recog-intrigue 2.3.7 → 2.3.14

Sign up to get free protection for your applications and to get access to all the features.
Files changed (70) hide show
  1. checksums.yaml +4 -4
  2. data/.github/SECURITY.md +35 -0
  3. data/.gitignore +9 -0
  4. data/CONTRIBUTING.md +136 -37
  5. data/README.md +18 -16
  6. data/bin/recog_cleanup +16 -0
  7. data/bin/recog_standardize +30 -6
  8. data/cpe-remap.yaml +38 -1
  9. data/identifiers/README.md +9 -0
  10. data/identifiers/hw_device.txt +77 -0
  11. data/identifiers/hw_family.txt +96 -0
  12. data/identifiers/hw_product.txt +328 -0
  13. data/identifiers/os_architecture.txt +6 -6
  14. data/identifiers/os_device.txt +45 -3
  15. data/identifiers/os_family.txt +206 -41
  16. data/identifiers/os_product.txt +238 -17
  17. data/identifiers/service_family.txt +144 -57
  18. data/identifiers/service_product.txt +385 -83
  19. data/identifiers/vendor.txt +554 -68
  20. data/lib/recog/version.rb +1 -1
  21. data/requirements.txt +1 -1
  22. data/update_cpes.py +4 -1
  23. data/xml/apache_modules.xml +292 -5
  24. data/xml/apache_os.xml +41 -2
  25. data/xml/architecture.xml +11 -3
  26. data/xml/dns_versionbind.xml +200 -26
  27. data/xml/favicons.xml +1701 -0
  28. data/xml/ftp_banners.xml +256 -23
  29. data/xml/h323_callresp.xml +112 -12
  30. data/xml/hp_pjl_id.xml +47 -5
  31. data/xml/html_title.xml +1156 -70
  32. data/xml/http_cookies.xml +69 -11
  33. data/xml/http_servers.xml +1094 -107
  34. data/xml/http_wwwauth.xml +143 -27
  35. data/xml/imap_banners.xml +62 -13
  36. data/xml/ldap_searchresult.xml +81 -9
  37. data/xml/mdns_device-info_txt.xml +194 -17
  38. data/xml/mdns_workstation_txt.xml +4 -2
  39. data/xml/mysql_banners.xml +233 -40
  40. data/xml/mysql_error.xml +113 -6
  41. data/xml/nntp_banners.xml +10 -2
  42. data/xml/ntp_banners.xml +93 -9
  43. data/xml/operating_system.xml +90 -3
  44. data/xml/pop_banners.xml +87 -33
  45. data/xml/rsh_resp.xml +11 -2
  46. data/xml/rtsp_servers.xml +43 -23
  47. data/xml/sip_banners.xml +6 -11
  48. data/xml/sip_user_agents.xml +29 -2
  49. data/xml/smb_native_lm.xml +10 -2
  50. data/xml/smb_native_os.xml +80 -2
  51. data/xml/smtp_banners.xml +233 -13
  52. data/xml/smtp_debug.xml +6 -4
  53. data/xml/smtp_ehlo.xml +7 -5
  54. data/xml/smtp_expn.xml +13 -4
  55. data/xml/smtp_help.xml +23 -4
  56. data/xml/smtp_mailfrom.xml +5 -2
  57. data/xml/smtp_noop.xml +6 -5
  58. data/xml/smtp_quit.xml +5 -4
  59. data/xml/smtp_rcptto.xml +5 -2
  60. data/xml/smtp_rset.xml +4 -4
  61. data/xml/smtp_turn.xml +4 -4
  62. data/xml/smtp_vrfy.xml +14 -4
  63. data/xml/snmp_sysdescr.xml +741 -32
  64. data/xml/snmp_sysobjid.xml +47 -2
  65. data/xml/ssh_banners.xml +255 -81
  66. data/xml/telnet_banners.xml +503 -30
  67. data/xml/x11_banners.xml +26 -3
  68. data/xml/x509_issuers.xml +37 -13
  69. data/xml/x509_subjects.xml +214 -52
  70. metadata +12 -5
data/xml/http_cookies.xml CHANGED
@@ -1,9 +1,10 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="http_header.cookie" protocol="http" database_type="service">
3
3
  <!--
4
4
  Set-Cookie HTTP header values are matched against these patterns to fingerprint HTTP
5
5
  servers.
6
6
  -->
7
+
7
8
  <fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)=.*">
8
9
  <description>Adobe (Macromedia) ColdFusion uses various cookies</description>
9
10
  <param pos="1" name="cookie"/>
@@ -12,6 +13,7 @@
12
13
  <param pos="0" name="service.product" value="ColdFusion"/>
13
14
  <param pos="0" name="service.cpe23" value="cpe:/a:adobe:coldfusion:-"/>
14
15
  </fingerprint>
16
+
15
17
  <fingerprint pattern="^ANsession\d+=(\S+);.*">
16
18
  <description>Array Networks Secure Access Gateway / SSL VPN</description>
17
19
  <example>ANsession0002262072457555=IPMI; path=/;secure</example>
@@ -20,6 +22,7 @@
20
22
  <param pos="0" name="service.family" value="Secure Access Gateway"/>
21
23
  <param pos="0" name="hw.device" value="VPN"/>
22
24
  </fingerprint>
25
+
23
26
  <fingerprint pattern="^(Apache)=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.([0-9]+);.*">
24
27
  <description>Apache</description>
25
28
  <param pos="1" name="cookie"/>
@@ -29,6 +32,7 @@
29
32
  <param pos="0" name="service.product" value="HTTPD"/>
30
33
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
31
34
  </fingerprint>
35
+
32
36
  <fingerprint pattern="^(JServSessionIdroot)=.*">
33
37
  <description>Apache JServ</description>
34
38
  <param pos="1" name="cookie"/>
@@ -36,6 +40,7 @@
36
40
  <param pos="0" name="service.family" value="JServ"/>
37
41
  <param pos="0" name="service.product" value="JServ"/>
38
42
  </fingerprint>
43
+
39
44
  <fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)=.*">
40
45
  <description>ATG Dynamo</description>
41
46
  <param pos="1" name="cookie"/>
@@ -43,6 +48,7 @@
43
48
  <param pos="0" name="service.family" value="Dynamo"/>
44
49
  <param pos="0" name="service.product" value="Dynamo"/>
45
50
  </fingerprint>
51
+
46
52
  <fingerprint pattern="^(WebLogicSession)=[^!]+![^!]+!([0-9]+);.*">
47
53
  <description>BEA WebLogic (with timestamp)</description>
48
54
  <param pos="1" name="cookie"/>
@@ -52,6 +58,7 @@
52
58
  <param pos="0" name="service.product" value="WebLogic"/>
53
59
  <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
54
60
  </fingerprint>
61
+
55
62
  <fingerprint pattern="^(WebLogicSession)=.*">
56
63
  <description>BEA WebLogic (no timestamp)</description>
57
64
  <param pos="1" name="cookie"/>
@@ -60,6 +67,7 @@
60
67
  <param pos="0" name="service.product" value="WebLogic"/>
61
68
  <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:-"/>
62
69
  </fingerprint>
70
+
63
71
  <fingerprint pattern="^(BCSI-CSC[0-9A-Za-z]+)=.*">
64
72
  <description>BlueCoat Proxy</description>
65
73
  <param pos="1" name="cookie"/>
@@ -67,20 +75,22 @@
67
75
  <param pos="0" name="service.family" value="Proxy"/>
68
76
  <param pos="0" name="service.product" value="Proxy"/>
69
77
  </fingerprint>
78
+
70
79
  <fingerprint pattern="^(CAKEPHP)=.*">
71
80
  <description>CakePHP - http://www.cakephp.org/</description>
72
81
  <param pos="1" name="cookie"/>
73
82
  <param pos="0" name="service.family" value="PHP"/>
74
83
  <param pos="0" name="service.product" value="CakePHP"/>
75
84
  </fingerprint>
85
+
76
86
  <!--
77
87
  For the following two Cisco Content Service Switch fingerprints:
78
88
  The cookie value breaks down to [box-id][service-id][timeout-value]
79
89
  unfortunately, there's no separator so it's hard to tell what the
80
90
  actual break is between the pieces of data.
81
-
82
91
  http://www.cisco.com/warp/public/117/AP_cookies.html
83
92
  -->
93
+
84
94
  <fingerprint pattern="^(ARPT)=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]+.*">
85
95
  <description>Cisco 11000 Series Content Service Switch (CSS)</description>
86
96
  <param pos="1" name="cookie"/>
@@ -90,6 +100,7 @@
90
100
  <param pos="0" name="service.family" value="Content Service Switch"/>
91
101
  <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
92
102
  </fingerprint>
103
+
93
104
  <fingerprint pattern="^(ARPT)=.*">
94
105
  <description>Cisco 11000 Series Content Service Switch (CSS) - catch all variant</description>
95
106
  <param pos="1" name="cookie"/>
@@ -97,6 +108,7 @@
97
108
  <param pos="0" name="service.family" value="Content Service Switch"/>
98
109
  <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
99
110
  </fingerprint>
111
+
100
112
  <fingerprint pattern="^webvpn(?:c|context|_portal|Lang|login|SharePoint)?=">
101
113
  <description>Cisco ASA VPN</description>
102
114
  <example>webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure</example>
@@ -110,13 +122,14 @@
110
122
  <param pos="0" name="os.vendor" value="Cisco"/>
111
123
  <param pos="0" name="os.family" value="Adaptive Security Appliance"/>
112
124
  <param pos="0" name="os.product" value="Adaptive Security Appliance"/>
113
- <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance"/>
125
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance:-"/>
114
126
  <param pos="0" name="hw.vendor" value="Cisco"/>
115
127
  <param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
116
128
  <param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
117
129
  <param pos="0" name="hw.device" value="Firewall"/>
118
130
  <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
119
131
  </fingerprint>
132
+
120
133
  <fingerprint pattern="^(st8id)=.*">
121
134
  <description>Citrix Application Protection System, Enterprise - http://support.citrix.com/article/CTX109330</description>
122
135
  <param pos="1" name="cookie"/>
@@ -124,22 +137,31 @@
124
137
  <param pos="0" name="service.family" value="Application Protection System"/>
125
138
  <param pos="0" name="service.product" value="Application Protection System, Enterprise"/>
126
139
  </fingerprint>
127
- <fingerprint pattern="^NSC_(?:AAAC|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS]|PERS)=.*">
140
+
141
+ <fingerprint pattern="^NSC_(?:AAAC|BASEURL|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS]|PERS|USER)=.*">
128
142
  <description>Citrix NetScaler</description>
129
143
  <example>NSC_AAAC=xyz;</example>
144
+ <example>NSC_TEMP=xyz;</example>
130
145
  <param pos="0" name="os.vendor" value="Citrix"/>
131
146
  <param pos="0" name="os.family" value="NetScaler"/>
132
147
  <param pos="0" name="os.device" value="Network Management Device"/>
133
148
  <param pos="0" name="os.product" value="NetScaler"/>
149
+ <param pos="0" name="service.vendor" value="Citrix"/>
150
+ <param pos="0" name="service.family" value="NetScaler"/>
151
+ <param pos="0" name="service.device" value="Network Management Device"/>
152
+ <param pos="0" name="service.product" value="NetScaler"/>
153
+ <param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler:-"/>
134
154
  </fingerprint>
155
+
135
156
  <fingerprint pattern="^DSSignInURL=/">
136
157
  <description>Pulse Secure VPN</description>
137
158
  <example>DSSignInURL=/; path=/; secure</example>
138
159
  <param pos="0" name="os.vendor" value="Pulse Secure"/>
139
- <param pos="0" name="os.family" value="SSL VPN"/>
140
- <param pos="0" name="os.device" value="SSL VPN"/>
141
- <param pos="0" name="os.product" value="SSL VPN"/>
160
+ <param pos="0" name="os.family" value="SSL-VPN"/>
161
+ <param pos="0" name="os.device" value="SSL-VPN"/>
162
+ <param pos="0" name="os.product" value="SSL-VPN"/>
142
163
  </fingerprint>
164
+
143
165
  <fingerprint pattern="^(EktGUID|ecm)=.*">
144
166
  <description>Ektron CMS400.net</description>
145
167
  <param pos="1" name="cookie"/>
@@ -147,8 +169,10 @@
147
169
  <param pos="0" name="service.family" value="CMS400.NET"/>
148
170
  <param pos="0" name="service.product" value="CMS400.NET"/>
149
171
  </fingerprint>
150
- <fingerprint pattern="^(BIGipServer([^=]+))=.*">
172
+
173
+ <fingerprint pattern="(?i)^(BIGipServer([^=]+))=.*">
151
174
  <description>F5 BIG-IP LTM - Server variant</description>
175
+ <example loadbalancer.poolname="CustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
152
176
  <param pos="1" name="cookie"/>
153
177
  <param pos="2" name="loadbalancer.poolname"/>
154
178
  <param pos="0" name="service.vendor" value="F5"/>
@@ -156,6 +180,7 @@
156
180
  <param pos="0" name="service.product" value="BIG-IP LTM"/>
157
181
  <param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
158
182
  </fingerprint>
183
+
159
184
  <fingerprint pattern="^(BigIPCookie)=.*">
160
185
  <description>F5 BIG-IP LTM</description>
161
186
  <param pos="1" name="cookie"/>
@@ -164,6 +189,7 @@
164
189
  <param pos="0" name="service.product" value="BIG-IP LTM"/>
165
190
  <param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
166
191
  </fingerprint>
192
+
167
193
  <fingerprint pattern="^(SERVERID)=([A-Za-z0-9\-_]+)">
168
194
  <description>HAProxy - http://haproxy.1wt.eu/download/1.2/doc/architecture.txt</description>
169
195
  <param pos="1" name="cookie"/>
@@ -171,6 +197,7 @@
171
197
  <param pos="0" name="service.family" value="HAProxy"/>
172
198
  <param pos="0" name="service.product" value="HAProxy"/>
173
199
  </fingerprint>
200
+
174
201
  <fingerprint pattern="^(AMWEBJCT!([^!]+)!([^=]+))=.*">
175
202
  <description>IBM Tivoli Access Manager for e-business WebSEAL
176
203
  http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin180.htm
@@ -182,6 +209,7 @@
182
209
  <param pos="0" name="service.family" value="Tivoli"/>
183
210
  <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
184
211
  </fingerprint>
212
+
185
213
  <fingerprint pattern="^(PD-S-SESSION-ID|PD-H-SESSION-ID|PD_STATEFUL_[^=]+)=.*">
186
214
  <description>IBM Tivoli Access Manager for e-business WebSeal
187
215
  http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin117.htm
@@ -191,6 +219,7 @@
191
219
  <param pos="0" name="service.family" value="Tivoli"/>
192
220
  <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
193
221
  </fingerprint>
222
+
194
223
  <fingerprint pattern="^(IBMCBR)=.*">
195
224
  <description>IBM WebSphere Load Balancer</description>
196
225
  <param pos="1" name="cookie"/>
@@ -198,12 +227,14 @@
198
227
  <param pos="0" name="service.family" value="WebSphere"/>
199
228
  <param pos="0" name="service.product" value="WebSphere Load Balancer"/>
200
229
  </fingerprint>
230
+
201
231
  <fingerprint pattern="^(mbfcookie(?:\[lang\])?)=.*">
202
232
  <description>Joom!Fish http://www.joomfish.net/</description>
203
233
  <param pos="1" name="cookie"/>
204
234
  <param pos="0" name="service.family" value="Joom!Fish"/>
205
235
  <param pos="0" name="service.product" value="Joom!Fish"/>
206
236
  </fingerprint>
237
+
207
238
  <fingerprint pattern="^(MSCSAuth|MSCSProfile)=.*">
208
239
  <description>Microsoft Commerce Server - http://msdn2.microsoft.com/en-us/library/ms953828.aspx</description>
209
240
  <param pos="1" name="cookie"/>
@@ -212,6 +243,7 @@
212
243
  <param pos="0" name="service.product" value="Commerce Server"/>
213
244
  <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:commerce_server:-"/>
214
245
  </fingerprint>
246
+
215
247
  <fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=.*">
216
248
  <description>Microsoft IIS (ASP.NET)
217
249
  http://msdn2.microsoft.com/en-us/library/ms953828.aspx
@@ -227,6 +259,7 @@
227
259
  <param pos="0" name="service.component.product" value="ASP.NET"/>
228
260
  <param pos="0" name="service.component.cpe23" value="cpe:/a:microsoft:asp.net:-"/>
229
261
  </fingerprint>
262
+
230
263
  <fingerprint pattern="^(AlteonP)=.*">
231
264
  <description>Nortel Alteon Web Switch</description>
232
265
  <param pos="1" name="cookie"/>
@@ -234,6 +267,7 @@
234
267
  <param pos="0" name="service.family" value="Alteon"/>
235
268
  <param pos="0" name="service.product" value="Alteon Web Switch"/>
236
269
  </fingerprint>
270
+
237
271
  <fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=.*">
238
272
  <description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
239
273
  <param pos="1" name="cookie"/>
@@ -241,6 +275,7 @@
241
275
  <param pos="0" name="service.family" value="Content Server"/>
242
276
  <param pos="0" name="service.product" value="Content Server"/>
243
277
  </fingerprint>
278
+
244
279
  <fingerprint pattern="^(parkinglot)=.*">
245
280
  <description>Oversee Webserver</description>
246
281
  <param pos="1" name="cookie"/>
@@ -248,6 +283,7 @@
248
283
  <param pos="0" name="service.family" value="Webserver"/>
249
284
  <param pos="0" name="service.product" value="Webserver"/>
250
285
  </fingerprint>
286
+
251
287
  <fingerprint pattern="^(PHPSESSID|PHPSESSION)=.*">
252
288
  <description>PHP - http://www.php.net/ref.session</description>
253
289
  <param pos="1" name="cookie"/>
@@ -256,6 +292,7 @@
256
292
  <param pos="0" name="service.product" value="PHP"/>
257
293
  <param pos="0" name="service.cpe23" value="cpe:/a:php:php:-"/>
258
294
  </fingerprint>
295
+
259
296
  <fingerprint pattern="^(RMID)=.*">
260
297
  <description>RealMedia OpenAdStream</description>
261
298
  <param pos="1" name="cookie"/>
@@ -263,6 +300,7 @@
263
300
  <param pos="0" name="service.family" value="OpenAdStream"/>
264
301
  <param pos="0" name="service.product" value="OpenAdStream"/>
265
302
  </fingerprint>
303
+
266
304
  <fingerprint pattern="^(RoxenUserID)=.*">
267
305
  <description>Roxen WebServer</description>
268
306
  <param pos="1" name="cookie"/>
@@ -270,6 +308,7 @@
270
308
  <param pos="0" name="service.family" value="WebServer"/>
271
309
  <param pos="0" name="service.product" value="WebServer"/>
272
310
  </fingerprint>
311
+
273
312
  <fingerprint pattern="^(_sn)=.*">
274
313
  <description>Siebel CRM</description>
275
314
  <param pos="1" name="cookie"/>
@@ -277,6 +316,7 @@
277
316
  <param pos="0" name="service.family" value="CRM"/>
278
317
  <param pos="0" name="service.product" value="CRM"/>
279
318
  </fingerprint>
319
+
280
320
  <!-- This fingerprint is not specific enough. Multiple products are sold under
281
321
  the brand iPlanet/Sun ONE/Sun Java.
282
322
  <fingerprint pattern="^(iPlanetUserId)=.*">
@@ -286,7 +326,9 @@
286
326
  <param pos="0" name="service.family" value="???"/>
287
327
  <param pos="0" name="service.product" value="???"/>
288
328
  </fingerprint>
329
+
289
330
  -->
331
+
290
332
  <fingerprint pattern="^(NSES40Session)=.*">
291
333
  <description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
292
334
  <param pos="1" name="cookie"/>
@@ -296,6 +338,7 @@
296
338
  <param pos="0" name="service.version" value="4.0"/>
297
339
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:4.0"/>
298
340
  </fingerprint>
341
+
299
342
  <fingerprint pattern="^(gx_session_id|JROUTE)=.*">
300
343
  <description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
301
344
  <param pos="1" name="cookie"/>
@@ -304,6 +347,7 @@
304
347
  <param pos="0" name="service.product" value="Java System Application Server"/>
305
348
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_application_server:-"/>
306
349
  </fingerprint>
350
+
307
351
  <fingerprint pattern="^(fe_typo_user)=.*">
308
352
  <description>TYPO3 CMS - http://typo3.com/</description>
309
353
  <param pos="1" name="cookie"/>
@@ -311,6 +355,7 @@
311
355
  <param pos="0" name="service.family" value="CMS"/>
312
356
  <param pos="0" name="service.product" value="CMS"/>
313
357
  </fingerprint>
358
+
314
359
  <fingerprint pattern="^(SaneID)=.*">
315
360
  <description>Unica NetTracker - http://netinsight.unica.com/Products/NetTracker.cfm</description>
316
361
  <param pos="1" name="cookie"/>
@@ -318,6 +363,7 @@
318
363
  <param pos="0" name="service.family" value="NetTracker"/>
319
364
  <param pos="0" name="service.product" value="NetTracker"/>
320
365
  </fingerprint>
366
+
321
367
  <fingerprint pattern="^(__utm[a-z])=.*">
322
368
  <description>Urchin Tracking Module - http://www.google.com/support/urchin45/bin/answer.py?answer=28307&amp;topic=7425</description>
323
369
  <param pos="1" name="cookie"/>
@@ -325,6 +371,7 @@
325
371
  <param pos="0" name="service.family" value="Urchin"/>
326
372
  <param pos="0" name="service.product" value="Urchin Tracking Module"/>
327
373
  </fingerprint>
374
+
328
375
  <fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=.*">
329
376
  <description>Vignette</description>
330
377
  <param pos="1" name="cookie"/>
@@ -332,6 +379,7 @@
332
379
  <param pos="0" name="service.family" value="Vignette"/>
333
380
  <param pos="0" name="service.product" value="Vignette"/>
334
381
  </fingerprint>
382
+
335
383
  <fingerprint pattern="^(wgSession)=.*">
336
384
  <description>Plain Black WebGUI - http://www.plainblack.com/webgui</description>
337
385
  <param pos="1" name="cookie"/>
@@ -339,6 +387,7 @@
339
387
  <param pos="0" name="service.family" value="WebGUI"/>
340
388
  <param pos="0" name="service.product" value="WebGUI"/>
341
389
  </fingerprint>
390
+
342
391
  <fingerprint pattern="^(WEBTRENDSID|WEBTRENDS_ID)=.*">
343
392
  <description>WebTrends</description>
344
393
  <param pos="1" name="cookie"/>
@@ -346,20 +395,24 @@
346
395
  <param pos="0" name="service.family" value="WebTrends"/>
347
396
  <param pos="0" name="service.product" value="WebTrends"/>
348
397
  </fingerprint>
398
+
349
399
  <fingerprint pattern="^(_ZopeId)=.*">
350
400
  <description>Zope</description>
351
401
  <param pos="1" name="cookie"/>
352
402
  <param pos="0" name="service.family" value="Zope"/>
353
403
  <param pos="0" name="service.product" value="Zope"/>
354
404
  </fingerprint>
405
+
355
406
  <fingerprint pattern="^(portal)=([0-9]+\.[0-9]+\.[0-9]+).*">
356
407
  <description>OracleAS Portal default cookie name - http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_f.htm</description>
357
408
  <param pos="1" name="cookie"/>
358
409
  <param pos="2" name="service.version"/>
359
410
  <param pos="0" name="service.vendor" value="Oracle"/>
360
411
  <param pos="0" name="service.family" value="OracleAS"/>
361
- <param pos="0" name="service.product" value="OracleAS Portal"/>
412
+ <param pos="0" name="service.product" value="Application Server Portal"/>
413
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:application_server_portal:{service.version}"/>
362
414
  </fingerprint>
415
+
363
416
  <fingerprint pattern="^Compaq-HMMD=[^;]+;.*$">
364
417
  <description>HP System Management Homepage (SMH)</description>
365
418
  <example>Compaq-HMMD=0001-c01fffff-487a-394a-aab0-ffffffffffff-ffffffffffffffff; path=/</example>
@@ -368,6 +421,7 @@
368
421
  <param pos="0" name="service.family" value="SMH"/>
369
422
  <param pos="0" name="service.product" value="SMH"/>
370
423
  </fingerprint>
424
+
371
425
  <fingerprint pattern="^MoodleSession=">
372
426
  <description>Moodle</description>
373
427
  <example>MoodleSession=uohhsgcain708q5l4gqcmmb5s2; path=/</example>
@@ -376,12 +430,12 @@
376
430
  <param pos="0" name="service.component.product" value="Moodle"/>
377
431
  <param pos="0" name="service.component.cpe23" value="cpe:/a:moodle:moodle:-"/>
378
432
  </fingerprint>
433
+
379
434
  <fingerprint pattern="_arachni_webui_session=">
380
435
  <description>Arachni Security Scanner</description>
381
436
  <example>_arachni_webui_session=el2MMEVVcld3Q2dBc3UvSmtQYmlPckpxSE2CMmlwd1Nja2lvUk5tRG5XYTlnRHJuVVVTblVNMTBOdGhrUU02dzC0K1I0Mnk3d1I3SUlCcngwQkliV3Y5VDBnVVZkOWJsS0VGSlYwM1RGMlVzVDNKcXlrdFNQZ0lIM1VBN3RDZFIrZTBrdjZmdSt0YnV2djh1RFE0S1czUmZQcGxNNW9UWVQydXFCZmNHZDRmTlg4cWludE5SUDRYU2JwdWw4Qmk3dEpDV3ZBejRkbU9ueFJKNG1HenplUEJjem9LU09IM0Z6ZHM4YU00aVpKUHJRVzR3SG8rRzBjWG9jclpqZGd2dmp2TnVGbjkvb0lmanZvM3lPZGhXb3c9PS0tR0dXVWppWnorMG1NNjlXTkYvaEswUT09--44b846e66f558667d7503010a726e2388803136f; path=/; HttpOnly</example>
382
437
  <param pos="0" name="service.vendor" value="Arachni"/>
383
438
  <param pos="0" name="service.product" value="Arachni"/>
384
- <param pos="0" name="service.component.cpe23" value="cpe:/a:arachni:arachni:-"/>
385
439
  </fingerprint>
386
440
 
387
441
  <!--
@@ -391,12 +445,14 @@
391
445
  a similar cookie name, you must ensure that it is located prior to
392
446
  these and this is enforced by rspec.
393
447
  -->
448
+
394
449
  <fingerprint pattern="(?i)^JSESSIONID(?:\.[^=]+)?=[^;]+;.*$">
395
450
  <description>Ignore simple JSESSIONID and related cookies</description>
396
451
  <example>JSESSIONID=6ooov35i4l3n36qtaf8csvg0;Path=/</example>
397
452
  <example>jsessionid=6nkp66iogcdc92720%2Dc6e4%2D4989%2Db7b2%2D5021624cfdff;Path=/;secure</example>
398
453
  <example>JSESSIONID.c00a9623=v216643eijh19p9duve5srgf;Path=/;HttpOnly</example>
399
454
  </fingerprint>
455
+
400
456
  <fingerprint pattern="(?i)^_?SESSION_?ID\s*=\s*[^;]+;.*$">
401
457
  <description>Ignore simple SESSIONID and related cookies</description>
402
458
  <example>sessionId=7dba3249cfcd4b59854055311099a294; path=/;</example>
@@ -404,8 +460,10 @@
404
460
  <example>sessionId =0VrS6Ro6uC5QPXKgNdqGvyUgUFtUOVwv6OWAEWcWQ3jLRtAk2TVAgAApN9yTWVz;postId=; path=/;</example>
405
461
  <example>_session_id=18b3e173aa11db0533fd01752e81f583; path=/; HttpOnly</example>
406
462
  </fingerprint>
463
+
407
464
  <fingerprint pattern="(?i)^sid=[^;]+;.*$">
408
465
  <description>Ignore simple SID and related cookies</description>
409
466
  <example>sid=sfd10bf73-654458f687aa3c68b3874915f651e0ca;path=/;"</example>
410
467
  </fingerprint>
411
- </fingerprints>
468
+
469
+ </fingerprints>
data/xml/http_servers.xml CHANGED
@@ -1,6 +1,7 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="http_header.server" protocol="http" database_type="service" preference="0.90">
3
3
  <!-- HTTP Server headers are matched against these patterns to fingerprint HTTP servers. -->
4
+
4
5
  <fingerprint pattern="(?i)^AirTunes/([\d\.]+)$">
5
6
  <description>Apple AirTunes/AirPlay, more generally RTSP used by a variety of wireless a/v products</description>
6
7
  <example service.version="220.68">AirTunes/220.68</example>
@@ -9,6 +10,7 @@
9
10
  <param pos="1" name="service.version"/>
10
11
  <param pos="0" name="hw.device" value="Media Server"/>
11
12
  </fingerprint>
13
+
12
14
  <fingerprint pattern="(?i)^cpsrvd(?:/([\d\.]+))?$">
13
15
  <description>cPanel Service Daemon</description>
14
16
  <example service.version="11.44.3.0">cpsrvd/11.44.3.0</example>
@@ -17,16 +19,21 @@
17
19
  <param pos="0" name="service.product" value="cPanel Service Daemon"/>
18
20
  <param pos="1" name="service.version"/>
19
21
  </fingerprint>
22
+
23
+ <!-- CentOS Web Panel is not part of the CentOS project and runs on CentOS,
24
+ RedHat, and CloudLinux.
25
+ -->
26
+
20
27
  <fingerprint pattern="(?i)^cwpsrv$">
21
28
  <description>CentOS Web Panel</description>
22
29
  <example>cwpsrv</example>
23
- <param pos="0" name="service.vendor" value="CentOS"/>
30
+ <param pos="0" name="service.vendor" value="CentOS WebPanel"/>
24
31
  <param pos="0" name="service.product" value="CentOS Web Panel"/>
25
- <param pos="0" name="os.vendor" value="CentOS"/>
32
+ <param pos="0" name="service.cpe23" value="cpe:/a:centos-webpanel:centos_web_panel:-"/>
26
33
  <param pos="0" name="os.family" value="Linux"/>
27
34
  <param pos="0" name="os.product" value="Linux"/>
28
- <param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:-"/>
29
35
  </fingerprint>
36
+
30
37
  <fingerprint pattern="^Stronghold/(\d\.\d) Apache/([012][\d.]*)\s*(.*)$">
31
38
  <description>Red Hat Stronghold Enterprise Apache</description>
32
39
  <example service.version="1.3.19" service.cpe23="cpe:/a:apache:http_server:1.3.19" service.component.cpe23="cpe:/a:redhat:stronghold:3.0">Stronghold/3.0 Apache/1.3.19 RedHat/3014c</example>
@@ -47,6 +54,7 @@
47
54
  <param pos="0" name="os.family" value="Linux"/>
48
55
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:linux:-"/>
49
56
  </fingerprint>
57
+
50
58
  <fingerprint pattern="(?i)^Apache/\d$">
51
59
  <description>Apache returning only its major version number</description>
52
60
  <example>Apache/1</example>
@@ -56,6 +64,17 @@
56
64
  <param pos="0" name="service.family" value="Apache"/>
57
65
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
58
66
  </fingerprint>
67
+
68
+ <fingerprint pattern="^Apache ([\d.]+)$">
69
+ <description>Apache returning just version number</description>
70
+ <example service.version="1.3.29">Apache 1.3.29</example>
71
+ <param pos="0" name="service.vendor" value="Apache"/>
72
+ <param pos="0" name="service.product" value="HTTPD"/>
73
+ <param pos="0" name="service.family" value="Apache"/>
74
+ <param pos="1" name="service.version"/>
75
+ <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:{service.version}"/>
76
+ </fingerprint>
77
+
59
78
  <fingerprint pattern="(?i)^Apache$">
60
79
  <description>Apache returning no version information</description>
61
80
  <example>Apache</example>
@@ -65,6 +84,7 @@
65
84
  <param pos="0" name="service.family" value="Apache"/>
66
85
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
67
86
  </fingerprint>
87
+
68
88
  <fingerprint pattern="(?i)^Apache(?:-AdvancedExtranetServer)?(?:/([012][\d.]*)\s*(.*))?$">
69
89
  <description>Apache</description>
70
90
  <example>Apache-AdvancedExtranetServer/2.0.44 (Mandrake Linux/11mdk) mod_perl/1.99_08 Perl/v5.8.0 mod_ssl/2.0.44 OpenSSL/0.9.7a PHP/4.3.1 mod_jk2/2.0.0</example>
@@ -90,6 +110,7 @@
90
110
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:{service.version}"/>
91
111
  <param pos="2" name="apache.info"/>
92
112
  </fingerprint>
113
+
93
114
  <fingerprint pattern="(?i)^CouchDB/([\.\d]+) .*$">
94
115
  <description>Apache CouchDB</description>
95
116
  <example service.version="2.1.1">CouchDB/2.1.1 (Erlang OTP/20)</example>
@@ -98,11 +119,13 @@
98
119
  <param pos="1" name="service.version"/>
99
120
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:couchdb:{service.version}"/>
100
121
  </fingerprint>
122
+
101
123
  <fingerprint pattern="^support@arraynetworks.net$">
102
124
  <description>Array Networks device</description>
103
125
  <example>support@arraynetworks.net</example>
104
126
  <param pos="0" name="service.vendor" value="Array Networks"/>
105
127
  </fingerprint>
128
+
106
129
  <fingerprint pattern="^Check Point SVN foundation$">
107
130
  <description>Check Point Firewall NG</description>
108
131
  <example>Check Point SVN foundation</example>
@@ -120,6 +143,25 @@
120
143
  <param pos="0" name="hw.family" value="Firewall-1"/>
121
144
  <param pos="0" name="hw.product" value="Firewall-1"/>
122
145
  </fingerprint>
146
+
147
+ <fingerprint pattern="^CPWS$">
148
+ <description>Check Point Firewall NG - short version</description>
149
+ <example>CPWS</example>
150
+ <param pos="0" name="service.vendor" value="Check Point"/>
151
+ <param pos="0" name="service.product" value="Firewall-1"/>
152
+ <param pos="0" name="service.family" value="Firewall-1"/>
153
+ <param pos="0" name="service.cpe23" value="cpe:/a:checkpoint:firewall-1:-"/>
154
+ <param pos="0" name="os.vendor" value="Check Point"/>
155
+ <param pos="0" name="os.device" value="Firewall"/>
156
+ <param pos="0" name="os.family" value="Firewall-1"/>
157
+ <param pos="0" name="os.product" value="GAiA OS"/>
158
+ <param pos="0" name="os.cpe23" value="cpe:/o:checkpoint:gaia_os:-"/>
159
+ <param pos="0" name="hw.vendor" value="Check Point"/>
160
+ <param pos="0" name="hw.device" value="Firewall"/>
161
+ <param pos="0" name="hw.family" value="Firewall-1"/>
162
+ <param pos="0" name="hw.product" value="Firewall-1"/>
163
+ </fingerprint>
164
+
123
165
  <fingerprint pattern="^Microsoft-IIS/([1234]\.0)$">
124
166
  <description>Microsoft IIS 1.0 - 4.0 runs on Windows NT 4.0</description>
125
167
  <example>Microsoft-IIS/4.0</example>
@@ -134,6 +176,7 @@
134
176
  <param pos="0" name="os.version" value="4.0"/>
135
177
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_nt:4.0"/>
136
178
  </fingerprint>
179
+
137
180
  <fingerprint pattern="^Microsoft-IIS/5.0$">
138
181
  <description>Microsoft IIS 5.0 runs on Windows 2000</description>
139
182
  <example>Microsoft-IIS/5.0</example>
@@ -147,6 +190,7 @@
147
190
  <param pos="0" name="os.product" value="Windows 2000"/>
148
191
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
149
192
  </fingerprint>
193
+
150
194
  <fingerprint pattern="^Microsoft-IIS/5.1$">
151
195
  <description>Microsoft IIS 5.1 runs on Windows XP</description>
152
196
  <example>Microsoft-IIS/5.1</example>
@@ -160,6 +204,7 @@
160
204
  <param pos="0" name="os.product" value="Windows XP"/>
161
205
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:-"/>
162
206
  </fingerprint>
207
+
163
208
  <fingerprint pattern="^Microsoft-IIS/6.0$">
164
209
  <description>Microsoft IIS 6.0 runs on Windows Server 2003 (and Windows XP x64)</description>
165
210
  <example>Microsoft-IIS/6.0</example>
@@ -173,6 +218,7 @@
173
218
  <param pos="0" name="os.product" value="Windows Server 2003"/>
174
219
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
175
220
  </fingerprint>
221
+
176
222
  <fingerprint pattern="^Microsoft-IIS/7.0$">
177
223
  <description>Microsoft IIS 7.0 runs on Windows Server 2008 (and Windows Vista)</description>
178
224
  <example>Microsoft-IIS/7.0</example>
@@ -186,6 +232,7 @@
186
232
  <param pos="0" name="os.product" value="Windows Server 2008"/>
187
233
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
188
234
  </fingerprint>
235
+
189
236
  <fingerprint pattern="^Microsoft-IIS/7.5$">
190
237
  <description>Microsoft IIS 7.5 runs on Windows Server 2008 R2 (and Windows 7)</description>
191
238
  <example>Microsoft-IIS/7.5</example>
@@ -199,6 +246,7 @@
199
246
  <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
200
247
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
201
248
  </fingerprint>
249
+
202
250
  <fingerprint pattern="^Microsoft-IIS/8.0$">
203
251
  <description>Microsoft IIS 8.0 runs on Windows Server 2012 (and Windows 8)</description>
204
252
  <example>Microsoft-IIS/8.0</example>
@@ -212,6 +260,7 @@
212
260
  <param pos="0" name="os.product" value="Windows Server 2012"/>
213
261
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
214
262
  </fingerprint>
263
+
215
264
  <fingerprint pattern="^Microsoft-IIS/8.5$">
216
265
  <description>Microsoft IIS 8.5 runs on Windows Server 2012 R2 (and Windows 8.1)</description>
217
266
  <example>Microsoft-IIS/8.5</example>
@@ -225,6 +274,7 @@
225
274
  <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
226
275
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
227
276
  </fingerprint>
277
+
228
278
  <fingerprint pattern="^Microsoft-IIS/10.0$">
229
279
  <description>Microsoft IIS 10.0 runs on Windows Server 2016 and 2019</description>
230
280
  <example>Microsoft-IIS/10.0</example>
@@ -235,8 +285,8 @@
235
285
  <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:10.0"/>
236
286
  <param pos="0" name="os.vendor" value="Microsoft"/>
237
287
  <param pos="0" name="os.family" value="Windows"/>
238
- <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
239
288
  </fingerprint>
289
+
240
290
  <fingerprint pattern="^Microsoft-IIS/([\d\.]+)$">
241
291
  <description>Microsoft IIS new, unknown Windows version</description>
242
292
  <example>Microsoft-IIS/9.0</example>
@@ -246,6 +296,7 @@
246
296
  <param pos="1" name="service.version"/>
247
297
  <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:{service.version}"/>
248
298
  </fingerprint>
299
+
249
300
  <fingerprint pattern="^Microsoft-IIS$">
250
301
  <description>Microsoft IIS, no version information</description>
251
302
  <example>Microsoft-IIS</example>
@@ -256,6 +307,7 @@
256
307
  <param pos="0" name="os.vendor" value="Microsoft"/>
257
308
  <param pos="0" name="os.family" value="Windows"/>
258
309
  </fingerprint>
310
+
259
311
  <fingerprint pattern="^MS .NET Remoting, MS .NET CLR (\d+\.\d+\.\d+\.\d+)$">
260
312
  <description>Microsoft .NET Remoting and Common Language Runtime (CLR)</description>
261
313
  <example>MS .NET Remoting, MS .NET CLR 2.0.50727.42</example>
@@ -271,6 +323,7 @@
271
323
  <param pos="0" name="os.product" value="Windows"/>
272
324
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
273
325
  </fingerprint>
326
+
274
327
  <fingerprint pattern="^Microsoft-WinCE/(\d\.\d+)$">
275
328
  <description>Windows CE embedded devices, including HP iPAQ, Palm Treo, Motorola phones, and many more</description>
276
329
  <example os.version="4.10">Microsoft-WinCE/4.10</example>
@@ -287,6 +340,7 @@
287
340
  <param pos="1" name="os.version"/>
288
341
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:{os.version}"/>
289
342
  </fingerprint>
343
+
290
344
  <fingerprint pattern="^Microsoft-PWS/(\d\.\d+)$">
291
345
  <description>Microsoft Personal Web Server runs on Windows 9x, ME, etc.</description>
292
346
  <example>Microsoft-PWS/4.0</example>
@@ -300,6 +354,7 @@
300
354
  <param pos="0" name="os.product" value="Windows"/>
301
355
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
302
356
  </fingerprint>
357
+
303
358
  <fingerprint pattern="^Microsoft-PWS-95/(\d\.\d+)$">
304
359
  <description>Microsoft Personal Web Server for Windows 95</description>
305
360
  <example>Microsoft-PWS-95/4.0</example>
@@ -313,6 +368,7 @@
313
368
  <param pos="0" name="os.product" value="Windows 95"/>
314
369
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_95:-"/>
315
370
  </fingerprint>
371
+
316
372
  <fingerprint pattern="(?i)^mt-daapd(?:/(.+))?$">
317
373
  <description>Firefly Media Server</description>
318
374
  <example service.version="0.2.4.1">mt-daapd/0.2.4.1</example>
@@ -321,6 +377,7 @@
321
377
  <param pos="0" name="service.product" value="Media Server"/>
322
378
  <param pos="1" name="service.version"/>
323
379
  </fingerprint>
380
+
324
381
  <fingerprint pattern="^Apache[ -]Coyote/(\d\.\d)$">
325
382
  <description>HTTP connector for Apache Tomcat to run as a standalone HTTP server - Coyote variant</description>
326
383
  <example>Apache-Coyote/1.1</example>
@@ -334,6 +391,7 @@
334
391
  <param pos="0" name="service.component.family" value="Coyote"/>
335
392
  <param pos="1" name="service.component.version"/>
336
393
  </fingerprint>
394
+
337
395
  <fingerprint pattern="^Apache Tomcat$">
338
396
  <description>HTTP connector for Apache Tomcat with no version</description>
339
397
  <example>Apache Tomcat</example>
@@ -342,6 +400,7 @@
342
400
  <param pos="0" name="service.family" value="Tomcat"/>
343
401
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:tomcat:-"/>
344
402
  </fingerprint>
403
+
345
404
  <fingerprint pattern="^Servlet [\d\.]+; JBoss-(\S+) \(build: .*\)/Tomcat-(\S+)$">
346
405
  <description>JBoss with embedded Tomcat</description>
347
406
  <example service.version="4.0.4.GA" service.component.version="5.5">Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5</example>
@@ -355,6 +414,7 @@
355
414
  <param pos="2" name="service.component.version"/>
356
415
  <param pos="0" name="service.component.cpe23" value="cpe:/a:apache:tomcat:{service.component.version}"/>
357
416
  </fingerprint>
417
+
358
418
  <fingerprint pattern="^Servlet [\d\.]+; Tomcat-(\S+)/JBoss-(\S+) \(build: .*\)$">
359
419
  <description>JBoss with embedded Tomcat - Tomcat build variant</description>
360
420
  <example service.version="4.0.1sp1" service.component.version="5.0.28">Servlet 2.4; Tomcat-5.0.28/JBoss-4.0.1sp1 (build: CVSTag=JBoss_4_0_1_SP1 date=200502160314)</example>
@@ -368,6 +428,7 @@
368
428
  <param pos="1" name="service.component.version"/>
369
429
  <param pos="0" name="service.component.cpe23" value="cpe:/a:apache:tomcat:{service.component.version}"/>
370
430
  </fingerprint>
431
+
371
432
  <fingerprint pattern="^Servlet [\d\.]+; JBoss-([\S]+)(?: \(build.*)?/JBossWeb-(\S+)$">
372
433
  <description>JBoss with JBossweb</description>
373
434
  <example service.version="4.2.3.GA" service.component.version="2.0">Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181439)/JBossWeb-2.0</example>
@@ -376,10 +437,12 @@
376
437
  <param pos="0" name="service.product" value="JBoss EAP"/>
377
438
  <param pos="1" name="service.version"/>
378
439
  <param pos="0" name="service.cpe23" value="cpe:/a:redhat:jboss_enterprise_application_platform:{service.version}"/>
379
- <param pos="0" name="service.component.vendor" value="RedHat"/>
440
+ <param pos="0" name="service.component.vendor" value="Red Hat"/>
380
441
  <param pos="0" name="service.component.product" value="JBossWeb"/>
381
442
  <param pos="2" name="service.component.version"/>
443
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:redhat:jboss_web_framework_kit:{service.component.version}"/>
382
444
  </fingerprint>
445
+
383
446
  <fingerprint pattern="^Servlet\/[\d\.]+; JBossAS-(.*)$">
384
447
  <description>JBoss AS</description>
385
448
  <example service.version="6">Servlet/3.0; JBossAS-6</example>
@@ -388,6 +451,7 @@
388
451
  <param pos="1" name="service.version"/>
389
452
  <param pos="0" name="service.cpe23" value="cpe:/a:redhat:jboss_wildfly_application_server:{service.version}"/>
390
453
  </fingerprint>
454
+
391
455
  <fingerprint pattern="^JBoss-EAP\/(\d+)$">
392
456
  <description>JBoss EAP</description>
393
457
  <example service.version="7">JBoss-EAP/7</example>
@@ -397,6 +461,7 @@
397
461
  <param pos="1" name="service.version"/>
398
462
  <param pos="0" name="service.cpe23" value="cpe:/a:redhat:jboss_enterprise_application_platform:{service.version}"/>
399
463
  </fingerprint>
464
+
400
465
  <fingerprint pattern="^Apache Tomcat/(\d\.[\d.]+)(?:-LE-jdk14)? \(HTTP/1.1 Connector\)$">
401
466
  <description>HTTP connector for Apache Tomcat to run as a standalone HTTP server - Apache variant</description>
402
467
  <example service.version="4.0.6">Apache Tomcat/4.0.6 (HTTP/1.1 Connector)</example>
@@ -411,6 +476,7 @@
411
476
  <param pos="0" name="service.component.family" value="Apache Tomcat HTTP Connector"/>
412
477
  <param pos="0" name="service.component.product" value="Apache Tomcat HTTP Connector"/>
413
478
  </fingerprint>
479
+
414
480
  <fingerprint pattern="^Tomcat Web Server/(\d\.[\dA-Z.]+)(?: Final)?(?:\s\(([^\)]+)\))?$">
415
481
  <description>HTTP connector for Apache Tomcat to run as a standalone HTTP server</description>
416
482
  <example>Tomcat Web Server/3.2.2 (JSP 1.1; Servlet 2.2; Java 1.3.1; Windows 2000 5.0 x86; java.vendor=Sun Microsystems Inc.)</example>
@@ -424,15 +490,18 @@
424
490
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:tomcat:{service.version}"/>
425
491
  <param pos="2" name="tomcat.info"/>
426
492
  </fingerprint>
427
- <fingerprint pattern="^Tomcat/(\S+)$">
428
- <description>Apache tomcat with minimal version information</description>
429
- <example>Tomcat/2.1</example>
493
+
494
+ <fingerprint pattern="^(?:Apache )?Tomcat/([\d.]+)$">
495
+ <description>Apache Tomcat with version information</description>
496
+ <example service.version="2.1">Tomcat/2.1</example>
497
+ <example service.version="9.0.5">Apache Tomcat/9.0.5</example>
430
498
  <param pos="0" name="service.vendor" value="Apache"/>
431
499
  <param pos="0" name="service.product" value="Tomcat"/>
432
500
  <param pos="0" name="service.family" value="Tomcat"/>
433
501
  <param pos="1" name="service.version"/>
434
502
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:tomcat:{service.version}"/>
435
503
  </fingerprint>
504
+
436
505
  <fingerprint pattern="^PDR-M800/1.0$">
437
506
  <description>Merit LILIN PDR M800</description>
438
507
  <example>PDR-M800/1.0</example>
@@ -440,6 +509,7 @@
440
509
  <param pos="0" name="hw.product" value="PDR M800"/>
441
510
  <param pos="0" name="hw.device" value="DVR"/>
442
511
  </fingerprint>
512
+
443
513
  <fingerprint pattern="^PHP/(\S+)$">
444
514
  <description>PHP</description>
445
515
  <example service.component.version="4.4.2-1build1">PHP/4.4.2-1build1</example>
@@ -447,13 +517,16 @@
447
517
  <param pos="0" name="service.component.product" value="PHP"/>
448
518
  <param pos="1" name="service.component.version"/>
449
519
  </fingerprint>
520
+
450
521
  <!-- TODO: Capture ZendServer version in fingerprint -->
522
+
451
523
  <fingerprint pattern="^PHP/(\S+)\s+ZendServer/\S+$">
452
524
  <description>PHP with ZendServer</description>
453
525
  <example service.component.version="5.3.14">PHP/5.3.14 ZendServer/5.0</example>
454
526
  <param pos="0" name="service.component.product" value="PHP"/>
455
527
  <param pos="1" name="service.component.version"/>
456
528
  </fingerprint>
529
+
457
530
  <fingerprint pattern="^Oracle Application Server Containers for J2EE 10g \(([\d.]+)\)$">
458
531
  <description>Oracle Application Server Containers for J2EE 10g</description>
459
532
  <example>Oracle Application Server Containers for J2EE 10g (9.0.4.0.0)</example>
@@ -462,6 +535,7 @@
462
535
  <param pos="0" name="service.family" value="Oracle"/>
463
536
  <param pos="1" name="service.version"/>
464
537
  </fingerprint>
538
+
465
539
  <fingerprint pattern="^Oracle Containers for J2EE$">
466
540
  <description>Oracle Application Server Containers for J2EE</description>
467
541
  <example>Oracle Containers for J2EE</example>
@@ -469,6 +543,7 @@
469
543
  <param pos="0" name="service.product" value="Oracle Application Server Containers"/>
470
544
  <param pos="0" name="service.family" value="Oracle"/>
471
545
  </fingerprint>
546
+
472
547
  <fingerprint pattern="^Oracle Application Server/10g \(([\d.]+)\) Apache/([12][\d.]+)\s*(.*)$">
473
548
  <description>Oracle Application Server 10g with Apache info (powered by Apache)</description>
474
549
  <example>Oracle Application Server/10g (10.1.2) Apache/1.3.34 (Unix) mod_perl/1.29 mod_jk/1.2.14 OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=119642322340,0)</example>
@@ -481,7 +556,9 @@
481
556
  <param pos="0" name="apache.variant" value="Oracle"/>
482
557
  <param pos="1" name="apache.variant.version"/>
483
558
  </fingerprint>
559
+
484
560
  <!-- TODO: this needs to be improved -->
561
+
485
562
  <fingerprint pattern="^Oracle-Application-Server-\d+[ig](?:[ /]([\d.]+) (?:\(.*\)|Oracle-HTTP-Server\s*(.*)))?$">
486
563
  <description>Oracle Application Server 10g (powered by Apache)</description>
487
564
  <example>Oracle-Application-Server-11g</example>
@@ -498,6 +575,7 @@
498
575
  <param pos="0" name="apache.variant" value="Oracle"/>
499
576
  <param pos="1" name="apache.variant.version"/>
500
577
  </fingerprint>
578
+
501
579
  <fingerprint pattern="^Oracle9iAS/([\d.]+) Oracle HTTP Server\s*(.*)$">
502
580
  <description>Oracle 9i Application Server</description>
503
581
  <example>Oracle9iAS/9.0.2.3.0 Oracle HTTP Server Oracle9iAS-Web-Cache/9.0.2.3.0 (N)</example>
@@ -510,6 +588,7 @@
510
588
  <param pos="0" name="apache.variant" value="Oracle"/>
511
589
  <param pos="1" name="apache.variant.version"/>
512
590
  </fingerprint>
591
+
513
592
  <fingerprint pattern="^Oracle HTTP Server Powered by Apache/([12][\d.]*)\s*(.*)$">
514
593
  <description>Oracle HTTP Server (powered by Apache) - version string variant</description>
515
594
  <example>Oracle HTTP Server Powered by Apache/1.3.12 (Unix) ApacheJServ/1.1 mod_ssl/2.6.4 OpenSSL/0.9.5a</example>
@@ -523,6 +602,7 @@
523
602
  <param pos="2" name="apache.info"/>
524
603
  <param pos="0" name="apache.variant" value="Oracle"/>
525
604
  </fingerprint>
605
+
526
606
  <fingerprint pattern="^Oracle HTTP Server Powered by Apache$">
527
607
  <description>Oracle HTTP Server (powered by Apache)</description>
528
608
  <example>Oracle HTTP Server Powered by Apache</example>
@@ -532,6 +612,25 @@
532
612
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
533
613
  <param pos="0" name="apache.variant" value="Oracle"/>
534
614
  </fingerprint>
615
+
616
+ <fingerprint pattern="^Oracle-Web-Cache-11g/([\d.]+) \(N;ecid=[^)]+\)$">
617
+ <description>Oracle Web Cache</description>
618
+ <example service.version="11.1.1.9.0">Oracle-Web-Cache-11g/11.1.1.9.0 (N;ecid=93620137613024,0:1)</example>
619
+ <param pos="0" name="service.vendor" value="Oracle"/>
620
+ <param pos="0" name="service.product" value="Web Cache"/>
621
+ <param pos="1" name="service.version"/>
622
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:web_cache:{service.version}"/>
623
+ </fingerprint>
624
+
625
+ <fingerprint pattern="^OracleAS-Web-Cache-10g/([\d.]+).*">
626
+ <description>Oracle Application Server Web Cache</description>
627
+ <example service.version="10.1.2.3.0">OracleAS-Web-Cache-10g/10.1.2.3.0</example>
628
+ <param pos="0" name="service.vendor" value="Oracle"/>
629
+ <param pos="0" name="service.product" value="Application Server Web Cache"/>
630
+ <param pos="1" name="service.version"/>
631
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:application_server_web_cache:{service.version}"/>
632
+ </fingerprint>
633
+
535
634
  <fingerprint pattern="^HP Apache-based Web Server/([012][\d.]*)\s*\(Unix\)\s*(.*)$">
536
635
  <description>Apache running on HP-UX</description>
537
636
  <example>HP Apache-based Web Server/1.3.26 (Unix) mod_ssl/2.8.9 OpenSSL/0.9.6c</example>
@@ -548,6 +647,7 @@
548
647
  <param pos="0" name="os.product" value="HP-UX"/>
549
648
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
550
649
  </fingerprint>
650
+
551
651
  <fingerprint pattern="^CompaqHTTPServer/([0-9.]*)(?: HP System Management Homepage(?:/.*)?)?$">
552
652
  <description>HP/Compaq HTTP Server</description>
553
653
  <example>CompaqHTTPServer/9.9 HP System Management Homepage/2.1.5.146</example>
@@ -560,6 +660,7 @@
560
660
  <param pos="0" name="service.family" value="Compaq HTTP Server"/>
561
661
  <param pos="1" name="service.version"/>
562
662
  </fingerprint>
663
+
563
664
  <fingerprint pattern="^HPSMH$">
564
665
  <description>HP System Management Homepage (SMH)</description>
565
666
  <example>HPSMH</example>
@@ -567,6 +668,7 @@
567
668
  <param pos="0" name="service.family" value="SMH"/>
568
669
  <param pos="0" name="service.product" value="SMH"/>
569
670
  </fingerprint>
671
+
570
672
  <fingerprint pattern="(?i)^eHTTP[/ ]v?(\d+\.\d+)">
571
673
  <description>HTTP Server present on seemingly only HP ProCurve network devices</description>
572
674
  <example service.version="1.1">EHTTP/1.1</example>
@@ -579,6 +681,7 @@
579
681
  <param pos="0" name="os.family" value="ProCurve"/>
580
682
  <param pos="0" name="os.certainty" value="0.75"/>
581
683
  </fingerprint>
684
+
582
685
  <fingerprint pattern="^(?:BBC \d+\.\d+\.\d+\.?\d*; )?(?:com.hp.openview.)?[c|C]oda (\d+\.\d+\.\d+\.?\d*)$">
583
686
  <description>HP Openview Coda (Communications Daemon)</description>
584
687
  <example service.component.version="0.0.1">com.hp.openview.Coda 0.0.1</example>
@@ -593,6 +696,7 @@
593
696
  <param pos="0" name="service.component.product" value="CODA"/>
594
697
  <param pos="1" name="service.component.version"/>
595
698
  </fingerprint>
699
+
596
700
  <fingerprint pattern="^BBC \d+\.\d+\.\d+\.?\d*; ovbbcrcp (\d+\.\d+\.\d+\.?\d*)$">
597
701
  <description>OpenView Reverse Channel Proxy (RCP)</description>
598
702
  <example service.component.version="11.00.044">BBC 11.00.044; ovbbcrcp 11.00.044</example>
@@ -605,6 +709,7 @@
605
709
  <param pos="0" name="service.component.product" value="Reverse Channel Proxy"/>
606
710
  <param pos="1" name="service.component.version"/>
607
711
  </fingerprint>
712
+
608
713
  <fingerprint pattern="^(?:BBC \d+\.\d+\.\d+\.?\d*; )?com.hp.openview.bbc.LLBServer (\d+\.\d+\.\d+\.?\d*)$">
609
714
  <description>HP Openview LLBServer (Local Location Broker)</description>
610
715
  <example service.component.version="2.6.8.1">com.hp.openview.bbc.LLBServer 2.6.8.1</example>
@@ -618,6 +723,7 @@
618
723
  <param pos="0" name="service.component.product" value="LLBServer"/>
619
724
  <param pos="1" name="service.component.version"/>
620
725
  </fingerprint>
726
+
621
727
  <fingerprint pattern="^BBC \d+\.\d+\.\d+; ovbbccb (\d+\.\d+\.\d+)$">
622
728
  <description>OpenView Communication Broker (ovbbccb)</description>
623
729
  <example service.component.version="06.00.083">BBC 06.00.083; ovbbccb 06.00.083</example>
@@ -631,6 +737,7 @@
631
737
  <param pos="0" name="service.component.product" value="Communication Broker"/>
632
738
  <param pos="1" name="service.component.version"/>
633
739
  </fingerprint>
740
+
634
741
  <fingerprint pattern="^BBC \d+\.\d+\.\d+; ovbbccb unknown version$">
635
742
  <description>OpenView Communication Broker (ovbbccb) with no version</description>
636
743
  <example>BBC 11.13.007; ovbbccb unknown version</example>
@@ -642,6 +749,7 @@
642
749
  <param pos="0" name="service.component.family" value="OpenView"/>
643
750
  <param pos="0" name="service.component.product" value="Communication Broker"/>
644
751
  </fingerprint>
752
+
645
753
  <fingerprint pattern="^UOS$">
646
754
  <description>HTTP Server that appears unique to Managment Console on HP TippingPoint IPS Devices</description>
647
755
  <example>UOS</example>
@@ -655,6 +763,7 @@
655
763
  <param pos="0" name="hw.family" value="TippingPoint"/>
656
764
  <param pos="0" name="hw.device" value="IPS"/>
657
765
  </fingerprint>
766
+
658
767
  <fingerprint pattern="^uc-httpd[ \/]([\d.]+)$">
659
768
  <description>Xiongmai Tech uc-httpd</description>
660
769
  <example service.version="1.0.0">uc-httpd 1.0.0</example>
@@ -663,6 +772,7 @@
663
772
  <param pos="0" name="service.product" value="uc-httpd"/>
664
773
  <param pos="1" name="service.version"/>
665
774
  </fingerprint>
775
+
666
776
  <fingerprint pattern="^micro_httpd$">
667
777
  <description>ACME micro_httpd</description>
668
778
  <example>micro_httpd</example>
@@ -670,6 +780,7 @@
670
780
  <param pos="0" name="service.product" value="micro_httpd"/>
671
781
  <param pos="0" name="service.cpe23" value="cpe:/a:acme:micro_httpd:-"/>
672
782
  </fingerprint>
783
+
673
784
  <fingerprint pattern="^mini_httpd$">
674
785
  <description>ACME mini_httpd</description>
675
786
  <example>mini_httpd</example>
@@ -677,6 +788,7 @@
677
788
  <param pos="0" name="service.product" value="mini_httpd"/>
678
789
  <param pos="0" name="service.cpe23" value="cpe:/a:acme:mini_httpd:-"/>
679
790
  </fingerprint>
791
+
680
792
  <fingerprint pattern="^LiteSpeed\/?(:?[\d.]+)?(?: \S+)?">
681
793
  <description>LiteSpeed</description>
682
794
  <example>LiteSpeed</example>
@@ -684,7 +796,9 @@
684
796
  <param pos="0" name="service.vendor" value="LiteSpeed Technologies"/>
685
797
  <param pos="0" name="service.product" value="LiteSpeed Web Server"/>
686
798
  <param pos="1" name="service.version"/>
799
+ <param pos="0" name="service.cpe23" value="cpe:/a:litespeedtech:litespeed_web_server:{service.version}"/>
687
800
  </fingerprint>
801
+
688
802
  <fingerprint pattern="^IdeaWebServer\/v?([\d.]+)$">
689
803
  <description>Idea Web Server</description>
690
804
  <example service.version="0.83.74">IdeaWebServer/0.83.74</example>
@@ -693,6 +807,7 @@
693
807
  <param pos="0" name="service.product" value="Idea Web Server"/>
694
808
  <param pos="1" name="service.version"/>
695
809
  </fingerprint>
810
+
696
811
  <fingerprint pattern="^openresty\/?(:?[\d.]+)?$">
697
812
  <description>OpenResty OpenResty</description>
698
813
  <example>openresty</example>
@@ -700,22 +815,47 @@
700
815
  <param pos="0" name="service.vendor" value="OpenResty"/>
701
816
  <param pos="0" name="service.product" value="OpenResty"/>
702
817
  <param pos="1" name="service.version"/>
818
+ <param pos="0" name="service.cpe23" value="cpe:/a:openresty:openresty:{service.version}"/>
703
819
  </fingerprint>
820
+
704
821
  <fingerprint pattern="^gunicorn\/([\d.]+)+$">
705
822
  <description>Gunicorn Gunicorn</description>
706
823
  <example service.version="19.7.1">gunicorn/19.7.1</example>
707
824
  <param pos="0" name="service.vendor" value="Gunicorn"/>
708
825
  <param pos="0" name="service.product" value="Gunicorn"/>
709
826
  <param pos="1" name="service.version"/>
827
+ <param pos="0" name="service.cpe23" value="cpe:/a:gunicorn:gunicorn:{service.version}"/>
710
828
  </fingerprint>
829
+
711
830
  <fingerprint pattern="^Serv-U\/([\d.]+)$">
712
831
  <description>Serv-U HTTP interface</description>
713
832
  <example service.version="15.1.6.31">Serv-U/15.1.6.31</example>
714
833
  <param pos="0" name="service.vendor" value="SolarWinds"/>
715
834
  <param pos="0" name="service.family" value="Serv-U"/>
716
- <param pos="0" name="service.product" value="FTP Server"/>
835
+ <param pos="0" name="service.product" value="Serv-U FTP Server"/>
717
836
  <param pos="1" name="service.version"/>
837
+ <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
838
+ </fingerprint>
839
+
840
+ <fingerprint pattern="^Wing FTP Server/([\d.]+)\([^)]*\)$">
841
+ <description>Wing FTP HTTP interface - with version</description>
842
+ <example service.version="3.6.0">Wing FTP Server/3.6.0(customer name here)</example>
843
+ <param pos="0" name="service.vendor" value="WFTPServer"/>
844
+ <param pos="0" name="service.family" value="Wing FTP"/>
845
+ <param pos="0" name="service.product" value="Wing FTP Server"/>
846
+ <param pos="1" name="service.version"/>
847
+ <param pos="0" name="service.cpe23" value="cpe:/a:wftpserver:wing_ftp_server:{service.version}"/>
848
+ </fingerprint>
849
+
850
+ <fingerprint pattern="^Wing FTP Server\([^)]*\)$">
851
+ <description>Wing FTP HTTP interface - no version</description>
852
+ <example>Wing FTP Server(customer name here)</example>
853
+ <param pos="0" name="service.vendor" value="WFTPServer"/>
854
+ <param pos="0" name="service.family" value="Wing FTP"/>
855
+ <param pos="0" name="service.product" value="Wing FTP Server"/>
856
+ <param pos="0" name="service.cpe23" value="cpe:/a:wftpserver:wing_ftp_server:-"/>
718
857
  </fingerprint>
858
+
719
859
  <fingerprint pattern="^(?i)Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \((BR\d+)\)$">
720
860
  <description>Sonos Bridge/ZoneBridge</description>
721
861
  <example hw.model="BR100" hw.version="47.2-59120">Linux UPnP/1.0 Sonos/47.2-59120 (BR100)</example>
@@ -726,6 +866,7 @@
726
866
  <param pos="2" name="hw.model"/>
727
867
  <param pos="0" name="os.product" value="Linux"/>
728
868
  </fingerprint>
869
+
729
870
  <fingerprint pattern="^(?i)Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \(ANVIL\)$">
730
871
  <description>Sonos Subwoofer Speaker</description>
731
872
  <example>Linux UPnP/1.0 Sonos/31.3-22220 (ANVIL)</example>
@@ -735,6 +876,7 @@
735
876
  <param pos="1" name="hw.version"/>
736
877
  <param pos="0" name="os.product" value="Linux"/>
737
878
  </fingerprint>
879
+
738
880
  <fingerprint pattern="(?i)^Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \(ZP(S?\d+)\)$">
739
881
  <description>Sonos PLAY/ZonePlayer wireless speaker</description>
740
882
  <example hw.model="S1" hw.version="39.2-47040c">Linux UPnP/1.0 Sonos/39.2-47040c (ZPS1)</example>
@@ -747,6 +889,7 @@
747
889
  <param pos="2" name="hw.model"/>
748
890
  <param pos="0" name="os.product" value="Linux"/>
749
891
  </fingerprint>
892
+
750
893
  <fingerprint pattern="(?i)^Linux UPnP/1.0 Sonos/([\d\.\-a-z]+) \(WD(\d+)\)$">
751
894
  <description>Sonos Wireless Dock</description>
752
895
  <example hw.model="100" hw.version="36.4-41270">Linux UPnP/1.0 Sonos/36.4-41270 (WD100)</example>
@@ -757,6 +900,7 @@
757
900
  <param pos="2" name="hw.model"/>
758
901
  <param pos="0" name="os.product" value="Linux"/>
759
902
  </fingerprint>
903
+
760
904
  <fingerprint pattern="^Varnish(?:[- ]Cache)?$">
761
905
  <description>Varnish Cache</description>
762
906
  <example>Varnish</example>
@@ -766,6 +910,7 @@
766
910
  <param pos="0" name="service.product" value="Varnish"/>
767
911
  <param pos="0" name="service.cpe23" value="cpe:/a:varnish-cache:varnish:-"/>
768
912
  </fingerprint>
913
+
769
914
  <fingerprint pattern="^Tengine\/?(:?[\d.]+)?$">
770
915
  <description>Tengine</description>
771
916
  <example>Tengine</example>
@@ -775,6 +920,7 @@
775
920
  <param pos="0" name="service.product" value="Tengine"/>
776
921
  <param pos="1" name="service.version"/>
777
922
  </fingerprint>
923
+
778
924
  <fingerprint pattern="^Mikrotik HttpProxy$">
779
925
  <description>MikroTik RouterOS - Proxy service</description>
780
926
  <example>Mikrotik HttpProxy</example>
@@ -787,6 +933,7 @@
787
933
  <param pos="0" name="hw.vendor" value="MikroTik"/>
788
934
  <param pos="0" name="hw.device" value="Router"/>
789
935
  </fingerprint>
936
+
790
937
  <fingerprint pattern="^Helix Server Version ([0-9.]*) \(win32\) \(RealServer compatible\)$">
791
938
  <description>RealMedia Helix Server - Windows</description>
792
939
  <example>Helix Server Version 9.0.4.960 (win32) (RealServer compatible)</example>
@@ -799,6 +946,7 @@
799
946
  <param pos="0" name="service.family" value="Helix Server"/>
800
947
  <param pos="1" name="service.version"/>
801
948
  </fingerprint>
949
+
802
950
  <fingerprint pattern="^Helix Server Version ([0-9.]*) \(linux-\S+\) \(RealServer compatible\)$">
803
951
  <description>RealMedia Helix Server - Linux</description>
804
952
  <example>Helix Server Version 9.0.4.960 (linux-2.2-libc6-i586-server) (RealServer compatible)</example>
@@ -809,6 +957,7 @@
809
957
  <param pos="0" name="service.family" value="Helix Server"/>
810
958
  <param pos="1" name="service.version"/>
811
959
  </fingerprint>
960
+
812
961
  <fingerprint pattern="^ReeCam IP Camera$">
813
962
  <description>Shenzhen ReeCam cameras</description>
814
963
  <example>ReeCam IP Camera</example>
@@ -816,12 +965,14 @@
816
965
  <param pos="0" name="hw.product" value="ReeCam"/>
817
966
  <param pos="0" name="hw.device" value="Web cam"/>
818
967
  </fingerprint>
968
+
819
969
  <fingerprint pattern="^Netwave IP Camera$">
820
970
  <description>Netwave cameras</description>
821
971
  <example>Netwave IP Camera</example>
822
972
  <param pos="0" name="hw.vendor" value="Netwave"/>
823
973
  <param pos="0" name="hw.device" value="Web cam"/>
824
974
  </fingerprint>
975
+
825
976
  <fingerprint pattern="^Cougar/([0-9.]*)$">
826
977
  <description>Windows Media Services (older versions)</description>
827
978
  <example>Cougar/9.01.01.3841</example>
@@ -834,6 +985,7 @@
834
985
  <param pos="0" name="service.family" value="Windows Media Services"/>
835
986
  <param pos="1" name="service.version"/>
836
987
  </fingerprint>
988
+
837
989
  <fingerprint pattern="^WMServer/([0-9.]*)$">
838
990
  <description>Windows Media Services (newer versions)</description>
839
991
  <example>WMServer/9.1.1.3841</example>
@@ -846,6 +998,7 @@
846
998
  <param pos="0" name="service.family" value="Windows Media Services"/>
847
999
  <param pos="1" name="service.version"/>
848
1000
  </fingerprint>
1001
+
849
1002
  <fingerprint pattern="^Microsoft-HTTPAPI/(?:[0-9\.]*)$">
850
1003
  <description>Generic Microsoft HTTP service</description>
851
1004
  <example>Microsoft-HTTPAPI/2.0</example>
@@ -854,6 +1007,7 @@
854
1007
  <param pos="0" name="os.product" value="Windows"/>
855
1008
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
856
1009
  </fingerprint>
1010
+
857
1011
  <fingerprint pattern="(?i)^(?:(?:Cube|(?:Mini )?Dome|Day/Night|PAN/?Tilt|POE|IR|HD|H.264|Surveillance|With|Wired|Wireless(?: N)?|Network|Internet|(?:IP(?:[\s_-])?)?Cameras?[\s_]*\d*) ?){1,5}?(?: Login)?$">
858
1012
  <description>Generic IP Cameras</description>
859
1013
  <example>camera</example>
@@ -861,6 +1015,7 @@
861
1015
  <example>Mini Dome IP Camera</example>
862
1016
  <param pos="0" name="hw.device" value="Web cam"/>
863
1017
  </fingerprint>
1018
+
864
1019
  <fingerprint pattern="^ASP.NET$">
865
1020
  <description>Something written in ASP.NET</description>
866
1021
  <example>ASP.NET</example>
@@ -870,6 +1025,7 @@
870
1025
  <param pos="0" name="os.certainty" value="0.6"/>
871
1026
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
872
1027
  </fingerprint>
1028
+
873
1029
  <fingerprint pattern="^[Xx]itami$">
874
1030
  <description>Xitami web server</description>
875
1031
  <example>Xitami</example>
@@ -877,6 +1033,7 @@
877
1033
  <param pos="0" name="service.product" value="HTTP"/>
878
1034
  <param pos="0" name="service.family" value="Webserver"/>
879
1035
  </fingerprint>
1036
+
880
1037
  <fingerprint pattern="^VCS-VIDOS-NVR$">
881
1038
  <description>Bosch VCS VIDOS-NVR network video recorder</description>
882
1039
  <example>VCS-VIDOS-NVR</example>
@@ -886,12 +1043,14 @@
886
1043
  <param pos="0" name="hw.vendor" value="Bosch"/>
887
1044
  <param pos="0" name="hw.device" value="DVR"/>
888
1045
  </fingerprint>
1046
+
889
1047
  <fingerprint pattern="^FUHO-DVR$">
890
1048
  <description>FUHO Surveillance/DVR</description>
891
1049
  <example>FUHO-DVR</example>
892
1050
  <param pos="0" name="hw.vendor" value="FUHO"/>
893
1051
  <param pos="0" name="hw.device" value="DVR"/>
894
1052
  </fingerprint>
1053
+
895
1054
  <fingerprint pattern="^HeiTel GmbH Web Server \[\S+\]$">
896
1055
  <description>HeiTel Digital Video Recorder</description>
897
1056
  <example>HeiTel GmbH Web Server [V1.15/V1.14/V1.3]</example>
@@ -901,6 +1060,7 @@
901
1060
  <param pos="0" name="hw.vendor" value="HeiTel"/>
902
1061
  <param pos="0" name="hw.device" value="DVR"/>
903
1062
  </fingerprint>
1063
+
904
1064
  <fingerprint pattern="^MiniServ/([0-9.]*)$">
905
1065
  <description>mini_httpd</description>
906
1066
  <example>MiniServ/0.01</example>
@@ -908,6 +1068,7 @@
908
1068
  <param pos="0" name="service.family" value="WebServer"/>
909
1069
  <param pos="1" name="service.version"/>
910
1070
  </fingerprint>
1071
+
911
1072
  <fingerprint pattern="^IBM HTTP Server/(V\d+R\d+M\d+)$">
912
1073
  <description>IBM HTTP server running on AS/400</description>
913
1074
  <example>IBM HTTP Server/V5R3M0</example>
@@ -920,7 +1081,9 @@
920
1081
  <param pos="0" name="os.family" value="OS/400"/>
921
1082
  <param pos="0" name="os.product" value="OS/400"/>
922
1083
  <param pos="1" name="os.version"/>
1084
+ <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:{os.version}"/>
923
1085
  </fingerprint>
1086
+
924
1087
  <fingerprint pattern="^(?:IBM_HTTP_Server|IBM_HTTP_SERVER)/([\w.-]+)\s+Apache/([12][\d.]+)\s*(.*)$">
925
1088
  <description>IBM HTTP Server</description>
926
1089
  <example>IBM_HTTP_SERVER/1.3.19.2 Apache/1.3.20 (Win32)</example>
@@ -942,6 +1105,7 @@
942
1105
  <param pos="0" name="apache.variant" value="IBM"/>
943
1106
  <param pos="1" name="apache.variant.version"/>
944
1107
  </fingerprint>
1108
+
945
1109
  <fingerprint pattern="(?i)^(?:IBM_HTTP_SERVER|IBM-HTTP-SERVER)/(\S+)(?: \(\S+\))?$">
946
1110
  <description>IBM HTTP Server with hardly useful version info</description>
947
1111
  <example>IBM-HTTP-Server/1.0</example>
@@ -953,6 +1117,7 @@
953
1117
  <param pos="0" name="apache.variant" value="IBM"/>
954
1118
  <param pos="1" name="apache.variant.version"/>
955
1119
  </fingerprint>
1120
+
956
1121
  <fingerprint pattern="(?i)^(?:IBM_HTTP_SERVER|IBM-HTTP-SERVER)$">
957
1122
  <description>IBM HTTP Server with no version info</description>
958
1123
  <example>IBM_HTTP_SERVER</example>
@@ -963,9 +1128,11 @@
963
1128
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
964
1129
  <param pos="0" name="apache.variant" value="IBM"/>
965
1130
  </fingerprint>
1131
+
966
1132
  <!--
967
1133
  Netscape/Sun's Application Server
968
1134
  -->
1135
+
969
1136
  <fingerprint pattern="^Sun[ -]Java[ -]System[ /]Application[ -]Server( \d\.[\d_]+)?$">
970
1137
  <description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
971
1138
  <example>Sun-Java-System/Application-Server</example>
@@ -975,6 +1142,7 @@
975
1142
  <param pos="1" name="service.version"/>
976
1143
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_application_server:{service.version}"/>
977
1144
  </fingerprint>
1145
+
978
1146
  <fingerprint pattern="^Sun[ -]Java[ -]System[ /]Application[ -]Server Platform Edition (\d\.[\d_]+)?$">
979
1147
  <description>Sun Java System Application Server Platform Edition(formerly iPlanet Application Server, Sun ONE Application Server)</description>
980
1148
  <example>Sun Java System Application Server Platform Edition 9.0</example>
@@ -984,22 +1152,46 @@
984
1152
  <param pos="0" name="service.product" value="Java System Application Server Platform Edition"/>
985
1153
  <param pos="1" name="service.version"/>
986
1154
  </fingerprint>
1155
+
987
1156
  <fingerprint pattern="^Sun GlassFish Enterprise Server v(\S+)$">
988
1157
  <description>Glassfish with version information</description>
989
- <example>Sun GlassFish Enterprise Server v2.1</example>
990
- <param pos="0" name="service.vendor" value="Sun"/>
991
- <param pos="0" name="service.product" value="GlassFish"/>
1158
+ <example service.version="2.1">Sun GlassFish Enterprise Server v2.1</example>
1159
+ <param pos="0" name="service.vendor" value="Oracle"/>
1160
+ <param pos="0" name="service.product" value="GlassFish Server"/>
1161
+ <param pos="1" name="service.version"/>
1162
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:glassfish_server:{service.version}"/>
1163
+ </fingerprint>
1164
+
1165
+ <fingerprint pattern="^GlassFish Server Open Source Edition\s+(\S+)$">
1166
+ <description>Glassfish Open Source Edition with version information</description>
1167
+ <example service.version="4.1.2">GlassFish Server Open Source Edition 4.1.2</example>
1168
+ <example service.version="3.1.2.2">GlassFish Server Open Source Edition 3.1.2.2</example>
1169
+ <param pos="0" name="service.vendor" value="Oracle"/>
1170
+ <param pos="0" name="service.product" value="GlassFish Server"/>
1171
+ <param pos="1" name="service.version"/>
1172
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:glassfish_server:{service.version}"/>
1173
+ </fingerprint>
1174
+
1175
+ <fingerprint pattern="^Oracle GlassFish Server ([\d.]+)$">
1176
+ <description>Oracle GlassFish Server</description>
1177
+ <example service.version="3.1.2.14">Oracle GlassFish Server 3.1.2.14</example>
1178
+ <param pos="0" name="service.vendor" value="Oracle"/>
1179
+ <param pos="0" name="service.product" value="GlassFish Server"/>
992
1180
  <param pos="1" name="service.version"/>
1181
+ <param pos="0" name="service.cpe23" value="cpe:/a:oracle:glassfish_server:{service.version}"/>
993
1182
  </fingerprint>
1183
+
994
1184
  <fingerprint pattern="^GlassFish$">
995
1185
  <description>Glassfish without version information</description>
996
1186
  <example>GlassFish</example>
997
1187
  <param pos="0" name="service.vendor" value="Sun"/>
998
- <param pos="0" name="service.product" value="GlassFish"/>
1188
+ <param pos="0" name="service.product" value="GlassFish Server"/>
999
1189
  </fingerprint>
1190
+
1000
1191
  <!--
1001
1192
  Netscape/Sun's Web Server
1002
1193
  -->
1194
+
1003
1195
  <fingerprint pattern="^Netscape-Enterprise/(\d+\.[\w\s.]+)$">
1004
1196
  <description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
1005
1197
  <example>Netscape-Enterprise/3.5.1</example>
@@ -1011,6 +1203,7 @@
1011
1203
  <param pos="1" name="service.version"/>
1012
1204
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:{service.version}"/>
1013
1205
  </fingerprint>
1206
+
1014
1207
  <fingerprint pattern="^(?:Sun-Java-System-Web-Server|Sun-ONE-Web-Server)/(?:\d\.[\d_]+)$">
1015
1208
  <description>Sun Java System Web Server (formerly Netscape Enterprise Server, iPlanet Web Server and Sun ONE Web Server)</description>
1016
1209
  <example>Sun-Java-System-Web-Server/7.0</example>
@@ -1020,19 +1213,20 @@
1020
1213
  <param pos="0" name="service.product" value="Java System Web Server"/>
1021
1214
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:-"/>
1022
1215
  </fingerprint>
1216
+
1023
1217
  <!--
1024
1218
  Netscape/Sun's Web Proxy Server
1025
1219
  -->
1220
+
1026
1221
  <!--
1027
1222
  Header seen on admin port 8081 (not regular proxy port 8080) of Sun Java
1028
1223
  System Web Proxy Server 3.6 Service Pack 4 running on Windows:
1029
-
1030
1224
  Server: Netscape-Administrator/3.54
1031
-
1032
1225
  However this header might be used by Web Server too, so it might be
1033
1226
  impossible to differentiate Web Server from Web Proxy Server. Also note how
1034
1227
  there seems to be no relation between 3.54 and "3.6 Service Pack 4".
1035
1228
  -->
1229
+
1036
1230
  <fingerprint pattern="^iPlanet-Web-Proxy-Server/(.*)$">
1037
1231
  <description>iPlanet WebProxy Server (subsequently Sun ONE WebProxy Server, presently Sun Java System Web Proxy Server)</description>
1038
1232
  <example>iPlanet-Web-Proxy-Server/3.6</example>
@@ -1043,6 +1237,7 @@
1043
1237
  <param pos="1" name="service.version"/>
1044
1238
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_proxy_server:{service.version}"/>
1045
1239
  </fingerprint>
1240
+
1046
1241
  <fingerprint pattern="^Sun-ONE-Web-Proxy-Server/(.*)$">
1047
1242
  <description>Sun ONE WebProxy Server (formerly iPlanet WebProxy Server, presently Sun Java System Web Proxy Server)</description>
1048
1243
  <example service.version="3.6-SP4">Sun-ONE-Web-Proxy-Server/3.6-SP4</example>
@@ -1052,6 +1247,7 @@
1052
1247
  <param pos="1" name="service.version"/>
1053
1248
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_proxy_server:{service.version}"/>
1054
1249
  </fingerprint>
1250
+
1055
1251
  <fingerprint pattern="^Sun-Java-System-Web-Proxy-Server/(\d\.[\d.]+)$">
1056
1252
  <description>Sun Java System Web Proxy Server (formerly iPlanet WebProxy Server, Sun ONE WebProxy Server)</description>
1057
1253
  <example>Sun-Java-System-Web-Proxy-Server/4.0.2</example>
@@ -1062,6 +1258,7 @@
1062
1258
  <param pos="1" name="service.version"/>
1063
1259
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_proxy_server:{service.version}"/>
1064
1260
  </fingerprint>
1261
+
1065
1262
  <fingerprint pattern="^Sun-ILOM-Web-Server/(?:\d\.[\d._]+)$">
1066
1263
  <description>Sun Integrated Lights Out Manager (ILOM) usually bundled with Sun Fire servers</description>
1067
1264
  <example>Sun-ILOM-Web-Server/1.0</example>
@@ -1071,6 +1268,7 @@
1071
1268
  <param pos="0" name="hw.vendor" value="Sun"/>
1072
1269
  <param pos="0" name="hw.family" value="Sun Fire"/>
1073
1270
  </fingerprint>
1271
+
1074
1272
  <fingerprint pattern="^HP-iLO-Server/(?:[\S]+)">
1075
1273
  <description>HP Integrated Lights Out Manager (iLO). Version in the Server header (found on in iLO4) is the firmware version and is not currently used.</description>
1076
1274
  <example>HP-iLO-Server/1.30</example>
@@ -1085,12 +1283,14 @@
1085
1283
  <param pos="0" name="os.family" value="iLO"/>
1086
1284
  <param pos="0" name="os.device" value="Lights Out Management"/>
1087
1285
  </fingerprint>
1286
+
1088
1287
  <!--
1089
1288
  TODO:
1090
-
1091
1289
  Sun_WebServer/2.1
1092
1290
  -->
1291
+
1093
1292
  <!-- Mort Bay Jetty 1.0 to 6.x -->
1293
+
1094
1294
  <fingerprint pattern="^Jetty\/([1-6]\.[\w.]+)(?: \(([^)]*))?">
1095
1295
  <description>Mort Bay Jetty with info</description>
1096
1296
  <example service.version="4.0.1" jetty.info="SunOS 5.8 sparc">Jetty/4.0.1 (SunOS 5.8 sparc)</example>
@@ -1105,6 +1305,7 @@
1105
1305
  <param pos="0" name="service.cpe23" value="cpe:/a:mortbay:jetty:{service.version}"/>
1106
1306
  <param pos="2" name="jetty.info"/>
1107
1307
  </fingerprint>
1308
+
1108
1309
  <fingerprint pattern="^Jetty\(([1-6]\S+)\)$">
1109
1310
  <description>Mort Bay Jetty</description>
1110
1311
  <example service.version="1.4.5">Jetty(1.4.5)</example>
@@ -1115,10 +1316,12 @@
1115
1316
  <param pos="1" name="service.version"/>
1116
1317
  <param pos="0" name="service.cpe23" value="cpe:/a:mortbay:jetty:{service.version}"/>
1117
1318
  </fingerprint>
1319
+
1118
1320
  <!--
1119
1321
  Jetty moved to Eclipse.org at version 7, CVEs after this version are
1120
1322
  associated with Eclipse CPEs.
1121
1323
  -->
1324
+
1122
1325
  <fingerprint pattern="^Jetty\((\S+)\)$">
1123
1326
  <description>Eclipse Jetty</description>
1124
1327
  <example service.version="7.6.9.v20130131">Jetty(7.6.9.v20130131)</example>
@@ -1130,6 +1333,7 @@
1130
1333
  <param pos="1" name="service.version"/>
1131
1334
  <param pos="0" name="service.cpe23" value="cpe:/a:eclipse:jetty:{service.version}"/>
1132
1335
  </fingerprint>
1336
+
1133
1337
  <fingerprint pattern="^(?i)squid/(\d+\.[\w.\-\+]+)$">
1134
1338
  <description>Squid Web Proxy with a version</description>
1135
1339
  <example service.version="2.3.STABLE1">Squid/2.3.STABLE1</example>
@@ -1141,6 +1345,7 @@
1141
1345
  <param pos="1" name="service.version"/>
1142
1346
  <param pos="0" name="service.cpe23" value="cpe:/a:squid-cache:squid:{service.version}"/>
1143
1347
  </fingerprint>
1348
+
1144
1349
  <fingerprint pattern="^(?i)squid$">
1145
1350
  <description>Squid Web Proxy without a version</description>
1146
1351
  <example>Squid</example>
@@ -1150,14 +1355,18 @@
1150
1355
  <param pos="0" name="service.family" value="Squid"/>
1151
1356
  <param pos="0" name="service.cpe23" value="cpe:/a:squid-cache:squid:-"/>
1152
1357
  </fingerprint>
1358
+
1153
1359
  <fingerprint pattern="^thttpd/(\d\.[\w.]+)-MX\s*.*$">
1154
1360
  <description>thttpd with SSL support</description>
1155
1361
  <example>thttpd/2.19-MX Jan 24 2006</example>
1362
+ <param pos="0" name="service.vendor" value="ACME"/>
1156
1363
  <param pos="0" name="service.product" value="thttpd"/>
1157
1364
  <param pos="0" name="service.family" value="thttpd"/>
1158
1365
  <param pos="1" name="service.version"/>
1366
+ <param pos="0" name="service.cpe23" value="cpe:/a:acme:thttpd:{service.version}"/>
1159
1367
  <param pos="0" name="thttpd.mx-patch" value="enabled"/>
1160
1368
  </fingerprint>
1369
+
1161
1370
  <fingerprint pattern="^thttpd(?:/(\d\.[\w.]+)\s*.*)?$">
1162
1371
  <description>thttpd</description>
1163
1372
  <example>thttpd</example>
@@ -1169,15 +1378,20 @@
1169
1378
  <param pos="0" name="service.family" value="thttpd"/>
1170
1379
  <param pos="1" name="service.version"/>
1171
1380
  </fingerprint>
1172
- <fingerprint pattern="^lighttpd(?:/(\d[\d.]+))?.*$">
1381
+
1382
+ <fingerprint pattern="(?i)^lighttpd(?:/(\d[\d.]+))?.*$">
1173
1383
  <description>Lighttpd</description>
1174
1384
  <example>lighttpd</example>
1385
+ <example>Lighttpd</example>
1175
1386
  <example service.version="1.4.16">lighttpd/1.4.16</example>
1176
1387
  <example>lighttpd/1.3.7 (Mar 23 2007/16:00:15)</example>
1388
+ <param pos="0" name="service.vendor" value="lighttpd"/>
1177
1389
  <param pos="0" name="service.product" value="lighttpd"/>
1178
1390
  <param pos="0" name="service.family" value="lighttpd"/>
1179
1391
  <param pos="1" name="service.version"/>
1392
+ <param pos="0" name="service.cpe23" value="cpe:/a:lighttpd:lighttpd:{service.version}"/>
1180
1393
  </fingerprint>
1394
+
1181
1395
  <fingerprint pattern="^nginx$">
1182
1396
  <description>nginx without version info</description>
1183
1397
  <example>nginx</example>
@@ -1186,6 +1400,7 @@
1186
1400
  <param pos="0" name="service.vendor" value="nginx"/>
1187
1401
  <param pos="0" name="service.cpe23" value="cpe:/a:nginx:nginx:-"/>
1188
1402
  </fingerprint>
1403
+
1189
1404
  <fingerprint pattern="^nginx\/?(:?[\d.]+)?">
1190
1405
  <description>nginx with version info and/or mods</description>
1191
1406
  <example service.version="0.8.53">nginx/0.8.53 + Phusion Passenger 3.0.0 (mod_rails/mod_rack)</example>
@@ -1198,6 +1413,7 @@
1198
1413
  <param pos="1" name="service.version"/>
1199
1414
  <param pos="0" name="service.cpe23" value="cpe:/a:nginx:nginx:{service.version}"/>
1200
1415
  </fingerprint>
1416
+
1201
1417
  <fingerprint pattern="^Lotus(?:-Domino)?(?:/|/0|/Release)?$">
1202
1418
  <description>IBM Lotus Notes/Domino with no useful version info</description>
1203
1419
  <example>Lotus</example>
@@ -1209,6 +1425,7 @@
1209
1425
  <param pos="0" name="service.family" value="Lotus Domino"/>
1210
1426
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:-"/>
1211
1427
  </fingerprint>
1428
+
1212
1429
  <fingerprint pattern="^Lotus(?:-Domino)?/(?:Release-?)?([4-7][\d.]+)\s*(?:.*)$">
1213
1430
  <description>IBM Lotus Notes/Domino with version info</description>
1214
1431
  <example>Lotus-Domino/5.0.8</example>
@@ -1219,6 +1436,7 @@
1219
1436
  <param pos="1" name="service.version"/>
1220
1437
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
1221
1438
  </fingerprint>
1439
+
1222
1440
  <fingerprint pattern="^WebLogic (?:WebLogic )?Server (\d+\.\d+(?:\s+SP\d+)?)\s+.*$">
1223
1441
  <description>BEA WebLogic</description>
1224
1442
  <example service.version="8.1 SP3">WebLogic Server 8.1 SP3 Tue Jun 29 23:11:19 PDT 2004 404973</example>
@@ -1230,6 +1448,7 @@
1230
1448
  <param pos="1" name="service.version"/>
1231
1449
  <param pos="0" name="service.cpe23" value="cpe:/a:bea:weblogic_server:{service.version}"/>
1232
1450
  </fingerprint>
1451
+
1233
1452
  <fingerprint pattern="^WebSphere Application Server/(\d+\.\d+)$">
1234
1453
  <description>IBM WebSphere</description>
1235
1454
  <example service.version="5.0">WebSphere Application Server/5.0</example>
@@ -1238,7 +1457,9 @@
1238
1457
  <param pos="0" name="service.product" value="WebSphere"/>
1239
1458
  <param pos="0" name="service.family" value="WebSphere"/>
1240
1459
  <param pos="1" name="service.version"/>
1460
+ <param pos="0" name="service.cpe23" value="cpe:/a:ibm:websphere:{service.version}"/>
1241
1461
  </fingerprint>
1462
+
1242
1463
  <fingerprint pattern="^Resin/(\S+)$">
1243
1464
  <description>Caucho Resin</description>
1244
1465
  <example>Resin/2.1.13</example>
@@ -1250,6 +1471,7 @@
1250
1471
  <param pos="1" name="service.version"/>
1251
1472
  <param pos="0" name="service.cpe23" value="cpe:/a:caucho:resin:{service.version}"/>
1252
1473
  </fingerprint>
1474
+
1253
1475
  <fingerprint pattern="^Ipswitch-IMail/(\d\.\d+)$">
1254
1476
  <description>Ipswitch IMail Server</description>
1255
1477
  <example>Ipswitch-IMail/5.08</example>
@@ -1265,6 +1487,7 @@
1265
1487
  <param pos="0" name="os.product" value="Windows"/>
1266
1488
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1267
1489
  </fingerprint>
1490
+
1268
1491
  <fingerprint pattern="^Abyss/(\d\.[\d.]+)-X1-Win32 AbyssLib/(?:\d\.[\d.]+)$">
1269
1492
  <description>Aprelium Technologies Abyss Web Server X1 (free personal edition) on Windows</description>
1270
1493
  <example>Abyss/2.0.0.20-X1-Win32 AbyssLib/2.0.0.20</example>
@@ -1278,6 +1501,7 @@
1278
1501
  <param pos="0" name="os.product" value="Windows"/>
1279
1502
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1280
1503
  </fingerprint>
1504
+
1281
1505
  <fingerprint pattern="^Abyss/(\d\.[\d.]+)-X2-Win32 AbyssLib/(?:\d\.[\d.]+)$">
1282
1506
  <description>Aprelium Technologies Abyss Web Server X2 (licensed professional edition) on Windows</description>
1283
1507
  <param pos="0" name="service.vendor" value="Aprelium Technologies"/>
@@ -1289,6 +1513,7 @@
1289
1513
  <param pos="0" name="os.product" value="Windows"/>
1290
1514
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1291
1515
  </fingerprint>
1516
+
1292
1517
  <fingerprint pattern="^Microsoft (Commerce Server\s*(?:2002|2007)?, (?:Enterprise|Standard|Evaluation|Developer) Edition)$">
1293
1518
  <description>Microsoft Commerce Server</description>
1294
1519
  <param pos="0" name="service.vendor" value="Microsoft"/>
@@ -1299,6 +1524,7 @@
1299
1524
  <param pos="0" name="os.product" value="Windows"/>
1300
1525
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1301
1526
  </fingerprint>
1527
+
1302
1528
  <fingerprint pattern="^NetWare-Enterprise-Web-Server/(\d+\.\d+)$">
1303
1529
  <description>NetWare Enterprise Web Server (runs on NetWare 5.1)</description>
1304
1530
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -1313,6 +1539,7 @@
1313
1539
  <param pos="1" name="os.version"/>
1314
1540
  <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:{os.version}"/>
1315
1541
  </fingerprint>
1542
+
1316
1543
  <fingerprint pattern="^NetWare HTTP Stack$">
1317
1544
  <description>NetWare HTTP stack (runs on 6.0 and 6.5)</description>
1318
1545
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -1323,6 +1550,7 @@
1323
1550
  <param pos="0" name="os.product" value="NetWare"/>
1324
1551
  <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:-"/>
1325
1552
  </fingerprint>
1553
+
1326
1554
  <fingerprint pattern="^Novell-HTTP-Server/3.1R1$">
1327
1555
  <description>NetWare HTTP Server (runs on NetWare 4.11)</description>
1328
1556
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -1336,6 +1564,7 @@
1336
1564
  <param pos="0" name="os.version" value="4.11"/>
1337
1565
  <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:4.11"/>
1338
1566
  </fingerprint>
1567
+
1339
1568
  <fingerprint pattern="^Novell-HTTP-Server/2.51R1$">
1340
1569
  <description>NetWare HTTP Server (runs on NetWare 4.1)</description>
1341
1570
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -1349,6 +1578,7 @@
1349
1578
  <param pos="0" name="os.version" value="4.1"/>
1350
1579
  <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:4.1"/>
1351
1580
  </fingerprint>
1581
+
1352
1582
  <fingerprint pattern="^Netscape-FastTrack/(\d+\.[\w\s.]+)$">
1353
1583
  <description>Netscape FastTrack Server</description>
1354
1584
  <param pos="0" name="service.vendor" value="Netscape"/>
@@ -1357,6 +1587,7 @@
1357
1587
  <param pos="1" name="service.version"/>
1358
1588
  <param pos="0" name="service.cpe23" value="cpe:/a:netscape:fasttrack_server:{service.version}"/>
1359
1589
  </fingerprint>
1590
+
1360
1591
  <fingerprint pattern="^Netscape-Commerce/(\d+\.[\w\s.]+)$">
1361
1592
  <description>Netscape Commerce Server</description>
1362
1593
  <param pos="0" name="service.vendor" value="Netscape"/>
@@ -1365,47 +1596,164 @@
1365
1596
  <param pos="1" name="service.version"/>
1366
1597
  <param pos="0" name="service.cpe23" value="cpe:/a:netscape:commerce_server:{service.version}"/>
1367
1598
  </fingerprint>
1599
+
1368
1600
  <!--
1369
1601
  TODO
1370
-
1371
1602
  "Powered by PowerBSD - Apache"
1372
1603
  "SSE(Apache)"
1373
1604
  -->
1605
+
1374
1606
  <fingerprint pattern="^SAP J2EE Engine/(\d+\.\d+)$">
1375
- <description>SAP NetWeaver Web AS (Application Server)</description>
1607
+ <description>SAP NetWeaver Application Server Java - short version</description>
1608
+ <example service.version="7.01">SAP J2EE Engine/7.01</example>
1609
+ <param pos="0" name="service.vendor" value="SAP"/>
1610
+ <param pos="0" name="service.product" value="NetWeaver Application Server Java"/>
1611
+ <param pos="0" name="service.family" value="NetWeaver"/>
1612
+ <param pos="1" name="service.version"/>
1613
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server_java:{service.version}"/>
1614
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1615
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1616
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1617
+ </fingerprint>
1618
+
1619
+ <fingerprint pattern="^SAP J2EE Engine$">
1620
+ <description>SAP NetWeaver Application Server Java - without version</description>
1621
+ <example>SAP J2EE Engine</example>
1622
+ <param pos="0" name="service.vendor" value="SAP"/>
1623
+ <param pos="0" name="service.product" value="NetWeaver Application Server Java"/>
1624
+ <param pos="0" name="service.family" value="NetWeaver"/>
1625
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server_java:-"/>
1626
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1627
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1628
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1629
+ </fingerprint>
1630
+
1631
+ <fingerprint pattern="^SAP NetWeaver Application Server$">
1632
+ <description>SAP NetWeaver Application Server without version</description>
1633
+ <example>SAP NetWeaver Application Server</example>
1634
+ <param pos="0" name="service.vendor" value="SAP"/>
1635
+ <param pos="0" name="service.product" value="NetWeaver Application Server"/>
1636
+ <param pos="0" name="service.family" value="NetWeaver"/>
1637
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1638
+ </fingerprint>
1639
+
1640
+ <fingerprint pattern="^SAP NetWeaver Application Server ([\d.]+) / AS Java ([\d.]+)$">
1641
+ <description>SAP NetWeaver Application Server Java</description>
1642
+ <example service.version="7.30" service.component.version="7.22">SAP NetWeaver Application Server 7.22 / AS Java 7.30</example>
1643
+ <param pos="0" name="service.vendor" value="SAP"/>
1644
+ <param pos="0" name="service.product" value="NetWeaver Application Server Java"/>
1645
+ <param pos="0" name="service.family" value="NetWeaver"/>
1646
+ <param pos="2" name="service.version"/>
1647
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_application_server_java:{service.version}"/>
1648
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1649
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1650
+ <param pos="1" name="service.component.version"/>
1651
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:{service.component.version}"/>
1652
+ </fingerprint>
1653
+
1654
+ <fingerprint pattern="^SAP NetWeaver Application Server ([\d.]+) / ICM ([\d.]+)$">
1655
+ <description>SAP NetWeaver Application Server - Internet Communication Manager</description>
1656
+ <example service.version="7.21" service.component.version="7.21">SAP NetWeaver Application Server 7.21 / ICM 7.21</example>
1657
+ <param pos="0" name="service.vendor" value="SAP"/>
1658
+ <param pos="0" name="service.product" value="NetWeaver Internet Communication Manager"/>
1659
+ <param pos="0" name="service.family" value="NetWeaver"/>
1660
+ <param pos="2" name="service.version"/>
1661
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1662
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1663
+ <param pos="1" name="service.component.version"/>
1664
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:{service.component.version}"/>
1665
+ </fingerprint>
1666
+
1667
+ <fingerprint pattern="^SAP NetWeaver Application Server \(ICM\)$">
1668
+ <description>SAP NetWeaver Application Server - Internet Communication Manager without version</description>
1669
+ <example>SAP NetWeaver Application Server (ICM)</example>
1670
+ <param pos="0" name="service.vendor" value="SAP"/>
1671
+ <param pos="0" name="service.product" value="NetWeaver Internet Communication Manager"/>
1672
+ <param pos="0" name="service.family" value="NetWeaver"/>
1673
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1674
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1675
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1676
+ </fingerprint>
1677
+
1678
+ <fingerprint pattern="^SAP NetWeaver Application Server / ABAP ([\d.]+)$">
1679
+ <description>SAP NetWeaver Application Server - Advanced Business Application Programming</description>
1680
+ <example service.version="731">SAP NetWeaver Application Server / ABAP 731</example>
1376
1681
  <param pos="0" name="service.vendor" value="SAP"/>
1377
- <param pos="0" name="service.product" value="NetWeaver Web AS"/>
1682
+ <param pos="0" name="service.product" value="NetWeaver AS ABAP"/>
1378
1683
  <param pos="0" name="service.family" value="NetWeaver"/>
1379
1684
  <param pos="1" name="service.version"/>
1685
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:netweaver_as_abap:{service.version}"/>
1686
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1687
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1688
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1689
+ </fingerprint>
1690
+
1691
+ <fingerprint pattern="^SAP Internet Graphics Server$">
1692
+ <description>SAP Internet Graphics Server</description>
1693
+ <example>SAP Internet Graphics Server</example>
1694
+ <param pos="0" name="service.vendor" value="SAP"/>
1695
+ <param pos="0" name="service.product" value="Internet Graphics Server"/>
1696
+ <param pos="0" name="service.component.vendor" value="SAP"/>
1697
+ <param pos="0" name="service.component.product" value="NetWeaver Application Server"/>
1698
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
1699
+ </fingerprint>
1700
+
1701
+ <fingerprint pattern="^SAP Message Server, release ([\d.]+) \(LNK\)$">
1702
+ <description>SAP Message Server</description>
1703
+ <example service.version="753">SAP Message Server, release 753 (LNK)</example>
1704
+ <param pos="0" name="service.vendor" value="SAP"/>
1705
+ <param pos="0" name="service.product" value="SAP Message Server"/>
1706
+ <param pos="1" name="service.version"/>
1707
+ </fingerprint>
1708
+
1709
+ <fingerprint pattern="^SQLAnywhere/([\d.]+)$">
1710
+ <description>SAP SQLAnywhere</description>
1711
+ <example service.version="16.0.0.2207">SQLAnywhere/16.0.0.2207</example>
1712
+ <param pos="0" name="service.vendor" value="SAP"/>
1713
+ <param pos="0" name="service.product" value="SQL Anywhere"/>
1714
+ <param pos="1" name="service.version"/>
1715
+ <param pos="0" name="service.cpe23" value="cpe:/a:sap:sql_anywhere:{service.version}"/>
1380
1716
  </fingerprint>
1717
+
1381
1718
  <fingerprint pattern="^OpenVPN-AS$">
1382
1719
  <description>OpenVPN Access Server</description>
1383
1720
  <example>OpenVPN-AS</example>
1384
1721
  <param pos="0" name="service.vendor" value="OpenVPN"/>
1385
- <param pos="0" name="service.product" value="Access Server"/>
1722
+ <param pos="0" name="service.product" value="OpenVPN Access Server"/>
1723
+ <param pos="0" name="service.cpe23" value="cpe:/a:openvpn:openvpn_access_server:-"/>
1386
1724
  <param pos="0" name="hw.device" value="VPN"/>
1387
1725
  </fingerprint>
1388
- <fingerprint pattern="^SonicWALL (SSL-?VPN(?: (?:\d+))?) Web Server\.?$">
1726
+
1727
+ <fingerprint pattern="^SonicWALL SSL-?VPN Web Server$">
1389
1728
  <description>SonicWALL SSL-VPN device</description>
1390
1729
  <example>SonicWALL SSLVPN Web Server</example>
1391
1730
  <example>SonicWALL SSL-VPN Web Server</example>
1392
- <param pos="0" name="service.vendor" value="SonicWALL"/>
1731
+ <param pos="0" name="service.vendor" value="SonicWall"/>
1393
1732
  <param pos="0" name="service.product" value="SSL-VPN"/>
1394
1733
  <param pos="0" name="service.family" value="SSL-VPN"/>
1395
- <param pos="0" name="os.vendor" value="SonicWALL"/>
1734
+ <param pos="0" name="os.vendor" value="SonicWall"/>
1396
1735
  <param pos="0" name="os.device" value="VPN"/>
1397
1736
  <param pos="0" name="os.family" value="SSL-VPN"/>
1398
- <param pos="1" name="os.product"/>
1399
- <param pos="0" name="hw.vendor" value="SonicWALL"/>
1737
+ <param pos="0" name="os.product" value="SonicOS"/>
1738
+ <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
1739
+ <param pos="0" name="hw.vendor" value="SonicWall"/>
1400
1740
  <param pos="0" name="hw.device" value="VPN"/>
1401
1741
  </fingerprint>
1742
+
1402
1743
  <fingerprint pattern="^SonicWALL$">
1403
1744
  <description>SonicWALL device</description>
1404
1745
  <example>SonicWALL</example>
1405
- <param pos="0" name="service.vendor" value="SonicWALL"/>
1746
+ <param pos="0" name="service.vendor" value="SonicWall"/>
1406
1747
  <param pos="0" name="service.product" value="HTTP"/>
1407
- <param pos="0" name="os.vendor" value="SonicWALL"/>
1748
+ <param pos="0" name="os.vendor" value="SonicWall"/>
1749
+ <param pos="0" name="os.device" value="VPN"/>
1750
+ <param pos="0" name="os.family" value="SSL-VPN"/>
1751
+ <param pos="0" name="os.product" value="SonicOS"/>
1752
+ <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
1753
+ <param pos="0" name="hw.vendor" value="SonicWall"/>
1754
+ <param pos="0" name="hw.device" value="VPN"/>
1408
1755
  </fingerprint>
1756
+
1409
1757
  <fingerprint pattern="^NetCache appliance \(NetApp/+(\d+\.\d+[\w.]+)\)$">
1410
1758
  <description>NetCache appliance (product line formerly owned by Network Appliances, now owned by Blue Coat Systems).</description>
1411
1759
  <example service.version="5.3.1R3">NetCache appliance (NetApp/5.3.1R3)</example>
@@ -1423,6 +1771,7 @@
1423
1771
  <param pos="0" name="os.family" value="NetCache"/>
1424
1772
  <param pos="0" name="os.product" value="NetCache"/>
1425
1773
  </fingerprint>
1774
+
1426
1775
  <fingerprint pattern="^NetApp/+(.*)$">
1427
1776
  <description>NetApp file servers</description>
1428
1777
  <example>NetApp/7.3.4P1</example>
@@ -1436,6 +1785,7 @@
1436
1785
  <param pos="1" name="os.version"/>
1437
1786
  <param pos="0" name="os.cpe23" value="cpe:/o:netapp:data_ontap:{os.version}"/>
1438
1787
  </fingerprint>
1788
+
1439
1789
  <fingerprint pattern="^BlueCoat-Security-Appliance$">
1440
1790
  <description>Blue Coat security appliance</description>
1441
1791
  <example>BlueCoat-Security-Appliance</example>
@@ -1444,6 +1794,7 @@
1444
1794
  <param pos="0" name="os.family" value="Blue Coat"/>
1445
1795
  <param pos="0" name="os.product" value="Appliance"/>
1446
1796
  </fingerprint>
1797
+
1447
1798
  <fingerprint pattern="^(?:BigIP|BIG-IP)$">
1448
1799
  <description>F5 BIG-IP</description>
1449
1800
  <param pos="0" name="service.vendor" value="F5"/>
@@ -1453,13 +1804,15 @@
1453
1804
  <param pos="0" name="os.family" value="Linux"/>
1454
1805
  <param pos="0" name="os.product" value="Linux"/>
1455
1806
  </fingerprint>
1807
+
1456
1808
  <fingerprint pattern="^TargetWeb/[\d\.]+ \(TargetOS\)$">
1457
1809
  <description>Mercurity Security TargetOS</description>
1458
1810
  <example>TargetWeb/2011.0 (TargetOS)</example>
1459
1811
  <param pos="0" name="hw.vendor" value="Mercury Security"/>
1460
- <param pos="0" name="hw.device" value="Access Controller"/>
1812
+ <param pos="0" name="hw.device" value="Access Control"/>
1461
1813
  <param pos="0" name="hw.product" value="EP-series"/>
1462
1814
  </fingerprint>
1815
+
1463
1816
  <fingerprint pattern="^Foundry Networks(?:/(\d+\.\d+))?$">
1464
1817
  <description>Foundry Networks device (though not sure which)</description>
1465
1818
  <param pos="0" name="service.vendor" value="Foundry"/>
@@ -1467,6 +1820,7 @@
1467
1820
  <param pos="1" name="service.version"/>
1468
1821
  <param pos="0" name="os.vendor" value="Foundry"/>
1469
1822
  </fingerprint>
1823
+
1470
1824
  <fingerprint pattern="^HP-Chai(?:Server|SOE)/(\d+\.\d+)$">
1471
1825
  <description>HP Printer running the Chai embedded web server</description>
1472
1826
  <example>HP-ChaiServer/2.2</example>
@@ -1484,6 +1838,11 @@
1484
1838
  <param pos="0" name="hw.product" value="JetDirect"/>
1485
1839
  <param pos="0" name="hw.device" value="Printer"/>
1486
1840
  </fingerprint>
1841
+
1842
+ <!-- This section needs to be reworked to extract module / version to make
1843
+ this information useful and mappable to CPE
1844
+ -->
1845
+
1487
1846
  <fingerprint pattern="^HP HTTP Server; (?:Hewlett-Packard )?HP ((\S+) \S+)">
1488
1847
  <description>HP Printer</description>
1489
1848
  <example os.product="Photosmart C309a" os.family="Photosmart">HP HTTP Server; HP Photosmart C309a series - CC335A; Serial Number: abc123; Vader Built:Wed Apr 15, 2009 11:40:58AM {abc123, ASIC id 0x00280004}</example>
@@ -1501,6 +1860,7 @@
1501
1860
  <param pos="0" name="hw.product" value="JetDirect"/>
1502
1861
  <param pos="0" name="hw.device" value="Printer"/>
1503
1862
  </fingerprint>
1863
+
1504
1864
  <fingerprint pattern="^HTTP/1\.0$">
1505
1865
  <description>Old HP printers identify themselves as "HTTP/1.0"</description>
1506
1866
  <param pos="0" name="service.vendor" value="HP"/>
@@ -1515,6 +1875,7 @@
1515
1875
  <param pos="0" name="hw.product" value="JetDirect"/>
1516
1876
  <param pos="0" name="hw.device" value="Printer"/>
1517
1877
  </fingerprint>
1878
+
1518
1879
  <fingerprint pattern="^(?:Allegro-Software-)?RomPager/\s*(\S+)">
1519
1880
  <description>Embedded HTTP server used by many vendors and device
1520
1881
  types, including APC, 3Com, Andover Controls, Cisco VoIP, D-Link,
@@ -1529,6 +1890,7 @@
1529
1890
  <param pos="0" name="service.product" value="RomPager"/>
1530
1891
  <param pos="1" name="service.version"/>
1531
1892
  </fingerprint>
1893
+
1532
1894
  <fingerprint pattern="^YAMAHA-RT$">
1533
1895
  <description>Yamaha RT series routers</description>
1534
1896
  <param pos="0" name="service.vendor" value="Yamaha"/>
@@ -1541,6 +1903,7 @@
1541
1903
  <param pos="0" name="hw.vendor" value="Yamaha"/>
1542
1904
  <param pos="0" name="hw.device" value="Router"/>
1543
1905
  </fingerprint>
1906
+
1544
1907
  <fingerprint pattern="^(?:Canon Http|CANON HTTP) Server (?:Ver)?(?:\d+\.\d+)$">
1545
1908
  <description>Canon Multifunction Printer/Copiers</description>
1546
1909
  <param pos="0" name="service.vendor" value="Canon"/>
@@ -1549,6 +1912,7 @@
1549
1912
  <param pos="0" name="hw.vendor" value="Canon"/>
1550
1913
  <param pos="0" name="hw.device" value="Multifunction Device"/>
1551
1914
  </fingerprint>
1915
+
1552
1916
  <fingerprint pattern=".*Linksys.*">
1553
1917
  <description>Linksys Wireless Access Point</description>
1554
1918
  <param pos="0" name="os.vendor" value="Linksys"/>
@@ -1556,6 +1920,7 @@
1556
1920
  <param pos="0" name="hw.vendor" value="Linksys"/>
1557
1921
  <param pos="0" name="hw.device" value="WAP"/>
1558
1922
  </fingerprint>
1923
+
1559
1924
  <fingerprint pattern="^cisco-IOS$">
1560
1925
  <description>Cisco IOS</description>
1561
1926
  <example>cisco-IOS</example>
@@ -1570,6 +1935,7 @@
1570
1935
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:-"/>
1571
1936
  <param pos="0" name="hw.vendor" value="Cisco"/>
1572
1937
  </fingerprint>
1938
+
1573
1939
  <fingerprint pattern="^cisco-IOS/([^\s]+) HTTP-server/.*$">
1574
1940
  <description>Cisco IOS with version information</description>
1575
1941
  <example>cisco-IOS/12.1 HTTP-server/1.0(1)</example>
@@ -1584,6 +1950,7 @@
1584
1950
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:{os.version}"/>
1585
1951
  <param pos="0" name="hw.vendor" value="Cisco"/>
1586
1952
  </fingerprint>
1953
+
1587
1954
  <fingerprint pattern="^Cisco AWARE (.*)$">
1588
1955
  <description>Cisco ASA</description>
1589
1956
  <example>Cisco AWARE 2.0</example>
@@ -1593,20 +1960,42 @@
1593
1960
  <param pos="0" name="os.vendor" value="Cisco"/>
1594
1961
  <param pos="0" name="os.family" value="Adaptive Security Appliance"/>
1595
1962
  <param pos="0" name="os.product" value="Adaptive Security Appliance"/>
1596
- <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance"/>
1963
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance:-"/>
1597
1964
  <param pos="0" name="hw.vendor" value="Cisco"/>
1598
1965
  <param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
1599
1966
  <param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
1600
1967
  <param pos="0" name="hw.device" value="Firewall"/>
1601
1968
  <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
1602
1969
  </fingerprint>
1603
- <fingerprint pattern="^CradlepointHTTPService/([\d\.]+)$">
1970
+
1971
+ <fingerprint pattern="^CE_E$">
1972
+ <description>Cisco Expressway-E (Edge)</description>
1973
+ <example>CE_E</example>
1974
+ <param pos="0" name="service.vendor" value="Cisco"/>
1975
+ <param pos="0" name="service.product" value="Expressway"/>
1976
+ <param pos="0" name="service.cpe23" value="cpe:/a:cisco:expressway:-"/>
1977
+ <param pos="0" name="hw.vendor" value="Cisco"/>
1978
+ <param pos="0" name="hw.device" value="VoIP"/>
1979
+ </fingerprint>
1980
+
1981
+ <fingerprint pattern="^CE_C$">
1982
+ <description>Cisco Expressway-C (Core)</description>
1983
+ <example>CE_C</example>
1984
+ <param pos="0" name="service.vendor" value="Cisco"/>
1985
+ <param pos="0" name="service.product" value="Expressway"/>
1986
+ <param pos="0" name="service.cpe23" value="cpe:/a:cisco:expressway:-"/>
1987
+ <param pos="0" name="hw.vendor" value="Cisco"/>
1988
+ <param pos="0" name="hw.device" value="VoIP"/>
1989
+ </fingerprint>
1990
+
1991
+ <fingerprint pattern="^CradlepointHTTPService/([\d\.]+)$">
1604
1992
  <description>Cradlepoint HTTP service</description>
1605
1993
  <example service.version="1.0.0">CradlepointHTTPService/1.0.0</example>
1606
1994
  <param pos="1" name="service.version"/>
1607
1995
  <param pos="0" name="service.vendor" value="Cradlepoint"/>
1608
1996
  <param pos="0" name="service.product" value="HTTP"/>
1609
1997
  </fingerprint>
1998
+
1610
1999
  <fingerprint pattern="^DesktopAuthority/(.*)$">
1611
2000
  <description>ScriptLogic DesktopAuthority</description>
1612
2001
  <param pos="1" name="service.version"/>
@@ -1618,6 +2007,7 @@
1618
2007
  <param pos="0" name="os.product" value="Windows"/>
1619
2008
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1620
2009
  </fingerprint>
2010
+
1621
2011
  <fingerprint pattern="^Agent-ListenServer-HttpSvr/.*$">
1622
2012
  <description>McAfee ePolicy Orchestrator</description>
1623
2013
  <param pos="0" name="service.vendor" value="McAfee"/>
@@ -1625,13 +2015,14 @@
1625
2015
  <param pos="0" name="service.family" value="ePolicy Orchestrator"/>
1626
2016
  <param pos="0" name="service.cpe23" value="cpe:/a:mcafee:epolicy_orchestrator:-"/>
1627
2017
  </fingerprint>
2018
+
1628
2019
  <fingerprint pattern="^LANDesk Management Agent/.*$">
1629
2020
  <description>LANDesk Management Agent</description>
1630
2021
  <param pos="0" name="service.vendor" value="LANDesk"/>
1631
2022
  <param pos="0" name="service.product" value="Management Agent"/>
1632
2023
  <param pos="0" name="service.family" value="Management Agent"/>
1633
- <param pos="0" name="service.cpe23" value="cpe:/a:landesk:management_agent:-"/>
1634
2024
  </fingerprint>
2025
+
1635
2026
  <fingerprint pattern="^EWS-NIC\d/(\S+)$">
1636
2027
  <description>Xerox Embedded Web Server (EWS)</description>
1637
2028
  <example service.version="6.31">EWS-NIC3/6.31</example>
@@ -1646,6 +2037,7 @@
1646
2037
  <param pos="0" name="hw.vendor" value="Xerox"/>
1647
2038
  <param pos="0" name="hw.device" value="Printer"/>
1648
2039
  </fingerprint>
2040
+
1649
2041
  <fingerprint pattern="^Adaptec ASM (\S+)$">
1650
2042
  <description>Adaptec - Adaptec Storage Manager (runs on Windows Only)</description>
1651
2043
  <param pos="0" name="service.vendor" value="Adaptec"/>
@@ -1657,6 +2049,7 @@
1657
2049
  <param pos="0" name="os.product" value="Windows"/>
1658
2050
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1659
2051
  </fingerprint>
2052
+
1660
2053
  <fingerprint pattern="^JRun Web Server$">
1661
2054
  <description>Macromedia (formerly Allaire) JRun</description>
1662
2055
  <param pos="0" name="service.vendor" value="Macromedia"/>
@@ -1664,6 +2057,7 @@
1664
2057
  <param pos="0" name="service.product" value="JRun"/>
1665
2058
  <param pos="0" name="service.cpe23" value="cpe:/a:macromedia:jrun:-"/>
1666
2059
  </fingerprint>
2060
+
1667
2061
  <fingerprint pattern="^(?:Raptor )?Simple, Secure Web Server ([\d.]+)$">
1668
2062
  <description>Symantec Raptor Firewall</description>
1669
2063
  <example>Simple, Secure Web Server 1.1</example>
@@ -1674,6 +2068,7 @@
1674
2068
  <param pos="0" name="os.product" value="Raptor"/>
1675
2069
  <param pos="1" name="os.version"/>
1676
2070
  </fingerprint>
2071
+
1677
2072
  <fingerprint pattern="^IPG(\d+)$">
1678
2073
  <description>Systech Internet Payment Gateway</description>
1679
2074
  <example hw.model="8000">IPG8000</example>
@@ -1682,15 +2077,30 @@
1682
2077
  <param pos="0" name="hw.product" value="Internet Payment Gateway"/>
1683
2078
  <param pos="1" name="hw.model"/>
1684
2079
  </fingerprint>
2080
+
1685
2081
  <fingerprint pattern="^NS_(\d\.\d)$">
1686
2082
  <description>Citrix NetScaler</description>
1687
- <example>NS_6.1</example>
2083
+ <example service.version="6.1">NS_6.1</example>
1688
2084
  <param pos="0" name="os.vendor" value="Citrix"/>
1689
2085
  <param pos="0" name="os.family" value="NetScaler"/>
1690
2086
  <param pos="0" name="os.device" value="Network Management Device"/>
1691
2087
  <param pos="0" name="os.product" value="NetScaler"/>
1692
- <param pos="1" name="os.version"/>
2088
+ <param pos="0" name="service.vendor" value="Citrix"/>
2089
+ <param pos="0" name="service.family" value="NetScaler"/>
2090
+ <param pos="0" name="service.device" value="Network Management Device"/>
2091
+ <param pos="0" name="service.product" value="NetScaler"/>
2092
+ <param pos="1" name="service.version"/>
2093
+ <param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler:{service.version}"/>
2094
+ </fingerprint>
2095
+
2096
+ <fingerprint pattern="^Citrix-([\d.]+) \'[^']*\'$">
2097
+ <description>Citrix STUN server</description>
2098
+ <example service.version="3.2.5.9">Citrix-3.2.5.9 'Marshal West'</example>
2099
+ <param pos="0" name="service.vendor" value="Citrix"/>
2100
+ <param pos="0" name="service.product" value="STUN Server"/>
2101
+ <param pos="1" name="service.version"/>
1693
2102
  </fingerprint>
2103
+
1694
2104
  <fingerprint pattern="^Rumpus$">
1695
2105
  <description>Rumpus FTP Server, Web File Manager interface</description>
1696
2106
  <example>Rumpus</example>
@@ -1699,6 +2109,7 @@
1699
2109
  <param pos="0" name="os.product" value="Mac OS X"/>
1700
2110
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:-"/>
1701
2111
  </fingerprint>
2112
+
1702
2113
  <fingerprint pattern="^servermgrd$">
1703
2114
  <description>Mac OS X Server administrative daemon</description>
1704
2115
  <example>servermgrd</example>
@@ -1707,6 +2118,7 @@
1707
2118
  <param pos="0" name="os.product" value="Mac OS X"/>
1708
2119
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:-"/>
1709
2120
  </fingerprint>
2121
+
1710
2122
  <fingerprint pattern="^(RMC Webserver|RAC_ONE_HTTP) (\d\.\d)$">
1711
2123
  <description>Dell Remote Access Controller</description>
1712
2124
  <param pos="0" name="os.vendor" value="Dell"/>
@@ -1717,6 +2129,7 @@
1717
2129
  <param pos="1" name="service.product"/>
1718
2130
  <param pos="2" name="service.version"/>
1719
2131
  </fingerprint>
2132
+
1720
2133
  <fingerprint pattern="^Xerox_MicroServer/Xerox11$">
1721
2134
  <description>Xerox Document Centre</description>
1722
2135
  <param pos="0" name="os.vendor" value="Xerox"/>
@@ -1728,6 +2141,7 @@
1728
2141
  <param pos="0" name="hw.product" value="Document Centre"/>
1729
2142
  <param pos="0" name="hw.device" value="Printer"/>
1730
2143
  </fingerprint>
2144
+
1731
2145
  <fingerprint pattern="^TSM_HTTP/\d\.\d$">
1732
2146
  <description>IBM Tivoli Storage Manager</description>
1733
2147
  <param pos="0" name="service.vendor" value="IBM"/>
@@ -1735,11 +2149,13 @@
1735
2149
  <param pos="0" name="service.product" value="Tivoli Storage Manager"/>
1736
2150
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:tivoli_storage_manager:-"/>
1737
2151
  </fingerprint>
2152
+
1738
2153
  <fingerprint pattern="^D-Link MiniAVServer$">
1739
2154
  <description>D-Link embedded web server for web cams</description>
1740
2155
  <param pos="0" name="os.vendor" value="D-Link"/>
1741
2156
  <param pos="0" name="os.device" value="Web cam"/>
1742
2157
  </fingerprint>
2158
+
1743
2159
  <fingerprint pattern="^ListManagerWeb/(\S+) .*$">
1744
2160
  <description>Lyris ListManager</description>
1745
2161
  <example>ListManagerWeb/8.8a (based on Tcl-Webserver/3.4.2)</example>
@@ -1747,6 +2163,7 @@
1747
2163
  <param pos="0" name="service.product" value="ListManager"/>
1748
2164
  <param pos="1" name="service.version"/>
1749
2165
  </fingerprint>
2166
+
1750
2167
  <fingerprint pattern="^kHTTPd (\S+)" certainty="0.50">
1751
2168
  <description>TUX web server, an in-kernel Linux HTTP Accelerator</description>
1752
2169
  <example>kHTTPd 0.1.6</example>
@@ -1757,22 +2174,57 @@
1757
2174
  <param pos="0" name="os.product" value="Linux"/>
1758
2175
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:-"/>
1759
2176
  </fingerprint>
1760
- <fingerprint pattern="^RealVNC/(?:\S+)$">
2177
+
2178
+ <fingerprint pattern="^VNC Server (Enterprise|Personal) Edition/(?:E|P)([\d.]+) \(r([\d.]+)\)$">
2179
+ <description>RealVNC built-in webserver - Enterprise edition</description>
2180
+ <example service.version="4.5.1" service.version.version="27892">VNC Server Enterprise Edition/E4.5.1 (r27892)</example>
2181
+ <example service.edition="Personal">VNC Server Personal Edition/P4.5.3 (r39012)</example>
2182
+ <param pos="0" name="service.vendor" value="RealVNC Ltd."/>
2183
+ <param pos="0" name="service.product" value="RealVNC"/>
2184
+ <param pos="1" name="service.edition"/>
2185
+ <param pos="2" name="service.version"/>
2186
+ <param pos="3" name="service.version.version"/>
2187
+ <param pos="0" name="service.cpe23" value="cpe:/a:realvnc:realvnc:{service.version}"/>
2188
+ </fingerprint>
2189
+
2190
+ <fingerprint pattern="^RealVNC/E([\d.]+)$">
2191
+ <description>RealVNC built-in webserver - Enterprise edition, short variant</description>
2192
+ <example service.version="4">RealVNC/E4</example>
2193
+ <param pos="0" name="service.vendor" value="RealVNC Ltd."/>
2194
+ <param pos="0" name="service.product" value="RealVNC"/>
2195
+ <param pos="1" name="service.version"/>
2196
+ <param pos="0" name="service.version.version" value="Enterprise"/>
2197
+ <param pos="0" name="service.cpe23" value="cpe:/a:realvnc:realvnc:{service.version}"/>
2198
+ </fingerprint>
2199
+
2200
+ <fingerprint pattern="^RealVNC/([\d.]+)$">
1761
2201
  <description>RealVNC built-in webserver</description>
1762
- <example>RealVNC/4.0</example>
2202
+ <example service.version="4.0">RealVNC/4.0</example>
1763
2203
  <param pos="0" name="service.vendor" value="RealVNC Ltd."/>
1764
2204
  <param pos="0" name="service.product" value="RealVNC"/>
1765
- <param pos="0" name="service.cpe23" value="cpe:/a:realvnc:realvnc:-"/>
2205
+ <param pos="1" name="service.version"/>
2206
+ <param pos="0" name="service.cpe23" value="cpe:/a:realvnc:realvnc:{service.version}"/>
1766
2207
  </fingerprint>
2208
+
2209
+ <fingerprint pattern="^TigerVNC/([\d.]+)$">
2210
+ <description>TigerVNC built-in webserver</description>
2211
+ <example service.version="4.0">TigerVNC/4.0</example>
2212
+ <param pos="0" name="service.vendor" value="TigerVNC"/>
2213
+ <param pos="0" name="service.product" value="TigerVNC"/>
2214
+ <param pos="1" name="service.version"/>
2215
+ <param pos="0" name="service.cpe23" value="cpe:/a:tigervnc:tigervnc:{service.version}"/>
2216
+ </fingerprint>
2217
+
1767
2218
  <fingerprint pattern="^SecureTransport (\d+[\d\.]+) \(build: (\d+)\)$">
1768
2219
  <description>AxWay SecureTransport</description>
1769
2220
  <example>SecureTransport 5.3.6 (build: 412)</example>
1770
2221
  <param pos="0" name="service.vendor" value="Axway"/>
1771
2222
  <param pos="0" name="service.product" value="SecureTransport"/>
1772
- <param pos="0" name="service.cpe23" value="cpe:/a:realvnc:realvnc:{service.version}"/>
1773
2223
  <param pos="1" name="service.version"/>
2224
+ <param pos="0" name="service.cpe23" value="cpe:/a:axway:securetransport:{service.version}"/>
1774
2225
  <param pos="2" name="securetransport.build"/>
1775
2226
  </fingerprint>
2227
+
1776
2228
  <fingerprint pattern="(Agranat|Conexant|(?:Globespan)?Virata)-EmWeb/(.*)$">
1777
2229
  <description>EmWeb variants</description>
1778
2230
  <example>Agranat-EmWeb/R4_01</example>
@@ -1796,6 +2248,7 @@
1796
2248
  <param pos="0" name="service.product" value="EmWeb"/>
1797
2249
  <param pos="2" name="service.version"/>
1798
2250
  </fingerprint>
2251
+
1799
2252
  <fingerprint pattern="^NSC/\S+ \(JVM\)$">
1800
2253
  <description>Rapid7 NSC</description>
1801
2254
  <example>NSC/0.6.4 (JVM)</example>
@@ -1803,6 +2256,7 @@
1803
2256
  <param pos="0" name="service.product" value="Nexpose"/>
1804
2257
  <param pos="0" name="service.cpe23" value="cpe:/a:rapid7:nexpose:-"/>
1805
2258
  </fingerprint>
2259
+
1806
2260
  <fingerprint pattern="^Security Console$">
1807
2261
  <description>Rapid7 Nexpose Security Console</description>
1808
2262
  <example>Security Console</example>
@@ -1810,6 +2264,7 @@
1810
2264
  <param pos="0" name="service.product" value="Nexpose"/>
1811
2265
  <param pos="0" name="service.cpe23" value="cpe:/a:rapid7:nexpose:-"/>
1812
2266
  </fingerprint>
2267
+
1813
2268
  <fingerprint pattern="^Polycom SoundPoint IP Telephone HTTPd$">
1814
2269
  <description>Polycom Soundpoint IP Telephone</description>
1815
2270
  <example>Polycom SoundPoint IP Telephone HTTPd</example>
@@ -1819,23 +2274,21 @@
1819
2274
  <param pos="0" name="hw.family" value="SoundPoint"/>
1820
2275
  <param pos="0" name="hw.device" value="VoIP"/>
1821
2276
  </fingerprint>
2277
+
1822
2278
  <!-- 4D WebSTAR was aquired by Kerio but it seems that both
1823
2279
  Kerio and 4D have branched the product. The 4D banners
1824
2280
  use the new version scheme (just 2004 it would appear):
1825
-
1826
2281
  4D_WebStar_D/2004
1827
-
1828
2282
  whereas Kerio banners are:
1829
-
1830
2283
  4D_WebSTAR_S/5.3.2 (MacOS X)
1831
2284
  4D_WebStar_D/7.8
1832
2285
  4D_WebSTAR_S/5.4.1 (MacOS X)
1833
-
1834
2286
  WebSTAR/4.4 ID/72547
1835
2287
  WebSTAR/4.5(SSL) ID/82535
1836
2288
  WebSTAR NetCloak
1837
2289
  WebSTAR/4.5(SSL) ID/85282
1838
2290
  -->
2291
+
1839
2292
  <!--
1840
2293
  <fingerprint pattern="^4D_WebSTAR_S/2004$">
1841
2294
  <description>4D 4th Dimension 2004</description>
@@ -1846,6 +2299,7 @@
1846
2299
  <param pos="0" name="os.family" value="Windows"/>
1847
2300
  <param pos="0" name="os.product" value="Windows"/>
1848
2301
  </fingerprint>
2302
+
1849
2303
  <fingerprint pattern="^4D_WebSTAR_S/5.3.2 \(MacOS X\)$">
1850
2304
  <description>Kerio WebSTAR</description>
1851
2305
  <param pos="0" name="service.vendor" value="Kerio"/>
@@ -1856,7 +2310,9 @@
1856
2310
  <param pos="0" name="os.family" value="Windows"/>
1857
2311
  <param pos="0" name="os.product" value="Windows"/>
1858
2312
  </fingerprint>
2313
+
1859
2314
  -->
2315
+
1860
2316
  <fingerprint pattern="^SentinelProtectionServer/((?:\d+\.)*\d+)$">
1861
2317
  <description>Sentinel Protection Server - Embedded httpd in SafeNet's memory key dongles</description>
1862
2318
  <example service.version="7.1">SentinelProtectionServer/7.1</example>
@@ -1868,6 +2324,7 @@
1868
2324
  <param pos="0" name="service.family" value="Sentinel"/>
1869
2325
  <param pos="1" name="service.version"/>
1870
2326
  </fingerprint>
2327
+
1871
2328
  <fingerprint pattern="^SentinelKeysServer/((?:\d+\.)*\d+)$">
1872
2329
  <description>Sentinel Key Server - Embedded httpd in SafeNet's memory key dongles</description>
1873
2330
  <example service.version="1.3.1">SentinelKeysServer/1.3.1</example>
@@ -1878,6 +2335,7 @@
1878
2335
  <param pos="0" name="service.family" value="Sentinel"/>
1879
2336
  <param pos="1" name="service.version"/>
1880
2337
  </fingerprint>
2338
+
1881
2339
  <fingerprint pattern="^CherryPy/((?:\d+\.)*\d+)$">
1882
2340
  <description>Web server component of CherryPy web application framework.</description>
1883
2341
  <example>CherryPy/3.1.2</example>
@@ -1888,6 +2346,7 @@
1888
2346
  <param pos="1" name="service.version"/>
1889
2347
  <param pos="0" name="service.cpe23" value="cpe:/a:cherrypy:cherrypy:{service.version}"/>
1890
2348
  </fingerprint>
2349
+
1891
2350
  <fingerprint pattern="(?i)^TornadoServer/((?:\d+\.)*\d+)$">
1892
2351
  <description>Tornado Python web framework and asynchronous networking library.</description>
1893
2352
  <example>TornadoServer/4.0.2</example>
@@ -1897,16 +2356,18 @@
1897
2356
  <param pos="1" name="service.version"/>
1898
2357
  <param pos="0" name="service.cpe23" value="cpe:/a:tornadoweb:tornado:{service.version}"/>
1899
2358
  </fingerprint>
2359
+
1900
2360
  <fingerprint pattern="(?i)^SimpleHTTP/((?:\d+\.)*\d+)\s*Python/((?:\d+\.)*\d+)$">
1901
2361
  <description>SimpleHTTPRequestHandler Python class is a simple HTTP request handler.</description>
1902
- <example>SimpleHTTP/0.6 Python/2.7.6</example>
1903
- <example>SimpleHTTP/0.6 Python/3.4.0</example>
2362
+ <example service.version="0.6">SimpleHTTP/0.6 Python/2.7.6</example>
2363
+ <example python.version="3.4.0">SimpleHTTP/0.6 Python/3.4.0</example>
1904
2364
  <param pos="0" name="service.vendor" value="Python Software Foundation"/>
1905
2365
  <param pos="0" name="service.product" value="SimpleHTTP"/>
1906
2366
  <param pos="0" name="service.family" value="Python"/>
1907
2367
  <param pos="1" name="service.version"/>
1908
2368
  <param pos="2" name="python.version"/>
1909
2369
  </fingerprint>
2370
+
1910
2371
  <fingerprint pattern="^HP Web Jetadmin/((?:\d+\.)*\d+)\s*(.*)$">
1911
2372
  <description>Apache variant for web access to HP printers.</description>
1912
2373
  <example>HP Web Jetadmin/2.0.50 (Win32) mod_auth_sspi/1.0.1 mod_ssl/2.0.50 OpenSSL/0.9.6m</example>
@@ -1919,6 +2380,7 @@
1919
2380
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:{service.version}"/>
1920
2381
  <param pos="2" name="apache.info"/>
1921
2382
  </fingerprint>
2383
+
1922
2384
  <fingerprint pattern="^HP Web Jetadmin ([\d\.]+)(?: \([^\)]+\))?$">
1923
2385
  <description>HP printers, perhaps Apache, but we can't say for sure</description>
1924
2386
  <example service.version="10.3.85669">HP Web Jetadmin 10.3.85669</example>
@@ -1928,17 +2390,19 @@
1928
2390
  <param pos="1" name="service.version"/>
1929
2391
  <param pos="0" name="service.cpe23" value="cpe:/a:hp:web_jetadmin:{service.version}"/>
1930
2392
  </fingerprint>
2393
+
1931
2394
  <fingerprint pattern="^KM-MFP-http/V([\d\.]+)$">
1932
2395
  <description>Kyocera Printers</description>
1933
2396
  <example service.version="0.0.1">KM-MFP-http/V0.0.1</example>
1934
- <param pos="0" name="os.vendor" value="Kycoera"/>
2397
+ <param pos="0" name="os.vendor" value="Kyocera"/>
1935
2398
  <param pos="0" name="os.device" value="Multifunction Device"/>
1936
- <param pos="0" name="hw.vendor" value="Kycoera"/>
2399
+ <param pos="0" name="hw.vendor" value="Kyocera"/>
1937
2400
  <param pos="0" name="hw.device" value="Multifunction Device"/>
1938
2401
  <param pos="0" name="service.vendor" value="Kyocera"/>
1939
2402
  <param pos="0" name="service.product" value="KM-MFP-HTTP"/>
1940
2403
  <param pos="1" name="service.version"/>
1941
2404
  </fingerprint>
2405
+
1942
2406
  <fingerprint pattern="^Citrix Web PN Server$">
1943
2407
  <description>Citrix Web PN (Program Neighborhood) Server is an HTTP server used by Citrix products</description>
1944
2408
  <example>Citrix Web PN Server</example>
@@ -1946,6 +2410,7 @@
1946
2410
  <param pos="0" name="service.product" value="Web PN Server"/>
1947
2411
  <param pos="0" name="service.family" value="Web PN Server"/>
1948
2412
  </fingerprint>
2413
+
1949
2414
  <fingerprint pattern="^Lotus Expeditor Web Container/((?:\d+\.)*\d+)$">
1950
2415
  <description>Expeditor is a framework used by IBM in many products in the Lotus brand, such as Sametime and Notes.</description>
1951
2416
  <example>Lotus Expeditor Web Container/6.1</example>
@@ -1955,27 +2420,34 @@
1955
2420
  <param pos="0" name="service.family" value="Lotus Expeditor"/>
1956
2421
  <param pos="1" name="service.version"/>
1957
2422
  </fingerprint>
2423
+
1958
2424
  <!-- GoAhead software was acquired by Oracle in 2011. They later handed this
1959
2425
  off to (E)Mbedthis. Version 3.0 released in October 2012 appears to be
1960
2426
  the first version to fully be Mbedthis software.
1961
2427
  -->
2428
+
1962
2429
  <fingerprint pattern="^GoAhead-(?:Webs|http)$">
1963
2430
  <description>GoAhead-Webs - no version</description>
1964
2431
  <example>GoAhead-Webs</example>
1965
- <param pos="0" name="service.vendor" value="Oracle"/>
2432
+ <param pos="0" name="service.vendor" value="EmbedThis"/>
1966
2433
  <param pos="0" name="service.product" value="GoAhead Webserver"/>
1967
2434
  <param pos="0" name="service.family" value="GoAhead Webserver"/>
2435
+ <param pos="0" name="service.cpe23" value="cpe:/a:embedthis:goahead:-"/>
1968
2436
  </fingerprint>
1969
- <fingerprint pattern="^GoAhead-(?:Webs|http)\/([\d.]+)(?: PeerSec-MatrixSSL\/[\d.]+-OPEN)?$">
2437
+
2438
+ <fingerprint pattern="(?i)^GoAhead(?:-Webs|-http)?\/([\d.]+)(?: PeerSec-MatrixSSL\/[\d.]+-OPEN)?$">
1970
2439
  <description>GoAhead-Webs - version</description>
1971
2440
  <example service.version="2.5.0">GoAhead-Webs/2.5.0 PeerSec-MatrixSSL/3.4.2-OPEN</example>
2441
+ <example service.version="2.5.0">Goahead/2.5.0 PeerSec-MatrixSSL/3.2.1-OPEN</example>
1972
2442
  <example>GoAhead-Webs/2.5.0</example>
1973
2443
  <param pos="0" name="service.vendor" value="Oracle"/>
1974
2444
  <param pos="0" name="service.product" value="GoAhead Webserver"/>
1975
2445
  <param pos="0" name="service.family" value="GoAhead Webserver"/>
1976
2446
  <param pos="1" name="service.version"/>
1977
2447
  </fingerprint>
2448
+
1978
2449
  <!-- MBedthis changed its name/branding to Embedthis-->
2450
+
1979
2451
  <fingerprint pattern="^Mbedthis-App[Ww]eb/([\d.]+)$">
1980
2452
  <description>Mbedthis Appweb</description>
1981
2453
  <example service.version="2.4.0">Mbedthis-Appweb/2.4.0</example>
@@ -1987,6 +2459,7 @@
1987
2459
  <param pos="0" name="service.family" value="Appweb"/>
1988
2460
  <param pos="1" name="service.version"/>
1989
2461
  </fingerprint>
2462
+
1990
2463
  <fingerprint pattern="^Embedthis-(?:Appweb|http)\/?(:?[\d.]+)?$">
1991
2464
  <description>Embedthis AppWeb</description>
1992
2465
  <example service.version="3.2.3">Embedthis-Appweb/3.2.3</example>
@@ -1998,6 +2471,7 @@
1998
2471
  <param pos="1" name="service.version"/>
1999
2472
  <param pos="0" name="service.cpe23" value="cpe:/a:embedthis:appweb:{service.version}"/>
2000
2473
  </fingerprint>
2474
+
2001
2475
  <fingerprint pattern="^Avaya CMBE/((?:\d+\.)*\d+)$">
2002
2476
  <description>Web server for Avaya Aura Communication Manager Branch, a SIP-based communications platform.</description>
2003
2477
  <example>Avaya CMBE/2.0.0</example>
@@ -2006,7 +2480,9 @@
2006
2480
  <param pos="0" name="service.product" value="Aura Communication Manager"/>
2007
2481
  <param pos="0" name="service.family" value="Aura"/>
2008
2482
  <param pos="1" name="service.version"/>
2483
+ <param pos="0" name="service.cpe23" value="cpe:/a:avaya:aura_communication_manager:{service.version}"/>
2009
2484
  </fingerprint>
2485
+
2010
2486
  <fingerprint pattern="^Rapid Logic/((?:\d+\.)*\d+)$">
2011
2487
  <description>Embedded web server by Rapid Logic, which was acquired by Wind River.</description>
2012
2488
  <example service.version="1.1">Rapid Logic/1.1</example>
@@ -2015,6 +2491,7 @@
2015
2491
  <param pos="0" name="service.product" value="Rapid Logic"/>
2016
2492
  <param pos="1" name="service.version"/>
2017
2493
  </fingerprint>
2494
+
2018
2495
  <fingerprint pattern="^WindRiver-WebServer/((?:\d+\.)*\d+)$">
2019
2496
  <description>Wind River HTTP server</description>
2020
2497
  <example service.version="4.4">WindRiver-WebServer/4.4</example>
@@ -2022,14 +2499,16 @@
2022
2499
  <param pos="0" name="service.product" value="WebServer"/>
2023
2500
  <param pos="1" name="service.version"/>
2024
2501
  </fingerprint>
2502
+
2025
2503
  <fingerprint pattern="^Sophos Email Appliance$">
2026
- <description>Embedded web server for a rack-mounted email appliance that blocks spam and malware.</description>
2504
+ <description>Sophos - Embedded web server for a rack-mounted email appliance that blocks spam and malware.</description>
2027
2505
  <example>Sophos Email Appliance</example>
2028
2506
  <param pos="0" name="service.vendor" value="Sophos"/>
2029
2507
  <param pos="0" name="service.product" value="Email Appliance"/>
2030
2508
  <param pos="0" name="os.vendor" value="Sophos"/>
2031
2509
  <param pos="0" name="os.product" value="Email Appliance"/>
2032
2510
  </fingerprint>
2511
+
2033
2512
  <fingerprint pattern="^CUPS\/((?:\d\.)+\d+)(?:\s*IPP\/\d+\.\d+)?$">
2034
2513
  <description>Server for the CUPS web interface.</description>
2035
2514
  <example service.version="1.1">CUPS/1.1</example>
@@ -2040,6 +2519,7 @@
2040
2519
  <param pos="1" name="service.version"/>
2041
2520
  <param pos="0" name="service.cpe23" value="cpe:/a:apple:cups:{service.version}"/>
2042
2521
  </fingerprint>
2522
+
2043
2523
  <fingerprint pattern="^TwistedWeb/([\d.rc]+)$">
2044
2524
  <description>Twisted Matrix Labs - TwistedWeb</description>
2045
2525
  <example>TwistedWeb/2.5.0</example>
@@ -2050,23 +2530,27 @@
2050
2530
  <param pos="0" name="service.family" value="Twisted Web"/>
2051
2531
  <param pos="1" name="service.version"/>
2052
2532
  </fingerprint>
2533
+
2053
2534
  <fingerprint pattern="^mini_httpd/((?:\d+\.)*\d+) \S*$">
2054
- <description>A small HTTP server</description>
2535
+ <description>ACME mini_httpd with version and date</description>
2055
2536
  <example>mini_httpd/1.14 23jun2000</example>
2056
2537
  <example>mini_httpd/1 23jun2000</example>
2057
- <param pos="0" name="service.vendor" value="ACME Laboratories"/>
2538
+ <param pos="0" name="service.vendor" value="ACME"/>
2058
2539
  <param pos="0" name="service.product" value="mini_httpd"/>
2059
2540
  <param pos="0" name="service.family" value="mini_httpd"/>
2060
2541
  <param pos="1" name="service.version"/>
2542
+ <param pos="0" name="service.cpe23" value="cpe:/a:acme:mini_httpd:{service.version}"/>
2061
2543
  </fingerprint>
2544
+
2062
2545
  <fingerprint pattern="^thin ((?:\d+\.)*\d+) codename .+$">
2063
- <description>A Ruby-based web server.</description>
2064
- <example>thin 1.2.4 codename Flaming Astroboy</example>
2546
+ <description>Marc-André Cournoyer's thin webserver</description>
2547
+ <example service.version="1.2.4">thin 1.2.4 codename Flaming Astroboy</example>
2065
2548
  <example>thin 1 codename Flaming Astroboy</example>
2066
2549
  <param pos="0" name="service.product" value="Thin"/>
2067
2550
  <param pos="0" name="service.family" value="Thin"/>
2068
2551
  <param pos="1" name="service.version"/>
2069
2552
  </fingerprint>
2553
+
2070
2554
  <fingerprint pattern="^Avocent DSView \d+/((?:\d+\.)*\d+)$">
2071
2555
  <description>Web server interface for controlling data centers.</description>
2072
2556
  <example>Avocent DSView 3/3.7.0.71</example>
@@ -2077,14 +2561,18 @@
2077
2561
  <param pos="1" name="service.version"/>
2078
2562
  <param pos="0" name="service.cpe23" value="cpe:/a:avocent:dsview:{service.version}"/>
2079
2563
  </fingerprint>
2564
+
2080
2565
  <fingerprint pattern="^Mongrel ((?:\d+\.)*\d+)$">
2081
2566
  <description>Ruby-based web server and HTTP library.</description>
2082
- <example>Mongrel 1.1.5</example>
2567
+ <example service.version="1.1.5">Mongrel 1.1.5</example>
2083
2568
  <example>Mongrel 1</example>
2569
+ <param pos="0" name="service.vendor" value="Zed Shaw"/>
2084
2570
  <param pos="0" name="service.product" value="Mongrel"/>
2085
2571
  <param pos="0" name="service.family" value="Mongrel"/>
2086
2572
  <param pos="1" name="service.version"/>
2573
+ <param pos="0" name="service.cpe23" value="cpe:/a:zed_shaw:mongrel:{service.version}"/>
2087
2574
  </fingerprint>
2575
+
2088
2576
  <fingerprint pattern="^Microplex emHTTPD/((?:\d+\.)*\d+)$">
2089
2577
  <description>Embedded web server used by Microplex.</description>
2090
2578
  <example>Microplex emHTTPD/1.0</example>
@@ -2097,6 +2585,7 @@
2097
2585
  <param pos="0" name="os.vendor" value="Microplex"/>
2098
2586
  <param pos="0" name="os.device" value="Print server"/>
2099
2587
  </fingerprint>
2588
+
2100
2589
  <fingerprint pattern="^UPS_Server/((?:\d+\.)*\d+)$">
2101
2590
  <description>An embedded web server used for UPS management; primarily by Eaton, but also by APC.</description>
2102
2591
  <example>UPS_Server/1.0</example>
@@ -2108,6 +2597,7 @@
2108
2597
  <param pos="0" name="os.vendor" value="Eaton"/>
2109
2598
  <param pos="0" name="os.device" value="UPS"/>
2110
2599
  </fingerprint>
2600
+
2111
2601
  <fingerprint pattern="^JC-HTTPD/((?:\d+\.)*\d+)$">
2112
2602
  <description>An embedded web server, used notably by Oki and Kyocera in printers.</description>
2113
2603
  <example>JC-HTTPD/1.11.14</example>
@@ -2116,23 +2606,27 @@
2116
2606
  <param pos="0" name="service.family" value="JC-HTTPD"/>
2117
2607
  <param pos="1" name="service.version"/>
2118
2608
  </fingerprint>
2609
+
2119
2610
  <fingerprint pattern="^JC-SHTTPD/((?:\d+\.)*\d+)$">
2120
2611
  <description>An embedded web server.</description>
2121
- <example>JC-SHTTPD/1.17.20</example>
2612
+ <example service.version="1.17.20">JC-SHTTPD/1.17.20</example>
2122
2613
  <example>JC-SHTTPD/1</example>
2123
2614
  <param pos="0" name="service.product" value="JC-SHTTPD"/>
2124
2615
  <param pos="0" name="service.family" value="JC-SHTTPD"/>
2125
2616
  <param pos="1" name="service.version"/>
2126
2617
  </fingerprint>
2127
- <fingerprint pattern="^Oracle XML DB/Oracle\S+ Enterprise Edition Release ((?:\d+\.)*\d+) - Production$">
2618
+
2619
+ <fingerprint pattern="^Oracle XML DB/Oracle\S+ (?:Enterprise Edition )?Release ((?:\d+\.)*\d+) - Production$">
2128
2620
  <description>Web server providing web services for Oracle's XML DB - with version string</description>
2129
- <example>Oracle XML DB/Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production</example>
2621
+ <example service.version="9.2.0.1.0">Oracle XML DB/Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production</example>
2130
2622
  <example>Oracle XML DB/Oracle9i Enterprise Edition Release 9 - Production</example>
2623
+ <example service.version="9.2.0.1.0">Oracle XML DB/Oracle9i Release 9.2.0.1.0 - Production</example>
2131
2624
  <param pos="0" name="service.vendor" value="Oracle"/>
2132
2625
  <param pos="0" name="service.product" value="XML DB"/>
2133
2626
  <param pos="0" name="service.family" value="Oracle"/>
2134
2627
  <param pos="1" name="service.version"/>
2135
2628
  </fingerprint>
2629
+
2136
2630
  <fingerprint pattern="^Oracle XML DB/Oracle Database$">
2137
2631
  <description>Web server providing web services for Oracle's XML DB</description>
2138
2632
  <example>Oracle XML DB/Oracle Database</example>
@@ -2140,6 +2634,7 @@
2140
2634
  <param pos="0" name="service.product" value="XML DB"/>
2141
2635
  <param pos="0" name="service.family" value="Oracle"/>
2142
2636
  </fingerprint>
2637
+
2143
2638
  <fingerprint pattern="^sfcHttpd$">
2144
2639
  <description>Server for HTTP interface to sfcb, a lightweight CIM server</description>
2145
2640
  <example>sfcHttpd</example>
@@ -2147,6 +2642,7 @@
2147
2642
  <param pos="0" name="service.product" value="sfcb"/>
2148
2643
  <param pos="0" name="service.family" value="sfcb"/>
2149
2644
  </fingerprint>
2645
+
2150
2646
  <fingerprint pattern="^PanWeb Server/ -">
2151
2647
  <description>HTTP and HTTPS server found on Palo Alto Networks devices</description>
2152
2648
  <example>PanWeb Server/ -</example>
@@ -2157,6 +2653,7 @@
2157
2653
  <param pos="0" name="os.device" value="Firewall"/>
2158
2654
  <param pos="0" name="os.cpe23" value="cpe:/o:paloaltonetworks:pan-os:-"/>
2159
2655
  </fingerprint>
2656
+
2160
2657
  <fingerprint pattern="^Ews/((?:\d+\.)*\d+)$">
2161
2658
  <description>IBM Network Printer Manager.</description>
2162
2659
  <example>Ews/0.1</example>
@@ -2166,29 +2663,41 @@
2166
2663
  <param pos="0" name="service.family" value="Network Printer Manager"/>
2167
2664
  <param pos="1" name="service.version"/>
2168
2665
  </fingerprint>
2666
+
2169
2667
  <!-- NOTE: '$ProjectRevision: {some version string} $' has been seen in a
2170
2668
  variety of products including printers, PDUs, etc.
2171
2669
  -->
2172
- <fingerprint pattern="^\$ProjectRevision: 4.0.2.38 \$$">
2173
- <description>This banner is seen on some HP LaserJet printers.</description>
2670
+
2671
+ <fingerprint pattern="^\$ProjectRevision:[\s\w:]* ([\d\.]+) \$$">
2672
+ <description>This banner is used to see if devices have Treck TCP/IP</description>
2174
2673
  <example>$ProjectRevision: 4.0.2.38 $</example>
2175
- <param pos="0" name="os.vendor" value="HP"/>
2176
- <param pos="0" name="os.device" value="Printer"/>
2177
- <param pos="0" name="os.family" value="LaserJet"/>
2674
+ <example>$ProjectRevision: 4.2 $</example>
2675
+ <example>$ProjectRevision: 6.0.1.5 $</example>
2676
+ <example>$ProjectRevision: Last Checkpoint: 4.2.2.13 $</example>
2677
+ <param pos="0" name="service.vendor" value="Treck"/>
2678
+ <param pos="0" name="service.product" value="TCP/IP"/>
2679
+ <param pos="1" name="service.version"/>
2680
+ <param pos="0" name="service.cpe23" value="cpe:/a:treck:tcp\/ip:{service.version}"/>
2178
2681
  </fingerprint>
2682
+
2179
2683
  <fingerprint pattern="^WEBrick/([\d\.]+) .*$">
2180
2684
  <description>WEBrick default setup</description>
2181
- <example>WEBrick/1.3.1 (Ruby/1.9.3/2013-02-22)</example>
2182
- <param pos="0" name="service.vendor" value="Ruby"/>
2685
+ <example service.version="1.3.1">WEBrick/1.3.1 (Ruby/1.9.3/2013-02-22)</example>
2686
+ <param pos="0" name="service.vendor" value="Ruby-Lang"/>
2183
2687
  <param pos="0" name="service.product" value="WEBrick"/>
2184
2688
  <param pos="1" name="service.version"/>
2689
+ <param pos="0" name="service.cpe23" value="cpe:/a:ruby-lang:webrick:{service.version}"/>
2185
2690
  </fingerprint>
2691
+
2186
2692
  <fingerprint pattern="^Aspen/(\S+)">
2187
2693
  <description>Aspen web server</description>
2188
2694
  <example service.version="0.8">Aspen/0.8</example>
2695
+ <param pos="0" name="service.vendor" value="Aspen"/>
2189
2696
  <param pos="0" name="service.product" value="Aspen"/>
2190
2697
  <param pos="1" name="service.version"/>
2698
+ <param pos="0" name="service.cpe23" value="cpe:/a:aspen:aspen:{service.version}"/>
2191
2699
  </fingerprint>
2700
+
2192
2701
  <fingerprint pattern="^Boa/([\d\.]+\S*)">
2193
2702
  <description>Boa web server</description>
2194
2703
  <example service.version="0.94.14rc21">Boa/0.94.14rc21</example>
@@ -2196,10 +2705,14 @@
2196
2705
  <example service.version="0.93.15">Boa/0.93.15 (with Intersil Extensions)</example>
2197
2706
  <example service.version="0.92p">Boa/0.92p OS-9 Version</example>
2198
2707
  <example service.version="0.93.15">Boa/0.93.15</example>
2708
+ <param pos="0" name="service.vendor" value="Boa"/>
2199
2709
  <param pos="0" name="service.product" value="Boa"/>
2200
2710
  <param pos="1" name="service.version"/>
2711
+ <param pos="0" name="service.cpe23" value="cpe:/a:boa:boa:{service.version}"/>
2201
2712
  </fingerprint>
2713
+
2202
2714
  <!-- HiSilicon is OEMd by a number of DVR manufacturers -->
2715
+
2203
2716
  <fingerprint pattern="^Cross Web Server$">
2204
2717
  <description>Web server found on DVR and webcam servers sourced from HiSilicon</description>
2205
2718
  <example>Cross Web Server</example>
@@ -2209,7 +2722,9 @@
2209
2722
  <param pos="0" name="os.device" value="DVR"/>
2210
2723
  <param pos="0" name="hw.device" value="DVR"/>
2211
2724
  </fingerprint>
2725
+
2212
2726
  <!-- Hikvision is OEMd by a number of DVR manufacturers -->
2727
+
2213
2728
  <fingerprint pattern="^(?:Hikvision|DNVRS|DVRDVS)-Webs$">
2214
2729
  <description>Web server found on DVR and webcam servers sourced from Hikvision</description>
2215
2730
  <example>Hikvision-Webs</example>
@@ -2219,8 +2734,10 @@
2219
2734
  <param pos="0" name="service.product" value="Hikvision Web Server"/>
2220
2735
  <param pos="0" name="os.vendor" value="Hikvision"/>
2221
2736
  <param pos="0" name="os.device" value="DVR"/>
2737
+ <param pos="0" name="hw.vendor" value="Hikvision"/>
2222
2738
  <param pos="0" name="hw.device" value="DVR"/>
2223
2739
  </fingerprint>
2740
+
2224
2741
  <fingerprint pattern="^NET-DK[/ ](\d+\.\d+)$">
2225
2742
  <description>Web server found on ARRIS cable modems</description>
2226
2743
  <example>NET-DK/1.0</example>
@@ -2233,12 +2750,14 @@
2233
2750
  <param pos="0" name="hw.vendor" value="ARRIS"/>
2234
2751
  <param pos="0" name="hw.device" value="Cable Modem"/>
2235
2752
  </fingerprint>
2753
+
2236
2754
  <fingerprint pattern="^2wire Gateway$">
2237
2755
  <description>Web server found on some Arris/2wire devices</description>
2238
2756
  <example>2wire Gateway</example>
2239
2757
  <param pos="0" name="service.vendor" value="ARRIS"/>
2240
2758
  <param pos="0" name="service.product" value="2wire"/>
2241
2759
  </fingerprint>
2760
+
2242
2761
  <!-- junit says,
2243
2762
  "Example pattern '' from http_servers.xml didn't match pattern '^$'"
2244
2763
  Figure out if we have a way to support matching empty strings later.
@@ -2246,20 +2765,26 @@
2246
2765
  <example></example>
2247
2766
  <description>A blank banner; assert nothing.</description>
2248
2767
  </fingerprint>
2768
+
2249
2769
  -->
2770
+
2250
2771
  <fingerprint pattern="^(?:(?:\d+.){3}\d+):\d{1,4}$">
2251
2772
  <description>A banner consisting of an IP address and port -- assert nothing.</description>
2252
2773
  <example>192.168.0.4:9999</example>
2253
2774
  </fingerprint>
2775
+
2254
2776
  <fingerprint pattern="^Web-Server/(?:\d+\.+\d+)$">
2255
2777
  <description>Obfuscated web server -- assert nothing.</description>
2256
2778
  <example>Web-Server/3.0</example>
2257
2779
  </fingerprint>
2780
+
2258
2781
  <fingerprint pattern="^httpd$">
2259
2782
  <description>httpd - generic -- assert nothing.</description>
2260
2783
  <example>httpd</example>
2261
2784
  </fingerprint>
2785
+
2262
2786
  <!-- Service provider equipment (CDNs, etc) -->
2787
+
2263
2788
  <fingerprint pattern="^AkamaiGHost$">
2264
2789
  <description>Akamai Global Host</description>
2265
2790
  <example>AkamaiGHost</example>
@@ -2268,6 +2793,7 @@
2268
2793
  <param pos="0" name="os.vendor" value="Akamai"/>
2269
2794
  <param pos="0" name="os.device" value="Web proxy"/>
2270
2795
  </fingerprint>
2796
+
2271
2797
  <fingerprint pattern="^gws$">
2272
2798
  <description>Google Web Services</description>
2273
2799
  <example>gws</example>
@@ -2275,6 +2801,7 @@
2275
2801
  <param pos="0" name="service.product" value="Google Web Services"/>
2276
2802
  <param pos="0" name="service.family" value="Google Web Server"/>
2277
2803
  </fingerprint>
2804
+
2278
2805
  <fingerprint pattern="^GFE/((?:\d+\.)*\d+)$">
2279
2806
  <description>Google Front End for apps running on Google services.</description>
2280
2807
  <example>GFE/1.3</example>
@@ -2284,6 +2811,7 @@
2284
2811
  <param pos="0" name="service.family" value="Google Web Server"/>
2285
2812
  <param pos="1" name="service.version"/>
2286
2813
  </fingerprint>
2814
+
2287
2815
  <fingerprint pattern="^CloudFront$">
2288
2816
  <description>Amazon CloudFront web load balancer endpoint</description>
2289
2817
  <example>CloudFront</example>
@@ -2291,30 +2819,35 @@
2291
2819
  <param pos="0" name="service.product" value="CloudFront Load Balancer"/>
2292
2820
  <param pos="0" name="service.family" value="CloudFront"/>
2293
2821
  </fingerprint>
2822
+
2294
2823
  <fingerprint pattern="^Amazon-Cloud-Drive$">
2295
2824
  <description>Amazon Cloud Drive / Drive</description>
2296
2825
  <example>Amazon-Cloud-Drive</example>
2297
2826
  <param pos="0" name="service.vendor" value="Amazon"/>
2298
2827
  <param pos="0" name="service.product" value="Drive"/>
2299
2828
  </fingerprint>
2829
+
2300
2830
  <fingerprint pattern="^AmazonS3$">
2301
2831
  <description>Amazon S3 (Simple Cloud Storage Service)</description>
2302
2832
  <example>AmazonS3</example>
2303
2833
  <param pos="0" name="service.vendor" value="Amazon"/>
2304
2834
  <param pos="0" name="service.product" value="S3"/>
2305
2835
  </fingerprint>
2836
+
2306
2837
  <fingerprint pattern="^Amazon SimpleDB$">
2307
2838
  <description>Amazon SimpleDB / Simple Database Service</description>
2308
2839
  <example>Amazon SimpleDB</example>
2309
2840
  <param pos="0" name="service.vendor" value="Amazon"/>
2310
2841
  <param pos="0" name="service.product" value="SimpleDB"/>
2311
2842
  </fingerprint>
2843
+
2312
2844
  <fingerprint pattern="^AmazonSnowball$">
2313
2845
  <description>Amazon Snowball</description>
2314
2846
  <example>AmazonSnowball</example>
2315
2847
  <param pos="0" name="service.vendor" value="Amazon"/>
2316
2848
  <param pos="0" name="service.product" value="Snowball"/>
2317
2849
  </fingerprint>
2850
+
2318
2851
  <fingerprint pattern="^awselb/([\d.rc]+)$">
2319
2852
  <description>Amazon Elastic Load Balancing</description>
2320
2853
  <example service.version="2.0">awselb/2.0</example>
@@ -2322,6 +2855,7 @@
2322
2855
  <param pos="0" name="service.family" value="Elastic Load Balancing"/>
2323
2856
  <param pos="1" name="service.version"/>
2324
2857
  </fingerprint>
2858
+
2325
2859
  <fingerprint pattern="^cloudflare(?:-nginx)?$">
2326
2860
  <description>CloudFlare web load balancer endpoint</description>
2327
2861
  <example>cloudflare-nginx</example>
@@ -2330,13 +2864,18 @@
2330
2864
  <param pos="0" name="service.product" value="CloudFlare Load Balancer"/>
2331
2865
  <param pos="0" name="service.family" value="CloudFlare"/>
2332
2866
  </fingerprint>
2867
+
2333
2868
  <fingerprint pattern="^gSOAP/([\d\.]+)$">
2334
2869
  <description>gSOAP</description>
2335
2870
  <example service.version="2.7">gSOAP/2.7</example>
2871
+ <param pos="0" name="service.vendor" value="Genivia"/>
2336
2872
  <param pos="0" name="service.product" value="gSOAP"/>
2337
2873
  <param pos="1" name="service.version"/>
2874
+ <param pos="0" name="service.cpe23" value="cpe:/a:genivia:gsoap:{service.version}"/>
2338
2875
  </fingerprint>
2876
+
2339
2877
  <!-- Apple QuickTime streaming server -->
2878
+
2340
2879
  <fingerprint pattern="^QTSS\/([\d\.]+) \(Build\/[\d\.]+; Platform\/MacOSX; Release\/Panther">
2341
2880
  <description>QTSS on OS X 10.3</description>
2342
2881
  <example service.version="5.0">QTSS/5.0 (Build/452; Platform/MacOSX; Release/Panther; )</example>
@@ -2349,6 +2888,7 @@
2349
2888
  <param pos="0" name="service.product" value="QTSS"/>
2350
2889
  <param pos="1" name="service.version"/>
2351
2890
  </fingerprint>
2891
+
2352
2892
  <fingerprint pattern="^QTSS\/([\d\.]+) \(Build\/[\d\.]+; Platform\/MacOSX; Release\/Mac OS X">
2353
2893
  <description>QTSS OS X</description>
2354
2894
  <example service.version="6.1.0">QTSS/6.1.0 (Build/532; Platform/MacOSX; Release/Mac OS X Server; )</example>
@@ -2359,13 +2899,25 @@
2359
2899
  <param pos="0" name="service.product" value="QTSS"/>
2360
2900
  <param pos="1" name="service.version"/>
2361
2901
  </fingerprint>
2902
+
2362
2903
  <fingerprint pattern="^SEPM$">
2363
2904
  <description>Symantec Endpoint Protection Manager</description>
2364
2905
  <example>SEPM</example>
2365
2906
  <param pos="0" name="service.vendor" value="Symantec"/>
2366
- <param pos="0" name="service.product" value="Symantec Endpoint Protection Manager"/>
2367
- <param pos="0" name="service.family" value="Symantec Endpoint Protection Manager"/>
2907
+ <param pos="0" name="service.product" value="Endpoint Protection Manager"/>
2908
+ <param pos="0" name="service.family" value="Endpoint Protection Manager"/>
2909
+ <param pos="0" name="service.cpe23" value="cpe:/a:symantec:endpoint_protection_manager:-"/>
2368
2910
  </fingerprint>
2911
+
2912
+ <fingerprint pattern="^Symantec Endpoint Protection Manager$">
2913
+ <description>Symantec Endpoint Protection Manager - long variant</description>
2914
+ <example>Symantec Endpoint Protection Manager</example>
2915
+ <param pos="0" name="service.vendor" value="Symantec"/>
2916
+ <param pos="0" name="service.product" value="Endpoint Protection Manager"/>
2917
+ <param pos="0" name="service.family" value="Endpoint Protection Manager"/>
2918
+ <param pos="0" name="service.cpe23" value="cpe:/a:symantec:endpoint_protection_manager:-"/>
2919
+ </fingerprint>
2920
+
2369
2921
  <fingerprint pattern="^Intel\(R\) Active Management Technology\s(\d+\.\d+\.\d+\.\d+|\d+\.\d+\.\d+|\d+\.\d+)">
2370
2922
  <description>Intel(R) Active Management Technology (AMT) with a version</description>
2371
2923
  <example service.version="7.1.86">Intel(R) Active Management Technology 7.1.86</example>
@@ -2374,6 +2926,7 @@
2374
2926
  <param pos="0" name="service.family" value="Intel(R) Active Management Technology"/>
2375
2927
  <param pos="1" name="service.version"/>
2376
2928
  </fingerprint>
2929
+
2377
2930
  <fingerprint pattern="^(?:AMT|Intel\(R\) Active Management Technology)$">
2378
2931
  <description>Intel(R) Active Management Technology (AMT) without a version</description>
2379
2932
  <example>AMT</example>
@@ -2382,6 +2935,7 @@
2382
2935
  <param pos="0" name="service.product" value="Intel(R) Active Management Technology"/>
2383
2936
  <param pos="0" name="service.family" value="Intel(R) Active Management Technology"/>
2384
2937
  </fingerprint>
2938
+
2385
2939
  <fingerprint pattern="^Intel\(R\) Standard Manageability\s(\d+\.\d+\.\d+\.\d+|\d+\.\d+\.\d+|\d+\.\d+)">
2386
2940
  <description>Intel(R) Standard Manageability</description>
2387
2941
  <example service.version="5.0.50">Intel(R) Standard Manageability 5.0.50</example>
@@ -2391,20 +2945,24 @@
2391
2945
  <param pos="0" name="service.family" value="Intel(R) Active Management Technology"/>
2392
2946
  <param pos="1" name="service.version"/>
2393
2947
  </fingerprint>
2948
+
2394
2949
  <fingerprint pattern="^Sunny WebBox$">
2395
2950
  <description>Sunny WebBox</description>
2396
2951
  <example>Sunny WebBox</example>
2397
- <param pos="0" name="service.vendor" value="SMA Solar Technology Ag"/>
2952
+ <param pos="0" name="service.vendor" value="SMA"/>
2398
2953
  <param pos="0" name="service.family" value="Sunny"/>
2399
- <param pos="0" name="service.product" value="WebBox"/>
2954
+ <param pos="0" name="service.product" value="Sunny WebBox"/>
2955
+ <param pos="0" name="hw.vendor" value="SMA"/>
2400
2956
  <param pos="0" name="hw.family" value="Sunny"/>
2401
- <param pos="0" name="hw.product" value="WebBox"/>
2957
+ <param pos="0" name="hw.product" value="Sunny WebBox"/>
2402
2958
  <param pos="0" name="hw.device" value="Power device"/>
2959
+ <param pos="0" name="hw.cpe23" value="cpe:/h:sma:sunny_webbox:-"/>
2403
2960
  <param pos="0" name="os.vendor" value="Microsoft"/>
2404
2961
  <param pos="0" name="os.family" value="Windows"/>
2405
2962
  <param pos="0" name="os.product" value="Windows CE"/>
2406
2963
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:-"/>
2407
2964
  </fingerprint>
2965
+
2408
2966
  <fingerprint pattern="^EnergyICT RTU \d+-\w+-\d+$">
2409
2967
  <description>EnergyICT RTU</description>
2410
2968
  <example>EnergyICT RTU 101-F25CE1-1524</example>
@@ -2412,6 +2970,7 @@
2412
2970
  <param pos="0" name="hw.product" value="RTU"/>
2413
2971
  <param pos="0" name="hw.device" value="Power device"/>
2414
2972
  </fingerprint>
2973
+
2415
2974
  <fingerprint pattern="^AV-TECH AV787 Video Web Server$">
2416
2975
  <description>AV-TECH AVC787 Video Web Server</description>
2417
2976
  <example>AV-TECH AV787 Video Web Server</example>
@@ -2422,11 +2981,13 @@
2422
2981
  <param pos="0" name="hw.product" value="AVC787"/>
2423
2982
  <param pos="0" name="hw.device" value="DVR"/>
2424
2983
  </fingerprint>
2984
+
2425
2985
  <fingerprint pattern="^Splunkd$">
2426
2986
  <description>Splunk HTTP server used in the web interface, forwarders, indexers and more</description>
2427
2987
  <example>Splunkd</example>
2428
2988
  <param pos="0" name="service.vendor" value="Splunk"/>
2429
2989
  </fingerprint>
2990
+
2430
2991
  <fingerprint pattern="^tivo-httpd-\S+$">
2431
2992
  <description>Tivo DVR</description>
2432
2993
  <example>tivo-httpd-1:20.7.4.RC35-D18-6:D18</example>
@@ -2434,6 +2995,7 @@
2434
2995
  <param pos="0" name="hw.family" value="DVR"/>
2435
2996
  <param pos="0" name="hw.device" value="DVR"/>
2436
2997
  </fingerprint>
2998
+
2437
2999
  <fingerprint pattern="^OpenTV/([\d\.]+)$">
2438
3000
  <description>OpenTV</description>
2439
3001
  <example os.version="5.40">OpenTV/5.40</example>
@@ -2443,7 +3005,28 @@
2443
3005
  <param pos="1" name="os.version"/>
2444
3006
  <param pos="0" name="hw.device" value="DVR"/>
2445
3007
  </fingerprint>
3008
+
3009
+ <fingerprint pattern="^kong/([\d.]+)$">
3010
+ <description>Kong Gateway</description>
3011
+ <example service.version="1.2.1">kong/1.2.1</example>
3012
+ <param pos="0" name="service.vendor" value="Kong"/>
3013
+ <param pos="0" name="service.family" value="Gateway"/>
3014
+ <param pos="0" name="service.product" value="Gateway"/>
3015
+ <param pos="1" name="service.version"/>
3016
+ </fingerprint>
3017
+
3018
+ <fingerprint pattern="^kong/([\d.-]+)-enterprise-edition$">
3019
+ <description>Kong Gateway - Enterprise Edition</description>
3020
+ <example service.version="0.30">kong/0.30-enterprise-edition</example>
3021
+ <example service.version="0.35-1">kong/0.35-1-enterprise-edition</example>
3022
+ <param pos="0" name="service.vendor" value="Kong"/>
3023
+ <param pos="0" name="service.family" value="Gateway"/>
3024
+ <param pos="0" name="service.product" value="Gateway"/>
3025
+ <param pos="1" name="service.version"/>
3026
+ </fingerprint>
3027
+
2446
3028
  <!-- Tridium previously had a product with the 'Niagra' spelling -->
3029
+
2447
3030
  <fingerprint pattern="^Niagara Web Server\/([\d.]+)$">
2448
3031
  <description>Tridium Niagara AX Framework</description>
2449
3032
  <example service.version="3.8.111">Niagara Web Server/3.8.111</example>
@@ -2452,6 +3035,7 @@
2452
3035
  <param pos="0" name="service.product" value="Niagara AX"/>
2453
3036
  <param pos="1" name="service.version"/>
2454
3037
  </fingerprint>
3038
+
2455
3039
  <fingerprint pattern="^Microsoft WinCE Fidelix v([\d.]+)$">
2456
3040
  <description>Fidelix Industrial Control Web Server</description>
2457
3041
  <example service.version="11.50.29">Microsoft WinCE Fidelix v11.50.29</example>
@@ -2466,12 +3050,14 @@
2466
3050
  <param pos="0" name="hw.vendor" value="Fidelix"/>
2467
3051
  <param pos="0" name="hw.device" value="Industrial Control"/>
2468
3052
  </fingerprint>
3053
+
2469
3054
  <fingerprint pattern="^chainpoint-node$">
2470
3055
  <description>Chainpoint Node</description>
2471
3056
  <example>chainpoint-node</example>
2472
3057
  <param pos="0" name="service.vendor" value="Chainpoint"/>
2473
3058
  <param pos="0" name="service.product" value="Node"/>
2474
3059
  </fingerprint>
3060
+
2475
3061
  <fingerprint pattern="(?i)^(.*) UPnP/[\d\.]+\s+AVM FRITZ!(.*) ([\d\.]+)$">
2476
3062
  <description>AVM FRITZ! devices of various types</description>
2477
3063
  <example host.name="some thing" os.product="WLAN Repeater 1750E" os.version="134.07.01">some thing UPnP/1.0 AVM FRITZ!WLAN Repeater 1750E 134.07.01</example>
@@ -2481,71 +3067,89 @@
2481
3067
  <param pos="3" name="os.version"/>
2482
3068
  <param pos="1" name="host.name"/>
2483
3069
  </fingerprint>
3070
+
2484
3071
  <fingerprint pattern="(?i)^Linux/(\S+) UPnP/[\d\.]+ miniupnpd/([\d\.]+)$">
2485
3072
  <description>Linux MiniUPnPd UPnP Server</description>
2486
- <example>Linux/Cross_compiled UPnP/1.0 miniupnpd/1.0</example>
3073
+ <example service.version="1.0">Linux/Cross_compiled UPnP/1.0 miniupnpd/1.0</example>
2487
3074
  <example>Linux/2.6.29.6-217.2.3.fc11.i686.PAE UPnP/1.0 miniupnpd/1.0</example>
2488
3075
  <example>Linux/2.4.21 UPnP/1.0 miniupnpd/1.0</example>
3076
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2489
3077
  <param pos="0" name="service.product" value="MiniUPnP"/>
2490
3078
  <param pos="2" name="service.version"/>
3079
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2491
3080
  <param pos="0" name="os.vendor" value="Linux"/>
2492
3081
  <param pos="0" name="os.product" value="Linux"/>
2493
3082
  <param pos="1" name="os.version"/>
2494
3083
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2495
3084
  </fingerprint>
3085
+
2496
3086
  <fingerprint pattern="^Tomato UPnP/\S+ MiniUPnPd/(\S+)$">
2497
3087
  <description>Tomato UPnP Server</description>
2498
- <example>Tomato UPnP/1.0 MiniUPnPd/1.2</example>
2499
- <example>Tomato UPnP/1.0 MiniUPnPd/1.4</example>
2500
- <param pos="0" name="service.vendor" value="Tomato"/>
3088
+ <example service.version="1.2">Tomato UPnP/1.0 MiniUPnPd/1.2</example>
3089
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2501
3090
  <param pos="0" name="service.product" value="MiniUPnP"/>
2502
3091
  <param pos="1" name="service.version"/>
3092
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2503
3093
  </fingerprint>
2504
- <fingerprint pattern="(?i)^(RT-\w+) UPnP/\S+ MiniUPnPd/(\S+)$">
3094
+
3095
+ <fingerprint pattern="(?i)^(RT-\w+) UPnP/\S+ MiniUPnPd/([\d.]+)$">
2505
3096
  <description>Asus WAP UPnP Server</description>
2506
- <example>RT-G32 UPnP/1.0 MiniUPnPd/1.2</example>
3097
+ <example service.version="1.2">RT-G32 UPnP/1.0 MiniUPnPd/1.2</example>
3098
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2507
3099
  <param pos="0" name="service.product" value="MiniUPnP"/>
2508
3100
  <param pos="2" name="service.version"/>
3101
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2509
3102
  <param pos="0" name="os.vendor" value="Asus"/>
2510
3103
  <param pos="1" name="os.product"/>
2511
3104
  <param pos="0" name="os.device" value="WAP"/>
2512
3105
  </fingerprint>
2513
- <fingerprint pattern="(?i)^DrayTek/Vigor(\S+) UPnP/\S+ miniupnpd/(\S+)$">
3106
+
3107
+ <fingerprint pattern="(?i)^DrayTek/Vigor(\S+) UPnP/\S+ miniupnpd/([\d.]+)$">
2514
3108
  <description>DrayTek Vigor router UPnP Server</description>
2515
- <example hw.model="2130">DrayTek/Vigor2130 UPnP/1.0 miniupnpd/1.0</example>
3109
+ <example service.version="1.0" hw.model="2130">DrayTek/Vigor2130 UPnP/1.0 miniupnpd/1.0</example>
3110
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2516
3111
  <param pos="0" name="service.product" value="MiniUPnP"/>
2517
3112
  <param pos="2" name="service.version"/>
3113
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2518
3114
  <param pos="0" name="hw.vendor" value="DrayTek"/>
2519
3115
  <param pos="0" name="hw.product" value="Vigor"/>
2520
3116
  <param pos="1" name="hw.model"/>
2521
3117
  <param pos="0" name="hw.device" value="Router"/>
2522
3118
  </fingerprint>
3119
+
2523
3120
  <fingerprint pattern="(?i)Linux UPnP/\d\.\d Huawei-ATP-IGD$">
2524
3121
  <description>Huawei Echolife / Home Gateway (and possibly other) devices with UPnP</description>
2525
3122
  <example>Linux UPnP/1.0 Huawei-ATP-IGD</example>
2526
3123
  <param pos="0" name="hw.vendor" value="Huawei"/>
2527
3124
  <param pos="0" name="hw.device" value="Broadband router"/>
2528
3125
  </fingerprint>
2529
- <fingerprint pattern="(?i)^OpenWRT/kamikaze UPnP/\S+ MiniUPnPd/(\S+)$">
3126
+
3127
+ <fingerprint pattern="(?i)^OpenWRT/kamikaze UPnP/\S+ MiniUPnPd/([\d.]+)$">
2530
3128
  <description>OpenWRT Kamikaze WAP UPnP Server</description>
2531
- <example>OpenWRT/kamikaze UPnP/1.0 MiniUPnPd/1.5</example>
2532
- <example>OpenWRT/kamikaze UPnP/1.0 MiniUPnPd/1.2</example>
2533
- <example>OpenWRT/kamikaze UPnP/1.0 MiniUPnPd/1.4</example>
3129
+ <example service.version="1.5">OpenWRT/kamikaze UPnP/1.0 MiniUPnPd/1.5</example>
3130
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2534
3131
  <param pos="0" name="service.product" value="MiniUPnP"/>
2535
3132
  <param pos="1" name="service.version"/>
3133
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2536
3134
  <param pos="0" name="os.vendor" value="Linux"/>
2537
3135
  <param pos="0" name="os.family" value="OpenWRT"/>
2538
3136
  <param pos="0" name="os.product" value="Kamikaze"/>
2539
3137
  <param pos="0" name="os.device" value="WAP"/>
2540
3138
  </fingerprint>
2541
- <fingerprint pattern="(?i)^Netgear/\S+ UPnP/\S+ miniupnpd/(\S+)$">
3139
+
3140
+ <fingerprint pattern="(?i)^Netgear/\S+ UPnP/\S+ miniupnpd/([\d.]+)$">
2542
3141
  <description>Netgear DG834G or WNDR3300 WAP UPnP Server</description>
2543
- <example>Netgear/1.0 UPnP/1.0 miniupnpd/1.0</example>
3142
+ <example service.version="1.0">Netgear/1.0 UPnP/1.0 miniupnpd/1.0</example>
3143
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2544
3144
  <param pos="0" name="service.product" value="MiniUPnP"/>
2545
3145
  <param pos="1" name="service.version"/>
3146
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2546
3147
  <param pos="0" name="os.vendor" value="Netgear"/>
2547
3148
  <param pos="0" name="os.device" value="WAP"/>
3149
+ <param pos="0" name="hw.vendor" value="Netgear"/>
3150
+ <param pos="0" name="hw.device" value="WAP"/>
2548
3151
  </fingerprint>
3152
+
2549
3153
  <fingerprint pattern="^[^/]+/(\S+) DLNADOC/\S+ UPnP/\S+ MiniDLNA/(\S+)$">
2550
3154
  <description>DLNADOC UPnP Server</description>
2551
3155
  <example>Debian/4.0r8 DLNADOC/1.50 UPnP/1.0 MiniDLNA/1.0</example>
@@ -2558,224 +3162,288 @@
2558
3162
  <param pos="1" name="os.version"/>
2559
3163
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2560
3164
  </fingerprint>
3165
+
2561
3166
  <fingerprint pattern="(?i)^Debian\/(\S+) UPnP/\S+ MiniUPnPd/(\S+)$">
2562
3167
  <description>miniupnpd on a Debian variant</description>
2563
3168
  <example os.version="wheezy/sid" service.version="1.8">Debian/wheezy/sid UPnP/1.1 MiniUPnPd/1.8</example>
2564
3169
  <example os.version="4.0" service.version="1.0">Debian/4.0 UPnP/1.0 miniupnpd/1.0</example>
3170
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2565
3171
  <param pos="0" name="service.product" value="MiniUPnP"/>
2566
3172
  <param pos="2" name="service.version"/>
3173
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2567
3174
  <param pos="0" name="os.vendor" value="Debian"/>
2568
3175
  <param pos="0" name="os.product" value="Linux"/>
2569
3176
  <param pos="0" name="os.certainty" value="0.5"/>
2570
3177
  <param pos="1" name="os.version"/>
2571
3178
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:{os.version}"/>
2572
3179
  </fingerprint>
3180
+
2573
3181
  <fingerprint pattern="(?i)^Fedora(?:Core)?\/(\S+) UPnP/\S+ MiniUPnPd/(\S+)$">
2574
3182
  <description>miniupnpd on a Fedora variant</description>
2575
3183
  <example os.version="10" service.version="1.4">Fedora/10 UPnP/1.0 MiniUPnPd/1.4</example>
2576
3184
  <example os.version="8" service.version="1.0">Fedora/8 UPnP/1.0 miniupnpd/1.0</example>
2577
3185
  <example os.version="6" service.version="1.0">FedoraCore/6 UPnP/1.0 miniupnpd/1.0</example>
3186
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2578
3187
  <param pos="0" name="service.product" value="MiniUPnP"/>
2579
3188
  <param pos="2" name="service.version"/>
3189
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2580
3190
  <param pos="0" name="os.family" value="Linux"/>
2581
3191
  <param pos="0" name="os.vendor" value="Red Hat"/>
2582
3192
  <param pos="0" name="os.product" value="Fedora Core Linux"/>
2583
3193
  <param pos="1" name="os.version"/>
2584
3194
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:{os.version}"/>
2585
3195
  </fingerprint>
3196
+
2586
3197
  <fingerprint pattern="(?i)^Ubuntu\/([\d\.]+) UPnP/\S+ MiniUPnPd/(\S+)$">
2587
3198
  <description>miniupnpd on an Ubuntu variant</description>
2588
3199
  <example os.version="10.04" service.version="1.0">Ubuntu/10.04 UPnP/1.0 miniupnpd/1.0</example>
2589
3200
  <example os.version="10.10" service.version="1.0">Ubuntu/10.10 UPnP/1.0 miniupnpd/1.0</example>
2590
3201
  <example os.version="7.10" service.version="1.0">Ubuntu/7.10 UPnP/1.0 miniupnpd/1.0</example>
2591
3202
  <example os.version="9.04" service.version="1.0">Ubuntu/9.04 UPnP/1.0 miniupnpd/1.0</example>
3203
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2592
3204
  <param pos="0" name="service.product" value="MiniUPnP"/>
2593
3205
  <param pos="2" name="service.version"/>
3206
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2594
3207
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2595
3208
  <param pos="0" name="os.product" value="Linux"/>
2596
3209
  <param pos="1" name="os.version"/>
2597
3210
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:{os.version}"/>
2598
3211
  </fingerprint>
3212
+
2599
3213
  <fingerprint pattern="(?i)^Ubuntu\/bionic UPnP/\S+ MiniUPnPd/(\S+)$">
2600
3214
  <description>miniupnpd on an Ubuntu bionic/18.04</description>
2601
3215
  <example os.version="18.04" service.version="1.4">Ubuntu/bionic UPnP/1.0 MiniUPnPd/1.4</example>
3216
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2602
3217
  <param pos="0" name="service.product" value="MiniUPnP"/>
2603
3218
  <param pos="1" name="service.version"/>
3219
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2604
3220
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2605
3221
  <param pos="0" name="os.product" value="Linux"/>
2606
3222
  <param pos="0" name="os.version" value="18.04"/>
2607
3223
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:18.04"/>
2608
3224
  </fingerprint>
3225
+
2609
3226
  <fingerprint pattern="(?i)^Ubuntu\/yakkety UPnP/\S+ MiniUPnPd/(\S+)$">
2610
3227
  <description>miniupnpd on an Ubuntu yakkety/16.10</description>
2611
3228
  <example os.version="16.10" service.version="1.4">Ubuntu/yakkety UPnP/1.0 MiniUPnPd/1.4</example>
3229
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2612
3230
  <param pos="0" name="service.product" value="MiniUPnP"/>
2613
3231
  <param pos="1" name="service.version"/>
3232
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2614
3233
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2615
3234
  <param pos="0" name="os.product" value="Linux"/>
2616
3235
  <param pos="0" name="os.version" value="16.10"/>
2617
3236
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:16.10"/>
2618
3237
  </fingerprint>
3238
+
2619
3239
  <fingerprint pattern="(?i)^Ubuntu\/xenial UPnP/\S+ MiniUPnPd/(\S+)$">
2620
3240
  <description>miniupnpd on an Ubuntu xenial/16.04</description>
2621
3241
  <example os.version="16.04" service.version="1.4">Ubuntu/xenial UPnP/1.0 MiniUPnPd/1.4</example>
3242
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2622
3243
  <param pos="0" name="service.product" value="MiniUPnP"/>
2623
3244
  <param pos="1" name="service.version"/>
3245
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2624
3246
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2625
3247
  <param pos="0" name="os.product" value="Linux"/>
2626
3248
  <param pos="0" name="os.version" value="16.04"/>
2627
3249
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:16.04"/>
2628
3250
  </fingerprint>
3251
+
2629
3252
  <fingerprint pattern="(?i)^Ubuntu\/utopic UPnP/\S+ MiniUPnPd/(\S+)$">
2630
3253
  <description>miniupnpd on an Ubuntu utopic/14.10</description>
2631
3254
  <example os.version="14.10" service.version="1.4">Ubuntu/utopic UPnP/1.0 MiniUPnPd/1.4</example>
3255
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2632
3256
  <param pos="0" name="service.product" value="MiniUPnP"/>
2633
3257
  <param pos="1" name="service.version"/>
3258
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2634
3259
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2635
3260
  <param pos="0" name="os.product" value="Linux"/>
2636
3261
  <param pos="0" name="os.version" value="14.10"/>
2637
3262
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:14.10"/>
2638
3263
  </fingerprint>
3264
+
2639
3265
  <fingerprint pattern="(?i)^Ubuntu\/trusty UPnP/\S+ MiniUPnPd/(\S+)$">
2640
3266
  <description>miniupnpd on an Ubuntu trusty/14.04</description>
2641
3267
  <example os.version="14.04" service.version="1.4">Ubuntu/trusty UPnP/1.0 MiniUPnPd/1.4</example>
3268
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2642
3269
  <param pos="0" name="service.product" value="MiniUPnP"/>
2643
3270
  <param pos="1" name="service.version"/>
3271
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2644
3272
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2645
3273
  <param pos="0" name="os.product" value="Linux"/>
2646
3274
  <param pos="0" name="os.version" value="14.04"/>
2647
3275
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:14.04"/>
2648
3276
  </fingerprint>
3277
+
2649
3278
  <fingerprint pattern="(?i)^Ubuntu\/saucy UPnP/\S+ MiniUPnPd/(\S+)$">
2650
3279
  <description>miniupnpd on an Ubuntu saucy/13.10</description>
2651
3280
  <example os.version="13.10" service.version="1.4">Ubuntu/saucy UPnP/1.0 MiniUPnPd/1.4</example>
3281
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2652
3282
  <param pos="0" name="service.product" value="MiniUPnP"/>
2653
3283
  <param pos="1" name="service.version"/>
3284
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2654
3285
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2655
3286
  <param pos="0" name="os.product" value="Linux"/>
2656
3287
  <param pos="0" name="os.version" value="13.10"/>
2657
3288
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:13.10"/>
2658
3289
  </fingerprint>
3290
+
2659
3291
  <fingerprint pattern="(?i)^Ubuntu\/raring UPnP/\S+ MiniUPnPd/(\S+)$">
2660
3292
  <description>miniupnpd on an Ubuntu raring/13.04</description>
2661
3293
  <example os.version="13.04" service.version="1.4">Ubuntu/raring UPnP/1.0 MiniUPnPd/1.4</example>
3294
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2662
3295
  <param pos="0" name="service.product" value="MiniUPnP"/>
2663
3296
  <param pos="1" name="service.version"/>
3297
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2664
3298
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2665
3299
  <param pos="0" name="os.product" value="Linux"/>
2666
3300
  <param pos="0" name="os.version" value="13.04"/>
2667
3301
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:13.04"/>
2668
3302
  </fingerprint>
3303
+
2669
3304
  <fingerprint pattern="(?i)^Ubuntu\/quantal UPnP/\S+ MiniUPnPd/(\S+)$">
2670
3305
  <description>miniupnpd on an Ubuntu quantal/12.10</description>
2671
3306
  <example os.version="12.10" service.version="1.4">Ubuntu/quantal UPnP/1.0 MiniUPnPd/1.4</example>
3307
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2672
3308
  <param pos="0" name="service.product" value="MiniUPnP"/>
2673
3309
  <param pos="1" name="service.version"/>
3310
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2674
3311
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2675
3312
  <param pos="0" name="os.product" value="Linux"/>
2676
3313
  <param pos="0" name="os.version" value="12.10"/>
2677
3314
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:12.10"/>
2678
3315
  </fingerprint>
3316
+
2679
3317
  <fingerprint pattern="(?i)^Ubuntu\/precise UPnP/\S+ MiniUPnPd/(\S+)$">
2680
3318
  <description>miniupnpd on an Ubuntu precise/12.04</description>
2681
3319
  <example os.version="12.04" service.version="1.4">Ubuntu/precise UPnP/1.0 MiniUPnPd/1.4</example>
3320
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2682
3321
  <param pos="0" name="service.product" value="MiniUPnP"/>
2683
3322
  <param pos="1" name="service.version"/>
3323
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2684
3324
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2685
3325
  <param pos="0" name="os.product" value="Linux"/>
2686
3326
  <param pos="0" name="os.version" value="12.04"/>
2687
3327
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:12.04"/>
2688
3328
  </fingerprint>
3329
+
2689
3330
  <fingerprint pattern="(?i)^Ubuntu\/oneiric UPnP/\S+ MiniUPnPd/(\S+)$">
2690
3331
  <description>miniupnpd on an Ubuntu oneiric/11.10</description>
2691
3332
  <example os.version="11.10" service.version="1.4">Ubuntu/oneiric UPnP/1.0 MiniUPnPd/1.4</example>
3333
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2692
3334
  <param pos="0" name="service.product" value="MiniUPnP"/>
2693
3335
  <param pos="1" name="service.version"/>
3336
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2694
3337
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2695
3338
  <param pos="0" name="os.product" value="Linux"/>
2696
3339
  <param pos="0" name="os.version" value="11.10"/>
2697
3340
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:11.10"/>
2698
3341
  </fingerprint>
3342
+
2699
3343
  <fingerprint pattern="(?i)^Ubuntu\/natty UPnP/\S+ MiniUPnPd/(\S+)$">
2700
3344
  <description>miniupnpd on an Ubuntu natty/11.04</description>
2701
3345
  <example os.version="11.04" service.version="1.4">Ubuntu/natty UPnP/1.0 MiniUPnPd/1.4</example>
3346
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2702
3347
  <param pos="0" name="service.product" value="MiniUPnP"/>
2703
3348
  <param pos="1" name="service.version"/>
3349
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2704
3350
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2705
3351
  <param pos="0" name="os.product" value="Linux"/>
2706
3352
  <param pos="0" name="os.version" value="11.04"/>
2707
3353
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:11.04"/>
2708
3354
  </fingerprint>
3355
+
2709
3356
  <fingerprint pattern="(?i)^Ubuntu\/maverick UPnP/\S+ MiniUPnPd/(\S+)$">
2710
3357
  <description>miniupnpd on an Ubuntu maverick/10.10</description>
2711
3358
  <example os.version="10.10" service.version="1.4">Ubuntu/maverick UPnP/1.0 MiniUPnPd/1.4</example>
3359
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2712
3360
  <param pos="0" name="service.product" value="MiniUPnP"/>
2713
3361
  <param pos="1" name="service.version"/>
3362
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2714
3363
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2715
3364
  <param pos="0" name="os.product" value="Linux"/>
2716
3365
  <param pos="0" name="os.version" value="10.10"/>
2717
3366
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:10.10"/>
2718
3367
  </fingerprint>
3368
+
2719
3369
  <fingerprint pattern="(?i)^Ubuntu\/lucid UPnP/\S+ MiniUPnPd/(\S+)$">
2720
3370
  <description>miniupnpd on an Ubuntu lucid/10.04</description>
2721
3371
  <example os.version="10.04" service.version="1.4">Ubuntu/lucid UPnP/1.0 MiniUPnPd/1.4</example>
3372
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2722
3373
  <param pos="0" name="service.product" value="MiniUPnP"/>
2723
3374
  <param pos="1" name="service.version"/>
3375
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2724
3376
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2725
3377
  <param pos="0" name="os.product" value="Linux"/>
2726
3378
  <param pos="0" name="os.version" value="10.04"/>
2727
3379
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:10.04"/>
2728
3380
  </fingerprint>
3381
+
2729
3382
  <fingerprint pattern="(?i)^Ubuntu\/karmic UPnP/\S+ MiniUPnPd/(\S+)$">
2730
3383
  <description>miniupnpd on an Ubuntu karmic/9.10</description>
2731
3384
  <example os.version="9.10" service.version="1.4">Ubuntu/karmic UPnP/1.0 MiniUPnPd/1.4</example>
3385
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2732
3386
  <param pos="0" name="service.product" value="MiniUPnP"/>
2733
3387
  <param pos="1" name="service.version"/>
3388
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2734
3389
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2735
3390
  <param pos="0" name="os.product" value="Linux"/>
2736
3391
  <param pos="0" name="os.version" value="9.10"/>
2737
3392
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:9.10"/>
2738
3393
  </fingerprint>
3394
+
2739
3395
  <fingerprint pattern="(?i)^Ubuntu\/jaunty UPnP/\S+ MiniUPnPd/(\S+)$">
2740
3396
  <description>miniupnpd on an Ubuntu jaunty/9.04</description>
2741
3397
  <example os.version="9.04" service.version="1.4">Ubuntu/jaunty UPnP/1.0 MiniUPnPd/1.4</example>
3398
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2742
3399
  <param pos="0" name="service.product" value="MiniUPnP"/>
2743
3400
  <param pos="1" name="service.version"/>
3401
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2744
3402
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2745
3403
  <param pos="0" name="os.product" value="Linux"/>
2746
3404
  <param pos="0" name="os.version" value="9.04"/>
2747
3405
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:9.04"/>
2748
3406
  </fingerprint>
3407
+
2749
3408
  <fingerprint pattern="(?i)^Ubuntu\/hardy UPnP/\S+ MiniUPnPd/(\S+)$">
2750
3409
  <description>miniupnpd on an Ubuntu hardy/8.04</description>
2751
3410
  <example os.version="8.04" service.version="1.4">Ubuntu/hardy UPnP/1.0 MiniUPnPd/1.4</example>
3411
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2752
3412
  <param pos="0" name="service.product" value="MiniUPnP"/>
2753
3413
  <param pos="1" name="service.version"/>
3414
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2754
3415
  <param pos="0" name="os.vendor" value="Ubuntu"/>
2755
3416
  <param pos="0" name="os.product" value="Linux"/>
2756
3417
  <param pos="0" name="os.version" value="8.04"/>
2757
3418
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:8.04"/>
2758
3419
  </fingerprint>
3420
+
2759
3421
  <fingerprint pattern="(?i)^Linux Mips (\S+) UPnP/\S+ MiniUPnPd/(\S+)$">
2760
3422
  <description>Linux MIPS UPnP Server</description>
2761
3423
  <example>Linux Mips 2.4.20 UPnP/1.0 MiniUPnPd/1.2</example>
3424
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2762
3425
  <param pos="0" name="service.product" value="MiniUPnP"/>
2763
3426
  <param pos="2" name="service.version"/>
3427
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2764
3428
  <param pos="0" name="os.vendor" value="Linux"/>
2765
3429
  <param pos="0" name="os.product" value="Linux"/>
2766
3430
  <param pos="1" name="os.version"/>
2767
3431
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2768
3432
  </fingerprint>
3433
+
2769
3434
  <fingerprint pattern="(?i)^SmoothWall Express/(\S+) UPnP/\S+ miniupnpd/(\S+)$">
2770
3435
  <description>Smoothwall Express UPnP Server</description>
2771
3436
  <example os.version="3.0" service.version="1.0">SmoothWall Express/3.0 UPnP/1.0 miniupnpd/1.0</example>
2772
- <param pos="0" name="os.vendor" value="Smoothwall"/>
2773
- <param pos="0" name="os.product" value="Smoothwall"/>
3437
+ <param pos="0" name="os.vendor" value="SmoothWall"/>
3438
+ <param pos="0" name="os.product" value="SmoothWall"/>
2774
3439
  <param pos="1" name="os.version"/>
2775
3440
  <param pos="0" name="os.cpe23" value="cpe:/o:smoothwall:smoothwall:{os.version}"/>
3441
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
2776
3442
  <param pos="0" name="service.product" value="MiniUPnP"/>
2777
3443
  <param pos="2" name="service.version"/>
3444
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
2778
3445
  </fingerprint>
3446
+
2779
3447
  <fingerprint pattern="^(\S+) \d+/Service Pack \d+, UPnP/[\d\.]+, TVersity Media Server$">
2780
3448
  <description>TVersity Media Server UPnP Server with Service Pack</description>
2781
3449
  <example>5.2.3790 2/Service Pack 1, UPnP/1.0, TVersity Media Server</example>
@@ -2784,6 +3452,7 @@
2784
3452
  <param pos="0" name="service.product" value="Media Server"/>
2785
3453
  <param pos="1" name="service.version"/>
2786
3454
  </fingerprint>
3455
+
2787
3456
  <fingerprint pattern="^(\S+) 2/, UPnP/\S+, TVersity Media Server$">
2788
3457
  <description>TVersity Media Server UPnP Server</description>
2789
3458
  <example>6.2.8400 2/, UPnP/1.0, TVersity Media Server</example>
@@ -2794,6 +3463,7 @@
2794
3463
  <param pos="0" name="service.product" value="Media Server"/>
2795
3464
  <param pos="1" name="service.version"/>
2796
3465
  </fingerprint>
3466
+
2797
3467
  <fingerprint pattern="^LINUX/([\d\.]+) UPnP/[\d\.]+ BRCM400/([\d\.]+)$">
2798
3468
  <description>Belkin/Linksys BRCM400 Wireless Router UPnP Server</description>
2799
3469
  <example>LINUX/2.4 UPnP/1.0 BRCM400/1.0</example>
@@ -2805,6 +3475,7 @@
2805
3475
  <param pos="1" name="os.version"/>
2806
3476
  <param pos="0" name="os.device" value="Router"/>
2807
3477
  </fingerprint>
3478
+
2808
3479
  <fingerprint pattern="^Linux-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2809
3480
  <description>PlayStation3 Media Server UPnP Server - linux</description>
2810
3481
  <example>Linux-amd64-2.6.18-238.9.1.el5, UPnP/1.0, PMS/1.52.1</example>
@@ -2817,6 +3488,7 @@
2817
3488
  <param pos="1" name="os.version"/>
2818
3489
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2819
3490
  </fingerprint>
3491
+
2820
3492
  <fingerprint pattern="^Windows_XP-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2821
3493
  <description>PlayStation3 Media Server UPnP Server - Windows XP</description>
2822
3494
  <example>Windows_XP-amd64-5.2, UPnP/1.0, PMS/1.54.0</example>
@@ -2829,27 +3501,16 @@
2829
3501
  <param pos="1" name="os.version"/>
2830
3502
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:{os.version}"/>
2831
3503
  </fingerprint>
3504
+
2832
3505
  <fingerprint pattern="^Windows_7-x86-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2833
3506
  <description>PlayStation3 Media Server UPnP Server - Windows 7 x86</description>
2834
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.20</example>
3507
+ <example service.version="1.20">Windows_7-x86-6.1, UPnP/1.0, PMS/1.20</example>
2835
3508
  <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.22.0</example>
2836
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.25.1</example>
2837
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.51.0</example>
2838
3509
  <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.20.412</example>
2839
3510
  <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.71.0</example>
2840
3511
  <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.20.409</example>
2841
3512
  <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.72.0</example>
2842
3513
  <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.10.51</example>
2843
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.40.0</example>
2844
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.53.0</example>
2845
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.52.0</example>
2846
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.50.1</example>
2847
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.30.1</example>
2848
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.50.0</example>
2849
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.54.0</example>
2850
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.52.1</example>
2851
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.60.0</example>
2852
- <example>Windows_7-x86-6.1, UPnP/1.0, PMS/1.70.1</example>
2853
3514
  <param pos="0" name="service.vendor" value="Sony"/>
2854
3515
  <param pos="0" name="service.product" value="PMS"/>
2855
3516
  <param pos="2" name="service.version"/>
@@ -2858,6 +3519,7 @@
2858
3519
  <param pos="1" name="os.version"/>
2859
3520
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_7:{os.version}"/>
2860
3521
  </fingerprint>
3522
+
2861
3523
  <fingerprint pattern="^Windows_7-x86_64-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2862
3524
  <description>PlayStation3 Media Server UPnP Server - Windows 7 x86_64</description>
2863
3525
  <param pos="0" name="service.vendor" value="Sony"/>
@@ -2868,6 +3530,7 @@
2868
3530
  <param pos="1" name="os.version"/>
2869
3531
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_7:{os.version}"/>
2870
3532
  </fingerprint>
3533
+
2871
3534
  <fingerprint pattern="^Microsoft-Windows/6.2 UPnP/(?:\S+) UPnP-Device-Host/(?:\S+)$">
2872
3535
  <description>Windows 8 or Windows Server 2012 with unknown UPnP components</description>
2873
3536
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -2875,6 +3538,7 @@
2875
3538
  <param pos="0" name="os.certainty" value="0.65"/>
2876
3539
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_8:-"/>
2877
3540
  </fingerprint>
3541
+
2878
3542
  <fingerprint pattern="^Mac_OS_X-x86_64-(\S+), UPnP/[\d\.]+, PMS/([\d\.]+)$">
2879
3543
  <description>PlayStation3 Media Server UPnP Server - macOS x86_64</description>
2880
3544
  <example>Mac_OS_X-x86_64-10.5.8, UPnP/1.0, PMS/1.20</example>
@@ -2886,6 +3550,7 @@
2886
3550
  <param pos="1" name="os.version"/>
2887
3551
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
2888
3552
  </fingerprint>
3553
+
2889
3554
  <fingerprint pattern="^Linux/(\S+), UPnP/\S+, Free UPnP Entertainment Service/ReadyNAS$">
2890
3555
  <description>Free UPnP Entertainment Service UPnP Server - Linux on ReadyNAS</description>
2891
3556
  <param pos="0" name="service.product" value="FUPPES"/>
@@ -2898,6 +3563,7 @@
2898
3563
  <param pos="0" name="hw.family" value="ReadyNAS"/>
2899
3564
  <param pos="0" name="hw.product" value="ReadyNAS"/>
2900
3565
  </fingerprint>
3566
+
2901
3567
  <fingerprint pattern="^Linux/(\S+), UPnP/\S+, Free UPnP Entertainment Service/$">
2902
3568
  <description>Free UPnP Entertainment Service UPnP Server - Linux</description>
2903
3569
  <param pos="0" name="service.product" value="FUPPES"/>
@@ -2906,6 +3572,7 @@
2906
3572
  <param pos="1" name="os.version"/>
2907
3573
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2908
3574
  </fingerprint>
3575
+
2909
3576
  <fingerprint pattern="^FreeBSD/(\S+), UPnP/\S+, Free UPnP Entertainment Service/$">
2910
3577
  <description>Free UPnP Entertainment Service UPnP Server - FreeBSD</description>
2911
3578
  <param pos="0" name="service.product" value="FUPPES"/>
@@ -2914,6 +3581,7 @@
2914
3581
  <param pos="1" name="os.version"/>
2915
3582
  <param pos="0" name="os.cpe23" value="cpe:/o:freebsd:freebsd:{os.version}"/>
2916
3583
  </fingerprint>
3584
+
2917
3585
  <fingerprint pattern="^ipOS/([\d\.]+) UPnP/[\d\.]+ ipUPnP/([\d\.]+)$">
2918
3586
  <description>D-Link WAP Dynamic DNS UPnP Server</description>
2919
3587
  <param pos="0" name="service.vendor" value="D-Link"/>
@@ -2924,6 +3592,7 @@
2924
3592
  <param pos="1" name="os.version"/>
2925
3593
  <param pos="0" name="os.device" value="WAP"/>
2926
3594
  </fingerprint>
3595
+
2927
3596
  <fingerprint pattern="^ipOS/([\d\.]+) UPnP/[\d\.]+ ipGENADevice/([\d\.]+)$">
2928
3597
  <description>D-Link DGL-4300 Gaming Router UPnP Server</description>
2929
3598
  <param pos="0" name="service.vendor" value="D-Link"/>
@@ -2934,11 +3603,74 @@
2934
3603
  <param pos="1" name="os.version"/>
2935
3604
  <param pos="0" name="os.device" value="Router"/>
2936
3605
  </fingerprint>
2937
- <fingerprint pattern="^TBS/R2 UPnP/[\d\.]+ MiniUPnPd/[\d\.]+$">
3606
+
3607
+ <fingerprint pattern="Linux, STUNNEL/1.0, (DIR-8\d+\w*) Ver (\S+)$">
3608
+ <description>D-Link DIR-8XX Router</description>
3609
+ <example hw.product="DIR-850L">Linux, STUNNEL/1.0, DIR-850L Ver 1.09</example>
3610
+ <example os.version="2.00W">Linux, STUNNEL/1.0, DIR-820LW Ver 2.00W</example>
3611
+ <param pos="0" name="hw.vendor" value="D-Link"/>
3612
+ <param pos="1" name="hw.product"/>
3613
+ <param pos="0" name="hw.device" value="Router"/>
3614
+ <param pos="0" name="os.vendor" value="D-Link"/>
3615
+ <param pos="2" name="os.version"/>
3616
+ <param pos="0" name="os.device" value="Router"/>
3617
+ </fingerprint>
3618
+
3619
+ <fingerprint pattern="Linux, WEBACCESS/1.0, (DIR-\d+\w*) Ver (\S+)$">
3620
+ <description>D-Link DIR-XXX Router - WEBACCESS variant</description>
3621
+ <example hw.product="DIR-850L">Linux, WEBACCESS/1.0, DIR-850L Ver 1.09</example>
3622
+ <example os.version="1.14WW">Linux, WEBACCESS/1.0, DIR-850L Ver 1.14WW</example>
3623
+ <example os.version="1.04">Linux, WEBACCESS/1.0, DIR-645 Ver 1.04</example>
3624
+ <param pos="0" name="hw.vendor" value="D-Link"/>
3625
+ <param pos="1" name="hw.product"/>
3626
+ <param pos="0" name="hw.device" value="Router"/>
3627
+ <param pos="0" name="os.vendor" value="D-Link"/>
3628
+ <param pos="2" name="os.version"/>
3629
+ <param pos="0" name="os.device" value="Router"/>
3630
+ </fingerprint>
3631
+
3632
+ <fingerprint pattern="Linux, HTTP/1.1, (DIR-\d+\w*) Ver (\S+)$">
3633
+ <description>D-Link DIR-XXX Router - HTTP variant</description>
3634
+ <example hw.product="DIR-815" os.version="1.04">Linux, HTTP/1.1, DIR-815 Ver 1.04</example>
3635
+ <param pos="0" name="hw.vendor" value="D-Link"/>
3636
+ <param pos="1" name="hw.product"/>
3637
+ <param pos="0" name="hw.device" value="Router"/>
3638
+ <param pos="0" name="os.vendor" value="D-Link"/>
3639
+ <param pos="2" name="os.version"/>
3640
+ <param pos="0" name="os.device" value="Router"/>
3641
+ </fingerprint>
3642
+
3643
+ <fingerprint pattern="Linux, WEBACCESS/1.0, (DSL-\d+\w*) Ver (\S+)$">
3644
+ <description>D-Link DSL-XXX Router - WEBACCESS variant</description>
3645
+ <example hw.product="DSL-2890AL" os.version="AU_1.02.10">Linux, WEBACCESS/1.0, DSL-2890AL Ver AU_1.02.10</example>
3646
+ <example hw.product="DSL-2890AL" os.version="1.01">Linux, WEBACCESS/1.0, DSL-2890AL Ver 1.01</example>
3647
+ <param pos="0" name="hw.vendor" value="D-Link"/>
3648
+ <param pos="1" name="hw.product"/>
3649
+ <param pos="0" name="hw.device" value="Router"/>
3650
+ <param pos="0" name="os.vendor" value="D-Link"/>
3651
+ <param pos="2" name="os.version"/>
3652
+ <param pos="0" name="os.device" value="Router"/>
3653
+ </fingerprint>
3654
+
3655
+ <fingerprint pattern="^TBS/R2 UPnP/[\d\.]+ MiniUPnPd/([\d\.]+)$">
2938
3656
  <description>D-Link generic</description>
2939
- <example>TBS/R2 UPnP/1.0 MiniUPnPd/1.2</example>
3657
+ <example service.version="1.2">TBS/R2 UPnP/1.0 MiniUPnPd/1.2</example>
3658
+ <param pos="0" name="hw.vendor" value="D-Link"/>
3659
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
3660
+ <param pos="0" name="service.product" value="MiniUPnP"/>
3661
+ <param pos="1" name="service.version"/>
3662
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
3663
+ </fingerprint>
3664
+
3665
+ <fingerprint pattern="^alphapd/(\d\.[\d.]+)$">
3666
+ <description>D-Link alphapd - likely DCS series cameras</description>
3667
+ <example service.version="2.1.8">alphapd/2.1.8</example>
2940
3668
  <param pos="0" name="hw.vendor" value="D-Link"/>
3669
+ <param pos="0" name="service.vendor" value="D-Link"/>
3670
+ <param pos="0" name="service.product" value="alphapd"/>
3671
+ <param pos="1" name="service.version"/>
2941
3672
  </fingerprint>
3673
+
2942
3674
  <fingerprint pattern="^ipos/([\d\.]+) UPnP/[\d\.]+ (TL-\w+)/(\S+)$">
2943
3675
  <description>TP-Link WAP UPnP Server</description>
2944
3676
  <example>ipos/7.0 UPnP/1.0 TL-WR841N/6.0/7.0</example>
@@ -2950,14 +3682,42 @@
2950
3682
  <example>ipos/7.0 UPnP/1.0 TL-WR741N/1.0/2.0</example>
2951
3683
  <example>ipos/7.0 UPnP/1.0 TL-WR740N/1.0/2.0</example>
2952
3684
  <example>ipos/7.0 UPnP/1.0 TL-WR941N/2.0</example>
2953
- <param pos="0" name="service.vendor" value="TP-Link"/>
3685
+ <param pos="0" name="service.vendor" value="TP-LINK"/>
2954
3686
  <param pos="2" name="service.product"/>
2955
3687
  <param pos="3" name="service.version"/>
2956
- <param pos="0" name="os.vendor" value="TP-Link"/>
3688
+ <param pos="0" name="os.vendor" value="TP-LINK"/>
2957
3689
  <param pos="0" name="os.product" value="ipOS"/>
2958
3690
  <param pos="1" name="os.version"/>
2959
3691
  <param pos="0" name="os.device" value="WAP"/>
2960
3692
  </fingerprint>
3693
+
3694
+ <fingerprint pattern="^Linux/(\S+\_eureka_1), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
3695
+ <description>Siqura Video Encoder</description>
3696
+ <example>Linux/2.6.37_eureka_1, UPnP/1.0, Portable SDK for UPnP devices/1.6.6</example>
3697
+ <param pos="0" name="hw.vendor" value="Siqura"/>
3698
+ <param pos="0" name="hw.device" value="Video Encoder"/>
3699
+ <param pos="0" name="os.vendor" value="Siqura"/>
3700
+ <param pos="0" name="os.family" value="Linux"/>
3701
+ <param pos="0" name="os.product" value="Linux"/>
3702
+ <param pos="1" name="os.version"/>
3703
+ <param pos="0" name="service.product" value="libupnp"/>
3704
+ <param pos="2" name="service.version"/>
3705
+ </fingerprint>
3706
+
3707
+ <fingerprint pattern="^Linux/(\S+\-Mozart-8G), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
3708
+ <description>Steinsvik Orbit IP Camera (Truen TCAM Rebrand)</description>
3709
+ <example>Linux/2.6.28.9-Mozart-8G, UPnP/1.0, Portable SDK for UPnP devices/1.6.6</example>
3710
+ <param pos="0" name="hw.vendor" value="Steinsvik"/>
3711
+ <param pos="0" name="hw.device" value="Web cam"/>
3712
+ <param pos="0" name="hw.product" value="Orbit IP Camera"/>
3713
+ <param pos="0" name="os.vendor" value="Steinsvik"/>
3714
+ <param pos="0" name="os.family" value="Linux"/>
3715
+ <param pos="0" name="os.product" value="Linux"/>
3716
+ <param pos="1" name="os.version"/>
3717
+ <param pos="0" name="service.product" value="libupnp"/>
3718
+ <param pos="2" name="service.version"/>
3719
+ </fingerprint>
3720
+
2961
3721
  <fingerprint pattern="^Linux/(\S+\-ami), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
2962
3722
  <description>AMI MegaRAC LOM UPnP</description>
2963
3723
  <example>Linux/3.14.17-ami, UPnP/1.0, Portable SDK for UPnP devices/1.6.20</example>
@@ -2967,11 +3727,13 @@
2967
3727
  <param pos="0" name="hw.product" value="MegaRAC"/>
2968
3728
  <param pos="0" name="os.device" value="Lights Out Management"/>
2969
3729
  <param pos="0" name="os.vendor" value="AMI"/>
3730
+ <param pos="0" name="os.family" value="Linux"/>
3731
+ <param pos="0" name="os.product" value="Linux"/>
2970
3732
  <param pos="1" name="os.version"/>
2971
- <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2972
3733
  <param pos="0" name="service.product" value="libupnp"/>
2973
3734
  <param pos="2" name="service.version"/>
2974
3735
  </fingerprint>
3736
+
2975
3737
  <fingerprint pattern="^Linux/(\S+\-axis[^,]+), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
2976
3738
  <description>Axis Network Camera</description>
2977
3739
  <example>Linux/4.9.94-axis5, UPnP/1.0, Portable SDK for UPnP devices/1.6.22</example>
@@ -2980,11 +3742,12 @@
2980
3742
  <param pos="0" name="os.vendor" value="AXIS"/>
2981
3743
  <param pos="0" name="os.device" value="Web cam"/>
2982
3744
  <param pos="0" name="os.family" value="Linux"/>
3745
+ <param pos="0" name="os.product" value="Linux"/>
2983
3746
  <param pos="1" name="os.version"/>
2984
- <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
2985
3747
  <param pos="0" name="service.product" value="libupnp"/>
2986
3748
  <param pos="2" name="service.version"/>
2987
3749
  </fingerprint>
3750
+
2988
3751
  <fingerprint pattern="^Linux/(\S+), UPnP/[\d\.]+, Portable SDK for UPnP devices/(\S+)$">
2989
3752
  <description>Portable SDK for UPnP Server - Linux</description>
2990
3753
  <example>Linux/2.4.20-46.7asp, UPnP/1.0, Portable SDK for UPnP devices/1.6.17</example>
@@ -3011,6 +3774,7 @@
3011
3774
  <param pos="1" name="os.version"/>
3012
3775
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
3013
3776
  </fingerprint>
3777
+
3014
3778
  <fingerprint pattern="^Linux/(\S+) UPnP/[\d\.]+ DLNADOC/[\d\.]+ Portable SDK for UPnP devices/(\S+)$">
3015
3779
  <description>DLNADOC Portable SDK for UPnP Server - Linux DNLADOC variant</description>
3016
3780
  <example>Linux/3.0.8 UPnP/1.0 DLNADOC/1.50 Portable SDK for UPnP devices/1.6.6</example>
@@ -3022,6 +3786,7 @@
3022
3786
  <param pos="1" name="os.version"/>
3023
3787
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
3024
3788
  </fingerprint>
3789
+
3025
3790
  <fingerprint pattern="^Linux/(\S+), UPnP/[\d\.]+, Intel SDK for UPnP devices ?/(\S+)$">
3026
3791
  <description>Intel SDK for UPnP Server with verbose banner</description>
3027
3792
  <example>Linux/2.6.10_dev-malta-mips2_fp_le, UPnP/1.0, Intel SDK for UPnP devices /1.2</example>
@@ -3033,12 +3798,14 @@
3033
3798
  <param pos="1" name="os.version"/>
3034
3799
  <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
3035
3800
  </fingerprint>
3801
+
3036
3802
  <fingerprint pattern="^Linux, UPnP/[\d\.]+, Intel SDK for UPnP devices ?/(\S+)$">
3037
3803
  <description>Intel SDK for UPnP Server</description>
3038
3804
  <example>Linux, UPnP/1.0, Intel SDK for UPnP devices /1.2</example>
3039
3805
  <param pos="0" name="service.product" value="libupnp"/>
3040
3806
  <param pos="1" name="service.version"/>
3041
3807
  </fingerprint>
3808
+
3042
3809
  <fingerprint pattern="^Darwin/(\S+), UPnP/\S+, Portable SDK for UPnP devices/(\S+)$">
3043
3810
  <description>Portable SDK for UPnP Server - macOS</description>
3044
3811
  <example service.version="1.6.6" os.version="10.2.0">Darwin/10.2.0, UPnP/1.0, Portable SDK for UPnP devices/1.6.6</example>
@@ -3049,6 +3816,7 @@
3049
3816
  <param pos="1" name="os.version"/>
3050
3817
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
3051
3818
  </fingerprint>
3819
+
3052
3820
  <fingerprint pattern="^Loxone Miniserver (.*) UPnP/1.0$">
3053
3821
  <description>Loxone Miniserver Smart Home</description>
3054
3822
  <example host.name="some name">Loxone Miniserver some name UPnP/1.0</example>
@@ -3057,6 +3825,7 @@
3057
3825
  <param pos="0" name="hw.device" value="Building Automation"/>
3058
3826
  <param pos="1" name="host.name"/>
3059
3827
  </fingerprint>
3828
+
3060
3829
  <fingerprint pattern="^RouterOS/(\S+)UPnP/1.0 MikroTik UPnP/1.0$">
3061
3830
  <description>MikroTik RouterOS</description>
3062
3831
  <example os.version="6.43">RouterOS/6.43UPnP/1.0 MikroTik UPnP/1.0</example>
@@ -3067,6 +3836,7 @@
3067
3836
  <param pos="1" name="os.version"/>
3068
3837
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
3069
3838
  </fingerprint>
3839
+
3070
3840
  <fingerprint pattern="^Roku UPnP/\S+ Roku/(\S+)$">
3071
3841
  <description>Roku with a version</description>
3072
3842
  <example hw.version="8.1.6">Roku UPnP/1.0 Roku/8.1.6</example>
@@ -3075,6 +3845,7 @@
3075
3845
  <param pos="0" name="hw.device" value="Media Server"/>
3076
3846
  <param pos="1" name="hw.version"/>
3077
3847
  </fingerprint>
3848
+
3078
3849
  <fingerprint pattern="^Roku/(\S+) UPnP/\S+ Roku/\S+$">
3079
3850
  <description>Roku with double versions</description>
3080
3851
  <example hw.version="9.2.0">Roku/9.2.0 UPnP/1.0 Roku/9.2.0</example>
@@ -3083,13 +3854,19 @@
3083
3854
  <param pos="0" name="hw.device" value="Media Server"/>
3084
3855
  <param pos="1" name="hw.version"/>
3085
3856
  </fingerprint>
3086
- <fingerprint pattern="^Roku UPnP/\S+ MiniUPnPd/\S+$">
3857
+
3858
+ <fingerprint pattern="^Roku UPnP/\S+ MiniUPnPd/([\d\.]+)$">
3087
3859
  <description>Roku without a version</description>
3088
- <example>Roku UPnP/1.0 MiniUPnPd/1.4</example>
3860
+ <example service.version="1.4">Roku UPnP/1.0 MiniUPnPd/1.4</example>
3089
3861
  <param pos="0" name="hw.vendor" value="Roku"/>
3090
3862
  <param pos="0" name="hw.product" value="Roku"/>
3091
3863
  <param pos="0" name="hw.device" value="Media Server"/>
3864
+ <param pos="0" name="service.vendor" value="MiniUPnP Project"/>
3865
+ <param pos="0" name="service.product" value="MiniUPnP"/>
3866
+ <param pos="1" name="service.version"/>
3867
+ <param pos="0" name="service.cpe23" value="cpe:/a:miniupnp_project:miniupnp:{service.version}"/>
3092
3868
  </fingerprint>
3869
+
3093
3870
  <fingerprint pattern="^UPnP/\S+, DLNADOC/\S+, Platinum/(\S+)$">
3094
3871
  <description>Xbox Media Center UPnP Server</description>
3095
3872
  <example>UPnP/1.0, DLNADOC/1.50, Platinum/0.5.1</example>
@@ -3100,6 +3877,7 @@
3100
3877
  <param pos="0" name="service.product" value="XBMC"/>
3101
3878
  <param pos="1" name="service.version"/>
3102
3879
  </fingerprint>
3880
+
3103
3881
  <fingerprint pattern="Synology/DSM/(\d+\.\d+\.\d+\.\d+)$">
3104
3882
  <description>Synology DiskStation NAS with IP</description>
3105
3883
  <example host.ip="192.168.1.100">Synology/DSM/192.168.1.100</example>
@@ -3112,6 +3890,7 @@
3112
3890
  <param pos="0" name="os.vendor" value="Synology"/>
3113
3891
  <param pos="1" name="host.ip"/>
3114
3892
  </fingerprint>
3893
+
3115
3894
  <fingerprint pattern="Synology/DSM/(\S+)$">
3116
3895
  <description>Synology DiskStation NAS with hostname</description>
3117
3896
  <example host.name="stuff">Synology/DSM/stuff</example>
@@ -3120,13 +3899,16 @@
3120
3899
  <param pos="0" name="hw.device" value="NAS"/>
3121
3900
  <param pos="1" name="host.name"/>
3122
3901
  </fingerprint>
3902
+
3123
3903
  <fingerprint pattern="^NetData Embedded HTTP Server v([a-zA-Z0-9\-\.]+)$">
3124
3904
  <description>NetData Embedded HTTP Server</description>
3125
3905
  <example service.version="1.16.1-146-g2f5e36ef">NetData Embedded HTTP Server v1.16.1-146-g2f5e36ef</example>
3126
3906
  <param pos="0" name="service.vendor" value="NetData"/>
3127
3907
  <param pos="0" name="service.product" value="NetData"/>
3128
3908
  <param pos="1" name="service.version"/>
3909
+ <param pos="0" name="service.cpe23" value="cpe:/a:netdata:netdata:{service.version}"/>
3129
3910
  </fingerprint>
3911
+
3130
3912
  <fingerprint pattern="^Solstice 2\.0+$">
3131
3913
  <description>SolsticePod</description>
3132
3914
  <example>Solstice 2.0</example>
@@ -3134,6 +3916,7 @@
3134
3916
  <param pos="0" name="hw.device" value="Wireless Presenter"/>
3135
3917
  <param pos="0" name="hw.product" value="SolsticePod"/>
3136
3918
  </fingerprint>
3919
+
3137
3920
  <fingerprint pattern="^MLC ([^\/]+)/([\d\.]+)$">
3138
3921
  <description>Extron MediaLink Controller HTTP Server</description>
3139
3922
  <example extron.model="104 IP PLUS" hw.version="1.03">MLC 104 IP PLUS/1.03</example>
@@ -3145,12 +3928,14 @@
3145
3928
  <param pos="1" name="extron.model"/>
3146
3929
  <param pos="2" name="hw.version"/>
3147
3930
  </fingerprint>
3931
+
3148
3932
  <fingerprint pattern="^Jetty \(Bluecat Networks\)$">
3149
3933
  <description>BlueCat Appliance</description>
3150
3934
  <example>Jetty (Bluecat Networks)</example>
3151
3935
  <param pos="0" name="hw.vendor" value="BlueCat"/>
3152
3936
  <param pos="0" name="hw.device" value="Network Appliance"/>
3153
3937
  </fingerprint>
3938
+
3154
3939
  <fingerprint pattern="^Crestron Webserver$">
3155
3940
  <description>Crestron Video Conferencing</description>
3156
3941
  <example>Crestron Webserver</example>
@@ -3160,6 +3945,7 @@
3160
3945
  <param pos="0" name="os.family" value="Linux"/>
3161
3946
  <param pos="0" name="os.device" value="Video Conferencing"/>
3162
3947
  </fingerprint>
3948
+
3163
3949
  <fingerprint pattern="^OPNsense$">
3164
3950
  <description>OPNsense Firewall</description>
3165
3951
  <example>OPNsense</example>
@@ -3169,6 +3955,7 @@
3169
3955
  <param pos="0" name="os.vendor" value="OPNsense"/>
3170
3956
  <param pos="0" name="os.product" value="FreeBSD"/>
3171
3957
  </fingerprint>
3958
+
3172
3959
  <fingerprint pattern="^ELAN Controller$">
3173
3960
  <description>ELAN Smart Home Controller</description>
3174
3961
  <example>ELAN Controller</example>
@@ -3178,6 +3965,7 @@
3178
3965
  <param pos="0" name="os.vendor" value="ELAN"/>
3179
3966
  <param pos="0" name="os.family" value="Linux"/>
3180
3967
  </fingerprint>
3968
+
3181
3969
  <fingerprint pattern="^STR_SettingServer$">
3182
3970
  <description>Sony STR AV Receiver</description>
3183
3971
  <example>STR_SettingServer</example>
@@ -3185,6 +3973,16 @@
3185
3973
  <param pos="0" name="hw.device" value="Media Server"/>
3186
3974
  <param pos="0" name="hw.product" value="AV Receiver"/>
3187
3975
  </fingerprint>
3976
+
3977
+ <fingerprint pattern="^AV_Receiver/([\d\.]+) \(([^\)]+)\)$">
3978
+ <description>Yamaha AV Receiver</description>
3979
+ <example hw.version="3.1" hw.product="RX-V675">AV_Receiver/3.1 (RX-V675)</example>
3980
+ <param pos="0" name="hw.vendor" value="Yamaha"/>
3981
+ <param pos="0" name="hw.device" value="AV Receiver"/>
3982
+ <param pos="1" name="hw.version"/>
3983
+ <param pos="2" name="hw.product"/>
3984
+ </fingerprint>
3985
+
3188
3986
  <fingerprint pattern="^MWS 0.01$">
3189
3987
  <description>ANNKE IP Camera</description>
3190
3988
  <example>MWS 0.01</example>
@@ -3192,4 +3990,193 @@
3192
3990
  <param pos="0" name="hw.device" value="Web cam"/>
3193
3991
  <param pos="0" name="hw.product" value="IP Camera"/>
3194
3992
  </fingerprint>
3993
+
3994
+ <fingerprint pattern="^Icecast (\S+)$">
3995
+ <description>Icecast Streaming Media server</description>
3996
+ <example service.version="2.4.3">Icecast 2.4.3</example>
3997
+ <example service.version="2.4.0-kh13">Icecast 2.4.0-kh13</example>
3998
+ <param pos="0" name="service.vendor" value="Xiph"/>
3999
+ <param pos="0" name="service.product" value="Icecast"/>
4000
+ <param pos="1" name="service.version"/>
4001
+ <param pos="0" name="service.cpe23" value="cpe:/a:xiph:icecast:{service.version}"/>
4002
+ </fingerprint>
4003
+
4004
+ <fingerprint pattern="^Couchbase Sync Gateway/([\d.]+) CE$">
4005
+ <description>Couchbase Sync Gateway Community Edition</description>
4006
+ <example service.version="2.5.0">Couchbase Sync Gateway/2.5.0 CE</example>
4007
+ <param pos="0" name="service.vendor" value="Couchbase"/>
4008
+ <param pos="0" name="service.product" value="Sync Gateway"/>
4009
+ <param pos="0" name="service.edition" value="Community Edition"/>
4010
+ <param pos="1" name="service.version"/>
4011
+ <param pos="0" name="service.cpe23" value="cpe:/a:couchbase:sync_gateway:{service.version}"/>
4012
+ </fingerprint>
4013
+
4014
+ <fingerprint pattern="^Couchbase Sync Gateway/([\d.]+) EE$">
4015
+ <description>Couchbase Sync Gateway Enterprise Edition</description>
4016
+ <example service.version="2.7.1">Couchbase Sync Gateway/2.7.1 EE</example>
4017
+ <param pos="0" name="service.vendor" value="Couchbase"/>
4018
+ <param pos="0" name="service.product" value="Sync Gateway"/>
4019
+ <param pos="0" name="service.edition" value="Enterprise Edition"/>
4020
+ <param pos="1" name="service.version"/>
4021
+ <param pos="0" name="service.cpe23" value="cpe:/a:couchbase:sync_gateway:{service.version}"/>
4022
+ </fingerprint>
4023
+
4024
+ <fingerprint pattern="^Couchbase Sync Gateway/([\d.]+)$">
4025
+ <description>Couchbase Sync Gateway</description>
4026
+ <example service.version="1.3.0">Couchbase Sync Gateway/1.3.0</example>
4027
+ <param pos="0" name="service.vendor" value="Couchbase"/>
4028
+ <param pos="0" name="service.product" value="Sync Gateway"/>
4029
+ <param pos="1" name="service.version"/>
4030
+ <param pos="0" name="service.cpe23" value="cpe:/a:couchbase:sync_gateway:{service.version}"/>
4031
+ </fingerprint>
4032
+
4033
+ <fingerprint pattern="^Couchbase Server$">
4034
+ <description>Couchbase Server without version</description>
4035
+ <example>Couchbase Server</example>
4036
+ <param pos="0" name="service.vendor" value="Couchbase"/>
4037
+ <param pos="0" name="service.product" value="Couchbase Server"/>
4038
+ <param pos="0" name="service.cpe23" value="cpe:/a:couchbase:couchbase_server:-"/>
4039
+ </fingerprint>
4040
+
4041
+ <fingerprint pattern="^Kestrel$">
4042
+ <description>Kestrel web server implementation in ASP.NET core</description>
4043
+ <example>Kestrel</example>
4044
+ <param pos="0" name="service.vendor" value="Microsoft"/>
4045
+ <param pos="0" name="service.product" value="Kestrel web server"/>
4046
+ </fingerprint>
4047
+
4048
+ <fingerprint pattern="^stgw/([\d.]+)_([\d.]+)$">
4049
+ <description>Tencent Secure Tencent Gateway</description>
4050
+ <example service.version="1.3.12.9" service.component.version="1.13.5">stgw/1.3.12.9_1.13.5</example>
4051
+ <param pos="0" name="service.vendor" value="Tencent"/>
4052
+ <param pos="0" name="service.product" value="Secure Tencent Gateway"/>
4053
+ <param pos="1" name="service.version"/>
4054
+ <param pos="2" name="service.component.version"/>
4055
+ </fingerprint>
4056
+
4057
+ <fingerprint pattern="^axhttpd/([\d.]+)$">
4058
+ <description>axTLS Project axTLS web server</description>
4059
+ <example service.version="1.5.3">axhttpd/1.5.3</example>
4060
+ <param pos="0" name="service.vendor" value="axTLS Project"/>
4061
+ <param pos="0" name="service.product" value="axTLS"/>
4062
+ <param pos="1" name="service.version"/>
4063
+ <param pos="0" name="service.cpe23" value="cpe:/a:axtls_project:axtls:{service.version}"/>
4064
+ </fingerprint>
4065
+
4066
+ <fingerprint pattern="^tinyproxy/([\d.]+)$">
4067
+ <description>TinyProxy Project tinyproxy</description>
4068
+ <example service.version="1.8.2">tinyproxy/1.8.2</example>
4069
+ <param pos="0" name="service.vendor" value="Tinyproxy Project"/>
4070
+ <param pos="0" name="service.product" value="Tinyproxy"/>
4071
+ <param pos="1" name="service.version"/>
4072
+ <param pos="0" name="service.cpe23" value="cpe:/a:tinyproxy_project:tinyproxy:{service.version}"/>
4073
+ </fingerprint>
4074
+
4075
+ <fingerprint pattern="^Xfinity Broadband Router Server$">
4076
+ <description>Comcast Xfinity Broadband Router Server</description>
4077
+ <example>Xfinity Broadband Router Server</example>
4078
+ <param pos="0" name="hw.vendor" value="Comcast"/>
4079
+ <param pos="0" name="hw.product" value="Xfinity Broadband Router"/>
4080
+ <param pos="0" name="hw.device" value="Broadband router"/>
4081
+ </fingerprint>
4082
+
4083
+ <fingerprint pattern="^IX Series IX21\d\d \(magellan-sec\) Software, Version ([^, ]+), (?:MAINTENANCE )?RELEASE SOFTWARE$">
4084
+ <description>NEC Univerge Router - enterprise class with VPN, UTM, etc</description>
4085
+ <example hw.version="10.2.20">IX Series IX2106 (magellan-sec) Software, Version 10.2.20, RELEASE SOFTWARE</example>
4086
+ <example>IX Series IX2105 (magellan-sec) Software, Version 9.6.12A, MAINTENANCE RELEASE SOFTWARE</example>
4087
+ <param pos="0" name="hw.vendor" value="NEC"/>
4088
+ <param pos="0" name="hw.product" value="Univerge"/>
4089
+ <param pos="1" name="hw.version"/>
4090
+ <param pos="0" name="hw.device" value="Router"/>
4091
+ <param pos="0" name="hw.cpe23" value="cpe:/h:nec:univerge:{hw.version}"/>
4092
+ </fingerprint>
4093
+
4094
+ <fingerprint pattern="^Caddy$">
4095
+ <description>CaddyServer Caddy - golang based httpd</description>
4096
+ <example>Caddy</example>
4097
+ <param pos="0" name="service.vendor" value="CaddyServer"/>
4098
+ <param pos="0" name="service.product" value="Caddy"/>
4099
+ <param pos="0" name="service.cpe23" value="cpe:/a:caddyserver:caddy:-"/>
4100
+ </fingerprint>
4101
+
4102
+ <fingerprint pattern="^MoxaHttp/(\d\.\d)$">
4103
+ <description>Moxa devices - service used on multiple families of devices</description>
4104
+ <example service.version="2.3">MoxaHttp/2.3</example>
4105
+ <example>MoxaHttp/2.2</example>
4106
+ <example>MoxaHttp/1.0</example>
4107
+ <param pos="0" name="service.vendor" value="Moxa"/>
4108
+ <param pos="0" name="service.product" value="httpd"/>
4109
+ <param pos="1" name="service.version"/>
4110
+ <param pos="0" name="hw.vendor" value="Moxa"/>
4111
+ <param pos="0" name="os.vendor" value="Moxa"/>
4112
+ </fingerprint>
4113
+
4114
+ <fingerprint pattern="^proxygen-bolt$">
4115
+ <description>Facebook Proxygen httpd software</description>
4116
+ <example>proxygen-bolt</example>
4117
+ <param pos="0" name="service.vendor" value="Facebook"/>
4118
+ <param pos="0" name="service.product" value="Proxygen"/>
4119
+ <param pos="0" name="service.cpe23" value="cpe:/a:facebook:proxygen:-"/>
4120
+ </fingerprint>
4121
+
4122
+ <fingerprint pattern="^Kerio Connect ([\d.]+)(?: patch (\d))?$">
4123
+ <description>GFI Kerio Connect</description>
4124
+ <example service.version="8.2.2">Kerio Connect 8.2.2</example>
4125
+ <example service.version="9.2.12" service.version.version="1">Kerio Connect 9.2.12 patch 1</example>
4126
+ <param pos="0" name="service.vendor" value="GFI"/>
4127
+ <param pos="0" name="service.product" value="Kerio Connect"/>
4128
+ <param pos="1" name="service.version"/>
4129
+ <param pos="2" name="service.version.version"/>
4130
+ </fingerprint>
4131
+
4132
+ <fingerprint pattern="^Kerio Control Embedded Web Server$">
4133
+ <description>GFI Kerio Control - embedded web server</description>
4134
+ <example>Kerio Control Embedded Web Server</example>
4135
+ <param pos="0" name="service.vendor" value="GFI"/>
4136
+ <param pos="0" name="service.product" value="Kerio Control"/>
4137
+ <param pos="0" name="service.cpe23" value="cpe:/a:gfi:kerio_control:-"/>
4138
+ </fingerprint>
4139
+
4140
+ <fingerprint pattern="^Mongoose/([\d.]+)$">
4141
+ <description>Cesanta Mongoose embedded web server / networking library</description>
4142
+ <example service.version="6.7.1">Mongoose/6.7.1</example>
4143
+ <param pos="0" name="service.vendor" value="Cesanta"/>
4144
+ <param pos="0" name="service.product" value="Mongoose"/>
4145
+ <param pos="1" name="service.version"/>
4146
+ <param pos="0" name="service.cpe23" value="cpe:/a:cesanta:mongoose:{service.version}"/>
4147
+ </fingerprint>
4148
+
4149
+ <fingerprint pattern="^kangle/([\d.]+)$">
4150
+ <description>Bangteng Kangle web server</description>
4151
+ <example service.version="3.5.21.9">kangle/3.5.21.9</example>
4152
+ <param pos="0" name="service.vendor" value="Bangteng"/>
4153
+ <param pos="0" name="service.product" value="Kangle"/>
4154
+ <param pos="1" name="service.version"/>
4155
+ </fingerprint>
4156
+
4157
+ <fingerprint pattern="^Werkzeug/([\d.]+) Python/([\d.]+)$">
4158
+ <description>PalletsProjects Werkzeug web server</description>
4159
+ <example service.version="0.14.1" python.version="3.6.9">Werkzeug/0.14.1 Python/3.6.9</example>
4160
+ <param pos="0" name="service.vendor" value="PalletsProjects"/>
4161
+ <param pos="0" name="service.product" value="Werkzeug"/>
4162
+ <param pos="1" name="service.version"/>
4163
+ <param pos="0" name="service.cpe23" value="cpe:/a:palletsprojects:werkzeug:{service.version}"/>
4164
+ <param pos="2" name="python.version"/>
4165
+ </fingerprint>
4166
+
4167
+ <!-- This is a version of ACME mini_httpd where the value 'mini_httpd' has been
4168
+ replaced with a UUID in the Server header AND body of the response. It
4169
+ is likely vendor or product specific.
4170
+ -->
4171
+
4172
+ <fingerprint pattern="^[a-f\d]{7,8}-[a-f\d]{3,4}-[a-f\d]{3,4}-[a-f\d]{3,4}-[a-f\d]{10,12}$">
4173
+ <description>ACME mini_httpd with randomized Server header</description>
4174
+ <example>a74b7cd4-4a4e-4115-7a48-1c7ebb4ae45b</example>
4175
+ <example>f09f73f0-cac6-422-3660-32ac658c5ae7</example>
4176
+ <example>f24ddd9c-e2a6-23c-ec95-4563173bbe</example>
4177
+ <param pos="0" name="service.vendor" value="ACME"/>
4178
+ <param pos="0" name="service.product" value="mini_httpd"/>
4179
+ <param pos="0" name="service.cpe23" value="cpe:/a:acme:mini_httpd:-"/>
4180
+ </fingerprint>
4181
+
3195
4182
  </fingerprints>