recog-intrigue 2.3.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (130) hide show
  1. checksums.yaml +7 -0
  2. data/.github/ISSUE_TEMPLATE/bug_report.md +37 -0
  3. data/.github/ISSUE_TEMPLATE/feature_request.md +17 -0
  4. data/.github/ISSUE_TEMPLATE/fingerprint_request.md +27 -0
  5. data/.github/PULL_REQUEST_TEMPLATE +24 -0
  6. data/.gitignore +14 -0
  7. data/.rbenv-gemset +1 -0
  8. data/.rspec +3 -0
  9. data/.ruby-gemset +1 -0
  10. data/.ruby-version +1 -0
  11. data/.travis.yml +25 -0
  12. data/.yardopts +1 -0
  13. data/CONTRIBUTING.md +171 -0
  14. data/COPYING +23 -0
  15. data/Gemfile +10 -0
  16. data/LICENSE +7 -0
  17. data/README.md +85 -0
  18. data/Rakefile +22 -0
  19. data/bin/recog_export +81 -0
  20. data/bin/recog_match +55 -0
  21. data/bin/recog_standardize +118 -0
  22. data/bin/recog_verify +64 -0
  23. data/cpe-remap.yaml +134 -0
  24. data/features/data/failing_banners_fingerprints.xml +20 -0
  25. data/features/data/matching_banners_fingerprints.xml +23 -0
  26. data/features/data/multiple_banners_fingerprints.xml +32 -0
  27. data/features/data/no_tests.xml +3 -0
  28. data/features/data/sample_banner.txt +2 -0
  29. data/features/data/successful_tests.xml +18 -0
  30. data/features/data/tests_with_failures.xml +20 -0
  31. data/features/data/tests_with_warnings.xml +17 -0
  32. data/features/match.feature +36 -0
  33. data/features/support/aruba.rb +3 -0
  34. data/features/support/env.rb +6 -0
  35. data/features/verify.feature +48 -0
  36. data/identifiers/README.md +47 -0
  37. data/identifiers/os_architecture.txt +20 -0
  38. data/identifiers/os_device.txt +52 -0
  39. data/identifiers/os_family.txt +160 -0
  40. data/identifiers/os_product.txt +199 -0
  41. data/identifiers/service_family.txt +185 -0
  42. data/identifiers/service_product.txt +255 -0
  43. data/identifiers/software_class.txt +26 -0
  44. data/identifiers/software_family.txt +91 -0
  45. data/identifiers/software_product.txt +333 -0
  46. data/identifiers/vendor.txt +405 -0
  47. data/lib/recog.rb +4 -0
  48. data/lib/recog/db.rb +78 -0
  49. data/lib/recog/db_manager.rb +31 -0
  50. data/lib/recog/fingerprint.rb +280 -0
  51. data/lib/recog/fingerprint/regexp_factory.rb +56 -0
  52. data/lib/recog/fingerprint/test.rb +18 -0
  53. data/lib/recog/formatter.rb +51 -0
  54. data/lib/recog/match_reporter.rb +77 -0
  55. data/lib/recog/matcher.rb +94 -0
  56. data/lib/recog/matcher_factory.rb +14 -0
  57. data/lib/recog/nizer.rb +347 -0
  58. data/lib/recog/verifier.rb +39 -0
  59. data/lib/recog/verifier_factory.rb +13 -0
  60. data/lib/recog/verify_reporter.rb +86 -0
  61. data/lib/recog/version.rb +3 -0
  62. data/misc/convert_mysql_err +61 -0
  63. data/misc/order.xsl +17 -0
  64. data/recog-intrigue.gemspec +45 -0
  65. data/requirements.txt +2 -0
  66. data/spec/data/best_os_match_1.yml +17 -0
  67. data/spec/data/best_os_match_2.yml +17 -0
  68. data/spec/data/best_service_match_1.yml +17 -0
  69. data/spec/data/smb_native_os.txt +25 -0
  70. data/spec/data/test_fingerprints.xml +36 -0
  71. data/spec/data/verification_fingerprints.xml +86 -0
  72. data/spec/data/whitespaced_fingerprint.xml +5 -0
  73. data/spec/lib/fingerprint_self_test_spec.rb +174 -0
  74. data/spec/lib/recog/db_spec.rb +98 -0
  75. data/spec/lib/recog/fingerprint/regexp_factory_spec.rb +73 -0
  76. data/spec/lib/recog/fingerprint_spec.rb +112 -0
  77. data/spec/lib/recog/formatter_spec.rb +69 -0
  78. data/spec/lib/recog/match_reporter_spec.rb +91 -0
  79. data/spec/lib/recog/nizer_spec.rb +330 -0
  80. data/spec/lib/recog/verify_reporter_spec.rb +113 -0
  81. data/spec/spec_helper.rb +82 -0
  82. data/update_cpes.py +186 -0
  83. data/xml/apache_modules.xml +1911 -0
  84. data/xml/apache_os.xml +273 -0
  85. data/xml/architecture.xml +36 -0
  86. data/xml/dns_versionbind.xml +761 -0
  87. data/xml/fingerprints.xsd +128 -0
  88. data/xml/ftp_banners.xml +1553 -0
  89. data/xml/h323_callresp.xml +603 -0
  90. data/xml/hp_pjl_id.xml +358 -0
  91. data/xml/html_title.xml +1630 -0
  92. data/xml/http_cookies.xml +411 -0
  93. data/xml/http_servers.xml +3195 -0
  94. data/xml/http_wwwauth.xml +595 -0
  95. data/xml/imap_banners.xml +245 -0
  96. data/xml/ldap_searchresult.xml +711 -0
  97. data/xml/mdns_device-info_txt.xml +1796 -0
  98. data/xml/mdns_workstation_txt.xml +15 -0
  99. data/xml/mysql_banners.xml +1649 -0
  100. data/xml/mysql_error.xml +871 -0
  101. data/xml/nntp_banners.xml +82 -0
  102. data/xml/ntp_banners.xml +1223 -0
  103. data/xml/operating_system.xml +629 -0
  104. data/xml/pop_banners.xml +499 -0
  105. data/xml/rsh_resp.xml +76 -0
  106. data/xml/rtsp_servers.xml +76 -0
  107. data/xml/sip_banners.xml +359 -0
  108. data/xml/sip_user_agents.xml +221 -0
  109. data/xml/smb_native_lm.xml +62 -0
  110. data/xml/smb_native_os.xml +662 -0
  111. data/xml/smtp_banners.xml +1690 -0
  112. data/xml/smtp_debug.xml +39 -0
  113. data/xml/smtp_ehlo.xml +49 -0
  114. data/xml/smtp_expn.xml +82 -0
  115. data/xml/smtp_help.xml +157 -0
  116. data/xml/smtp_mailfrom.xml +20 -0
  117. data/xml/smtp_noop.xml +44 -0
  118. data/xml/smtp_quit.xml +29 -0
  119. data/xml/smtp_rcptto.xml +25 -0
  120. data/xml/smtp_rset.xml +26 -0
  121. data/xml/smtp_turn.xml +26 -0
  122. data/xml/smtp_vrfy.xml +89 -0
  123. data/xml/snmp_sysdescr.xml +6507 -0
  124. data/xml/snmp_sysobjid.xml +430 -0
  125. data/xml/ssh_banners.xml +1968 -0
  126. data/xml/telnet_banners.xml +1595 -0
  127. data/xml/x11_banners.xml +232 -0
  128. data/xml/x509_issuers.xml +134 -0
  129. data/xml/x509_subjects.xml +1268 -0
  130. metadata +304 -0
@@ -0,0 +1,128 @@
1
+ <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema">
2
+
3
+ <xsd:element name="fingerprints" type="fingerprints_element"/>
4
+
5
+ <xsd:complexType name="fingerprints_element">
6
+ <xsd:annotation>
7
+ <xsd:documentation xml:lang="en">
8
+ The attributes that follow this documentation help categorize the
9
+ fingerprint databases and contents as well as enable optimization of
10
+ their processing.
11
+
12
+ - matches: provides a XML fingerprint database identifier. It is
13
+ intended to be descriptive in nature and often indicates a protocol
14
+ and function or sub-protocol type. Examples of this would be
15
+ 'mysql.banners' vs 'mysql.errors'. If this attribute is not present
16
+ in the XML then its value is the base filename without the file
17
+ extension. See Recog::DB#parse_fingerprints
18
+ This value is returned as part of any successful match.
19
+
20
+ - protocol: indicates the name of the service or protocol
21
+ found within the XML fingerprint database. Examples of this would
22
+ be 'ftp', 'smtp', 'ssh', etc. Within Recog this value will be
23
+ superseded by a 'service.protocol' attribute on a specific
24
+ fingerprint match. See Recog::DB#parse_fingerprints
25
+ This value has two purposes. It can be used for filtering
26
+ ( See Recog::Nizer#match_all_db ) and is returned as part of any
27
+ successful match.
28
+
29
+ - database_type: indicates the type of fingerprints matches expected
30
+ to be found within the database. These values are used by
31
+ Recog::Nizer#match_all_db to filter matches to just the type of
32
+ database that is relevant to the match string.
33
+ This value is *NOT* returned as part of successful matches.
34
+
35
+ Current values are:
36
+
37
+ - service: These fingerprints are intended to match banners or
38
+ other responses from services. Fingerprint matches in 'service'
39
+ database do not necessarily have to return 'service.' attributes
40
+ in the match data.
41
+
42
+ - util.os: These fingerprints are intended to be used to identify
43
+ or extract OS related information from strings that are not
44
+ responses to service probes. This may be used in a utility
45
+ capacity and may provide for data enrichment via an independent
46
+ call after a service banner match has already be made.
47
+
48
+ - preference: indicates the relative priority/ordering that will be used
49
+ when Recog::Nizer performs matches against multiple databases.
50
+ 'preference' is a float value that currently ranges from 0.0 to 1.0
51
+ Higher numbers are given greater priority and will be processed
52
+ first. If this attribute is not present in the fingerprint database
53
+ it will be assigned the value of 'DEFAULT_FP_PREFERENCE' within
54
+ Recog::DB which is currently 0.10
55
+
56
+ This value is *NOT* returned as part of successful matches.
57
+
58
+ When determining the priority of a fingerprint database the
59
+ following criterial and rules should be used:
60
+
61
+ - Values above 0.90 should be reserved for end user use with the
62
+ goal of enabling them to create fingerprint databases that will
63
+ always take priority over those included in the Recog project.
64
+
65
+ - Values below 0.10 should be reserved for end user use with the
66
+ goal of enabling them to create fingerprint databases that will
67
+ always be processed after those included with the Recog project.
68
+
69
+ - The highest level of preference should be given to those
70
+ fingerprint databases that have very high quality matches
71
+ (very strict regex, accurate).
72
+
73
+ - Priority should be given to those fingerprint databases that
74
+ are for very common services.
75
+
76
+ - Consideration should be given to preferring databases that will
77
+ provide the most valuable data. For example, 'http_header.server'
78
+ and 'http_header.cookie' may both provide matches to the same
79
+ HTTP server response, but 'http_header.server' is more likely
80
+ to provide the best data.
81
+
82
+ - Values of 0.90 - 0.80 should be used for those very high quality,
83
+ highly common services.
84
+ </xsd:documentation>
85
+ </xsd:annotation>
86
+ <xsd:sequence>
87
+ <xsd:element name="fingerprint" type="fingerprint_element" minOccurs="1" maxOccurs="unbounded"/>
88
+ </xsd:sequence>
89
+
90
+ <xsd:attribute name="matches" type="xsd:string" use="optional"/>
91
+ <xsd:attribute name="protocol" type="xsd:string" use="optional"/>
92
+ <xsd:attribute name="database_type" type="xsd:string" use="optional"/>
93
+ <xsd:attribute name="preference" use="optional">
94
+ <xsd:simpleType>
95
+ <xsd:restriction base="xsd:float">
96
+ <xsd:minInclusive value="0" />
97
+ <xsd:maxInclusive value="1.0" />
98
+ </xsd:restriction>
99
+ </xsd:simpleType>
100
+ </xsd:attribute>
101
+ </xsd:complexType>
102
+
103
+ <xsd:complexType name="fingerprint_element" mixed="true">
104
+ <xsd:sequence>
105
+ <xsd:element name="description" type="xsd:string" minOccurs="1" maxOccurs="1"/>
106
+ <xsd:element name="example" type="example_element" minOccurs="0" maxOccurs="unbounded"/>
107
+ <xsd:element name="param" type="param_element" minOccurs="0" maxOccurs="unbounded"/>
108
+ </xsd:sequence>
109
+ <xsd:attribute name="certainty" type="xsd:string" use="optional"/>
110
+ <xsd:attribute name="pattern" type="xsd:string" use="required"/>
111
+ <xsd:attribute name="flags" type="xsd:string" use="optional"/>
112
+ </xsd:complexType>
113
+
114
+ <xsd:complexType name="example_element">
115
+ <xsd:simpleContent>
116
+ <xsd:extension base="xsd:string">
117
+ <xsd:anyAttribute processContents="skip"/>
118
+ </xsd:extension>
119
+ </xsd:simpleContent>
120
+ </xsd:complexType>
121
+
122
+ <xsd:complexType name="param_element">
123
+ <xsd:attribute name="name" type="xsd:string" use="required"/>
124
+ <xsd:attribute name="pos" type="xsd:integer" use="required"/>
125
+ <xsd:attribute name="value" type="xsd:string" use="optional"/>
126
+ </xsd:complexType>
127
+
128
+ </xsd:schema>
@@ -0,0 +1,1553 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <fingerprints matches="ftp.banner" protocol="ftp" database_type="service" preference="0.90">
3
+ <!--
4
+ FTP greeting messages (part of the banner after the response code) are matched
5
+ against these patterns to fingerprint FTP servers.
6
+ -->
7
+ <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version ([1234]\.\d+)\)\.$">
8
+ <description>Microsoft FTP Server on Windows NT</description>
9
+ <example>xx Microsoft FTP Service (Version 3.0).</example>
10
+ <param pos="0" name="service.vendor" value="Microsoft"/>
11
+ <param pos="0" name="service.product" value="IIS"/>
12
+ <param pos="0" name="service.family" value="IIS"/>
13
+ <param pos="2" name="service.version"/>
14
+ <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:{service.version}"/>
15
+ <param pos="0" name="os.vendor" value="Microsoft"/>
16
+ <param pos="0" name="os.family" value="Windows"/>
17
+ <param pos="0" name="os.product" value="Windows NT"/>
18
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_nt:-"/>
19
+ <param pos="1" name="host.name"/>
20
+ </fingerprint>
21
+ <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.0\)\.$">
22
+ <description>Microsoft FTP Server on Windows 2000</description>
23
+ <example>xxx Microsoft FTP Service (Version 5.0).</example>
24
+ <param pos="0" name="service.vendor" value="Microsoft"/>
25
+ <param pos="0" name="service.product" value="IIS"/>
26
+ <param pos="0" name="service.family" value="IIS"/>
27
+ <param pos="0" name="service.version" value="5.0"/>
28
+ <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:5.0"/>
29
+ <param pos="0" name="os.vendor" value="Microsoft"/>
30
+ <param pos="0" name="os.family" value="Windows"/>
31
+ <param pos="0" name="os.product" value="Windows 2000"/>
32
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
33
+ <param pos="1" name="host.name"/>
34
+ </fingerprint>
35
+ <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.1\)\.$">
36
+ <description>Microsoft FTP Server on Windows XP, 2003 or later versions of 2000</description>
37
+ <example>xxx Microsoft FTP Service (Version 5.1).</example>
38
+ <param pos="0" name="service.vendor" value="Microsoft"/>
39
+ <param pos="0" name="service.product" value="IIS"/>
40
+ <param pos="0" name="service.family" value="IIS"/>
41
+ <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:-"/>
42
+ <param pos="0" name="os.vendor" value="Microsoft"/>
43
+ <param pos="0" name="os.family" value="Windows"/>
44
+ <param pos="0" name="os.product" value="Windows"/>
45
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
46
+ <param pos="1" name="host.name"/>
47
+ </fingerprint>
48
+ <fingerprint pattern="^([^ ]+) Microsoft FTP Service$">
49
+ <description>Microsoft FTP Server on Windows XP, 2003 or later without version</description>
50
+ <example>hostname Microsoft FTP Service</example>
51
+ <param pos="0" name="service.vendor" value="Microsoft"/>
52
+ <param pos="0" name="service.product" value="IIS"/>
53
+ <param pos="0" name="service.family" value="IIS"/>
54
+ <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:-"/>
55
+ <param pos="0" name="os.vendor" value="Microsoft"/>
56
+ <param pos="0" name="os.family" value="Windows"/>
57
+ <param pos="0" name="os.product" value="Windows"/>
58
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
59
+ <param pos="1" name="host.name"/>
60
+ </fingerprint>
61
+ <fingerprint pattern="^Microsoft FTP Service$">
62
+ <description>Microsoft FTP Server on Windows XP, 2003 or later without version or hostname</description>
63
+ <example>Microsoft FTP Service</example>
64
+ <param pos="0" name="service.vendor" value="Microsoft"/>
65
+ <param pos="0" name="service.product" value="IIS"/>
66
+ <param pos="0" name="service.family" value="IIS"/>
67
+ <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:-"/>
68
+ <param pos="0" name="os.vendor" value="Microsoft"/>
69
+ <param pos="0" name="os.family" value="Windows"/>
70
+ <param pos="0" name="os.product" value="Windows"/>
71
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
72
+ </fingerprint>
73
+ <fingerprint pattern="^([^ ]+) +FTP +Server \(Version ([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
74
+ <description>FTP on HPUX with a PHNE (HP Networking patch) installed</description>
75
+ <example>example.com FTP server (Version 1.1.214.4(PHNE_38458) Mon Feb 15 06:03:12 GMT 2010) ready.</example>
76
+ <param pos="0" name="service.vendor" value="HP"/>
77
+ <param pos="0" name="service.product" value="FTPD"/>
78
+ <param pos="0" name="os.vendor" value="HP"/>
79
+ <param pos="0" name="os.family" value="HP-UX"/>
80
+ <param pos="0" name="os.product" value="HP-UX"/>
81
+ <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
82
+ <param pos="1" name="host.name"/>
83
+ <param pos="2" name="service.version"/>
84
+ </fingerprint>
85
+ <fingerprint pattern="^([^ ]+) +FTP +Server \(Revision \S+ Version wuftpd-([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
86
+ <description>WU-FTPD on HPUX with a PHNE (HP Networking patch) installed</description>
87
+ <example>example.com FTP server (Revision 1.1 Version wuftpd-2.6.1(PHNE_38578) Fri Sep 5 12:10:54 GMT 2008) ready.</example>
88
+ <param pos="0" name="service.vendor" value="Washington University"/>
89
+ <param pos="0" name="service.product" value="WU-FTPD"/>
90
+ <param pos="0" name="os.vendor" value="HP"/>
91
+ <param pos="0" name="os.family" value="HP-UX"/>
92
+ <param pos="0" name="os.product" value="HP-UX"/>
93
+ <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
94
+ <param pos="1" name="host.name"/>
95
+ <param pos="2" name="service.version"/>
96
+ </fingerprint>
97
+ <fingerprint pattern="^(\S+)(?: \S+)? FTP Server \((?:Revision [\d\.]+ )?Version wu(?:ftpd)?-([\d\.]+).*\) ready.?$" flags="REG_ICASE">
98
+ <description>WU-FTPD on various OS</description>
99
+ <example host.name="example.com" service.version="2.6.2">example.com FTP server (Version wu-2.6.2(1) Sat Jul 19 16:21:30 UTC 2008) ready.</example>
100
+ <example host.name="example.com" service.version="2.6.2">example.com 192.168.0.1 FTP server (Version wu-2.6.2(1) Wed Sep 21 11:16:21 MEST 2005) ready.</example>
101
+ <example host.name="example.com" service.version="2.6.2">example.com FTP server (Version wu-2.6.2-11.73.1) ready.</example>
102
+ <example host.name="example.com" service.version="2.6.1">example.com FTP server (Revision 5.0 Version wuftpd-2.6.1 Thu Apr 29 06:48:40 GMT 2010) ready.</example>
103
+ <param pos="0" name="service.vendor" value="Washington University"/>
104
+ <param pos="0" name="service.product" value="WU-FTPD"/>
105
+ <param pos="1" name="host.name"/>
106
+ <param pos="2" name="service.version"/>
107
+ </fingerprint>
108
+ <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\s+([\d\.]+).*\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
109
+ <description>FTPD on Mac OS X Server with a version</description>
110
+ <example host.name="example.com" os.version="10.3">example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.</example>
111
+ <example host.name="example.com" os.version="10.3">this is a banner. change it.&#13;
112
+ example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.</example>
113
+ <param pos="0" name="service.vendor" value="Apple"/>
114
+ <param pos="0" name="service.product" value="FTP"/>
115
+ <param pos="0" name="os.vendor" value="Apple"/>
116
+ <param pos="0" name="os.family" value="Mac OS X"/>
117
+ <param pos="0" name="os.product" value="Mac OS X Server"/>
118
+ <param pos="1" name="host.name"/>
119
+ <param pos="2" name="os.version"/>
120
+ <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:{os.version}"/>
121
+ </fingerprint>
122
+ <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
123
+ <description>FTPD on Mac OS X Server without a version</description>
124
+ <example host.name="example.com">example.com FTP server (Version: Mac OS X Server) ready.</example>
125
+ <example host.name="example.com">this is a banner. change it.&#13;
126
+ example.com FTP server (Version: Mac OS X Server) ready.</example>
127
+ <param pos="0" name="service.vendor" value="Apple"/>
128
+ <param pos="0" name="service.product" value="FTP"/>
129
+ <param pos="0" name="os.vendor" value="Apple"/>
130
+ <param pos="0" name="os.family" value="Mac OS X"/>
131
+ <param pos="0" name="os.product" value="Mac OS X Server"/>
132
+ <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:-"/>
133
+ <param pos="1" name="host.name"/>
134
+ </fingerprint>
135
+ <fingerprint pattern="^(\S+)\s+FTP Server \(tnftpd (.*)\) ready\.?$" flags="REG_ICASE">
136
+ <description>Simple tnftpd banner with a version</description>
137
+ <example host.name="example.com" service.version="20061217">example.com FTP server (tnftpd 20061217) ready.</example>
138
+ <param pos="0" name="service.product" value="tnftpd"/>
139
+ <param pos="2" name="service.version"/>
140
+ <param pos="1" name="host.name"/>
141
+ </fingerprint>
142
+ <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.(1[1-9])\) ready\.?$" flags="REG_ICASE">
143
+ <description>SunOS/Solaris</description>
144
+ <example host.name="example.com" os.version="11">example.com FTP server (SunOS 5.11) ready.</example>
145
+ <param pos="0" name="os.vendor" value="Oracle"/>
146
+ <param pos="0" name="os.family" value="Solaris"/>
147
+ <param pos="0" name="os.product" value="Solaris"/>
148
+ <param pos="1" name="host.name"/>
149
+ <param pos="2" name="os.version"/>
150
+ <param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
151
+ </fingerprint>
152
+ <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.([789]|10)\) ready\.?$" flags="REG_ICASE">
153
+ <description>SunOS/Solaris 5.7-5.10</description>
154
+ <example host.name="example.com" os.version="7">example.com FTP server (SunOS 5.7) ready.</example>
155
+ <example host.name="example.com" os.version="10">example.com FTP server (SunOS 5.10) ready.</example>
156
+ <param pos="0" name="os.vendor" value="Sun"/>
157
+ <param pos="0" name="os.family" value="Solaris"/>
158
+ <param pos="0" name="os.product" value="Solaris"/>
159
+ <param pos="1" name="host.name"/>
160
+ <param pos="2" name="os.version"/>
161
+ <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
162
+ </fingerprint>
163
+ <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.6\) ready\." flags="REG_ICASE">
164
+ <description>SunOS 5.6 (Solaris 2.6)</description>
165
+ <example host.name="example.com">example.com FTP Server (SunOS 5.6) ready.</example>
166
+ <param pos="0" name="os.vendor" value="Sun"/>
167
+ <param pos="0" name="os.family" value="Solaris"/>
168
+ <param pos="0" name="os.product" value="Solaris"/>
169
+ <param pos="0" name="os.version" value="2.6"/>
170
+ <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:2.6"/>
171
+ <param pos="1" name="host.name"/>
172
+ </fingerprint>
173
+ <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Debian\) \[(.+)\]$">
174
+ <description>ProFTPD on Debian Linux</description>
175
+ <example>ProFTPD 1.3.0rc2 Server (Debian) [host]</example>
176
+ <param pos="0" name="service.family" value="ProFTPD"/>
177
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
178
+ <param pos="0" name="service.product" value="ProFTPD"/>
179
+ <param pos="1" name="service.version"/>
180
+ <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
181
+ <param pos="0" name="os.vendor" value="Debian"/>
182
+ <param pos="0" name="os.family" value="Linux"/>
183
+ <param pos="0" name="os.product" value="Linux"/>
184
+ <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
185
+ <param pos="2" name="host.name"/>
186
+ </fingerprint>
187
+ <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(W.+)\) \[(.+)\]$">
188
+ <description>ProFTPD on a Linksys Wireless Access Point/Router</description>
189
+ <example>ProFTPD 1.3.0rc2 Server (LinksysWRT350N) [host]</example>
190
+ <param pos="0" name="service.family" value="ProFTPD"/>
191
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
192
+ <param pos="0" name="service.product" value="ProFTPD"/>
193
+ <param pos="1" name="service.version"/>
194
+ <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
195
+ <param pos="0" name="os.vendor" value="Linksys"/>
196
+ <param pos="0" name="os.device" value="WAP"/>
197
+ <param pos="2" name="os.product"/>
198
+ <param pos="3" name="host.name"/>
199
+ </fingerprint>
200
+ <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(NETGEAR ReadyNAS\) \[(.+)\]$">
201
+ <description>ProFTPD on a Netgear ReadyNAS with a version and IP</description>
202
+ <example service.version="1.3.3g" host.ip="192.168.1.10">ProFTPD 1.3.3g Server (NETGEAR ReadyNAS) [192.168.1.10]</example>
203
+ <param pos="0" name="service.family" value="ProFTPD"/>
204
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
205
+ <param pos="0" name="service.product" value="ProFTPD"/>
206
+ <param pos="1" name="service.version"/>
207
+ <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
208
+ <param pos="0" name="hw.vendor" value="Netgear"/>
209
+ <param pos="0" name="hw.device" value="NAS"/>
210
+ <param pos="0" name="hw.product" value="ReadyNAS"/>
211
+ <param pos="2" name="host.ip"/>
212
+ </fingerprint>
213
+ <fingerprint pattern="^ProFTPD Server \(NETGEAR ReadyNAS\) \[(.+)\]$">
214
+ <description>ProFTPD on a Netgear ReadyNAS with a hostname</description>
215
+ <example host.name="test">ProFTPD Server (NETGEAR ReadyNAS) [test]</example>
216
+ <param pos="0" name="service.family" value="ProFTPD"/>
217
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
218
+ <param pos="0" name="service.product" value="ProFTPD"/>
219
+ <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
220
+ <param pos="0" name="hw.vendor" value="Netgear"/>
221
+ <param pos="0" name="hw.device" value="NAS"/>
222
+ <param pos="0" name="hw.product" value="ReadyNAS"/>
223
+ <param pos="1" name="host.name"/>
224
+ </fingerprint>
225
+ <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(.*)\) \[(.+)\]$">
226
+ <description>ProFTPD on a wired Linksys device</description>
227
+ <param pos="0" name="service.family" value="ProFTPD"/>
228
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
229
+ <param pos="0" name="service.product" value="ProFTPD"/>
230
+ <param pos="1" name="service.version"/>
231
+ <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
232
+ <param pos="0" name="os.vendor" value="Linksys"/>
233
+ <param pos="0" name="os.device" value="Router"/>
234
+ <param pos="2" name="os.product"/>
235
+ <param pos="3" name="host.name"/>
236
+ </fingerprint>
237
+ <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[(.+)\]$">
238
+ <description>ProFTPD with version info but no obvious OS info</description>
239
+ <example service.version="1.2.10">ProFTPD 1.2.10 Server (Main FTP Server) [host]</example>
240
+ <example proftpd.server.name="ProFTPD">ProFTPD 1.2.10 Server (ProFTPD) [host]</example>
241
+ <example host.name="host">ProFTPD 1.2.10rc3 Server (ProFTPD Default Installation) [host]</example>
242
+ <param pos="0" name="service.family" value="ProFTPD"/>
243
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
244
+ <param pos="0" name="service.product" value="ProFTPD"/>
245
+ <param pos="1" name="service.version"/>
246
+ <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
247
+ <param pos="2" name="proftpd.server.name"/>
248
+ <param pos="3" name="host.name"/>
249
+ </fingerprint>
250
+ <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server ready\.$">
251
+ <description>ProFTPD with only version info</description>
252
+ <example service.version="1.3.0rc2">ProFTPD 1.3.0rc2 Server ready.</example>
253
+ <param pos="0" name="service.family" value="ProFTPD"/>
254
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
255
+ <param pos="0" name="service.product" value="ProFTPD"/>
256
+ <param pos="1" name="service.version"/>
257
+ <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
258
+ </fingerprint>
259
+ <fingerprint pattern="^ProFTPD (?:FTP )?Server ready\.$">
260
+ <description>ProFTPD with no version info</description>
261
+ <example>ProFTPD FTP Server ready.</example>
262
+ <example>ProFTPD Server ready.</example>
263
+ <param pos="0" name="service.family" value="ProFTPD"/>
264
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
265
+ <param pos="0" name="service.product" value="ProFTPD"/>
266
+ <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
267
+ </fingerprint>
268
+ <fingerprint pattern="^ProFTPD Server \(.*\) \[([a-f\d.:]+)\]$">
269
+ <description>ProFTPD with no version info, parenthetical form</description>
270
+ <example host.ip="1.2.3.4">ProFTPD Server (ProFTPD) [1.2.3.4]</example>
271
+ <example host.ip="1.2.3.4">ProFTPD Server (ProFTPD Default Installation) [1.2.3.4]</example>
272
+ <example host.ip="1.2.3.4">ProFTPD Server (pair Networks, Inc FTP server) [1.2.3.4]</example>
273
+ <example host.ip="::ffff:192.168.1.1">ProFTPD Server (ProFTPD) [::ffff:192.168.1.1]</example>
274
+ <param pos="0" name="service.family" value="ProFTPD"/>
275
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
276
+ <param pos="0" name="service.product" value="ProFTPD"/>
277
+ <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
278
+ <param pos="1" name="host.ip"/>
279
+ </fingerprint>
280
+ <fingerprint pattern="^ProFTPD Server$">
281
+ <description>ProFTPD with no version info, short form</description>
282
+ <example>ProFTPD Server</example>
283
+ <param pos="0" name="service.family" value="ProFTPD"/>
284
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
285
+ <param pos="0" name="service.product" value="ProFTPD"/>
286
+ <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
287
+ </fingerprint>
288
+ <fingerprint pattern="^ProFTPD\s*$">
289
+ <description>ProFTPD with no version info, super short form</description>
290
+ <example>ProFTPD</example>
291
+ <example>ProFTPD </example>
292
+ <param pos="0" name="service.family" value="ProFTPD"/>
293
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
294
+ <param pos="0" name="service.product" value="ProFTPD"/>
295
+ <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
296
+ </fingerprint>
297
+ <fingerprint pattern="^(?:\d{4}\-\d\d\-\d\d \d\d:\d\d:\d\d,\d\d\d )?(\S+) proftpd\[\d+\]: error: no valid servers configured">
298
+ <description>ProFTPD no valid servers configured</description>
299
+ <example host.name="ftp.host.com">ftp.host.com proftpd[40312]: error: no valid servers configured\n</example>
300
+ <example host.name="hostname.com">2016-10-31 12:14:35,524 hostname.com proftpd[26992]: error: no valid servers configured\n</example>
301
+ <param pos="0" name="service.family" value="ProFTPD"/>
302
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
303
+ <param pos="0" name="service.product" value="ProFTPD"/>
304
+ <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
305
+ <param pos="1" name="host.name"/>
306
+ </fingerprint>
307
+ <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[[a-f\d.:\]]*$">
308
+ <description>ProFTPD with version info - truncated</description>
309
+ <example service.version="1.3.2c">ProFTPD 1.3.2c Server (ProFTPD Default Installation) [</example>
310
+ <example proftpd.server.name="svrname.hosting.com">ProFTPD 1.3.0 Server (svrname.hosting.com) [10.10.10.</example>
311
+ <example>ProFTPD 1.3.3a Server (randomstring) [::ff</example>
312
+ <param pos="0" name="service.family" value="ProFTPD"/>
313
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
314
+ <param pos="0" name="service.product" value="ProFTPD"/>
315
+ <param pos="1" name="service.version"/>
316
+ <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
317
+ <param pos="2" name="proftpd.server.name"/>
318
+ </fingerprint>
319
+ <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server ([\w.-]+)$">
320
+ <description>ProFTPD with version info but no obvious OS info, take 2</description>
321
+ <example service.version="1.3.2d" host.name="localhost">ProFTPD 1.3.2d Server localhost</example>
322
+ <param pos="0" name="service.family" value="ProFTPD"/>
323
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
324
+ <param pos="0" name="service.product" value="ProFTPD"/>
325
+ <param pos="1" name="service.version"/>
326
+ <param pos="2" name="host.name"/>
327
+ </fingerprint>
328
+ <fingerprint pattern="^=\(&lt;\*&gt;\)=-\.:\. \(\( Welcome to Pure-FTPd ([\d.]+) \)\) \.:\.-=\(&lt;\*&gt;\)=-" flags="REG_MULTILINE">
329
+ <description>Pure-FTPd versions &lt;= 1.0.13 (at least as far back as 1.0.11)</description>
330
+ <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-</example>
331
+ <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-&#13;
332
+ more stuff</example>
333
+ <param pos="0" name="service.family" value="Pure-FTPd"/>
334
+ <param pos="0" name="service.product" value="Pure-FTPd"/>
335
+ <param pos="1" name="service.version"/>
336
+ </fingerprint>
337
+ <fingerprint pattern="^-{9,10}(?:.*)\s+Pure-FTPd\s+(.*)-{9,10}">
338
+ <description>Pure-FTPd versions &gt;= 1.0.14 - Config data can be zero or more of: [privsep] [TLS]</description>
339
+ <example>---------- Welcome to Pure-FTPd ----------</example>
340
+ <example>--------- Bienvenido a Pure-FTPd [privsep] [TLS] ----------</example>
341
+ <example>--------- Pure-FTPd [privsep] ----------</example>
342
+ <example>--------- Welcome to Pure-FTPd [privsep] [TLS] ----------</example>
343
+ <example>--------- Welcome to Pure-FTPd [privsep] [TLS] ----------&#13;
344
+ more text</example>
345
+ <param pos="1" name="pureftpd.config"/>
346
+ <param pos="0" name="service.family" value="Pure-FTPd"/>
347
+ <param pos="0" name="service.product" value="Pure-FTPd"/>
348
+ </fingerprint>
349
+ <fingerprint pattern="^(?:Welcome to )?Pure-FTPd\.?$">
350
+ <description>Basic Pure-FTPd banner, no version</description>
351
+ <example>Welcome to Pure-FTPd</example>
352
+ <example>Pure-FTPd.</example>
353
+ <param pos="0" name="service.family" value="Pure-FTPd"/>
354
+ <param pos="0" name="service.product" value="Pure-FTPd"/>
355
+ </fingerprint>
356
+ <fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-" flags="REG_MULTILINE">
357
+ <description>Older Pure-FTPd versions</description>
358
+ <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-</example>
359
+ <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-&#13;
360
+ more text</example>
361
+ <param pos="0" name="service.family" value="Pure-FTPd"/>
362
+ <param pos="0" name="service.product" value="Pure-FTPd"/>
363
+ <param pos="1" name="service.version"/>
364
+ </fingerprint>
365
+ <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+)(?: for WinSock)? ready\.*$">
366
+ <description>Serv-U (only runs on Windows)</description>
367
+ <example service.version="2.5n">Serv-U FTP-Server v2.5n for WinSock ready...</example>
368
+ <example service.version="6.0">Serv-U FTP Server v6.0 for WinSock ready</example>
369
+ <example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
370
+ <param pos="0" name="service.vendor" value="Rhino Software"/>
371
+ <param pos="0" name="service.product" value="Serv-U"/>
372
+ <param pos="0" name="service.family" value="Serv-U"/>
373
+ <param pos="1" name="service.version"/>
374
+ <param pos="0" name="os.vendor" value="Microsoft"/>
375
+ <param pos="0" name="os.family" value="Windows"/>
376
+ <param pos="0" name="os.product" value="Windows"/>
377
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
378
+ </fingerprint>
379
+ <fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
380
+ <description>zftpserver (only runs on Windows)</description>
381
+ <example service.version="4.0">zFTPServer v4.0, build 2008-12-24 01:41 ready.</example>
382
+ <param pos="0" name="service.vendor" value="Västgöta-Data AB"/>
383
+ <param pos="0" name="service.product" value="zFTPServer"/>
384
+ <param pos="1" name="service.version"/>
385
+ <param pos="0" name="os.vendor" value="Microsoft"/>
386
+ <param pos="0" name="os.family" value="Windows"/>
387
+ <param pos="0" name="os.product" value="Windows"/>
388
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
389
+ </fingerprint>
390
+ <fingerprint pattern="^\(vsFTPd (\d+\..+)\)(?: (.+))?$">
391
+ <description>vsFTPd (Very Secure FTP Daemon)</description>
392
+ <example service.version="1.1.3">(vsFTPd 1.1.3) host</example>
393
+ <example service.version="2.0.5">(vsFTPd 2.0.5)</example>
394
+ <param pos="0" name="service.family" value="vsFTPd"/>
395
+ <param pos="0" name="service.product" value="vsFTPd"/>
396
+ <param pos="1" name="service.version"/>
397
+ <param pos="2" name="host.name"/>
398
+ </fingerprint>
399
+ <fingerprint pattern="^ready, dude \(vsFTPd (\d+\..+): beat me, break me\)$">
400
+ <description>vsFTPd (Very Secure FTP Daemon) - break me variant</description>
401
+ <example service.version="1.1.0">ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
402
+ <param pos="0" name="service.family" value="vsFTPd"/>
403
+ <param pos="0" name="service.product" value="vsFTPd"/>
404
+ <param pos="1" name="service.version"/>
405
+ </fingerprint>
406
+ <fingerprint pattern="^vsFTPd ([\d.]+\+ \(ext\.3\)) ready\.\.\.$">
407
+ <description>vsFTPd (Very Secure FTP Daemon) extended build (vsftpd.devnet.ru)</description>
408
+ <example service.version="2.0.4+ (ext.3)">vsFTPd 2.0.4+ (ext.3) ready...</example>
409
+ <param pos="0" name="service.family" value="vsFTPd"/>
410
+ <param pos="0" name="service.product" value="vsFTPd Extended"/>
411
+ <param pos="1" name="service.version"/>
412
+ </fingerprint>
413
+ <fingerprint pattern="^OOPS: .*vsftp.*$">
414
+ <description>vsFTPd (Very Secure FTP Daemon) error message</description>
415
+ <example>OOPS: vsftpd: root is not mounted.</example>
416
+ <example>OOPS: cannot read user list file:/etc/vsftpd.user_list</example>
417
+ <param pos="0" name="service.family" value="vsFTPd"/>
418
+ <param pos="0" name="service.product" value="vsFTPd"/>
419
+ </fingerprint>
420
+ <fingerprint pattern="^FileZilla Server(?: version)? (?:v)?(\d\.[\w.]+(?: beta)?).*$">
421
+ <description>FileZilla FTP Server</description>
422
+ <example service.version="0.9.2 beta">FileZilla Server version 0.9.2 beta</example>
423
+ <example service.version="0.9.13a beta">FileZilla Server version 0.9.13a beta</example>
424
+ <example service.version="0.9.54 beta">FileZilla Server 0.9.54 beta</example>
425
+ <example service.version="0.9.33 beta">FileZilla Server v0.9.33 beta</example>
426
+ <param pos="0" name="service.family" value="FileZilla FTP Server"/>
427
+ <param pos="0" name="service.product" value="FileZilla FTP Server"/>
428
+ <param pos="1" name="service.version"/>
429
+ </fingerprint>
430
+ <fingerprint pattern="^\s*APC FTP server ready\.$">
431
+ <description>APC device</description>
432
+ <example>APC FTP server ready.</example>
433
+ <param pos="0" name="service.vendor" value="APC"/>
434
+ <param pos="0" name="service.product" value="FTP"/>
435
+ <param pos="0" name="os.vendor" value="APC"/>
436
+ <param pos="0" name="os.device" value="Power device"/>
437
+ <param pos="0" name="hw.vendor" value="APC"/>
438
+ <param pos="0" name="hw.device" value="Power device"/>
439
+ </fingerprint>
440
+ <fingerprint pattern="^(\S+) Network Management Card AOS v(\d+\..+) FTP server ready\.$">
441
+ <description>APC power/cooling device</description>
442
+ <example service.version="3.3.4">AP7932 Network Management Card AOS v3.3.4 FTP server ready.</example>
443
+ <example os.version="3.6.1">ACRC103 Network Management Card AOS v3.6.1 FTP server ready.</example>
444
+ <example os.product="0G-9354-01">0G-9354-01 Network Management Card AOS v3.6.1 FTP server ready.</example>
445
+ <param pos="0" name="service.vendor" value="APC"/>
446
+ <param pos="0" name="service.product" value="AOS"/>
447
+ <param pos="0" name="service.family" value="AOS"/>
448
+ <param pos="2" name="service.version"/>
449
+ <param pos="0" name="os.vendor" value="APC"/>
450
+ <param pos="0" name="os.device" value="Power device"/>
451
+ <param pos="1" name="os.product"/>
452
+ <param pos="2" name="os.version"/>
453
+ <param pos="0" name="hw.vendor" value="APC"/>
454
+ <param pos="0" name="hw.device" value="Power device"/>
455
+ </fingerprint>
456
+ <fingerprint pattern="^(\S+) FTP server \(EMC-SNAS: ([^\)]+)\)(?: \S+)?$">
457
+ <description>EMC Celerra</description>
458
+ <example service.version="5.6.47.11">foo2 FTP server (EMC-SNAS: 5.6.47.11)</example>
459
+ <example service.version="5.6.50.203">foo2 FTP server (EMC-SNAS: 5.6.50.203) ready.</example>
460
+ <example service.version="5.5.31.6">foo4 FTP server (EMC-SNAS: 5.5.31.6) r</example>
461
+ <param pos="0" name="service.vendor" value="EMC"/>
462
+ <param pos="0" name="service.product" value="Celerra"/>
463
+ <param pos="2" name="service.version"/>
464
+ <param pos="0" name="os.vendor" value="EMC"/>
465
+ <param pos="0" name="os.device" value="Storage"/>
466
+ <param pos="0" name="os.product" value="Celerra"/>
467
+ <param pos="2" name="os.version"/>
468
+ <param pos="1" name="host.name"/>
469
+ <param pos="0" name="hw.vendor" value="EMC"/>
470
+ <param pos="0" name="hw.device" value="Storage"/>
471
+ <param pos="0" name="hw.product" value="Celerra"/>
472
+ </fingerprint>
473
+ <fingerprint pattern="^JD FTP Server Ready.*$">
474
+ <description>HP JetDirect printer</description>
475
+ <example>JD FTP Server Ready</example>
476
+ <example>JD FTP Server Ready.</example>
477
+ <param pos="0" name="service.vendor" value="HP"/>
478
+ <param pos="0" name="service.product" value="JetDirect"/>
479
+ <param pos="0" name="service.family" value="JetDirect"/>
480
+ <param pos="0" name="os.vendor" value="HP"/>
481
+ <param pos="0" name="os.device" value="Printer"/>
482
+ <param pos="0" name="os.family" value="JetDirect"/>
483
+ <param pos="0" name="os.product" value="JetDirect"/>
484
+ <param pos="0" name="hw.vendor" value="HP"/>
485
+ <param pos="0" name="hw.device" value="Printer"/>
486
+ <param pos="0" name="hw.family" value="JetDirect"/>
487
+ <param pos="0" name="hw.product" value="JetDirect"/>
488
+ </fingerprint>
489
+ <fingerprint pattern="^Check Point FireWall-1 Secure FTP server running on (.+)$">
490
+ <description>Check Point FireWall-1</description>
491
+ <example host.name="host">Check Point FireWall-1 Secure FTP server running on host</example>
492
+ <param pos="0" name="service.vendor" value="Check Point"/>
493
+ <param pos="0" name="service.product" value="Firewall-1"/>
494
+ <param pos="0" name="service.family" value="Firewall-1"/>
495
+ <param pos="0" name="service.cpe23" value="cpe:/a:checkpoint:firewall-1:-"/>
496
+ <param pos="0" name="os.vendor" value="Check Point"/>
497
+ <param pos="0" name="os.device" value="Firewall"/>
498
+ <param pos="0" name="os.family" value="Firewall-1"/>
499
+ <param pos="0" name="os.product" value="GAiA OS"/>
500
+ <param pos="0" name="os.cpe23" value="cpe:/o:checkpoint:gaia_os:-"/>
501
+ <param pos="0" name="hw.vendor" value="Check Point"/>
502
+ <param pos="0" name="hw.device" value="Firewall"/>
503
+ <param pos="0" name="hw.family" value="Firewall-1"/>
504
+ <param pos="1" name="host.name"/>
505
+ </fingerprint>
506
+ <fingerprint pattern="^Blue Coat FTP Service$">
507
+ <description>Blue Coat security appliances</description>
508
+ <example>Blue Coat FTP Service</example>
509
+ <param pos="0" name="service.vendor" value="Blue Coat"/>
510
+ <param pos="0" name="service.product" value="Proxy"/>
511
+ <param pos="0" name="os.vendor" value="Blue Coat"/>
512
+ <param pos="0" name="os.device" value="Web proxy"/>
513
+ </fingerprint>
514
+ <fingerprint pattern="^---freeFTPd 1.0---warFTPd 1.65---$">
515
+ <description>Nepenthes honeypot</description>
516
+ <param pos="0" name="service.family" value="Nepenthes"/>
517
+ <param pos="0" name="service.product" value="Nepenthes"/>
518
+ </fingerprint>
519
+ <fingerprint pattern="^[^ ]+ IBM FTP CS (V1R\d+) at ([^,]*),.*">
520
+ <description>IBM z/OS FTP Service</description>
521
+ <example>SFTPD1 IBM FTP CS V1R4 at x.y.z, 21:02:19 on 2007-12-15.</example>
522
+ <param pos="0" name="service.vendor" value="IBM"/>
523
+ <param pos="0" name="service.product" value="z/OS FTP Server"/>
524
+ <param pos="0" name="os.vendor" value="IBM"/>
525
+ <param pos="0" name="os.product" value="z/OS"/>
526
+ <param pos="0" name="os.family" value="z/OS"/>
527
+ <param pos="0" name="os.device" value="Mainframe"/>
528
+ <param pos="1" name="os.version"/>
529
+ <param pos="2" name="host.name"/>
530
+ </fingerprint>
531
+ <fingerprint pattern="^FTP server \(IBM 4690 TCP/IP FTP Version 1\.0\) ready\.">
532
+ <description>IBM 4690 FTP Service</description>
533
+ <example>FTP server (IBM 4690 TCP/IP FTP Version 1.0) ready.</example>
534
+ <param pos="0" name="service.vendor" value="IBM"/>
535
+ <param pos="0" name="service.product" value="4690 FTP Server"/>
536
+ <param pos="0" name="os.vendor" value="IBM"/>
537
+ <param pos="0" name="os.product" value="4690"/>
538
+ <param pos="0" name="os.family" value="4690"/>
539
+ <param pos="0" name="os.device" value="Point of sale"/>
540
+ </fingerprint>
541
+ <fingerprint pattern="^([^ ]+) NcFTPd Server \(licensed copy\) ready\.$">
542
+ <description>NcFTPd Server
543
+ http://www.ncftp.com/ncftpd/</description>
544
+ <example>ftp.example.com NcFTPd Server (licensed copy) ready.</example>
545
+ <param pos="0" name="service.vendor" value="NcFTP Software"/>
546
+ <param pos="0" name="service.product" value="NcFTPd Server"/>
547
+ <param pos="1" name="host.name"/>
548
+ </fingerprint>
549
+ <fingerprint pattern="^(\S+) DCS-2100 FTP server ready\.$">
550
+ <description>D-Link DCS-2100 wireless internet camera</description>
551
+ <example>hostname DCS-2100 FTP server ready.</example>
552
+ <param pos="0" name="os.vendor" value="D-Link"/>
553
+ <param pos="0" name="os.product" value="DCS-2100"/>
554
+ <param pos="0" name="os.device" value="Web cam"/>
555
+ <param pos="1" name="host.name"/>
556
+ </fingerprint>
557
+ <fingerprint pattern="^Secure Gateway FTP server ready\.$">
558
+ <description>Raptor firewall</description>
559
+ <example>Secure Gateway FTP server ready.</example>
560
+ <param pos="0" name="os.vendor" value="Symantec"/>
561
+ <param pos="0" name="os.family" value="Raptor"/>
562
+ <param pos="0" name="os.product" value="Raptor"/>
563
+ <param pos="0" name="os.device" value="Firewall"/>
564
+ </fingerprint>
565
+ <fingerprint pattern="^SUN StorEdge (\S+) RAID FTP server ready\.$">
566
+ <description>Sun StorEdge disk array</description>
567
+ <example>SUN StorEdge 3511 RAID FTP server ready.</example>
568
+ <param pos="0" name="os.vendor" value="Sun"/>
569
+ <param pos="0" name="os.family" value="StorEdge"/>
570
+ <param pos="1" name="os.product"/>
571
+ <param pos="0" name="os.device" value="Storage"/>
572
+ </fingerprint>
573
+ <fingerprint pattern="(?i)^AXIS (\S+) .* Camera(?:\s+version)?\s+(\S+) .*">
574
+ <description>Axis Network Camera</description>
575
+ <example hw.product="2100" hw.version="2.43">Axis 2100 Network Camera 2.43 Nov 04 2008 ready.</example>
576
+ <example hw.product="216FD" hw.version="4.47">AXIS 216FD Network Fixed Dome Camera 4.47 (Mar 13 2008) ready.</example>
577
+ <example hw.product="214" hw.version="4.49">AXIS 214 PTZ Network Camera 4.49 (Oct 05 2009) ready</example>
578
+ <example hw.product="205" hw.version="4.05">AXIS 205 Network Camera version 4.05 (Sep 27 2004) ready.</example>
579
+ <example hw.product="233D" hw.version="4.48.4">AXIS 233D Network Dome Camera 4.48.4 (Mar 23 2010) ready.</example>
580
+ <example hw.product="P1346" hw.version="5.50beta3">AXIS P1346 Network Camera 5.50beta3 (2014) ready</example>
581
+ <param pos="0" name="hw.vendor" value="Axis"/>
582
+ <param pos="0" name="hw.device" value="Web cam"/>
583
+ <param pos="1" name="hw.product"/>
584
+ <param pos="2" name="hw.version"/>
585
+ <param pos="0" name="os.vendor" value="AXIS"/>
586
+ <param pos="0" name="os.family" value="Linux"/>
587
+ <param pos="0" name="os.device" value="Web cam"/>
588
+ </fingerprint>
589
+ <fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?Video|IO Audio) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
590
+ <description>Axis Audio/Video encoders/servers</description>
591
+ <example hw.product="Q7406">AXIS Q7406 Video Encoder Blade 5.01 (Aug 01 2008) ready.</example>
592
+ <example hw.product="241Q">AXIS 241Q Video Server 4.47.2 (Dec 11 2008) ready.</example>
593
+ <example hw.version="5.07.2">AXIS P7701 Video Decoder 5.07.2 (Apr 20 2010) ready.</example>
594
+ <example hw.product="Q7401" hw.version="5.01">AXIS Q7401 Video Encoder 5.01 (Aug 01 2008) ready.</example>
595
+ <example hw.product="Q7401" hw.version="5.50.2_cst_412205_1">AXIS Q7401 Video Encoder 5.50.2_cst_412205_1 (2013)</example>
596
+ <example hw.product="Q7424-R" hw.version="5.51.3.1">AXIS Q7424-R Mk II Video Encoder 5.51.3.1 (2016) ready.</example>
597
+ <example hw.product="P8221" hw.version="5.10.2">AXIS P8221 IO Audio Module 5.10.2 (Nov 07 2011) ready.</example>
598
+ <param pos="0" name="hw.vendor" value="Axis"/>
599
+ <param pos="1" name="hw.product"/>
600
+ <param pos="2" name="hw.version"/>
601
+ </fingerprint>
602
+ <fingerprint pattern="(?i)^AXIS (\S+) Network Door Controller (\S+) .* ready\.?$">
603
+ <description>Axis Door Controllers</description>
604
+ <example hw.product="A1001" hw.version="1.65.1.1">AXIS A1001 Network Door Controller 1.65.1.1 (2018) ready.</example>
605
+ <param pos="0" name="hw.vendor" value="Axis"/>
606
+ <param pos="0" name="hw.device" value="Access Controller"/>
607
+ <param pos="1" name="hw.product"/>
608
+ <param pos="2" name="hw.version"/>
609
+ </fingerprint>
610
+ <fingerprint pattern="^AXIS (\S+) .*FTP Network Print Server V?([\d\.]+\S+) .* ready\.?$" flags="REG_ICASE">
611
+ <description>Axis print servers</description>
612
+ <example hw.product="5600+">AXIS 5600+ (rev 3) FTP Network Print Server V7.00 Sep 10 2004 ready.</example>
613
+ <example hw.product="560">AXIS 560 FTP Network Print Server V6.00 Jul 7 1999 ready.</example>
614
+ <example hw.version="6.30.beta2">AXIS 5470e FTP Network Print Server V6.30.beta2 Sep 25 2002 ready.</example>
615
+ <param pos="0" name="hw.vendor" value="Axis"/>
616
+ <param pos="0" name="hw.device" value="Print server"/>
617
+ <param pos="1" name="hw.product"/>
618
+ <param pos="2" name="hw.version"/>
619
+ </fingerprint>
620
+ <fingerprint pattern="^RICOH Aficio ((?:[MS]P )?\S+) FTP server \(([0-9\.a-zA-Z]+)\) ready.?$" flags="REG_ICASE">
621
+ <description>Ricoh Aficio multifunction device</description>
622
+ <example os.product="2045e">RICOH Aficio 2045e FTP server (4.12) ready.</example>
623
+ <example os.version="8.63">RICOH Aficio SP 4210N FTP server (8.63) ready.</example>
624
+ <example hw.product="MP C3000">RICOH Aficio MP C3000 FTP server (5.11) ready.</example>
625
+ <param pos="0" name="hw.vendor" value="Ricoh"/>
626
+ <param pos="0" name="hw.family" value="Aficio"/>
627
+ <param pos="0" name="hw.device" value="Multifunction Device"/>
628
+ <param pos="1" name="hw.product"/>
629
+ <param pos="0" name="os.vendor" value="Ricoh"/>
630
+ <param pos="0" name="os.family" value="Aficio"/>
631
+ <param pos="0" name="os.device" value="Multifunction Device"/>
632
+ <param pos="1" name="os.product"/>
633
+ <param pos="2" name="os.version"/>
634
+ </fingerprint>
635
+ <fingerprint pattern="^NRG ((?:[MS]P )?\S+) FTP server \(([0-9\.a-zA-Z]+)\) ready.?$" flags="REG_ICASE">
636
+ <description>Ricoh NRG multifunction device</description>
637
+ <example>NRG MP C2800 FTP server (8.25) ready.</example>
638
+ <example>NRG MP 3350 FTP server (7.05) ready.</example>
639
+ <example>NRG MP C3500 FTP server (5.17) ready.</example>
640
+ <example>NRG MP 171 FTP server (9.02.1) ready.</example>
641
+ <example>NRG MP C2550 FTP server (8.25) ready.</example>
642
+ <example>NRG MP C3500 FTP server (5.19) ready.</example>
643
+ <example>NRG MP C4000 FTP server (8.30) ready.</example>
644
+ <example>NRG MP C4500 FTP server (5.14) ready.</example>
645
+ <param pos="0" name="os.vendor" value="Ricoh"/>
646
+ <param pos="0" name="os.device" value="Multifunction Device"/>
647
+ <param pos="1" name="os.product"/>
648
+ <param pos="2" name="os.version"/>
649
+ <param pos="0" name="hw.vendor" value="Ricoh"/>
650
+ <param pos="0" name="hw.device" value="Multifunction Device"/>
651
+ <param pos="1" name="hw.product"/>
652
+ </fingerprint>
653
+ <fingerprint pattern="^Xerox WorkCentre ([A-Za-z0-9]+).*$" certainty="1.0">
654
+ <description>Xerox WorkCentre</description>
655
+ <example hw.product="6605DN">Xerox WorkCentre 6605DN</example>
656
+ <example hw.product="3615">Xerox WorkCentre 3615</example>
657
+ <example hw.product="6505DN">Xerox WorkCentre 6505DN</example>
658
+ <example hw.product="6505N">Xerox WorkCentre 6505N</example>
659
+ <param pos="0" name="os.vendor" value="Xerox"/>
660
+ <param pos="0" name="os.family" value="WorkCentre"/>
661
+ <param pos="0" name="os.device" value="Printer"/>
662
+ <param pos="0" name="hw.vendor" value="Xerox"/>
663
+ <param pos="0" name="hw.family" value="WorkCentre"/>
664
+ <param pos="0" name="hw.device" value="Printer"/>
665
+ <param pos="1" name="hw.product"/>
666
+ </fingerprint>
667
+ <fingerprint pattern="^Xerox Phaser (\S+)$" certainty="1.0">
668
+ <description>Xerox Phaser Laser Printer</description>
669
+ <example>Xerox Phaser 6130N</example>
670
+ <example>Xerox Phaser 6180MFP-D</example>
671
+ <param pos="0" name="os.vendor" value="Xerox"/>
672
+ <param pos="0" name="os.family" value="Phaser"/>
673
+ <param pos="0" name="os.device" value="Printer"/>
674
+ <param pos="1" name="os.product"/>
675
+ <param pos="0" name="hw.vendor" value="Xerox"/>
676
+ <param pos="0" name="hw.family" value="Phaser"/>
677
+ <param pos="0" name="hw.device" value="Printer"/>
678
+ <param pos="1" name="hw.product"/>
679
+ </fingerprint>
680
+ <fingerprint pattern="^XEROX (\d+) Wide Format .*$" certainty="1.0">
681
+ <description>Xerox Wide Format Series of Printers</description>
682
+ <example>XEROX 6204 Wide Format FTP server ready</example>
683
+ <param pos="0" name="os.vendor" value="Xerox"/>
684
+ <param pos="0" name="os.family" value="Wide Format"/>
685
+ <param pos="0" name="os.device" value="Printer"/>
686
+ <param pos="1" name="os.product"/>
687
+ <param pos="0" name="hw.vendor" value="Xerox"/>
688
+ <param pos="0" name="hw.family" value="Wide Format"/>
689
+ <param pos="0" name="hw.device" value="Printer"/>
690
+ <param pos="1" name="hw.product"/>
691
+ </fingerprint>
692
+ <fingerprint pattern="^FUJI XEROX DocuPrint (.*)$" certainty="1.0">
693
+ <description>FUJI XEROX DocuPrint Series of Printers</description>
694
+ <example>FUJI XEROX DocuPrint 3055</example>
695
+ <example>FUJI XEROX DocuPrint C1190 FS</example>
696
+ <example>FUJI XEROX DocuPrint C2100</example>
697
+ <param pos="0" name="os.vendor" value="FUJI XEROX"/>
698
+ <param pos="0" name="os.family" value="DocuPrint"/>
699
+ <param pos="0" name="os.device" value="Printer"/>
700
+ <param pos="1" name="os.product"/>
701
+ </fingerprint>
702
+ <fingerprint pattern="^ET(\S{12}) Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
703
+ <description>Lexmark printer with MAC address</description>
704
+ <example host.mac="000400CEA560" hw.product="T640" os.version="NS.NP.N219">ET000400CEA560 Lexmark T640 FTP Server NS.NP.N219 ready.</example>
705
+ <param pos="0" name="os.vendor" value="Lexmark"/>
706
+ <param pos="0" name="os.device" value="Printer"/>
707
+ <param pos="1" name="host.mac"/>
708
+ <param pos="3" name="os.version"/>
709
+ <param pos="0" name="hw.vendor" value="Lexmark"/>
710
+ <param pos="0" name="hw.device" value="Printer"/>
711
+ <param pos="2" name="hw.product"/>
712
+ </fingerprint>
713
+ <fingerprint pattern="^.*Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
714
+ <description>Lexmark printer with OS version</description>
715
+ <example hw.product="T654" os.version="NR.APS.F368">ET0021718 Lexmark T654 FTP Server NR.APS.F368 ready.</example>
716
+ <param pos="0" name="os.vendor" value="Lexmark"/>
717
+ <param pos="0" name="os.device" value="Printer"/>
718
+ <param pos="2" name="os.version"/>
719
+ <param pos="0" name="hw.vendor" value="Lexmark"/>
720
+ <param pos="0" name="hw.device" value="Printer"/>
721
+ <param pos="1" name="hw.product"/>
722
+ </fingerprint>
723
+ <fingerprint pattern="^.*Lexmark (\S+) FTP Server ready\.?$" certainty="1.0" flags="REG_ICASE">
724
+ <description>Lexmark printer</description>
725
+ <example hw.product="X500">Lexmark X500 FTP server ready</example>
726
+ <param pos="0" name="os.vendor" value="Lexmark"/>
727
+ <param pos="0" name="os.device" value="Printer"/>
728
+ <param pos="0" name="hw.vendor" value="Lexmark"/>
729
+ <param pos="0" name="hw.device" value="Printer"/>
730
+ <param pos="1" name="hw.product"/>
731
+ </fingerprint>
732
+ <fingerprint pattern="^220 ECOSYS ([^\s]+) FTP server$">
733
+ <description>Kyocera Multifunction Device</description>
734
+ <example hw.product="P2135dn">220 ECOSYS P2135dn FTP server</example>
735
+ <param pos="0" name="os.vendor" value="Kyocera"/>
736
+ <param pos="0" name="os.device" value="Multifunction Device"/>
737
+ <param pos="0" name="hw.vendor" value="Kyocera"/>
738
+ <param pos="0" name="hw.device" value="Multifunction Device"/>
739
+ <param pos="1" name="hw.product"/>
740
+ </fingerprint>
741
+ <fingerprint pattern="^(?:Tornado-)?VxWorks \((?:VxWorks)?([^\)]+)\) FTP server(?: ready)?\.?$" flags="REG_ICASE">
742
+ <description>VxWorks with version information</description>
743
+ <example os.version="5.3.1">VxWorks (5.3.1) FTP server ready</example>
744
+ <example os.version="5.5.1">VxWorks (VxWorks5.5.1) FTP server ready</example>
745
+ <example os.version="5.5.1">Tornado-vxWorks (VxWorks5.5.1) FTP server</example>
746
+ <example os.version="5.4.2">VxWorks (5.4.2) FTP server ready.</example>
747
+ <param pos="0" name="os.vendor" value="Wind River"/>
748
+ <param pos="0" name="os.product" value="VxWorks"/>
749
+ <param pos="1" name="os.version"/>
750
+ <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
751
+ </fingerprint>
752
+ <fingerprint pattern="^Tornado-vxWorks FTP server ready$" flags="REG_ICASE">
753
+ <description>VxWorks without version information</description>
754
+ <example>Tornado-vxWorks FTP server ready</example>
755
+ <param pos="0" name="os.vendor" value="Wind River"/>
756
+ <param pos="0" name="os.product" value="VxWorks"/>
757
+ <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-"/>
758
+ </fingerprint>
759
+ <fingerprint pattern="^[\w\-\.]* FTP server \((?:VxWorks\s?)+([\d\.]+)\) ready.$" flags="REG_ICASE">
760
+ <description>VxWorks 6 with version information</description>
761
+ <example os.version="6.6">NanoDAC FTP server (VxWorks VxWorks 6.6) ready.</example>
762
+ <example os.version="6.4">BVS-MR-BSC2 FTP server (VxWorks 6.4) ready.</example>
763
+ <param pos="0" name="os.vendor" value="Wind River"/>
764
+ <param pos="0" name="os.product" value="VxWorks"/>
765
+ <param pos="1" name="os.version"/>
766
+ <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-{os.version}"/>
767
+ </fingerprint>
768
+ <fingerprint pattern="^[\w&lt;&gt;]+\s*Tenor Multipath Switch FTP server \(Version VxWorks([\d\.]+)\) ready\.$" flags="REG_ICASE">
769
+ <description>VxWorks on Tenor MultiPath with version information</description>
770
+ <example os.version="5.4.2"><![CDATA[<38785ca0> Tenor Multipath Switch FTP server (Version VxWorks5.4.2) ready.]]></example>
771
+ <param pos="0" name="os.vendor" value="Wind River"/>
772
+ <param pos="0" name="os.product" value="VxWorks"/>
773
+ <param pos="1" name="os.version"/>
774
+ <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-{os.version}"/>
775
+ </fingerprint>
776
+ <fingerprint pattern="^VxWorks FTP server \(VxWorks ([\d\.]+) - Secure NetLinx version \([\d\.]+\)\) ready.$">
777
+ <description>VxWorks with Secure NetLinx</description>
778
+ <example os.version="5.3.1">VxWorks FTP server (VxWorks 5.3.1 - Secure NetLinx version (1.0)) ready.</example>
779
+ <param pos="0" name="os.vendor" value="Wind River"/>
780
+ <param pos="0" name="os.product" value="VxWorks"/>
781
+ <param pos="1" name="os.version"/>
782
+ <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-{os.version}"/>
783
+ </fingerprint>
784
+ <fingerprint pattern="^ADC iScale$">
785
+ <description>ADC iScale</description>
786
+ <example>ADC iScale</example>
787
+ <param pos="0" name="service.vendor" value="ADC"/>
788
+ <param pos="0" name="service.product" value="iScale"/>
789
+ <param pos="0" name="os.vendor" value="ADC"/>
790
+ <param pos="0" name="os.product" value="iScale"/>
791
+ </fingerprint>
792
+ <fingerprint pattern="^TASKalfa (\d+c?i) FTP server" certainty="1.0">
793
+ <description>Taskalfa Series of Printers</description>
794
+ <example>TASKalfa 300ci FTP server</example>
795
+ <example>TASKalfa 520i FTP server</example>
796
+ <param pos="0" name="os.vendor" value="Kyocera"/>
797
+ <param pos="0" name="os.family" value="TASKalfa"/>
798
+ <param pos="0" name="os.device" value="Multifunction Device"/>
799
+ <param pos="1" name="os.product"/>
800
+ <param pos="0" name="hw.vendor" value="Kyocera"/>
801
+ <param pos="0" name="hw.family" value="TASKalfa"/>
802
+ <param pos="0" name="hw.device" value="Multifunction Device"/>
803
+ <param pos="1" name="hw.product"/>
804
+ </fingerprint>
805
+ <fingerprint pattern="^SAVIN (\S+) FTP server \((.*)\) ready.$" certainty="1.0">
806
+ <description>SAVIN Printer FTP Server</description>
807
+ <example os.product="4075">SAVIN 4075 FTP server (4.08) ready.</example>
808
+ <example hw.product="9025">SAVIN 9025 FTP server (7.23) ready.</example>
809
+ <example os.version="7.30">SAVIN 9050 FTP server (7.30) ready.</example>
810
+ <example os.version="9.03">SAVIN 917 FTP server (9.03) ready.</example>
811
+ <example>SAVIN 917 FTP server (9.05.2) ready.</example>
812
+ <example>SAVIN C2525 FTP server (5.14) ready.</example>
813
+ <example>SAVIN C3528 FTP server (4.08.3) ready.</example>
814
+ <example>SAVIN C3528 FTP server (4.17) ready.</example>
815
+ <example>SAVIN C6055 FTP server (7.16) ready.</example>
816
+ <example>SAVIN C9145 FTP server (10.51) ready.</example>
817
+ <param pos="0" name="os.vendor" value="Savin"/>
818
+ <param pos="0" name="os.device" value="Printer"/>
819
+ <param pos="1" name="os.product"/>
820
+ <param pos="2" name="os.version"/>
821
+ <param pos="0" name="hw.vendor" value="Savin"/>
822
+ <param pos="0" name="hw.device" value="Printer"/>
823
+ <param pos="1" name="hw.product"/>
824
+ </fingerprint>
825
+ <fingerprint pattern="^Oce (im\d+) Ver (\S+) FTP server\.$" certainty="1.0">
826
+ <description>OCE IM series Printer</description>
827
+ <example>Oce im4512 Ver 01.04.00.0c FTP server.</example>
828
+ <example>Oce im3512 Ver 01.04.00.0c FTP server.</example>
829
+ <param pos="0" name="os.vendor" value="Oce"/>
830
+ <param pos="0" name="os.device" value="Multifunction Device"/>
831
+ <param pos="0" name="os.family" value="IM Series"/>
832
+ <param pos="1" name="os.product"/>
833
+ <param pos="2" name="os.version"/>
834
+ </fingerprint>
835
+ <fingerprint pattern="^Oce (Plotwave\d+) FTP Service \(Version (\S+)\)\.$" certainty="1.0">
836
+ <description>OCE Printer</description>
837
+ <example>Oce Plotwave300 FTP Service (Version 4.5.7).</example>
838
+ <param pos="0" name="os.vendor" value="Oce"/>
839
+ <param pos="0" name="os.device" value="Printer"/>
840
+ <param pos="0" name="os.family" value="Plotwave Series"/>
841
+ <param pos="1" name="os.product"/>
842
+ <param pos="2" name="os.version"/>
843
+ </fingerprint>
844
+ <fingerprint pattern="^LinkCom Xpress (.*) FTP version ([\d\.]+) ready$" certainty="1.0">
845
+ <description>MPI Technologies Linkcom Express FTP Server with os version</description>
846
+ <example hw.product="10/100 +IPDS" os.version="1.0">LinkCom Xpress 10/100 +IPDS FTP version 1.0 ready</example>
847
+ <param pos="0" name="hw.vendor" value="MPI Technologies"/>
848
+ <param pos="0" name="hw.family" value="LinkCom Xpress"/>
849
+ <param pos="0" name="hw.device" value="Print server"/>
850
+ <param pos="1" name="hw.product"/>
851
+ <param pos="2" name="os.version"/>
852
+ </fingerprint>
853
+ <fingerprint pattern="^LinkCom Xpress (.*)$" certainty="1.0">
854
+ <description>MPI Technologies Linkcom Express FTP Server</description>
855
+ <example hw.product="EIO PRO 10">LinkCom Xpress EIO PRO 10</example>
856
+ <param pos="0" name="hw.vendor" value="MPI Technologies"/>
857
+ <param pos="0" name="hw.family" value="LinkCom Xpress"/>
858
+ <param pos="0" name="hw.device" value="Print server"/>
859
+ <param pos="1" name="hw.product"/>
860
+ </fingerprint>
861
+ <fingerprint pattern="^LXKE\S+ IBM Infoprint (\d+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
862
+ <description>IBM Infoprint FTP</description>
863
+ <example>LXKE82124 IBM Infoprint 1332 FTP Server 55.10.21 ready.</example>
864
+ <example>LXKE8255D IBM Infoprint 1332 FTP Server 55.10.21 ready.</example>
865
+ <example>LXKE825A0 IBM Infoprint 1332 FTP Server 55.10.21 ready.</example>
866
+ <example>LXKE93276 IBM Infoprint 1332 FTP Server 55.10.19 ready.</example>
867
+ <param pos="0" name="os.vendor" value="Ricoh"/>
868
+ <param pos="0" name="os.family" value="Infoprint"/>
869
+ <param pos="0" name="os.device" value="Printer"/>
870
+ <param pos="1" name="os.product"/>
871
+ <param pos="2" name="os.version"/>
872
+ </fingerprint>
873
+ <fingerprint pattern="^(Gestetner \S+(?: \S+)?) FTP server \((.*)\)" certainty="1.0">
874
+ <description>Gestetner Printer FTP</description>
875
+ <example os.product="Gestetner MP5500/DSm755" os.version="5.11c">Gestetner MP5500/DSm755 FTP server (5.11c) ready.</example>
876
+ <example os.product="Gestetner MP C4502" os.version="11.77">Gestetner MP C4502 FTP server (11.77) ready.</example>
877
+ <example>Gestetner MP 161/DSm416 FTP server (6.11) ready. </example>
878
+ <example>Gestetner 3502 FTP server (1.66.1) ready</example>
879
+ <example>Gestetner C7526dn FTP server (6.05.1) ready.</example>
880
+ <param pos="0" name="os.vendor" value="Ricoh"/>
881
+ <param pos="0" name="os.device" value="Multifunction Device"/>
882
+ <param pos="1" name="os.product"/>
883
+ <param pos="2" name="os.version"/>
884
+ </fingerprint>
885
+ <fingerprint pattern="^(Gestetner \S+)$" certainty="1.0">
886
+ <description>Gestetner Printer FTP - short banner</description>
887
+ <example>Gestetner MPC2500</example>
888
+ <param pos="0" name="os.vendor" value="Ricoh"/>
889
+ <param pos="0" name="os.device" value="Multifunction Device"/>
890
+ <param pos="1" name="os.product"/>
891
+ </fingerprint>
892
+ <fingerprint pattern="^EUFSALE MarkNet (\S+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
893
+ <description>Lexmark Marknet Printers FTP</description>
894
+ <example>EUFSALE MarkNet X2011e FTP Server 4.20.21 ready.</example>
895
+ <param pos="0" name="os.vendor" value="Lexmark"/>
896
+ <param pos="0" name="os.family" value="MarkNet"/>
897
+ <param pos="0" name="os.device" value="Print server"/>
898
+ <param pos="1" name="os.product"/>
899
+ <param pos="2" name="os.version"/>
900
+ </fingerprint>
901
+ <fingerprint pattern="^ET(\S+) Source Technologies (ST-96\S+) FTP Server (\S+) ready\.?$">
902
+ <description>Source Technologies ST9600 Series Secure Printer</description>
903
+ <example>ET0021B730F70E Source Technologies ST-9620 FTP Server NJ.APS.N254e ready.</example>
904
+ <example>ET0021B7549AF2 Source Technologies ST-9620 FTP Server NR.APS.N447b2 ready.</example>
905
+ <example>ET0021B7300F01 Source Technologies ST-9620 FTP Server NJ.APS.N254e ready.</example>
906
+ <param pos="0" name="os.vendor" value="Source Technologies"/>
907
+ <param pos="0" name="os.family" value="ST9600 Series"/>
908
+ <param pos="0" name="os.device" value="Printer"/>
909
+ <param pos="1" name="host.mac"/>
910
+ <param pos="2" name="os.product"/>
911
+ <param pos="3" name="os.version"/>
912
+ </fingerprint>
913
+ <fingerprint pattern="^ET(\S+) (Pro\d+) Series FTP Server ready\.$" certainty="1.0">
914
+ <description>Lexmark ProXXX Series of Printers</description>
915
+ <example host.mac="0020007E4D2A" hw.product="Pro700">ET0020007E4D2A Pro700 Series FTP Server ready.</example>
916
+ <param pos="0" name="os.vendor" value="Lexmark"/>
917
+ <param pos="0" name="os.device" value="Printer"/>
918
+ <param pos="0" name="os.family" value="Pro Series"/>
919
+ <param pos="1" name="host.mac"/>
920
+ <param pos="0" name="hw.vendor" value="Lexmark"/>
921
+ <param pos="0" name="hw.family" value="Pro Series"/>
922
+ <param pos="0" name="hw.device" value="Printer"/>
923
+ <param pos="2" name="hw.product"/>
924
+ </fingerprint>
925
+ <fingerprint pattern="^ET(\S+) Lexmark Forms Printer (\d+) Ethernet FTP Server (\S+) ready\.$" certainty="1.0">
926
+ <description>Lexmark Forms Printer</description>
927
+ <example os.product="2590">ET0020004F54EE Lexmark Forms Printer 2590 Ethernet FTP Server LCL.CU.P012c ready.</example>
928
+ <param pos="0" name="os.vendor" value="Lexmark"/>
929
+ <param pos="0" name="os.family" value="Forms Printer"/>
930
+ <param pos="0" name="os.device" value="Printer"/>
931
+ <param pos="1" name="host.mac"/>
932
+ <param pos="2" name="os.product"/>
933
+ <param pos="3" name="os.version"/>
934
+ <param pos="0" name="hw.vendor" value="Lexmark"/>
935
+ <param pos="0" name="hw.family" value="Forms Printer"/>
936
+ <param pos="0" name="hw.device" value="Printer"/>
937
+ <param pos="2" name="hw.product"/>
938
+ </fingerprint>
939
+ <fingerprint pattern="^ET(\S+) TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
940
+ <description>Toshiba e-STUDIO Printer with MAC address</description>
941
+ <example os.version="NC2.NPS.N221">ET0004001E9C00 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N221 ready.</example>
942
+ <example host.mac="00040089BE42">ET00040089BE42 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
943
+ <param pos="0" name="os.vendor" value="Toshiba"/>
944
+ <param pos="0" name="os.device" value="Multifunction Device"/>
945
+ <param pos="0" name="os.product" value="e-STUDIO"/>
946
+ <param pos="1" name="host.mac"/>
947
+ <param pos="2" name="os.version"/>
948
+ <param pos="0" name="hw.vendor" value="Toshiba"/>
949
+ <param pos="0" name="hw.device" value="Multifunction Device"/>
950
+ <param pos="0" name="hw.product" value="e-STUDIO"/>
951
+ </fingerprint>
952
+ <fingerprint pattern="^\S+ TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
953
+ <description>Toshiba e-STUDIO Printer</description>
954
+ <example os.version="NC2.NPS.N211">JHBPRN13 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
955
+ <param pos="0" name="os.vendor" value="Toshiba"/>
956
+ <param pos="0" name="os.device" value="Multifunction Device"/>
957
+ <param pos="0" name="os.product" value="e-STUDIO"/>
958
+ <param pos="1" name="os.version"/>
959
+ <param pos="0" name="hw.vendor" value="Toshiba"/>
960
+ <param pos="0" name="hw.device" value="Multifunction Device"/>
961
+ <param pos="0" name="hw.product" value="e-STUDIO"/>
962
+ </fingerprint>
963
+ <fingerprint pattern="^.*Lexmark Optra (\S+) FTP Server (\S+) ready\.$" certainty="1.0">
964
+ <description>Lexmark Optra Printer</description>
965
+ <example os.product="T612">lex142785470853 Lexmark Optra T612 FTP Server 3.20.30 ready.</example>
966
+ <example os.version="3.20.20">oppr1.s02504.us Lexmark Optra T610 FTP Server 3.20.20 ready.</example>
967
+ <param pos="0" name="os.vendor" value="Lexmark"/>
968
+ <param pos="0" name="os.family" value="Optra"/>
969
+ <param pos="0" name="os.device" value="Printer"/>
970
+ <param pos="1" name="os.product"/>
971
+ <param pos="2" name="os.version"/>
972
+ <param pos="0" name="hw.vendor" value="Lexmark"/>
973
+ <param pos="0" name="hw.family" value="Optra"/>
974
+ <param pos="0" name="hw.device" value="Printer"/>
975
+ <param pos="1" name="hw.product"/>
976
+ </fingerprint>
977
+ <fingerprint pattern="^SHARP (MX-\S+) Ver (\S+) FTP server\.$" certainty="1.0">
978
+ <description>Sharp Printer/Copier/Scanne</description>
979
+ <example os.product="MX-6200N" os.version="01.02.00.0e">SHARP MX-6200N Ver 01.02.00.0e FTP server.</example>
980
+ <example>SHARP MX-M363N Ver 01.05.00.0k FTP server.</example>
981
+ <example>SHARP MX-M363N Ver 01.05.00.1k FTP server.</example>
982
+ <example>SHARP MX-5001N Ver 01.05.00.0n FTP server.</example>
983
+ <example>SHARP MX-5500N Ver 01.02.00.09 FTP server.</example>
984
+ <example>SHARP MX-M453N Ver 01.05.00.0k FTP server.</example>
985
+ <example>SHARP MX-M503N Ver 01.05.00.1k FTP server.</example>
986
+ <example>SHARP MX-M620U Ver 01.03.00 FTP server.</example>
987
+ <example>SHARP MX-M620U Ver 01.04.00.04 FTP server.</example>
988
+ <param pos="0" name="os.vendor" value="Sharp"/>
989
+ <param pos="0" name="os.device" value="Printer"/>
990
+ <param pos="0" name="os.family" value="MX Series"/>
991
+ <param pos="1" name="os.product"/>
992
+ <param pos="2" name="os.version"/>
993
+ <param pos="0" name="hw.vendor" value="Sharp"/>
994
+ <param pos="0" name="hw.device" value="Printer"/>
995
+ <param pos="0" name="hw.family" value="MX Series"/>
996
+ <param pos="1" name="hw.product"/>
997
+ </fingerprint>
998
+ <fingerprint pattern="^(FS-\S+MFP\S*?) FTP server\.?$" certainty="1.0">
999
+ <description>Kyocera Printer with version string</description>
1000
+ <example os.product="FS-C2126MFP">FS-C2126MFP FTP server</example>
1001
+ <example hw.product="FS-C2026MFP+">FS-C2026MFP+ FTP server</example>
1002
+ <example hw.product="FS-1128MFP">FS-1128MFP FTP server</example>
1003
+ <param pos="0" name="os.vendor" value="Kyocera"/>
1004
+ <param pos="0" name="os.device" value="Multifunction Device"/>
1005
+ <param pos="1" name="os.product"/>
1006
+ <param pos="0" name="hw.vendor" value="Kyocera"/>
1007
+ <param pos="0" name="hw.device" value="Multifunction Device"/>
1008
+ <param pos="1" name="hw.product"/>
1009
+ </fingerprint>
1010
+ <fingerprint pattern="^(FS-\S+(?:DN|D|N)) FTP server\.?$" certainty="1.0">
1011
+ <description>Kyocera Printer</description>
1012
+ <example os.product="FS-1370DN">FS-1370DN FTP server</example>
1013
+ <example hw.product="FS-C5015N">FS-C5015N FTP server.</example>
1014
+ <param pos="0" name="os.vendor" value="Kyocera"/>
1015
+ <param pos="0" name="os.device" value="Printer"/>
1016
+ <param pos="0" name="os.family" value="FS"/>
1017
+ <param pos="1" name="os.product"/>
1018
+ <param pos="0" name="hw.vendor" value="Kyocera"/>
1019
+ <param pos="0" name="hw.device" value="Printer"/>
1020
+ <param pos="0" name="hw.family" value="FS"/>
1021
+ <param pos="1" name="hw.product"/>
1022
+ </fingerprint>
1023
+ <fingerprint pattern="^(ESI-\S+) Version (\S+) ready\.$" certainty="1.0">
1024
+ <description>Extended Systems ExtendNet Print Server</description>
1025
+ <example os.product="ESI-2941B">ESI-2941B Version 6.34 ready.</example>
1026
+ <example os.version="6.03">ESI-2941A Version 6.03 ready.</example>
1027
+ <example hw.product="ESI-2933A">ESI-2933A Version 6.40 ready.</example>
1028
+ <example>ESI-2831 Version 2.1 ready.</example>
1029
+ <example>ESI-2833A Version 6.3 ready.</example>
1030
+ <example>ESI-2900A Version 6.31 ready.</example>
1031
+ <example>ESI-2841B Version 3.01 ready.</example>
1032
+ <example>ESI-2841C Version 5.09e ready.</example>
1033
+ <example>ESI-2933A Version 6.40a.05 ready.</example>
1034
+ <example>ESI-2999A Version 6.30a.07 ready.</example>
1035
+ <param pos="0" name="os.vendor" value="Sybase"/>
1036
+ <param pos="0" name="os.family" value="Extended Systems ExtendNet"/>
1037
+ <param pos="0" name="os.device" value="Print server"/>
1038
+ <param pos="1" name="os.product"/>
1039
+ <param pos="2" name="os.version"/>
1040
+ <param pos="0" name="hw.family" value="Extended Systems ExtendNet"/>
1041
+ <param pos="0" name="hw.device" value="Print server"/>
1042
+ <param pos="1" name="hw.product"/>
1043
+ </fingerprint>
1044
+ <fingerprint pattern="^SATO SATO PRINTER Ver (\S+) FTP server\.$" certainty="1.0">
1045
+ <description>SATO Printer</description>
1046
+ <example os.version="A1.2.3">SATO SATO PRINTER Ver A1.2.3 FTP server.</example>
1047
+ <example>SATO SATO PRINTER Ver A2.3.0 FTP server.</example>
1048
+ <param pos="0" name="os.vendor" value="SATO"/>
1049
+ <param pos="0" name="os.device" value="Printer"/>
1050
+ <param pos="1" name="os.version"/>
1051
+ <param pos="0" name="hw.vendor" value="SATO"/>
1052
+ <param pos="0" name="hw.device" value="Printer"/>
1053
+ </fingerprint>
1054
+ <fingerprint pattern="^Printer FTP (\d+\.\d+\.\d+) ready at (\w{3} \d{2} \d{2}:\d{2}:\d{2})$" certainty="1.0">
1055
+ <description>AMTDatasouth Fastmark M5</description>
1056
+ <example os.version="4.8.7">Printer FTP 4.8.7 ready at Apr 30 20:13:23</example>
1057
+ <example system.time="Aug 31 16:43:22">Printer FTP 4.8.7 ready at Aug 31 16:43:22</example>
1058
+ <example>Printer FTP 4.8.7 ready at Feb 28 11:27:46</example>
1059
+ <example>Printer FTP 4.8.7 ready at Jan 31 00:40:04</example>
1060
+ <example>Printer FTP 4.8.7 ready at Mar 31 06:28:25</example>
1061
+ <param pos="0" name="os.vendor" value="AMTDatasouth"/>
1062
+ <param pos="0" name="os.product" value="Fastmark M5"/>
1063
+ <param pos="0" name="os.device" value="Printer"/>
1064
+ <param pos="1" name="os.version"/>
1065
+ <param pos="0" name="system.time.format" value="MMM dd HH:mm:ss"/>
1066
+ <param pos="2" name="system.time"/>
1067
+ <param pos="0" name="hw.vendor" value="AMTDatasouth"/>
1068
+ <param pos="0" name="hw.product" value="Fastmark M5"/>
1069
+ <param pos="0" name="hw.device" value="Printer"/>
1070
+ </fingerprint>
1071
+ <fingerprint pattern="^EFI FTP Print server ready\.$" certainty="0.8">
1072
+ <description>EFI FTP Print Server</description>
1073
+ <example>EFI FTP Print server ready.</example>
1074
+ <param pos="0" name="service.vendor" value="EFI"/>
1075
+ <param pos="0" name="service.product" value="Fiery Print Server"/>
1076
+ <param pos="0" name="os.vendor" value="EFI"/>
1077
+ <param pos="0" name="os.product" value="Fiery Print Server"/>
1078
+ <param pos="0" name="os.device" value="Print server"/>
1079
+ </fingerprint>
1080
+ <!-- Conjectured based on known MX FTP fingerprints -->
1081
+ <fingerprint pattern="^SHARP (AR-\S+) Ver (\S+) FTP server">
1082
+ <description>Sharp AR Series multifunction device</description>
1083
+ <example os.product="AR-M450">SHARP AR-M450 Ver 01.05.00.0k FTP server.</example>
1084
+ <param pos="0" name="os.vendor" value="Sharp"/>
1085
+ <param pos="0" name="os.device" value="Multifunction Device"/>
1086
+ <param pos="0" name="os.family" value="AR Series"/>
1087
+ <param pos="1" name="os.product"/>
1088
+ <param pos="2" name="os.version"/>
1089
+ <param pos="0" name="hw.vendor" value="Sharp"/>
1090
+ <param pos="0" name="hw.device" value="Multifunction Device"/>
1091
+ <param pos="0" name="hw.family" value="AR Series"/>
1092
+ <param pos="1" name="hw.product"/>
1093
+ </fingerprint>
1094
+ <fingerprint pattern="^KONICA MINOLTA FTP server ready\.?$">
1095
+ <description>Konica Minolta FTP Server - w/o version</description>
1096
+ <example>KONICA MINOLTA FTP server ready.</example>
1097
+ <param pos="0" name="os.device" value="Printer"/>
1098
+ <param pos="0" name="os.vendor" value="Konica Minolta"/>
1099
+ <param pos="0" name="os.product" value="Printer"/>
1100
+ <param pos="0" name="service.vendor" value="Konica Minolta"/>
1101
+ <param pos="0" name="service.product" value="KM FTPD"/>
1102
+ <param pos="0" name="hw.device" value="Printer"/>
1103
+ <param pos="0" name="hw.vendor" value="Konica Minolta"/>
1104
+ <param pos="0" name="hw.product" value="Printer"/>
1105
+ </fingerprint>
1106
+ <fingerprint pattern="^(KM\S+) FTP server \(KM FTPD version (\d*(?:\.\d*))\) ready\.?$">
1107
+ <description>Konica Minolta FTP Server</description>
1108
+ <example os.product="KM23BC97" service.version="1.00">KM23BC97 FTP server (KM FTPD version 1.00) ready.</example>
1109
+ <example>KM23BF0A FTP server (KM FTPD version 1.00) ready.</example>
1110
+ <example>KM23CBDB FTP server (KM FTPD version 1.00) ready.</example>
1111
+ <example>KM23E608 FTP server (KM FTPD version 1.00) ready.</example>
1112
+ <example>KM23E8A2 FTP server (KM FTPD version 1.00) ready.</example>
1113
+ <example>KM25015E FTP server (KM FTPD version 1.00) ready.</example>
1114
+ <example>KM250E38 FTP server (KM FTPD version 1.00) ready.</example>
1115
+ <example>KM251A4C FTP server (KM FTPD version 1.00) ready.</example>
1116
+ <param pos="0" name="os.device" value="Printer"/>
1117
+ <param pos="0" name="os.vendor" value="Konica Minolta"/>
1118
+ <param pos="1" name="os.product"/>
1119
+ <param pos="0" name="service.vendor" value="Konica Minolta"/>
1120
+ <param pos="0" name="service.product" value="KM FTPD"/>
1121
+ <param pos="2" name="service.version"/>
1122
+ </fingerprint>
1123
+ <fingerprint pattern="^(ZBR-\d+) Version (\S+) ready\.?$">
1124
+ <description>ZebraNet Print Server FTP</description>
1125
+ <example os.product="ZBR-46686">ZBR-46686 Version 7.02 ready.</example>
1126
+ <example os.version="V56.17.5Z">ZBR-79071 Version V56.17.5Z ready.</example>
1127
+ <example os.version="7.02">ZBR-46687 Version 7.02 ready.</example>
1128
+ <param pos="0" name="os.vendor" value="ZebraNet"/>
1129
+ <param pos="0" name="os.device" value="Print server"/>
1130
+ <param pos="1" name="os.product"/>
1131
+ <param pos="2" name="os.version"/>
1132
+ <param pos="0" name="hw.vendor" value="ZebraNet"/>
1133
+ <param pos="0" name="hw.device" value="Print server"/>
1134
+ <param pos="1" name="hw.product"/>
1135
+ </fingerprint>
1136
+ <fingerprint pattern="^(ET(\S+)) Dell (\S+ Laser Printer) FTP Server">
1137
+ <description>Dell Laser Printer</description>
1138
+ <example host.name="ET0021B71A1111" host.mac="0021B71A1111" hw.product="2350dn Laser Printer">ET0021B71A1111 Dell 2350dn Laser Printer FTP Server NR.APS.N449 ready.</example>
1139
+ <param pos="0" name="os.vendor" value="Dell"/>
1140
+ <param pos="0" name="os.device" value="Printer"/>
1141
+ <param pos="0" name="hw.vendor" value="Dell"/>
1142
+ <param pos="0" name="hw.device" value="Printer"/>
1143
+ <param pos="1" name="host.name"/>
1144
+ <param pos="2" name="host.mac"/>
1145
+ <param pos="3" name="hw.product"/>
1146
+ </fingerprint>
1147
+ <fingerprint pattern="^(\S+) FTP server \(Version \S+ \w+ \w+ \d{1,2} \d{1,2}:\d{1,2}:\d{1,2} [A-Z]+ (?:1|2)\d{3}\) ready\.?$">
1148
+ <description>Generic/unknown FTP Server found on HP-UX and AIX systems</description>
1149
+ <example host.name="host.example.com">host.example.com FTP server (Version 4.1 Sat Sep 7 14:31:53 CDT 2002) ready.</example>
1150
+ <example host.name="host.example.com">host.example.com FTP server (Version 5.3 Sat Jan 10 14:01:03 CDT 2012) ready</example>
1151
+ <param pos="1" name="host.name"/>
1152
+ </fingerprint>
1153
+ <fingerprint pattern="^Welcome to the (?:Cisco )?(?:TelePresence) ([a-zA-Z\s]*?) ((?:MSE )?\d+), version (\d+.\d+\(\d+.\d+\)).*?" flags="REG_ICASE">
1154
+ <description>Cisco TelePresence</description>
1155
+ <example hw.series="AM GW" os.version="1.1(1.34)" hw.model="3610">Welcome to the Cisco TelePresence AM GW 3610, version 1.1(1.34) </example>
1156
+ <example hw.series="IP GW" os.version="2.0(3.32)" hw.model="3510">Welcome to the Cisco TelePresence IP GW 3510, version 2.0(3.32) </example>
1157
+ <example hw.series="MCU" os.version="4.3(2.18)" hw.model="4210">Welcome to the Cisco TelePresence MCU 4210, version 4.3(2.18) </example>
1158
+ <example hw.series="MCU" os.version="4.3(1.68)" hw.model="MSE 8420">Welcome to the Cisco TelePresence MCU MSE 8420, version 4.3(1.68) </example>
1159
+ <example hw.series="Server" os.version="2.1(1.18)" hw.model="7010">Welcome to the Telepresence Server 7010, version 2.1(1.18) </example>
1160
+ <param pos="0" name="os.vendor" value="Cisco"/>
1161
+ <param pos="0" name="os.product" value="TelePresence"/>
1162
+ <param pos="0" name="os.device" value="Video Conferencing"/>
1163
+ <param pos="0" name="hw.vendor" value="Cisco"/>
1164
+ <param pos="1" name="hw.series"/>
1165
+ <param pos="2" name="hw.model"/>
1166
+ <param pos="3" name="os.version"/>
1167
+ </fingerprint>
1168
+ <fingerprint pattern="^(\S+) FTP server \((?:HP|Compaq) Tru64 UNIX Version (\S+)\) ready\.?$">
1169
+ <description>Digital/Compaq/HP Tru64 Unix</description>
1170
+ <example host.name="example.com" os.version="5.60">example.com FTP server (Compaq Tru64 UNIX Version 5.60) ready.</example>
1171
+ <param pos="0" name="os.vendor" value="HP"/>
1172
+ <param pos="0" name="os.family" value="Unix"/>
1173
+ <param pos="0" name="os.product" value="Tru64 Unix"/>
1174
+ <param pos="1" name="host.name"/>
1175
+ <param pos="2" name="os.version"/>
1176
+ <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
1177
+ </fingerprint>
1178
+ <fingerprint pattern="^(\S+) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
1179
+ <description>Digital/Compaq/HP Tru64 Unix w/o branding</description>
1180
+ <example host.name="example.com" os.version="5.60">example.com FTP server (Digital UNIX Version 5.60) ready.</example>
1181
+ <param pos="0" name="os.vendor" value="HP"/>
1182
+ <param pos="0" name="os.family" value="Unix"/>
1183
+ <param pos="0" name="os.product" value="Digital Unix"/>
1184
+ <param pos="1" name="host.name"/>
1185
+ <param pos="2" name="os.version"/>
1186
+ </fingerprint>
1187
+ <fingerprint pattern="^(\S+) FTP server \(MikroTik ([\d\.]+)\) ready\.?$">
1188
+ <description>MikroTik</description>
1189
+ <example host.name="example.com" os.version="6.18">example.com FTP server (MikroTik 6.18) ready</example>
1190
+ <param pos="0" name="os.vendor" value="MikroTik"/>
1191
+ <param pos="0" name="os.product" value="RouterOS"/>
1192
+ <param pos="1" name="host.name"/>
1193
+ <param pos="2" name="os.version"/>
1194
+ <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
1195
+ </fingerprint>
1196
+ <fingerprint pattern="^MikroTik FTP server \(MikroTik ([\w.]+)\) ready\.?$">
1197
+ <description>MikroTik w/o hostname</description>
1198
+ <example os.version="6.0rc14">MikroTik FTP server (MikroTik 6.0rc14) ready</example>
1199
+ <param pos="0" name="os.vendor" value="MikroTik"/>
1200
+ <param pos="0" name="os.product" value="RouterOS"/>
1201
+ <param pos="1" name="os.version"/>
1202
+ <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
1203
+ </fingerprint>
1204
+ <fingerprint pattern="^Welcome to ASUS (B?RT-[\w.-]+) FTP service\.$">
1205
+ <description>FTPD on an Asus Wireless Access Point/Router</description>
1206
+ <example hw.product="RT-AC68U">Welcome to ASUS RT-AC68U FTP service.</example>
1207
+ <example hw.product="RT-N13U.B1">Welcome to ASUS RT-N13U.B1 FTP service.</example>
1208
+ <example hw.product="BRT-AC828">Welcome to ASUS BRT-AC828 FTP service.</example>
1209
+ <param pos="0" name="os.family" value="Linux"/>
1210
+ <param pos="0" name="os.product" value="Linux"/>
1211
+ <param pos="0" name="hw.vendor" value="Asus"/>
1212
+ <param pos="0" name="hw.device" value="WAP"/>
1213
+ <param pos="1" name="hw.product"/>
1214
+ </fingerprint>
1215
+ <fingerprint pattern="^Welcome to ASUS (DSL-[\w.-]+) FTP service\.$">
1216
+ <description>FTPD on a ADSL/VDSL Modem/Wireless Access Point/Router</description>
1217
+ <example hw.product="DSL-AC68U">Welcome to ASUS DSL-AC68U FTP service.</example>
1218
+ <example hw.product="DSL-N55U-D1">Welcome to ASUS DSL-N55U-D1 FTP service.</example>
1219
+ <param pos="0" name="os.family" value="Linux"/>
1220
+ <param pos="0" name="os.product" value="Linux"/>
1221
+ <param pos="0" name="hw.vendor" value="Asus"/>
1222
+ <param pos="0" name="hw.device" value="DSL Modem"/>
1223
+ <param pos="1" name="hw.product"/>
1224
+ </fingerprint>
1225
+ <fingerprint pattern="^Welcome to ASUS (TM-\w+) FTP service\.$">
1226
+ <description>FTPD on a T-Mobile branded Asus Wireless Access Point/Router</description>
1227
+ <example hw.product="TM-AC1900">Welcome to ASUS TM-AC1900 FTP service.</example>
1228
+ <param pos="0" name="os.family" value="Linux"/>
1229
+ <param pos="0" name="os.product" value="Linux"/>
1230
+ <param pos="0" name="hw.vendor" value="Asus"/>
1231
+ <param pos="0" name="hw.device" value="WAP"/>
1232
+ <param pos="1" name="hw.product"/>
1233
+ </fingerprint>
1234
+ <fingerprint pattern="^(FRITZ!Box[\w()]+) FTP server ready\.$">
1235
+ <description>FTPD on an AWM multifunction Modem/Wireless Access Point/Router/VoIP device</description>
1236
+ <example hw.product="FRITZ!Box7490">FRITZ!Box7490 FTP server ready.</example>
1237
+ <example hw.product="FRITZ!BoxFonWLAN7390">FRITZ!BoxFonWLAN7390 FTP server ready.</example>
1238
+ <example hw.product="FRITZ!Box7490(UI)">FRITZ!Box7490(UI) FTP server ready.</example>
1239
+ <example hw.product="FRITZ!Box7362SL(UI)">FRITZ!Box7362SL(UI) FTP server ready.</example>
1240
+ <example hw.product="FRITZ!BoxFonWLAN7270v3">FRITZ!BoxFonWLAN7270v3 FTP server ready.</example>
1241
+ <example hw.product="FRITZ!Box6490Cable(kdg)">FRITZ!Box6490Cable(kdg) FTP server ready.</example>
1242
+ <param pos="0" name="hw.vendor" value="AVM"/>
1243
+ <param pos="0" name="hw.device" value="WAP"/>
1244
+ <param pos="0" name="hw.family" value="FRITZ!Box"/>
1245
+ <param pos="1" name="hw.product"/>
1246
+ </fingerprint>
1247
+ <fingerprint pattern="^HES_CPE FTP server \(GNU inetutils ([\w.]+)\) ready\.$">
1248
+ <description>FTPD on a ZyXEL (Huawei rebrand) WiMax WAP</description>
1249
+ <example service.version="1.4.1">HES_CPE FTP server (GNU inetutils 1.4.1) ready.</example>
1250
+ <param pos="0" name="service.family" value="inetutils"/>
1251
+ <param pos="0" name="service.product" value="inetutils ftpd"/>
1252
+ <param pos="0" name="service.vendor" value="GNU"/>
1253
+ <param pos="1" name="service.version"/>
1254
+ <param pos="0" name="hw.vendor" value="ZyXEL"/>
1255
+ <param pos="0" name="hw.family" value="WiMax"/>
1256
+ <param pos="0" name="hw.device" value="WAP"/>
1257
+ </fingerprint>
1258
+ <fingerprint pattern="^Speedport W ?(\S+) (?:Typ [A|B] )?FTP Server v([\d.]+) ready$$">
1259
+ <description>FTPD on Speedport WLAN/ADSL routers (Deutsche Telekom mfg by misc)</description>
1260
+ <example hw.product="723V" os.version="1.40.000">Speedport W 723V Typ B FTP Server v1.40.000 ready</example>
1261
+ <example hw.product="921V" os.version="1.39.000">Speedport W 921V FTP Server v1.39.000 ready</example>
1262
+ <example hw.product="722V" os.version="1.18.000">Speedport W722V FTP Server v1.18.000 ready</example>
1263
+ <param pos="0" name="hw.vendor" value="Deutsche Telekom"/>
1264
+ <param pos="0" name="hw.device" value="WAP"/>
1265
+ <param pos="0" name="hw.family" value="Speedport"/>
1266
+ <param pos="1" name="hw.product"/>
1267
+ <param pos="2" name="os.version"/>
1268
+ </fingerprint>
1269
+ <fingerprint pattern="^DiskStation FTP server ready\.$">
1270
+ <description>FTPD on a Synology DiskStation NAS</description>
1271
+ <example>DiskStation FTP server ready.</example>
1272
+ <param pos="0" name="service.family" value="SmbFTPD"/>
1273
+ <param pos="0" name="service.product" value="SmbFTPD"/>
1274
+ <param pos="0" name="service.vendor" value="GNU"/>
1275
+ <param pos="0" name="os.family" value="Linux"/>
1276
+ <param pos="0" name="os.product" value="Linux"/>
1277
+ <param pos="0" name="hw.vendor" value="Synology"/>
1278
+ <param pos="0" name="hw.family" value="DiskStation"/>
1279
+ <param pos="0" name="hw.device" value="NAS"/>
1280
+ </fingerprint>
1281
+ <fingerprint pattern="^Synology FTP server ready\.$" flags="REG_ICASE">
1282
+ <description>FTPD on a Synology device</description>
1283
+ <example>Synology FTP server ready.</example>
1284
+ <example>SYNOLOGY FTP server ready.</example>
1285
+ <param pos="0" name="service.family" value="SmbFTPD"/>
1286
+ <param pos="0" name="service.product" value="SmbFTPD"/>
1287
+ <param pos="0" name="service.vendor" value="GNU"/>
1288
+ <param pos="0" name="os.family" value="Linux"/>
1289
+ <param pos="0" name="os.product" value="Linux"/>
1290
+ <param pos="0" name="hw.vendor" value="Synology"/>
1291
+ </fingerprint>
1292
+ <fingerprint pattern="^.Welcome to MyBookLive.$">
1293
+ <description>FTPD on Western Digital My Book Live NAS</description>
1294
+ <example>"Welcome to MyBookLive"</example>
1295
+ <param pos="0" name="hw.vendor" value="Western Digital"/>
1296
+ <param pos="0" name="hw.family" value="My Book"/>
1297
+ <param pos="0" name="hw.product" value="My Book Live"/>
1298
+ <param pos="0" name="hw.device" value="NAS"/>
1299
+ </fingerprint>
1300
+ <fingerprint pattern="^Multicraft ([\w.-]+) FTP server$">
1301
+ <description>Multicraft FTPD Server</description>
1302
+ <example service.version="2.0.2">Multicraft 2.0.2 FTP server</example>
1303
+ <example service.version="2.0.0-pre19">Multicraft 2.0.0-pre19 FTP server</example>
1304
+ <param pos="0" name="service.family" value="Multicraft"/>
1305
+ <param pos="0" name="service.product" value="Multicraft"/>
1306
+ <param pos="0" name="service.vendor" value="Multicraft"/>
1307
+ <param pos="1" name="service.version"/>
1308
+ </fingerprint>
1309
+ <fingerprint pattern="^bftpd ([\d.]+) at ([a-f\d.:]+) ready\.$">
1310
+ <description>Bftpd FTPD Server</description>
1311
+ <example service.version="2.2.1" host.ip="192.168.0.1">bftpd 2.2.1 at 192.168.0.1 ready.</example>
1312
+ <example service.version="2.2" host.ip="::ffff:192.168.1.1">bftpd 2.2 at ::ffff:192.168.1.1 ready.</example>
1313
+ <param pos="0" name="service.family" value="Bftpd"/>
1314
+ <param pos="0" name="service.product" value="Bftpd"/>
1315
+ <param pos="0" name="service.vendor" value="Bftpd Project"/>
1316
+ <param pos="1" name="service.version"/>
1317
+ <param pos="0" name="service.cpe23" value="cpe:/a:bftpd_project:bftpd:{service.version}"/>
1318
+ <param pos="2" name="host.ip"/>
1319
+ </fingerprint>
1320
+ <fingerprint pattern="^NASFTPD Turbo station (?:2.x )?([\w.]+) Server \(ProFTPD\)(?: \[([a-f\d.:]+)\])?$">
1321
+ <description>ProFTPD on QNAP Turbo Station NAS</description>
1322
+ <example service.version="1.3.5a" host.ip="192.168.1.100">NASFTPD Turbo station 1.3.5a Server (ProFTPD) [192.168.1.100]</example>
1323
+ <example service.version="1.3.1rc2" host.ip="192.168.1.100">NASFTPD Turbo station 2.x 1.3.1rc2 Server (ProFTPD) [192.168.1.100]</example>
1324
+ <example service.version="1.3.5a">NASFTPD Turbo station 1.3.5a Server (ProFTPD)</example>
1325
+ <param pos="0" name="service.family" value="ProFTPD"/>
1326
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
1327
+ <param pos="0" name="service.product" value="ProFTPD"/>
1328
+ <param pos="1" name="service.version"/>
1329
+ <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
1330
+ <param pos="0" name="hw.vendor" value="QNAP"/>
1331
+ <param pos="0" name="hw.family" value="Turbo Station"/>
1332
+ <param pos="0" name="hw.device" value="NAS"/>
1333
+ <param pos="2" name="host.ip"/>
1334
+ </fingerprint>
1335
+ <fingerprint pattern="^Twisted ([\w.]+) FTP Server$">
1336
+ <description>Twisted (Python) FTP Server</description>
1337
+ <example service.version="14.0.0">Twisted 14.0.0 FTP Server</example>
1338
+ <example service.version="16.5.0rc2">Twisted 16.5.0rc2 FTP Server</example>
1339
+ <param pos="0" name="service.family" value="Twisted"/>
1340
+ <param pos="0" name="service.product" value="Twisted FTPD"/>
1341
+ <param pos="0" name="service.vendor" value="Twisted Matrix Labs"/>
1342
+ <param pos="1" name="service.version"/>
1343
+ </fingerprint>
1344
+ <fingerprint pattern="^Gene6 FTP Server v(\d{1,2}\.\d{1,2}\.\d{1,2}\s{1,2}\(Build \d{1,2}\)) ready\.\.\.$">
1345
+ <description>Gene6 FTP Server on Windows</description>
1346
+ <example service.version="3.10.0 (Build 2)">Gene6 FTP Server v3.10.0 (Build 2) ready...</example>
1347
+ <example service.version="3.7.0 (Build 24)">Gene6 FTP Server v3.7.0 (Build 24) ready...</example>
1348
+ <param pos="0" name="service.family" value="Gene6"/>
1349
+ <param pos="0" name="service.product" value="FTP Server"/>
1350
+ <param pos="0" name="service.vendor" value="Gene6"/>
1351
+ <param pos="1" name="service.version"/>
1352
+ <param pos="0" name="os.vendor" value="Microsoft"/>
1353
+ <param pos="0" name="os.family" value="Windows"/>
1354
+ <param pos="0" name="os.product" value="Windows"/>
1355
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1356
+ </fingerprint>
1357
+ <fingerprint pattern="^([\w.-]+) X2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
1358
+ <description>WS_FTP FTP Server on Windows - X2 variant</description>
1359
+ <example service.version="7.7(50012467)" host.name="a.host.name.tld">a.host.name.tld X2 WS_FTP Server 7.7(50012467)</example>
1360
+ <example service.version="5.0.5 (1989540204)" host.name="a.host.name.tld">a.host.name.tld X2 WS_FTP Server 5.0.5 (1989540204)</example>
1361
+ <param pos="0" name="service.family" value="WS_FTP"/>
1362
+ <param pos="0" name="service.product" value="WS_FTP"/>
1363
+ <param pos="0" name="service.vendor" value="Ipswitch"/>
1364
+ <param pos="2" name="service.version"/>
1365
+ <param pos="0" name="service.cpe23" value="cpe:/a:ipswitch:ws_ftp:{service.version}"/>
1366
+ <param pos="0" name="os.vendor" value="Microsoft"/>
1367
+ <param pos="0" name="os.family" value="Windows"/>
1368
+ <param pos="0" name="os.product" value="Windows"/>
1369
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1370
+ <param pos="1" name="host.name"/>
1371
+ </fingerprint>
1372
+ <fingerprint pattern="^V2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
1373
+ <description>WS_FTP FTP Server on Windows - V2 variant</description>
1374
+ <example service.version="6.1(05544322)">V2 WS_FTP Server 6.1(05544322)</example>
1375
+ <param pos="0" name="service.family" value="WS_FTP"/>
1376
+ <param pos="0" name="service.product" value="WS_FTP"/>
1377
+ <param pos="0" name="service.vendor" value="Ipswitch"/>
1378
+ <param pos="1" name="service.version"/>
1379
+ <param pos="0" name="service.cpe23" value="cpe:/a:ipswitch:ws_ftp:{service.version}"/>
1380
+ <param pos="0" name="os.vendor" value="Microsoft"/>
1381
+ <param pos="0" name="os.family" value="Windows"/>
1382
+ <param pos="0" name="os.product" value="Windows"/>
1383
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1384
+ </fingerprint>
1385
+ <fingerprint pattern="^FTP Server \(ZyWALL (USG\s?[\w-]+)\) \[([a-f\d:.]+)\]$">
1386
+ <description>ZyXEL Unified Security Gateway</description>
1387
+ <example hw.product="USG 20" host.ip="::ffff:192.168.0.2">FTP Server (ZyWALL USG 20) [::ffff:192.168.0.2]</example>
1388
+ <example hw.product="USG100-PLUS" host.ip="::ffff:192.168.5.101">FTP Server (ZyWALL USG100-PLUS) [::ffff:192.168.5.101]</example>
1389
+ <example hw.product="USG 20" host.ip="10.0.0.2">FTP Server (ZyWALL USG 20) [10.0.0.2]</example>
1390
+ <param pos="0" name="service.vendor" value="ZyXEL"/>
1391
+ <param pos="0" name="service.family" value="Unified Security Gateway"/>
1392
+ <param pos="0" name="service.product" value="FTPD"/>
1393
+ <param pos="2" name="host.ip"/>
1394
+ <param pos="0" name="hw.vendor" value="ZyXEL"/>
1395
+ <param pos="0" name="hw.family" value="Unified Security Gateway"/>
1396
+ <param pos="1" name="hw.product"/>
1397
+ </fingerprint>
1398
+ <fingerprint pattern="^Welcome to TP-LINK FTP server$">
1399
+ <description>FTPD on a TP-LINK device (no version/host info)</description>
1400
+ <example>Welcome to TP-LINK FTP server</example>
1401
+ <param pos="0" name="hw.vendor" value="TP-LINK"/>
1402
+ </fingerprint>
1403
+ <fingerprint pattern="^TP-LINK FTP version ([\d\.]+)">
1404
+ <description>FTPD on a TP-LINK device with version, but no host info</description>
1405
+ <example service.version="1.0">TP-LINK FTP version 1.0 ready at Wed May 1 20:51:49 2019</example>
1406
+ <param pos="0" name="hw.vendor" value="TP-LINK"/>
1407
+ <param pos="0" name="service.product" value="FTPD"/>
1408
+ <param pos="1" name="service.version"/>
1409
+ </fingerprint>
1410
+ <fingerprint pattern="^ucftpd\((\w{3}\s+\d{1,2} \d{4}-\d\d:\d\d:\d\d)\) FTP server ready\.$">
1411
+ <description>ucftpd with version</description>
1412
+ <example service.version="Jul 2 2012-22:13:49">ucftpd(Jul 2 2012-22:13:49) FTP server ready.</example>
1413
+ <example service.version="Sep 10 2010-17:23:34">ucftpd(Sep 10 2010-17:23:34) FTP server ready.</example>
1414
+ <param pos="0" name="service.family" value="ucftpd"/>
1415
+ <param pos="0" name="service.product" value="ucftpd"/>
1416
+ <param pos="1" name="service.version"/>
1417
+ </fingerprint>
1418
+ <fingerprint pattern="^ucftpd FTP server ready\.$">
1419
+ <description>ucftpd without version</description>
1420
+ <example>ucftpd FTP server ready.</example>
1421
+ <param pos="0" name="service.family" value="ucftpd"/>
1422
+ <param pos="0" name="service.product" value="ucftpd"/>
1423
+ </fingerprint>
1424
+ <fingerprint pattern="^Welcome to TBS FTP Server\.$">
1425
+ <description>TBS FTP Server</description>
1426
+ <example>Welcome to TBS FTP Server.</example>
1427
+ <param pos="0" name="service.family" value="TBS FTP Server"/>
1428
+ <param pos="0" name="service.product" value="TBS FTP Server"/>
1429
+ </fingerprint>
1430
+ <fingerprint pattern="^Sofrel (S5[\w]+) SN ([\d-]+) ready. Time is (\d{2}:\d{2}:\d{2} \d{2}\/\d{2}\/\d{2})\.$">
1431
+ <description>Sofrel Remote Terminal Unit</description>
1432
+ <example hw.product="S500" host.id="01-499-00427" system.time="00:11:39 01/11/16">Sofrel S500 SN 01-499-00427 ready. Time is 00:11:39 01/11/16.</example>
1433
+ <param pos="0" name="hw.vendor" value="Sofrel"/>
1434
+ <param pos="0" name="hw.family" value="S500 Range"/>
1435
+ <param pos="1" name="hw.product"/>
1436
+ <param pos="2" name="host.id"/>
1437
+ <param pos="0" name="system.time.format" value="HH:mm:ss dd/MM/yy"/>
1438
+ <param pos="3" name="system.time"/>
1439
+ </fingerprint>
1440
+ <fingerprint pattern="^TiMOS-[CB]-([\S]+) cpm\/[\w]+ ALCATEL (SR [\S]+) Copyright .{1,4}$">
1441
+ <description>ALCATEL Service Router running TiMOS</description>
1442
+ <example os.version="13.0.R9">TiMOS-C-13.0.R9 cpm/hops64 ALCATEL SR 7750 Copyright (</example>
1443
+ <example hw.product="SR 7750">TiMOS-C-9.0.R8 cpm/hops ALCATEL SR 7750 Copyright (c) </example>
1444
+ <param pos="0" name="os.vendor" value="ALCATEL"/>
1445
+ <param pos="1" name="os.version"/>
1446
+ <param pos="0" name="hw.vendor" value="ALCATEL"/>
1447
+ <param pos="0" name="hw.family" value="Service Router"/>
1448
+ <param pos="2" name="hw.product"/>
1449
+ </fingerprint>
1450
+ <fingerprint pattern="^(\S+) FTP server ready\.?$" flags="REG_ICASE">
1451
+ <description>Generic FTP fingerprint with a hostname</description>
1452
+ <example host.name="example.com">example.com FTP server ready.</example>
1453
+ <param pos="1" name="host.name"/>
1454
+ </fingerprint>
1455
+ <fingerprint pattern="^(\S+) FTP server \(Version (\d.*)\) ready\.?$" flags="REG_ICASE">
1456
+ <description>Generic FTP fingerprint with a hostname and a version for a generic FTP implementation</description>
1457
+ <example host.name="example.com" service.version="6.00LS">example.com FTP server (Version 6.00LS) ready.</example>
1458
+ <example host.name="example.com" service.version="1.2">example.com FTP server (Version 1.2) ready.</example>
1459
+ <param pos="1" name="host.name"/>
1460
+ <param pos="2" name="service.version"/>
1461
+ </fingerprint>
1462
+ <fingerprint pattern="(?i)^FTP[\- ]+(?:server|service)?(?:(?: is)? ready)?\.?$">
1463
+ <description>Generic FTP fingerprint without a hostname</description>
1464
+ <example>FTP server is ready.</example>
1465
+ <example>FTP Server ready.</example>
1466
+ <example>FTP Server Ready</example>
1467
+ <example>FTP-Server</example>
1468
+ <example>FTP Server</example>
1469
+ <example>FTP service ready.</example>
1470
+ </fingerprint>
1471
+ <fingerprint pattern="^Welcom to ProRat Ftp Server$">
1472
+ <description>The FTP server of the ProRat malware</description>
1473
+ <example>Welcom to ProRat Ftp Server</example>
1474
+ <param pos="0" name="service.vendor" value="Pro Group"/>
1475
+ <param pos="0" name="service.product" value="ProRat"/>
1476
+ </fingerprint>
1477
+ <fingerprint pattern="^(?:(\S+) )?FTP Server \(vftpd ([\d.]+)\) ready\.?$">
1478
+ <description>Vermillion FTP Daemon</description>
1479
+ <example host.name="srv.name" service.version="1.23">srv.name FTP Server (vftpd 1.23) ready.</example>
1480
+ <example service.version="1.31">FTP Server (vftpd 1.31) ready.</example>
1481
+ <param pos="0" name="os.vendor" value="Microsoft"/>
1482
+ <param pos="0" name="os.family" value="Windows"/>
1483
+ <param pos="0" name="os.product" value="Windows"/>
1484
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1485
+ <param pos="0" name="service.vendor" value="Vermillion"/>
1486
+ <param pos="0" name="service.product" value="FTP Daemon"/>
1487
+ <param pos="2" name="service.version"/>
1488
+ <param pos="1" name="host.name"/>
1489
+ </fingerprint>
1490
+ <fingerprint pattern="^(?:(\S+) )?FTP server \(QVT\/Net ([\d.]+)\) ready\.?$">
1491
+ <description>QVT/Net FTP Server</description>
1492
+ <example host.name="siren" service.version="5.1">siren FTP server (QVT/Net 5.1) ready.</example>
1493
+ <example host.name="qpc-qvtnet" service.version="4.1">qpc-qvtnet FTP server (QVT/Net 4.1) ready.</example>
1494
+ <param pos="0" name="os.vendor" value="Microsoft"/>
1495
+ <param pos="0" name="os.family" value="Windows"/>
1496
+ <param pos="0" name="os.product" value="Windows"/>
1497
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1498
+ <param pos="0" name="service.vendor" value="QPC Software"/>
1499
+ <param pos="0" name="service.product" value="QVT/Net"/>
1500
+ <param pos="2" name="service.version"/>
1501
+ <param pos="1" name="host.name"/>
1502
+ </fingerprint>
1503
+ <fingerprint pattern="Amazon\sLinux\sAMI\srelease\s(\d+\.\d+)">
1504
+ <description>Amazon Linux AMI</description>
1505
+ <example os.version="2016.09">Amazon Linux AMI release 2016.09</example>
1506
+ <param pos="0" name="os.vendor" value="Amazon"/>
1507
+ <param pos="0" name="os.family" value="Linux"/>
1508
+ <param pos="0" name="os.product" value="Linux AMI"/>
1509
+ <param pos="1" name="os.version"/>
1510
+ </fingerprint>
1511
+ <!-- Below are banners for FTP service providers, not necessarily
1512
+ specific FTP servers-->
1513
+ <fingerprint pattern="^Idea FTP Server ([\d\.]+) \((.*)\) \[(.+)\]$">
1514
+ <description>Idea FTP Server</description>
1515
+ <example service.version="0.83.213" host.name="localhost" host.ip="1.2.3.4">Idea FTP Server 0.83.213 (localhost) [1.2.3.4]</example>
1516
+ <example service.version="0.80" host.name="subdomain.home.pl" host.ip="1.2.3.4">Idea FTP Server 0.80 (subdomain.home.pl) [1.2.3.4]</example>
1517
+ <param pos="0" name="service.vendor" value="Idea"/>
1518
+ <param pos="0" name="service.product" value="FTP Server"/>
1519
+ <param pos="1" name="service.version"/>
1520
+ <param pos="2" name="host.name"/>
1521
+ <param pos="3" name="host.ip"/>
1522
+ </fingerprint>
1523
+ <fingerprint pattern="^Amazon Ftp$">
1524
+ <description>Amazon FTP endpoint</description>
1525
+ <example>Amazon Ftp</example>
1526
+ <param pos="0" name="service.vendor" value="Amazon"/>
1527
+ <param pos="0" name="service.product" value="FTP Server"/>
1528
+ </fingerprint>
1529
+ <fingerprint pattern="^Dreamhost FTP Server$">
1530
+ <description>Dreamhost FTP endpoint</description>
1531
+ <example>Dreamhost FTP Server</example>
1532
+ <param pos="0" name="service.vendor" value="Dreamhost"/>
1533
+ <param pos="0" name="service.product" value="FTP Server"/>
1534
+ </fingerprint>
1535
+ <fingerprint pattern="^QTCP at ([a-zA-Z0-9\.\_\-]+)$">
1536
+ <description>IBM iSeries FTP</description>
1537
+ <example host.name="core.bank.local.">QTCP at core.bank.local.</example>
1538
+ <param pos="0" name="os.vendor" value="IBM"/>
1539
+ <param pos="0" name="os.family" value="OS/400"/>
1540
+ <param pos="0" name="os.product" value="OS/400"/>
1541
+ <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:-"/>
1542
+ <param pos="1" name="host.name"/>
1543
+ </fingerprint>
1544
+ <fingerprint pattern="^HomeLogic FTP Server">
1545
+ <description>ELAN Smart Home Controller</description>
1546
+ <example>HomeLogic FTP Server Please Give User Name</example>
1547
+ <param pos="0" name="hw.vendor" value="ELAN"/>
1548
+ <param pos="0" name="hw.device" value="Building Automation"/>
1549
+ <param pos="0" name="hw.product" value="Home Controller"/>
1550
+ <param pos="0" name="os.vendor" value="ELAN"/>
1551
+ <param pos="0" name="os.family" value="Linux"/>
1552
+ </fingerprint>
1553
+ </fingerprints>