recog-intrigue 2.3.7 → 2.3.14

Sign up to get free protection for your applications and to get access to all the features.
Files changed (70) hide show
  1. checksums.yaml +4 -4
  2. data/.github/SECURITY.md +35 -0
  3. data/.gitignore +9 -0
  4. data/CONTRIBUTING.md +136 -37
  5. data/README.md +18 -16
  6. data/bin/recog_cleanup +16 -0
  7. data/bin/recog_standardize +30 -6
  8. data/cpe-remap.yaml +38 -1
  9. data/identifiers/README.md +9 -0
  10. data/identifiers/hw_device.txt +77 -0
  11. data/identifiers/hw_family.txt +96 -0
  12. data/identifiers/hw_product.txt +328 -0
  13. data/identifiers/os_architecture.txt +6 -6
  14. data/identifiers/os_device.txt +45 -3
  15. data/identifiers/os_family.txt +206 -41
  16. data/identifiers/os_product.txt +238 -17
  17. data/identifiers/service_family.txt +144 -57
  18. data/identifiers/service_product.txt +385 -83
  19. data/identifiers/vendor.txt +554 -68
  20. data/lib/recog/version.rb +1 -1
  21. data/requirements.txt +1 -1
  22. data/update_cpes.py +4 -1
  23. data/xml/apache_modules.xml +292 -5
  24. data/xml/apache_os.xml +41 -2
  25. data/xml/architecture.xml +11 -3
  26. data/xml/dns_versionbind.xml +200 -26
  27. data/xml/favicons.xml +1701 -0
  28. data/xml/ftp_banners.xml +256 -23
  29. data/xml/h323_callresp.xml +112 -12
  30. data/xml/hp_pjl_id.xml +47 -5
  31. data/xml/html_title.xml +1156 -70
  32. data/xml/http_cookies.xml +69 -11
  33. data/xml/http_servers.xml +1094 -107
  34. data/xml/http_wwwauth.xml +143 -27
  35. data/xml/imap_banners.xml +62 -13
  36. data/xml/ldap_searchresult.xml +81 -9
  37. data/xml/mdns_device-info_txt.xml +194 -17
  38. data/xml/mdns_workstation_txt.xml +4 -2
  39. data/xml/mysql_banners.xml +233 -40
  40. data/xml/mysql_error.xml +113 -6
  41. data/xml/nntp_banners.xml +10 -2
  42. data/xml/ntp_banners.xml +93 -9
  43. data/xml/operating_system.xml +90 -3
  44. data/xml/pop_banners.xml +87 -33
  45. data/xml/rsh_resp.xml +11 -2
  46. data/xml/rtsp_servers.xml +43 -23
  47. data/xml/sip_banners.xml +6 -11
  48. data/xml/sip_user_agents.xml +29 -2
  49. data/xml/smb_native_lm.xml +10 -2
  50. data/xml/smb_native_os.xml +80 -2
  51. data/xml/smtp_banners.xml +233 -13
  52. data/xml/smtp_debug.xml +6 -4
  53. data/xml/smtp_ehlo.xml +7 -5
  54. data/xml/smtp_expn.xml +13 -4
  55. data/xml/smtp_help.xml +23 -4
  56. data/xml/smtp_mailfrom.xml +5 -2
  57. data/xml/smtp_noop.xml +6 -5
  58. data/xml/smtp_quit.xml +5 -4
  59. data/xml/smtp_rcptto.xml +5 -2
  60. data/xml/smtp_rset.xml +4 -4
  61. data/xml/smtp_turn.xml +4 -4
  62. data/xml/smtp_vrfy.xml +14 -4
  63. data/xml/snmp_sysdescr.xml +741 -32
  64. data/xml/snmp_sysobjid.xml +47 -2
  65. data/xml/ssh_banners.xml +255 -81
  66. data/xml/telnet_banners.xml +503 -30
  67. data/xml/x11_banners.xml +26 -3
  68. data/xml/x509_issuers.xml +37 -13
  69. data/xml/x509_subjects.xml +214 -52
  70. metadata +12 -5
data/xml/ftp_banners.xml CHANGED
@@ -1,9 +1,10 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="ftp.banner" protocol="ftp" database_type="service" preference="0.90">
3
3
  <!--
4
4
  FTP greeting messages (part of the banner after the response code) are matched
5
5
  against these patterns to fingerprint FTP servers.
6
6
  -->
7
+
7
8
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version ([1234]\.\d+)\)\.$">
8
9
  <description>Microsoft FTP Server on Windows NT</description>
9
10
  <example>xx Microsoft FTP Service (Version 3.0).</example>
@@ -18,6 +19,7 @@
18
19
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_nt:-"/>
19
20
  <param pos="1" name="host.name"/>
20
21
  </fingerprint>
22
+
21
23
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.0\)\.$">
22
24
  <description>Microsoft FTP Server on Windows 2000</description>
23
25
  <example>xxx Microsoft FTP Service (Version 5.0).</example>
@@ -32,6 +34,7 @@
32
34
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
33
35
  <param pos="1" name="host.name"/>
34
36
  </fingerprint>
37
+
35
38
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.1\)\.$">
36
39
  <description>Microsoft FTP Server on Windows XP, 2003 or later versions of 2000</description>
37
40
  <example>xxx Microsoft FTP Service (Version 5.1).</example>
@@ -45,6 +48,7 @@
45
48
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
46
49
  <param pos="1" name="host.name"/>
47
50
  </fingerprint>
51
+
48
52
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service$">
49
53
  <description>Microsoft FTP Server on Windows XP, 2003 or later without version</description>
50
54
  <example>hostname Microsoft FTP Service</example>
@@ -58,6 +62,7 @@
58
62
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
59
63
  <param pos="1" name="host.name"/>
60
64
  </fingerprint>
65
+
61
66
  <fingerprint pattern="^Microsoft FTP Service$">
62
67
  <description>Microsoft FTP Server on Windows XP, 2003 or later without version or hostname</description>
63
68
  <example>Microsoft FTP Service</example>
@@ -70,6 +75,7 @@
70
75
  <param pos="0" name="os.product" value="Windows"/>
71
76
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
72
77
  </fingerprint>
78
+
73
79
  <fingerprint pattern="^([^ ]+) +FTP +Server \(Version ([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
74
80
  <description>FTP on HPUX with a PHNE (HP Networking patch) installed</description>
75
81
  <example>example.com FTP server (Version 1.1.214.4(PHNE_38458) Mon Feb 15 06:03:12 GMT 2010) ready.</example>
@@ -82,6 +88,7 @@
82
88
  <param pos="1" name="host.name"/>
83
89
  <param pos="2" name="service.version"/>
84
90
  </fingerprint>
91
+
85
92
  <fingerprint pattern="^([^ ]+) +FTP +Server \(Revision \S+ Version wuftpd-([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
86
93
  <description>WU-FTPD on HPUX with a PHNE (HP Networking patch) installed</description>
87
94
  <example>example.com FTP server (Revision 1.1 Version wuftpd-2.6.1(PHNE_38578) Fri Sep 5 12:10:54 GMT 2008) ready.</example>
@@ -94,6 +101,7 @@
94
101
  <param pos="1" name="host.name"/>
95
102
  <param pos="2" name="service.version"/>
96
103
  </fingerprint>
104
+
97
105
  <fingerprint pattern="^(\S+)(?: \S+)? FTP Server \((?:Revision [\d\.]+ )?Version wu(?:ftpd)?-([\d\.]+).*\) ready.?$" flags="REG_ICASE">
98
106
  <description>WU-FTPD on various OS</description>
99
107
  <example host.name="example.com" service.version="2.6.2">example.com FTP server (Version wu-2.6.2(1) Sat Jul 19 16:21:30 UTC 2008) ready.</example>
@@ -105,6 +113,7 @@
105
113
  <param pos="1" name="host.name"/>
106
114
  <param pos="2" name="service.version"/>
107
115
  </fingerprint>
116
+
108
117
  <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\s+([\d\.]+).*\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
109
118
  <description>FTPD on Mac OS X Server with a version</description>
110
119
  <example host.name="example.com" os.version="10.3">example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.</example>
@@ -119,6 +128,7 @@ example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.</exampl
119
128
  <param pos="2" name="os.version"/>
120
129
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:{os.version}"/>
121
130
  </fingerprint>
131
+
122
132
  <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
123
133
  <description>FTPD on Mac OS X Server without a version</description>
124
134
  <example host.name="example.com">example.com FTP server (Version: Mac OS X Server) ready.</example>
@@ -132,6 +142,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
132
142
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:-"/>
133
143
  <param pos="1" name="host.name"/>
134
144
  </fingerprint>
145
+
135
146
  <fingerprint pattern="^(\S+)\s+FTP Server \(tnftpd (.*)\) ready\.?$" flags="REG_ICASE">
136
147
  <description>Simple tnftpd banner with a version</description>
137
148
  <example host.name="example.com" service.version="20061217">example.com FTP server (tnftpd 20061217) ready.</example>
@@ -139,6 +150,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
139
150
  <param pos="2" name="service.version"/>
140
151
  <param pos="1" name="host.name"/>
141
152
  </fingerprint>
153
+
142
154
  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.(1[1-9])\) ready\.?$" flags="REG_ICASE">
143
155
  <description>SunOS/Solaris</description>
144
156
  <example host.name="example.com" os.version="11">example.com FTP server (SunOS 5.11) ready.</example>
@@ -149,6 +161,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
149
161
  <param pos="2" name="os.version"/>
150
162
  <param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
151
163
  </fingerprint>
164
+
152
165
  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.([789]|10)\) ready\.?$" flags="REG_ICASE">
153
166
  <description>SunOS/Solaris 5.7-5.10</description>
154
167
  <example host.name="example.com" os.version="7">example.com FTP server (SunOS 5.7) ready.</example>
@@ -160,6 +173,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
160
173
  <param pos="2" name="os.version"/>
161
174
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
162
175
  </fingerprint>
176
+
163
177
  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.6\) ready\." flags="REG_ICASE">
164
178
  <description>SunOS 5.6 (Solaris 2.6)</description>
165
179
  <example host.name="example.com">example.com FTP Server (SunOS 5.6) ready.</example>
@@ -170,6 +184,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
170
184
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:2.6"/>
171
185
  <param pos="1" name="host.name"/>
172
186
  </fingerprint>
187
+
173
188
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Debian\) \[(.+)\]$">
174
189
  <description>ProFTPD on Debian Linux</description>
175
190
  <example>ProFTPD 1.3.0rc2 Server (Debian) [host]</example>
@@ -184,6 +199,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
184
199
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
185
200
  <param pos="2" name="host.name"/>
186
201
  </fingerprint>
202
+
187
203
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(W.+)\) \[(.+)\]$">
188
204
  <description>ProFTPD on a Linksys Wireless Access Point/Router</description>
189
205
  <example>ProFTPD 1.3.0rc2 Server (LinksysWRT350N) [host]</example>
@@ -197,6 +213,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
197
213
  <param pos="2" name="os.product"/>
198
214
  <param pos="3" name="host.name"/>
199
215
  </fingerprint>
216
+
200
217
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(NETGEAR ReadyNAS\) \[(.+)\]$">
201
218
  <description>ProFTPD on a Netgear ReadyNAS with a version and IP</description>
202
219
  <example service.version="1.3.3g" host.ip="192.168.1.10">ProFTPD 1.3.3g Server (NETGEAR ReadyNAS) [192.168.1.10]</example>
@@ -210,6 +227,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
210
227
  <param pos="0" name="hw.product" value="ReadyNAS"/>
211
228
  <param pos="2" name="host.ip"/>
212
229
  </fingerprint>
230
+
213
231
  <fingerprint pattern="^ProFTPD Server \(NETGEAR ReadyNAS\) \[(.+)\]$">
214
232
  <description>ProFTPD on a Netgear ReadyNAS with a hostname</description>
215
233
  <example host.name="test">ProFTPD Server (NETGEAR ReadyNAS) [test]</example>
@@ -222,6 +240,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
222
240
  <param pos="0" name="hw.product" value="ReadyNAS"/>
223
241
  <param pos="1" name="host.name"/>
224
242
  </fingerprint>
243
+
225
244
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(.*)\) \[(.+)\]$">
226
245
  <description>ProFTPD on a wired Linksys device</description>
227
246
  <param pos="0" name="service.family" value="ProFTPD"/>
@@ -234,6 +253,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
234
253
  <param pos="2" name="os.product"/>
235
254
  <param pos="3" name="host.name"/>
236
255
  </fingerprint>
256
+
237
257
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[(.+)\]$">
238
258
  <description>ProFTPD with version info but no obvious OS info</description>
239
259
  <example service.version="1.2.10">ProFTPD 1.2.10 Server (Main FTP Server) [host]</example>
@@ -247,6 +267,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
247
267
  <param pos="2" name="proftpd.server.name"/>
248
268
  <param pos="3" name="host.name"/>
249
269
  </fingerprint>
270
+
250
271
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server ready\.$">
251
272
  <description>ProFTPD with only version info</description>
252
273
  <example service.version="1.3.0rc2">ProFTPD 1.3.0rc2 Server ready.</example>
@@ -256,6 +277,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
256
277
  <param pos="1" name="service.version"/>
257
278
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
258
279
  </fingerprint>
280
+
259
281
  <fingerprint pattern="^ProFTPD (?:FTP )?Server ready\.$">
260
282
  <description>ProFTPD with no version info</description>
261
283
  <example>ProFTPD FTP Server ready.</example>
@@ -265,6 +287,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
265
287
  <param pos="0" name="service.product" value="ProFTPD"/>
266
288
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
267
289
  </fingerprint>
290
+
268
291
  <fingerprint pattern="^ProFTPD Server \(.*\) \[([a-f\d.:]+)\]$">
269
292
  <description>ProFTPD with no version info, parenthetical form</description>
270
293
  <example host.ip="1.2.3.4">ProFTPD Server (ProFTPD) [1.2.3.4]</example>
@@ -277,6 +300,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
277
300
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
278
301
  <param pos="1" name="host.ip"/>
279
302
  </fingerprint>
303
+
280
304
  <fingerprint pattern="^ProFTPD Server$">
281
305
  <description>ProFTPD with no version info, short form</description>
282
306
  <example>ProFTPD Server</example>
@@ -285,6 +309,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
285
309
  <param pos="0" name="service.product" value="ProFTPD"/>
286
310
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
287
311
  </fingerprint>
312
+
288
313
  <fingerprint pattern="^ProFTPD\s*$">
289
314
  <description>ProFTPD with no version info, super short form</description>
290
315
  <example>ProFTPD</example>
@@ -294,6 +319,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
294
319
  <param pos="0" name="service.product" value="ProFTPD"/>
295
320
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
296
321
  </fingerprint>
322
+
297
323
  <fingerprint pattern="^(?:\d{4}\-\d\d\-\d\d \d\d:\d\d:\d\d,\d\d\d )?(\S+) proftpd\[\d+\]: error: no valid servers configured">
298
324
  <description>ProFTPD no valid servers configured</description>
299
325
  <example host.name="ftp.host.com">ftp.host.com proftpd[40312]: error: no valid servers configured\n</example>
@@ -304,6 +330,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
304
330
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
305
331
  <param pos="1" name="host.name"/>
306
332
  </fingerprint>
333
+
307
334
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[[a-f\d.:\]]*$">
308
335
  <description>ProFTPD with version info - truncated</description>
309
336
  <example service.version="1.3.2c">ProFTPD 1.3.2c Server (ProFTPD Default Installation) [</example>
@@ -316,6 +343,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
316
343
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
317
344
  <param pos="2" name="proftpd.server.name"/>
318
345
  </fingerprint>
346
+
319
347
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server ([\w.-]+)$">
320
348
  <description>ProFTPD with version info but no obvious OS info, take 2</description>
321
349
  <example service.version="1.3.2d" host.name="localhost">ProFTPD 1.3.2d Server localhost</example>
@@ -323,17 +351,21 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
323
351
  <param pos="0" name="service.vendor" value="ProFTPD Project"/>
324
352
  <param pos="0" name="service.product" value="ProFTPD"/>
325
353
  <param pos="1" name="service.version"/>
354
+ <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
326
355
  <param pos="2" name="host.name"/>
327
356
  </fingerprint>
357
+
328
358
  <fingerprint pattern="^=\(&lt;\*&gt;\)=-\.:\. \(\( Welcome to Pure-FTPd ([\d.]+) \)\) \.:\.-=\(&lt;\*&gt;\)=-" flags="REG_MULTILINE">
329
359
  <description>Pure-FTPd versions &lt;= 1.0.13 (at least as far back as 1.0.11)</description>
330
360
  <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-</example>
331
361
  <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-&#13;
332
362
  more stuff</example>
363
+ <param pos="0" name="service.fvendor" value="PureFTPd"/>
333
364
  <param pos="0" name="service.family" value="Pure-FTPd"/>
334
365
  <param pos="0" name="service.product" value="Pure-FTPd"/>
335
366
  <param pos="1" name="service.version"/>
336
367
  </fingerprint>
368
+
337
369
  <fingerprint pattern="^-{9,10}(?:.*)\s+Pure-FTPd\s+(.*)-{9,10}">
338
370
  <description>Pure-FTPd versions &gt;= 1.0.14 - Config data can be zero or more of: [privsep] [TLS]</description>
339
371
  <example>---------- Welcome to Pure-FTPd ----------</example>
@@ -343,39 +375,77 @@ more stuff</example>
343
375
  <example>--------- Welcome to Pure-FTPd [privsep] [TLS] ----------&#13;
344
376
  more text</example>
345
377
  <param pos="1" name="pureftpd.config"/>
378
+ <param pos="0" name="service.vendor" value="PureFTPd"/>
346
379
  <param pos="0" name="service.family" value="Pure-FTPd"/>
347
380
  <param pos="0" name="service.product" value="Pure-FTPd"/>
381
+ <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:-"/>
348
382
  </fingerprint>
383
+
349
384
  <fingerprint pattern="^(?:Welcome to )?Pure-FTPd\.?$">
350
385
  <description>Basic Pure-FTPd banner, no version</description>
351
386
  <example>Welcome to Pure-FTPd</example>
352
387
  <example>Pure-FTPd.</example>
388
+ <param pos="0" name="service.vendor" value="PureFTPd"/>
353
389
  <param pos="0" name="service.family" value="Pure-FTPd"/>
354
390
  <param pos="0" name="service.product" value="Pure-FTPd"/>
391
+ <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:-"/>
355
392
  </fingerprint>
393
+
356
394
  <fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-" flags="REG_MULTILINE">
357
395
  <description>Older Pure-FTPd versions</description>
358
396
  <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-</example>
359
397
  <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-&#13;
360
398
  more text</example>
399
+ <param pos="0" name="service.vendor" value="PureFTPd"/>
361
400
  <param pos="0" name="service.family" value="Pure-FTPd"/>
362
401
  <param pos="0" name="service.product" value="Pure-FTPd"/>
363
402
  <param pos="1" name="service.version"/>
403
+ <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:{service.version}"/>
404
+ </fingerprint>
405
+
406
+ <!-- CPEs for Serv-U 15.x and above changed to SolarWinds -->
407
+
408
+ <fingerprint pattern="^Serv-U FTP Server v(15\.\S+) ready\.\.\.$">
409
+ <description>SolarWinds Serv-U with version </description>
410
+ <example service.version="15.1.3.25">Serv-U FTP Server v15.1.3.25 ready...</example>
411
+ <param pos="0" name="service.vendor" value="SolarWinds"/>
412
+ <param pos="0" name="service.product" value="Serv-U FTP Server"/>
413
+ <param pos="0" name="service.family" value="Serv-U"/>
414
+ <param pos="1" name="service.version"/>
415
+ <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
364
416
  </fingerprint>
365
- <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+)(?: for WinSock)? ready\.*$">
366
- <description>Serv-U (only runs on Windows)</description>
417
+
418
+ <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+) for WinSock ready\.*$">
419
+ <description>Serv-U Serv-U with version on Windows</description>
367
420
  <example service.version="2.5n">Serv-U FTP-Server v2.5n for WinSock ready...</example>
368
421
  <example service.version="6.0">Serv-U FTP Server v6.0 for WinSock ready</example>
369
- <example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
370
- <param pos="0" name="service.vendor" value="Rhino Software"/>
422
+ <param pos="0" name="service.vendor" value="Serv-U"/>
371
423
  <param pos="0" name="service.product" value="Serv-U"/>
372
424
  <param pos="0" name="service.family" value="Serv-U"/>
373
425
  <param pos="1" name="service.version"/>
426
+ <param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
374
427
  <param pos="0" name="os.vendor" value="Microsoft"/>
375
428
  <param pos="0" name="os.family" value="Windows"/>
376
429
  <param pos="0" name="os.product" value="Windows"/>
377
430
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
378
431
  </fingerprint>
432
+
433
+ <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+) ready\.*$">
434
+ <description>Serv-U Serv-U with version </description>
435
+ <example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
436
+ <example service.version="14.0">Serv-U FTP Server v14.0 ready...</example>
437
+ <param pos="0" name="service.vendor" value="Serv-U"/>
438
+ <param pos="0" name="service.product" value="Serv-U"/>
439
+ <param pos="0" name="service.family" value="Serv-U"/>
440
+ <param pos="1" name="service.version"/>
441
+ <param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
442
+ </fingerprint>
443
+
444
+ <fingerprint pattern="^Welcom to Serv-U FTP Server$">
445
+ <description>Common FTP banner modification to look like Serv-U -- assert nothing.</description>
446
+ <example>Welcom to Serv-U FTP Server</example>
447
+ </fingerprint>
448
+
379
449
  <fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
380
450
  <description>zftpserver (only runs on Windows)</description>
381
451
  <example service.version="4.0">zFTPServer v4.0, build 2008-12-24 01:41 ready.</example>
@@ -387,46 +457,65 @@ more text</example>
387
457
  <param pos="0" name="os.product" value="Windows"/>
388
458
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
389
459
  </fingerprint>
460
+
390
461
  <fingerprint pattern="^\(vsFTPd (\d+\..+)\)(?: (.+))?$">
391
462
  <description>vsFTPd (Very Secure FTP Daemon)</description>
392
463
  <example service.version="1.1.3">(vsFTPd 1.1.3) host</example>
393
464
  <example service.version="2.0.5">(vsFTPd 2.0.5)</example>
465
+ <param pos="0" name="service.vendor" value="vsFTPd Project"/>
394
466
  <param pos="0" name="service.family" value="vsFTPd"/>
395
467
  <param pos="0" name="service.product" value="vsFTPd"/>
396
468
  <param pos="1" name="service.version"/>
469
+ <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:{service.version}"/>
397
470
  <param pos="2" name="host.name"/>
398
471
  </fingerprint>
472
+
399
473
  <fingerprint pattern="^ready, dude \(vsFTPd (\d+\..+): beat me, break me\)$">
400
474
  <description>vsFTPd (Very Secure FTP Daemon) - break me variant</description>
401
475
  <example service.version="1.1.0">ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
476
+ <param pos="0" name="service.vendor" value="vsFTPd Project"/>
402
477
  <param pos="0" name="service.family" value="vsFTPd"/>
403
478
  <param pos="0" name="service.product" value="vsFTPd"/>
404
479
  <param pos="1" name="service.version"/>
480
+ <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:{service.version}"/>
405
481
  </fingerprint>
482
+
406
483
  <fingerprint pattern="^vsFTPd ([\d.]+\+ \(ext\.3\)) ready\.\.\.$">
407
484
  <description>vsFTPd (Very Secure FTP Daemon) extended build (vsftpd.devnet.ru)</description>
408
485
  <example service.version="2.0.4+ (ext.3)">vsFTPd 2.0.4+ (ext.3) ready...</example>
486
+ <param pos="0" name="service.vendor" value="vsFTPd Project"/>
409
487
  <param pos="0" name="service.family" value="vsFTPd"/>
410
488
  <param pos="0" name="service.product" value="vsFTPd Extended"/>
411
489
  <param pos="1" name="service.version"/>
412
490
  </fingerprint>
491
+
413
492
  <fingerprint pattern="^OOPS: .*vsftp.*$">
414
493
  <description>vsFTPd (Very Secure FTP Daemon) error message</description>
415
494
  <example>OOPS: vsftpd: root is not mounted.</example>
416
495
  <example>OOPS: cannot read user list file:/etc/vsftpd.user_list</example>
496
+ <param pos="0" name="service.vendor" value="vsFTPd Project"/>
417
497
  <param pos="0" name="service.family" value="vsFTPd"/>
418
498
  <param pos="0" name="service.product" value="vsFTPd"/>
499
+ <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:-"/>
419
500
  </fingerprint>
501
+
420
502
  <fingerprint pattern="^FileZilla Server(?: version)? (?:v)?(\d\.[\w.]+(?: beta)?).*$">
421
503
  <description>FileZilla FTP Server</description>
422
504
  <example service.version="0.9.2 beta">FileZilla Server version 0.9.2 beta</example>
423
505
  <example service.version="0.9.13a beta">FileZilla Server version 0.9.13a beta</example>
424
506
  <example service.version="0.9.54 beta">FileZilla Server 0.9.54 beta</example>
425
507
  <example service.version="0.9.33 beta">FileZilla Server v0.9.33 beta</example>
426
- <param pos="0" name="service.family" value="FileZilla FTP Server"/>
427
- <param pos="0" name="service.product" value="FileZilla FTP Server"/>
508
+ <param pos="0" name="service.vendor" value="Filezilla-Project"/>
509
+ <param pos="0" name="service.family" value="FileZilla FTP"/>
510
+ <param pos="0" name="service.product" value="FileZilla Server"/>
428
511
  <param pos="1" name="service.version"/>
512
+ <param pos="0" name="service.cpe23" value="cpe:/a:filezilla-project:filezilla_server:{service.version}"/>
513
+ <param pos="0" name="os.vendor" value="Microsoft"/>
514
+ <param pos="0" name="os.family" value="Windows"/>
515
+ <param pos="0" name="os.product" value="Windows"/>
516
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
429
517
  </fingerprint>
518
+
430
519
  <fingerprint pattern="^\s*APC FTP server ready\.$">
431
520
  <description>APC device</description>
432
521
  <example>APC FTP server ready.</example>
@@ -437,6 +526,7 @@ more text</example>
437
526
  <param pos="0" name="hw.vendor" value="APC"/>
438
527
  <param pos="0" name="hw.device" value="Power device"/>
439
528
  </fingerprint>
529
+
440
530
  <fingerprint pattern="^(\S+) Network Management Card AOS v(\d+\..+) FTP server ready\.$">
441
531
  <description>APC power/cooling device</description>
442
532
  <example service.version="3.3.4">AP7932 Network Management Card AOS v3.3.4 FTP server ready.</example>
@@ -453,6 +543,7 @@ more text</example>
453
543
  <param pos="0" name="hw.vendor" value="APC"/>
454
544
  <param pos="0" name="hw.device" value="Power device"/>
455
545
  </fingerprint>
546
+
456
547
  <fingerprint pattern="^(\S+) FTP server \(EMC-SNAS: ([^\)]+)\)(?: \S+)?$">
457
548
  <description>EMC Celerra</description>
458
549
  <example service.version="5.6.47.11">foo2 FTP server (EMC-SNAS: 5.6.47.11)</example>
@@ -470,6 +561,7 @@ more text</example>
470
561
  <param pos="0" name="hw.device" value="Storage"/>
471
562
  <param pos="0" name="hw.product" value="Celerra"/>
472
563
  </fingerprint>
564
+
473
565
  <fingerprint pattern="^JD FTP Server Ready.*$">
474
566
  <description>HP JetDirect printer</description>
475
567
  <example>JD FTP Server Ready</example>
@@ -486,6 +578,7 @@ more text</example>
486
578
  <param pos="0" name="hw.family" value="JetDirect"/>
487
579
  <param pos="0" name="hw.product" value="JetDirect"/>
488
580
  </fingerprint>
581
+
489
582
  <fingerprint pattern="^Check Point FireWall-1 Secure FTP server running on (.+)$">
490
583
  <description>Check Point FireWall-1</description>
491
584
  <example host.name="host">Check Point FireWall-1 Secure FTP server running on host</example>
@@ -503,6 +596,7 @@ more text</example>
503
596
  <param pos="0" name="hw.family" value="Firewall-1"/>
504
597
  <param pos="1" name="host.name"/>
505
598
  </fingerprint>
599
+
506
600
  <fingerprint pattern="^Blue Coat FTP Service$">
507
601
  <description>Blue Coat security appliances</description>
508
602
  <example>Blue Coat FTP Service</example>
@@ -511,11 +605,13 @@ more text</example>
511
605
  <param pos="0" name="os.vendor" value="Blue Coat"/>
512
606
  <param pos="0" name="os.device" value="Web proxy"/>
513
607
  </fingerprint>
608
+
514
609
  <fingerprint pattern="^---freeFTPd 1.0---warFTPd 1.65---$">
515
610
  <description>Nepenthes honeypot</description>
516
611
  <param pos="0" name="service.family" value="Nepenthes"/>
517
612
  <param pos="0" name="service.product" value="Nepenthes"/>
518
613
  </fingerprint>
614
+
519
615
  <fingerprint pattern="^[^ ]+ IBM FTP CS (V1R\d+) at ([^,]*),.*">
520
616
  <description>IBM z/OS FTP Service</description>
521
617
  <example>SFTPD1 IBM FTP CS V1R4 at x.y.z, 21:02:19 on 2007-12-15.</example>
@@ -526,8 +622,10 @@ more text</example>
526
622
  <param pos="0" name="os.family" value="z/OS"/>
527
623
  <param pos="0" name="os.device" value="Mainframe"/>
528
624
  <param pos="1" name="os.version"/>
625
+ <param pos="0" name="os.cpe23" value="cpe:/o:ibm:z\/os:{os.version}"/>
529
626
  <param pos="2" name="host.name"/>
530
627
  </fingerprint>
628
+
531
629
  <fingerprint pattern="^FTP server \(IBM 4690 TCP/IP FTP Version 1\.0\) ready\.">
532
630
  <description>IBM 4690 FTP Service</description>
533
631
  <example>FTP server (IBM 4690 TCP/IP FTP Version 1.0) ready.</example>
@@ -538,6 +636,7 @@ more text</example>
538
636
  <param pos="0" name="os.family" value="4690"/>
539
637
  <param pos="0" name="os.device" value="Point of sale"/>
540
638
  </fingerprint>
639
+
541
640
  <fingerprint pattern="^([^ ]+) NcFTPd Server \(licensed copy\) ready\.$">
542
641
  <description>NcFTPd Server
543
642
  http://www.ncftp.com/ncftpd/</description>
@@ -546,6 +645,7 @@ more text</example>
546
645
  <param pos="0" name="service.product" value="NcFTPd Server"/>
547
646
  <param pos="1" name="host.name"/>
548
647
  </fingerprint>
648
+
549
649
  <fingerprint pattern="^(\S+) DCS-2100 FTP server ready\.$">
550
650
  <description>D-Link DCS-2100 wireless internet camera</description>
551
651
  <example>hostname DCS-2100 FTP server ready.</example>
@@ -554,6 +654,7 @@ more text</example>
554
654
  <param pos="0" name="os.device" value="Web cam"/>
555
655
  <param pos="1" name="host.name"/>
556
656
  </fingerprint>
657
+
557
658
  <fingerprint pattern="^Secure Gateway FTP server ready\.$">
558
659
  <description>Raptor firewall</description>
559
660
  <example>Secure Gateway FTP server ready.</example>
@@ -562,6 +663,7 @@ more text</example>
562
663
  <param pos="0" name="os.product" value="Raptor"/>
563
664
  <param pos="0" name="os.device" value="Firewall"/>
564
665
  </fingerprint>
666
+
565
667
  <fingerprint pattern="^SUN StorEdge (\S+) RAID FTP server ready\.$">
566
668
  <description>Sun StorEdge disk array</description>
567
669
  <example>SUN StorEdge 3511 RAID FTP server ready.</example>
@@ -570,6 +672,7 @@ more text</example>
570
672
  <param pos="1" name="os.product"/>
571
673
  <param pos="0" name="os.device" value="Storage"/>
572
674
  </fingerprint>
675
+
573
676
  <fingerprint pattern="(?i)^AXIS (\S+) .* Camera(?:\s+version)?\s+(\S+) .*">
574
677
  <description>Axis Network Camera</description>
575
678
  <example hw.product="2100" hw.version="2.43">Axis 2100 Network Camera 2.43 Nov 04 2008 ready.</example>
@@ -586,27 +689,43 @@ more text</example>
586
689
  <param pos="0" name="os.family" value="Linux"/>
587
690
  <param pos="0" name="os.device" value="Web cam"/>
588
691
  </fingerprint>
589
- <fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?Video|IO Audio) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
590
- <description>Axis Audio/Video encoders/servers</description>
692
+
693
+ <fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?Video) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
694
+ <description>Axis Video encoders/servers</description>
591
695
  <example hw.product="Q7406">AXIS Q7406 Video Encoder Blade 5.01 (Aug 01 2008) ready.</example>
592
696
  <example hw.product="241Q">AXIS 241Q Video Server 4.47.2 (Dec 11 2008) ready.</example>
593
697
  <example hw.version="5.07.2">AXIS P7701 Video Decoder 5.07.2 (Apr 20 2010) ready.</example>
594
698
  <example hw.product="Q7401" hw.version="5.01">AXIS Q7401 Video Encoder 5.01 (Aug 01 2008) ready.</example>
595
699
  <example hw.product="Q7401" hw.version="5.50.2_cst_412205_1">AXIS Q7401 Video Encoder 5.50.2_cst_412205_1 (2013)</example>
596
700
  <example hw.product="Q7424-R" hw.version="5.51.3.1">AXIS Q7424-R Mk II Video Encoder 5.51.3.1 (2016) ready.</example>
701
+ <param pos="0" name="hw.vendor" value="Axis"/>
702
+ <param pos="1" name="hw.product"/>
703
+ <param pos="2" name="hw.version"/>
704
+ <param pos="0" name="hw.device" value="Video Encoder"/>
705
+ <param pos="0" name="os.vendor" value="AXIS"/>
706
+ <param pos="0" name="os.family" value="Linux"/>
707
+ </fingerprint>
708
+
709
+ <fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?IO Audio) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
710
+ <description>Axis Audio encoders/servers</description>
597
711
  <example hw.product="P8221" hw.version="5.10.2">AXIS P8221 IO Audio Module 5.10.2 (Nov 07 2011) ready.</example>
598
712
  <param pos="0" name="hw.vendor" value="Axis"/>
599
713
  <param pos="1" name="hw.product"/>
600
714
  <param pos="2" name="hw.version"/>
715
+ <param pos="0" name="hw.device" value="Audio Encoder"/>
716
+ <param pos="0" name="os.vendor" value="AXIS"/>
717
+ <param pos="0" name="os.family" value="Linux"/>
601
718
  </fingerprint>
719
+
602
720
  <fingerprint pattern="(?i)^AXIS (\S+) Network Door Controller (\S+) .* ready\.?$">
603
721
  <description>Axis Door Controllers</description>
604
722
  <example hw.product="A1001" hw.version="1.65.1.1">AXIS A1001 Network Door Controller 1.65.1.1 (2018) ready.</example>
605
723
  <param pos="0" name="hw.vendor" value="Axis"/>
606
- <param pos="0" name="hw.device" value="Access Controller"/>
724
+ <param pos="0" name="hw.device" value="Access Control"/>
607
725
  <param pos="1" name="hw.product"/>
608
726
  <param pos="2" name="hw.version"/>
609
727
  </fingerprint>
728
+
610
729
  <fingerprint pattern="^AXIS (\S+) .*FTP Network Print Server V?([\d\.]+\S+) .* ready\.?$" flags="REG_ICASE">
611
730
  <description>Axis print servers</description>
612
731
  <example hw.product="5600+">AXIS 5600+ (rev 3) FTP Network Print Server V7.00 Sep 10 2004 ready.</example>
@@ -617,6 +736,7 @@ more text</example>
617
736
  <param pos="1" name="hw.product"/>
618
737
  <param pos="2" name="hw.version"/>
619
738
  </fingerprint>
739
+
620
740
  <fingerprint pattern="^RICOH Aficio ((?:[MS]P )?\S+) FTP server \(([0-9\.a-zA-Z]+)\) ready.?$" flags="REG_ICASE">
621
741
  <description>Ricoh Aficio multifunction device</description>
622
742
  <example os.product="2045e">RICOH Aficio 2045e FTP server (4.12) ready.</example>
@@ -632,6 +752,7 @@ more text</example>
632
752
  <param pos="1" name="os.product"/>
633
753
  <param pos="2" name="os.version"/>
634
754
  </fingerprint>
755
+
635
756
  <fingerprint pattern="^NRG ((?:[MS]P )?\S+) FTP server \(([0-9\.a-zA-Z]+)\) ready.?$" flags="REG_ICASE">
636
757
  <description>Ricoh NRG multifunction device</description>
637
758
  <example>NRG MP C2800 FTP server (8.25) ready.</example>
@@ -650,6 +771,7 @@ more text</example>
650
771
  <param pos="0" name="hw.device" value="Multifunction Device"/>
651
772
  <param pos="1" name="hw.product"/>
652
773
  </fingerprint>
774
+
653
775
  <fingerprint pattern="^Xerox WorkCentre ([A-Za-z0-9]+).*$" certainty="1.0">
654
776
  <description>Xerox WorkCentre</description>
655
777
  <example hw.product="6605DN">Xerox WorkCentre 6605DN</example>
@@ -664,6 +786,7 @@ more text</example>
664
786
  <param pos="0" name="hw.device" value="Printer"/>
665
787
  <param pos="1" name="hw.product"/>
666
788
  </fingerprint>
789
+
667
790
  <fingerprint pattern="^Xerox Phaser (\S+)$" certainty="1.0">
668
791
  <description>Xerox Phaser Laser Printer</description>
669
792
  <example>Xerox Phaser 6130N</example>
@@ -677,6 +800,7 @@ more text</example>
677
800
  <param pos="0" name="hw.device" value="Printer"/>
678
801
  <param pos="1" name="hw.product"/>
679
802
  </fingerprint>
803
+
680
804
  <fingerprint pattern="^XEROX (\d+) Wide Format .*$" certainty="1.0">
681
805
  <description>Xerox Wide Format Series of Printers</description>
682
806
  <example>XEROX 6204 Wide Format FTP server ready</example>
@@ -689,6 +813,7 @@ more text</example>
689
813
  <param pos="0" name="hw.device" value="Printer"/>
690
814
  <param pos="1" name="hw.product"/>
691
815
  </fingerprint>
816
+
692
817
  <fingerprint pattern="^FUJI XEROX DocuPrint (.*)$" certainty="1.0">
693
818
  <description>FUJI XEROX DocuPrint Series of Printers</description>
694
819
  <example>FUJI XEROX DocuPrint 3055</example>
@@ -699,6 +824,7 @@ more text</example>
699
824
  <param pos="0" name="os.device" value="Printer"/>
700
825
  <param pos="1" name="os.product"/>
701
826
  </fingerprint>
827
+
702
828
  <fingerprint pattern="^ET(\S{12}) Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
703
829
  <description>Lexmark printer with MAC address</description>
704
830
  <example host.mac="000400CEA560" hw.product="T640" os.version="NS.NP.N219">ET000400CEA560 Lexmark T640 FTP Server NS.NP.N219 ready.</example>
@@ -710,6 +836,7 @@ more text</example>
710
836
  <param pos="0" name="hw.device" value="Printer"/>
711
837
  <param pos="2" name="hw.product"/>
712
838
  </fingerprint>
839
+
713
840
  <fingerprint pattern="^.*Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
714
841
  <description>Lexmark printer with OS version</description>
715
842
  <example hw.product="T654" os.version="NR.APS.F368">ET0021718 Lexmark T654 FTP Server NR.APS.F368 ready.</example>
@@ -720,6 +847,7 @@ more text</example>
720
847
  <param pos="0" name="hw.device" value="Printer"/>
721
848
  <param pos="1" name="hw.product"/>
722
849
  </fingerprint>
850
+
723
851
  <fingerprint pattern="^.*Lexmark (\S+) FTP Server ready\.?$" certainty="1.0" flags="REG_ICASE">
724
852
  <description>Lexmark printer</description>
725
853
  <example hw.product="X500">Lexmark X500 FTP server ready</example>
@@ -729,6 +857,7 @@ more text</example>
729
857
  <param pos="0" name="hw.device" value="Printer"/>
730
858
  <param pos="1" name="hw.product"/>
731
859
  </fingerprint>
860
+
732
861
  <fingerprint pattern="^220 ECOSYS ([^\s]+) FTP server$">
733
862
  <description>Kyocera Multifunction Device</description>
734
863
  <example hw.product="P2135dn">220 ECOSYS P2135dn FTP server</example>
@@ -738,6 +867,7 @@ more text</example>
738
867
  <param pos="0" name="hw.device" value="Multifunction Device"/>
739
868
  <param pos="1" name="hw.product"/>
740
869
  </fingerprint>
870
+
741
871
  <fingerprint pattern="^(?:Tornado-)?VxWorks \((?:VxWorks)?([^\)]+)\) FTP server(?: ready)?\.?$" flags="REG_ICASE">
742
872
  <description>VxWorks with version information</description>
743
873
  <example os.version="5.3.1">VxWorks (5.3.1) FTP server ready</example>
@@ -749,6 +879,7 @@ more text</example>
749
879
  <param pos="1" name="os.version"/>
750
880
  <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
751
881
  </fingerprint>
882
+
752
883
  <fingerprint pattern="^Tornado-vxWorks FTP server ready$" flags="REG_ICASE">
753
884
  <description>VxWorks without version information</description>
754
885
  <example>Tornado-vxWorks FTP server ready</example>
@@ -756,6 +887,7 @@ more text</example>
756
887
  <param pos="0" name="os.product" value="VxWorks"/>
757
888
  <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-"/>
758
889
  </fingerprint>
890
+
759
891
  <fingerprint pattern="^[\w\-\.]* FTP server \((?:VxWorks\s?)+([\d\.]+)\) ready.$" flags="REG_ICASE">
760
892
  <description>VxWorks 6 with version information</description>
761
893
  <example os.version="6.6">NanoDAC FTP server (VxWorks VxWorks 6.6) ready.</example>
@@ -763,24 +895,27 @@ more text</example>
763
895
  <param pos="0" name="os.vendor" value="Wind River"/>
764
896
  <param pos="0" name="os.product" value="VxWorks"/>
765
897
  <param pos="1" name="os.version"/>
766
- <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-{os.version}"/>
898
+ <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
767
899
  </fingerprint>
900
+
768
901
  <fingerprint pattern="^[\w&lt;&gt;]+\s*Tenor Multipath Switch FTP server \(Version VxWorks([\d\.]+)\) ready\.$" flags="REG_ICASE">
769
902
  <description>VxWorks on Tenor MultiPath with version information</description>
770
- <example os.version="5.4.2"><![CDATA[<38785ca0> Tenor Multipath Switch FTP server (Version VxWorks5.4.2) ready.]]></example>
903
+ <example os.version="5.4.2">&lt;38785ca0&gt; Tenor Multipath Switch FTP server (Version VxWorks5.4.2) ready.</example>
771
904
  <param pos="0" name="os.vendor" value="Wind River"/>
772
905
  <param pos="0" name="os.product" value="VxWorks"/>
773
906
  <param pos="1" name="os.version"/>
774
- <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-{os.version}"/>
907
+ <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
775
908
  </fingerprint>
909
+
776
910
  <fingerprint pattern="^VxWorks FTP server \(VxWorks ([\d\.]+) - Secure NetLinx version \([\d\.]+\)\) ready.$">
777
911
  <description>VxWorks with Secure NetLinx</description>
778
912
  <example os.version="5.3.1">VxWorks FTP server (VxWorks 5.3.1 - Secure NetLinx version (1.0)) ready.</example>
779
913
  <param pos="0" name="os.vendor" value="Wind River"/>
780
914
  <param pos="0" name="os.product" value="VxWorks"/>
781
915
  <param pos="1" name="os.version"/>
782
- <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-{os.version}"/>
916
+ <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
783
917
  </fingerprint>
918
+
784
919
  <fingerprint pattern="^ADC iScale$">
785
920
  <description>ADC iScale</description>
786
921
  <example>ADC iScale</example>
@@ -789,6 +924,7 @@ more text</example>
789
924
  <param pos="0" name="os.vendor" value="ADC"/>
790
925
  <param pos="0" name="os.product" value="iScale"/>
791
926
  </fingerprint>
927
+
792
928
  <fingerprint pattern="^TASKalfa (\d+c?i) FTP server" certainty="1.0">
793
929
  <description>Taskalfa Series of Printers</description>
794
930
  <example>TASKalfa 300ci FTP server</example>
@@ -802,6 +938,7 @@ more text</example>
802
938
  <param pos="0" name="hw.device" value="Multifunction Device"/>
803
939
  <param pos="1" name="hw.product"/>
804
940
  </fingerprint>
941
+
805
942
  <fingerprint pattern="^SAVIN (\S+) FTP server \((.*)\) ready.$" certainty="1.0">
806
943
  <description>SAVIN Printer FTP Server</description>
807
944
  <example os.product="4075">SAVIN 4075 FTP server (4.08) ready.</example>
@@ -822,6 +959,7 @@ more text</example>
822
959
  <param pos="0" name="hw.device" value="Printer"/>
823
960
  <param pos="1" name="hw.product"/>
824
961
  </fingerprint>
962
+
825
963
  <fingerprint pattern="^Oce (im\d+) Ver (\S+) FTP server\.$" certainty="1.0">
826
964
  <description>OCE IM series Printer</description>
827
965
  <example>Oce im4512 Ver 01.04.00.0c FTP server.</example>
@@ -832,6 +970,7 @@ more text</example>
832
970
  <param pos="1" name="os.product"/>
833
971
  <param pos="2" name="os.version"/>
834
972
  </fingerprint>
973
+
835
974
  <fingerprint pattern="^Oce (Plotwave\d+) FTP Service \(Version (\S+)\)\.$" certainty="1.0">
836
975
  <description>OCE Printer</description>
837
976
  <example>Oce Plotwave300 FTP Service (Version 4.5.7).</example>
@@ -841,6 +980,7 @@ more text</example>
841
980
  <param pos="1" name="os.product"/>
842
981
  <param pos="2" name="os.version"/>
843
982
  </fingerprint>
983
+
844
984
  <fingerprint pattern="^LinkCom Xpress (.*) FTP version ([\d\.]+) ready$" certainty="1.0">
845
985
  <description>MPI Technologies Linkcom Express FTP Server with os version</description>
846
986
  <example hw.product="10/100 +IPDS" os.version="1.0">LinkCom Xpress 10/100 +IPDS FTP version 1.0 ready</example>
@@ -850,6 +990,7 @@ more text</example>
850
990
  <param pos="1" name="hw.product"/>
851
991
  <param pos="2" name="os.version"/>
852
992
  </fingerprint>
993
+
853
994
  <fingerprint pattern="^LinkCom Xpress (.*)$" certainty="1.0">
854
995
  <description>MPI Technologies Linkcom Express FTP Server</description>
855
996
  <example hw.product="EIO PRO 10">LinkCom Xpress EIO PRO 10</example>
@@ -858,6 +999,7 @@ more text</example>
858
999
  <param pos="0" name="hw.device" value="Print server"/>
859
1000
  <param pos="1" name="hw.product"/>
860
1001
  </fingerprint>
1002
+
861
1003
  <fingerprint pattern="^LXKE\S+ IBM Infoprint (\d+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
862
1004
  <description>IBM Infoprint FTP</description>
863
1005
  <example>LXKE82124 IBM Infoprint 1332 FTP Server 55.10.21 ready.</example>
@@ -870,6 +1012,7 @@ more text</example>
870
1012
  <param pos="1" name="os.product"/>
871
1013
  <param pos="2" name="os.version"/>
872
1014
  </fingerprint>
1015
+
873
1016
  <fingerprint pattern="^(Gestetner \S+(?: \S+)?) FTP server \((.*)\)" certainty="1.0">
874
1017
  <description>Gestetner Printer FTP</description>
875
1018
  <example os.product="Gestetner MP5500/DSm755" os.version="5.11c">Gestetner MP5500/DSm755 FTP server (5.11c) ready.</example>
@@ -882,6 +1025,7 @@ more text</example>
882
1025
  <param pos="1" name="os.product"/>
883
1026
  <param pos="2" name="os.version"/>
884
1027
  </fingerprint>
1028
+
885
1029
  <fingerprint pattern="^(Gestetner \S+)$" certainty="1.0">
886
1030
  <description>Gestetner Printer FTP - short banner</description>
887
1031
  <example>Gestetner MPC2500</example>
@@ -889,6 +1033,7 @@ more text</example>
889
1033
  <param pos="0" name="os.device" value="Multifunction Device"/>
890
1034
  <param pos="1" name="os.product"/>
891
1035
  </fingerprint>
1036
+
892
1037
  <fingerprint pattern="^EUFSALE MarkNet (\S+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
893
1038
  <description>Lexmark Marknet Printers FTP</description>
894
1039
  <example>EUFSALE MarkNet X2011e FTP Server 4.20.21 ready.</example>
@@ -898,6 +1043,7 @@ more text</example>
898
1043
  <param pos="1" name="os.product"/>
899
1044
  <param pos="2" name="os.version"/>
900
1045
  </fingerprint>
1046
+
901
1047
  <fingerprint pattern="^ET(\S+) Source Technologies (ST-96\S+) FTP Server (\S+) ready\.?$">
902
1048
  <description>Source Technologies ST9600 Series Secure Printer</description>
903
1049
  <example>ET0021B730F70E Source Technologies ST-9620 FTP Server NJ.APS.N254e ready.</example>
@@ -910,6 +1056,7 @@ more text</example>
910
1056
  <param pos="2" name="os.product"/>
911
1057
  <param pos="3" name="os.version"/>
912
1058
  </fingerprint>
1059
+
913
1060
  <fingerprint pattern="^ET(\S+) (Pro\d+) Series FTP Server ready\.$" certainty="1.0">
914
1061
  <description>Lexmark ProXXX Series of Printers</description>
915
1062
  <example host.mac="0020007E4D2A" hw.product="Pro700">ET0020007E4D2A Pro700 Series FTP Server ready.</example>
@@ -922,6 +1069,7 @@ more text</example>
922
1069
  <param pos="0" name="hw.device" value="Printer"/>
923
1070
  <param pos="2" name="hw.product"/>
924
1071
  </fingerprint>
1072
+
925
1073
  <fingerprint pattern="^ET(\S+) Lexmark Forms Printer (\d+) Ethernet FTP Server (\S+) ready\.$" certainty="1.0">
926
1074
  <description>Lexmark Forms Printer</description>
927
1075
  <example os.product="2590">ET0020004F54EE Lexmark Forms Printer 2590 Ethernet FTP Server LCL.CU.P012c ready.</example>
@@ -936,6 +1084,7 @@ more text</example>
936
1084
  <param pos="0" name="hw.device" value="Printer"/>
937
1085
  <param pos="2" name="hw.product"/>
938
1086
  </fingerprint>
1087
+
939
1088
  <fingerprint pattern="^ET(\S+) TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
940
1089
  <description>Toshiba e-STUDIO Printer with MAC address</description>
941
1090
  <example os.version="NC2.NPS.N221">ET0004001E9C00 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N221 ready.</example>
@@ -949,6 +1098,7 @@ more text</example>
949
1098
  <param pos="0" name="hw.device" value="Multifunction Device"/>
950
1099
  <param pos="0" name="hw.product" value="e-STUDIO"/>
951
1100
  </fingerprint>
1101
+
952
1102
  <fingerprint pattern="^\S+ TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
953
1103
  <description>Toshiba e-STUDIO Printer</description>
954
1104
  <example os.version="NC2.NPS.N211">JHBPRN13 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
@@ -960,6 +1110,7 @@ more text</example>
960
1110
  <param pos="0" name="hw.device" value="Multifunction Device"/>
961
1111
  <param pos="0" name="hw.product" value="e-STUDIO"/>
962
1112
  </fingerprint>
1113
+
963
1114
  <fingerprint pattern="^.*Lexmark Optra (\S+) FTP Server (\S+) ready\.$" certainty="1.0">
964
1115
  <description>Lexmark Optra Printer</description>
965
1116
  <example os.product="T612">lex142785470853 Lexmark Optra T612 FTP Server 3.20.30 ready.</example>
@@ -974,6 +1125,7 @@ more text</example>
974
1125
  <param pos="0" name="hw.device" value="Printer"/>
975
1126
  <param pos="1" name="hw.product"/>
976
1127
  </fingerprint>
1128
+
977
1129
  <fingerprint pattern="^SHARP (MX-\S+) Ver (\S+) FTP server\.$" certainty="1.0">
978
1130
  <description>Sharp Printer/Copier/Scanne</description>
979
1131
  <example os.product="MX-6200N" os.version="01.02.00.0e">SHARP MX-6200N Ver 01.02.00.0e FTP server.</example>
@@ -995,6 +1147,7 @@ more text</example>
995
1147
  <param pos="0" name="hw.family" value="MX Series"/>
996
1148
  <param pos="1" name="hw.product"/>
997
1149
  </fingerprint>
1150
+
998
1151
  <fingerprint pattern="^(FS-\S+MFP\S*?) FTP server\.?$" certainty="1.0">
999
1152
  <description>Kyocera Printer with version string</description>
1000
1153
  <example os.product="FS-C2126MFP">FS-C2126MFP FTP server</example>
@@ -1007,6 +1160,7 @@ more text</example>
1007
1160
  <param pos="0" name="hw.device" value="Multifunction Device"/>
1008
1161
  <param pos="1" name="hw.product"/>
1009
1162
  </fingerprint>
1163
+
1010
1164
  <fingerprint pattern="^(FS-\S+(?:DN|D|N)) FTP server\.?$" certainty="1.0">
1011
1165
  <description>Kyocera Printer</description>
1012
1166
  <example os.product="FS-1370DN">FS-1370DN FTP server</example>
@@ -1020,6 +1174,7 @@ more text</example>
1020
1174
  <param pos="0" name="hw.family" value="FS"/>
1021
1175
  <param pos="1" name="hw.product"/>
1022
1176
  </fingerprint>
1177
+
1023
1178
  <fingerprint pattern="^(ESI-\S+) Version (\S+) ready\.$" certainty="1.0">
1024
1179
  <description>Extended Systems ExtendNet Print Server</description>
1025
1180
  <example os.product="ESI-2941B">ESI-2941B Version 6.34 ready.</example>
@@ -1041,6 +1196,7 @@ more text</example>
1041
1196
  <param pos="0" name="hw.device" value="Print server"/>
1042
1197
  <param pos="1" name="hw.product"/>
1043
1198
  </fingerprint>
1199
+
1044
1200
  <fingerprint pattern="^SATO SATO PRINTER Ver (\S+) FTP server\.$" certainty="1.0">
1045
1201
  <description>SATO Printer</description>
1046
1202
  <example os.version="A1.2.3">SATO SATO PRINTER Ver A1.2.3 FTP server.</example>
@@ -1051,6 +1207,7 @@ more text</example>
1051
1207
  <param pos="0" name="hw.vendor" value="SATO"/>
1052
1208
  <param pos="0" name="hw.device" value="Printer"/>
1053
1209
  </fingerprint>
1210
+
1054
1211
  <fingerprint pattern="^Printer FTP (\d+\.\d+\.\d+) ready at (\w{3} \d{2} \d{2}:\d{2}:\d{2})$" certainty="1.0">
1055
1212
  <description>AMTDatasouth Fastmark M5</description>
1056
1213
  <example os.version="4.8.7">Printer FTP 4.8.7 ready at Apr 30 20:13:23</example>
@@ -1068,6 +1225,7 @@ more text</example>
1068
1225
  <param pos="0" name="hw.product" value="Fastmark M5"/>
1069
1226
  <param pos="0" name="hw.device" value="Printer"/>
1070
1227
  </fingerprint>
1228
+
1071
1229
  <fingerprint pattern="^EFI FTP Print server ready\.$" certainty="0.8">
1072
1230
  <description>EFI FTP Print Server</description>
1073
1231
  <example>EFI FTP Print server ready.</example>
@@ -1077,7 +1235,9 @@ more text</example>
1077
1235
  <param pos="0" name="os.product" value="Fiery Print Server"/>
1078
1236
  <param pos="0" name="os.device" value="Print server"/>
1079
1237
  </fingerprint>
1238
+
1080
1239
  <!-- Conjectured based on known MX FTP fingerprints -->
1240
+
1081
1241
  <fingerprint pattern="^SHARP (AR-\S+) Ver (\S+) FTP server">
1082
1242
  <description>Sharp AR Series multifunction device</description>
1083
1243
  <example os.product="AR-M450">SHARP AR-M450 Ver 01.05.00.0k FTP server.</example>
@@ -1091,6 +1251,7 @@ more text</example>
1091
1251
  <param pos="0" name="hw.family" value="AR Series"/>
1092
1252
  <param pos="1" name="hw.product"/>
1093
1253
  </fingerprint>
1254
+
1094
1255
  <fingerprint pattern="^KONICA MINOLTA FTP server ready\.?$">
1095
1256
  <description>Konica Minolta FTP Server - w/o version</description>
1096
1257
  <example>KONICA MINOLTA FTP server ready.</example>
@@ -1103,6 +1264,7 @@ more text</example>
1103
1264
  <param pos="0" name="hw.vendor" value="Konica Minolta"/>
1104
1265
  <param pos="0" name="hw.product" value="Printer"/>
1105
1266
  </fingerprint>
1267
+
1106
1268
  <fingerprint pattern="^(KM\S+) FTP server \(KM FTPD version (\d*(?:\.\d*))\) ready\.?$">
1107
1269
  <description>Konica Minolta FTP Server</description>
1108
1270
  <example os.product="KM23BC97" service.version="1.00">KM23BC97 FTP server (KM FTPD version 1.00) ready.</example>
@@ -1120,6 +1282,7 @@ more text</example>
1120
1282
  <param pos="0" name="service.product" value="KM FTPD"/>
1121
1283
  <param pos="2" name="service.version"/>
1122
1284
  </fingerprint>
1285
+
1123
1286
  <fingerprint pattern="^(ZBR-\d+) Version (\S+) ready\.?$">
1124
1287
  <description>ZebraNet Print Server FTP</description>
1125
1288
  <example os.product="ZBR-46686">ZBR-46686 Version 7.02 ready.</example>
@@ -1133,6 +1296,7 @@ more text</example>
1133
1296
  <param pos="0" name="hw.device" value="Print server"/>
1134
1297
  <param pos="1" name="hw.product"/>
1135
1298
  </fingerprint>
1299
+
1136
1300
  <fingerprint pattern="^(ET(\S+)) Dell (\S+ Laser Printer) FTP Server">
1137
1301
  <description>Dell Laser Printer</description>
1138
1302
  <example host.name="ET0021B71A1111" host.mac="0021B71A1111" hw.product="2350dn Laser Printer">ET0021B71A1111 Dell 2350dn Laser Printer FTP Server NR.APS.N449 ready.</example>
@@ -1144,12 +1308,14 @@ more text</example>
1144
1308
  <param pos="2" name="host.mac"/>
1145
1309
  <param pos="3" name="hw.product"/>
1146
1310
  </fingerprint>
1311
+
1147
1312
  <fingerprint pattern="^(\S+) FTP server \(Version \S+ \w+ \w+ \d{1,2} \d{1,2}:\d{1,2}:\d{1,2} [A-Z]+ (?:1|2)\d{3}\) ready\.?$">
1148
1313
  <description>Generic/unknown FTP Server found on HP-UX and AIX systems</description>
1149
1314
  <example host.name="host.example.com">host.example.com FTP server (Version 4.1 Sat Sep 7 14:31:53 CDT 2002) ready.</example>
1150
1315
  <example host.name="host.example.com">host.example.com FTP server (Version 5.3 Sat Jan 10 14:01:03 CDT 2012) ready</example>
1151
1316
  <param pos="1" name="host.name"/>
1152
1317
  </fingerprint>
1318
+
1153
1319
  <fingerprint pattern="^Welcome to the (?:Cisco )?(?:TelePresence) ([a-zA-Z\s]*?) ((?:MSE )?\d+), version (\d+.\d+\(\d+.\d+\)).*?" flags="REG_ICASE">
1154
1320
  <description>Cisco TelePresence</description>
1155
1321
  <example hw.series="AM GW" os.version="1.1(1.34)" hw.model="3610">Welcome to the Cisco TelePresence AM GW 3610, version 1.1(1.34) </example>
@@ -1165,6 +1331,7 @@ more text</example>
1165
1331
  <param pos="2" name="hw.model"/>
1166
1332
  <param pos="3" name="os.version"/>
1167
1333
  </fingerprint>
1334
+
1168
1335
  <fingerprint pattern="^(\S+) FTP server \((?:HP|Compaq) Tru64 UNIX Version (\S+)\) ready\.?$">
1169
1336
  <description>Digital/Compaq/HP Tru64 Unix</description>
1170
1337
  <example host.name="example.com" os.version="5.60">example.com FTP server (Compaq Tru64 UNIX Version 5.60) ready.</example>
@@ -1173,8 +1340,9 @@ more text</example>
1173
1340
  <param pos="0" name="os.product" value="Tru64 Unix"/>
1174
1341
  <param pos="1" name="host.name"/>
1175
1342
  <param pos="2" name="os.version"/>
1176
- <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
1343
+ <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64_unix:{os.version}"/>
1177
1344
  </fingerprint>
1345
+
1178
1346
  <fingerprint pattern="^(\S+) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
1179
1347
  <description>Digital/Compaq/HP Tru64 Unix w/o branding</description>
1180
1348
  <example host.name="example.com" os.version="5.60">example.com FTP server (Digital UNIX Version 5.60) ready.</example>
@@ -1184,6 +1352,7 @@ more text</example>
1184
1352
  <param pos="1" name="host.name"/>
1185
1353
  <param pos="2" name="os.version"/>
1186
1354
  </fingerprint>
1355
+
1187
1356
  <fingerprint pattern="^(\S+) FTP server \(MikroTik ([\d\.]+)\) ready\.?$">
1188
1357
  <description>MikroTik</description>
1189
1358
  <example host.name="example.com" os.version="6.18">example.com FTP server (MikroTik 6.18) ready</example>
@@ -1193,14 +1362,18 @@ more text</example>
1193
1362
  <param pos="2" name="os.version"/>
1194
1363
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
1195
1364
  </fingerprint>
1196
- <fingerprint pattern="^MikroTik FTP server \(MikroTik ([\w.]+)\) ready\.?$">
1197
- <description>MikroTik w/o hostname</description>
1198
- <example os.version="6.0rc14">MikroTik FTP server (MikroTik 6.0rc14) ready</example>
1365
+
1366
+ <fingerprint pattern="^.* FTP server \(MikroTik (\d\.[\w\.]+)\) ready\.?$">
1367
+ <description>MikroTik with description</description>
1368
+ <example os.version="6.43.16">Super Thing_Place- FTP server (MikroTik 6.43.16) ready</example>
1369
+ <example os.version="6.43.16beta2">Super Thing_Place- FTP server (MikroTik 6.43.16beta2) ready</example>
1370
+ <example os.version="6.43.16rc56">Super Thing_Place- FTP server (MikroTik 6.43.16rc56) ready</example>
1199
1371
  <param pos="0" name="os.vendor" value="MikroTik"/>
1200
1372
  <param pos="0" name="os.product" value="RouterOS"/>
1201
1373
  <param pos="1" name="os.version"/>
1202
1374
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
1203
1375
  </fingerprint>
1376
+
1204
1377
  <fingerprint pattern="^Welcome to ASUS (B?RT-[\w.-]+) FTP service\.$">
1205
1378
  <description>FTPD on an Asus Wireless Access Point/Router</description>
1206
1379
  <example hw.product="RT-AC68U">Welcome to ASUS RT-AC68U FTP service.</example>
@@ -1212,6 +1385,7 @@ more text</example>
1212
1385
  <param pos="0" name="hw.device" value="WAP"/>
1213
1386
  <param pos="1" name="hw.product"/>
1214
1387
  </fingerprint>
1388
+
1215
1389
  <fingerprint pattern="^Welcome to ASUS (DSL-[\w.-]+) FTP service\.$">
1216
1390
  <description>FTPD on a ADSL/VDSL Modem/Wireless Access Point/Router</description>
1217
1391
  <example hw.product="DSL-AC68U">Welcome to ASUS DSL-AC68U FTP service.</example>
@@ -1222,6 +1396,7 @@ more text</example>
1222
1396
  <param pos="0" name="hw.device" value="DSL Modem"/>
1223
1397
  <param pos="1" name="hw.product"/>
1224
1398
  </fingerprint>
1399
+
1225
1400
  <fingerprint pattern="^Welcome to ASUS (TM-\w+) FTP service\.$">
1226
1401
  <description>FTPD on a T-Mobile branded Asus Wireless Access Point/Router</description>
1227
1402
  <example hw.product="TM-AC1900">Welcome to ASUS TM-AC1900 FTP service.</example>
@@ -1231,6 +1406,7 @@ more text</example>
1231
1406
  <param pos="0" name="hw.device" value="WAP"/>
1232
1407
  <param pos="1" name="hw.product"/>
1233
1408
  </fingerprint>
1409
+
1234
1410
  <fingerprint pattern="^(FRITZ!Box[\w()]+) FTP server ready\.$">
1235
1411
  <description>FTPD on an AWM multifunction Modem/Wireless Access Point/Router/VoIP device</description>
1236
1412
  <example hw.product="FRITZ!Box7490">FRITZ!Box7490 FTP server ready.</example>
@@ -1244,6 +1420,7 @@ more text</example>
1244
1420
  <param pos="0" name="hw.family" value="FRITZ!Box"/>
1245
1421
  <param pos="1" name="hw.product"/>
1246
1422
  </fingerprint>
1423
+
1247
1424
  <fingerprint pattern="^HES_CPE FTP server \(GNU inetutils ([\w.]+)\) ready\.$">
1248
1425
  <description>FTPD on a ZyXEL (Huawei rebrand) WiMax WAP</description>
1249
1426
  <example service.version="1.4.1">HES_CPE FTP server (GNU inetutils 1.4.1) ready.</example>
@@ -1251,10 +1428,11 @@ more text</example>
1251
1428
  <param pos="0" name="service.product" value="inetutils ftpd"/>
1252
1429
  <param pos="0" name="service.vendor" value="GNU"/>
1253
1430
  <param pos="1" name="service.version"/>
1254
- <param pos="0" name="hw.vendor" value="ZyXEL"/>
1431
+ <param pos="0" name="hw.vendor" value="Zyxel"/>
1255
1432
  <param pos="0" name="hw.family" value="WiMax"/>
1256
1433
  <param pos="0" name="hw.device" value="WAP"/>
1257
1434
  </fingerprint>
1435
+
1258
1436
  <fingerprint pattern="^Speedport W ?(\S+) (?:Typ [A|B] )?FTP Server v([\d.]+) ready$$">
1259
1437
  <description>FTPD on Speedport WLAN/ADSL routers (Deutsche Telekom mfg by misc)</description>
1260
1438
  <example hw.product="723V" os.version="1.40.000">Speedport W 723V Typ B FTP Server v1.40.000 ready</example>
@@ -1266,6 +1444,7 @@ more text</example>
1266
1444
  <param pos="1" name="hw.product"/>
1267
1445
  <param pos="2" name="os.version"/>
1268
1446
  </fingerprint>
1447
+
1269
1448
  <fingerprint pattern="^DiskStation FTP server ready\.$">
1270
1449
  <description>FTPD on a Synology DiskStation NAS</description>
1271
1450
  <example>DiskStation FTP server ready.</example>
@@ -1278,6 +1457,7 @@ more text</example>
1278
1457
  <param pos="0" name="hw.family" value="DiskStation"/>
1279
1458
  <param pos="0" name="hw.device" value="NAS"/>
1280
1459
  </fingerprint>
1460
+
1281
1461
  <fingerprint pattern="^Synology FTP server ready\.$" flags="REG_ICASE">
1282
1462
  <description>FTPD on a Synology device</description>
1283
1463
  <example>Synology FTP server ready.</example>
@@ -1289,6 +1469,7 @@ more text</example>
1289
1469
  <param pos="0" name="os.product" value="Linux"/>
1290
1470
  <param pos="0" name="hw.vendor" value="Synology"/>
1291
1471
  </fingerprint>
1472
+
1292
1473
  <fingerprint pattern="^.Welcome to MyBookLive.$">
1293
1474
  <description>FTPD on Western Digital My Book Live NAS</description>
1294
1475
  <example>"Welcome to MyBookLive"</example>
@@ -1297,6 +1478,7 @@ more text</example>
1297
1478
  <param pos="0" name="hw.product" value="My Book Live"/>
1298
1479
  <param pos="0" name="hw.device" value="NAS"/>
1299
1480
  </fingerprint>
1481
+
1300
1482
  <fingerprint pattern="^Multicraft ([\w.-]+) FTP server$">
1301
1483
  <description>Multicraft FTPD Server</description>
1302
1484
  <example service.version="2.0.2">Multicraft 2.0.2 FTP server</example>
@@ -1306,6 +1488,7 @@ more text</example>
1306
1488
  <param pos="0" name="service.vendor" value="Multicraft"/>
1307
1489
  <param pos="1" name="service.version"/>
1308
1490
  </fingerprint>
1491
+
1309
1492
  <fingerprint pattern="^bftpd ([\d.]+) at ([a-f\d.:]+) ready\.$">
1310
1493
  <description>Bftpd FTPD Server</description>
1311
1494
  <example service.version="2.2.1" host.ip="192.168.0.1">bftpd 2.2.1 at 192.168.0.1 ready.</example>
@@ -1317,6 +1500,7 @@ more text</example>
1317
1500
  <param pos="0" name="service.cpe23" value="cpe:/a:bftpd_project:bftpd:{service.version}"/>
1318
1501
  <param pos="2" name="host.ip"/>
1319
1502
  </fingerprint>
1503
+
1320
1504
  <fingerprint pattern="^NASFTPD Turbo station (?:2.x )?([\w.]+) Server \(ProFTPD\)(?: \[([a-f\d.:]+)\])?$">
1321
1505
  <description>ProFTPD on QNAP Turbo Station NAS</description>
1322
1506
  <example service.version="1.3.5a" host.ip="192.168.1.100">NASFTPD Turbo station 1.3.5a Server (ProFTPD) [192.168.1.100]</example>
@@ -1332,6 +1516,7 @@ more text</example>
1332
1516
  <param pos="0" name="hw.device" value="NAS"/>
1333
1517
  <param pos="2" name="host.ip"/>
1334
1518
  </fingerprint>
1519
+
1335
1520
  <fingerprint pattern="^Twisted ([\w.]+) FTP Server$">
1336
1521
  <description>Twisted (Python) FTP Server</description>
1337
1522
  <example service.version="14.0.0">Twisted 14.0.0 FTP Server</example>
@@ -1341,6 +1526,7 @@ more text</example>
1341
1526
  <param pos="0" name="service.vendor" value="Twisted Matrix Labs"/>
1342
1527
  <param pos="1" name="service.version"/>
1343
1528
  </fingerprint>
1529
+
1344
1530
  <fingerprint pattern="^Gene6 FTP Server v(\d{1,2}\.\d{1,2}\.\d{1,2}\s{1,2}\(Build \d{1,2}\)) ready\.\.\.$">
1345
1531
  <description>Gene6 FTP Server on Windows</description>
1346
1532
  <example service.version="3.10.0 (Build 2)">Gene6 FTP Server v3.10.0 (Build 2) ready...</example>
@@ -1354,6 +1540,7 @@ more text</example>
1354
1540
  <param pos="0" name="os.product" value="Windows"/>
1355
1541
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1356
1542
  </fingerprint>
1543
+
1357
1544
  <fingerprint pattern="^([\w.-]+) X2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
1358
1545
  <description>WS_FTP FTP Server on Windows - X2 variant</description>
1359
1546
  <example service.version="7.7(50012467)" host.name="a.host.name.tld">a.host.name.tld X2 WS_FTP Server 7.7(50012467)</example>
@@ -1369,6 +1556,7 @@ more text</example>
1369
1556
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1370
1557
  <param pos="1" name="host.name"/>
1371
1558
  </fingerprint>
1559
+
1372
1560
  <fingerprint pattern="^V2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
1373
1561
  <description>WS_FTP FTP Server on Windows - V2 variant</description>
1374
1562
  <example service.version="6.1(05544322)">V2 WS_FTP Server 6.1(05544322)</example>
@@ -1382,24 +1570,27 @@ more text</example>
1382
1570
  <param pos="0" name="os.product" value="Windows"/>
1383
1571
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1384
1572
  </fingerprint>
1573
+
1385
1574
  <fingerprint pattern="^FTP Server \(ZyWALL (USG\s?[\w-]+)\) \[([a-f\d:.]+)\]$">
1386
1575
  <description>ZyXEL Unified Security Gateway</description>
1387
1576
  <example hw.product="USG 20" host.ip="::ffff:192.168.0.2">FTP Server (ZyWALL USG 20) [::ffff:192.168.0.2]</example>
1388
1577
  <example hw.product="USG100-PLUS" host.ip="::ffff:192.168.5.101">FTP Server (ZyWALL USG100-PLUS) [::ffff:192.168.5.101]</example>
1389
1578
  <example hw.product="USG 20" host.ip="10.0.0.2">FTP Server (ZyWALL USG 20) [10.0.0.2]</example>
1390
- <param pos="0" name="service.vendor" value="ZyXEL"/>
1579
+ <param pos="0" name="service.vendor" value="Zyxel"/>
1391
1580
  <param pos="0" name="service.family" value="Unified Security Gateway"/>
1392
1581
  <param pos="0" name="service.product" value="FTPD"/>
1393
1582
  <param pos="2" name="host.ip"/>
1394
- <param pos="0" name="hw.vendor" value="ZyXEL"/>
1583
+ <param pos="0" name="hw.vendor" value="Zyxel"/>
1395
1584
  <param pos="0" name="hw.family" value="Unified Security Gateway"/>
1396
1585
  <param pos="1" name="hw.product"/>
1397
1586
  </fingerprint>
1587
+
1398
1588
  <fingerprint pattern="^Welcome to TP-LINK FTP server$">
1399
1589
  <description>FTPD on a TP-LINK device (no version/host info)</description>
1400
1590
  <example>Welcome to TP-LINK FTP server</example>
1401
1591
  <param pos="0" name="hw.vendor" value="TP-LINK"/>
1402
1592
  </fingerprint>
1593
+
1403
1594
  <fingerprint pattern="^TP-LINK FTP version ([\d\.]+)">
1404
1595
  <description>FTPD on a TP-LINK device with version, but no host info</description>
1405
1596
  <example service.version="1.0">TP-LINK FTP version 1.0 ready at Wed May 1 20:51:49 2019</example>
@@ -1407,6 +1598,7 @@ more text</example>
1407
1598
  <param pos="0" name="service.product" value="FTPD"/>
1408
1599
  <param pos="1" name="service.version"/>
1409
1600
  </fingerprint>
1601
+
1410
1602
  <fingerprint pattern="^ucftpd\((\w{3}\s+\d{1,2} \d{4}-\d\d:\d\d:\d\d)\) FTP server ready\.$">
1411
1603
  <description>ucftpd with version</description>
1412
1604
  <example service.version="Jul 2 2012-22:13:49">ucftpd(Jul 2 2012-22:13:49) FTP server ready.</example>
@@ -1415,18 +1607,21 @@ more text</example>
1415
1607
  <param pos="0" name="service.product" value="ucftpd"/>
1416
1608
  <param pos="1" name="service.version"/>
1417
1609
  </fingerprint>
1610
+
1418
1611
  <fingerprint pattern="^ucftpd FTP server ready\.$">
1419
1612
  <description>ucftpd without version</description>
1420
1613
  <example>ucftpd FTP server ready.</example>
1421
1614
  <param pos="0" name="service.family" value="ucftpd"/>
1422
1615
  <param pos="0" name="service.product" value="ucftpd"/>
1423
1616
  </fingerprint>
1617
+
1424
1618
  <fingerprint pattern="^Welcome to TBS FTP Server\.$">
1425
1619
  <description>TBS FTP Server</description>
1426
1620
  <example>Welcome to TBS FTP Server.</example>
1427
1621
  <param pos="0" name="service.family" value="TBS FTP Server"/>
1428
1622
  <param pos="0" name="service.product" value="TBS FTP Server"/>
1429
1623
  </fingerprint>
1624
+
1430
1625
  <fingerprint pattern="^Sofrel (S5[\w]+) SN ([\d-]+) ready. Time is (\d{2}:\d{2}:\d{2} \d{2}\/\d{2}\/\d{2})\.$">
1431
1626
  <description>Sofrel Remote Terminal Unit</description>
1432
1627
  <example hw.product="S500" host.id="01-499-00427" system.time="00:11:39 01/11/16">Sofrel S500 SN 01-499-00427 ready. Time is 00:11:39 01/11/16.</example>
@@ -1437,6 +1632,7 @@ more text</example>
1437
1632
  <param pos="0" name="system.time.format" value="HH:mm:ss dd/MM/yy"/>
1438
1633
  <param pos="3" name="system.time"/>
1439
1634
  </fingerprint>
1635
+
1440
1636
  <fingerprint pattern="^TiMOS-[CB]-([\S]+) cpm\/[\w]+ ALCATEL (SR [\S]+) Copyright .{1,4}$">
1441
1637
  <description>ALCATEL Service Router running TiMOS</description>
1442
1638
  <example os.version="13.0.R9">TiMOS-C-13.0.R9 cpm/hops64 ALCATEL SR 7750 Copyright (</example>
@@ -1447,11 +1643,13 @@ more text</example>
1447
1643
  <param pos="0" name="hw.family" value="Service Router"/>
1448
1644
  <param pos="2" name="hw.product"/>
1449
1645
  </fingerprint>
1646
+
1450
1647
  <fingerprint pattern="^(\S+) FTP server ready\.?$" flags="REG_ICASE">
1451
1648
  <description>Generic FTP fingerprint with a hostname</description>
1452
1649
  <example host.name="example.com">example.com FTP server ready.</example>
1453
1650
  <param pos="1" name="host.name"/>
1454
1651
  </fingerprint>
1652
+
1455
1653
  <fingerprint pattern="^(\S+) FTP server \(Version (\d.*)\) ready\.?$" flags="REG_ICASE">
1456
1654
  <description>Generic FTP fingerprint with a hostname and a version for a generic FTP implementation</description>
1457
1655
  <example host.name="example.com" service.version="6.00LS">example.com FTP server (Version 6.00LS) ready.</example>
@@ -1459,6 +1657,7 @@ more text</example>
1459
1657
  <param pos="1" name="host.name"/>
1460
1658
  <param pos="2" name="service.version"/>
1461
1659
  </fingerprint>
1660
+
1462
1661
  <fingerprint pattern="(?i)^FTP[\- ]+(?:server|service)?(?:(?: is)? ready)?\.?$">
1463
1662
  <description>Generic FTP fingerprint without a hostname</description>
1464
1663
  <example>FTP server is ready.</example>
@@ -1468,12 +1667,14 @@ more text</example>
1468
1667
  <example>FTP Server</example>
1469
1668
  <example>FTP service ready.</example>
1470
1669
  </fingerprint>
1670
+
1471
1671
  <fingerprint pattern="^Welcom to ProRat Ftp Server$">
1472
1672
  <description>The FTP server of the ProRat malware</description>
1473
1673
  <example>Welcom to ProRat Ftp Server</example>
1474
1674
  <param pos="0" name="service.vendor" value="Pro Group"/>
1475
1675
  <param pos="0" name="service.product" value="ProRat"/>
1476
1676
  </fingerprint>
1677
+
1477
1678
  <fingerprint pattern="^(?:(\S+) )?FTP Server \(vftpd ([\d.]+)\) ready\.?$">
1478
1679
  <description>Vermillion FTP Daemon</description>
1479
1680
  <example host.name="srv.name" service.version="1.23">srv.name FTP Server (vftpd 1.23) ready.</example>
@@ -1487,6 +1688,7 @@ more text</example>
1487
1688
  <param pos="2" name="service.version"/>
1488
1689
  <param pos="1" name="host.name"/>
1489
1690
  </fingerprint>
1691
+
1490
1692
  <fingerprint pattern="^(?:(\S+) )?FTP server \(QVT\/Net ([\d.]+)\) ready\.?$">
1491
1693
  <description>QVT/Net FTP Server</description>
1492
1694
  <example host.name="siren" service.version="5.1">siren FTP server (QVT/Net 5.1) ready.</example>
@@ -1500,6 +1702,7 @@ more text</example>
1500
1702
  <param pos="2" name="service.version"/>
1501
1703
  <param pos="1" name="host.name"/>
1502
1704
  </fingerprint>
1705
+
1503
1706
  <fingerprint pattern="Amazon\sLinux\sAMI\srelease\s(\d+\.\d+)">
1504
1707
  <description>Amazon Linux AMI</description>
1505
1708
  <example os.version="2016.09">Amazon Linux AMI release 2016.09</example>
@@ -1508,8 +1711,10 @@ more text</example>
1508
1711
  <param pos="0" name="os.product" value="Linux AMI"/>
1509
1712
  <param pos="1" name="os.version"/>
1510
1713
  </fingerprint>
1714
+
1511
1715
  <!-- Below are banners for FTP service providers, not necessarily
1512
1716
  specific FTP servers-->
1717
+
1513
1718
  <fingerprint pattern="^Idea FTP Server ([\d\.]+) \((.*)\) \[(.+)\]$">
1514
1719
  <description>Idea FTP Server</description>
1515
1720
  <example service.version="0.83.213" host.name="localhost" host.ip="1.2.3.4">Idea FTP Server 0.83.213 (localhost) [1.2.3.4]</example>
@@ -1520,18 +1725,21 @@ more text</example>
1520
1725
  <param pos="2" name="host.name"/>
1521
1726
  <param pos="3" name="host.ip"/>
1522
1727
  </fingerprint>
1728
+
1523
1729
  <fingerprint pattern="^Amazon Ftp$">
1524
1730
  <description>Amazon FTP endpoint</description>
1525
1731
  <example>Amazon Ftp</example>
1526
1732
  <param pos="0" name="service.vendor" value="Amazon"/>
1527
1733
  <param pos="0" name="service.product" value="FTP Server"/>
1528
1734
  </fingerprint>
1735
+
1529
1736
  <fingerprint pattern="^Dreamhost FTP Server$">
1530
1737
  <description>Dreamhost FTP endpoint</description>
1531
1738
  <example>Dreamhost FTP Server</example>
1532
1739
  <param pos="0" name="service.vendor" value="Dreamhost"/>
1533
1740
  <param pos="0" name="service.product" value="FTP Server"/>
1534
1741
  </fingerprint>
1742
+
1535
1743
  <fingerprint pattern="^QTCP at ([a-zA-Z0-9\.\_\-]+)$">
1536
1744
  <description>IBM iSeries FTP</description>
1537
1745
  <example host.name="core.bank.local.">QTCP at core.bank.local.</example>
@@ -1541,6 +1749,7 @@ more text</example>
1541
1749
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:-"/>
1542
1750
  <param pos="1" name="host.name"/>
1543
1751
  </fingerprint>
1752
+
1544
1753
  <fingerprint pattern="^HomeLogic FTP Server">
1545
1754
  <description>ELAN Smart Home Controller</description>
1546
1755
  <example>HomeLogic FTP Server Please Give User Name</example>
@@ -1549,5 +1758,29 @@ more text</example>
1549
1758
  <param pos="0" name="hw.product" value="Home Controller"/>
1550
1759
  <param pos="0" name="os.vendor" value="ELAN"/>
1551
1760
  <param pos="0" name="os.family" value="Linux"/>
1552
- </fingerprint>
1553
- </fingerprints>
1761
+ </fingerprint>
1762
+
1763
+ <fingerprint pattern="^Welcome to Honeywell Printer (PM\d+)\S+?$">
1764
+ <description>Honeywell Thermal Label Printer (Previously Intermec)</description>
1765
+ <example hw.product="Thermal Label Printer PM43">Welcome to Honeywell Printer PM43c</example>
1766
+ <param pos="0" name="hw.vendor" value="Honeywell"/>
1767
+ <param pos="1" name="hw.model"/>
1768
+ <param pos="0" name="hw.product" value="Thermal Label Printer {hw.model}"/>
1769
+ <param pos="0" name="hw.device" value="Printer"/>
1770
+ <param pos="0" name="os.vendor" value="Honeywell"/>
1771
+ <param pos="0" name="os.product" value="Thermal Label Printer {hw.model}"/>
1772
+ <param pos="0" name="os.device" value="Printer"/>
1773
+ </fingerprint>
1774
+
1775
+ <fingerprint pattern="^SurgeFTP ([\S]+) \(Version ([a-f\d.]+)\)$">
1776
+ <description>NetWin SurgeFTP</description>
1777
+ <example service.version="2.3a12">SurgeFTP 192.168.0.0 (Version 2.3a12)</example>
1778
+ <example host.name="foo.bar.baz">SurgeFTP foo.bar.baz (Version 2.2f9)</example>
1779
+ <param pos="0" name="service.vendor" value="NetWin"/>
1780
+ <param pos="0" name="service.product" value="SurgeFTP"/>
1781
+ <param pos="2" name="service.version"/>
1782
+ <param pos="0" name="service.cpe23" value="cpe:/a:netwin:surgeftp:{service.version}"/>
1783
+ <param pos="1" name="host.name"/>
1784
+ </fingerprint>
1785
+
1786
+ </fingerprints>