RubyGems - recog-intrigue - Versions diffs - 2.3.7 - Mend

recog-intrigue 2.3.7

Files changed (130) hide show

checksums.yaml +7 -0
data/.github/ISSUE_TEMPLATE/bug_report.md +37 -0
data/.github/ISSUE_TEMPLATE/feature_request.md +17 -0
data/.github/ISSUE_TEMPLATE/fingerprint_request.md +27 -0
data/.github/PULL_REQUEST_TEMPLATE +24 -0
data/.gitignore +14 -0
data/.rbenv-gemset +1 -0
data/.rspec +3 -0
data/.ruby-gemset +1 -0
data/.ruby-version +1 -0
data/.travis.yml +25 -0
data/.yardopts +1 -0
data/CONTRIBUTING.md +171 -0
data/COPYING +23 -0
data/Gemfile +10 -0
data/LICENSE +7 -0
data/README.md +85 -0
data/Rakefile +22 -0
data/bin/recog_export +81 -0
data/bin/recog_match +55 -0
data/bin/recog_standardize +118 -0
data/bin/recog_verify +64 -0
data/cpe-remap.yaml +134 -0
data/features/data/failing_banners_fingerprints.xml +20 -0
data/features/data/matching_banners_fingerprints.xml +23 -0
data/features/data/multiple_banners_fingerprints.xml +32 -0
data/features/data/no_tests.xml +3 -0
data/features/data/sample_banner.txt +2 -0
data/features/data/successful_tests.xml +18 -0
data/features/data/tests_with_failures.xml +20 -0
data/features/data/tests_with_warnings.xml +17 -0
data/features/match.feature +36 -0
data/features/support/aruba.rb +3 -0
data/features/support/env.rb +6 -0
data/features/verify.feature +48 -0
data/identifiers/README.md +47 -0
data/identifiers/os_architecture.txt +20 -0
data/identifiers/os_device.txt +52 -0
data/identifiers/os_family.txt +160 -0
data/identifiers/os_product.txt +199 -0
data/identifiers/service_family.txt +185 -0
data/identifiers/service_product.txt +255 -0
data/identifiers/software_class.txt +26 -0
data/identifiers/software_family.txt +91 -0
data/identifiers/software_product.txt +333 -0
data/identifiers/vendor.txt +405 -0
data/lib/recog.rb +4 -0
data/lib/recog/db.rb +78 -0
data/lib/recog/db_manager.rb +31 -0
data/lib/recog/fingerprint.rb +280 -0
data/lib/recog/fingerprint/regexp_factory.rb +56 -0
data/lib/recog/fingerprint/test.rb +18 -0
data/lib/recog/formatter.rb +51 -0
data/lib/recog/match_reporter.rb +77 -0
data/lib/recog/matcher.rb +94 -0
data/lib/recog/matcher_factory.rb +14 -0
data/lib/recog/nizer.rb +347 -0
data/lib/recog/verifier.rb +39 -0
data/lib/recog/verifier_factory.rb +13 -0
data/lib/recog/verify_reporter.rb +86 -0
data/lib/recog/version.rb +3 -0
data/misc/convert_mysql_err +61 -0
data/misc/order.xsl +17 -0
data/recog-intrigue.gemspec +45 -0
data/requirements.txt +2 -0
data/spec/data/best_os_match_1.yml +17 -0
data/spec/data/best_os_match_2.yml +17 -0
data/spec/data/best_service_match_1.yml +17 -0
data/spec/data/smb_native_os.txt +25 -0
data/spec/data/test_fingerprints.xml +36 -0
data/spec/data/verification_fingerprints.xml +86 -0
data/spec/data/whitespaced_fingerprint.xml +5 -0
data/spec/lib/fingerprint_self_test_spec.rb +174 -0
data/spec/lib/recog/db_spec.rb +98 -0
data/spec/lib/recog/fingerprint/regexp_factory_spec.rb +73 -0
data/spec/lib/recog/fingerprint_spec.rb +112 -0
data/spec/lib/recog/formatter_spec.rb +69 -0
data/spec/lib/recog/match_reporter_spec.rb +91 -0
data/spec/lib/recog/nizer_spec.rb +330 -0
data/spec/lib/recog/verify_reporter_spec.rb +113 -0
data/spec/spec_helper.rb +82 -0
data/update_cpes.py +186 -0
data/xml/apache_modules.xml +1911 -0
data/xml/apache_os.xml +273 -0
data/xml/architecture.xml +36 -0
data/xml/dns_versionbind.xml +761 -0
data/xml/fingerprints.xsd +128 -0
data/xml/ftp_banners.xml +1553 -0
data/xml/h323_callresp.xml +603 -0
data/xml/hp_pjl_id.xml +358 -0
data/xml/html_title.xml +1630 -0
data/xml/http_cookies.xml +411 -0
data/xml/http_servers.xml +3195 -0
data/xml/http_wwwauth.xml +595 -0
data/xml/imap_banners.xml +245 -0
data/xml/ldap_searchresult.xml +711 -0
data/xml/mdns_device-info_txt.xml +1796 -0
data/xml/mdns_workstation_txt.xml +15 -0
data/xml/mysql_banners.xml +1649 -0
data/xml/mysql_error.xml +871 -0
data/xml/nntp_banners.xml +82 -0
data/xml/ntp_banners.xml +1223 -0
data/xml/operating_system.xml +629 -0
data/xml/pop_banners.xml +499 -0
data/xml/rsh_resp.xml +76 -0
data/xml/rtsp_servers.xml +76 -0
data/xml/sip_banners.xml +359 -0
data/xml/sip_user_agents.xml +221 -0
data/xml/smb_native_lm.xml +62 -0
data/xml/smb_native_os.xml +662 -0
data/xml/smtp_banners.xml +1690 -0
data/xml/smtp_debug.xml +39 -0
data/xml/smtp_ehlo.xml +49 -0
data/xml/smtp_expn.xml +82 -0
data/xml/smtp_help.xml +157 -0
data/xml/smtp_mailfrom.xml +20 -0
data/xml/smtp_noop.xml +44 -0
data/xml/smtp_quit.xml +29 -0
data/xml/smtp_rcptto.xml +25 -0
data/xml/smtp_rset.xml +26 -0
data/xml/smtp_turn.xml +26 -0
data/xml/smtp_vrfy.xml +89 -0
data/xml/snmp_sysdescr.xml +6507 -0
data/xml/snmp_sysobjid.xml +430 -0
data/xml/ssh_banners.xml +1968 -0
data/xml/telnet_banners.xml +1595 -0
data/xml/x11_banners.xml +232 -0
data/xml/x509_issuers.xml +134 -0
data/xml/x509_subjects.xml +1268 -0
metadata +304 -0

@@ -0,0 +1,221 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<fingerprints matches="sip_header.user_agent" protocol="sip" database_type="service">
+  <!--
+  SIP User Agent header values are matched against these patterns to fingerprint SIP devices.
+  -->
+  <!-- Axis devices -->
+  <fingerprint pattern="(?i)^AXIS (\S+) Network Video Door Station$">
+    <description>Axis Network Video Door stations, which have voice</description>
+    <example hw.product="A8105-E">AXIS A8105-E Network Video Door Station</example>
+    <param pos="0" name="hw.vendor" value="Axis"/>
+    <param pos="0" name="hw.device" value="Web cam"/>
+    <param pos="0" name="hw.family" value="Network Video Door Station"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="os.vendor" value="AXIS"/>
+    <param pos="0" name="os.family" value="Linux"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^AXIS (\S+) Network (?:Audio Bridge|(?:Cabinet|Horn) Speaker)$">
+    <description>Axis Network audio devices</description>
+    <example hw.product="C3003-E">AXIS C3003-E Network Horn Speaker</example>
+    <example hw.product="C8033">AXIS C8033 Network Audio Bridge</example>
+    <example hw.product="C1004-E">AXIS C1004-E Network Cabinet Speaker</example>
+    <param pos="0" name="hw.vendor" value="Axis"/>
+    <param pos="0" name="hw.family" value="Network Audio"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="os.vendor" value="AXIS"/>
+    <param pos="0" name="os.family" value="Linux"/>
+  </fingerprint>
+  <!-- Cisco Devices -->
+  <fingerprint pattern="^Cisco-SIPGateway/IOS-([\d\.x]+)$">
+    <description>Cisco SIPGateway</description>
+    <example>Cisco-SIPGateway/IOS-12.x</example>
+    <param pos="0" name="os.vendor" value="Cisco"/>
+    <param pos="0" name="os.product" value="IOS"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:{os.version}"/>
+  </fingerprint>
+  <!-- AVM.DE Devices -->
+  <fingerprint pattern="^FRITZ!OS$">
+    <description>AVM FritzOS Device</description>
+    <example>FRITZ!OS</example>
+    <param pos="0" name="os.vendor" value="AVM"/>
+    <param pos="0" name="os.product" value="FRITZ!BOX"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:AVM )?(FRITZ!Box .*) +(\d+\.\d+\.\d+)">
+    <description>AVM FritzBox</description>
+    <example>AVM FRITZ!Box Fon 06.03.13</example>
+    <example>AVM FRITZ!Box Fon 06.03.65 (Jun  7 2005)</example>
+    <example>AVM FRITZ!Box Fon 5010 Annex A (ITA) 48.04.46 (Sep 14 2007)</example>
+    <example>AVM FRITZ!Box Fon 5012 (UI) 25.03.90 (3.01.03 tested by accredited T-Com test lab) (Oct 28 2005)</example>
+    <example>AVM FRITZ!Box Fon 5113 Annex A 83.04.69 (Dec  2 2008)</example>
+    <example>AVM FRITZ!Box Fon 5124 56.04.77 (Feb 14 2014)</example>
+    <example>AVM FRITZ!Box Fon 7170 Annex A.B ML Speedport W701V 58.04.67 (Dec 18 2008)</example>
+    <example>AVM FRITZ!Box 3272 126.05.50 (Feb 27 2013)</example>
+    <example>AVM FRITZ!Box 7170 Annex A 58.04.85 (Apr  4 2011)</example>
+    <example>AVM FRITZ!Box 7312 117.05.23 TAL (Jun  1 2012)</example>
+    <example>AVM FRITZ!Box WLAN 3270 v3 Edition Italia 125.05.52 (Feb  7 2014)</example>
+    <example>AVM FRITZ!Box Speedport W701V Annex A 58.04.82 (May 12 2010)</example>
+    <param pos="0" name="os.vendor" value="AVM"/>
+    <param pos="0" name="os.family" value="FRITZ!Box"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:AVM )?(FRITZ!Fon .*) +(\d+\.\d+\.\d+)">
+    <description>AVM FritzFon</description>
+    <example>AVM FRITZ!Fon 7150 (fs) 38.04.56 (Mar 31 2008)</example>
+    <example>AVM FRITZ!Fon WLAN 7150 Annex A 58.04.84 (Apr  4 2011)</example>
+    <param pos="0" name="os.vendor" value="AVM"/>
+    <param pos="0" name="os.family" value="FRITZ!Fon"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:AVM )?(Multibox .*) +(\d+\.\d+\.\d+)">
+    <description>AVM Multibox</description>
+    <example>AVM Multibox 7390 NGN 84.05.09 (Jan 13 2012)</example>
+    <param pos="0" name="os.vendor" value="AVM"/>
+    <param pos="0" name="os.family" value="Multibox"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <!-- Huawei devices -->
+  <fingerprint pattern="(?i)^Huawei$">
+    <description>Huawei generic</description>
+    <example>Huawei</example>
+    <param pos="0" name="hw.vendor" value="Huawei"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^Huawei-HomeGateway/V(?:\d.*)$">
+    <description>Huawei Home Gateway</description>
+    <example>Huawei-HomeGateway/V100R001</example>
+    <param pos="0" name="hw.vendor" value="Huawei"/>
+    <param pos="0" name="hw.device" value="Broadband router"/>
+    <param pos="0" name="hw.product" value="Home Gateway"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^Huawei-EchoLife (HG.*)/V(?:\d.*)$">
+    <description>Huawei EchoLife Home Gateway</description>
+    <example hw.model="HG8121H">HUAWEI-EchoLife HG8121H/V3R018C00S110</example>
+    <param pos="0" name="hw.vendor" value="Huawei"/>
+    <param pos="0" name="hw.device" value="Broadband router"/>
+    <param pos="0" name="hw.product" value="EchoLife Home Gateway"/>
+    <param pos="1" name="hw.model"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^Huawei (SoftX\d+) (?:V\d.*)$">
+    <description>Huawei Softswitch</description>
+    <example hw.model="SoftX3000">Huawei SoftX3000 V300R010</example>
+    <param pos="0" name="hw.vendor" value="Huawei"/>
+    <param pos="0" name="hw.device" value="Telecom"/>
+    <param pos="0" name="hw.product" value="Softswitch"/>
+    <param pos="1" name="hw.model"/>
+  </fingerprint>
+  <fingerprint pattern="^Mitel-(\S+)-SIP-Phone ([\d\.]+) (.{12})$">
+    <description>Mitel SIP Phones</description>
+    <example hw.product="5320" hw.version="06.05.00.11" host.mac="010203040506">Mitel-5320-SIP-Phone 06.05.00.11 010203040506</example>
+    <param pos="0" name="hw.vendor" value="Mitel"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="2" name="hw.version"/>
+    <param pos="3" name="host.mac"/>
+  </fingerprint>
+  <fingerprint pattern="^Mitel Border GW/(\S+)$">
+    <description>Mitel SIP Gateway</description>
+    <example hw.version="4.0.0.9">Mitel Border GW/4.0.0.9</example>
+    <param pos="0" name="hw.vendor" value="Mitel"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="0" name="hw.product" value="Border GW"/>
+    <param pos="1" name="hw.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:Polycom/[\d\.]+ )?Polycom(SoundPoint|VVX|SoundStation)\S+_(\d+)-UA/([\d\.]+)(?:_(.{12}))?$">
+    <description>Polycom SoundPoint, SountdStation, VVX VoIP phones</description>
+    <example hw.version="5.8.0.13337" hw.family="VVX" hw.product="VVX 350">PolycomVVX-VVX_350-UA/5.8.0.13337</example>
+    <example hw.version="4.1.4.7430" hw.family="VVX" hw.product="VVX 400" host.mac="010203040506">PolycomVVX-VVX_400-UA/4.1.4.7430_010203040506</example>
+    <example hw.version="5.5.0.23866" hw.family="VVX" hw.product="VVX 501">Polycom/5.5.0.23866 PolycomVVX-VVX_501-UA/5.5.0.23866</example>
+    <example hw.version="4.0.7.2514" hw.family="SoundPoint" hw.product="SoundPoint 670">PolycomSoundPointIP-SPIP_670-UA/4.0.7.2514</example>
+    <example hw.version="4.0.8.1608" hw.model="7000" hw.family="SoundStation" hw.product="SoundStation 7000">PolycomSoundStationIP-SSIP_7000-UA/4.0.8.1608</example>
+    <param pos="0" name="hw.vendor" value="Polycom"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="1" name="hw.family"/>
+    <param pos="0" name="hw.product" value="{hw.family} {hw.model}"/>
+    <param pos="2" name="hw.model"/>
+    <param pos="3" name="hw.version"/>
+    <param pos="4" name="host.mac"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:Polycom/[\d\.]+ )?Polycom(?:RealPresenceTrio)-Trio_(\S+)-UA/([\d\.]+)(?:_(.{12}))?$">
+    <description>Polycom RealPresence Trio Phones</description>
+    <example hw.version="5.4.0.12197" hw.product="RealPresence Trio 8800">PolycomRealPresenceTrio-Trio_8800-UA/5.4.0.12197</example>
+    <example hw.version="5.7.2.3123" hw.product="RealPresence Trio Visual+">PolycomRealPresenceTrio-Trio_Visual+-UA/5.7.2.3123</example>
+    <example hw.version="5.4.3.2389" hw.product="RealPresence Trio 8800">Polycom/5.4.3.2389 PolycomRealPresenceTrio-Trio_8800-UA/5.4.3.2389</example>
+    <param pos="0" name="hw.vendor" value="Polycom"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="0" name="hw.family" value="RealPresence"/>
+    <param pos="0" name="hw.product" value="RealPresence Trio {hw.model}"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="2" name="hw.version"/>
+    <param pos="3" name="host.mac"/>
+  </fingerprint>
+  <fingerprint pattern="^Polycom ?HDX ?(\d+)(?: ?HD)?(?:/| \(Release - )([^\)]+)\)?">
+    <description>Polycom HDX Video Conferencing</description>
+    <example hw.model="9006" hw.product="HDX 9006" hw.version="3.0.6-37004">Polycom HDX 9006 (Release - 3.0.6-37004)</example>
+    <example hw.model="4000" hw.product="HDX 4000" hw.version="3.1.0">PolycomHDX4000/3.1.0</example>
+    <example hw.model="7000" hw.product="HDX 7000" hw.version="3.0.2.1-17007">Polycom HDX 7000 HD (Release - 3.0.2.1-17007)</example>
+    <example hw.model="8000" hw.product="HDX 8000" hw.version="3.1.7">PolycomHDX8000HD/3.1.7</example>
+    <param pos="0" name="hw.vendor" value="Polycom"/>
+    <param pos="0" name="hw.family" value="HDX"/>
+    <param pos="0" name="hw.device" value="Video Conferencing"/>
+    <param pos="0" name="hw.product" value="HDX {hw.model}"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="2" name="hw.version"/>
+  </fingerprint>
+  <fingerprint pattern="^PolycomRealPresenceGroup(\d+)/([\d\._]+)+$">
+    <description>Polycom RealPresence Group Video Conferencing</description>
+    <example hw.model="700" hw.product="RealPresence Group 700" hw.version="6.2.0">PolycomRealPresenceGroup700/6.2.0</example>
+    <param pos="0" name="hw.vendor" value="Polycom"/>
+    <param pos="0" name="hw.family" value="RealPresence Group"/>
+    <param pos="0" name="hw.device" value="Video Conferencing"/>
+    <param pos="0" name="hw.product" value="RealPresence Group {hw.model}"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="2" name="hw.version"/>
+  </fingerprint>
+  <fingerprint pattern="^Nero SIPPS IP Phone Version ([\d\.]+)+$">
+    <description>Nero SIPPS IP Phone</description>
+    <example service.version="2.0.51.16">Nero SIPPS IP Phone Version 2.0.51.16</example>
+    <param pos="0" name="service.vendor" value="Nero"/>
+    <param pos="0" name="service.family" value="SIPPS"/>
+    <param pos="0" name="service.protocol" value="VoIP"/>
+    <param pos="0" name="service.product" value="SIPPS IP Phone"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^ShoreGear/([\d\.]+)\s+\(ShoreTel \d+\)$">
+    <description>ShoreTel VoIP Switch</description>
+    <example hw.version="21.90.4128.0">ShoreGear/21.90.4128.0 (ShoreTel 15)</example>
+    <example hw.version="22.11.4900.0">ShoreGear/22.11.4900.0 (ShoreTel 15)</example>
+    <param pos="0" name="hw.vendor" value="ShoreTel"/>
+    <param pos="0" name="hw.device" value="VoIP Switch"/>
+    <param pos="1" name="hw.version"/>
+  </fingerprint>
+  <fingerprint pattern="^MERCURY-([a-fA-F0-9]{12})$">
+    <description>Crestron Mercury</description>
+    <example host.mac="00107F1ABAA0">MERCURY-00107F1ABAA0</example>
+    <param pos="0" name="hw.vendor" value="Crestron"/>
+    <param pos="0" name="hw.device" value="Video Conferencing"/>
+    <param pos="0" name="hw.product" value="Mercury"/>
+    <param pos="0" name="os.vendor" value="Crestron"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.device" value="Video Conferencing"/>
+    <param pos="1" name="host.mac"/>
+  </fingerprint>
+  <fingerprint pattern="^IPDECT/([\d\.]+)\s+\(MAC=([a-fA-F0-9]{12}); SER=">
+    <description>Konftel IP Phone</description>
+    <example host.mac="00087B0F1D30" hw.version="03.55.0013">IPDECT/03.55.0013 (MAC=00087B0F1D30; SER= 00000; HW=1)</example>
+    <param pos="0" name="hw.vendor" value="Konftel"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="1" name="hw.version"/>
+    <param pos="2" name="host.mac"/>
+  </fingerprint>
+  <fingerprint pattern="^Sangoma ([^\s]+) V([a-zA-Z0-9\.]+)=?">
+    <description>Sangoma IP Phone</description>
+    <example hw.product="S305" hw.version="3.0.4.72">Sangoma S305 V3.0.4.72</example>
+    <param pos="0" name="hw.vendor" value="Sangoma"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="2" name="hw.version"/>
+    <param pos="1" name="hw.product"/>
+  </fingerprint>
+</fingerprints>

data/xml/smb_native_lm.xml ADDED

@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<fingerprints matches="smb.native_lm" protocol="smb" database_type="service">
+  <!--
+    SMB fingerprints obtained from the Native LM (LAN manager) field of SMB
+    negotations
+  -->
+  <!-- Mac OS X -->
+  <fingerprint pattern="^Samba (3\.0\.28a-apple)$">
+    <description>Samba on OS X 10.6</description>
+    <example service.version="3.0.28a-apple">Samba 3.0.28a-apple</example>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="os.family" value="Mac OS X"/>
+    <param pos="0" name="os.product" value="Mac OS X"/>
+    <param pos="0" name="os.version" value="10.6"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.6"/>
+    <param pos="0" name="service.vendor" value="Samba"/>
+    <param pos="0" name="service.product" value="Samba"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Samba (3\.0\.25b-apple)$">
+    <description>Samba on OS X 10.5</description>
+    <example service.version="3.0.25b-apple">Samba 3.0.25b-apple</example>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="os.family" value="Mac OS X"/>
+    <param pos="0" name="os.product" value="Mac OS X"/>
+    <param pos="0" name="os.version" value="10.5"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.5"/>
+    <param pos="0" name="service.vendor" value="Samba"/>
+    <param pos="0" name="service.product" value="Samba"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
+  </fingerprint>
+  <!-- TODO: Detect vendor, distribution, and package versions -->
+  <fingerprint pattern="^Samba (\d\.\d+.\d+\w*)">
+    <description>Samba</description>
+    <example>Samba 3.0.24</example>
+    <example>Samba 3.0.28a</example>
+    <example>Samba 3.0.32-0.2-2210-SUSE-SL10.3</example>
+    <example>Samba 3.6.3</example>
+    <example>Samba 3.6.6</example>
+    <example>Samba 3.6.9-151.el6_4.1</example>
+    <param pos="0" name="service.vendor" value="Samba"/>
+    <param pos="0" name="service.product" value="Samba"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Netreon LANMAN 1.0$">
+    <description>Netreon SAN software</description>
+    <example>Netreon LANMAN 1.0</example>
+    <param pos="0" name="service.vendor" value="Netreon"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^MikrotikSMB$">
+    <description>Mikrotik</description>
+    <example>MikrotikSMB</example>
+    <param pos="0" name="os.vendor" value="MikroTik"/>
+    <param pos="0" name="os.device" value="Router"/>
+    <param pos="0" name="os.family" value="RouterOS"/>
+    <param pos="0" name="os.product" value="RouterOS"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:-"/>
+  </fingerprint>
+</fingerprints>

data/xml/smb_native_os.xml ADDED

@@ -0,0 +1,662 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<fingerprints matches="smb.native_os" protocol="smb" database_type="util.os">
+  <!--
+    SMB fingerprints obtained from the Native OS field of SMB negotations
+  -->
+  <fingerprint pattern="^(Windows NT \d\.\d+)$">
+    <description>Windows NT</description>
+    <example os.product="Windows NT 4.0">Windows NT 4.0</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="1" name="os.product"/>
+  </fingerprint>
+  <fingerprint pattern="^(Windows (?:95|98|ME))$">
+    <description>Windows 95/98/ME</description>
+    <example os.product="Windows 95">Windows 95</example>
+    <example os.product="Windows 98">Windows 98</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="1" name="os.product"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows 5\.0$">
+    <description>Windows 2000</description>
+    <example>Windows 5.0</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows 2000"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows 5\.1$">
+    <description>Windows XP</description>
+    <example>Windows 5.1</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows XP"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows XP (\d+) (Service Pack \d+)$">
+    <description>Windows XP with Service Pack</description>
+    <example os.build="2600" os.version="Service Pack 1">Windows XP 2600 Service Pack 1</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows XP"/>
+    <param pos="1" name="os.build"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:{os.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows XP (\d+)$">
+    <description>Windows XP with build number</description>
+    <example os.build="2600">Windows XP 2600</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows XP"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows XP (Home|Professional)(?: Edition)?$">
+    <description>Windows XP without a version</description>
+    <example os.edition="Home">Windows XP Home Edition</example>
+    <example os.edition="Professional">Windows XP Professional</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows XP"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows \.NET">
+    <description>Windows Server 2003 Beta</description>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2003"/>
+    <param pos="0" name="os.version" value="Beta"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:Beta"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Server 2003 R2 (\d+)$">
+    <description>Windows Server 2003 R2</description>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2003 R2"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Server 2003 R2 (\d+) (Service Pack \d+)(?:, v\.\d+)?$">
+    <description>Windows Server 2003 R2 (SP)</description>
+    <example os.build="3790" os.version="Service Pack 2">Windows Server 2003 R2 3790 Service Pack 2</example>
+    <example os.build="3790" os.version="Service Pack 2">Windows Server 2003 R2 3790 Service Pack 2, v.2825</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2003 R2"/>
+    <param pos="1" name="os.build"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:{os.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Server 2003 (\d+)$">
+    <description>Windows Server 2003 with a build</description>
+    <example os.build="3790">Windows Server 2003 3790</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2003"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Server 2003$">
+    <description>Windows Server 2003 without a build</description>
+    <example>Windows Server 2003</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2003"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Server 2003 (\d+) (Service Pack \d+)(?:, v\.\d+)?$">
+    <description>Windows Server 2003 (SP)</description>
+    <example os.build="3790" os.version="Service Pack 1">Windows Server 2003 3790 Service Pack 1, v.3309</example>
+    <example os.build="3790" os.version="Service Pack 2">Windows Server 2003 3790 Service Pack 2</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2003"/>
+    <param pos="1" name="os.build"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:{os.version}"/>
+  </fingerprint>
+  <!-- Note that 2008 SP1 is technically "2008 Gold" according to Microsoft -->
+  <fingerprint pattern="^Windows Server 2008$">
+    <description>Windows Server 2008 without a build</description>
+    <example>Windows Server 2008</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Server \(R\) 2008 (\w+|\w+ \w+|\w+ \w+ \w+)(?: (?:with|without) Hyper-V|) (\d+) (Service Pack \d+)(?:, v\.\d+)?$">
+    <description>Windows Server 2008</description>
+    <example os.edition="Enterprise" os.version="Service Pack 1">Windows Server (R) 2008 Enterprise without Hyper-V 6001 Service Pack 1</example>
+    <example os.edition="Enterprise" os.version="Service Pack 2">Windows Server (R) 2008 Enterprise 6002 Service Pack 2, v.275</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="3" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows \(R\) Web Server 2008 (\d+) (Service Pack \d+)$">
+    <description>Windows Web Server 2008 (SP)</description>
+    <example os.edition="Web" os.version="Service Pack 2">Windows (R) Web Server 2008 6002 Service Pack 2</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008"/>
+    <param pos="0" name="os.edition" value="Web"/>
+    <param pos="1" name="os.build"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows \(R\) Web Server 2008 (\d+)$">
+    <description>Windows Web Server 2008</description>
+    <example>Windows (R) Web Server 2008 6002</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008"/>
+    <param pos="0" name="os.edition" value="Web"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
+  </fingerprint>
+  <!-- TODO: Need an example string -->
+  <fingerprint pattern="^Windows \(R\) Storage Server 2008 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
+    <description>Windows Server 2008 Storage (SP)</description>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008"/>
+    <param pos="0" name="os.edition" value="Storage"/>
+    <param pos="1" name="os.build"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
+  </fingerprint>
+  <!-- TODO: Need an example string -->
+  <fingerprint pattern="^Windows \(R\) Storage Server 2008 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows Web Server 2008 Storage</description>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008"/>
+    <param pos="0" name="os.edition" value="Storage"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Server 2008 HPC Edition (\d+) (Service Pack \d+)$">
+    <description>Windows Server 2008 HPC</description>
+    <example>Windows Server 2008 HPC Edition 7601 Service Pack 1</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008"/>
+    <param pos="0" name="os.edition" value="HPC"/>
+    <param pos="1" name="os.build"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
+  </fingerprint>
+  <!-- TODO: Need an example string -->
+  <fingerprint pattern="^Windows Server 2008 HPC Edition (\d+)$">
+    <description>Windows Web Server 2008 HPC</description>
+    <example>Windows Server 2008 HPC Edition 7600</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008"/>
+    <param pos="0" name="os.edition" value="HPC"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
+  </fingerprint>
+  <!-- 2008 R2 -->
+  <fingerprint pattern="^Windows Server 2008 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)(?:, v\.\d+)?$">
+    <description>Windows Server 2008 R2</description>
+    <example>Windows Server 2008 R2 Enterprise 7601 Service Pack 1</example>
+    <example>Windows Server 2008 R2 Standard 7601 Service Pack 1</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="3" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Server 2008 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows Server 2008 R2 without Service Pack</description>
+    <example os.edition="Enterprise">Windows Server 2008 R2 Enterprise 7600</example>
+    <example os.edition="Standard">Windows Server 2008 R2 Standard 7600</example>
+    <example os.edition="Datacenter">Windows Server 2008 R2 Datacenter 7600</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Server 2016(?: Technical Preview \d+)? (\w+|\w+ \w+|\w+ \w+ \w+)(?: Evaluation)? (\d+)$">
+    <description>Windows Server 2016 with a build, without service pack</description>
+    <example os.edition="Datacenter" os.build="14393">Windows Server 2016 Datacenter 14393</example>
+    <example os.edition="Standard" os.build="14393">Windows Server 2016 Standard Evaluation 14393</example>
+    <example os.edition="Essentials" os.build="10586">Windows Server 2016 Technical Preview 4 Essentials 10586</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2016"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Storage Server 2016 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows Server 2016 Storage</description>
+    <example os.build="14393">Windows Storage Server 2016 Standard 14393</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2016"/>
+    <param pos="0" name="os.edition" value="Storage"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Web Server 2008 R2 (\d+) (Service Pack \d+)$">
+    <description>Windows Server 2008 R2 Web</description>
+    <example os.version="Service Pack 1">Windows Web Server 2008 R2 7601 Service Pack 1</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
+    <param pos="0" name="os.edition" value="Web"/>
+    <param pos="1" name="os.build"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Web Server 2008 R2 (\d+)$">
+    <description>Windows Web Server 2008 R2 Web</description>
+    <example>Windows Web Server 2008 R2 7600</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
+    <param pos="0" name="os.edition" value="Web"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Storage Server 2008 R2 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
+    <description>Windows Server 2008 Storage R2 (SP)</description>
+    <example os.version="Service Pack 1" os.build="7601">Windows Storage Server 2008 R2 Essentials 7601 Service Pack 1</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
+    <param pos="0" name="os.edition" value="Storage"/>
+    <param pos="1" name="os.build"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Vista \(TM\) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
+    <description>Windows Vista (SP)</description>
+    <example os.edition="Home Premium" os.version="Service Pack 2">Windows Vista (TM) Home Premium 6002 Service Pack 2</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Vista"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="3" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_vista:{os.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Vista \(TM\) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows Vista</description>
+    <example os.edition="Home Premium">Windows Vista (TM) Home Premium 6000</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Vista"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_vista:-"/>
+  </fingerprint>
+  <fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)(?:, v\.\d+)?$">
+    <description>Windows 7/8 (SP + Edition)</description>
+    <example os.edition="Enterprise" os.version="Service Pack 1">Windows 7 Enterprise 7601 Service Pack 1</example>
+    <example os.edition="Starter" os.version="Service Pack 1">Windows 7 Starter 7601 Service Pack 1</example>
+    <example os.edition="Ultimate" os.build="7601" os.version="Service Pack 1">Windows 7 Ultimate 7601 Service Pack 1, v.178</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.edition"/>
+    <param pos="3" name="os.build"/>
+    <param pos="4" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\d+) (Service Pack \d+)$">
+    <description>Windows 7/8 (SP)</description>
+    <example os.version="Service Pack 1">Windows 7 7601 Service Pack 1</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.build"/>
+    <param pos="3" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows 7/8 (Edition)</description>
+    <example os.edition="Enterprise">Windows 7 Enterprise 7600</example>
+    <example os.edition="Enterprise">Windows 8.1 Enterprise 9600</example>
+    <example os.edition="Enterprise">Windows 8 Enterprise 9200</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.edition"/>
+    <param pos="3" name="os.build"/>
+  </fingerprint>
+  <fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\d+)$">
+    <description>Windows 7/8</description>
+    <example>Windows 8 9200</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.build"/>
+  </fingerprint>
+  <!-- Windows 2012 R2 matches go first to simplify the regular expressions -->
+  <!-- TODO: Need an example string -->
+  <fingerprint pattern="^Windows Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
+    <description>Windows Server 2012 R2 (SP)</description>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="3" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:{os.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows Server 2012 R2</description>
+    <example os.edition="Standard">Windows Server 2012 R2 Standard 9600</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
+  </fingerprint>
+  <!-- TODO: Need an example string -->
+  <fingerprint pattern="^Windows Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
+    <description>Windows Server 2012 (SP)</description>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="3" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:{os.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows Server 2012</description>
+    <example>Windows Server 2012 Standard 9200</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows MultiPoint Server 2012 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
+    <description>Windows MultiPoint Server 2012 (SP)</description>
+    <example os.build="9201" os.version="Service Pack 1">Windows MultiPoint Server 2012 Premium 9201 Service Pack 1</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012"/>
+    <param pos="0" name="os.edition" value="MultiPoint"/>
+    <param pos="1" name="os.build"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:{os.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows MultiPoint Server 2012 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows MultiPoint Server 2012</description>
+    <example os.build="9200">Windows MultiPoint Server 2012 Premium 9200</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012"/>
+    <param pos="0" name="os.edition" value="MultiPoint"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
+  </fingerprint>
+  <!-- Windows 10 Preview -->
+  <fingerprint pattern="^Windows 10 (\w+|\w+ \w+|\w+ \w+ \w+) Insider Preview (\d+)$">
+    <description>Windows 10 Enterprise Insider Preview</description>
+    <example os.build="10130" os.edition="Enterprise">Windows 10 Enterprise Insider Preview 10130</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows 10"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_10:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows 10 ((?:\w+|\w+ \w+|\w+ \w+ \w+)(?: LTSB(?: Evaluation)?)?) (\d+)$">
+    <description>Windows 10</description>
+    <example os.build="10130" os.edition="Enterprise">Windows 10 Enterprise 10130</example>
+    <example os.build="10130" os.edition="Mobile Enterprise">Windows 10 Mobile Enterprise 10130</example>
+    <example os.build="10130" os.edition="Mobile">Windows 10 Mobile 10130</example>
+    <example os.build="10130" os.edition="Home">Windows 10 Home 10130</example>
+    <example os.build="10130" os.edition="Education">Windows 10 Education 10130</example>
+    <example os.build="10130" os.edition="Professional">Windows 10 Professional 10130</example>
+    <example os.build="10240" os.edition="Enterprise N 2015 LTSB">Windows 10 Enterprise N 2015 LTSB 10240</example>
+    <example os.build="14393" os.edition="Enterprise 2016 LTSB Evaluation">Windows 10 Enterprise 2016 LTSB Evaluation 14393</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows 10"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_10:-"/>
+  </fingerprint>
+  <fingerprint pattern="^VxWorks">
+    <description>VxWorks</description>
+    <example>VxWorks</example>
+    <param pos="0" name="os.certainty" value="0.5"/>
+    <param pos="0" name="os.vendor" value="Wind River"/>
+    <param pos="0" name="os.product" value="VxWorks"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-"/>
+    <param pos="0" name="service.vendor" value="Wind River"/>
+    <param pos="0" name="service.product" value="VxWorks CIFS"/>
+  </fingerprint>
+  <fingerprint pattern="^OS/400 \D(\d+)\D(\d+)\D(\d+)">
+    <description>OS/400</description>
+    <example os.version="4" os.version.version="5" os.version.version.version="0">OS/400 V4R5M0</example>
+    <param pos="0" name="os.vendor" value="IBM"/>
+    <param pos="0" name="os.product" value="OS/400"/>
+    <param pos="1" name="os.version"/>
+    <param pos="2" name="os.version.version"/>
+    <param pos="3" name="os.version.version.version"/>
+  </fingerprint>
+  <fingerprint pattern="^Apple Base Station$">
+    <description>SMB exposed via SMB shared USB disks on Apple devices</description>
+    <example>Apple Base Station</example>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="hw.vendor" value="Apple"/>
+  </fingerprint>
+  <fingerprint pattern="^EMC-SNAS:T([\d\.]+)?$">
+    <description>EMC Celerra</description>
+    <example service.version="7.1.80.7">EMC-SNAS:T7.1.80.7</example>
+    <param pos="0" name="service.vendor" value="EMC"/>
+    <param pos="0" name="service.product" value="Celerra"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="EMC"/>
+    <param pos="0" name="os.device" value="Storage"/>
+    <param pos="0" name="os.product" value="Celerra"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="EMC"/>
+    <param pos="0" name="hw.device" value="Storage"/>
+    <param pos="0" name="hw.product" value="Celerra"/>
+  </fingerprint>
+  <fingerprint pattern="^Netreon OS 1.0$">
+    <description>Netreon SAN software</description>
+    <example>Netreon OS 1.0</example>
+    <param pos="0" name="service.vendor" value="Netreon"/>
+  </fingerprint>
+  <!-- VisionFS -->
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)ai(\d{4})">
+    <description>AIX</description>
+    <example service.version="9876">axai9876</example>
+    <param pos="0" name="os.vendor" value="IBM"/>
+    <param pos="0" name="os.family" value="AIX"/>
+    <param pos="0" name="os.product" value="AIX"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:-"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)dg(\d{4})">
+    <description>DG/UX</description>
+    <example service.version="9876">i3dg9876</example>
+    <param pos="0" name="os.vendor" value="Data General"/>
+    <param pos="0" name="os.family" value="DG/UX"/>
+    <param pos="0" name="os.product" value="DG/UX"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)dw(\d{4})">
+    <description>Darwin</description>
+    <example service.version="9876">m8dw9876</example>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="os.family" value="Mac OS X"/>
+    <param pos="0" name="os.product" value="Mac OS X"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:-"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)dy(\d{4})">
+    <description>DYNIX</description>
+    <example service.version="9876">m8dy9876</example>
+    <param pos="0" name="os.vendor" value="Sequent"/>
+    <param pos="0" name="os.family" value="Dynix"/>
+    <param pos="0" name="os.product" value="Dynix"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)fb(\d{4})">
+    <description>FreeBSD</description>
+    <example service.version="9876">m8fb9876</example>
+    <param pos="0" name="os.vendor" value="FreeBSD"/>
+    <param pos="0" name="os.family" value="FreeBSD"/>
+    <param pos="0" name="os.product" value="FreeBSD"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:freebsd:freebsd:-"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)hp(\d{4})">
+    <description>HP-UX</description>
+    <example service.version="9876">m8hp9876</example>
+    <param pos="0" name="os.vendor" value="HP"/>
+    <param pos="0" name="os.family" value="HP-UX"/>
+    <param pos="0" name="os.product" value="HP-UX"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)ir(\d{4})">
+    <description>IRIX</description>
+    <example service.version="9876">m8ir9876</example>
+    <param pos="0" name="os.vendor" value="SGI"/>
+    <param pos="0" name="os.family" value="Irix"/>
+    <param pos="0" name="os.product" value="Irix"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:sgi:irix:-"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)li(\d{4})">
+    <description>Linux</description>
+    <example service.version="9876">m8li9876</example>
+    <param pos="0" name="os.vendor" value="Linux"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:-"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)mo(\d{4})">
+    <description>SVR</description>
+    <example service.version="9876">m8mo9876</example>
+    <param pos="0" name="os.vendor" value="Motorola"/>
+    <param pos="0" name="os.family" value="SVR4"/>
+    <param pos="0" name="os.product" value="SVR"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)o1(\d{4})">
+    <description>OSF/1</description>
+    <example service.version="9876">m8o19876</example>
+    <param pos="0" name="os.vendor" value="DEC"/>
+    <param pos="0" name="os.family" value="Digital UNIX"/>
+    <param pos="0" name="os.product" value="OSF/1"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)ro(\d{4})">
+    <description>RISC OS</description>
+    <example service.version="9876">m8ro9876</example>
+    <param pos="0" name="os.family" value="RISC OS"/>
+    <param pos="0" name="os.product" value="RISC OS"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)sc(\d{4})">
+    <description>OpenServer</description>
+    <example service.version="9876">m8sc9876</example>
+    <param pos="0" name="os.vendor" value="SCO"/>
+    <param pos="0" name="os.family" value="OpenServer"/>
+    <param pos="0" name="os.product" value="OpenServer"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)so(\d{4})">
+    <description>SunOS</description>
+    <example service.version="9876">m8so9876</example>
+    <param pos="0" name="os.vendor" value="Sun"/>
+    <param pos="0" name="os.family" value="SunOS"/>
+    <param pos="0" name="os.product" value="SunOS"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:sun:sunos:-"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)su(\d{4})">
+    <description>Solaris</description>
+    <example service.version="9876">m8su9876</example>
+    <param pos="0" name="os.vendor" value="Sun"/>
+    <param pos="0" name="os.family" value="Solaris"/>
+    <param pos="0" name="os.product" value="Solaris"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:-"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)sx(\d{4})">
+    <description>SINIX</description>
+    <example service.version="9876">m8sx9876</example>
+    <param pos="0" name="os.vendor" value="Siemens"/>
+    <param pos="0" name="os.family" value="SINIX"/>
+    <param pos="0" name="os.product" value="SINIX"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)ul(\d{4})">
+    <description>Ultrix/1</description>
+    <example service.version="9876">m8ul9876</example>
+    <param pos="0" name="os.vendor" value="DEC"/>
+    <param pos="0" name="os.family" value="Ultrix"/>
+    <param pos="0" name="os.product" value="Ultrix"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)un(\d{4})">
+    <description>UnixWare</description>
+    <example service.version="9876">m8un9876</example>
+    <param pos="0" name="os.vendor" value="SCO"/>
+    <param pos="0" name="os.family" value="UnixWare"/>
+    <param pos="0" name="os.product" value="UnixWare"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)wi(\d{4})">
+    <description>Windows</description>
+    <example service.version="9876">m8wi9876</example>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?i:unix)$">
+    <description>Generally some Samba variant, which reports Unix</description>
+    <example>Unix</example>
+    <param pos="0" name="os.family" value="Unix"/>
+    <param pos="0" name="os.certainty" value="0.75"/>
+    <param pos="0" name="service.product" value="Samba"/>
+    <param pos="0" name="service.vendor" value="Samba"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:-"/>
+  </fingerprint>
+</fingerprints>