.rb +28 -0
data/checks/http/incapsula.rb +54 -0
data/checks/http/ingram_micro.rb +28 -0
data/checks/http/innovative_interfaces_inc.rb +27 -0
data/checks/http/inside_sales.rb +27 -0
data/checks/http/instra.rb +61 -0
data/checks/http/intercom.rb +27 -0
data/checks/http/ivanti.rb +28 -0
data/checks/http/jamf.rb +31 -0
data/checks/http/jekyll.rb +31 -0
data/checks/http/jenkins.rb +59 -0
data/checks/http/jetbrains.rb +27 -0
data/checks/http/jetty.rb +27 -0
data/checks/http/jforum.rb +27 -0
data/checks/http/jitbit.rb +30 -0
data/checks/http/jive.rb +27 -0
data/checks/http/joomla.rb +43 -0
data/checks/http/jquery.rb +58 -0
data/checks/http/jupyter.rb +28 -0
data/checks/http/kentico.rb +27 -0
data/checks/http/kerio.rb +34 -0
data/checks/http/kibana.rb +56 -0
data/checks/http/kong.rb +32 -0
data/checks/http/kubernetes.rb +66 -0
data/checks/http/laravel.rb +27 -0
data/checks/http/lastpass.rb +27 -0
data/checks/http/lcn.rb +27 -0
data/checks/http/leadpages.rb +29 -0
data/checks/http/lighttpd.rb +31 -0
data/checks/http/limelight_networks.rb +43 -0
data/checks/http/limesuvey.rb +27 -0
data/checks/http/link1.rb +31 -0
data/checks/http/linksys.rb +38 -0
data/checks/http/litespeed.rb +29 -0
data/checks/http/lithium.rb +43 -0
data/checks/http/lotus.rb +55 -0
data/checks/http/magento.rb +96 -0
data/checks/http/magnolia.rb +27 -0
data/checks/http/mailchimp.rb +27 -0
data/checks/http/manage_engine.rb +27 -0
data/checks/http/markmonitor.rb +27 -0
data/checks/http/mbf_bioscience.rb +29 -0
data/checks/http/mcafee.rb +27 -0
data/checks/http/media_temple.rb +27 -0
data/checks/http/mediawiki.rb +54 -0
data/checks/http/mhcsoftwareinc.rb +29 -0
data/checks/http/microsoft.rb +1325 -0
data/checks/http/mikrotik.rb +44 -0
data/checks/http/modwsgi.rb +30 -0
data/checks/http/mojolicious.rb +32 -0
data/checks/http/moodle.rb +28 -0
data/checks/http/mura.rb +30 -0
data/checks/http/nagios.rb +27 -0
data/checks/http/namesilo.rb +31 -0
data/checks/http/nationbuilder.rb +30 -0
data/checks/http/nec.rb +32 -0
data/checks/http/netlify.rb +40 -0
data/checks/http/netobjects_inc.rb +30 -0
data/checks/http/netscape.rb +29 -0
data/checks/http/neustar.rb +29 -0
data/checks/http/new_relic.rb +27 -0
data/checks/http/nexicom.rb +44 -0
data/checks/http/nginx.rb +82 -0
data/checks/http/nisource.rb +29 -0
data/checks/http/nodejs.rb +79 -0
data/checks/http/okta.rb +53 -0
data/checks/http/ookla.rb +28 -0
data/checks/http/openbsd.rb +30 -0
data/checks/http/openresty.rb +41 -0
data/checks/http/openscholar.rb +27 -0
data/checks/http/opensolution.rb +46 -0
data/checks/http/openssl.rb +43 -0
data/checks/http/opentext.rb +46 -0
data/checks/http/openvpn.rb +27 -0
data/checks/http/opscode.rb +43 -0
data/checks/http/oracle.rb +335 -0
data/checks/http/orion_technology.rb +30 -0
data/checks/http/ovh.rb +46 -0
data/checks/http/palo_alto.rb +27 -0
data/checks/http/pantheon.rb +54 -0
data/checks/http/papercut.rb +29 -0
data/checks/http/parallels.rb +44 -0
data/checks/http/pardot.rb +44 -0
data/checks/http/parkingcrew.rb +47 -0
data/checks/http/pbworks.rb +27 -0
data/checks/http/perfectsense.rb +28 -0
data/checks/http/perl.rb +62 -0
data/checks/http/pfsense.rb +27 -0
data/checks/http/php.rb +72 -0
data/checks/http/phpmyadmin.rb +40 -0
data/checks/http/phpwind.rb +30 -0
data/checks/http/phusion.rb +59 -0
data/checks/http/ping_identity.rb +28 -0
data/checks/http/pivotal_software.rb +97 -0
data/checks/http/pjax.rb +40 -0
data/checks/http/plesk.rb +58 -0
data/checks/http/porkbun.rb +31 -0
data/checks/http/progress.rb +30 -0
data/checks/http/proofpoint.rb +30 -0
data/checks/http/pulsesecure.rb +91 -0
data/checks/http/python.rb +30 -0
data/checks/http/qnap.rb +43 -0
data/checks/http/qualys.rb +69 -0
data/checks/http/rapid7.rb +27 -0
data/checks/http/rbs.rb +30 -0
data/checks/http/readmeio.rb +28 -0
data/checks/http/red_hat.rb +95 -0
data/checks/http/redmine.rb +38 -0
data/checks/http/restlet.rb +30 -0
data/checks/http/ritecms.rb +30 -0
data/checks/http/roadiz.rb +30 -0
data/checks/http/rock.rb +30 -0
data/checks/http/rollbar.rb +27 -0
data/checks/http/roundcube.rb +42 -0
data/checks/http/ruby.rb +92 -0
data/checks/http/ruckus_wireless.rb +26 -0
data/checks/http/sailpoint.rb +30 -0
data/checks/http/salesforce.rb +28 -0
data/checks/http/sap.rb +149 -0
data/checks/http/seamless_cms.rb +30 -0
data/checks/http/securi.rb +54 -0
data/checks/http/sedo.rb +63 -0
data/checks/http/segment.rb +27 -0
data/checks/http/sencha.rb +31 -0
data/checks/http/sentry.rb +27 -0
data/checks/http/serendipity.rb +30 -0
data/checks/http/shopfactory.rb +30 -0
data/checks/http/sip.rb +29 -0
data/checks/http/sitecore.rb +39 -0
data/checks/http/smartling.rb +27 -0
data/checks/http/smf.rb +30 -0
data/checks/http/snews.rb +30 -0
data/checks/http/software_ag.rb +47 -0
data/checks/http/soha.rb +66 -0
data/checks/http/solarwinds.rb +41 -0
data/checks/http/sonatype.rb +43 -0
data/checks/http/sonicwall.rb +63 -0
data/checks/http/sophos.rb +40 -0
data/checks/http/southriver.rb +43 -0
data/checks/http/splash.rb +29 -0
data/checks/http/splunk.rb +27 -0
data/checks/http/springfox.rb +43 -0
data/checks/http/squarespace.rb +41 -0
data/checks/http/stackpath.rb +29 -0
data/checks/http/stibo_systems.rb +35 -0
data/checks/http/subrion.rb +29 -0
data/checks/http/symantec.rb +27 -0
data/checks/http/synacor.rb +26 -0
data/checks/http/tableau_software.rb +42 -0
data/checks/http/telerik.rb +46 -0
data/checks/http/tengine.rb +29 -0
data/checks/http/tibco.rb +57 -0
data/checks/http/townnews.rb +33 -0
data/checks/http/tridium.rb +28 -0
data/checks/http/twiki.rb +27 -0
data/checks/http/typo3.rb +27 -0
data/checks/http/uberflip.rb +28 -0
data/checks/http/ucoz.rb +31 -0
data/checks/http/umbraco.rb +29 -0
data/checks/http/unbounce.rb +28 -0
data/checks/http/united_domains.rb +27 -0
data/checks/http/vanilla_forums.rb +27 -0
data/checks/http/varnish.rb +79 -0
data/checks/http/vbulletin.rb +66 -0
data/checks/http/verizon.rb +27 -0
data/checks/http/vmware.rb +53 -0
data/checks/http/vue_js.rb +27 -0
data/checks/http/webflow.rb +44 -0
data/checks/http/webgui.rb +30 -0
data/checks/http/webmin.rb +44 -0
data/checks/http/webpagetest_project.rb +30 -0
data/checks/http/wftpserver.rb +28 -0
data/checks/http/wildfly.rb +29 -0
data/checks/http/wix.rb +28 -0
data/checks/http/woltlab_gmbh.rb +30 -0
data/checks/http/wordpress/ithemes.rb +50 -0
data/checks/http/wordpress/john_godley.rb +29 -0
data/checks/http/wordpress/pixelcraft.rb +31 -0
data/checks/http/wordpress/rocklobster.rb +29 -0
data/checks/http/wordpress/team_heateor.rb +31 -0
data/checks/http/wordpress/w3_total_cache.rb +30 -0
data/checks/http/wordpress/wp_fastest_cache.rb +30 -0
data/checks/http/wordpress/wp_super_cache.rb +46 -0
data/checks/http/wordpress/wpbakery.rb +30 -0
data/checks/http/world4you.rb +46 -0
data/checks/http/wp_engine.rb +57 -0
data/checks/http/xcms.rb +30 -0
data/checks/http/xelion.rb +27 -0
data/checks/http/xerox.rb +27 -0
data/checks/http/xmb.rb +30 -0
data/checks/http/xtec.rb +30 -0
data/checks/http/yaf.rb +30 -0
data/checks/http/yaws.rb +30 -0
data/checks/http/yoast.rb +31 -0
data/checks/http/zeit.rb +30 -0
data/checks/http/zendesk.rb +41 -0
data/checks/http/zengenti.rb +30 -0
data/checks/http/zoho.rb +69 -0
data/checks/http/zscaler.rb +30 -0
data/checks/smtp/base.rb +16 -0
data/checks/smtp/exim.rb +30 -0
data/checks/snmp/base.rb +15 -0
data/checks/snmp/cisco.rb +59 -0
data/checks/ssh/array_networks.rb +28 -0
data/checks/ssh/base.rb +16 -0
data/checks/ssh/openssh.rb +26 -0
data/checks/telnet/base.rb +16 -0
data/checks/telnet/huawei.rb +26 -0
data/data/logos/acquia.png +0 -0
data/data/logos/amazon_cloudfront.png +0 -0
data/data/logos/apache_coyote.png +0 -0
data/data/logos/apache_tomcat.png +0 -0
data/data/logos/atlassian_bamboo.png +0 -0
data/data/logos/atlassian_bitbucket.png +0 -0
data/data/logos/atlassian_confluence.png +0 -0
data/data/logos/atlassian_crowd.png +0 -0
data/data/logos/atlassian_crucible.png +0 -0
data/data/logos/atlassian_fisheye.png +0 -0
data/data/logos/atlassian_jira.png +0 -0
data/data/logos/atlassian_sourcetree.png +0 -0
data/data/logos/automattic_wordpress.png +0 -0
data/data/logos/calibre.png +0 -0
data/data/logos/cisco_ssl_vpn.png +0 -0
data/data/logos/citrix_netscaler_gateway.png +0 -0
data/data/logos/cloudflare_cdn.png +0 -0
data/data/logos/drupal.png +0 -0
data/data/logos/f5_big-ip.png +0 -0
data/data/logos/f5_big-ip_apm.png +0 -0
data/data/logos/fastly.png +0 -0
data/data/logos/generic.png +0 -0
data/data/logos/gitlab.png +0 -0
data/data/logos/ibm_axway_securetransport.png +0 -0
data/data/logos/lithium.png +0 -0
data/data/logos/microsoft_asp.net.png +0 -0
data/data/logos/microsoft_iis.png +0 -0
data/data/logos/microsoft_outlook_web_access.png +0 -0
data/data/logos/microsoft_sharepoint.png +0 -0
data/data/logos/microtik_routeros.png +0 -0
data/data/logos/mikrotik_routeros.png +0 -0
data/data/logos/newrelic.png +0 -0
data/data/logos/nginx.png +0 -0
data/data/logos/okta.png +0 -0
data/data/logos/oracle_glassfish.png +0 -0
data/data/logos/oracle_java_application_server.png +0 -0
data/data/logos/oracle_java_server_pages.png +0 -0
data/data/logos/oracle_weblogic.png +0 -0
data/data/logos/phpmyadmin.png +0 -0
data/data/logos/tableau.png +0 -0
data/data/logos/vmware_esxi.png +0 -0
data/data/logos/vmware_horizon.png +0 -0
data/data/logos/zendesk.png +0 -0
data/data/logos/zimbra_server.png +0 -0
data/data/microsoft_sharepoint_versions.csv +224 -0
data/intrigue-ident.gemspec +8 -7
data/lib/banner_helpers.rb +36 -0
data/lib/ftp/check_factory.rb +24 -0
data/lib/ftp/content.rb +13 -0
data/lib/ftp/ftp.rb +52 -0
data/lib/ftp/matchers.rb +26 -0
data/lib/http/browser.rb +260 -0
data/lib/http/check_factory.rb +47 -0
data/lib/http/content.rb +45 -0
data/lib/http/http.rb +463 -0
data/lib/http/matchers.rb +132 -0
data/lib/ident.rb +263 -0
data/lib/recog_wrapper.rb +70 -0
data/lib/simple_socket.rb +41 -0
data/lib/smtp/check_factory.rb +24 -0
data/lib/smtp/content.rb +13 -0
data/lib/smtp/matchers.rb +28 -0
data/lib/smtp/smtp.rb +53 -0
data/lib/snmp/check_factory.rb +24 -0
data/lib/snmp/content.rb +13 -0
data/lib/snmp/matchers.rb +25 -0
data/lib/snmp/snmp.rb +55 -0
data/lib/ssh/check_factory.rb +24 -0
data/lib/ssh/content.rb +13 -0
data/lib/ssh/matchers.rb +26 -0
data/lib/ssh/ssh.rb +52 -0
data/lib/telnet/check_factory.rb +24 -0
data/lib/telnet/content.rb +13 -0
data/lib/telnet/matchers.rb +26 -0
data/lib/telnet/telnet.rb +52 -0
data/lib/utils.rb +19 -0
data/lib/version.rb +3 -0
data/lib/vulndb_client.rb +43 -0
data/util/console.rb +9 -0
data/util/docker.sh +2 -0
data/util/ident.rb +375 -0
data/util/list_paths.rb +12 -0
data/util/tags.rb +36 -0
data/utils.rb +19 -0
metadata +487 -55
data/ident.rb +0 -319
data/lib/check_factory.rb +0 -22
data/lib/checks/akamai.rb +0 -22
data/lib/checks/amazon.rb +0 -26
data/lib/checks/aruba.rb +0 -20
data/lib/checks/asp_net.rb +0 -70
data/lib/checks/atlassian.rb +0 -55
data/lib/checks/base.rb +0 -13
data/lib/checks/chef.rb +0 -31
data/lib/checks/cisco.rb +0 -33
data/lib/checks/citrix.rb +0 -24
data/lib/checks/cloudflare.rb +0 -59
data/lib/checks/cloudfront.rb +0 -41
data/lib/checks/cpanel.rb +0 -23
data/lib/checks/django.rb +0 -22
data/lib/checks/drupal.rb +0 -26
data/lib/checks/f5.rb +0 -24
data/lib/checks/fastly.rb +0 -22
data/lib/checks/generic.rb +0 -23
data/lib/checks/gitlab.rb +0 -22
data/lib/checks/google.rb +0 -23
data/lib/checks/grafana.rb +0 -22
data/lib/checks/jenkins.rb +0 -40
data/lib/checks/joomla.rb +0 -23
data/lib/checks/limesuvey.rb +0 -22
data/lib/checks/lithium.rb +0 -30
data/lib/checks/magento.rb +0 -22
data/lib/checks/mcafee.rb +0 -22
data/lib/checks/mediawiki.rb +0 -38
data/lib/checks/microsoft.rb +0 -69
data/lib/checks/nagios.rb +0 -22
data/lib/checks/oracle.rb +0 -38
data/lib/checks/palo_alto.rb +0 -23
data/lib/checks/pardot.rb +0 -22
data/lib/checks/pfsense.rb +0 -25
data/lib/checks/phpmyadmin.rb +0 -22
data/lib/checks/rabbitmq.rb +0 -29
data/lib/checks/spring.rb +0 -31
data/lib/checks/team_city.rb +0 -22
data/lib/checks/telerik.rb +0 -25
data/lib/checks/tomcat.rb +0 -22
data/lib/checks/varnish.rb +0 -27
data/lib/checks/wordpress.rb +0 -120
data/lib/checks/wp_engine.rb +0 -22

data/checks/http/mailchimp.rb ADDED

@@ -0,0 +1,27 @@
+module Intrigue
+module Ident
+module Check
+class Mailchimp < Intrigue::Ident::Check::Base
+  def generate_checks(url)
+    [
+      {
+        :type => "fingerprint",
+        :category => "service",
+        :tags => ["Marketing", "SaaS"],
+        :vendor => "Mailchimp",
+        :product =>"Mandrill",
+        :match_details =>"login page",
+        :match_type => :content_title,
+        :version => nil,
+        :match_content =>  /Log in to Mandrill/i,
+        :paths => ["#{url}"],
+        :inference => false
+      }
+    ]
+  end
+end
+end
+end
+end

data/checks/http/manage_engine.rb ADDED

@@ -0,0 +1,27 @@
+module Intrigue
+module Ident
+module Check
+class ManageEngine < Intrigue::Ident::Check::Base
+  def generate_checks(url)
+    [
+      {
+        :type => "fingerprint",
+        :category => "application",
+        :tags => [""],
+        :vendor =>"ManageEngine",
+        :product =>"ServiceDesk Plus",
+        :match_details =>"cookie",
+        :version => nil,
+        :match_type => :content_cookies,
+        :match_content => /SDPSESSIONID=/i,
+        :paths => ["#{url}"],
+        :inference => false
+      }
+    ]
+  end
+end
+end
+end
+end

data/checks/http/markmonitor.rb ADDED

@@ -0,0 +1,27 @@
+module Intrigue
+  module Ident
+  module Check
+  class Markmonitor < Intrigue::Ident::Check::Base
+    def generate_checks(url)
+      [
+        {
+          :type => "fingerprint",
+          :category => "service",
+          :tags => ["Parked"],
+          :vendor => "MarkMonitor",
+          :product => "MarkMonitor",
+          :website => "https://markmonitor.com/",
+          :version => nil,
+          :match_type => :content_title,
+          :match_content =>  /^Registered &amp; Protected by MarkMonitor$/i,
+          :paths => ["#{url}"],
+          :inference => false
+        }
+      ]
+    end
+  end
+  end
+  end
+  end

data/checks/http/mbf_bioscience.rb ADDED

@@ -0,0 +1,29 @@
+module Intrigue
+module Ident
+module Check
+class MbfBioscience < Intrigue::Ident::Check::Base
+  def generate_checks(url)
+    [
+      {
+        :type => "fingerprint",
+        :category => "operating_system",
+        :tags => ["COTS"],
+        :vendor => "MBF Bioscience",
+        :product => "Biolucidia",
+        :match_details =>"header",
+        :version => nil,
+        :references => ["https://www.mbfbioscience.com/biolucida"],
+        :match_type => :content_headers,
+        :match_content =>  /^x-biolucida-webapp: true$/,
+        :paths => ["#{url}"],
+        :examples => ["x-biolucida-webapp: true"],
+        :inference => false
+      }
+    ]
+  end
+end
+end
+end
+end

data/checks/http/mcafee.rb ADDED

@@ -0,0 +1,27 @@
+module Intrigue
+module Ident
+module Check
+class Mcafee < Intrigue::Ident::Check::Base
+  def generate_checks(url)
+    [
+      {
+        :type => "fingerprint",
+        :category => "application",
+        :tags => ["Administrative","COTS"],
+        :vendor => "McAfee",
+        :product =>"EPolicy Orchestrator",
+        :match_details =>"McAfee EPolicy Orchestrator",
+        :match_type => :content_body,
+        :version => nil,
+        :match_content =>  /McAfee Agent Activity Log/i,
+        :paths => ["#{url}"],
+        :inference => false
+      }
+    ]
+  end
+end
+end
+end
+end

data/checks/http/media_temple.rb ADDED

@@ -0,0 +1,27 @@
+module Intrigue
+module Ident
+module Check
+class MediaTemple < Intrigue::Ident::Check::Base
+  def generate_checks(url)
+    [
+      {
+        :type => "fingerprint",
+        :category => "service",
+        :tags => ["SaaS"],
+        :vendor =>"MediaTemple",
+        :product =>"MediaTemple",
+        :match_details =>"default string in title",
+        :match_type => :content_title,
+        :version => nil,
+        :match_content =>  /Business-Class Web Hosting by \(mt\) Media Temple/,
+        :paths => ["#{url}"],
+        :inference => false
+      }
+      ]
+  end
+end
+end
+end
+end

data/checks/http/mediawiki.rb ADDED

@@ -0,0 +1,54 @@
+module Intrigue
+module Ident
+module Check
+class MediaWiki < Intrigue::Ident::Check::Base
+  def generate_checks(url)
+    [
+      {
+        :type => "fingerprint",
+        :category => "application",
+        :tags => ["COTS", "CMS"],
+        :vendor =>"MediaWiki",
+        :product =>"MediaWiki",
+        :match_details =>"powered by tag",
+        :match_type => :content_body,
+        :version => nil,
+        :match_content =>  /<a href="\/\/www.mediawiki.org\/">Powered by MediaWiki<\/a>/,
+        :paths => ["#{url}"],
+        :inference => false
+      },
+      {
+        :type => "fingerprint",
+        :category => "application",
+        :tags => ["COTS", "CMS"],
+        :vendor =>"MediaWiki",
+        :product =>"MediaWiki",
+        :match_details =>"powered by tag",
+        :match_type => :content_body,
+        :version => nil,
+        :match_content =>  /poweredby_mediawiki/,
+        :paths => ["#{url}"],
+        :inference => false
+      },
+      {
+        :type => "fingerprint",
+        :category => "application",
+        :tags => ["COTS", "CMS"],
+        :vendor =>"MediaWiki",
+        :product =>"MediaWiki",
+        :match_details =>"generator tag",
+        :match_type => :content_body,
+        :match_content =>  /<meta name=\"generator\" content=\"MediaWiki/,
+        :version => nil,
+        :dynamic_version => lambda { |x| _first_body_capture(x,/<meta name=\"generator\" content=\"MediaWiki\ (.*?)\"\/>/) },
+        :paths => ["#{url}"],
+        :inference => true
+      }
+    ]
+  end
+end
+end
+end
+end

data/checks/http/mhcsoftwareinc.rb ADDED

@@ -0,0 +1,29 @@
+module Intrigue
+module Ident
+module Check
+class MHCSoftwareInc < Intrigue::Ident::Check::Base
+  def generate_checks(url)
+    [
+      {
+        :type => "fingerprint",
+        :category => "application",
+        :tags => ["COTS", "Web Server"],
+        :vendor => "MHCSoftwareInc",
+        :product => "Document Self-Service",
+        :references => ["https://www.mhcsoftwareinc.com/platform/application-suites/document-self-service/"],
+        :version => nil,
+        :match_type => :content_headers,
+        :match_content =>  /^server:\ DSS WebServer\/(\d\.\d)$/i,
+        :dynamic_version => lambda { |x|
+          _first_header_capture(x,/^server:\ DSS WebServer\/(\d\.\d)$/i) },
+        :hide => false,
+        :paths => ["#{url}"],
+        :inference => true
+      }
+    ]
+  end
+end
+end
+end
+end

data/checks/http/microsoft.rb ADDED

@@ -0,0 +1,1325 @@
+module Intrigue
+  module Ident
+  module Check
+  class Microsoft < Intrigue::Ident::Check::Base
+    def generate_checks(url)
+      [
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Web Framework"],
+          :vendor => "Microsoft",
+          :product =>"ASP.NET Default Application",
+          :match_details =>"unique string",
+          :version => nil,
+          :match_type => :content_title,
+          :match_content =>  /Home Page - My ASP.NET Application/i,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Web Framework"],
+          :vendor => "Microsoft",
+          :product =>"ASP.NET",
+          :version => nil,
+          :match_type => :content_cookies,
+          :match_content =>  /AspNetCore.Antiforgery/i,
+          :match_details =>"ASP.Net Antiforgery cookie",
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Web Framework"],
+          :vendor => "Microsoft",
+          :product =>"ASP.NET",
+          :version => nil,
+          :dynamic_version => lambda{|x|
+            _first_body_capture(x,/ASP.NET Version:\ ([\d\.]*)/i)},
+          :match_type => :content_body,
+          :match_content =>  /^.*ASP.NET is configured*$/i,
+          :match_details =>"ASP.Net Error Message",
+          :paths => ["#{url}", "#{url}/doesntexist-123" ],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Web Framework"],
+          :vendor => "Microsoft",
+          :product =>"ASP.NET",
+          :version => nil,
+          :dynamic_version => lambda{ |x|
+            _first_header_capture(x,/^x-aspnet-version:\ ([\d\.]*)/i) },
+          :match_type => :content_headers,
+          :match_content =>  /^x-aspnet-version:.*$/i,
+          :match_details =>"X-AspNet Header",
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Web Framework"],
+          :vendor => "Microsoft",
+          :product =>"ASP.NET",
+          :match_details =>"Asp.Net Cookie",
+          :version => nil,
+          :match_type => :content_cookies,
+          :match_content =>  /ASPSESSIONID.*$/i,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Web Framework"],
+          :vendor => "Microsoft",
+          :product =>"ASP.NET",
+          :match_details =>"Asp.Net Default Cookie",
+          :version => nil,
+          :match_type => :content_cookies,
+          :match_content =>  /ASP.NET_SessionId.*$/i,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Web Framework"],
+          :vendor => "Microsoft",
+          :product =>"ASP.NET",
+          :match_details =>"ASPXAUTH cookie",
+          :version => nil,
+          :references => [
+            "https://www.sitefinity.com/developer-network/forums/developing-with-sitefinity-/claims-auth---aspxauth-cookie-remains"
+          ],
+          :match_type => :content_cookies,
+          :match_content =>  /ASPXAUTH=/i,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Web Framework"],
+          :vendor => "Microsoft",
+          :product =>"ASP.NET MVC",
+          :match_details =>"ASP.Net MVC Header",
+          :version => nil,
+          :dynamic_version => lambda{ |x|
+            _first_header_capture(x,/^x-aspnetmvc-version:\s([\d\.]+)/i) },
+          :match_type => :content_headers,
+          :match_content =>  /x-aspnetmvc-version/i,
+          :paths => ["#{url}"],
+          :inference => true
+        },
+        #{
+        #  TODO. Not the same as MVC version
+        #  :type => "fingerprint",
+        #  :category => "application",
+        #  :tags => ["Web Framework"],
+        #  :vendor => "Microsoft",
+        #  :product =>"ASP.NET Core",
+        #  :match_details =>"Asp.Net MVC Header",
+        #  :version => nil,
+        #  :dynamic_version => lambda{ |x|
+        #    _first_header_capture(x,/^x-aspnetmvc-version:\s([\d\.]+)/i) },
+        #  :match_type => :content_headers,
+        #  :match_content => /x-aspnetmvc-version/i,
+        #  :paths => ["#{url}"],
+        #  :inference => true
+        #},
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Web Framework"],
+          :vendor => "Microsoft",
+          :product =>"ASP.NET",
+          :match_details => "WebResource.axd link in the page",
+          :version => nil,
+          :match_type => :content_body,
+          :match_content =>  /WebResource.axd?d=/i,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Web Framework"],
+          :vendor => "Microsoft",
+          :product =>"ASP.NET",
+          :match_details =>"unique viewstate string",
+          :version => nil,
+          :match_type => :content_body,
+          :match_content =>  /__VIEWSTATEGENERATOR/i,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :depends => [{:product => "ASP.NET"}],
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Web Framework"],
+          :vendor => "Microsoft",
+          :product =>".NET Framework",
+          :match_details => "trace.axd version",
+          :version => nil,
+          :dynamic_version => lambda { |x|
+            _first_body_capture(x,/ASP.NET Version:([\d\.]*)/)
+          },
+          :match_type => :content_body,
+          :match_content =>  /Microsoft \.NET Framework Version/i,
+          :paths => ["#{url}/Trace.axd"],
+          :require_product => "ASP.NET",
+          :inference => true
+        },
+        {
+          :type => "fingerprint",
+          :category => "service",
+          :tags => ["Hosting", "IaaS"],
+          :vendor => "Microsoft",
+          :product =>"Azure",
+          :match_details => "standard 404",
+          :version => nil,
+          :match_type => :content_title,
+          :match_content =>  /^Microsoft Azure Web App - Error 404$/i,
+          :paths => ["#{url}"],
+          :hide => true,
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "service",
+          :tags => ["Hosting", "Load Balancer", "IaaS"],
+          :vendor => "Microsoft",
+          :product => "Azure",
+          :match_details => "Proxy service header (x-msedge-ref)",
+          :version => nil,
+          :match_type => :content_headers,
+          :match_content =>  /^x-msedge-ref:.*/i,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "service",
+          :tags => ["Hosting", "IaaS"],
+          :vendor => "Microsoft",
+          :product => "Azure",
+          :match_details => "proxy default error",
+          :match_type => :content_body,
+          :match_content =>  /<h2>Our services aren\'t available right now<\/h2><p>We\'re working to restore all services as soon as possible. Please check back soon/i,
+          :paths => ["#{url}"],
+          :hide => true,
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "service",
+          :tags => ["Hosting", "Load Balancer", "IaaS"],
+          :vendor => "Microsoft",
+          :product =>"Azure",
+          :match_details =>"Proxy header (x-ms-ref)",
+          :version => nil,
+          :match_type => :content_headers,
+          :match_content =>  /^x-ms-ref:.*/i,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "service",
+          :tags => ["Hosting", "Load Balancer", "IaaS"],
+          :vendor => "Microsoft",
+          :product =>"Azure",
+          :match_details =>"Storage service header",
+          :version => nil,
+          :match_type => :content_headers,
+          :match_content => /^x-ms-request-id:.*/i,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "service",
+          :tags => ["Hosting", "Load Balancer", "IaaS"],
+          :vendor => "Microsoft",
+          :product =>"Azure",
+          :match_details =>"cookie: ApplicationGatewayAffinity",
+          :version => nil,
+          :match_type => :content_cookies,
+          :match_content => /ApplicationGatewayAffinity=/i,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "service",
+          :tags => ["Hosting", "Load Balancer", "IaaS"],
+          :vendor => "Microsoft",
+          :product =>"Azure",
+          :match_details =>"cookie: ApplicationGatewayAffinityCORS",
+          :version => nil,
+          :match_type => :content_cookies,
+          :match_content => /ApplicationGatewayAffinityCORS=/i,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "service",
+          :tags => ["CDN", "IaaS"],
+          :vendor => "Microsoft",
+          :product => "Verizon Azure CDN",
+          :references => [
+            "https://docs.microsoft.com/en-us/azure/cdn/cdn-verizon-http-headers",
+            "https://docs.vdms.com/cdn/Content/HTTP_and_HTTPS_Data_Delivery/Response.htm"
+          ],
+          :version => nil,
+          :match_type => :content_headers,
+          :match_content =>  /^server:\ (ECAcc|ECD|EOS|ECS)\ \([a-zA-Z]{3}\/[a-zA-Z0-9]{4}\)$/i,
+          :dynamic_version => lambda { |x|
+            _first_header_capture(x,/^server:\ (ECAcc|ECD|EOS|ECS)\ \([a-zA-Z]{3}\/[a-zA-Z0-9]{4}\)$/i) },
+          :hide => false,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Web Framework"],
+          :vendor => "Microsoft",
+          :product =>"ASP.NET",
+          :match_details =>"powered by header",
+          :version => nil,
+          :match_type => :content_headers,
+          :match_content =>  /x-powered-by: ASP.NET/,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["COTS"],
+          :vendor => "Microsoft",
+          :product =>"Commerce Server",
+          :match_details =>"server header",
+          :version => nil,
+          :match_type => :content_headers,
+          :match_content =>  /commerce-server-software: Microsoft Commerce Server.*/,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Productivity","COTS","Mail Server", "Email"],
+          :vendor => "Microsoft",
+          :product =>"Exchange Server",
+          :references => ["https://support.microsoft.com/en-us/help/4036163/you-can-t-access-owa-or-ecp-after-you-install-exchange-server-2016-cu6"],
+          :match_details =>"x-feserver header",
+          :version => nil,
+          :match_type => :content_headers,
+          :match_content =>  /^x-feserver:.*$/i,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Productivity","COTS", "Mail Server", "Email"],
+          :vendor => "Microsoft",
+          :product =>"Exchange Server",
+          :references => [],
+          :match_details =>"/owa/ redirect",
+          :version => nil,
+          :match_type => :content_headers,
+          :match_content =>  /^location:.*\/owa\/$/i,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Productivity", "Mail Server", "COTS"],
+          :vendor => "Microsoft",
+          :product =>"Exchange Server",
+          :match_details =>"OWA Header -> Exchange server inference",
+          :version => nil,
+          :match_type => :content_headers,
+          :match_content =>  /^x-owa-version:/i,
+          :dynamic_version => lambda { |x|
+            version_string = _first_header_capture(x, /^x-owa-version:(.*)$/i)
+            owa_to_exchange_version(version_string)[:version]
+          },
+          :dynamic_update => lambda { |x|
+            update_string = _first_header_capture(x, /^x-owa-version:(.*)$/i)
+            owa_to_exchange_version(update_string)[:update]
+          },
+          :paths => ["#{url}"],
+          :inference => true
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Productivity","COTS", "Mail Server", "Email"],
+          :vendor => "Microsoft",
+          :product =>"Exchange Server",
+          :references => ["https://bit.ly/2k4Yoot"],
+          :match_details =>"OWA version -> Exchange server inference (body)",
+          :version => nil,
+          :match_type => :content_body,
+          :match_content =>  /OwaPage\ =\ ASP.auth_logon_aspx/i,
+          :dynamic_version => lambda { |x|
+            version_string = _first_body_capture(x, /href=\"\/owa\/auth\/([\d\.]+)\/themes\/resources\/favicon.ico/)
+            version_string = _first_body_capture(x, /href=\"\/owa\/([\d\.]+)\/themes\/resources\/favicon.ico/) unless version_string
+            owa_to_exchange_version(version_string)[:version]
+          },
+          :dynamic_update => lambda { |x|
+            update_string = _first_body_capture(x, /href=\"\/owa\/auth\/([\d\.]+)\/themes\/resources\/favicon.ico/)
+            update_string = _first_body_capture(x, /href=\"\/owa\/([\d\.]+)\/themes\/resources\/favicon.ico/) unless update_string
+            owa_to_exchange_version(update_string)[:update]
+          },
+          :paths => ["#{url}"],
+          :inference => true # TODO - not specific enough yet
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Productivity","COTS", "Mail Server", "Email"],
+          :vendor => "Microsoft",
+          :product =>"Exchange Server",
+          :references => ["https://bit.ly/2k4Yoot"],
+          :match_details =>"OWA version -> Exchange server inference (headers)",
+          :version => nil,
+          :match_type => :content_headers,
+          :match_content =>  /x-owa-version/i,
+          :dynamic_version => lambda { |x|
+            version_string = _first_body_capture(x, /href=\"\/owa\/auth\/([\d\.]+)\/themes\/resources\/favicon.ico/)
+            version_string = _first_body_capture(x, /href=\"\/owa\/([\d\.]+)\/themes\/resources\/favicon.ico/) unless version_string
+            owa_to_exchange_version(version_string)[:version]
+          },
+          :dynamic_update => lambda { |x|
+            update_string = _first_body_capture(x, /href=\"\/owa\/auth\/([\d\.]+)\/themes\/resources\/favicon.ico/)
+            update_string = _first_body_capture(x, /href=\"\/owa\/([\d\.]+)\/themes\/resources\/favicon.ico/) unless update_string
+            owa_to_exchange_version(update_string)[:update]
+          },
+          :paths => ["#{url}"],
+          :inference => true # TODO - not specific enough yet
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Firewall"],
+          :vendor => "Microsoft",
+          :product =>"Forefront TMG",
+          :match_details =>"Microsoft Forefront Threat Management Gateway",
+          :version => nil,
+          :match_type => :content_cookies,
+          :match_content =>  /<title>Microsoft Forefront TMG/,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Firewall"],
+          :vendor => "Microsoft",
+          :product =>"Forefront TMG",
+          :match_details =>"Microsoft Forefront Threat Management Gateway",
+          :version => nil,
+          :match_type => :content_headers,
+          :match_content =>  /via:\ 1.1\ TMGSRVR/,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Firewall"],
+          :vendor => "Microsoft",
+          :product =>"ISA Server",
+          :version => "2006",
+          :match_type => :content_title,
+          :match_content =>  /^Microsoft ISA Server 2006$/i,
+          :match_details =>"standard title",
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Library", "Application Server"],
+          :vendor =>"Microsoft",
+          :product =>"Frontpage",
+          :match_details =>"server header",
+          :version => nil,
+          :match_type => :content_headers,
+          :match_content =>  /^.*FrontPage\/.*$/i,
+          :dynamic_version => lambda { |x|
+            _first_header_capture(x,/^.*FrontPage\/([\d\.]*).*$/i)
+          },
+          :paths => ["#{url}"],
+          :inference => true
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Web Server"],
+          :vendor => "Microsoft",
+          :product => "Internet Information Services",
+          :match_details =>"server header",
+          :match_type => :content_headers,
+          :match_content =>  /server: Microsoft-IIS/,
+          :paths => ["#{url}"],
+          :inference => false # not specific enough
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Web Server"],
+          :vendor => "Microsoft",
+          :product => "Internet Information Services",
+          :match_details =>"server header",
+          :version => nil,
+          :dynamic_version => lambda { |x|
+            _first_header_capture x, /server: Microsoft-IIS\/(.*)/
+          },
+          :match_type => :content_headers,
+          :match_content =>  /server: Microsoft-IIS\//,
+          :paths => ["#{url}"],
+          :inference => false # not specific enough
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Web Server"],
+          :vendor => "Microsoft",
+          :product => "Internet Information Services",
+          :match_details =>"body error messages",
+          :version => nil,
+          :match_type => :content_body,
+          :match_content =>  /401.2 - Unauthorized: Access is denied due to server configuration.<br>Internet Information Services \(IIS\)/,
+          :paths => ["#{url}"],
+          :inference => false # not specific enough
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Web Server"],
+          :vendor => "Microsoft",
+          :product =>"Internet Information Services",
+          :match_details =>"Internet Information Services",
+          :version => "8.0",
+          :match_type => :content_body,
+          :match_content =>  /<img src=\"iis-8.png\"/,
+          :paths => ["#{url}"],
+          :inference => false # not specific enough
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Web Server"],
+          :vendor => "Microsoft",
+          :product =>"Internet Information Services",
+          :match_details =>"Microsoft IIS 8.5",
+          :version => "8.5",
+          :match_type => :content_body,
+          :match_content =>  /<img src=\"iis-85.png\"/,
+          :paths => ["#{url}"],
+          :inference => false # not specific enough
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Web Server"],
+          :vendor => "Microsoft",
+          :product =>"Internet Information Services",
+          :match_details =>"Microsoft-HTTPAPI/2.0 (IIS not configured)",
+          :version => nil,
+          :match_type => :content_headers,
+          :match_content =>  /server: Microsoft-HTTPAPI\/2.0/i,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :vendor => "Microsoft",
+          :product =>"Internet Information Services",
+          :match_details =>"Microsoft IIS Unauthorized (403)",
+          :tags => ["error_page"],
+          :version => nil,
+          :match_type => :content_body,
+          :hide => true,
+          :match_content =>  /Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator \(URL\)/,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Web Server"],
+          :vendor => "Microsoft",
+          :product =>"Internet Information Services",
+          :match_details =>"Microsoft IIS Missing Resource (404)",
+          :version => nil,
+          :match_type => :content_body,
+          :hide => true,
+          :match_content =>  /HTTP Error 404. The requested resource is not found./,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Web Server"],
+          :vendor => "Microsoft",
+          :product =>"Internet Information Services",
+          :match_details =>"Microsoft IIS Generic Error - 403",
+          :version => nil,
+          :match_type => :content_body,
+          :hide => true,
+          :match_content =>  /403 Forbidden. The server denied the specified Uniform Resource Locator (URL)/,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Web Server"],
+          :vendor => "Microsoft",
+          :product =>"Internet Information Services",
+          :match_details =>"Microsoft Generic Error - 503",
+          :version => nil,
+          :match_type => :content_body,
+          :hide => true,
+          :match_content =>  /HTTP Error 503. The service is unavailable./,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Web Server"],
+          :vendor =>"Microsoft",
+          :product =>"Kestrel",
+          :references => ["https://stackify.com/what-is-kestrel-web-server/"],
+          :match_details =>"kestrel in server header",
+          :version => nil,
+          :match_type => :content_headers,
+          :match_content =>  /server: Kestrel/i,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "service",
+          :tags => ["Productivity","SaaS"],
+          :vendor =>"Microsoft",
+          :product =>"Office 365",
+          :match_details =>"office 365 api unique header",
+          :version => nil,
+          :match_type => :content_headers,
+          :match_content =>  /x-ms-server-fqdn/i,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "service",
+          :tags => ["Productivity","SaaS"],
+          :vendor =>"Microsoft",
+          :product =>"Office 365 API",
+          :match_details =>"office 365 api auth cookie",
+          :version => nil,
+          :match_type => :content_cookies,
+          :match_content =>  /x-ms-gateway-slice/i,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "service",
+          :tags => ["Productivity","SaaS"],
+          :vendor =>"Microsoft",
+          :product =>"Office 365",
+          :match_details =>"office 365 fronted by okta",
+          :version => nil,
+          :match_type => :content_body,
+          :match_content =>  /ok3static.oktacdn.com\/assets\/img\/logos\/office365/i,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "service",
+          :tags => ["Productivity","SaaS"],
+          :vendor =>"Microsoft",
+          :product =>"Microsoft Outlook (Office 365)",
+          :match_details =>"office 365 outlook signin",
+          :version => nil,
+          :match_type => :content_title,
+          :match_content =>  /Sign in to Outlook/i,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Productivity", "Mail Server", "COTS"],
+          :vendor => "Microsoft",
+          :product =>"Outlook Web Access",
+          :match_details =>"Microsoft Outlook Web Access",
+          :version => nil,
+          :match_type => :content_headers,
+          :match_content =>  /location: \/owa/,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Productivity", "Mail Server", "COTS"],
+          :vendor => "Microsoft",
+          :product =>"Outlook Web Access",
+          :match_details =>"Microsoft Outlook Web Access (header)",
+          :version => nil,
+          :match_type => :content_headers,
+          :match_content =>  /x-owa-version/,
+          :dynamic_version => lambda { |x|
+            _first_header_capture(x, /x-owa-version:(.*)/) },
+          :paths => ["#{url}"],
+          :inference => true
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Productivity", "Mail Server", "COTS"],
+          :vendor => "Microsoft",
+          :product =>"Outlook Web Access",
+          :match_details =>"Microsoft Outlook Web Access (body)",
+          :version => nil,
+          :match_type => :content_body,
+          :match_content =>  /OwaPage\ =\ ASP.auth_logon_aspx/,
+          :dynamic_version => lambda { |x|
+            _first_body_capture x, /href=\"\/owa\/auth\/(.*)\/themes\/resources\/favicon.ico/ },
+          :paths => ["#{url}"],
+          :inference => true
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Productivity", "Mail Server", "COTS"],
+          :vendor => "Microsoft",
+          :product =>"Outlook Web Access",
+          :match_details =>"title",
+          :version => nil,
+          :match_type => :content_title ,
+          :match_content =>  /^Outlook Web App$/,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Productivity", "CMS"],
+          :vendor => "Microsoft",
+          :product =>"Sharepoint Server",
+          :match_details =>"Inferred from services version",
+          :version => nil,
+          :match_type => :content_headers,
+          :match_content =>  /microsoftsharepointteamservices/,
+          :dynamic_version => lambda { |x|
+            sharepoint_server_version_from_team_services(_first_header_capture(x,/^microsoftsharepointteamservices:(.*)/i))[:version] },
+          :dynamic_update => lambda { |x|
+            sharepoint_server_version_from_team_services(_first_header_capture(x,/^microsoftsharepointteamservices:(.*)/i))[:update] },
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Productivity", "CMS"],
+          :vendor => "Microsoft",
+          :product =>"Sharepoint Foundation",
+          :match_details =>"error page",
+          :version => nil,
+          :match_type => :content_body,
+          :requires_product => "Sharepoint Server",
+          :match_content =>  /Troubleshoot issues with Microsoft SharePoint Foundation. - Opens in new window/,
+          :paths => ["#{url}/WebResource.asmx"],
+          :require_product => "ASP.NET",
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Productivity", "CMS"],
+          :vendor => "Microsoft",
+          :product =>"Sharepoint Team Services",
+          :match_details =>"Sharepoint cookie",
+          :version => nil,
+          :match_type => :content_headers,
+          :match_content =>  /sprequestguid/,
+          :dynamic_version => lambda { |x|
+            _first_header_capture(x,/^microsoftsharepointteamservices:(.*)/i) },
+          :paths => ["#{url}"],
+          :inference => true
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Productivity", "CMS"],
+          :vendor => "Microsoft",
+          :product =>"Sharepoint Team Services",
+          :match_details =>"Sharepoint cookie",
+          :version => nil,
+          :match_type => :content_headers,
+          :match_content =>  /^microsoftsharepointteamservices:.*$/,
+          :dynamic_version => lambda { |x|
+            _first_header_capture(x,/^microsoftsharepointteamservices:(.*)/i) },
+          :paths => ["#{url}"],
+          :inference => true
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Productivity", "CMS"],
+          :vendor => "Microsoft",
+          :product =>"Sharepoint Server",
+          :match_details =>"Sharepoint cookie",
+          :version => nil,
+          :match_type => :content_generator,
+          :match_content =>  /^Microsoft SharePoint$/,
+          :paths => ["#{url}"],
+          :inference => false
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Productivity", "CMS"],
+          :vendor => "Microsoft",
+          :product =>"Sharepoint Services",
+          :match_details =>"header",
+          :version => nil,
+          :match_type => :content_headers,
+          :match_content =>  /microsoftofficewebserver:.*/,
+          :dynamic_version => lambda { |x| _first_header_capture(x,/^microsoftofficewebserver:(.*)/i) },
+          :paths => ["#{url}"],
+          :inference => true
+        },
+        {
+          :type => "fingerprint",
+          :category => "application",
+          :tags => ["Productivity", "CMS"],
+          :vendor => "Microsoft",
+          :product =>"Sharepoint Services",
+          :match_details =>"header",
+          :version => "3.0",
+          :match_type => :content_headers,
+          :match_content =>  /microsoftofficewebserver: 5.0_Pub/,
+          :paths => ["#{url}"]
+        }
+      ]
+    end
+    # https://buildnumbers.wordpress.com/sharepoint/
+    # https://www.eukhost.com/blog/webhosting/difference-between-windows-sharepoint-services-and-sharepoint-servers/
+    # https://sathiya.io/sharepoint-2016-build-numbers
+    def sharepoint_server_version_from_team_services(sp_teamsvc_version)
+      # adjust the version to fit our naming scheme
+      # simpluy  remove one of the .0's
+      sp_version = sp_teamsvc_version.gsub("0.0.","0.")
+      reference_versions = File.open("#{$ident_dir}/data/microsoft_sharepoint_versions.csv").read.split("\n")
+      # do the comparison and simply return if we ahve it
+      reference_versions.each do |line|
+        # it's a csv
+        ref = line.split(",")
+        # grab the relevant fields
+        sp_release = ref[0]
+        build_version = ref[1]
+        update_version = ref[2]
+        # modify to fit our schema
+        compare_version = build_version.gsub(/\.\d+$/,"")
+        if compare_version == sp_version # # Got it
+          # recturn since we matched
+          return { version: sp_release, update: update_version }
+        end
+      end
+      # okay we made it this far, so no exact match
+      # handle cases where we don't have an exact match here
+      case
+      when sp_teamsvc_version =~ /^10\.0\.0\.\d+/
+        out = { version: "2003", update: nil }
+      when sp_teamsvc_version =~ /^11\.0\.0\.\d+/
+        out = { version: "2003", update: nil }
+      when sp_teamsvc_version =~ /^12\.0\.0\.\d+/
+        out = { version: "2007", update: nil }
+      when sp_teamsvc_version =~ /^14\.0\.0\.\d+/
+        out = { version: "2010", update: nil }
+      when sp_teamsvc_version =~ /^15\.0\.0\.\d+/
+        out = { version: "2013", update: nil }
+      when sp_teamsvc_version =~ /^16\.0\.4\d+\.\d+/
+        out = { version: "2016", update: nil }
+      when sp_teamsvc_version =~ /^16\.0\.10\d+\.\d+/
+        out = { version: "2019", update: nil }
+      else
+        out = { version: nil, update: nil }
+      end
+    out
+    end
+    # https://en.wikipedia.org/wiki/Internet_Information_Services
+    def iis_to_os_version(iis_version)
+      case
+      when iis_version == "10.0.17763"
+        out = { version: " Windows Server 2019 or Windows 10 October Update" }
+      when iis_version == "10.0"
+        out = { version: " Windows Server, version 1709 (Semi-Annual Channel) or Windows 10 Fall Creators Update" }
+      when iis_version == "10.0.14393" # IIS 10.0 version 1607
+        out = { version: "Windows Server 2016 or Windows 10 Anniversary Update" }
+      when iis_version == "8.5"
+        out = { version: "Windows Server 2012 R2 or Windows 8.1" }
+      when iis_version == "8.0"
+        out = { version: "Windows Server 2012 or Windows 8" }
+      when iis_version == "7.5"
+        out = { version: "Windows Server 2008 R2 or Windows 7" }
+      when iis_version == "7.0"
+        out = { version: "Windows Server 2008 or Windows Vista" }
+      when iis_version == "6.0"
+        out = { version: "Windows Server 2003 or Windows XP Professional x64 Edition" }
+      when iis_version == "5.1"
+        out = { version: "Windows XP Professional" }
+      when iis_version == "5.0"
+        out = { version: "Windows Server 2000" }
+      when iis_version == "4.0"
+        out = { version: "Windows NT 4.0 Option Pack" }
+      when iis_version == "3.0"
+        out = { version: "Windows NT 4.0 SP2" }
+      when iis_version == "2.0"
+        out = { version: "Windows NT 4.0" }
+      when iis_version == "1.0"
+        out = { version: "Windows NT 3.51" }
+      end
+    out
+    end
+    def owa_to_exchange_version(owa_version)
+      # 2007 SP1
+      if owa_version == "8.1.240.6" #.32"
+        out = { version: "2007 SP1", update: "RTM" }
+      elsif owa_version == "8.1.263.1" #.32"
+        out = { version: "2007 SP1", update: "Update Rollup 1" }
+      elsif owa_version == "8.1.278.2" #.32"
+        out = { version: "2007 SP1", update: "Update Rollup 2" }
+      elsif owa_version == "8.1.291.2" #.32"
+        out = { version: "2007 SP1", update: "Update Rollup 3" }
+      elsif owa_version == "8.1.311.3" #.32"
+        out = { version: "2007 SP1", update: "Update Rollup 4" }
+      elsif owa_version == "8.1.336.1" #.32"
+        out = { version: "2007 SP1", update: "Update Rollup 5" }
+      elsif owa_version == "8.1.340.1" #.32"
+        out = { version: "2007 SP1", update: "Update Rollup 6" }
+      elsif owa_version == "8.1.359.2" #.32"
+        out = { version: "2007 SP1", update: "Update Rollup 7" }
+      elsif owa_version == "8.1.375.2" #.32"
+        out = { version: "2007 SP1", update: "Update Rollup 8" }
+      elsif owa_version == "8.1.393.1" #.32"
+        out = { version: "2007 SP1", update: "Update Rollup 9" }
+      elsif owa_version == "8.1.436.0" #.32"
+        out = { version: "2007 SP1", update: "Update Rollup 10" }
+      # 2007 SP2
+      elsif owa_version == "8.2.176.2" #.32"
+        out = { version: "2007 SP2", update: "RTM" }
+      elsif owa_version == "8.2.217.3" #.32"
+        out = { version: "2007 SP2", update: "Update Rollup 1" }
+      elsif owa_version == "8.2.234.1" #.32"
+        out = { version: "2007 SP2", update: "Update Rollup 2" }
+      elsif owa_version == "8.2.247.2" #.32"
+        out = { version: "2007 SP2", update: "Update Rollup 3" }
+      elsif owa_version == "8.2.254.0" #.32"
+        out = { version: "2007 SP2", update: "Update Rollup 4" }
+      elsif owa_version == "8.2.305.3" #.32"
+        out = { version: "2007 SP2", update: "Update Rollup 5" }
+       # 2007 SP3
+      elsif owa_version == "8.3.083.6" #.32"
+        out = { version: "2007 SP3", update: "RTM" }
+      elsif owa_version == "8.3.106.2" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 1" }
+      elsif owa_version == "8.3.137.3" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 2" }
+      elsif owa_version == "8.3.159.0" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 3" }
+      elsif owa_version == "8.3.159.2" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 3-v2" }
+      elsif owa_version == "8.3.192.1" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 4" }
+      elsif owa_version == "8.3.213.1" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 5" }
+      elsif owa_version == "8.3.245.2" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 6" }
+      elsif owa_version == "8.3.264.0" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 7" }
+      elsif owa_version == "8.3.279.3" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 8" }
+      elsif owa_version == "8.3.279.5" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 8-v2" }
+      elsif owa_version == "8.3.279.6" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 8-v3" }
+      elsif owa_version == "8.3.297.2" #.32
+        out = { version: "2007 SP3", update: "Update Rollup 9" }
+      elsif owa_version == "8.3.298.3" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 10" }
+      elsif owa_version == "8.3.327.1" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 11" }
+      elsif owa_version == "8.3.342.4" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 12" }
+      elsif owa_version == "8.3.348.1" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 13" }
+      elsif owa_version == "8.3.379.2" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 14" }
+      elsif owa_version == "8.3.389.2" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 15" }
+      elsif owa_version == "8.3.406.0" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 16" }
+      elsif owa_version == "8.3.417.1" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 17" }
+      elsif owa_version == "8.3.445.0" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 18" }
+      elsif owa_version == "8.3.459.0" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 19" }
+      elsif owa_version == "8.3.468.0" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 20" }
+      elsif owa_version == "8.4.485.1" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 21" }
+      elsif owa_version == "8.3.502.0" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 22" }
+      elsif owa_version == "8.3.517.0" #.32"
+        out = { version: "2007 SP3", update: "Update Rollup 23" }
+      # 2010
+      elsif owa_version == "14.0.639.21"
+        out = { version: "2010", update: "RTM" }
+      elsif owa_version == "14.0.682.1"
+        out = { version: "2010", update: "Update Rollup 1" }
+      elsif owa_version == "14.0.689.0"
+        out = { version: "2010", update: "Update Rollup 2" }
+      elsif owa_version == "14.0.694.0"
+        out = { version: "2010", update: "Update Rollup 3" }
+      elsif owa_version == "14.0.702.1"
+        out = { version: "2010", update: "Update Rollup 4" }
+      elsif owa_version == "14.0.722.0" # unknown release, found in the wild
+        out = { version: "2010", update: "Update Rollup 4",
+          note: "additional updates applied: #{owa_version}" }
+      elsif owa_version == "14.0.726.0"
+        out = { version: "2010", update: "Update Rollup 5" }
+      # 2010 SP1
+      elsif owa_version == "14.1.218.13" || owa_version == "14.1.218.15"
+        out = { version: "2010 SP1", update: "RTM" }
+      elsif owa_version == "14.1.255.2"
+        out = { version: "2010 SP1", update: "Update Rollup 1" }
+      elsif owa_version == "14.1.270.1"
+        out = { version: "2010 SP1", update: "Update Rollup 2" }
+      elsif owa_version == "14.1.287.0"
+        out = { version: "2010 SP1", update: "Update Rollup 2",
+          note: "additional updates applied: #{owa_version}" }
+      elsif owa_version == "14.1.289.3"
+        out = { version: "2010 SP1", update: "Update Rollup 3" }
+      elsif owa_version == "14.1.289.7"
+        out = { version: "2010 SP1", update: "Update Rollup 3-v3" }
+      elsif owa_version == "14.1.323.1"
+        out = { version: "2010 SP1", update: "Update Rollup 4" }
+      elsif owa_version == "14.1.323.6"
+        out = { version: "2010 SP1", update: "Update Rollup 4-v2" }
+      elsif owa_version == "14.1.339.1"
+        out = { version: "2010 SP1", update: "Update Rollup 5" }
+      elsif owa_version == "14.1.355.2"
+        out = { version: "2010 SP1", update: "Update Rollup 6" }
+      elsif owa_version == "14.1.420.0"
+        out = { version: "2010 SP1", update: "Update Rollup 6",
+          note: "additional updates applied: #{owa_version}"  }
+      elsif owa_version == "14.1.421.0"
+        out = { version: "2010 SP1", update: "Update Rollup 7" }
+      elsif owa_version == "14.1.421.2"
+        out = { version: "2010 SP1", update: "Update Rollup 7-v2" }
+      elsif owa_version == "14.1.421.3"
+        out = { version: "2010 SP1", update: "Update Rollup 7-v3" }
+      elsif owa_version == "14.1.438.0"
+        out = { version: "2010 SP1", update: "Update Rollup 8" }
+      # 2010 SP2
+      elsif owa_version == "14.2.247.5"
+        out = { version: "2010 SP2", update: "RTM" }
+      elsif owa_version == "14.2.283.3"
+        out = { version: "2010 SP2", update: "Update Rollup 1" }
+      elsif owa_version == "14.2.298.4"
+        out = { version: "2010 SP2", update: "Update Rollup 2" }
+      elsif owa_version == "14.2.309.2"
+        out = { version: "2010 SP2", update: "Update Rollup 3" }
+      elsif owa_version == "14.2.318.2"
+        out = { version: "2010 SP2", update: "Update Rollup 4" }
+      elsif owa_version == "14.2.318.4"
+        out = { version: "2010 SP2", update: "Update Rollup 4-v2" }
+      elsif owa_version == "14.2.328.5"
+        out = { version: "2010 SP2", update: "Update Rollup 5" }
+      elsif owa_version == "14.2.328.9" || owa_version == "14.2.328.10"
+        out = { version: "2010 SP2", update: "Update Rollup 5-v2" }
+      elsif owa_version == "14.2.342.3"
+        out = { version: "2010 SP2", update: "Update Rollup 6" }
+      elsif owa_version == "14.2.347.0"
+        out = { version: "2010 SP2", update: "Update Rollup 6",
+          note: "additional updates applied: #{owa_version}" }
+      elsif owa_version == "14.2.375.0"
+        out = { version: "2010 SP2", update: "Update Rollup 7" }
+      elsif owa_version == "14.2.390.1" # unknown release, found in the wild
+        out = { version: "2010 SP2", update: "Update Rollup 8",
+          note: "prerelease version: #{owa_version}"  }
+      elsif owa_version == "14.2.390.3"
+        out = { version: "2010 SP2", update: "Update Rollup 8" }
+      # 2010 SP3
+      elsif owa_version == "14.3.123.3" || owa_version == "14.3.123.3"
+        out = { version: "2010 SP3", update: "RTM" }
+      elsif owa_version == "14.3.146.0"
+        out = { version: "2010 SP3", update: "Update Rollup 1" }
+      elsif owa_version == "14.3.158.1"
+        out = { version: "2010 SP3", update: "Update Rollup 2" }
+      elsif owa_version == "14.3.169.1"
+        out = { version: "2010 SP3", update: "Update Rollup 3" }
+      elsif owa_version == "14.3.174.1"
+        out = { version: "2010 SP3", update: "Update Rollup 4" }
+      elsif owa_version == "14.3.181.6"
+        out = { version: "2010 SP3", update: "Update Rollup 5" }
+      elsif owa_version == "14.3.195.1"
+        out = { version: "2010 SP3", update: "Update Rollup 6" }
+      elsif owa_version == "14.3.210.2"
+        out = { version: "2010 SP3", update: "Update Rollup 7" }
+      elsif owa_version == "14.3.224.2"
+        out = { version: "2010 SP3", update: "Update Rollup 8-v2" }
+      elsif owa_version == "14.3.235.1"
+        out = { version: "2010 SP3", update: "Update Rollup 9" }
+      elsif owa_version == "14.3.248.2"
+        out = { version: "2010 SP3", update: "Update Rollup 10" }
+      elsif owa_version == "14.3.266.1"
+        out = { version: "2010 SP3", update: "Update Rollup 11" }
+      elsif owa_version == "14.3.279.2"
+        out = { version: "2010 SP3", update: "Update Rollup 12" }
+      elsif owa_version == "14.3.294.0"
+        out = { version: "2010 SP3", update: "Update Rollup 13" }
+      elsif owa_version == "14.3.301.0"
+        out = { version: "2010 SP3", update: "Update Rollup 14" }
+      elsif owa_version == "14.3.319.2"
+        out = { version: "2010 SP3", update: "Update Rollup 15" }
+      elsif owa_version == "14.3.339.0"
+        out = { version: "2010 SP3", update: "Update Rollup 16" }
+      elsif owa_version == "14.3.351.0"
+        out = { version: "2010 SP3", update: "Update Rollup 16",
+          note: "additional updates applied: #{owa_version}" }
+      elsif owa_version == "14.3.352.0"
+        out = { version: "2010 SP3", update: "Update Rollup 17" }
+      elsif owa_version == "14.3.361.1"
+        out = { version: "2010 SP3", update: "Update Rollup 18" }
+      elsif owa_version == "14.3.382.0"
+        out = { version: "2010 SP3", update: "Update Rollup 19" }
+      elsif owa_version == "14.3.388.0" # found in the wild
+        out = { version: "2010 SP3", update: "Update Rollup 19",
+          note: "additional updates applied: #{owa_version}"  }
+      elsif owa_version == "14.3.389.1"
+        out = { version: "2010 SP3", update: "Update Rollup 20" }
+      elsif owa_version == "14.3.399.0"
+        out = { version: "2010 SP3", update: "Update Rollup 21",
+          note: "additional updates applied: #{owa_version}"  }
+      elsif owa_version == "14.3.399.2"
+        out = { version: "2010 SP3", update: "Update Rollup 21" }
+      elsif owa_version == "14.3.409.0"
+        out = { version: "2010 SP3", update: "Update Rollup 21",
+          note: "additional updates applied: #{owa_version}"  }
+      elsif owa_version == "14.3.411.0"
+        out = { version: "2010 SP3", update: "Update Rollup 22" }
+      elsif owa_version == "14.3.415.0"
+        out = { version: "2010 SP3", update: "Update Rollup 22",
+          note: "additional updates applied: #{owa_version}"  }
+      elsif owa_version == "14.3.417.0"
+        out = { version: "2010 SP3", update: "Update Rollup 23" }
+      elsif owa_version == "14.3.419.0"
+        out = { version: "2010 SP3", update: "Update Rollup 24" }
+      elsif owa_version == "14.3.435.0"
+        out = { version: "2010 SP3", update: "Update Rollup 25" }
+      elsif owa_version == "14.3.439.0" # unknown release, found in the wild
+        out = { version: "2010 SP3", update: "Update Rollup 25",
+          note: "additional updates applied: #{owa_version}" }
+      elsif owa_version == "14.3.442.0"
+        out = { version: "2010 SP3", update: "Update Rollup 26" }
+      elsif owa_version == "14.3.452.0"
+        out = { version: "2010 SP3", update: "Update Rollup 27" }
+      elsif owa_version == "14.3.461.1"
+        out = { version: "2010 SP3", update: "Update Rollup 28" }
+      elsif owa_version == "14.3.468.0"
+        out = { version: "2010 SP3", update: "Update Rollup 29" }
+      elsif owa_version == "14.3.487.0" # unknown release, found in the wild
+        out = { version: "2010 SP3", update: "Update Rollup 29",
+           note: "additional updates applied: #{owa_version}" }
+      elsif owa_version == "14.3.496.0"
+        out = { version: "2010 SP3", update: "Update Rollup 30" }
+      # 2013
+      elsif owa_version == "15.0.516" #.32"
+          out = { version: "2013", update: "RTM" }
+      elsif owa_version == "15.0.620" #.29"
+        out = { version: "2013", update: "Cumulative Update 1" }
+      elsif owa_version == "15.0.712" #.24"
+        out = { version: "2013", update: "Cumulative Update 2" }
+      elsif owa_version == "15.0.775" #.38"
+        out = { version: "2013", update: "Cumulative Update 3" }
+      elsif owa_version == "15.0.847" #.32"
+        out = { version: "2013", update: "Cumulative Update 4" }
+      elsif owa_version == "15.0.913" #.22"
+        out = { version: "2013", update: "Cumulative Update 5" }
+      elsif owa_version == "15.0.995" #.29"
+        out = { version: "2013", update: "Cumulative Update 6" }
+      elsif owa_version == "15.0.1044" #.25"
+        out = { version: "2013", update: "Cumulative Update 7" }
+      elsif owa_version == "15.0.1076" #.9"
+        out = { version: "2013", update: "Cumulative Update 8" }
+      elsif owa_version == "15.0.1104" #.5"
+        out = { version: "2013", update: "Cumulative Update 9" }
+      elsif owa_version == "15.0.1130" #.7"
+        out = { version: "2013", update: "Cumulative Update 10" }
+      elsif owa_version == "15.0.1156" #.6"
+        out = { version: "2013", update: "Cumulative Update 11" }
+      elsif owa_version == "15.0.1178" #.4"
+        out = { version: "2013", update: "Cumulative Update 12" }
+      elsif owa_version == "15.0.1210" #.3"
+        out = { version: "2013", update: "Cumulative Update 13" }
+      elsif owa_version == "15.0.1236" #.3"
+        out = { version: "2013", update: "Cumulative Update 14" }
+      elsif owa_version == "15.0.1263" #.5"
+        out = { version: "2013", update: "Cumulative Update 15" }
+      elsif owa_version == "15.0.1293" #.2"
+        out = { version: "2013", update: "Cumulative Update 16" }
+      elsif owa_version == "15.0.1320" #.4"
+        out = { version: "2013", update: "Cumulative Update 17" }
+      elsif owa_version == "15.0.1347" #.2"
+        out = { version: "2013", update: "Cumulative Update 18" }
+      elsif owa_version == "15.0.1365" #.1"
+        out = { version: "2013", update: "Cumulative Update 19" }
+      elsif owa_version == "15.0.1367" #.3"
+        out = { version: "2013", update: "Cumulative Update 20" }
+      elsif owa_version == "15.0.1395" #.4"
+        out = { version: "2013", update: "Cumulative Update 21" }
+      elsif owa_version == "15.0.1473.3" || owa_version == "15.0.1473"
+        out = { version: "2013", update: "Cumulative Update 22" }
+      elsif owa_version == "15.0.1497"
+        out = { version: "2013", update: "Cumulative Update 23" }
+      elsif owa_version == "15.0.1497.2"
+        out = { version: "2013", update: "Cumulative Update 23" }
+      # 2016
+      elsif owa_version == "15.1.225" #.16"
+        out = { version: "2016", update: "Preview" }
+      elsif owa_version == "15.1.225" #.42"
+        out = { version: "2016", update: "RTM" }
+      elsif owa_version == "15.1.396" #.30"
+        out = { version: "2016", update: "Cumulative Update 1" }
+      elsif owa_version == "15.1.466" #.34"
+        out = { version: "2016", update: "Cumulative Update 2" }
+      elsif owa_version == "15.1.466" || owa_version == "15.1.544"
+        out = { version: "2016", update: "Cumulative Update 3" }
+      elsif owa_version == "15.1.669" #.32"
+        out = { version: "2016", update: "Cumulative Update 4" }
+      elsif owa_version == "15.1.845" #.34"
+        out = { version: "2016", update: "Cumulative Update 5" }
+      elsif owa_version == "15.1.1034" #.26"
+        out = { version: "2016", update: "Cumulative Update 6" }
+      elsif owa_version == "15.1.1261" #.35"
+        out = { version: "2016", update: "Cumulative Update 7" }
+      elsif owa_version == "15.1.1415" #.2"
+        out = { version: "2016", update: "Cumulative Update 8" }
+      elsif owa_version == "15.1.1466" #.3"
+        out = { version: "2016", update: "Cumulative Update 9" }
+      elsif owa_version == "15.1.1531" #.3"
+        out = { version: "2016", update: "Cumulative Update 10" }
+      elsif owa_version == "15.1.1591" #.01"
+        out = { version: "2016", update: "Cumulative Update 11" }
+      elsif owa_version == "15.1.1713" || owa_version == "15.1.1713.5" #.01"
+        out = { version: "2016", update: "Cumulative Update 12" }
+      elsif owa_version == "15.1.1779" || owa_version == "15.1.1779.2" #.01"
+        out = { version: "2016", update: "Cumulative Update 13" }
+      elsif owa_version == "15.1.1847" || owa_version == "15.1.1847.3" #.01"
+        out = { version: "2016", update: "Cumulative Update 14" }
+      elsif owa_version == "15.1.1913" #.01"
+        out = { version: "2016", update: "Cumulative Update 15" }
+      elsif owa_version == "15.1.1986" #.01"
+        out = { version: "2016", update: "Cumulative Update 15",
+          note: "additional updates applied: #{owa_version}" }
+      # 2019
+      elsif owa_version == "15.2.196.0" #
+        out = { version: "2019", update: "Preview" }
+      elsif owa_version == "15.2.221" || owa_version == "15.2.221.12" #
+        out = { version: "2019", update: "RTM" }
+      elsif owa_version == "15.2.330" || owa_version == "15.2.330.6" #
+        out = { version: "2019", update: "Cumulative Update 1" }
+      elsif owa_version == "15.2.397" || owa_version == "15.2.397.3" #
+        out = { version: "2019", update: "Cumulative Update 2" }
+      elsif owa_version == "15.2.464" ||  owa_version == "15.2.529" #
+        out = { version: "2019", update: "Cumulative Update 3",
+          note: "additional updates applied: #{owa_version}" }
+=begin
+1694  Microsoft Exchange Server [Unknown 15.2.221] [Unknown 15.2.221], Exchange Server 2019 RTM
+2287  Microsoft Exchange Server [Unknown 15.2.397] [Unknown 15.2.397], Exchange Server 2019 CU2
+2464  Microsoft Exchange Server [Unknown 15.2.330] [Unknown 15.2.330], Exchange Server 2019 CU1
+2670  Microsoft Exchange Server [Unknown 15.1.544] [Unknown 15.1.544], Exchange Server 2016 CU3
+3609  Microsoft Exchange Server [Unknown 15.2.464] [Unknown 15.2.464], Exchange Server 2019 CU3
+14034  Microsoft Exchange Server [Unknown 15.1.1713] [Unknown 15.1.1713], Exchange Server 2016 CU12
+=end
+      else
+        out = { version: "[Unknown #{owa_version}]", update: "[Unknown #{owa_version}]" }
+      end
+    end
+  end
+  end
+  end
+  end