recog-intrigue 2.3.7 → 2.3.14

Sign up to get free protection for your applications and to get access to all the features.
Files changed (70) hide show
  1. checksums.yaml +4 -4
  2. data/.github/SECURITY.md +35 -0
  3. data/.gitignore +9 -0
  4. data/CONTRIBUTING.md +136 -37
  5. data/README.md +18 -16
  6. data/bin/recog_cleanup +16 -0
  7. data/bin/recog_standardize +30 -6
  8. data/cpe-remap.yaml +38 -1
  9. data/identifiers/README.md +9 -0
  10. data/identifiers/hw_device.txt +77 -0
  11. data/identifiers/hw_family.txt +96 -0
  12. data/identifiers/hw_product.txt +328 -0
  13. data/identifiers/os_architecture.txt +6 -6
  14. data/identifiers/os_device.txt +45 -3
  15. data/identifiers/os_family.txt +206 -41
  16. data/identifiers/os_product.txt +238 -17
  17. data/identifiers/service_family.txt +144 -57
  18. data/identifiers/service_product.txt +385 -83
  19. data/identifiers/vendor.txt +554 -68
  20. data/lib/recog/version.rb +1 -1
  21. data/requirements.txt +1 -1
  22. data/update_cpes.py +4 -1
  23. data/xml/apache_modules.xml +292 -5
  24. data/xml/apache_os.xml +41 -2
  25. data/xml/architecture.xml +11 -3
  26. data/xml/dns_versionbind.xml +200 -26
  27. data/xml/favicons.xml +1701 -0
  28. data/xml/ftp_banners.xml +256 -23
  29. data/xml/h323_callresp.xml +112 -12
  30. data/xml/hp_pjl_id.xml +47 -5
  31. data/xml/html_title.xml +1156 -70
  32. data/xml/http_cookies.xml +69 -11
  33. data/xml/http_servers.xml +1094 -107
  34. data/xml/http_wwwauth.xml +143 -27
  35. data/xml/imap_banners.xml +62 -13
  36. data/xml/ldap_searchresult.xml +81 -9
  37. data/xml/mdns_device-info_txt.xml +194 -17
  38. data/xml/mdns_workstation_txt.xml +4 -2
  39. data/xml/mysql_banners.xml +233 -40
  40. data/xml/mysql_error.xml +113 -6
  41. data/xml/nntp_banners.xml +10 -2
  42. data/xml/ntp_banners.xml +93 -9
  43. data/xml/operating_system.xml +90 -3
  44. data/xml/pop_banners.xml +87 -33
  45. data/xml/rsh_resp.xml +11 -2
  46. data/xml/rtsp_servers.xml +43 -23
  47. data/xml/sip_banners.xml +6 -11
  48. data/xml/sip_user_agents.xml +29 -2
  49. data/xml/smb_native_lm.xml +10 -2
  50. data/xml/smb_native_os.xml +80 -2
  51. data/xml/smtp_banners.xml +233 -13
  52. data/xml/smtp_debug.xml +6 -4
  53. data/xml/smtp_ehlo.xml +7 -5
  54. data/xml/smtp_expn.xml +13 -4
  55. data/xml/smtp_help.xml +23 -4
  56. data/xml/smtp_mailfrom.xml +5 -2
  57. data/xml/smtp_noop.xml +6 -5
  58. data/xml/smtp_quit.xml +5 -4
  59. data/xml/smtp_rcptto.xml +5 -2
  60. data/xml/smtp_rset.xml +4 -4
  61. data/xml/smtp_turn.xml +4 -4
  62. data/xml/smtp_vrfy.xml +14 -4
  63. data/xml/snmp_sysdescr.xml +741 -32
  64. data/xml/snmp_sysobjid.xml +47 -2
  65. data/xml/ssh_banners.xml +255 -81
  66. data/xml/telnet_banners.xml +503 -30
  67. data/xml/x11_banners.xml +26 -3
  68. data/xml/x509_issuers.xml +37 -13
  69. data/xml/x509_subjects.xml +214 -52
  70. metadata +12 -5
@@ -1,6 +1,7 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="imap4.banner" protocol="imap" database_type="service" preference="0.90">
3
3
  <!-- IMAP banners are matched against these patterns to fingerprint IMAP servers. -->
4
+
4
5
  <fingerprint pattern="^Microsoft Exchange IMAP4rev1 server version (5\.5\.\d{4}\.\d+) \((.*)\) ready$">
5
6
  <description>Microsoft Exchange Server 5.5</description>
6
7
  <example service.version="5.5.2448.8" host.name="foo.bar">Microsoft Exchange IMAP4rev1 server version 5.5.2448.8 (foo.bar) ready</example>
@@ -15,6 +16,7 @@
15
16
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
16
17
  <param pos="2" name="host.name"/>
17
18
  </fingerprint>
19
+
18
20
  <fingerprint pattern="^Microsoft Exchange 2000 IMAP4rev1 server version (6\.0\.\d{4}\.\d+) \((.*)\) ready\.$">
19
21
  <description>Microsoft Exchange Server 2000</description>
20
22
  <example service.version="6.0.6249.0" host.name="foo.bar">Microsoft Exchange 2000 IMAP4rev1 server version 6.0.6249.0 (foo.bar) ready.</example>
@@ -29,6 +31,7 @@
29
31
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
30
32
  <param pos="2" name="host.name"/>
31
33
  </fingerprint>
34
+
32
35
  <fingerprint pattern="^Microsoft Exchange Server 2003 IMAP4rev1 server version (6\.5\.\d{4}\.\d+) \((.*)\) ready\.$">
33
36
  <description>Microsoft Exchange Server 2003</description>
34
37
  <example service.version="6.5.7638.1" host.name="foo.bar">Microsoft Exchange Server 2003 IMAP4rev1 server version 6.5.7638.1 (foo.bar) ready.</example>
@@ -43,6 +46,7 @@
43
46
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
44
47
  <param pos="2" name="host.name"/>
45
48
  </fingerprint>
49
+
46
50
  <fingerprint pattern="^Der Microsoft Exchange Server 2003 IMAP4rev1-Server, Version (6\.5\.\d{4}\.\d+) \((.*)\),.*$">
47
51
  <description>Microsoft Exchange Server 2003, German</description>
48
52
  <example service.version="6.5.7638.1" host.name="foo.bar">Der Microsoft Exchange Server 2003 IMAP4rev1-Server, Version 6.5.7638.1 (foo.bar), steht zur Verfgung.</example>
@@ -57,6 +61,7 @@
57
61
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
58
62
  <param pos="2" name="host.name"/>
59
63
  </fingerprint>
64
+
60
65
  <fingerprint pattern="^Microsoft Exchange Server 2007 IMAP4 service ready$">
61
66
  <description>Microsoft Exchange Server 2007</description>
62
67
  <example>Microsoft Exchange Server 2007 IMAP4 service ready</example>
@@ -69,6 +74,7 @@
69
74
  <param pos="0" name="os.product" value="Windows"/>
70
75
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
71
76
  </fingerprint>
77
+
72
78
  <fingerprint pattern="^The Microsoft Exchange IMAP4 service is ready\.?$">
73
79
  <description>Microsoft Exchange Server</description>
74
80
  <example>The Microsoft Exchange IMAP4 service is ready.</example>
@@ -81,6 +87,7 @@
81
87
  <param pos="0" name="os.product" value="Windows"/>
82
88
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
83
89
  </fingerprint>
90
+
84
91
  <fingerprint pattern="^Domino IMAP4 Server Release (\d+\.\d+.*) ready (.+)$">
85
92
  <description>IBM Lotus Notes/Domino</description>
86
93
  <example service.version="9.0.1FP9" host.time="Thu, 4 Apr 2019 20:19:31 +0200">Domino IMAP4 Server Release 9.0.1FP9 ready Thu, 4 Apr 2019 20:19:31 +0200</example>
@@ -91,6 +98,7 @@
91
98
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
92
99
  <param pos="2" name="host.time"/>
93
100
  </fingerprint>
101
+
94
102
  <fingerprint pattern="^Domino IMAP4 Server V\.?(\d+\.\d+.*) ready (.+)$">
95
103
  <description>IBM Lotus Notes/Domino - variant 2</description>
96
104
  <param pos="0" name="service.vendor" value="IBM"/>
@@ -100,13 +108,56 @@
100
108
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
101
109
  <param pos="2" name="host.time"/>
102
110
  </fingerprint>
111
+
103
112
  <fingerprint pattern="^[dD]ovecot (?:DA )?ready\.$">
104
113
  <description>Dovecot Secure IMAP Server</description>
105
114
  <example>Dovecot ready.</example>
106
115
  <example>Dovecot DA ready.</example>
116
+ <param pos="0" name="service.vendor" value="Dovecot"/>
117
+ <param pos="0" name="service.family" value="Dovecot"/>
118
+ <param pos="0" name="service.product" value="Dovecot"/>
119
+ <param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
120
+ </fingerprint>
121
+
122
+ <fingerprint pattern="^Dovecot \(Ubuntu\) ready\.$">
123
+ <description>Dovecot Secure IMAP Server - Ubuntu variant</description>
124
+ <example>Dovecot (Ubuntu) ready.</example>
125
+ <param pos="0" name="service.vendor" value="Dovecot"/>
126
+ <param pos="0" name="service.family" value="Dovecot"/>
127
+ <param pos="0" name="service.product" value="Dovecot"/>
128
+ <param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
129
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
130
+ <param pos="0" name="os.family" value="Linux"/>
131
+ <param pos="0" name="os.product" value="Linux"/>
132
+ <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
133
+ </fingerprint>
134
+
135
+ <fingerprint pattern="^Dovecot \(Debian\) ready\.$">
136
+ <description>Dovecot Secure IMAP Server - Debian variant</description>
137
+ <example>Dovecot (Debian) ready.</example>
138
+ <param pos="0" name="service.vendor" value="Dovecot"/>
139
+ <param pos="0" name="service.family" value="Dovecot"/>
140
+ <param pos="0" name="service.product" value="Dovecot"/>
141
+ <param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
142
+ <param pos="0" name="os.vendor" value="Debian"/>
143
+ <param pos="0" name="os.family" value="Linux"/>
144
+ <param pos="0" name="os.product" value="Linux"/>
145
+ <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
146
+ </fingerprint>
147
+
148
+ <fingerprint pattern="^Dovecot \(Raspbian\) ready\.$">
149
+ <description>Dovecot Secure IMAP Server - Raspbian variant</description>
150
+ <example>Dovecot (Raspbian) ready.</example>
151
+ <param pos="0" name="service.vendor" value="Dovecot"/>
107
152
  <param pos="0" name="service.family" value="Dovecot"/>
108
153
  <param pos="0" name="service.product" value="Dovecot"/>
154
+ <param pos="0" name="service.cpe23" value="cpe:/a:dovecot:dovecot:-"/>
155
+ <param pos="0" name="os.vendor" value="Raspbian"/>
156
+ <param pos="0" name="os.family" value="Linux"/>
157
+ <param pos="0" name="os.product" value="Linux"/>
158
+ <param pos="0" name="hw.product" value="Raspberry Pi"/>
109
159
  </fingerprint>
160
+
110
161
  <fingerprint pattern="^Courier-IMAP ready. Copyright \d+-\d+">
111
162
  <description>Courier MTA IMAP</description>
112
163
  <example>Courier-IMAP ready. Copyright 1998-2002 Double Precision, Inc. See COPYING for distribution information.</example>
@@ -114,6 +165,7 @@
114
165
  <param pos="0" name="service.family" value="Courier MTA"/>
115
166
  <param pos="0" name="service.product" value="Courier IMAP"/>
116
167
  </fingerprint>
168
+
117
169
  <fingerprint pattern="^(\S+) CallPilot IMAP4rev1 v(\S+) server ready\.?$">
118
170
  <description>Nortel CallPilot</description>
119
171
  <example>nottest.localdomain CallPilot IMAP4rev1 v42.02.05.22 server ready.</example>
@@ -124,6 +176,7 @@
124
176
  <param pos="0" name="service.cpe23" value="cpe:/a:nortel:callpilot:{service.version}"/>
125
177
  <param pos="1" name="host.name"/>
126
178
  </fingerprint>
179
+
127
180
  <fingerprint pattern="^(\S+) Zimbra IMAP4rev1 server ready\.?$">
128
181
  <description>VMware Zimbra IMAP</description>
129
182
  <example host.name="foo.bar">foo.bar Zimbra IMAP4rev1 server ready</example>
@@ -132,6 +185,7 @@
132
185
  <param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:-"/>
133
186
  <param pos="1" name="host.name"/>
134
187
  </fingerprint>
188
+
135
189
  <fingerprint pattern="^(\S+) Zimbra (\S+) IMAP4rev1 server ready\.?$">
136
190
  <description>VMware Zimbra IMAP with service version</description>
137
191
  <example host.name="foo.bar" service.version="7.0.0_GA_3079">foo.bar Zimbra 7.0.0_GA_3079 IMAP4rev1 server ready</example>
@@ -141,6 +195,7 @@
141
195
  <param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:{service.version}"/>
142
196
  <param pos="1" name="host.name"/>
143
197
  </fingerprint>
198
+
144
199
  <fingerprint pattern="^(.+) Cyrus IMAP4 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready$">
145
200
  <description>CMU Cyrus IMAP on Mac OS X</description>
146
201
  <example host.name="example.com" service.version="2.2.12" os.version="10.4.0">example.com Cyrus IMAP4 v2.2.12-OS X 10.4.0 server ready</example>
@@ -149,6 +204,7 @@
149
204
  <param pos="0" name="service.family" value="Cyrus MTA"/>
150
205
  <param pos="0" name="service.product" value="Cyrus IMAP"/>
151
206
  <param pos="2" name="service.version"/>
207
+ <param pos="0" name="service.cpe23" value="cpe:/a:cmu:cyrus_imap_server:{service.version}"/>
152
208
  <param pos="0" name="os.vendor" value="Apple"/>
153
209
  <param pos="0" name="os.family" value="Mac OS X"/>
154
210
  <param pos="0" name="os.product" value="Mac OS X"/>
@@ -156,6 +212,7 @@
156
212
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
157
213
  <param pos="1" name="host.name"/>
158
214
  </fingerprint>
215
+
159
216
  <fingerprint pattern="^(.+) Cyrus IMAP4? (?:\S+ )?v(\d+\.\d+.*) server ready$">
160
217
  <description>CMU Cyrus IMAP</description>
161
218
  <example host.name="example.com" service.version="2.3.7">example.com Cyrus IMAP4 v2.3.7 server ready</example>
@@ -164,36 +221,33 @@
164
221
  <param pos="0" name="service.family" value="Cyrus MTA"/>
165
222
  <param pos="0" name="service.product" value="Cyrus IMAP"/>
166
223
  <param pos="2" name="service.version"/>
224
+ <param pos="0" name="service.cpe23" value="cpe:/a:cmu:cyrus_imap_server:{service.version}"/>
167
225
  <param pos="1" name="host.name"/>
168
226
  </fingerprint>
169
- <!--
170
227
 
228
+ <!--
171
229
  // Washington University imapd
172
230
  IMAP_FP_PARSERS[0] = new PatternParser(
173
231
  "^IMAP4rev1 v(.*) server ready$");
174
232
  IMAP_FP_PARSERS[0].addConstantParam("product", "wu-imapd");
175
233
  IMAP_FP_PARSERS[0].addParamSpec(1, "version");
176
-
177
234
  // Washington University imapd (newer versions)
178
235
  IMAP_FP_PARSERS[1] = new PatternParser(
179
236
  "^IMAP4rev1 (.*) at (.*)$");
180
237
  IMAP_FP_PARSERS[1].addConstantParam("product", "wu-imapd");
181
238
  IMAP_FP_PARSERS[1].addParamSpec(1, "version");
182
239
  IMAP_FP_PARSERS[1].addParamSpec(2, "server-time");
183
-
184
240
  // University of Washington IMAP (imap-uw)
185
241
  * OK <host> IMAP4rev1 2001.315 at Fri, 20 Jul 2007 21:51:34 -0700 (PDT)
186
242
  * OK <host> IMAP4rev1 2001.315rh at Mon, 23 Jul 2007 07:56:09 -0500 (CDT)
187
243
  * OK <host> IMAP4rev1 2004.357-p2k server ready at Mon, 23 Jul 2007 01:56:26 -0400 (EDT)
188
244
  * OK <host> IMAP4rev1 2004.357s at Mon, 23 Jul 2007 15:17:56 +0000 (GMT)
189
245
  * OK <host> IMAP4rev1 2004.357w at Tue, 24 Jul 2007 19:36:11 -0600 (MDT)
190
-
191
246
  // cPanel Hosting Automation
192
247
  // 10.8.0 (build 89) - BETA Tree - Change the imap version from 2003.339-cpanel to 2003.339p-cpanel to indicate the security patch has been applied.
193
248
  // The patch has still be applied to 1.8.0 build 60+, we just show this now to avoid confusion.
194
249
  * OK <host> IMAP4rev1 2003.339-cpanel at Sun, 22 Jul 2007 07:35:36 -0500 (CDT)
195
250
  * OK <host> IMAP4rev1 2003.339p-cpanel at Sun, 22 Jul 2007 13:09:04 -0500 (CDT)
196
-
197
251
  // PMDF IMAP
198
252
  // * OK <system> PMDF IMAP4rev1 V6.1 (Message store V6.1)
199
253
  // * OK xxx PMDF IMAP4rev1 V6.0-24 (Message store V6.0-24)
@@ -203,31 +257,26 @@
203
257
  IMAP_FP_PARSERS[5].addConstantParam("product", "PMDF");
204
258
  IMAP_FP_PARSERS[5].addParamSpec(1, "hostname");
205
259
  IMAP_FP_PARSERS[5].addParamSpec(2, "version");
206
-
207
260
  // PMDF IMAP (for VMS v7.1-2!)
208
261
  IMAP_FP_PARSERS[6] = new PatternParser(
209
262
  "^IMAP4 Server PMDF(.*) at (.*)$");
210
263
  IMAP_FP_PARSERS[6].addConstantParam("product", "PMDF");
211
264
  IMAP_FP_PARSERS[6].addParamSpec(1, "version");
212
265
  IMAP_FP_PARSERS[6].addParamSpec(2, "server-time");
213
-
214
266
  // Eudora Internet Mail Server
215
267
  IMAP_FP_PARSERS[7] = new PatternParser(
216
268
  "^Eudora Internet Mail Server (.*) .*$");
217
269
  IMAP_FP_PARSERS[7].addConstantParam("product", "eudoraims");
218
270
  IMAP_FP_PARSERS[7].addParamSpec(1, "version");
219
-
220
271
  // Eudora Qualcomm WorldMail
221
272
  // * OK WorldMail IMAP4 Server 6.1.19.0 ready
222
273
  IMAP_FP_PARSERS[8] = new PatternParser(
223
274
  "^WorldMail IMAP4 Server ([^\\s]+) ready$");
224
275
  IMAP_FP_PARSERS[8].addConstantParam("product", "worldmail");
225
276
  IMAP_FP_PARSERS[8].addParamSpec(1, "version");
226
-
227
277
  // GNU Mailutils. Note that there is no version information
228
278
  IMAP_FP_PARSERS[9] = new PatternParser("^IMAP4rev1$");
229
279
  IMAP_FP_PARSERS[9].addConstantParam("product", "GNU Mailutils");
230
-
231
280
  * OK <host> IMAP4rev1 MDaemon 8.1.4 ready
232
281
  * OK <host> /bin/sh IMAP server ready
233
282
  * OK IMAP/POP ready.
@@ -240,6 +289,6 @@
240
289
  * OK Merak 8.0.3 IMAP4rev1 Mon, 23 Jul 2007 18:22:49 +0100
241
290
  * OK <host> Sendmail Advanced Message Server IMAP4rev1 (1.3.2/390)
242
291
  * OK Welcome IMAP Server
243
-
244
292
  -->
245
- </fingerprints>
293
+
294
+ </fingerprints>
@@ -1,15 +1,17 @@
1
- <?xml version="1.0" encoding="UTF-8"?>
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
2
  <fingerprints matches="ldap.search_result" protocol="ldap" database_type="service" preference=".80">
3
3
  <!--
4
4
  Notes: Ruby will fail to build the RegExp if it contains \x84 which is a standard
5
5
  byte in ASN.1 Sequence length fields.
6
6
  -->
7
+
7
8
  <!--
8
9
  Samba - position prior to Windows entries due to regex. When testing new
9
10
  Samba fingerprints make sure you disable the matches for the version of
10
11
  Windows that Samba is eumlating or else the Windows fallback fingerprint for
11
12
  the given OS version may match.
12
13
  -->
14
+
13
15
  <fingerprint pattern="(?m:vendorName1.\x04.Samba.*domainControllerFunctionality1.{1,5}\x04\x014)">
14
16
  <description>Samba Active Directory Controller</description>
15
17
  <example _encoding="base64">
@@ -19,6 +21,7 @@
19
21
  <param pos="0" name="service.vendor" value="Samba"/>
20
22
  <param pos="0" name="service.product" value="Active Directory Controller"/>
21
23
  </fingerprint>
24
+
22
25
  <fingerprint pattern="(?m:vendorName1.\x04.Samba.*domainFunctionality1.\x04\x0100.\x04\x13forestFunctionality1\x03\x04\x0100)">
23
26
  <description>Samba Active Directory Controller emulating Windows 2000</description>
24
27
  <example _encoding="base64">
@@ -29,19 +32,19 @@
29
32
  <param pos="0" name="service.vendor" value="Samba"/>
30
33
  <param pos="0" name="service.product" value="Active Directory Controller"/>
31
34
  </fingerprint>
35
+
32
36
  <!--
33
37
  Windows Active Directory and Lightweight Directory Server (ADAM)
34
-
35
38
  domainControllerFunctionality reference:
36
39
  https://msdn.microsoft.com/en-us/library/cc223272.aspx
37
-
38
40
  supportedCapabilities reference (for Windows 2000)
39
41
  https://msdn.microsoft.com/en-us/library/cc223359.aspx
40
-
41
42
  1.2.840.113556.1.4.800 = Active Directory Controller
42
43
  1.2.840.113556.1.4.1851 = Lightweight Directory Server / ADAM
43
44
  -->
45
+
44
46
  <!-- Windows 2016 -->
47
+
45
48
  <fingerprint pattern="(?im:1.2.840.113556.1.4.800.*domainControllerFunctionality1.{1,5}\x04\x017)">
46
49
  <description>Active Directory Controller on Windows Server 2016</description>
47
50
  <example _encoding="base64">
@@ -56,6 +59,7 @@
56
59
  <param pos="0" name="os.product" value="Windows Server 2016"/>
57
60
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
58
61
  </fingerprint>
62
+
59
63
  <fingerprint pattern="(?im:1.2.840.113556.1.4.1851.*domainControllerFunctionality1.{1,5}\x04\x017)">
60
64
  <description>Microsoft LDS on Windows Server Server 2016</description>
61
65
  <example _encoding="base64">
@@ -70,6 +74,7 @@
70
74
  <param pos="0" name="os.product" value="Windows Server 2016"/>
71
75
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
72
76
  </fingerprint>
77
+
73
78
  <fingerprint pattern="(?im:domainControllerFunctionality1.{1,5}\x04\x017)">
74
79
  <description>Windows Server Server 2016</description>
75
80
  <example _encoding="base64">
@@ -80,7 +85,9 @@
80
85
  <param pos="0" name="os.product" value="Windows Server 2016"/>
81
86
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
82
87
  </fingerprint>
88
+
83
89
  <!-- Windows 2012 R2 -->
90
+
84
91
  <fingerprint pattern="(?im:1.2.840.113556.1.4.800.*domainControllerFunctionality1.{1,5}\x04\x016)">
85
92
  <description>Active Directory Controller on Windows Server 2012 R2</description>
86
93
  <example _encoding="base64">
@@ -95,6 +102,7 @@
95
102
  <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
96
103
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
97
104
  </fingerprint>
105
+
98
106
  <fingerprint pattern="(?im:1.2.840.113556.1.4.1851.*domainControllerFunctionality1.{1,5}\x04\x016)">
99
107
  <description>Microsoft LDS on Windows Server Server 2012 R2</description>
100
108
  <example _encoding="base64">
@@ -109,6 +117,7 @@
109
117
  <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
110
118
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
111
119
  </fingerprint>
120
+
112
121
  <fingerprint pattern="(?im:domainControllerFunctionality1.{1,5}\x04\x016)">
113
122
  <description>Windows Server Server 2012 R2</description>
114
123
  <example _encoding="base64">
@@ -119,7 +128,9 @@
119
128
  <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
120
129
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
121
130
  </fingerprint>
131
+
122
132
  <!-- Windows 2012 -->
133
+
123
134
  <fingerprint pattern="(?im:1.2.840.113556.1.4.800.*domainControllerFunctionality1.{1,5}\x04\x015)">
124
135
  <description>Active Directory Controller on Windows Server 2012</description>
125
136
  <example _encoding="base64">
@@ -134,6 +145,7 @@
134
145
  <param pos="0" name="os.product" value="Windows Server 2012"/>
135
146
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
136
147
  </fingerprint>
148
+
137
149
  <fingerprint pattern="(?im:1.2.840.113556.1.4.1851.*domainControllerFunctionality1.{1,5}\x04\x015)">
138
150
  <description>Microsoft LDS on Windows Server 2012 R2</description>
139
151
  <example _encoding="base64">
@@ -148,6 +160,7 @@
148
160
  <param pos="0" name="os.product" value="Windows Server 2012"/>
149
161
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
150
162
  </fingerprint>
163
+
151
164
  <fingerprint pattern="(?im:domainControllerFunctionality1.{1,5}\x04\x015)">
152
165
  <description>Windows Server Server 2012</description>
153
166
  <example _encoding="base64">
@@ -158,7 +171,9 @@
158
171
  <param pos="0" name="os.product" value="Windows Server 2012"/>
159
172
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
160
173
  </fingerprint>
174
+
161
175
  <!-- Windows 2008 R2 -->
176
+
162
177
  <fingerprint pattern="(?im:1.2.840.113556.1.4.800.*domainControllerFunctionality1.{1,5}\x04\x014)">
163
178
  <description>Active Directory Controller on Windows Server 2008 R2</description>
164
179
  <example _encoding="base64">
@@ -173,6 +188,7 @@
173
188
  <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
174
189
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
175
190
  </fingerprint>
191
+
176
192
  <fingerprint pattern="(?im:1.2.840.113556.1.4.1851.*domainControllerFunctionality1.{1,5}\x04\x014)">
177
193
  <description>Microsoft LDS on Windows Server Server 2008 R2</description>
178
194
  <example _encoding="base64">
@@ -187,10 +203,12 @@
187
203
  <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
188
204
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
189
205
  </fingerprint>
206
+
190
207
  <!--
191
208
  This generic match for domainControllerFunctionality = 4 will capture
192
209
  current Samba implementations. Disable the fingerprint below when testing Samba
193
210
  -->
211
+
194
212
  <fingerprint pattern="(?im:domainControllerFunctionality1.{1,5}\x04\x014)">
195
213
  <description>Windows Server Server 2008 R2</description>
196
214
  <example _encoding="base64">
@@ -201,7 +219,9 @@
201
219
  <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
202
220
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
203
221
  </fingerprint>
222
+
204
223
  <!-- Windows 2008 -->
224
+
205
225
  <fingerprint pattern="(?im:1.2.840.113556.1.4.800.*domainControllerFunctionality1.{1,5}\x04\x013)">
206
226
  <description>Active Directory Controller on Windows Server 2008</description>
207
227
  <example _encoding="base64">
@@ -216,6 +236,7 @@
216
236
  <param pos="0" name="os.product" value="Windows Server 2008"/>
217
237
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
218
238
  </fingerprint>
239
+
219
240
  <fingerprint pattern="(?im:1.2.840.113556.1.4.1851.*domainControllerFunctionality1.{1,5}\x04\x013)">
220
241
  <description>Microsoft LDS on Windows Server 2008</description>
221
242
  <example _encoding="base64">
@@ -230,6 +251,7 @@
230
251
  <param pos="0" name="os.product" value="Windows Server 2008"/>
231
252
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
232
253
  </fingerprint>
254
+
233
255
  <fingerprint pattern="(?im:domainControllerFunctionality1.{1,5}\x04\x013)">
234
256
  <description>Windows Server Server 2008</description>
235
257
  <example _encoding="base64">
@@ -240,7 +262,9 @@
240
262
  <param pos="0" name="os.product" value="Windows Server 2008"/>
241
263
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
242
264
  </fingerprint>
265
+
243
266
  <!-- Windows 2003 -->
267
+
244
268
  <fingerprint pattern="(?im:1.2.840.113556.1.4.800.*domainControllerFunctionality1.{1,5}\x04\x012)">
245
269
  <description>Active Directory Controller on Windows Server 2003</description>
246
270
  <example _encoding="base64">
@@ -255,6 +279,7 @@
255
279
  <param pos="0" name="os.product" value="Windows Server 2003"/>
256
280
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
257
281
  </fingerprint>
282
+
258
283
  <fingerprint pattern="(?im:1.2.840.113556.1.4.1851.*domainControllerFunctionality1.{1,5}\x04\x012)">
259
284
  <description>Microsoft LDS on Windows Server 2003</description>
260
285
  <example _encoding="base64">
@@ -269,6 +294,7 @@
269
294
  <param pos="0" name="os.product" value="Windows Server 2003"/>
270
295
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
271
296
  </fingerprint>
297
+
272
298
  <fingerprint pattern="(?im:domainControllerFunctionality1.{1,5}\x04\x012)">
273
299
  <description>Windows Server Server 2003</description>
274
300
  <example _encoding="base64">
@@ -279,7 +305,9 @@
279
305
  <param pos="0" name="os.product" value="Windows Server 2003"/>
280
306
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
281
307
  </fingerprint>
308
+
282
309
  <!-- Win Server 2000 Service Pack 3 only has two matching supportedCapabilities OIDs, match them and look for explicit end-->
310
+
283
311
  <fingerprint pattern="(?im:supportedCapabilities1.{1,5}\x04\x161.2.840.113556.1.4.800\x04\x171.2.840.113556.1.4.17910.{1,5}\x04.(?:supportedControl|isSynchronized))">
284
312
  <description>Active Directory Controller on Windows Server 2000 SP 3</description>
285
313
  <example _encoding="base64">
@@ -299,7 +327,9 @@
299
327
  <param pos="0" name="os.version" value="Windows Server 2000 SP3"/>
300
328
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:Windows Server 2000 SP3"/>
301
329
  </fingerprint>
330
+
302
331
  <!-- Win Server 2000 RTM only has a single matching supportedCapabilities OID, match it and look for explicit end-->
332
+
303
333
  <fingerprint pattern="(?im:supportedCapabilities1.{1,5}\x04\x161.2.840.113556.1.4.8000.{1,5}\x04.isSynchronized1)">
304
334
  <description>Active Directory Controller on Windows Server 2000</description>
305
335
  <example _encoding="base64">
@@ -314,7 +344,9 @@
314
344
  <param pos="0" name="os.product" value="Windows Server 2000"/>
315
345
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
316
346
  </fingerprint>
347
+
317
348
  <!-- End of Microsoft Windows Section -->
349
+
318
350
  <fingerprint pattern="(?im:top\x04..penLDAProotDSE)">
319
351
  <description>OpenLDAP</description>
320
352
  <example _encoding="base64">
@@ -324,6 +356,7 @@
324
356
  <param pos="0" name="service.product" value="OpenLDAP"/>
325
357
  <param pos="0" name="service.cpe23" value="cpe:/a:openldap:openldap:-"/>
326
358
  </fingerprint>
359
+
327
360
  <fingerprint pattern="(?i:namingcontexts1.\x04.fn=ContactRoot0.[\x02\x04])">
328
361
  <description>Kerio Connect</description>
329
362
  <example service.product="Connect" _encoding="base64">
@@ -333,6 +366,7 @@
333
366
  <param pos="0" name="service.vendor" value="Kerio"/>
334
367
  <param pos="0" name="service.product" value="Connect"/>
335
368
  </fingerprint>
369
+
336
370
  <fingerprint pattern="(?im:vmwPlatformServicesControllerVersion1.\x04.(\d\.\d\.\d)0.)">
337
371
  <description>VMware Platform Services Controller</description>
338
372
  <example service.version="6.0.0" _encoding="base64">
@@ -342,8 +376,11 @@
342
376
  <param pos="0" name="service.product" value="Platform Services Controller"/>
343
377
  <param pos="1" name="service.version"/>
344
378
  </fingerprint>
379
+
345
380
  <!-- Fedora / 389 Project family -->
381
+
346
382
  <!-- http://directory.fedoraproject.org/docs/389ds/FAQ/history.html -->
383
+
347
384
  <fingerprint pattern="(?i:vendorname1.\x04.Fedora Project0.\x04\rvendorversion1.\x04.Fedora-Directory/(\d\.\d[\w.]* B\d+\.\d+\.\d+))">
348
385
  <description>Fedora Project Fedora Directory Server</description>
349
386
  <example service.version="1.0.4 B2006.312.5450" _encoding="base64">
@@ -358,6 +395,7 @@
358
395
  <param pos="0" name="service.product" value="Fedora Directory Server"/>
359
396
  <param pos="1" name="service.version"/>
360
397
  </fingerprint>
398
+
361
399
  <fingerprint pattern="(?i:vendorname1.\x04.389 Project0.\x04\rvendorversion1.\x04.389-Directory/(\d\.\d[\w.]* B\d+\.\d+\.\d+))">
362
400
  <description>389 Project 389 Directory Server</description>
363
401
  <example service.version="1.2.11.25 B2013.325.19510" _encoding="base64">
@@ -368,6 +406,7 @@
368
406
  <param pos="0" name="service.product" value="389 Directory Server"/>
369
407
  <param pos="1" name="service.version"/>
370
408
  </fingerprint>
409
+
371
410
  <fingerprint pattern="(?im:vendorName1.\x04.CentOS0.\x04\rvendorVersion1.\x04.CentOS-Directory/(\d\.\d[\w.]* B\d+\.\d+\.\d+).\x04\v)">
372
411
  <description>CentOS CentOS Directory Server</description>
373
412
  <example service.version="8.2.8 B2012.041.12270" _encoding="base64">
@@ -378,6 +417,7 @@
378
417
  <param pos="0" name="service.product" value="CentOS Directory Server"/>
379
418
  <param pos="1" name="service.version"/>
380
419
  </fingerprint>
420
+
381
421
  <fingerprint pattern="(?im:vendorName1.\x04.Red Hat(?:, Inc.)?0.\x04\rvendorVersion1.\x04.Red Hat-Directory/(\d\.\d[\w.]* B\d+\.\d+\.\d+).\x04\v)">
382
422
  <description>Red Hat Red Hat Directory Server</description>
383
423
  <example service.version="8.2.0 B2010.210.0590" _encoding="base64">
@@ -389,6 +429,7 @@
389
429
  <param pos="1" name="service.version"/>
390
430
  <param pos="0" name="service.cpe23" value="cpe:/a:redhat:directory_server:{service.version}"/>
391
431
  </fingerprint>
432
+
392
433
  <fingerprint pattern="(?i:vendorname1.\x04.Netscape Communications Corp.0.\x04\rvendorversion1.\x04.Netscape-Directory/(\d\.\d[\d.]* B\d+\.\d+\.\d+).\x04\v)">
393
434
  <description>Netscape Directory Server</description>
394
435
  <example service.version="6.11 B2002.281.08530" _encoding="base64">
@@ -403,6 +444,7 @@
403
444
  <param pos="0" name="service.product" value="Netscape Directory Server"/>
404
445
  <param pos="1" name="service.version"/>
405
446
  </fingerprint>
447
+
406
448
  <fingerprint pattern="(?im:IBM Lotus Software0.\x04\rvendorversion1.\x04.Release (\d+\.\d+[\w .]*)0.\x04.dominomajminversion)">
407
449
  <description>IBM (Lotus) Domino LDAP Server - majminversion variant</description>
408
450
  <example service.version="8.5.3" _encoding="base64">
@@ -417,6 +459,7 @@
417
459
  <param pos="0" name="service.product" value="Domino LDAP Server"/>
418
460
  <param pos="1" name="service.version"/>
419
461
  </fingerprint>
462
+
420
463
  <fingerprint pattern="(?im:IBM Lotus Software0.\x04\rvendorversion1.\x04.Release (\d+\.\d+[\w .]*)0\f)">
421
464
  <description>IBM (Lotus) Domino LDAP Server</description>
422
465
  <example service.version="9.0.1FP4 HF523" _encoding="base64">
@@ -427,6 +470,7 @@
427
470
  <param pos="0" name="service.product" value="Domino LDAP Server"/>
428
471
  <param pos="1" name="service.version"/>
429
472
  </fingerprint>
473
+
430
474
  <fingerprint pattern="(?im:IBM Lotus Software0.\x04\rvendorversion1.\x04.Build (V[\w .]*)0.\x04.dominomajminversion)">
431
475
  <description>IBM (Lotus) Domino LDAP Server - build variant</description>
432
476
  <example service.version="V902_12302013" _encoding="base64">
@@ -437,7 +481,9 @@
437
481
  <param pos="0" name="service.product" value="Domino LDAP Server"/>
438
482
  <param pos="1" name="service.version"/>
439
483
  </fingerprint>
484
+
440
485
  <!-- Attachmate Group (NetIQ) purchased Novell in 2011, and then merged w/ Micro Focus in 2014 -->
486
+
441
487
  <fingerprint pattern="(?im:vendorName1\x13\x04\x11NetIQ Corporation0.\x04\rvendorVersion.{4}LDAP Agent for NetIQ eDirectory (\d+\.\d+[\d.]* [\w ]*\([\d.]+\))0.\x04)">
442
488
  <description>NetIQ LDAP Agent for eDirectory</description>
443
489
  <example service.version="8.8 SP8 (20808.06)" _encoding="base64">
@@ -449,6 +495,7 @@
449
495
  <param pos="0" name="service.product" value="LDAP Agent for eDirectory"/>
450
496
  <param pos="1" name="service.version"/>
451
497
  </fingerprint>
498
+
452
499
  <fingerprint pattern="(?im:vendorName1\x0E\x04\fNovell, Inc.0.\x04\rvendorVersion.{4}LDAP Agent for Novell eDirectory (\d+\.\d+[\d.]* [\w ]*\([\d.]+\))0.\x04)">
453
500
  <description>Novell LDAP Agent for eDirectory</description>
454
501
  <example service.version="8.7.3.8 (10554.99)" _encoding="base64">
@@ -463,6 +510,7 @@
463
510
  <param pos="0" name="service.product" value="LDAP Agent for eDirectory"/>
464
511
  <param pos="1" name="service.version"/>
465
512
  </fingerprint>
513
+
466
514
  <fingerprint pattern="(?im:vendorName1\x0E\x04\fNovell, Inc.0/\x04\rvendorVersion1\x1E\x04\x1CeDirectory v(\d+\.\d+[\d.]* [\w ]*\([\d.]+\))0.\x04)">
467
515
  <description>Novell eDirectory</description>
468
516
  <example service.version="8.6.2 (10350.18)" _encoding="base64">
@@ -474,7 +522,9 @@
474
522
  <param pos="1" name="service.version"/>
475
523
  <param pos="0" name="service.cpe23" value="cpe:/a:novell:edirectory:{service.version}"/>
476
524
  </fingerprint>
525
+
477
526
  <!-- Various iterations of Sun, now Oracle, Directory Server -->
527
+
478
528
  <fingerprint pattern="(?i:vendorname1\x18\x04\x16Sun Microsystems, Inc.0.+\x04\rvendorversion1.{1,2}\x04.{1,2}Sun[- ]Java\(tm\)[- ]System[- ]Directory(?: Server)?/(\d\.\d+[\w.]*)0.{1,3}\x04)">
479
529
  <description>Sun Java(TM) System Directory Server</description>
480
530
  <example service.version="5.2_Patch_6" _encoding="base64">
@@ -494,10 +544,11 @@
494
544
  dmVuZG9yTmFtZTEYBBZTdW4gTWljcm9zeXN0ZW1zLCBJbmMuMDoEDXZlbmRvclZlcnNpb24xK
495
545
  QQnU3VuLUphdmEodG0pLVN5c3RlbS1EaXJlY3RvcnkvNi4zLjEuMS4xMIGJBA==
496
546
  </example>
497
- <param pos="0" name="service.vendor" value="Sun Microsystems"/>
547
+ <param pos="0" name="service.vendor" value="Sun"/>
498
548
  <param pos="0" name="service.product" value="Sun Java System Directory Server"/>
499
549
  <param pos="1" name="service.version"/>
500
550
  </fingerprint>
551
+
501
552
  <fingerprint pattern="(?i:vendorname1\x18\x04\x16Sun Microsystems, Inc.0.\x04\rvendorversion1.\x04.Sun-Directory-Server/([\w.]+)0.{1,3}\x04)">
502
553
  <description>Sun Directory Server</description>
503
554
  <example service.version="7.0" _encoding="base64">
@@ -512,10 +563,11 @@
512
563
  dmVuZG9yTmFtZTEYBBZTdW4gTWljcm9zeXN0ZW1zLCBJbmMuMDIEDXZlbmRvclZlcnNpb24xI
513
564
  QQfU3VuLURpcmVjdG9yeS1TZXJ2ZXIvMTEuMS4xLjMuMDAgBA==
514
565
  </example>
515
- <param pos="0" name="service.vendor" value="Sun Microsystems"/>
566
+ <param pos="0" name="service.vendor" value="Sun"/>
516
567
  <param pos="0" name="service.product" value="Sun Directory Server"/>
517
568
  <param pos="1" name="service.version"/>
518
569
  </fingerprint>
570
+
519
571
  <fingerprint pattern="(?i:vendorname1\x14\x04\x12Oracle Corporation0.\x04\rvendorversion1.\x04.Sun-Directory-Server/([\w.]+)[0 ].{1,3}\x04)">
520
572
  <description>Oracle Sun Directory Server</description>
521
573
  <example service.version="11.1.1.7.2" _encoding="base64">
@@ -530,17 +582,20 @@
530
582
  <param pos="0" name="service.product" value="Sun Directory Server"/>
531
583
  <param pos="1" name="service.version"/>
532
584
  </fingerprint>
585
+
533
586
  <fingerprint pattern="(?im:vendorName1\x17\x04\x15Sun Microsystems, Inc0.\x04\rvendorVersion1.\x04.Directory Proxy Server ([\w.]+)0.\x04)">
534
587
  <description>Sun Directory Proxy Server</description>
535
588
  <example service.version="11.1.1.7.1" _encoding="base64">
536
589
  dmVuZG9yTmFtZTEXBBVTdW4gTWljcm9zeXN0ZW1zLCBJbmMwNAQNdmVuZG9yVmVyc2lvbjEjB
537
590
  CFEaXJlY3RvcnkgUHJveHkgU2VydmVyIDExLjEuMS43LjEwRQQ=
538
591
  </example>
539
- <param pos="0" name="service.vendor" value="Sun Microsystems"/>
592
+ <param pos="0" name="service.vendor" value="Sun"/>
540
593
  <param pos="0" name="service.product" value="Sun Directory Proxy Server"/>
541
594
  <param pos="1" name="service.version"/>
542
595
  </fingerprint>
596
+
543
597
  <!-- Very old, rare, same family as above. Roll into those? -->
598
+
544
599
  <fingerprint pattern="(?i:vendorname1.\x04.Sun Microsystems, Inc.0.\x04\rvendorversion1.\x04.Sun-ONE-Directory/([\w.]+)0.\x04)">
545
600
  <description>Sun ONE Directory Server</description>
546
601
  <example service.version="5.2" _encoding="base64">
@@ -551,11 +606,13 @@
551
606
  dmVuZG9yTmFtZTEYBBZTdW4gTWljcm9zeXN0ZW1zLCBJbmMuMDAEDXZlbmRvclZlcnNpb24xH
552
607
  wQdU3VuLU9ORS1EaXJlY3RvcnkvNS4yX1BhdGNoXzEwPgQ=
553
608
  </example>
554
- <param pos="0" name="service.vendor" value="Sun Microsystems"/>
609
+ <param pos="0" name="service.vendor" value="Sun"/>
555
610
  <param pos="0" name="service.product" value="Sun ONE Directory Server"/>
556
611
  <param pos="1" name="service.version"/>
557
612
  </fingerprint>
613
+
558
614
  <!-- IBM [Tivoli | Security] Directory Server -->
615
+
559
616
  <fingerprint pattern="(?im:International Business Machines \(IBM\)0.*\x04\rvendorversion1.\x00\x00\x00.\x04.([\d.]+)0.\x00.*ibm-osregistrycontext1.\x00\x00\x00.\x04.OS400-SYS=)">
560
617
  <description>IBM Security Directory Server on OS/400 (IBM i)</description>
561
618
  <example service.version="5.2" _encoding="base64">
@@ -571,6 +628,7 @@
571
628
  <param pos="1" name="service.version"/>
572
629
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:security_directory_server:{service.version}"/>
573
630
  </fingerprint>
631
+
574
632
  <fingerprint pattern="(?im:vendorname1.+?\x04%International Business Machines \(IBM\)0.+?\x04\rvendorversion1.+?\x04.([\d.]+)0.[\x00\x02\x04])">
575
633
  <description>IBM Security Directory Server</description>
576
634
  <example service.version="5.1" _encoding="base64">
@@ -586,6 +644,7 @@
586
644
  <param pos="1" name="service.version"/>
587
645
  <param pos="0" name="service.cpe23" value="cpe:/a:ibm:security_directory_server:{service.version}"/>
588
646
  </fingerprint>
647
+
589
648
  <fingerprint pattern="(?im:vendorName1.\x00\x00\x00\v\x04\tMirapoint0.\x00\x00\x00.\x04\rvendorVersion1.\x00\x00\x00.\x04.([\d.]+)0.\x00)">
590
649
  <description>Mirapoint LDAP Server</description>
591
650
  <example service.version="3.2" _encoding="base64">
@@ -596,6 +655,7 @@
596
655
  <param pos="0" name="service.product" value="LDAP Server"/>
597
656
  <param pos="1" name="service.version"/>
598
657
  </fingerprint>
658
+
599
659
  <fingerprint pattern="(?im:orcldirectoryversion1.{1,5}\x04.OID ([\d.]+)0.\x00\x00)">
600
660
  <description>Oracle Internet Directory</description>
601
661
  <example service.version="9.0.4.0.0" _encoding="base64">
@@ -605,6 +665,7 @@
605
665
  <param pos="0" name="service.product" value="Internet Directory Server"/>
606
666
  <param pos="1" name="service.version"/>
607
667
  </fingerprint>
668
+
608
669
  <fingerprint pattern="(?im:orcldirectoryversion1.{1,5}\x04.OVD ([\d.]+)0.\x04)">
609
670
  <description>Oracle Virtual Directory</description>
610
671
  <example service.version="11.1.1.6.0" _encoding="base64">
@@ -614,6 +675,7 @@
614
675
  <param pos="0" name="service.product" value="Virtual Directory Server"/>
615
676
  <param pos="1" name="service.version"/>
616
677
  </fingerprint>
678
+
617
679
  <fingerprint pattern="(?im:metaProductID.*\x04\vmetaVersion1\r\x04.([\d.]+)0.\x04)">
618
680
  <description>estos MetaDirectory</description>
619
681
  <example service.version="3.5.22.4291" _encoding="base64">
@@ -626,6 +688,7 @@
626
688
  <param pos="0" name="os.vendor" value="Microsoft"/>
627
689
  <param pos="0" name="os.family" value="Windows"/>
628
690
  </fingerprint>
691
+
629
692
  <fingerprint pattern="(?im:dsaVersion1.\x04,DC Directory Server v(\d+\.\d+[\d.]* \([\w. ]+\))0.\x04)">
630
693
  <description>Cisco Data Connection Directory</description>
631
694
  <example service.version="8.1.00 (build 20150305)" _encoding="base64">
@@ -636,7 +699,9 @@
636
699
  <param pos="0" name="service.product" value="Data Connection Directory"/>
637
700
  <param pos="1" name="service.version"/>
638
701
  </fingerprint>
702
+
639
703
  <!-- Unbound -->
704
+
640
705
  <fingerprint pattern="(?im:vendorName1.\x04.UnboundID Corp.0.\x04\rvendorVersion1.\x04.UnboundID Directory Server ([\d.]+)0\f)">
641
706
  <description>UnboundID Directory Server</description>
642
707
  <example service.version="5.1.5.2" _encoding="base64">
@@ -647,6 +712,7 @@
647
712
  <param pos="0" name="service.product" value="UnboundID Directory Server"/>
648
713
  <param pos="1" name="service.version"/>
649
714
  </fingerprint>
715
+
650
716
  <fingerprint pattern="(?im:vendorName1.\x04.UnboundID Corp.0.\x04\rvendorVersion1.\x04.UnboundID Directory Proxy Server ([\d.]+)0\f)">
651
717
  <description>UnboundID Directory Proxy Server</description>
652
718
  <example service.version="4.7.0.7" _encoding="base64">
@@ -657,6 +723,7 @@
657
723
  <param pos="0" name="service.product" value="UnboundID Directory Proxy Server"/>
658
724
  <param pos="1" name="service.version"/>
659
725
  </fingerprint>
726
+
660
727
  <fingerprint pattern="(?im:namingContexts1.\x04.cn=.?pbx.*\x04.ldapServiceName1.\x04.IPVA-\w+-)" flags="REG_MULTILINE">
661
728
  <description>innovaphone VoIP Gateway Virtual Appliance</description>
662
729
  <example _encoding="base64">
@@ -667,6 +734,7 @@
667
734
  <param pos="0" name="service.family" value="VoiP Gateway"/>
668
735
  <param pos="0" name="service.product" value="IPVA"/>
669
736
  </fingerprint>
737
+
670
738
  <fingerprint pattern="(?im:namingContexts1.\x04.cn=.?pbx.*\x04.ldapServiceName1.\x04.(IP\d+)-\w+-)" flags="REG_MULTILINE">
671
739
  <description>innovaphone VoIP Gateway</description>
672
740
  <example service.product="IP800" _encoding="base64">
@@ -677,6 +745,7 @@
677
745
  <param pos="0" name="service.family" value="VoiP Gateway"/>
678
746
  <param pos="1" name="service.product"/>
679
747
  </fingerprint>
748
+
680
749
  <fingerprint pattern="(?im:namingContexts1.\x04.cn=.?pbx.*\x04.ldapServiceName1.\x04.(IPBS\d*)-\w+-)">
681
750
  <description>Ascom IP-DECT Base Station</description>
682
751
  <example service.product="IPBS2" _encoding="base64">
@@ -687,6 +756,7 @@
687
756
  <param pos="0" name="service.family" value="IP-DECT Base Station"/>
688
757
  <param pos="1" name="service.product"/>
689
758
  </fingerprint>
759
+
690
760
  <fingerprint pattern="(?im:namingContexts1.\x04.cn=.?pbx.*\x04.ldapServiceName1.\x04.(IPBL\d*)-\w+-)">
691
761
  <description>Ascom IP-DECT Gateway</description>
692
762
  <example service.product="IPBL" _encoding="base64">
@@ -697,6 +767,7 @@
697
767
  <param pos="0" name="service.family" value="IP-DECT Gateway"/>
698
768
  <param pos="1" name="service.product"/>
699
769
  </fingerprint>
770
+
700
771
  <fingerprint pattern="(?im:o=Scalix0.\x04.subschemasubentry1.\x04.cn=subSchema,o=Scalix0.\x04.*\x04.xserverversion1.\x04.(\d\d\.\d+\.[\w.-]+)0.\x02)">
701
772
  <description>Scalix LDAP Server</description>
702
773
  <example service.version="11.4.6.13676" _encoding="base64">
@@ -708,4 +779,5 @@
708
779
  <param pos="0" name="service.product" value="LDAP Server"/>
709
780
  <param pos="1" name="service.version"/>
710
781
  </fingerprint>
711
- </fingerprints>
782
+
783
+ </fingerprints>