recog-intrigue 2.3.7 → 2.3.14
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/SECURITY.md +35 -0
- data/.gitignore +9 -0
- data/CONTRIBUTING.md +136 -37
- data/README.md +18 -16
- data/bin/recog_cleanup +16 -0
- data/bin/recog_standardize +30 -6
- data/cpe-remap.yaml +38 -1
- data/identifiers/README.md +9 -0
- data/identifiers/hw_device.txt +77 -0
- data/identifiers/hw_family.txt +96 -0
- data/identifiers/hw_product.txt +328 -0
- data/identifiers/os_architecture.txt +6 -6
- data/identifiers/os_device.txt +45 -3
- data/identifiers/os_family.txt +206 -41
- data/identifiers/os_product.txt +238 -17
- data/identifiers/service_family.txt +144 -57
- data/identifiers/service_product.txt +385 -83
- data/identifiers/vendor.txt +554 -68
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/update_cpes.py +4 -1
- data/xml/apache_modules.xml +292 -5
- data/xml/apache_os.xml +41 -2
- data/xml/architecture.xml +11 -3
- data/xml/dns_versionbind.xml +200 -26
- data/xml/favicons.xml +1701 -0
- data/xml/ftp_banners.xml +256 -23
- data/xml/h323_callresp.xml +112 -12
- data/xml/hp_pjl_id.xml +47 -5
- data/xml/html_title.xml +1156 -70
- data/xml/http_cookies.xml +69 -11
- data/xml/http_servers.xml +1094 -107
- data/xml/http_wwwauth.xml +143 -27
- data/xml/imap_banners.xml +62 -13
- data/xml/ldap_searchresult.xml +81 -9
- data/xml/mdns_device-info_txt.xml +194 -17
- data/xml/mdns_workstation_txt.xml +4 -2
- data/xml/mysql_banners.xml +233 -40
- data/xml/mysql_error.xml +113 -6
- data/xml/nntp_banners.xml +10 -2
- data/xml/ntp_banners.xml +93 -9
- data/xml/operating_system.xml +90 -3
- data/xml/pop_banners.xml +87 -33
- data/xml/rsh_resp.xml +11 -2
- data/xml/rtsp_servers.xml +43 -23
- data/xml/sip_banners.xml +6 -11
- data/xml/sip_user_agents.xml +29 -2
- data/xml/smb_native_lm.xml +10 -2
- data/xml/smb_native_os.xml +80 -2
- data/xml/smtp_banners.xml +233 -13
- data/xml/smtp_debug.xml +6 -4
- data/xml/smtp_ehlo.xml +7 -5
- data/xml/smtp_expn.xml +13 -4
- data/xml/smtp_help.xml +23 -4
- data/xml/smtp_mailfrom.xml +5 -2
- data/xml/smtp_noop.xml +6 -5
- data/xml/smtp_quit.xml +5 -4
- data/xml/smtp_rcptto.xml +5 -2
- data/xml/smtp_rset.xml +4 -4
- data/xml/smtp_turn.xml +4 -4
- data/xml/smtp_vrfy.xml +14 -4
- data/xml/snmp_sysdescr.xml +741 -32
- data/xml/snmp_sysobjid.xml +47 -2
- data/xml/ssh_banners.xml +255 -81
- data/xml/telnet_banners.xml +503 -30
- data/xml/x11_banners.xml +26 -3
- data/xml/x509_issuers.xml +37 -13
- data/xml/x509_subjects.xml +214 -52
- metadata +12 -5
data/xml/smtp_debug.xml
CHANGED
@@ -1,14 +1,13 @@
|
|
1
|
-
<?xml version=
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
2
2
|
<fingerprints protocol="smtp" database_type="service" preference="0.14">
|
3
3
|
<!--
|
4
4
|
SMTP response lines to the DEBUG command are matched against these patterns
|
5
5
|
(1 line at a time) to fingerprint SMTP servers.
|
6
|
-
|
7
6
|
See comment at the top of smtp_banners.xml for additional info.
|
8
|
-
|
9
7
|
'preference' note: This value has been set so as to implement the ordering
|
10
8
|
of SMTP related fingerprint databases as described in 'smtp_banners.xml'.
|
11
9
|
-->
|
10
|
+
|
12
11
|
<fingerprint pattern="^500 No way!$">
|
13
12
|
<description>Exim</description>
|
14
13
|
<example>500 No way!</example>
|
@@ -17,12 +16,14 @@
|
|
17
16
|
<param pos="0" name="service.product" value="exim"/>
|
18
17
|
<param pos="0" name="service.cpe23" value="cpe:/a:exim:exim:-"/>
|
19
18
|
</fingerprint>
|
19
|
+
|
20
20
|
<fingerprint pattern="^250[ -] *Debug set -NOT!$">
|
21
21
|
<description>TIS FWTK and derivatives (other firewalls, like Gauntlet, are derived from TIS)</description>
|
22
22
|
<param pos="0" name="service.vendor" value="TIS"/>
|
23
23
|
<param pos="0" name="service.family" value="FWTK"/>
|
24
24
|
<param pos="0" name="service.product" value="FWTK"/>
|
25
25
|
</fingerprint>
|
26
|
+
|
26
27
|
<fingerprint pattern="^500[ -]What\? I don't understand that\.$">
|
27
28
|
<description>Alt-N MDaemon SMTP</description>
|
28
29
|
<example>500 What? I don't understand that.</example>
|
@@ -36,4 +37,5 @@
|
|
36
37
|
<param pos="0" name="os.arch" value="x86"/>
|
37
38
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
38
39
|
</fingerprint>
|
39
|
-
|
40
|
+
|
41
|
+
</fingerprints>
|
data/xml/smtp_ehlo.xml
CHANGED
@@ -1,14 +1,13 @@
|
|
1
|
-
<?xml version=
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
2
2
|
<fingerprints protocol="smtp" database_type="service" preference="0.19">
|
3
3
|
<!--
|
4
4
|
SMTP response lines to the EHLO command are matched against these patterns
|
5
5
|
(1 line at a time) to fingerprint SMTP servers.
|
6
|
-
|
7
6
|
See comment at the top of smtp_banners.xml for additional info.
|
8
|
-
|
9
7
|
'preference' note: This value has been set so as to implement the ordering
|
10
8
|
of SMTP related fingerprint databases as described in 'smtp_banners.xml'.
|
11
9
|
-->
|
10
|
+
|
12
11
|
<fingerprint pattern="^500[ -]Syntax error, command "XXXX" unrecognized$">
|
13
12
|
<description>Cisco PIX - changes the command letters to 'X' before passing them to the real SMTP server</description>
|
14
13
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
@@ -16,12 +15,12 @@
|
|
16
15
|
<param pos="0" name="os.product" value="PIX"/>
|
17
16
|
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:pix_firewall_software:-"/>
|
18
17
|
</fingerprint>
|
18
|
+
|
19
19
|
<!--
|
20
20
|
Don't try to infer a fingerprint from XEXCH50, because if we do, it might overwrite
|
21
21
|
a very precise MS IIS SMTP service or MS Exchange Server fingerprint found with the
|
22
22
|
help of smtp_banners.xml. Instead, this case is handled specially by the Jess rule
|
23
23
|
smtp-iis-xexch50-svc-fingerprint. -mrb
|
24
|
-
|
25
24
|
<fingerprint pattern="^250[ -] *XEXCH50.*$">
|
26
25
|
<description>
|
27
26
|
Microsoft Exchange/IIS server
|
@@ -33,7 +32,9 @@
|
|
33
32
|
<param pos="0" name="os.family" value="Windows"/>
|
34
33
|
<param pos="0" name="os.product" value="Windows"/>
|
35
34
|
</fingerprint>
|
35
|
+
|
36
36
|
-->
|
37
|
+
|
37
38
|
<fingerprint pattern="^221[ -]See ya in cyberspace$">
|
38
39
|
<description>221 See ya in cyberspace</description>
|
39
40
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
@@ -46,4 +47,5 @@
|
|
46
47
|
<param pos="0" name="os.arch" value="x86"/>
|
47
48
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
48
49
|
</fingerprint>
|
49
|
-
|
50
|
+
|
51
|
+
</fingerprints>
|
data/xml/smtp_expn.xml
CHANGED
@@ -1,14 +1,13 @@
|
|
1
|
-
<?xml version=
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
2
2
|
<fingerprints protocol="smtp" database_type="service" preference="0.16">
|
3
3
|
<!--
|
4
4
|
SMTP response lines to the EXPN command are matched against these patterns
|
5
5
|
(1 line at a time) to fingerprint SMTP servers.
|
6
|
-
|
7
6
|
See comment at the top of smtp_banners.xml for additional info.
|
8
|
-
|
9
7
|
'preference' note: This value has been set so as to implement the ordering
|
10
8
|
of SMTP related fingerprint databases as described in 'smtp_banners.xml'.
|
11
9
|
-->
|
10
|
+
|
12
11
|
<fingerprint pattern="^500[ -]Syntax error, command "XXXX.*" unrecognized$">
|
13
12
|
<description>Cisco PIX - changes the command letters to 'X' before passing them to the real SMTP server - expn variant</description>
|
14
13
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
@@ -16,6 +15,7 @@
|
|
16
15
|
<param pos="0" name="os.product" value="PIX"/>
|
17
16
|
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:pix_firewall_software:-"/>
|
18
17
|
</fingerprint>
|
18
|
+
|
19
19
|
<fingerprint pattern="^550[ -]EXPN not available to \(.+\) \[.+\] *$">
|
20
20
|
<description>Exim - expn variant 1</description>
|
21
21
|
<example>550 EXPN not available to (foo.bar.com) [192.168.0.1]</example>
|
@@ -24,6 +24,7 @@
|
|
24
24
|
<param pos="0" name="service.product" value="exim"/>
|
25
25
|
<param pos="0" name="service.cpe23" value="cpe:/a:exim:exim:-"/>
|
26
26
|
</fingerprint>
|
27
|
+
|
27
28
|
<fingerprint pattern="^550[ -]EXPN not available to [^ ]+ \(.+\) \[.+\] *$">
|
28
29
|
<description>Exim - expn variant 2</description>
|
29
30
|
<example>550 EXPN not available to evil.com (foo.bar.com) [192.168.0.1]</example>
|
@@ -32,19 +33,23 @@
|
|
32
33
|
<param pos="0" name="service.product" value="exim"/>
|
33
34
|
<param pos="0" name="service.cpe23" value="cpe:/a:exim:exim:-"/>
|
34
35
|
</fingerprint>
|
36
|
+
|
35
37
|
<fingerprint pattern="^500[ -]Don't you wish! *$">
|
36
38
|
<description>GNAT box SMTP</description>
|
37
39
|
<param pos="0" name="service.vendor" value="Global Technology Associates"/>
|
38
40
|
<param pos="0" name="service.family" value="GNAT Box"/>
|
39
41
|
<param pos="0" name="service.product" value="GNAT Box"/>
|
40
42
|
</fingerprint>
|
43
|
+
|
41
44
|
<!-- VM SMTP server doesn't like brackets in EXPN commands... -->
|
45
|
+
|
42
46
|
<fingerprint pattern="^501[ -]Syntax Error\. Only ListId or Userid allowed as argument to this command *$">
|
43
47
|
<description>IBM VM SMTP</description>
|
44
48
|
<param pos="0" name="service.vendor" value="IBM"/>
|
45
49
|
<param pos="0" name="service.family" value="VM"/>
|
46
50
|
<param pos="0" name="service.product" value="VM"/>
|
47
51
|
</fingerprint>
|
52
|
+
|
48
53
|
<fingerprint pattern="^550[ -]lists are confidential *$">
|
49
54
|
<description>Ipswitch IMail Server - expn variant</description>
|
50
55
|
<example>550 lists are confidential</example>
|
@@ -53,6 +58,7 @@
|
|
53
58
|
<param pos="0" name="service.product" value="IMail Server"/>
|
54
59
|
<param pos="0" name="service.cpe23" value="cpe:/a:ipswitch:imail_server:-"/>
|
55
60
|
</fingerprint>
|
61
|
+
|
56
62
|
<fingerprint pattern="^502[ -]command is not active$">
|
57
63
|
<description>Alt-N MDaemon - expn variant</description>
|
58
64
|
<example>502 command is not active</example>
|
@@ -66,12 +72,14 @@
|
|
66
72
|
<param pos="0" name="os.arch" value="x86"/>
|
67
73
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
68
74
|
</fingerprint>
|
75
|
+
|
69
76
|
<fingerprint pattern="^252 Unable to EXPN ".*", but will accept message and attempt delivery *$">
|
70
77
|
<description>Lotus Domino</description>
|
71
78
|
<param pos="0" name="service.vendor" value="Lotus"/>
|
72
79
|
<param pos="0" name="service.family" value="Lotus Domino"/>
|
73
80
|
<param pos="0" name="service.product" value="Lotus Domino"/>
|
74
81
|
</fingerprint>
|
82
|
+
|
75
83
|
<fingerprint pattern="^550[ -]Unable to find list '.*'\.$">
|
76
84
|
<description>Seattle Labs SLMail</description>
|
77
85
|
<example>550 Unable to find list 'list'.</example>
|
@@ -79,4 +87,5 @@
|
|
79
87
|
<param pos="0" name="service.family" value="SLMail"/>
|
80
88
|
<param pos="0" name="service.product" value="SLMail"/>
|
81
89
|
</fingerprint>
|
82
|
-
|
90
|
+
|
91
|
+
</fingerprints>
|
data/xml/smtp_help.xml
CHANGED
@@ -1,14 +1,13 @@
|
|
1
|
-
<?xml version=
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
2
2
|
<fingerprints protocol="smtp" database_type="service" preference="0.18">
|
3
3
|
<!--
|
4
4
|
SMTP response lines to the HELP command are matched against these patterns
|
5
5
|
(1 line at a time) to fingerprint SMTP servers.
|
6
|
-
|
7
6
|
See comment at the top of smtp_banners.xml for additional info.
|
8
|
-
|
9
7
|
'preference' note: This value has been set so as to implement the ordering
|
10
8
|
of SMTP related fingerprint databases as described in 'smtp_banners.xml'.
|
11
9
|
-->
|
10
|
+
|
12
11
|
<fingerprint pattern="^214[ -]This is ArGoSoft Mail Server, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
|
13
12
|
<description>ArgoSoft mail server HELP response with version</description>
|
14
13
|
<example service.version="1.4.0.3">214-This is ArGoSoft Mail Server, Version 1.4 (1.4.0.3)</example>
|
@@ -17,6 +16,7 @@
|
|
17
16
|
<param pos="0" name="service.product" value="Mail Server"/>
|
18
17
|
<param pos="1" name="service.version"/>
|
19
18
|
</fingerprint>
|
19
|
+
|
20
20
|
<fingerprint pattern="^214[ -].*support@argosoft\.com *$">
|
21
21
|
<description>ArgoSoft mail server HELP response</description>
|
22
22
|
<example>214-To report bug, send mail to support@argosoft.com</example>
|
@@ -24,6 +24,7 @@
|
|
24
24
|
<param pos="0" name="service.family" value="Mail Server"/>
|
25
25
|
<param pos="0" name="service.product" value="Mail Server"/>
|
26
26
|
</fingerprint>
|
27
|
+
|
27
28
|
<fingerprint pattern="^500[ -]Syntax error, command "XXXX" unrecognized$">
|
28
29
|
<description>Cisco PIX - changes the command letters to 'X' before passing them to the real SMTP server</description>
|
29
30
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
@@ -31,6 +32,7 @@
|
|
31
32
|
<param pos="0" name="os.product" value="PIX"/>
|
32
33
|
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:pix_firewall_software:-"/>
|
33
34
|
</fingerprint>
|
35
|
+
|
34
36
|
<fingerprint pattern="^500[ -]5.5.1 unrecognised command HELP$">
|
35
37
|
<description>Eudora IMS uses the British spelling "unrecognised"</description>
|
36
38
|
<param pos="0" name="service.vendor" value="Eudora"/>
|
@@ -41,6 +43,7 @@
|
|
41
43
|
<param pos="0" name="os.product" value="Mac OS"/>
|
42
44
|
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os:-"/>
|
43
45
|
</fingerprint>
|
46
|
+
|
44
47
|
<fingerprint pattern="^214[ -]([^ ]+) is running the IBM VM operating system$">
|
45
48
|
<description>IBM VM</description>
|
46
49
|
<param pos="0" name="service.vendor" value="IBM"/>
|
@@ -48,10 +51,12 @@
|
|
48
51
|
<param pos="0" name="service.product" value="VM"/>
|
49
52
|
<param pos="1" name="host.name"/>
|
50
53
|
</fingerprint>
|
54
|
+
|
51
55
|
<!--
|
52
56
|
Shouldn't we ignore XEXCH50 for the same reasons than described in the XEXCH50 regex
|
53
57
|
in smtp_ehlo.xml ? -mrb
|
54
58
|
-->
|
59
|
+
|
55
60
|
<fingerprint pattern="^214[ -].* XEXCH50 *.*$">
|
56
61
|
<description>Microsoft Exchange/IIS server</description>
|
57
62
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
@@ -63,6 +68,7 @@
|
|
63
68
|
<param pos="0" name="os.product" value="Windows"/>
|
64
69
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
65
70
|
</fingerprint>
|
71
|
+
|
66
72
|
<fingerprint pattern="^214[ -]Help system currently inactive\.$">
|
67
73
|
<description>Alt-N MDaemon - 214 Help system currently inactive.</description>
|
68
74
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
@@ -75,6 +81,7 @@
|
|
75
81
|
<param pos="0" name="os.arch" value="x86"/>
|
76
82
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
77
83
|
</fingerprint>
|
84
|
+
|
78
85
|
<fingerprint pattern="^214[ -].*This is MERAK ([^ ]+\.[^ ]+\.[^ ]+).*$">
|
79
86
|
<description> Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)</description>
|
80
87
|
<param pos="0" name="service.vendor" value="Merak"/>
|
@@ -82,6 +89,7 @@
|
|
82
89
|
<param pos="0" name="service.product" value="Mail Server"/>
|
83
90
|
<param pos="1" name="service.version"/>
|
84
91
|
</fingerprint>
|
92
|
+
|
85
93
|
<fingerprint pattern="^214[ -].*This is Merak ([^ ]+\.[^ ]+\.[^ ]+).*$">
|
86
94
|
<description>Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x) - variant 1</description>
|
87
95
|
<param pos="0" name="service.vendor" value="Merak"/>
|
@@ -89,18 +97,21 @@
|
|
89
97
|
<param pos="0" name="service.product" value="Mail Server"/>
|
90
98
|
<param pos="1" name="service.version"/>
|
91
99
|
</fingerprint>
|
100
|
+
|
92
101
|
<fingerprint pattern="^214[ -].*bugs@merakmail\.com.*$">
|
93
102
|
<description>Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x) - email variant</description>
|
94
103
|
<param pos="0" name="service.vendor" value="Merak"/>
|
95
104
|
<param pos="0" name="service.family" value="Mail Server"/>
|
96
105
|
<param pos="0" name="service.product" value="Mail Server"/>
|
97
106
|
</fingerprint>
|
107
|
+
|
98
108
|
<fingerprint pattern="^214[ -].*bugs@icewarp\.com.*$">
|
99
109
|
<description>Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x) - icewarp variant </description>
|
100
110
|
<param pos="0" name="service.vendor" value="Merak"/>
|
101
111
|
<param pos="0" name="service.family" value="Mail Server"/>
|
102
112
|
<param pos="0" name="service.product" value="Mail Server"/>
|
103
113
|
</fingerprint>
|
114
|
+
|
104
115
|
<fingerprint pattern="^214[ -]qmail home page: http://pobox.com/~djb/qmail.html *$">
|
105
116
|
<description>QMail - help variant</description>
|
106
117
|
<example>214 qmail home page: http://pobox.com/~djb/qmail.html</example>
|
@@ -108,6 +119,7 @@
|
|
108
119
|
<param pos="0" name="service.family" value="qmail"/>
|
109
120
|
<param pos="0" name="service.product" value="qmail"/>
|
110
121
|
</fingerprint>
|
122
|
+
|
111
123
|
<fingerprint pattern="^214[ -].*contact the Digital Customer Support Center at 1-800-354-9000.*$">
|
112
124
|
<description>Sendmail on Digital OSF UNIX</description>
|
113
125
|
<param pos="0" name="service.family" value="Sendmail"/>
|
@@ -117,18 +129,21 @@
|
|
117
129
|
<param pos="0" name="os.family" value="Digital UNIX"/>
|
118
130
|
<param pos="0" name="os.product" value="OSF/1"/>
|
119
131
|
</fingerprint>
|
132
|
+
|
120
133
|
<fingerprint pattern="^214[ -]2.0.0 This is [s|S]endmail version ([^ ]+)$">
|
121
134
|
<description>Sendmail often returns version information for HELP, even when the greeting is obscured</description>
|
122
135
|
<param pos="0" name="service.family" value="Sendmail"/>
|
123
136
|
<param pos="0" name="service.product" value="Sendmail"/>
|
124
137
|
<param pos="1" name="service.version"/>
|
125
138
|
</fingerprint>
|
139
|
+
|
126
140
|
<fingerprint pattern="^214[ -]This is [s|S]endmail version ([^ ]+)$">
|
127
141
|
<description>Sendmail often returns version information for HELP - variant 1</description>
|
128
142
|
<param pos="0" name="service.family" value="Sendmail"/>
|
129
143
|
<param pos="0" name="service.product" value="Sendmail"/>
|
130
144
|
<param pos="1" name="service.version"/>
|
131
145
|
</fingerprint>
|
146
|
+
|
132
147
|
<fingerprint pattern="^502[ -]5\.3\.0 Sendmail ([^ ]+) -- HELP not implemented$">
|
133
148
|
<description>Sendmail - help not implemented variant</description>
|
134
149
|
<example>502 5.3.0 Sendmail 8.11.2 -- HELP not implemented</example>
|
@@ -136,22 +151,26 @@
|
|
136
151
|
<param pos="0" name="service.product" value="Sendmail"/>
|
137
152
|
<param pos="1" name="service.version"/>
|
138
153
|
</fingerprint>
|
154
|
+
|
139
155
|
<fingerprint pattern="^214[ -].*sendmail-bugs@sendmail\.org.*$">
|
140
156
|
<description>Sendmail often returns version information for HELP - email variant</description>
|
141
157
|
<param pos="0" name="service.family" value="Sendmail"/>
|
142
158
|
<param pos="0" name="service.product" value="Sendmail"/>
|
143
159
|
<param pos="0" name="service.certainty" value="0.85"/>
|
144
160
|
</fingerprint>
|
161
|
+
|
145
162
|
<fingerprint pattern="^241[ -].*$">
|
146
163
|
<description>ZMailer versions earlier than 2.99.21 mistakenly return the status code 241 on some HELP response lines (instead of 214).</description>
|
147
164
|
<param pos="0" name="service.vendor" value="ZMailer"/>
|
148
165
|
<param pos="0" name="service.family" value="ZMailer"/>
|
149
166
|
<param pos="0" name="service.product" value="ZMailer"/>
|
150
167
|
</fingerprint>
|
168
|
+
|
151
169
|
<fingerprint pattern="^214[ -].*Yoyodyne Propulsion.*$">
|
152
170
|
<description>ZMailer has distinctive default HELP text in smtpserver.conf</description>
|
153
171
|
<param pos="0" name="service.vendor" value="ZMailer"/>
|
154
172
|
<param pos="0" name="service.family" value="ZMailer"/>
|
155
173
|
<param pos="0" name="service.product" value="ZMailer"/>
|
156
174
|
</fingerprint>
|
157
|
-
|
175
|
+
|
176
|
+
</fingerprints>
|
data/xml/smtp_mailfrom.xml
CHANGED
@@ -1,8 +1,9 @@
|
|
1
|
-
<?xml version=
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
2
2
|
<fingerprints protocol="smtp" database_type="service">
|
3
3
|
<!--
|
4
4
|
This file is currently unused.
|
5
5
|
-->
|
6
|
+
|
6
7
|
<fingerprint pattern="250 .* is syntactically correct *">
|
7
8
|
<description>exim</description>
|
8
9
|
<example>250 <nosuchuser@rapid7.com> is syntactically correct</example>
|
@@ -11,10 +12,12 @@
|
|
11
12
|
<param pos="0" name="service.product" value="exim"/>
|
12
13
|
<param pos="0" name="service.cpe23" value="cpe:/a:exim:exim:-"/>
|
13
14
|
</fingerprint>
|
15
|
+
|
14
16
|
<fingerprint pattern="501[ -]System error\. *">
|
15
17
|
<description>GNAT Box SMTP</description>
|
16
18
|
<param pos="0" name="service.vendor" value="Global Technology Associates"/>
|
17
19
|
<param pos="0" name="service.family" value="GNAT Box"/>
|
18
20
|
<param pos="0" name="service.product" value="GNAT Box"/>
|
19
21
|
</fingerprint>
|
20
|
-
|
22
|
+
|
23
|
+
</fingerprints>
|
data/xml/smtp_noop.xml
CHANGED
@@ -1,15 +1,13 @@
|
|
1
|
-
<?xml version=
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
2
2
|
<fingerprints protocol="smtp" database_type="service" preference="0.17">
|
3
3
|
<!--
|
4
4
|
SMTP response lines to the NOOP command are matched against these patterns
|
5
5
|
(1 line at a time) to fingerprint SMTP servers.
|
6
|
-
|
7
6
|
See comment at the top of smtp_banners.xml for additional info.
|
8
|
-
|
9
7
|
'preference' note: This value has been set so as to implement the ordering
|
10
8
|
of SMTP related fingerprint databases as described in 'smtp_banners.xml'.
|
11
|
-
|
12
9
|
-->
|
10
|
+
|
13
11
|
<fingerprint pattern="^220 OK.*$">
|
14
12
|
<description>CheckPoint FireWall-1 returns code 220 for NOOP command (instead of 250)</description>
|
15
13
|
<param pos="0" name="service.vendor" value="Check Point"/>
|
@@ -17,6 +15,7 @@
|
|
17
15
|
<param pos="0" name="service.product" value="Firewall-1"/>
|
18
16
|
<param pos="0" name="service.cpe23" value="cpe:/a:checkpoint:firewall-1:-"/>
|
19
17
|
</fingerprint>
|
18
|
+
|
20
19
|
<fingerprint pattern="^250[ -]2.0.0 doing nothing$">
|
21
20
|
<description>Eudora IMS - noop variant</description>
|
22
21
|
<example>250 2.0.0 doing nothing</example>
|
@@ -28,6 +27,7 @@
|
|
28
27
|
<param pos="0" name="os.product" value="Mac OS"/>
|
29
28
|
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os:-"/>
|
30
29
|
</fingerprint>
|
30
|
+
|
31
31
|
<fingerprint pattern="^250[ -]Why is there an NOOP instruction\?$">
|
32
32
|
<description>Alt-N MDaemon - noop variant</description>
|
33
33
|
<example>250 Why is there an NOOP instruction?</example>
|
@@ -41,4 +41,5 @@
|
|
41
41
|
<param pos="0" name="os.arch" value="x86"/>
|
42
42
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
43
43
|
</fingerprint>
|
44
|
-
|
44
|
+
|
45
|
+
</fingerprints>
|
data/xml/smtp_quit.xml
CHANGED
@@ -1,14 +1,13 @@
|
|
1
|
-
<?xml version=
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
2
2
|
<fingerprints protocol="smtp" database_type="service" preference="0.11">
|
3
3
|
<!--
|
4
4
|
SMTP response lines to the QUIT command are matched against these patterns
|
5
5
|
(1 line at a time) to fingerprint SMTP servers.
|
6
|
-
|
7
6
|
See comment at the top of smtp_banners.xml for additional info.
|
8
|
-
|
9
7
|
'preference' note: This value has been set so as to implement the ordering
|
10
8
|
of SMTP related fingerprint databases as described in 'smtp_banners.xml'.
|
11
9
|
-->
|
10
|
+
|
12
11
|
<fingerprint pattern="^221[ -]See ya in cyberspace$">
|
13
12
|
<description>221 See ya in cyberspace</description>
|
14
13
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
@@ -21,9 +20,11 @@
|
|
21
20
|
<param pos="0" name="os.arch" value="x86"/>
|
22
21
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
23
22
|
</fingerprint>
|
23
|
+
|
24
24
|
<fingerprint pattern="^503[ -]5\.5\.0 Not accepting any command except QUIT$">
|
25
25
|
<description>Raptor Firewall</description>
|
26
26
|
<example>503 5.5.0 Not accepting any command except QUIT</example>
|
27
27
|
<param pos="0" name="service.product" value="raptor"/>
|
28
28
|
</fingerprint>
|
29
|
-
|
29
|
+
|
30
|
+
</fingerprints>
|
data/xml/smtp_rcptto.xml
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
<?xml version=
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
2
2
|
<fingerprints protocol="smtp" database_type="service">
|
3
3
|
<!--
|
4
4
|
<fingerprint pattern="501[ -]Invalid domain *">
|
@@ -14,7 +14,9 @@
|
|
14
14
|
<param pos="0" name="service.family" value="GNAT Box"/>
|
15
15
|
<param pos="0" name="service.product" value="GNAT Box"/>
|
16
16
|
</fingerprint>
|
17
|
+
|
17
18
|
-->
|
19
|
+
|
18
20
|
<fingerprint pattern="550[ -]not local host .*, not a gateway *">
|
19
21
|
<description>550 not local host foo.bar, not a gateway</description>
|
20
22
|
<param pos="0" name="service.vendor" value="Ipswitch"/>
|
@@ -22,4 +24,5 @@
|
|
22
24
|
<param pos="0" name="service.product" value="IMail Server"/>
|
23
25
|
<param pos="0" name="service.cpe23" value="cpe:/a:ipswitch:imail_server:-"/>
|
24
26
|
</fingerprint>
|
25
|
-
|
27
|
+
|
28
|
+
</fingerprints>
|
data/xml/smtp_rset.xml
CHANGED
@@ -1,14 +1,13 @@
|
|
1
|
-
<?xml version=
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
2
2
|
<fingerprints protocol="smtp" database_type="service" preference="0.12">
|
3
3
|
<!--
|
4
4
|
SMTP response lines to the RSET command are matched against these patterns
|
5
5
|
(1 line at a time) to fingerprint SMTP servers.
|
6
|
-
|
7
6
|
See comment at the top of smtp_banners.xml for additional info.
|
8
|
-
|
9
7
|
'preference' note: This value has been set so as to implement the ordering
|
10
8
|
of SMTP related fingerprint databases as described in 'smtp_banners.xml'.
|
11
9
|
-->
|
10
|
+
|
12
11
|
<fingerprint pattern="^250[ -]RSET\? Well, OK\.$">
|
13
12
|
<description>
|
14
13
|
500 What? I don't understand that.
|
@@ -23,4 +22,5 @@
|
|
23
22
|
<param pos="0" name="os.arch" value="x86"/>
|
24
23
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
25
24
|
</fingerprint>
|
26
|
-
|
25
|
+
|
26
|
+
</fingerprints>
|