recog-intrigue 2.3.7 → 2.3.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. checksums.yaml +4 -4
  2. data/.github/SECURITY.md +35 -0
  3. data/.gitignore +9 -0
  4. data/CONTRIBUTING.md +136 -37
  5. data/README.md +18 -16
  6. data/bin/recog_cleanup +16 -0
  7. data/bin/recog_standardize +30 -6
  8. data/cpe-remap.yaml +38 -1
  9. data/identifiers/README.md +9 -0
  10. data/identifiers/hw_device.txt +77 -0
  11. data/identifiers/hw_family.txt +96 -0
  12. data/identifiers/hw_product.txt +328 -0
  13. data/identifiers/os_architecture.txt +6 -6
  14. data/identifiers/os_device.txt +45 -3
  15. data/identifiers/os_family.txt +206 -41
  16. data/identifiers/os_product.txt +238 -17
  17. data/identifiers/service_family.txt +144 -57
  18. data/identifiers/service_product.txt +385 -83
  19. data/identifiers/vendor.txt +554 -68
  20. data/lib/recog/version.rb +1 -1
  21. data/requirements.txt +1 -1
  22. data/update_cpes.py +4 -1
  23. data/xml/apache_modules.xml +292 -5
  24. data/xml/apache_os.xml +41 -2
  25. data/xml/architecture.xml +11 -3
  26. data/xml/dns_versionbind.xml +200 -26
  27. data/xml/favicons.xml +1701 -0
  28. data/xml/ftp_banners.xml +256 -23
  29. data/xml/h323_callresp.xml +112 -12
  30. data/xml/hp_pjl_id.xml +47 -5
  31. data/xml/html_title.xml +1156 -70
  32. data/xml/http_cookies.xml +69 -11
  33. data/xml/http_servers.xml +1094 -107
  34. data/xml/http_wwwauth.xml +143 -27
  35. data/xml/imap_banners.xml +62 -13
  36. data/xml/ldap_searchresult.xml +81 -9
  37. data/xml/mdns_device-info_txt.xml +194 -17
  38. data/xml/mdns_workstation_txt.xml +4 -2
  39. data/xml/mysql_banners.xml +233 -40
  40. data/xml/mysql_error.xml +113 -6
  41. data/xml/nntp_banners.xml +10 -2
  42. data/xml/ntp_banners.xml +93 -9
  43. data/xml/operating_system.xml +90 -3
  44. data/xml/pop_banners.xml +87 -33
  45. data/xml/rsh_resp.xml +11 -2
  46. data/xml/rtsp_servers.xml +43 -23
  47. data/xml/sip_banners.xml +6 -11
  48. data/xml/sip_user_agents.xml +29 -2
  49. data/xml/smb_native_lm.xml +10 -2
  50. data/xml/smb_native_os.xml +80 -2
  51. data/xml/smtp_banners.xml +233 -13
  52. data/xml/smtp_debug.xml +6 -4
  53. data/xml/smtp_ehlo.xml +7 -5
  54. data/xml/smtp_expn.xml +13 -4
  55. data/xml/smtp_help.xml +23 -4
  56. data/xml/smtp_mailfrom.xml +5 -2
  57. data/xml/smtp_noop.xml +6 -5
  58. data/xml/smtp_quit.xml +5 -4
  59. data/xml/smtp_rcptto.xml +5 -2
  60. data/xml/smtp_rset.xml +4 -4
  61. data/xml/smtp_turn.xml +4 -4
  62. data/xml/smtp_vrfy.xml +14 -4
  63. data/xml/snmp_sysdescr.xml +741 -32
  64. data/xml/snmp_sysobjid.xml +47 -2
  65. data/xml/ssh_banners.xml +255 -81
  66. data/xml/telnet_banners.xml +503 -30
  67. data/xml/x11_banners.xml +26 -3
  68. data/xml/x509_issuers.xml +37 -13
  69. data/xml/x509_subjects.xml +214 -52
  70. metadata +12 -5
data/xml/ftp_banners.xml CHANGED
@@ -1,9 +1,10 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="ftp.banner" protocol="ftp" database_type="service" preference="0.90">
3
3
  <!--
4
4
  FTP greeting messages (part of the banner after the response code) are matched
5
5
  against these patterns to fingerprint FTP servers.
6
6
  -->
7
+
7
8
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version ([1234]\.\d+)\)\.$">
8
9
  <description>Microsoft FTP Server on Windows NT</description>
9
10
  <example>xx Microsoft FTP Service (Version 3.0).</example>
@@ -18,6 +19,7 @@
18
19
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_nt:-"/>
19
20
  <param pos="1" name="host.name"/>
20
21
  </fingerprint>
22
+
21
23
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.0\)\.$">
22
24
  <description>Microsoft FTP Server on Windows 2000</description>
23
25
  <example>xxx Microsoft FTP Service (Version 5.0).</example>
@@ -32,6 +34,7 @@
32
34
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
33
35
  <param pos="1" name="host.name"/>
34
36
  </fingerprint>
37
+
35
38
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.1\)\.$">
36
39
  <description>Microsoft FTP Server on Windows XP, 2003 or later versions of 2000</description>
37
40
  <example>xxx Microsoft FTP Service (Version 5.1).</example>
@@ -45,6 +48,7 @@
45
48
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
46
49
  <param pos="1" name="host.name"/>
47
50
  </fingerprint>
51
+
48
52
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service$">
49
53
  <description>Microsoft FTP Server on Windows XP, 2003 or later without version</description>
50
54
  <example>hostname Microsoft FTP Service</example>
@@ -58,6 +62,7 @@
58
62
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
59
63
  <param pos="1" name="host.name"/>
60
64
  </fingerprint>
65
+
61
66
  <fingerprint pattern="^Microsoft FTP Service$">
62
67
  <description>Microsoft FTP Server on Windows XP, 2003 or later without version or hostname</description>
63
68
  <example>Microsoft FTP Service</example>
@@ -70,6 +75,7 @@
70
75
  <param pos="0" name="os.product" value="Windows"/>
71
76
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
72
77
  </fingerprint>
78
+
73
79
  <fingerprint pattern="^([^ ]+) +FTP +Server \(Version ([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
74
80
  <description>FTP on HPUX with a PHNE (HP Networking patch) installed</description>
75
81
  <example>example.com FTP server (Version 1.1.214.4(PHNE_38458) Mon Feb 15 06:03:12 GMT 2010) ready.</example>
@@ -82,6 +88,7 @@
82
88
  <param pos="1" name="host.name"/>
83
89
  <param pos="2" name="service.version"/>
84
90
  </fingerprint>
91
+
85
92
  <fingerprint pattern="^([^ ]+) +FTP +Server \(Revision \S+ Version wuftpd-([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
86
93
  <description>WU-FTPD on HPUX with a PHNE (HP Networking patch) installed</description>
87
94
  <example>example.com FTP server (Revision 1.1 Version wuftpd-2.6.1(PHNE_38578) Fri Sep 5 12:10:54 GMT 2008) ready.</example>
@@ -94,6 +101,7 @@
94
101
  <param pos="1" name="host.name"/>
95
102
  <param pos="2" name="service.version"/>
96
103
  </fingerprint>
104
+
97
105
  <fingerprint pattern="^(\S+)(?: \S+)? FTP Server \((?:Revision [\d\.]+ )?Version wu(?:ftpd)?-([\d\.]+).*\) ready.?$" flags="REG_ICASE">
98
106
  <description>WU-FTPD on various OS</description>
99
107
  <example host.name="example.com" service.version="2.6.2">example.com FTP server (Version wu-2.6.2(1) Sat Jul 19 16:21:30 UTC 2008) ready.</example>
@@ -105,6 +113,7 @@
105
113
  <param pos="1" name="host.name"/>
106
114
  <param pos="2" name="service.version"/>
107
115
  </fingerprint>
116
+
108
117
  <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\s+([\d\.]+).*\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
109
118
  <description>FTPD on Mac OS X Server with a version</description>
110
119
  <example host.name="example.com" os.version="10.3">example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.</example>
@@ -119,6 +128,7 @@ example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.</exampl
119
128
  <param pos="2" name="os.version"/>
120
129
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:{os.version}"/>
121
130
  </fingerprint>
131
+
122
132
  <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
123
133
  <description>FTPD on Mac OS X Server without a version</description>
124
134
  <example host.name="example.com">example.com FTP server (Version: Mac OS X Server) ready.</example>
@@ -132,6 +142,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
132
142
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:-"/>
133
143
  <param pos="1" name="host.name"/>
134
144
  </fingerprint>
145
+
135
146
  <fingerprint pattern="^(\S+)\s+FTP Server \(tnftpd (.*)\) ready\.?$" flags="REG_ICASE">
136
147
  <description>Simple tnftpd banner with a version</description>
137
148
  <example host.name="example.com" service.version="20061217">example.com FTP server (tnftpd 20061217) ready.</example>
@@ -139,6 +150,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
139
150
  <param pos="2" name="service.version"/>
140
151
  <param pos="1" name="host.name"/>
141
152
  </fingerprint>
153
+
142
154
  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.(1[1-9])\) ready\.?$" flags="REG_ICASE">
143
155
  <description>SunOS/Solaris</description>
144
156
  <example host.name="example.com" os.version="11">example.com FTP server (SunOS 5.11) ready.</example>
@@ -149,6 +161,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
149
161
  <param pos="2" name="os.version"/>
150
162
  <param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
151
163
  </fingerprint>
164
+
152
165
  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.([789]|10)\) ready\.?$" flags="REG_ICASE">
153
166
  <description>SunOS/Solaris 5.7-5.10</description>
154
167
  <example host.name="example.com" os.version="7">example.com FTP server (SunOS 5.7) ready.</example>
@@ -160,6 +173,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
160
173
  <param pos="2" name="os.version"/>
161
174
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
162
175
  </fingerprint>
176
+
163
177
  <fingerprint pattern="^(\S+) FTP Server \(SunOS 5.6\) ready\." flags="REG_ICASE">
164
178
  <description>SunOS 5.6 (Solaris 2.6)</description>
165
179
  <example host.name="example.com">example.com FTP Server (SunOS 5.6) ready.</example>
@@ -170,6 +184,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
170
184
  <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:2.6"/>
171
185
  <param pos="1" name="host.name"/>
172
186
  </fingerprint>
187
+
173
188
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Debian\) \[(.+)\]$">
174
189
  <description>ProFTPD on Debian Linux</description>
175
190
  <example>ProFTPD 1.3.0rc2 Server (Debian) [host]</example>
@@ -184,6 +199,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
184
199
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
185
200
  <param pos="2" name="host.name"/>
186
201
  </fingerprint>
202
+
187
203
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(W.+)\) \[(.+)\]$">
188
204
  <description>ProFTPD on a Linksys Wireless Access Point/Router</description>
189
205
  <example>ProFTPD 1.3.0rc2 Server (LinksysWRT350N) [host]</example>
@@ -197,6 +213,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
197
213
  <param pos="2" name="os.product"/>
198
214
  <param pos="3" name="host.name"/>
199
215
  </fingerprint>
216
+
200
217
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(NETGEAR ReadyNAS\) \[(.+)\]$">
201
218
  <description>ProFTPD on a Netgear ReadyNAS with a version and IP</description>
202
219
  <example service.version="1.3.3g" host.ip="192.168.1.10">ProFTPD 1.3.3g Server (NETGEAR ReadyNAS) [192.168.1.10]</example>
@@ -210,6 +227,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
210
227
  <param pos="0" name="hw.product" value="ReadyNAS"/>
211
228
  <param pos="2" name="host.ip"/>
212
229
  </fingerprint>
230
+
213
231
  <fingerprint pattern="^ProFTPD Server \(NETGEAR ReadyNAS\) \[(.+)\]$">
214
232
  <description>ProFTPD on a Netgear ReadyNAS with a hostname</description>
215
233
  <example host.name="test">ProFTPD Server (NETGEAR ReadyNAS) [test]</example>
@@ -222,6 +240,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
222
240
  <param pos="0" name="hw.product" value="ReadyNAS"/>
223
241
  <param pos="1" name="host.name"/>
224
242
  </fingerprint>
243
+
225
244
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(.*)\) \[(.+)\]$">
226
245
  <description>ProFTPD on a wired Linksys device</description>
227
246
  <param pos="0" name="service.family" value="ProFTPD"/>
@@ -234,6 +253,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
234
253
  <param pos="2" name="os.product"/>
235
254
  <param pos="3" name="host.name"/>
236
255
  </fingerprint>
256
+
237
257
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[(.+)\]$">
238
258
  <description>ProFTPD with version info but no obvious OS info</description>
239
259
  <example service.version="1.2.10">ProFTPD 1.2.10 Server (Main FTP Server) [host]</example>
@@ -247,6 +267,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
247
267
  <param pos="2" name="proftpd.server.name"/>
248
268
  <param pos="3" name="host.name"/>
249
269
  </fingerprint>
270
+
250
271
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server ready\.$">
251
272
  <description>ProFTPD with only version info</description>
252
273
  <example service.version="1.3.0rc2">ProFTPD 1.3.0rc2 Server ready.</example>
@@ -256,6 +277,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
256
277
  <param pos="1" name="service.version"/>
257
278
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
258
279
  </fingerprint>
280
+
259
281
  <fingerprint pattern="^ProFTPD (?:FTP )?Server ready\.$">
260
282
  <description>ProFTPD with no version info</description>
261
283
  <example>ProFTPD FTP Server ready.</example>
@@ -265,6 +287,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
265
287
  <param pos="0" name="service.product" value="ProFTPD"/>
266
288
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
267
289
  </fingerprint>
290
+
268
291
  <fingerprint pattern="^ProFTPD Server \(.*\) \[([a-f\d.:]+)\]$">
269
292
  <description>ProFTPD with no version info, parenthetical form</description>
270
293
  <example host.ip="1.2.3.4">ProFTPD Server (ProFTPD) [1.2.3.4]</example>
@@ -277,6 +300,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
277
300
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
278
301
  <param pos="1" name="host.ip"/>
279
302
  </fingerprint>
303
+
280
304
  <fingerprint pattern="^ProFTPD Server$">
281
305
  <description>ProFTPD with no version info, short form</description>
282
306
  <example>ProFTPD Server</example>
@@ -285,6 +309,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
285
309
  <param pos="0" name="service.product" value="ProFTPD"/>
286
310
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
287
311
  </fingerprint>
312
+
288
313
  <fingerprint pattern="^ProFTPD\s*$">
289
314
  <description>ProFTPD with no version info, super short form</description>
290
315
  <example>ProFTPD</example>
@@ -294,6 +319,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
294
319
  <param pos="0" name="service.product" value="ProFTPD"/>
295
320
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
296
321
  </fingerprint>
322
+
297
323
  <fingerprint pattern="^(?:\d{4}\-\d\d\-\d\d \d\d:\d\d:\d\d,\d\d\d )?(\S+) proftpd\[\d+\]: error: no valid servers configured">
298
324
  <description>ProFTPD no valid servers configured</description>
299
325
  <example host.name="ftp.host.com">ftp.host.com proftpd[40312]: error: no valid servers configured\n</example>
@@ -304,6 +330,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
304
330
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
305
331
  <param pos="1" name="host.name"/>
306
332
  </fingerprint>
333
+
307
334
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[[a-f\d.:\]]*$">
308
335
  <description>ProFTPD with version info - truncated</description>
309
336
  <example service.version="1.3.2c">ProFTPD 1.3.2c Server (ProFTPD Default Installation) [</example>
@@ -316,6 +343,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
316
343
  <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
317
344
  <param pos="2" name="proftpd.server.name"/>
318
345
  </fingerprint>
346
+
319
347
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server ([\w.-]+)$">
320
348
  <description>ProFTPD with version info but no obvious OS info, take 2</description>
321
349
  <example service.version="1.3.2d" host.name="localhost">ProFTPD 1.3.2d Server localhost</example>
@@ -323,17 +351,21 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
323
351
  <param pos="0" name="service.vendor" value="ProFTPD Project"/>
324
352
  <param pos="0" name="service.product" value="ProFTPD"/>
325
353
  <param pos="1" name="service.version"/>
354
+ <param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
326
355
  <param pos="2" name="host.name"/>
327
356
  </fingerprint>
357
+
328
358
  <fingerprint pattern="^=\(&lt;\*&gt;\)=-\.:\. \(\( Welcome to Pure-FTPd ([\d.]+) \)\) \.:\.-=\(&lt;\*&gt;\)=-" flags="REG_MULTILINE">
329
359
  <description>Pure-FTPd versions &lt;= 1.0.13 (at least as far back as 1.0.11)</description>
330
360
  <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-</example>
331
361
  <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-&#13;
332
362
  more stuff</example>
363
+ <param pos="0" name="service.fvendor" value="PureFTPd"/>
333
364
  <param pos="0" name="service.family" value="Pure-FTPd"/>
334
365
  <param pos="0" name="service.product" value="Pure-FTPd"/>
335
366
  <param pos="1" name="service.version"/>
336
367
  </fingerprint>
368
+
337
369
  <fingerprint pattern="^-{9,10}(?:.*)\s+Pure-FTPd\s+(.*)-{9,10}">
338
370
  <description>Pure-FTPd versions &gt;= 1.0.14 - Config data can be zero or more of: [privsep] [TLS]</description>
339
371
  <example>---------- Welcome to Pure-FTPd ----------</example>
@@ -343,39 +375,77 @@ more stuff</example>
343
375
  <example>--------- Welcome to Pure-FTPd [privsep] [TLS] ----------&#13;
344
376
  more text</example>
345
377
  <param pos="1" name="pureftpd.config"/>
378
+ <param pos="0" name="service.vendor" value="PureFTPd"/>
346
379
  <param pos="0" name="service.family" value="Pure-FTPd"/>
347
380
  <param pos="0" name="service.product" value="Pure-FTPd"/>
381
+ <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:-"/>
348
382
  </fingerprint>
383
+
349
384
  <fingerprint pattern="^(?:Welcome to )?Pure-FTPd\.?$">
350
385
  <description>Basic Pure-FTPd banner, no version</description>
351
386
  <example>Welcome to Pure-FTPd</example>
352
387
  <example>Pure-FTPd.</example>
388
+ <param pos="0" name="service.vendor" value="PureFTPd"/>
353
389
  <param pos="0" name="service.family" value="Pure-FTPd"/>
354
390
  <param pos="0" name="service.product" value="Pure-FTPd"/>
391
+ <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:-"/>
355
392
  </fingerprint>
393
+
356
394
  <fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-" flags="REG_MULTILINE">
357
395
  <description>Older Pure-FTPd versions</description>
358
396
  <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-</example>
359
397
  <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-&#13;
360
398
  more text</example>
399
+ <param pos="0" name="service.vendor" value="PureFTPd"/>
361
400
  <param pos="0" name="service.family" value="Pure-FTPd"/>
362
401
  <param pos="0" name="service.product" value="Pure-FTPd"/>
363
402
  <param pos="1" name="service.version"/>
403
+ <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:{service.version}"/>
404
+ </fingerprint>
405
+
406
+ <!-- CPEs for Serv-U 15.x and above changed to SolarWinds -->
407
+
408
+ <fingerprint pattern="^Serv-U FTP Server v(15\.\S+) ready\.\.\.$">
409
+ <description>SolarWinds Serv-U with version </description>
410
+ <example service.version="15.1.3.25">Serv-U FTP Server v15.1.3.25 ready...</example>
411
+ <param pos="0" name="service.vendor" value="SolarWinds"/>
412
+ <param pos="0" name="service.product" value="Serv-U FTP Server"/>
413
+ <param pos="0" name="service.family" value="Serv-U"/>
414
+ <param pos="1" name="service.version"/>
415
+ <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
364
416
  </fingerprint>
365
- <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+)(?: for WinSock)? ready\.*$">
366
- <description>Serv-U (only runs on Windows)</description>
417
+
418
+ <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+) for WinSock ready\.*$">
419
+ <description>Serv-U Serv-U with version on Windows</description>
367
420
  <example service.version="2.5n">Serv-U FTP-Server v2.5n for WinSock ready...</example>
368
421
  <example service.version="6.0">Serv-U FTP Server v6.0 for WinSock ready</example>
369
- <example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
370
- <param pos="0" name="service.vendor" value="Rhino Software"/>
422
+ <param pos="0" name="service.vendor" value="Serv-U"/>
371
423
  <param pos="0" name="service.product" value="Serv-U"/>
372
424
  <param pos="0" name="service.family" value="Serv-U"/>
373
425
  <param pos="1" name="service.version"/>
426
+ <param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
374
427
  <param pos="0" name="os.vendor" value="Microsoft"/>
375
428
  <param pos="0" name="os.family" value="Windows"/>
376
429
  <param pos="0" name="os.product" value="Windows"/>
377
430
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
378
431
  </fingerprint>
432
+
433
+ <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+) ready\.*$">
434
+ <description>Serv-U Serv-U with version </description>
435
+ <example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
436
+ <example service.version="14.0">Serv-U FTP Server v14.0 ready...</example>
437
+ <param pos="0" name="service.vendor" value="Serv-U"/>
438
+ <param pos="0" name="service.product" value="Serv-U"/>
439
+ <param pos="0" name="service.family" value="Serv-U"/>
440
+ <param pos="1" name="service.version"/>
441
+ <param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
442
+ </fingerprint>
443
+
444
+ <fingerprint pattern="^Welcom to Serv-U FTP Server$">
445
+ <description>Common FTP banner modification to look like Serv-U -- assert nothing.</description>
446
+ <example>Welcom to Serv-U FTP Server</example>
447
+ </fingerprint>
448
+
379
449
  <fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
380
450
  <description>zftpserver (only runs on Windows)</description>
381
451
  <example service.version="4.0">zFTPServer v4.0, build 2008-12-24 01:41 ready.</example>
@@ -387,46 +457,65 @@ more text</example>
387
457
  <param pos="0" name="os.product" value="Windows"/>
388
458
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
389
459
  </fingerprint>
460
+
390
461
  <fingerprint pattern="^\(vsFTPd (\d+\..+)\)(?: (.+))?$">
391
462
  <description>vsFTPd (Very Secure FTP Daemon)</description>
392
463
  <example service.version="1.1.3">(vsFTPd 1.1.3) host</example>
393
464
  <example service.version="2.0.5">(vsFTPd 2.0.5)</example>
465
+ <param pos="0" name="service.vendor" value="vsFTPd Project"/>
394
466
  <param pos="0" name="service.family" value="vsFTPd"/>
395
467
  <param pos="0" name="service.product" value="vsFTPd"/>
396
468
  <param pos="1" name="service.version"/>
469
+ <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:{service.version}"/>
397
470
  <param pos="2" name="host.name"/>
398
471
  </fingerprint>
472
+
399
473
  <fingerprint pattern="^ready, dude \(vsFTPd (\d+\..+): beat me, break me\)$">
400
474
  <description>vsFTPd (Very Secure FTP Daemon) - break me variant</description>
401
475
  <example service.version="1.1.0">ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
476
+ <param pos="0" name="service.vendor" value="vsFTPd Project"/>
402
477
  <param pos="0" name="service.family" value="vsFTPd"/>
403
478
  <param pos="0" name="service.product" value="vsFTPd"/>
404
479
  <param pos="1" name="service.version"/>
480
+ <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:{service.version}"/>
405
481
  </fingerprint>
482
+
406
483
  <fingerprint pattern="^vsFTPd ([\d.]+\+ \(ext\.3\)) ready\.\.\.$">
407
484
  <description>vsFTPd (Very Secure FTP Daemon) extended build (vsftpd.devnet.ru)</description>
408
485
  <example service.version="2.0.4+ (ext.3)">vsFTPd 2.0.4+ (ext.3) ready...</example>
486
+ <param pos="0" name="service.vendor" value="vsFTPd Project"/>
409
487
  <param pos="0" name="service.family" value="vsFTPd"/>
410
488
  <param pos="0" name="service.product" value="vsFTPd Extended"/>
411
489
  <param pos="1" name="service.version"/>
412
490
  </fingerprint>
491
+
413
492
  <fingerprint pattern="^OOPS: .*vsftp.*$">
414
493
  <description>vsFTPd (Very Secure FTP Daemon) error message</description>
415
494
  <example>OOPS: vsftpd: root is not mounted.</example>
416
495
  <example>OOPS: cannot read user list file:/etc/vsftpd.user_list</example>
496
+ <param pos="0" name="service.vendor" value="vsFTPd Project"/>
417
497
  <param pos="0" name="service.family" value="vsFTPd"/>
418
498
  <param pos="0" name="service.product" value="vsFTPd"/>
499
+ <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:-"/>
419
500
  </fingerprint>
501
+
420
502
  <fingerprint pattern="^FileZilla Server(?: version)? (?:v)?(\d\.[\w.]+(?: beta)?).*$">
421
503
  <description>FileZilla FTP Server</description>
422
504
  <example service.version="0.9.2 beta">FileZilla Server version 0.9.2 beta</example>
423
505
  <example service.version="0.9.13a beta">FileZilla Server version 0.9.13a beta</example>
424
506
  <example service.version="0.9.54 beta">FileZilla Server 0.9.54 beta</example>
425
507
  <example service.version="0.9.33 beta">FileZilla Server v0.9.33 beta</example>
426
- <param pos="0" name="service.family" value="FileZilla FTP Server"/>
427
- <param pos="0" name="service.product" value="FileZilla FTP Server"/>
508
+ <param pos="0" name="service.vendor" value="Filezilla-Project"/>
509
+ <param pos="0" name="service.family" value="FileZilla FTP"/>
510
+ <param pos="0" name="service.product" value="FileZilla Server"/>
428
511
  <param pos="1" name="service.version"/>
512
+ <param pos="0" name="service.cpe23" value="cpe:/a:filezilla-project:filezilla_server:{service.version}"/>
513
+ <param pos="0" name="os.vendor" value="Microsoft"/>
514
+ <param pos="0" name="os.family" value="Windows"/>
515
+ <param pos="0" name="os.product" value="Windows"/>
516
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
429
517
  </fingerprint>
518
+
430
519
  <fingerprint pattern="^\s*APC FTP server ready\.$">
431
520
  <description>APC device</description>
432
521
  <example>APC FTP server ready.</example>
@@ -437,6 +526,7 @@ more text</example>
437
526
  <param pos="0" name="hw.vendor" value="APC"/>
438
527
  <param pos="0" name="hw.device" value="Power device"/>
439
528
  </fingerprint>
529
+
440
530
  <fingerprint pattern="^(\S+) Network Management Card AOS v(\d+\..+) FTP server ready\.$">
441
531
  <description>APC power/cooling device</description>
442
532
  <example service.version="3.3.4">AP7932 Network Management Card AOS v3.3.4 FTP server ready.</example>
@@ -453,6 +543,7 @@ more text</example>
453
543
  <param pos="0" name="hw.vendor" value="APC"/>
454
544
  <param pos="0" name="hw.device" value="Power device"/>
455
545
  </fingerprint>
546
+
456
547
  <fingerprint pattern="^(\S+) FTP server \(EMC-SNAS: ([^\)]+)\)(?: \S+)?$">
457
548
  <description>EMC Celerra</description>
458
549
  <example service.version="5.6.47.11">foo2 FTP server (EMC-SNAS: 5.6.47.11)</example>
@@ -470,6 +561,7 @@ more text</example>
470
561
  <param pos="0" name="hw.device" value="Storage"/>
471
562
  <param pos="0" name="hw.product" value="Celerra"/>
472
563
  </fingerprint>
564
+
473
565
  <fingerprint pattern="^JD FTP Server Ready.*$">
474
566
  <description>HP JetDirect printer</description>
475
567
  <example>JD FTP Server Ready</example>
@@ -486,6 +578,7 @@ more text</example>
486
578
  <param pos="0" name="hw.family" value="JetDirect"/>
487
579
  <param pos="0" name="hw.product" value="JetDirect"/>
488
580
  </fingerprint>
581
+
489
582
  <fingerprint pattern="^Check Point FireWall-1 Secure FTP server running on (.+)$">
490
583
  <description>Check Point FireWall-1</description>
491
584
  <example host.name="host">Check Point FireWall-1 Secure FTP server running on host</example>
@@ -503,6 +596,7 @@ more text</example>
503
596
  <param pos="0" name="hw.family" value="Firewall-1"/>
504
597
  <param pos="1" name="host.name"/>
505
598
  </fingerprint>
599
+
506
600
  <fingerprint pattern="^Blue Coat FTP Service$">
507
601
  <description>Blue Coat security appliances</description>
508
602
  <example>Blue Coat FTP Service</example>
@@ -511,11 +605,13 @@ more text</example>
511
605
  <param pos="0" name="os.vendor" value="Blue Coat"/>
512
606
  <param pos="0" name="os.device" value="Web proxy"/>
513
607
  </fingerprint>
608
+
514
609
  <fingerprint pattern="^---freeFTPd 1.0---warFTPd 1.65---$">
515
610
  <description>Nepenthes honeypot</description>
516
611
  <param pos="0" name="service.family" value="Nepenthes"/>
517
612
  <param pos="0" name="service.product" value="Nepenthes"/>
518
613
  </fingerprint>
614
+
519
615
  <fingerprint pattern="^[^ ]+ IBM FTP CS (V1R\d+) at ([^,]*),.*">
520
616
  <description>IBM z/OS FTP Service</description>
521
617
  <example>SFTPD1 IBM FTP CS V1R4 at x.y.z, 21:02:19 on 2007-12-15.</example>
@@ -526,8 +622,10 @@ more text</example>
526
622
  <param pos="0" name="os.family" value="z/OS"/>
527
623
  <param pos="0" name="os.device" value="Mainframe"/>
528
624
  <param pos="1" name="os.version"/>
625
+ <param pos="0" name="os.cpe23" value="cpe:/o:ibm:z\/os:{os.version}"/>
529
626
  <param pos="2" name="host.name"/>
530
627
  </fingerprint>
628
+
531
629
  <fingerprint pattern="^FTP server \(IBM 4690 TCP/IP FTP Version 1\.0\) ready\.">
532
630
  <description>IBM 4690 FTP Service</description>
533
631
  <example>FTP server (IBM 4690 TCP/IP FTP Version 1.0) ready.</example>
@@ -538,6 +636,7 @@ more text</example>
538
636
  <param pos="0" name="os.family" value="4690"/>
539
637
  <param pos="0" name="os.device" value="Point of sale"/>
540
638
  </fingerprint>
639
+
541
640
  <fingerprint pattern="^([^ ]+) NcFTPd Server \(licensed copy\) ready\.$">
542
641
  <description>NcFTPd Server
543
642
  http://www.ncftp.com/ncftpd/</description>
@@ -546,6 +645,7 @@ more text</example>
546
645
  <param pos="0" name="service.product" value="NcFTPd Server"/>
547
646
  <param pos="1" name="host.name"/>
548
647
  </fingerprint>
648
+
549
649
  <fingerprint pattern="^(\S+) DCS-2100 FTP server ready\.$">
550
650
  <description>D-Link DCS-2100 wireless internet camera</description>
551
651
  <example>hostname DCS-2100 FTP server ready.</example>
@@ -554,6 +654,7 @@ more text</example>
554
654
  <param pos="0" name="os.device" value="Web cam"/>
555
655
  <param pos="1" name="host.name"/>
556
656
  </fingerprint>
657
+
557
658
  <fingerprint pattern="^Secure Gateway FTP server ready\.$">
558
659
  <description>Raptor firewall</description>
559
660
  <example>Secure Gateway FTP server ready.</example>
@@ -562,6 +663,7 @@ more text</example>
562
663
  <param pos="0" name="os.product" value="Raptor"/>
563
664
  <param pos="0" name="os.device" value="Firewall"/>
564
665
  </fingerprint>
666
+
565
667
  <fingerprint pattern="^SUN StorEdge (\S+) RAID FTP server ready\.$">
566
668
  <description>Sun StorEdge disk array</description>
567
669
  <example>SUN StorEdge 3511 RAID FTP server ready.</example>
@@ -570,6 +672,7 @@ more text</example>
570
672
  <param pos="1" name="os.product"/>
571
673
  <param pos="0" name="os.device" value="Storage"/>
572
674
  </fingerprint>
675
+
573
676
  <fingerprint pattern="(?i)^AXIS (\S+) .* Camera(?:\s+version)?\s+(\S+) .*">
574
677
  <description>Axis Network Camera</description>
575
678
  <example hw.product="2100" hw.version="2.43">Axis 2100 Network Camera 2.43 Nov 04 2008 ready.</example>
@@ -586,27 +689,43 @@ more text</example>
586
689
  <param pos="0" name="os.family" value="Linux"/>
587
690
  <param pos="0" name="os.device" value="Web cam"/>
588
691
  </fingerprint>
589
- <fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?Video|IO Audio) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
590
- <description>Axis Audio/Video encoders/servers</description>
692
+
693
+ <fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?Video) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
694
+ <description>Axis Video encoders/servers</description>
591
695
  <example hw.product="Q7406">AXIS Q7406 Video Encoder Blade 5.01 (Aug 01 2008) ready.</example>
592
696
  <example hw.product="241Q">AXIS 241Q Video Server 4.47.2 (Dec 11 2008) ready.</example>
593
697
  <example hw.version="5.07.2">AXIS P7701 Video Decoder 5.07.2 (Apr 20 2010) ready.</example>
594
698
  <example hw.product="Q7401" hw.version="5.01">AXIS Q7401 Video Encoder 5.01 (Aug 01 2008) ready.</example>
595
699
  <example hw.product="Q7401" hw.version="5.50.2_cst_412205_1">AXIS Q7401 Video Encoder 5.50.2_cst_412205_1 (2013)</example>
596
700
  <example hw.product="Q7424-R" hw.version="5.51.3.1">AXIS Q7424-R Mk II Video Encoder 5.51.3.1 (2016) ready.</example>
701
+ <param pos="0" name="hw.vendor" value="Axis"/>
702
+ <param pos="1" name="hw.product"/>
703
+ <param pos="2" name="hw.version"/>
704
+ <param pos="0" name="hw.device" value="Video Encoder"/>
705
+ <param pos="0" name="os.vendor" value="AXIS"/>
706
+ <param pos="0" name="os.family" value="Linux"/>
707
+ </fingerprint>
708
+
709
+ <fingerprint pattern="(?i)^AXIS (\S+) (?:(?:Mk II )?IO Audio) (?:Encoder|Encoder Blade|Module|Server|Decoder) (\S+) .*">
710
+ <description>Axis Audio encoders/servers</description>
597
711
  <example hw.product="P8221" hw.version="5.10.2">AXIS P8221 IO Audio Module 5.10.2 (Nov 07 2011) ready.</example>
598
712
  <param pos="0" name="hw.vendor" value="Axis"/>
599
713
  <param pos="1" name="hw.product"/>
600
714
  <param pos="2" name="hw.version"/>
715
+ <param pos="0" name="hw.device" value="Audio Encoder"/>
716
+ <param pos="0" name="os.vendor" value="AXIS"/>
717
+ <param pos="0" name="os.family" value="Linux"/>
601
718
  </fingerprint>
719
+
602
720
  <fingerprint pattern="(?i)^AXIS (\S+) Network Door Controller (\S+) .* ready\.?$">
603
721
  <description>Axis Door Controllers</description>
604
722
  <example hw.product="A1001" hw.version="1.65.1.1">AXIS A1001 Network Door Controller 1.65.1.1 (2018) ready.</example>
605
723
  <param pos="0" name="hw.vendor" value="Axis"/>
606
- <param pos="0" name="hw.device" value="Access Controller"/>
724
+ <param pos="0" name="hw.device" value="Access Control"/>
607
725
  <param pos="1" name="hw.product"/>
608
726
  <param pos="2" name="hw.version"/>
609
727
  </fingerprint>
728
+
610
729
  <fingerprint pattern="^AXIS (\S+) .*FTP Network Print Server V?([\d\.]+\S+) .* ready\.?$" flags="REG_ICASE">
611
730
  <description>Axis print servers</description>
612
731
  <example hw.product="5600+">AXIS 5600+ (rev 3) FTP Network Print Server V7.00 Sep 10 2004 ready.</example>
@@ -617,6 +736,7 @@ more text</example>
617
736
  <param pos="1" name="hw.product"/>
618
737
  <param pos="2" name="hw.version"/>
619
738
  </fingerprint>
739
+
620
740
  <fingerprint pattern="^RICOH Aficio ((?:[MS]P )?\S+) FTP server \(([0-9\.a-zA-Z]+)\) ready.?$" flags="REG_ICASE">
621
741
  <description>Ricoh Aficio multifunction device</description>
622
742
  <example os.product="2045e">RICOH Aficio 2045e FTP server (4.12) ready.</example>
@@ -632,6 +752,7 @@ more text</example>
632
752
  <param pos="1" name="os.product"/>
633
753
  <param pos="2" name="os.version"/>
634
754
  </fingerprint>
755
+
635
756
  <fingerprint pattern="^NRG ((?:[MS]P )?\S+) FTP server \(([0-9\.a-zA-Z]+)\) ready.?$" flags="REG_ICASE">
636
757
  <description>Ricoh NRG multifunction device</description>
637
758
  <example>NRG MP C2800 FTP server (8.25) ready.</example>
@@ -650,6 +771,7 @@ more text</example>
650
771
  <param pos="0" name="hw.device" value="Multifunction Device"/>
651
772
  <param pos="1" name="hw.product"/>
652
773
  </fingerprint>
774
+
653
775
  <fingerprint pattern="^Xerox WorkCentre ([A-Za-z0-9]+).*$" certainty="1.0">
654
776
  <description>Xerox WorkCentre</description>
655
777
  <example hw.product="6605DN">Xerox WorkCentre 6605DN</example>
@@ -664,6 +786,7 @@ more text</example>
664
786
  <param pos="0" name="hw.device" value="Printer"/>
665
787
  <param pos="1" name="hw.product"/>
666
788
  </fingerprint>
789
+
667
790
  <fingerprint pattern="^Xerox Phaser (\S+)$" certainty="1.0">
668
791
  <description>Xerox Phaser Laser Printer</description>
669
792
  <example>Xerox Phaser 6130N</example>
@@ -677,6 +800,7 @@ more text</example>
677
800
  <param pos="0" name="hw.device" value="Printer"/>
678
801
  <param pos="1" name="hw.product"/>
679
802
  </fingerprint>
803
+
680
804
  <fingerprint pattern="^XEROX (\d+) Wide Format .*$" certainty="1.0">
681
805
  <description>Xerox Wide Format Series of Printers</description>
682
806
  <example>XEROX 6204 Wide Format FTP server ready</example>
@@ -689,6 +813,7 @@ more text</example>
689
813
  <param pos="0" name="hw.device" value="Printer"/>
690
814
  <param pos="1" name="hw.product"/>
691
815
  </fingerprint>
816
+
692
817
  <fingerprint pattern="^FUJI XEROX DocuPrint (.*)$" certainty="1.0">
693
818
  <description>FUJI XEROX DocuPrint Series of Printers</description>
694
819
  <example>FUJI XEROX DocuPrint 3055</example>
@@ -699,6 +824,7 @@ more text</example>
699
824
  <param pos="0" name="os.device" value="Printer"/>
700
825
  <param pos="1" name="os.product"/>
701
826
  </fingerprint>
827
+
702
828
  <fingerprint pattern="^ET(\S{12}) Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
703
829
  <description>Lexmark printer with MAC address</description>
704
830
  <example host.mac="000400CEA560" hw.product="T640" os.version="NS.NP.N219">ET000400CEA560 Lexmark T640 FTP Server NS.NP.N219 ready.</example>
@@ -710,6 +836,7 @@ more text</example>
710
836
  <param pos="0" name="hw.device" value="Printer"/>
711
837
  <param pos="2" name="hw.product"/>
712
838
  </fingerprint>
839
+
713
840
  <fingerprint pattern="^.*Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
714
841
  <description>Lexmark printer with OS version</description>
715
842
  <example hw.product="T654" os.version="NR.APS.F368">ET0021718 Lexmark T654 FTP Server NR.APS.F368 ready.</example>
@@ -720,6 +847,7 @@ more text</example>
720
847
  <param pos="0" name="hw.device" value="Printer"/>
721
848
  <param pos="1" name="hw.product"/>
722
849
  </fingerprint>
850
+
723
851
  <fingerprint pattern="^.*Lexmark (\S+) FTP Server ready\.?$" certainty="1.0" flags="REG_ICASE">
724
852
  <description>Lexmark printer</description>
725
853
  <example hw.product="X500">Lexmark X500 FTP server ready</example>
@@ -729,6 +857,7 @@ more text</example>
729
857
  <param pos="0" name="hw.device" value="Printer"/>
730
858
  <param pos="1" name="hw.product"/>
731
859
  </fingerprint>
860
+
732
861
  <fingerprint pattern="^220 ECOSYS ([^\s]+) FTP server$">
733
862
  <description>Kyocera Multifunction Device</description>
734
863
  <example hw.product="P2135dn">220 ECOSYS P2135dn FTP server</example>
@@ -738,6 +867,7 @@ more text</example>
738
867
  <param pos="0" name="hw.device" value="Multifunction Device"/>
739
868
  <param pos="1" name="hw.product"/>
740
869
  </fingerprint>
870
+
741
871
  <fingerprint pattern="^(?:Tornado-)?VxWorks \((?:VxWorks)?([^\)]+)\) FTP server(?: ready)?\.?$" flags="REG_ICASE">
742
872
  <description>VxWorks with version information</description>
743
873
  <example os.version="5.3.1">VxWorks (5.3.1) FTP server ready</example>
@@ -749,6 +879,7 @@ more text</example>
749
879
  <param pos="1" name="os.version"/>
750
880
  <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
751
881
  </fingerprint>
882
+
752
883
  <fingerprint pattern="^Tornado-vxWorks FTP server ready$" flags="REG_ICASE">
753
884
  <description>VxWorks without version information</description>
754
885
  <example>Tornado-vxWorks FTP server ready</example>
@@ -756,6 +887,7 @@ more text</example>
756
887
  <param pos="0" name="os.product" value="VxWorks"/>
757
888
  <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-"/>
758
889
  </fingerprint>
890
+
759
891
  <fingerprint pattern="^[\w\-\.]* FTP server \((?:VxWorks\s?)+([\d\.]+)\) ready.$" flags="REG_ICASE">
760
892
  <description>VxWorks 6 with version information</description>
761
893
  <example os.version="6.6">NanoDAC FTP server (VxWorks VxWorks 6.6) ready.</example>
@@ -763,24 +895,27 @@ more text</example>
763
895
  <param pos="0" name="os.vendor" value="Wind River"/>
764
896
  <param pos="0" name="os.product" value="VxWorks"/>
765
897
  <param pos="1" name="os.version"/>
766
- <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-{os.version}"/>
898
+ <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
767
899
  </fingerprint>
900
+
768
901
  <fingerprint pattern="^[\w&lt;&gt;]+\s*Tenor Multipath Switch FTP server \(Version VxWorks([\d\.]+)\) ready\.$" flags="REG_ICASE">
769
902
  <description>VxWorks on Tenor MultiPath with version information</description>
770
- <example os.version="5.4.2"><![CDATA[<38785ca0> Tenor Multipath Switch FTP server (Version VxWorks5.4.2) ready.]]></example>
903
+ <example os.version="5.4.2">&lt;38785ca0&gt; Tenor Multipath Switch FTP server (Version VxWorks5.4.2) ready.</example>
771
904
  <param pos="0" name="os.vendor" value="Wind River"/>
772
905
  <param pos="0" name="os.product" value="VxWorks"/>
773
906
  <param pos="1" name="os.version"/>
774
- <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-{os.version}"/>
907
+ <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
775
908
  </fingerprint>
909
+
776
910
  <fingerprint pattern="^VxWorks FTP server \(VxWorks ([\d\.]+) - Secure NetLinx version \([\d\.]+\)\) ready.$">
777
911
  <description>VxWorks with Secure NetLinx</description>
778
912
  <example os.version="5.3.1">VxWorks FTP server (VxWorks 5.3.1 - Secure NetLinx version (1.0)) ready.</example>
779
913
  <param pos="0" name="os.vendor" value="Wind River"/>
780
914
  <param pos="0" name="os.product" value="VxWorks"/>
781
915
  <param pos="1" name="os.version"/>
782
- <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-{os.version}"/>
916
+ <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
783
917
  </fingerprint>
918
+
784
919
  <fingerprint pattern="^ADC iScale$">
785
920
  <description>ADC iScale</description>
786
921
  <example>ADC iScale</example>
@@ -789,6 +924,7 @@ more text</example>
789
924
  <param pos="0" name="os.vendor" value="ADC"/>
790
925
  <param pos="0" name="os.product" value="iScale"/>
791
926
  </fingerprint>
927
+
792
928
  <fingerprint pattern="^TASKalfa (\d+c?i) FTP server" certainty="1.0">
793
929
  <description>Taskalfa Series of Printers</description>
794
930
  <example>TASKalfa 300ci FTP server</example>
@@ -802,6 +938,7 @@ more text</example>
802
938
  <param pos="0" name="hw.device" value="Multifunction Device"/>
803
939
  <param pos="1" name="hw.product"/>
804
940
  </fingerprint>
941
+
805
942
  <fingerprint pattern="^SAVIN (\S+) FTP server \((.*)\) ready.$" certainty="1.0">
806
943
  <description>SAVIN Printer FTP Server</description>
807
944
  <example os.product="4075">SAVIN 4075 FTP server (4.08) ready.</example>
@@ -822,6 +959,7 @@ more text</example>
822
959
  <param pos="0" name="hw.device" value="Printer"/>
823
960
  <param pos="1" name="hw.product"/>
824
961
  </fingerprint>
962
+
825
963
  <fingerprint pattern="^Oce (im\d+) Ver (\S+) FTP server\.$" certainty="1.0">
826
964
  <description>OCE IM series Printer</description>
827
965
  <example>Oce im4512 Ver 01.04.00.0c FTP server.</example>
@@ -832,6 +970,7 @@ more text</example>
832
970
  <param pos="1" name="os.product"/>
833
971
  <param pos="2" name="os.version"/>
834
972
  </fingerprint>
973
+
835
974
  <fingerprint pattern="^Oce (Plotwave\d+) FTP Service \(Version (\S+)\)\.$" certainty="1.0">
836
975
  <description>OCE Printer</description>
837
976
  <example>Oce Plotwave300 FTP Service (Version 4.5.7).</example>
@@ -841,6 +980,7 @@ more text</example>
841
980
  <param pos="1" name="os.product"/>
842
981
  <param pos="2" name="os.version"/>
843
982
  </fingerprint>
983
+
844
984
  <fingerprint pattern="^LinkCom Xpress (.*) FTP version ([\d\.]+) ready$" certainty="1.0">
845
985
  <description>MPI Technologies Linkcom Express FTP Server with os version</description>
846
986
  <example hw.product="10/100 +IPDS" os.version="1.0">LinkCom Xpress 10/100 +IPDS FTP version 1.0 ready</example>
@@ -850,6 +990,7 @@ more text</example>
850
990
  <param pos="1" name="hw.product"/>
851
991
  <param pos="2" name="os.version"/>
852
992
  </fingerprint>
993
+
853
994
  <fingerprint pattern="^LinkCom Xpress (.*)$" certainty="1.0">
854
995
  <description>MPI Technologies Linkcom Express FTP Server</description>
855
996
  <example hw.product="EIO PRO 10">LinkCom Xpress EIO PRO 10</example>
@@ -858,6 +999,7 @@ more text</example>
858
999
  <param pos="0" name="hw.device" value="Print server"/>
859
1000
  <param pos="1" name="hw.product"/>
860
1001
  </fingerprint>
1002
+
861
1003
  <fingerprint pattern="^LXKE\S+ IBM Infoprint (\d+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
862
1004
  <description>IBM Infoprint FTP</description>
863
1005
  <example>LXKE82124 IBM Infoprint 1332 FTP Server 55.10.21 ready.</example>
@@ -870,6 +1012,7 @@ more text</example>
870
1012
  <param pos="1" name="os.product"/>
871
1013
  <param pos="2" name="os.version"/>
872
1014
  </fingerprint>
1015
+
873
1016
  <fingerprint pattern="^(Gestetner \S+(?: \S+)?) FTP server \((.*)\)" certainty="1.0">
874
1017
  <description>Gestetner Printer FTP</description>
875
1018
  <example os.product="Gestetner MP5500/DSm755" os.version="5.11c">Gestetner MP5500/DSm755 FTP server (5.11c) ready.</example>
@@ -882,6 +1025,7 @@ more text</example>
882
1025
  <param pos="1" name="os.product"/>
883
1026
  <param pos="2" name="os.version"/>
884
1027
  </fingerprint>
1028
+
885
1029
  <fingerprint pattern="^(Gestetner \S+)$" certainty="1.0">
886
1030
  <description>Gestetner Printer FTP - short banner</description>
887
1031
  <example>Gestetner MPC2500</example>
@@ -889,6 +1033,7 @@ more text</example>
889
1033
  <param pos="0" name="os.device" value="Multifunction Device"/>
890
1034
  <param pos="1" name="os.product"/>
891
1035
  </fingerprint>
1036
+
892
1037
  <fingerprint pattern="^EUFSALE MarkNet (\S+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
893
1038
  <description>Lexmark Marknet Printers FTP</description>
894
1039
  <example>EUFSALE MarkNet X2011e FTP Server 4.20.21 ready.</example>
@@ -898,6 +1043,7 @@ more text</example>
898
1043
  <param pos="1" name="os.product"/>
899
1044
  <param pos="2" name="os.version"/>
900
1045
  </fingerprint>
1046
+
901
1047
  <fingerprint pattern="^ET(\S+) Source Technologies (ST-96\S+) FTP Server (\S+) ready\.?$">
902
1048
  <description>Source Technologies ST9600 Series Secure Printer</description>
903
1049
  <example>ET0021B730F70E Source Technologies ST-9620 FTP Server NJ.APS.N254e ready.</example>
@@ -910,6 +1056,7 @@ more text</example>
910
1056
  <param pos="2" name="os.product"/>
911
1057
  <param pos="3" name="os.version"/>
912
1058
  </fingerprint>
1059
+
913
1060
  <fingerprint pattern="^ET(\S+) (Pro\d+) Series FTP Server ready\.$" certainty="1.0">
914
1061
  <description>Lexmark ProXXX Series of Printers</description>
915
1062
  <example host.mac="0020007E4D2A" hw.product="Pro700">ET0020007E4D2A Pro700 Series FTP Server ready.</example>
@@ -922,6 +1069,7 @@ more text</example>
922
1069
  <param pos="0" name="hw.device" value="Printer"/>
923
1070
  <param pos="2" name="hw.product"/>
924
1071
  </fingerprint>
1072
+
925
1073
  <fingerprint pattern="^ET(\S+) Lexmark Forms Printer (\d+) Ethernet FTP Server (\S+) ready\.$" certainty="1.0">
926
1074
  <description>Lexmark Forms Printer</description>
927
1075
  <example os.product="2590">ET0020004F54EE Lexmark Forms Printer 2590 Ethernet FTP Server LCL.CU.P012c ready.</example>
@@ -936,6 +1084,7 @@ more text</example>
936
1084
  <param pos="0" name="hw.device" value="Printer"/>
937
1085
  <param pos="2" name="hw.product"/>
938
1086
  </fingerprint>
1087
+
939
1088
  <fingerprint pattern="^ET(\S+) TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
940
1089
  <description>Toshiba e-STUDIO Printer with MAC address</description>
941
1090
  <example os.version="NC2.NPS.N221">ET0004001E9C00 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N221 ready.</example>
@@ -949,6 +1098,7 @@ more text</example>
949
1098
  <param pos="0" name="hw.device" value="Multifunction Device"/>
950
1099
  <param pos="0" name="hw.product" value="e-STUDIO"/>
951
1100
  </fingerprint>
1101
+
952
1102
  <fingerprint pattern="^\S+ TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
953
1103
  <description>Toshiba e-STUDIO Printer</description>
954
1104
  <example os.version="NC2.NPS.N211">JHBPRN13 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
@@ -960,6 +1110,7 @@ more text</example>
960
1110
  <param pos="0" name="hw.device" value="Multifunction Device"/>
961
1111
  <param pos="0" name="hw.product" value="e-STUDIO"/>
962
1112
  </fingerprint>
1113
+
963
1114
  <fingerprint pattern="^.*Lexmark Optra (\S+) FTP Server (\S+) ready\.$" certainty="1.0">
964
1115
  <description>Lexmark Optra Printer</description>
965
1116
  <example os.product="T612">lex142785470853 Lexmark Optra T612 FTP Server 3.20.30 ready.</example>
@@ -974,6 +1125,7 @@ more text</example>
974
1125
  <param pos="0" name="hw.device" value="Printer"/>
975
1126
  <param pos="1" name="hw.product"/>
976
1127
  </fingerprint>
1128
+
977
1129
  <fingerprint pattern="^SHARP (MX-\S+) Ver (\S+) FTP server\.$" certainty="1.0">
978
1130
  <description>Sharp Printer/Copier/Scanne</description>
979
1131
  <example os.product="MX-6200N" os.version="01.02.00.0e">SHARP MX-6200N Ver 01.02.00.0e FTP server.</example>
@@ -995,6 +1147,7 @@ more text</example>
995
1147
  <param pos="0" name="hw.family" value="MX Series"/>
996
1148
  <param pos="1" name="hw.product"/>
997
1149
  </fingerprint>
1150
+
998
1151
  <fingerprint pattern="^(FS-\S+MFP\S*?) FTP server\.?$" certainty="1.0">
999
1152
  <description>Kyocera Printer with version string</description>
1000
1153
  <example os.product="FS-C2126MFP">FS-C2126MFP FTP server</example>
@@ -1007,6 +1160,7 @@ more text</example>
1007
1160
  <param pos="0" name="hw.device" value="Multifunction Device"/>
1008
1161
  <param pos="1" name="hw.product"/>
1009
1162
  </fingerprint>
1163
+
1010
1164
  <fingerprint pattern="^(FS-\S+(?:DN|D|N)) FTP server\.?$" certainty="1.0">
1011
1165
  <description>Kyocera Printer</description>
1012
1166
  <example os.product="FS-1370DN">FS-1370DN FTP server</example>
@@ -1020,6 +1174,7 @@ more text</example>
1020
1174
  <param pos="0" name="hw.family" value="FS"/>
1021
1175
  <param pos="1" name="hw.product"/>
1022
1176
  </fingerprint>
1177
+
1023
1178
  <fingerprint pattern="^(ESI-\S+) Version (\S+) ready\.$" certainty="1.0">
1024
1179
  <description>Extended Systems ExtendNet Print Server</description>
1025
1180
  <example os.product="ESI-2941B">ESI-2941B Version 6.34 ready.</example>
@@ -1041,6 +1196,7 @@ more text</example>
1041
1196
  <param pos="0" name="hw.device" value="Print server"/>
1042
1197
  <param pos="1" name="hw.product"/>
1043
1198
  </fingerprint>
1199
+
1044
1200
  <fingerprint pattern="^SATO SATO PRINTER Ver (\S+) FTP server\.$" certainty="1.0">
1045
1201
  <description>SATO Printer</description>
1046
1202
  <example os.version="A1.2.3">SATO SATO PRINTER Ver A1.2.3 FTP server.</example>
@@ -1051,6 +1207,7 @@ more text</example>
1051
1207
  <param pos="0" name="hw.vendor" value="SATO"/>
1052
1208
  <param pos="0" name="hw.device" value="Printer"/>
1053
1209
  </fingerprint>
1210
+
1054
1211
  <fingerprint pattern="^Printer FTP (\d+\.\d+\.\d+) ready at (\w{3} \d{2} \d{2}:\d{2}:\d{2})$" certainty="1.0">
1055
1212
  <description>AMTDatasouth Fastmark M5</description>
1056
1213
  <example os.version="4.8.7">Printer FTP 4.8.7 ready at Apr 30 20:13:23</example>
@@ -1068,6 +1225,7 @@ more text</example>
1068
1225
  <param pos="0" name="hw.product" value="Fastmark M5"/>
1069
1226
  <param pos="0" name="hw.device" value="Printer"/>
1070
1227
  </fingerprint>
1228
+
1071
1229
  <fingerprint pattern="^EFI FTP Print server ready\.$" certainty="0.8">
1072
1230
  <description>EFI FTP Print Server</description>
1073
1231
  <example>EFI FTP Print server ready.</example>
@@ -1077,7 +1235,9 @@ more text</example>
1077
1235
  <param pos="0" name="os.product" value="Fiery Print Server"/>
1078
1236
  <param pos="0" name="os.device" value="Print server"/>
1079
1237
  </fingerprint>
1238
+
1080
1239
  <!-- Conjectured based on known MX FTP fingerprints -->
1240
+
1081
1241
  <fingerprint pattern="^SHARP (AR-\S+) Ver (\S+) FTP server">
1082
1242
  <description>Sharp AR Series multifunction device</description>
1083
1243
  <example os.product="AR-M450">SHARP AR-M450 Ver 01.05.00.0k FTP server.</example>
@@ -1091,6 +1251,7 @@ more text</example>
1091
1251
  <param pos="0" name="hw.family" value="AR Series"/>
1092
1252
  <param pos="1" name="hw.product"/>
1093
1253
  </fingerprint>
1254
+
1094
1255
  <fingerprint pattern="^KONICA MINOLTA FTP server ready\.?$">
1095
1256
  <description>Konica Minolta FTP Server - w/o version</description>
1096
1257
  <example>KONICA MINOLTA FTP server ready.</example>
@@ -1103,6 +1264,7 @@ more text</example>
1103
1264
  <param pos="0" name="hw.vendor" value="Konica Minolta"/>
1104
1265
  <param pos="0" name="hw.product" value="Printer"/>
1105
1266
  </fingerprint>
1267
+
1106
1268
  <fingerprint pattern="^(KM\S+) FTP server \(KM FTPD version (\d*(?:\.\d*))\) ready\.?$">
1107
1269
  <description>Konica Minolta FTP Server</description>
1108
1270
  <example os.product="KM23BC97" service.version="1.00">KM23BC97 FTP server (KM FTPD version 1.00) ready.</example>
@@ -1120,6 +1282,7 @@ more text</example>
1120
1282
  <param pos="0" name="service.product" value="KM FTPD"/>
1121
1283
  <param pos="2" name="service.version"/>
1122
1284
  </fingerprint>
1285
+
1123
1286
  <fingerprint pattern="^(ZBR-\d+) Version (\S+) ready\.?$">
1124
1287
  <description>ZebraNet Print Server FTP</description>
1125
1288
  <example os.product="ZBR-46686">ZBR-46686 Version 7.02 ready.</example>
@@ -1133,6 +1296,7 @@ more text</example>
1133
1296
  <param pos="0" name="hw.device" value="Print server"/>
1134
1297
  <param pos="1" name="hw.product"/>
1135
1298
  </fingerprint>
1299
+
1136
1300
  <fingerprint pattern="^(ET(\S+)) Dell (\S+ Laser Printer) FTP Server">
1137
1301
  <description>Dell Laser Printer</description>
1138
1302
  <example host.name="ET0021B71A1111" host.mac="0021B71A1111" hw.product="2350dn Laser Printer">ET0021B71A1111 Dell 2350dn Laser Printer FTP Server NR.APS.N449 ready.</example>
@@ -1144,12 +1308,14 @@ more text</example>
1144
1308
  <param pos="2" name="host.mac"/>
1145
1309
  <param pos="3" name="hw.product"/>
1146
1310
  </fingerprint>
1311
+
1147
1312
  <fingerprint pattern="^(\S+) FTP server \(Version \S+ \w+ \w+ \d{1,2} \d{1,2}:\d{1,2}:\d{1,2} [A-Z]+ (?:1|2)\d{3}\) ready\.?$">
1148
1313
  <description>Generic/unknown FTP Server found on HP-UX and AIX systems</description>
1149
1314
  <example host.name="host.example.com">host.example.com FTP server (Version 4.1 Sat Sep 7 14:31:53 CDT 2002) ready.</example>
1150
1315
  <example host.name="host.example.com">host.example.com FTP server (Version 5.3 Sat Jan 10 14:01:03 CDT 2012) ready</example>
1151
1316
  <param pos="1" name="host.name"/>
1152
1317
  </fingerprint>
1318
+
1153
1319
  <fingerprint pattern="^Welcome to the (?:Cisco )?(?:TelePresence) ([a-zA-Z\s]*?) ((?:MSE )?\d+), version (\d+.\d+\(\d+.\d+\)).*?" flags="REG_ICASE">
1154
1320
  <description>Cisco TelePresence</description>
1155
1321
  <example hw.series="AM GW" os.version="1.1(1.34)" hw.model="3610">Welcome to the Cisco TelePresence AM GW 3610, version 1.1(1.34) </example>
@@ -1165,6 +1331,7 @@ more text</example>
1165
1331
  <param pos="2" name="hw.model"/>
1166
1332
  <param pos="3" name="os.version"/>
1167
1333
  </fingerprint>
1334
+
1168
1335
  <fingerprint pattern="^(\S+) FTP server \((?:HP|Compaq) Tru64 UNIX Version (\S+)\) ready\.?$">
1169
1336
  <description>Digital/Compaq/HP Tru64 Unix</description>
1170
1337
  <example host.name="example.com" os.version="5.60">example.com FTP server (Compaq Tru64 UNIX Version 5.60) ready.</example>
@@ -1173,8 +1340,9 @@ more text</example>
1173
1340
  <param pos="0" name="os.product" value="Tru64 Unix"/>
1174
1341
  <param pos="1" name="host.name"/>
1175
1342
  <param pos="2" name="os.version"/>
1176
- <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
1343
+ <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64_unix:{os.version}"/>
1177
1344
  </fingerprint>
1345
+
1178
1346
  <fingerprint pattern="^(\S+) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
1179
1347
  <description>Digital/Compaq/HP Tru64 Unix w/o branding</description>
1180
1348
  <example host.name="example.com" os.version="5.60">example.com FTP server (Digital UNIX Version 5.60) ready.</example>
@@ -1184,6 +1352,7 @@ more text</example>
1184
1352
  <param pos="1" name="host.name"/>
1185
1353
  <param pos="2" name="os.version"/>
1186
1354
  </fingerprint>
1355
+
1187
1356
  <fingerprint pattern="^(\S+) FTP server \(MikroTik ([\d\.]+)\) ready\.?$">
1188
1357
  <description>MikroTik</description>
1189
1358
  <example host.name="example.com" os.version="6.18">example.com FTP server (MikroTik 6.18) ready</example>
@@ -1193,14 +1362,18 @@ more text</example>
1193
1362
  <param pos="2" name="os.version"/>
1194
1363
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
1195
1364
  </fingerprint>
1196
- <fingerprint pattern="^MikroTik FTP server \(MikroTik ([\w.]+)\) ready\.?$">
1197
- <description>MikroTik w/o hostname</description>
1198
- <example os.version="6.0rc14">MikroTik FTP server (MikroTik 6.0rc14) ready</example>
1365
+
1366
+ <fingerprint pattern="^.* FTP server \(MikroTik (\d\.[\w\.]+)\) ready\.?$">
1367
+ <description>MikroTik with description</description>
1368
+ <example os.version="6.43.16">Super Thing_Place- FTP server (MikroTik 6.43.16) ready</example>
1369
+ <example os.version="6.43.16beta2">Super Thing_Place- FTP server (MikroTik 6.43.16beta2) ready</example>
1370
+ <example os.version="6.43.16rc56">Super Thing_Place- FTP server (MikroTik 6.43.16rc56) ready</example>
1199
1371
  <param pos="0" name="os.vendor" value="MikroTik"/>
1200
1372
  <param pos="0" name="os.product" value="RouterOS"/>
1201
1373
  <param pos="1" name="os.version"/>
1202
1374
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
1203
1375
  </fingerprint>
1376
+
1204
1377
  <fingerprint pattern="^Welcome to ASUS (B?RT-[\w.-]+) FTP service\.$">
1205
1378
  <description>FTPD on an Asus Wireless Access Point/Router</description>
1206
1379
  <example hw.product="RT-AC68U">Welcome to ASUS RT-AC68U FTP service.</example>
@@ -1212,6 +1385,7 @@ more text</example>
1212
1385
  <param pos="0" name="hw.device" value="WAP"/>
1213
1386
  <param pos="1" name="hw.product"/>
1214
1387
  </fingerprint>
1388
+
1215
1389
  <fingerprint pattern="^Welcome to ASUS (DSL-[\w.-]+) FTP service\.$">
1216
1390
  <description>FTPD on a ADSL/VDSL Modem/Wireless Access Point/Router</description>
1217
1391
  <example hw.product="DSL-AC68U">Welcome to ASUS DSL-AC68U FTP service.</example>
@@ -1222,6 +1396,7 @@ more text</example>
1222
1396
  <param pos="0" name="hw.device" value="DSL Modem"/>
1223
1397
  <param pos="1" name="hw.product"/>
1224
1398
  </fingerprint>
1399
+
1225
1400
  <fingerprint pattern="^Welcome to ASUS (TM-\w+) FTP service\.$">
1226
1401
  <description>FTPD on a T-Mobile branded Asus Wireless Access Point/Router</description>
1227
1402
  <example hw.product="TM-AC1900">Welcome to ASUS TM-AC1900 FTP service.</example>
@@ -1231,6 +1406,7 @@ more text</example>
1231
1406
  <param pos="0" name="hw.device" value="WAP"/>
1232
1407
  <param pos="1" name="hw.product"/>
1233
1408
  </fingerprint>
1409
+
1234
1410
  <fingerprint pattern="^(FRITZ!Box[\w()]+) FTP server ready\.$">
1235
1411
  <description>FTPD on an AWM multifunction Modem/Wireless Access Point/Router/VoIP device</description>
1236
1412
  <example hw.product="FRITZ!Box7490">FRITZ!Box7490 FTP server ready.</example>
@@ -1244,6 +1420,7 @@ more text</example>
1244
1420
  <param pos="0" name="hw.family" value="FRITZ!Box"/>
1245
1421
  <param pos="1" name="hw.product"/>
1246
1422
  </fingerprint>
1423
+
1247
1424
  <fingerprint pattern="^HES_CPE FTP server \(GNU inetutils ([\w.]+)\) ready\.$">
1248
1425
  <description>FTPD on a ZyXEL (Huawei rebrand) WiMax WAP</description>
1249
1426
  <example service.version="1.4.1">HES_CPE FTP server (GNU inetutils 1.4.1) ready.</example>
@@ -1251,10 +1428,11 @@ more text</example>
1251
1428
  <param pos="0" name="service.product" value="inetutils ftpd"/>
1252
1429
  <param pos="0" name="service.vendor" value="GNU"/>
1253
1430
  <param pos="1" name="service.version"/>
1254
- <param pos="0" name="hw.vendor" value="ZyXEL"/>
1431
+ <param pos="0" name="hw.vendor" value="Zyxel"/>
1255
1432
  <param pos="0" name="hw.family" value="WiMax"/>
1256
1433
  <param pos="0" name="hw.device" value="WAP"/>
1257
1434
  </fingerprint>
1435
+
1258
1436
  <fingerprint pattern="^Speedport W ?(\S+) (?:Typ [A|B] )?FTP Server v([\d.]+) ready$$">
1259
1437
  <description>FTPD on Speedport WLAN/ADSL routers (Deutsche Telekom mfg by misc)</description>
1260
1438
  <example hw.product="723V" os.version="1.40.000">Speedport W 723V Typ B FTP Server v1.40.000 ready</example>
@@ -1266,6 +1444,7 @@ more text</example>
1266
1444
  <param pos="1" name="hw.product"/>
1267
1445
  <param pos="2" name="os.version"/>
1268
1446
  </fingerprint>
1447
+
1269
1448
  <fingerprint pattern="^DiskStation FTP server ready\.$">
1270
1449
  <description>FTPD on a Synology DiskStation NAS</description>
1271
1450
  <example>DiskStation FTP server ready.</example>
@@ -1278,6 +1457,7 @@ more text</example>
1278
1457
  <param pos="0" name="hw.family" value="DiskStation"/>
1279
1458
  <param pos="0" name="hw.device" value="NAS"/>
1280
1459
  </fingerprint>
1460
+
1281
1461
  <fingerprint pattern="^Synology FTP server ready\.$" flags="REG_ICASE">
1282
1462
  <description>FTPD on a Synology device</description>
1283
1463
  <example>Synology FTP server ready.</example>
@@ -1289,6 +1469,7 @@ more text</example>
1289
1469
  <param pos="0" name="os.product" value="Linux"/>
1290
1470
  <param pos="0" name="hw.vendor" value="Synology"/>
1291
1471
  </fingerprint>
1472
+
1292
1473
  <fingerprint pattern="^.Welcome to MyBookLive.$">
1293
1474
  <description>FTPD on Western Digital My Book Live NAS</description>
1294
1475
  <example>"Welcome to MyBookLive"</example>
@@ -1297,6 +1478,7 @@ more text</example>
1297
1478
  <param pos="0" name="hw.product" value="My Book Live"/>
1298
1479
  <param pos="0" name="hw.device" value="NAS"/>
1299
1480
  </fingerprint>
1481
+
1300
1482
  <fingerprint pattern="^Multicraft ([\w.-]+) FTP server$">
1301
1483
  <description>Multicraft FTPD Server</description>
1302
1484
  <example service.version="2.0.2">Multicraft 2.0.2 FTP server</example>
@@ -1306,6 +1488,7 @@ more text</example>
1306
1488
  <param pos="0" name="service.vendor" value="Multicraft"/>
1307
1489
  <param pos="1" name="service.version"/>
1308
1490
  </fingerprint>
1491
+
1309
1492
  <fingerprint pattern="^bftpd ([\d.]+) at ([a-f\d.:]+) ready\.$">
1310
1493
  <description>Bftpd FTPD Server</description>
1311
1494
  <example service.version="2.2.1" host.ip="192.168.0.1">bftpd 2.2.1 at 192.168.0.1 ready.</example>
@@ -1317,6 +1500,7 @@ more text</example>
1317
1500
  <param pos="0" name="service.cpe23" value="cpe:/a:bftpd_project:bftpd:{service.version}"/>
1318
1501
  <param pos="2" name="host.ip"/>
1319
1502
  </fingerprint>
1503
+
1320
1504
  <fingerprint pattern="^NASFTPD Turbo station (?:2.x )?([\w.]+) Server \(ProFTPD\)(?: \[([a-f\d.:]+)\])?$">
1321
1505
  <description>ProFTPD on QNAP Turbo Station NAS</description>
1322
1506
  <example service.version="1.3.5a" host.ip="192.168.1.100">NASFTPD Turbo station 1.3.5a Server (ProFTPD) [192.168.1.100]</example>
@@ -1332,6 +1516,7 @@ more text</example>
1332
1516
  <param pos="0" name="hw.device" value="NAS"/>
1333
1517
  <param pos="2" name="host.ip"/>
1334
1518
  </fingerprint>
1519
+
1335
1520
  <fingerprint pattern="^Twisted ([\w.]+) FTP Server$">
1336
1521
  <description>Twisted (Python) FTP Server</description>
1337
1522
  <example service.version="14.0.0">Twisted 14.0.0 FTP Server</example>
@@ -1341,6 +1526,7 @@ more text</example>
1341
1526
  <param pos="0" name="service.vendor" value="Twisted Matrix Labs"/>
1342
1527
  <param pos="1" name="service.version"/>
1343
1528
  </fingerprint>
1529
+
1344
1530
  <fingerprint pattern="^Gene6 FTP Server v(\d{1,2}\.\d{1,2}\.\d{1,2}\s{1,2}\(Build \d{1,2}\)) ready\.\.\.$">
1345
1531
  <description>Gene6 FTP Server on Windows</description>
1346
1532
  <example service.version="3.10.0 (Build 2)">Gene6 FTP Server v3.10.0 (Build 2) ready...</example>
@@ -1354,6 +1540,7 @@ more text</example>
1354
1540
  <param pos="0" name="os.product" value="Windows"/>
1355
1541
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1356
1542
  </fingerprint>
1543
+
1357
1544
  <fingerprint pattern="^([\w.-]+) X2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
1358
1545
  <description>WS_FTP FTP Server on Windows - X2 variant</description>
1359
1546
  <example service.version="7.7(50012467)" host.name="a.host.name.tld">a.host.name.tld X2 WS_FTP Server 7.7(50012467)</example>
@@ -1369,6 +1556,7 @@ more text</example>
1369
1556
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1370
1557
  <param pos="1" name="host.name"/>
1371
1558
  </fingerprint>
1559
+
1372
1560
  <fingerprint pattern="^V2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
1373
1561
  <description>WS_FTP FTP Server on Windows - V2 variant</description>
1374
1562
  <example service.version="6.1(05544322)">V2 WS_FTP Server 6.1(05544322)</example>
@@ -1382,24 +1570,27 @@ more text</example>
1382
1570
  <param pos="0" name="os.product" value="Windows"/>
1383
1571
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1384
1572
  </fingerprint>
1573
+
1385
1574
  <fingerprint pattern="^FTP Server \(ZyWALL (USG\s?[\w-]+)\) \[([a-f\d:.]+)\]$">
1386
1575
  <description>ZyXEL Unified Security Gateway</description>
1387
1576
  <example hw.product="USG 20" host.ip="::ffff:192.168.0.2">FTP Server (ZyWALL USG 20) [::ffff:192.168.0.2]</example>
1388
1577
  <example hw.product="USG100-PLUS" host.ip="::ffff:192.168.5.101">FTP Server (ZyWALL USG100-PLUS) [::ffff:192.168.5.101]</example>
1389
1578
  <example hw.product="USG 20" host.ip="10.0.0.2">FTP Server (ZyWALL USG 20) [10.0.0.2]</example>
1390
- <param pos="0" name="service.vendor" value="ZyXEL"/>
1579
+ <param pos="0" name="service.vendor" value="Zyxel"/>
1391
1580
  <param pos="0" name="service.family" value="Unified Security Gateway"/>
1392
1581
  <param pos="0" name="service.product" value="FTPD"/>
1393
1582
  <param pos="2" name="host.ip"/>
1394
- <param pos="0" name="hw.vendor" value="ZyXEL"/>
1583
+ <param pos="0" name="hw.vendor" value="Zyxel"/>
1395
1584
  <param pos="0" name="hw.family" value="Unified Security Gateway"/>
1396
1585
  <param pos="1" name="hw.product"/>
1397
1586
  </fingerprint>
1587
+
1398
1588
  <fingerprint pattern="^Welcome to TP-LINK FTP server$">
1399
1589
  <description>FTPD on a TP-LINK device (no version/host info)</description>
1400
1590
  <example>Welcome to TP-LINK FTP server</example>
1401
1591
  <param pos="0" name="hw.vendor" value="TP-LINK"/>
1402
1592
  </fingerprint>
1593
+
1403
1594
  <fingerprint pattern="^TP-LINK FTP version ([\d\.]+)">
1404
1595
  <description>FTPD on a TP-LINK device with version, but no host info</description>
1405
1596
  <example service.version="1.0">TP-LINK FTP version 1.0 ready at Wed May 1 20:51:49 2019</example>
@@ -1407,6 +1598,7 @@ more text</example>
1407
1598
  <param pos="0" name="service.product" value="FTPD"/>
1408
1599
  <param pos="1" name="service.version"/>
1409
1600
  </fingerprint>
1601
+
1410
1602
  <fingerprint pattern="^ucftpd\((\w{3}\s+\d{1,2} \d{4}-\d\d:\d\d:\d\d)\) FTP server ready\.$">
1411
1603
  <description>ucftpd with version</description>
1412
1604
  <example service.version="Jul 2 2012-22:13:49">ucftpd(Jul 2 2012-22:13:49) FTP server ready.</example>
@@ -1415,18 +1607,21 @@ more text</example>
1415
1607
  <param pos="0" name="service.product" value="ucftpd"/>
1416
1608
  <param pos="1" name="service.version"/>
1417
1609
  </fingerprint>
1610
+
1418
1611
  <fingerprint pattern="^ucftpd FTP server ready\.$">
1419
1612
  <description>ucftpd without version</description>
1420
1613
  <example>ucftpd FTP server ready.</example>
1421
1614
  <param pos="0" name="service.family" value="ucftpd"/>
1422
1615
  <param pos="0" name="service.product" value="ucftpd"/>
1423
1616
  </fingerprint>
1617
+
1424
1618
  <fingerprint pattern="^Welcome to TBS FTP Server\.$">
1425
1619
  <description>TBS FTP Server</description>
1426
1620
  <example>Welcome to TBS FTP Server.</example>
1427
1621
  <param pos="0" name="service.family" value="TBS FTP Server"/>
1428
1622
  <param pos="0" name="service.product" value="TBS FTP Server"/>
1429
1623
  </fingerprint>
1624
+
1430
1625
  <fingerprint pattern="^Sofrel (S5[\w]+) SN ([\d-]+) ready. Time is (\d{2}:\d{2}:\d{2} \d{2}\/\d{2}\/\d{2})\.$">
1431
1626
  <description>Sofrel Remote Terminal Unit</description>
1432
1627
  <example hw.product="S500" host.id="01-499-00427" system.time="00:11:39 01/11/16">Sofrel S500 SN 01-499-00427 ready. Time is 00:11:39 01/11/16.</example>
@@ -1437,6 +1632,7 @@ more text</example>
1437
1632
  <param pos="0" name="system.time.format" value="HH:mm:ss dd/MM/yy"/>
1438
1633
  <param pos="3" name="system.time"/>
1439
1634
  </fingerprint>
1635
+
1440
1636
  <fingerprint pattern="^TiMOS-[CB]-([\S]+) cpm\/[\w]+ ALCATEL (SR [\S]+) Copyright .{1,4}$">
1441
1637
  <description>ALCATEL Service Router running TiMOS</description>
1442
1638
  <example os.version="13.0.R9">TiMOS-C-13.0.R9 cpm/hops64 ALCATEL SR 7750 Copyright (</example>
@@ -1447,11 +1643,13 @@ more text</example>
1447
1643
  <param pos="0" name="hw.family" value="Service Router"/>
1448
1644
  <param pos="2" name="hw.product"/>
1449
1645
  </fingerprint>
1646
+
1450
1647
  <fingerprint pattern="^(\S+) FTP server ready\.?$" flags="REG_ICASE">
1451
1648
  <description>Generic FTP fingerprint with a hostname</description>
1452
1649
  <example host.name="example.com">example.com FTP server ready.</example>
1453
1650
  <param pos="1" name="host.name"/>
1454
1651
  </fingerprint>
1652
+
1455
1653
  <fingerprint pattern="^(\S+) FTP server \(Version (\d.*)\) ready\.?$" flags="REG_ICASE">
1456
1654
  <description>Generic FTP fingerprint with a hostname and a version for a generic FTP implementation</description>
1457
1655
  <example host.name="example.com" service.version="6.00LS">example.com FTP server (Version 6.00LS) ready.</example>
@@ -1459,6 +1657,7 @@ more text</example>
1459
1657
  <param pos="1" name="host.name"/>
1460
1658
  <param pos="2" name="service.version"/>
1461
1659
  </fingerprint>
1660
+
1462
1661
  <fingerprint pattern="(?i)^FTP[\- ]+(?:server|service)?(?:(?: is)? ready)?\.?$">
1463
1662
  <description>Generic FTP fingerprint without a hostname</description>
1464
1663
  <example>FTP server is ready.</example>
@@ -1468,12 +1667,14 @@ more text</example>
1468
1667
  <example>FTP Server</example>
1469
1668
  <example>FTP service ready.</example>
1470
1669
  </fingerprint>
1670
+
1471
1671
  <fingerprint pattern="^Welcom to ProRat Ftp Server$">
1472
1672
  <description>The FTP server of the ProRat malware</description>
1473
1673
  <example>Welcom to ProRat Ftp Server</example>
1474
1674
  <param pos="0" name="service.vendor" value="Pro Group"/>
1475
1675
  <param pos="0" name="service.product" value="ProRat"/>
1476
1676
  </fingerprint>
1677
+
1477
1678
  <fingerprint pattern="^(?:(\S+) )?FTP Server \(vftpd ([\d.]+)\) ready\.?$">
1478
1679
  <description>Vermillion FTP Daemon</description>
1479
1680
  <example host.name="srv.name" service.version="1.23">srv.name FTP Server (vftpd 1.23) ready.</example>
@@ -1487,6 +1688,7 @@ more text</example>
1487
1688
  <param pos="2" name="service.version"/>
1488
1689
  <param pos="1" name="host.name"/>
1489
1690
  </fingerprint>
1691
+
1490
1692
  <fingerprint pattern="^(?:(\S+) )?FTP server \(QVT\/Net ([\d.]+)\) ready\.?$">
1491
1693
  <description>QVT/Net FTP Server</description>
1492
1694
  <example host.name="siren" service.version="5.1">siren FTP server (QVT/Net 5.1) ready.</example>
@@ -1500,6 +1702,7 @@ more text</example>
1500
1702
  <param pos="2" name="service.version"/>
1501
1703
  <param pos="1" name="host.name"/>
1502
1704
  </fingerprint>
1705
+
1503
1706
  <fingerprint pattern="Amazon\sLinux\sAMI\srelease\s(\d+\.\d+)">
1504
1707
  <description>Amazon Linux AMI</description>
1505
1708
  <example os.version="2016.09">Amazon Linux AMI release 2016.09</example>
@@ -1508,8 +1711,10 @@ more text</example>
1508
1711
  <param pos="0" name="os.product" value="Linux AMI"/>
1509
1712
  <param pos="1" name="os.version"/>
1510
1713
  </fingerprint>
1714
+
1511
1715
  <!-- Below are banners for FTP service providers, not necessarily
1512
1716
  specific FTP servers-->
1717
+
1513
1718
  <fingerprint pattern="^Idea FTP Server ([\d\.]+) \((.*)\) \[(.+)\]$">
1514
1719
  <description>Idea FTP Server</description>
1515
1720
  <example service.version="0.83.213" host.name="localhost" host.ip="1.2.3.4">Idea FTP Server 0.83.213 (localhost) [1.2.3.4]</example>
@@ -1520,18 +1725,21 @@ more text</example>
1520
1725
  <param pos="2" name="host.name"/>
1521
1726
  <param pos="3" name="host.ip"/>
1522
1727
  </fingerprint>
1728
+
1523
1729
  <fingerprint pattern="^Amazon Ftp$">
1524
1730
  <description>Amazon FTP endpoint</description>
1525
1731
  <example>Amazon Ftp</example>
1526
1732
  <param pos="0" name="service.vendor" value="Amazon"/>
1527
1733
  <param pos="0" name="service.product" value="FTP Server"/>
1528
1734
  </fingerprint>
1735
+
1529
1736
  <fingerprint pattern="^Dreamhost FTP Server$">
1530
1737
  <description>Dreamhost FTP endpoint</description>
1531
1738
  <example>Dreamhost FTP Server</example>
1532
1739
  <param pos="0" name="service.vendor" value="Dreamhost"/>
1533
1740
  <param pos="0" name="service.product" value="FTP Server"/>
1534
1741
  </fingerprint>
1742
+
1535
1743
  <fingerprint pattern="^QTCP at ([a-zA-Z0-9\.\_\-]+)$">
1536
1744
  <description>IBM iSeries FTP</description>
1537
1745
  <example host.name="core.bank.local.">QTCP at core.bank.local.</example>
@@ -1541,6 +1749,7 @@ more text</example>
1541
1749
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:-"/>
1542
1750
  <param pos="1" name="host.name"/>
1543
1751
  </fingerprint>
1752
+
1544
1753
  <fingerprint pattern="^HomeLogic FTP Server">
1545
1754
  <description>ELAN Smart Home Controller</description>
1546
1755
  <example>HomeLogic FTP Server Please Give User Name</example>
@@ -1549,5 +1758,29 @@ more text</example>
1549
1758
  <param pos="0" name="hw.product" value="Home Controller"/>
1550
1759
  <param pos="0" name="os.vendor" value="ELAN"/>
1551
1760
  <param pos="0" name="os.family" value="Linux"/>
1552
- </fingerprint>
1553
- </fingerprints>
1761
+ </fingerprint>
1762
+
1763
+ <fingerprint pattern="^Welcome to Honeywell Printer (PM\d+)\S+?$">
1764
+ <description>Honeywell Thermal Label Printer (Previously Intermec)</description>
1765
+ <example hw.product="Thermal Label Printer PM43">Welcome to Honeywell Printer PM43c</example>
1766
+ <param pos="0" name="hw.vendor" value="Honeywell"/>
1767
+ <param pos="1" name="hw.model"/>
1768
+ <param pos="0" name="hw.product" value="Thermal Label Printer {hw.model}"/>
1769
+ <param pos="0" name="hw.device" value="Printer"/>
1770
+ <param pos="0" name="os.vendor" value="Honeywell"/>
1771
+ <param pos="0" name="os.product" value="Thermal Label Printer {hw.model}"/>
1772
+ <param pos="0" name="os.device" value="Printer"/>
1773
+ </fingerprint>
1774
+
1775
+ <fingerprint pattern="^SurgeFTP ([\S]+) \(Version ([a-f\d.]+)\)$">
1776
+ <description>NetWin SurgeFTP</description>
1777
+ <example service.version="2.3a12">SurgeFTP 192.168.0.0 (Version 2.3a12)</example>
1778
+ <example host.name="foo.bar.baz">SurgeFTP foo.bar.baz (Version 2.2f9)</example>
1779
+ <param pos="0" name="service.vendor" value="NetWin"/>
1780
+ <param pos="0" name="service.product" value="SurgeFTP"/>
1781
+ <param pos="2" name="service.version"/>
1782
+ <param pos="0" name="service.cpe23" value="cpe:/a:netwin:surgeftp:{service.version}"/>
1783
+ <param pos="1" name="host.name"/>
1784
+ </fingerprint>
1785
+
1786
+ </fingerprints>