recog-intrigue 2.3.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (130) hide show
  1. checksums.yaml +7 -0
  2. data/.github/ISSUE_TEMPLATE/bug_report.md +37 -0
  3. data/.github/ISSUE_TEMPLATE/feature_request.md +17 -0
  4. data/.github/ISSUE_TEMPLATE/fingerprint_request.md +27 -0
  5. data/.github/PULL_REQUEST_TEMPLATE +24 -0
  6. data/.gitignore +14 -0
  7. data/.rbenv-gemset +1 -0
  8. data/.rspec +3 -0
  9. data/.ruby-gemset +1 -0
  10. data/.ruby-version +1 -0
  11. data/.travis.yml +25 -0
  12. data/.yardopts +1 -0
  13. data/CONTRIBUTING.md +171 -0
  14. data/COPYING +23 -0
  15. data/Gemfile +10 -0
  16. data/LICENSE +7 -0
  17. data/README.md +85 -0
  18. data/Rakefile +22 -0
  19. data/bin/recog_export +81 -0
  20. data/bin/recog_match +55 -0
  21. data/bin/recog_standardize +118 -0
  22. data/bin/recog_verify +64 -0
  23. data/cpe-remap.yaml +134 -0
  24. data/features/data/failing_banners_fingerprints.xml +20 -0
  25. data/features/data/matching_banners_fingerprints.xml +23 -0
  26. data/features/data/multiple_banners_fingerprints.xml +32 -0
  27. data/features/data/no_tests.xml +3 -0
  28. data/features/data/sample_banner.txt +2 -0
  29. data/features/data/successful_tests.xml +18 -0
  30. data/features/data/tests_with_failures.xml +20 -0
  31. data/features/data/tests_with_warnings.xml +17 -0
  32. data/features/match.feature +36 -0
  33. data/features/support/aruba.rb +3 -0
  34. data/features/support/env.rb +6 -0
  35. data/features/verify.feature +48 -0
  36. data/identifiers/README.md +47 -0
  37. data/identifiers/os_architecture.txt +20 -0
  38. data/identifiers/os_device.txt +52 -0
  39. data/identifiers/os_family.txt +160 -0
  40. data/identifiers/os_product.txt +199 -0
  41. data/identifiers/service_family.txt +185 -0
  42. data/identifiers/service_product.txt +255 -0
  43. data/identifiers/software_class.txt +26 -0
  44. data/identifiers/software_family.txt +91 -0
  45. data/identifiers/software_product.txt +333 -0
  46. data/identifiers/vendor.txt +405 -0
  47. data/lib/recog.rb +4 -0
  48. data/lib/recog/db.rb +78 -0
  49. data/lib/recog/db_manager.rb +31 -0
  50. data/lib/recog/fingerprint.rb +280 -0
  51. data/lib/recog/fingerprint/regexp_factory.rb +56 -0
  52. data/lib/recog/fingerprint/test.rb +18 -0
  53. data/lib/recog/formatter.rb +51 -0
  54. data/lib/recog/match_reporter.rb +77 -0
  55. data/lib/recog/matcher.rb +94 -0
  56. data/lib/recog/matcher_factory.rb +14 -0
  57. data/lib/recog/nizer.rb +347 -0
  58. data/lib/recog/verifier.rb +39 -0
  59. data/lib/recog/verifier_factory.rb +13 -0
  60. data/lib/recog/verify_reporter.rb +86 -0
  61. data/lib/recog/version.rb +3 -0
  62. data/misc/convert_mysql_err +61 -0
  63. data/misc/order.xsl +17 -0
  64. data/recog-intrigue.gemspec +45 -0
  65. data/requirements.txt +2 -0
  66. data/spec/data/best_os_match_1.yml +17 -0
  67. data/spec/data/best_os_match_2.yml +17 -0
  68. data/spec/data/best_service_match_1.yml +17 -0
  69. data/spec/data/smb_native_os.txt +25 -0
  70. data/spec/data/test_fingerprints.xml +36 -0
  71. data/spec/data/verification_fingerprints.xml +86 -0
  72. data/spec/data/whitespaced_fingerprint.xml +5 -0
  73. data/spec/lib/fingerprint_self_test_spec.rb +174 -0
  74. data/spec/lib/recog/db_spec.rb +98 -0
  75. data/spec/lib/recog/fingerprint/regexp_factory_spec.rb +73 -0
  76. data/spec/lib/recog/fingerprint_spec.rb +112 -0
  77. data/spec/lib/recog/formatter_spec.rb +69 -0
  78. data/spec/lib/recog/match_reporter_spec.rb +91 -0
  79. data/spec/lib/recog/nizer_spec.rb +330 -0
  80. data/spec/lib/recog/verify_reporter_spec.rb +113 -0
  81. data/spec/spec_helper.rb +82 -0
  82. data/update_cpes.py +186 -0
  83. data/xml/apache_modules.xml +1911 -0
  84. data/xml/apache_os.xml +273 -0
  85. data/xml/architecture.xml +36 -0
  86. data/xml/dns_versionbind.xml +761 -0
  87. data/xml/fingerprints.xsd +128 -0
  88. data/xml/ftp_banners.xml +1553 -0
  89. data/xml/h323_callresp.xml +603 -0
  90. data/xml/hp_pjl_id.xml +358 -0
  91. data/xml/html_title.xml +1630 -0
  92. data/xml/http_cookies.xml +411 -0
  93. data/xml/http_servers.xml +3195 -0
  94. data/xml/http_wwwauth.xml +595 -0
  95. data/xml/imap_banners.xml +245 -0
  96. data/xml/ldap_searchresult.xml +711 -0
  97. data/xml/mdns_device-info_txt.xml +1796 -0
  98. data/xml/mdns_workstation_txt.xml +15 -0
  99. data/xml/mysql_banners.xml +1649 -0
  100. data/xml/mysql_error.xml +871 -0
  101. data/xml/nntp_banners.xml +82 -0
  102. data/xml/ntp_banners.xml +1223 -0
  103. data/xml/operating_system.xml +629 -0
  104. data/xml/pop_banners.xml +499 -0
  105. data/xml/rsh_resp.xml +76 -0
  106. data/xml/rtsp_servers.xml +76 -0
  107. data/xml/sip_banners.xml +359 -0
  108. data/xml/sip_user_agents.xml +221 -0
  109. data/xml/smb_native_lm.xml +62 -0
  110. data/xml/smb_native_os.xml +662 -0
  111. data/xml/smtp_banners.xml +1690 -0
  112. data/xml/smtp_debug.xml +39 -0
  113. data/xml/smtp_ehlo.xml +49 -0
  114. data/xml/smtp_expn.xml +82 -0
  115. data/xml/smtp_help.xml +157 -0
  116. data/xml/smtp_mailfrom.xml +20 -0
  117. data/xml/smtp_noop.xml +44 -0
  118. data/xml/smtp_quit.xml +29 -0
  119. data/xml/smtp_rcptto.xml +25 -0
  120. data/xml/smtp_rset.xml +26 -0
  121. data/xml/smtp_turn.xml +26 -0
  122. data/xml/smtp_vrfy.xml +89 -0
  123. data/xml/snmp_sysdescr.xml +6507 -0
  124. data/xml/snmp_sysobjid.xml +430 -0
  125. data/xml/ssh_banners.xml +1968 -0
  126. data/xml/telnet_banners.xml +1595 -0
  127. data/xml/x11_banners.xml +232 -0
  128. data/xml/x509_issuers.xml +134 -0
  129. data/xml/x509_subjects.xml +1268 -0
  130. metadata +304 -0
@@ -0,0 +1,595 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <fingerprints matches="http_header.wwwauth" protocol="http" database_type="service" preference="0.85">
3
+ <!-- HTTP WWW-Authenticate headers are matched against these patterns to fingerprint HTTP servers. -->
4
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;access&quot;$">
5
+ <description>Cisco IOS 11.x</description>
6
+ <example>Basic realm="access"</example>
7
+ <param pos="0" name="service.vendor" value="Cisco"/>
8
+ <param pos="0" name="service.product" value="IOS"/>
9
+ <param pos="0" name="service.family" value="IOS"/>
10
+ <param pos="0" name="service.version" value="11"/>
11
+ <param pos="0" name="service.cpe23" value="cpe:/a:cisco:ios:11"/>
12
+ <param pos="0" name="os.vendor" value="Cisco"/>
13
+ <param pos="0" name="os.device" value="Router"/>
14
+ <param pos="0" name="os.family" value="IOS"/>
15
+ <param pos="0" name="os.product" value="IOS"/>
16
+ <param pos="0" name="os.version" value="11"/>
17
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:11"/>
18
+ <param pos="0" name="hw.vendor" value="Cisco"/>
19
+ <param pos="0" name="hw.device" value="Router"/>
20
+ </fingerprint>
21
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;level[ _]15[ _]or[ _]view[ _]access&quot;$">
22
+ <description>Cisco IOS 12.x - view access variant</description>
23
+ <example>Basic realm="level_15 or view_access"</example>
24
+ <example>Basic realm="level_15_or_view_access"</example>
25
+ <param pos="0" name="service.vendor" value="Cisco"/>
26
+ <param pos="0" name="service.product" value="IOS"/>
27
+ <param pos="0" name="service.family" value="IOS"/>
28
+ <param pos="0" name="service.version" value="12"/>
29
+ <param pos="0" name="service.cpe23" value="cpe:/a:cisco:ios:12"/>
30
+ <param pos="0" name="os.vendor" value="Cisco"/>
31
+ <param pos="0" name="os.device" value="Router"/>
32
+ <param pos="0" name="os.family" value="IOS"/>
33
+ <param pos="0" name="os.product" value="IOS"/>
34
+ <param pos="0" name="os.version" value="12"/>
35
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:12"/>
36
+ <param pos="0" name="hw.vendor" value="Cisco"/>
37
+ <param pos="0" name="hw.device" value="Router"/>
38
+ </fingerprint>
39
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;level[ _]\d\d?[ _]access&quot;$">
40
+ <description>Cisco IOS 12.x</description>
41
+ <example>Basic realm="level_15_access"</example>
42
+ <example>Basic realm="level 15 access"</example>
43
+ <param pos="0" name="service.vendor" value="Cisco"/>
44
+ <param pos="0" name="service.product" value="IOS"/>
45
+ <param pos="0" name="service.family" value="IOS"/>
46
+ <param pos="0" name="service.version" value="12"/>
47
+ <param pos="0" name="service.cpe23" value="cpe:/a:cisco:ios:12"/>
48
+ <param pos="0" name="os.vendor" value="Cisco"/>
49
+ <param pos="0" name="os.device" value="Router"/>
50
+ <param pos="0" name="os.family" value="IOS"/>
51
+ <param pos="0" name="os.product" value="IOS"/>
52
+ <param pos="0" name="os.version" value="12"/>
53
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:12"/>
54
+ <param pos="0" name="hw.vendor" value="Cisco"/>
55
+ <param pos="0" name="hw.device" value="Router"/>
56
+ </fingerprint>
57
+ <fingerprint pattern="^Basic realm=&quot;(NetVanta [^&quot;]+)&quot;$" certainty="1.0">
58
+ <description>ADTRAN Netvanta Router</description>
59
+ <example hw.product="NetVanta 1238 PoE">Basic realm=&quot;NetVanta 1238 PoE&quot;</example>
60
+ <param pos="0" name="os.device" value="Router"/>
61
+ <param pos="0" name="os.vendor" value="ADTRAN"/>
62
+ <param pos="0" name="os.family" value="NetVanta"/>
63
+ <param pos="0" name="hw.device" value="Router"/>
64
+ <param pos="0" name="hw.vendor" value="ADTRAN"/>
65
+ <param pos="0" name="hw.family" value="NetVanta"/>
66
+ <param pos="1" name="hw.product"/>
67
+ </fingerprint>
68
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;Cisco_CCSP_CWMP_TCPCR&quot;.*$">
69
+ <description>Generic Cisco CWMP/CPE equipment</description>
70
+ <example>Basic realm="Cisco_CCSP_CWMP_TCPCR"</example>
71
+ <param pos="0" name="hw.vendor" value="Cisco"/>
72
+ </fingerprint>
73
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;FW-1. Reason: no user Server &quot;$">
74
+ <description>Check Point FireWall-1</description>
75
+ <example>Basic realm="FW-1. Reason: no user Server "</example>
76
+ <param pos="0" name="service.vendor" value="Check Point"/>
77
+ <param pos="0" name="service.product" value="Firewall-1"/>
78
+ <param pos="0" name="service.family" value="Firewall-1"/>
79
+ <param pos="0" name="service.cpe23" value="cpe:/a:checkpoint:firewall-1:-"/>
80
+ <param pos="0" name="os.vendor" value="Check Point"/>
81
+ <param pos="0" name="os.device" value="Firewall"/>
82
+ <param pos="0" name="os.family" value="Firewall-1"/>
83
+ <param pos="0" name="os.product" value="Firewall-1"/>
84
+ </fingerprint>
85
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;cpanel&quot;.*">
86
+ <description>cPanel</description>
87
+ <example>Basic realm="cPanel"</example>
88
+ <param pos="0" name="service.vendor" value="cPanel"/>
89
+ <param pos="0" name="service.product" value="cPanel"/>
90
+ </fingerprint>
91
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;APC Management Card&quot;$">
92
+ <description>APC device</description>
93
+ <example>Basic realm="APC Management Card"</example>
94
+ <param pos="0" name="service.vendor" value="APC"/>
95
+ <param pos="0" name="service.product" value="HTTP"/>
96
+ <param pos="0" name="os.vendor" value="APC"/>
97
+ <param pos="0" name="os.device" value="Power device"/>
98
+ </fingerprint>
99
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;ADSL\S* (?:Modem|Router|Modem/Router)&quot;.*$">
100
+ <description>Generic ADSL modems/routers</description>
101
+ <example>Basic realm="ADSL Modem"</example>
102
+ <example>Basic realm="ADSL Modem/Router"</example>
103
+ <example>Basic realm="ADSL Router"</example>
104
+ <example>Basic realm="ADSL2+ Router"</example>
105
+ <param pos="0" name="hw.device" value="ADSL Modem"/>
106
+ </fingerprint>
107
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;Broadband Router&quot;.*$">
108
+ <description>Generic Broadband modems/routers</description>
109
+ <example>Basic realm="Broadband Router"</example>
110
+ <param pos="0" name="hw.device" value="Broadband router"/>
111
+ </fingerprint>
112
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;DSL\S* (?:Modem|Router|Modem/Router)&quot;.*$">
113
+ <description>Generic DSL modems/routers</description>
114
+ <example>Basic realm="DSL Modem"</example>
115
+ <param pos="0" name="hw.device" value="DSL Modem"/>
116
+ </fingerprint>
117
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;DVR&quot;.*$">
118
+ <description>Generic DVR</description>
119
+ <example>Basic realm="DVR"</example>
120
+ <param pos="0" name="hw.device" value="DVR"/>
121
+ </fingerprint>
122
+ <!-- Hikvision is OEMd by a number of DVR manufacturers -->
123
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;(?i:hikvision)&quot;.*$">
124
+ <description>Web server found on DVR and webcam servers sourced from Hikvision</description>
125
+ <example>Basic realm="hikvision"</example>
126
+ <param pos="0" name="service.vendor" value="Hikvision"/>
127
+ <param pos="0" name="service.product" value="Hikvision Web Server"/>
128
+ <param pos="0" name="os.vendor" value="Hikvision"/>
129
+ <param pos="0" name="os.device" value="DVR"/>
130
+ <param pos="0" name="hw.device" value="DVR"/>
131
+ </fingerprint>
132
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;Merit LILIN Ent\. Co\., Ltd.&quot;.*$">
133
+ <description>Merit LILIN generic device</description>
134
+ <example>Basic realm="Merit LILIN Ent. Co., Ltd,"</example>
135
+ <example>Basic realm="Merit LILIN Ent. Co., Ltd."</example>
136
+ <param pos="0" name="hw.vendor" value="Merit LILIN"/>
137
+ </fingerprint>
138
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;Wireless Access Point&quot;.*$">
139
+ <description>Generic WAP</description>
140
+ <example>Basic realm="Wireless Access Point"</example>
141
+ <param pos="0" name="hw.device" value="WAP"/>
142
+ </fingerprint>
143
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;(?:(?:Cube|(?:Mini )?Dome|Day/Night|PAN/Tilt|POE|IR|HD|H.264|Surveillance|Wired|Wireless(?: N)?|Network|Internet|(?:IP(?:[\s_-])?)?Cameras?[\s_]*\d*) ?){1,4}?(?: Login)?&quot;.*$">
144
+ <description>Generic IP Cameras</description>
145
+ <example>Basic realm="camera"</example>
146
+ <example>Basic realm="IPCamera Login"</example>
147
+ <example>Basic realm="Mini Dome IP Camera"</example>
148
+ <param pos="0" name="hw.device" value="Web cam"/>
149
+ </fingerprint>
150
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;(DCS-[^&quot;]+)&quot;.*$">
151
+ <description>D-Link DCS IP Cameras</description>
152
+ <example hw.product="DCS-5222LB1">Basic realm="DCS-5222LB1"</example>
153
+ <example hw.product="DCS-2530L">Basic realm="DCS-2530L"</example>
154
+ <param pos="0" name="hw.vendor" value="D-Link"/>
155
+ <param pos="0" name="hw.device" value="Web cam"/>
156
+ <param pos="1" name="hw.product"/>
157
+ </fingerprint>
158
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;GoAhead&quot;.*$">
159
+ <description>GoAhead webserver</description>
160
+ <example>Basic realm="GoAhead"</example>
161
+ <param pos="0" name="service.vendor" value="Oracle"/>
162
+ <param pos="0" name="service.product" value="GoAhead Webserver"/>
163
+ <param pos="0" name="service.family" value="GoAhead Webserver"/>
164
+ </fingerprint>
165
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;kubernetes-master&quot;.*$">
166
+ <description>Kubernetes master nodes</description>
167
+ <example>Basic realm="kubernetes-master"</example>
168
+ <param pos="0" name="service.vendor" value="Kubernetes"/>
169
+ </fingerprint>
170
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;NETGEAR (Orbi(?:-(?:micro|mini))?)&quot;.*$">
171
+ <description>Netgear Orbi</description>
172
+ <example hw.product="Orbi">Basic realm="NETGEAR Orbi"</example>
173
+ <example hw.product="Orbi-micro">Basic realm="NETGEAR Orbi-micro"</example>
174
+ <param pos="0" name="hw.vendor" value="Netgear"/>
175
+ <param pos="0" name="hw.device" value="WAP"/>
176
+ <param pos="0" name="hw.family" value="Orbi"/>
177
+ <param pos="1" name="hw.product"/>
178
+ </fingerprint>
179
+ <fingerprint pattern="(?i)^(?:Basic|Digest) realm=&quot;RUIJIE(?:-CPE)?&quot;.*$">
180
+ <description>Ruijie Networks generic</description>
181
+ <example>Digest realm="RUIJIE-CPE"</example>
182
+ <param pos="0" name="hw.vendor" value="Ruijie"/>
183
+ </fingerprint>
184
+ <fingerprint pattern="^Basic realm=&quot;SpeedTouch&quot;$">
185
+ <description>Thomson SpeedTouch xDSL router - short variant</description>
186
+ <example>Basic realm="SpeedTouch"</example>
187
+ <param pos="0" name="service.vendor" value="Thomson"/>
188
+ <param pos="0" name="service.product" value="SpeedTouch"/>
189
+ <param pos="0" name="service.family" value="SpeedTouch"/>
190
+ <param pos="0" name="os.vendor" value="Thomson"/>
191
+ <param pos="0" name="os.device" value="Broadband router"/>
192
+ <param pos="0" name="os.family" value="SpeedTouch"/>
193
+ <param pos="0" name="hw.vendor" value="Thomson"/>
194
+ <param pos="0" name="hw.family" value="SpeedTouch"/>
195
+ <param pos="0" name="hw.device" value="Broadband router"/>
196
+ </fingerprint>
197
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;SpeedTouch \(([0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2})\)&quot;$">
198
+ <description>Thomson SpeedTouch xDSL router</description>
199
+ <example host.mac="00-90-D0-F9-91-52">Basic realm="SpeedTouch (00-90-D0-F9-91-52)"</example>
200
+ <param pos="0" name="service.vendor" value="Thomson"/>
201
+ <param pos="0" name="service.product" value="SpeedTouch"/>
202
+ <param pos="0" name="service.family" value="SpeedTouch"/>
203
+ <param pos="0" name="os.vendor" value="Thomson"/>
204
+ <param pos="0" name="os.device" value="Broadband router"/>
205
+ <param pos="0" name="os.family" value="SpeedTouch"/>
206
+ <param pos="0" name="os.product" value="SpeedTouch"/>
207
+ <param pos="0" name="hw.vendor" value="Thomson"/>
208
+ <param pos="0" name="hw.family" value="SpeedTouch"/>
209
+ <param pos="0" name="hw.device" value="Broadband router"/>
210
+ <param pos="1" name="host.mac"/>
211
+ </fingerprint>
212
+ <!--
213
+ Really need some examples for the fingerprints below. The regex and params
214
+ imply that the nonce inlcudes the MAC address.
215
+ -->
216
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;SpeedTouch&quot;, nonce=&quot;[0-9A-Z]+:([0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}):\d+:\d+&quot;, qop=&quot;auth&quot;$">
217
+ <description>Thomson SpeedTouch xDSL router - qop variant</description>
218
+ <param pos="0" name="service.vendor" value="Thomson"/>
219
+ <param pos="0" name="service.product" value="SpeedTouch"/>
220
+ <param pos="0" name="service.family" value="SpeedTouch"/>
221
+ <param pos="0" name="os.vendor" value="Thomson"/>
222
+ <param pos="0" name="os.device" value="Broadband router"/>
223
+ <param pos="0" name="os.family" value="SpeedTouch"/>
224
+ <param pos="0" name="os.product" value="SpeedTouch"/>
225
+ <param pos="0" name="hw.vendor" value="Thomson"/>
226
+ <param pos="0" name="hw.family" value="SpeedTouch"/>
227
+ <param pos="0" name="hw.device" value="Broadband router"/>
228
+ <param pos="1" name="host.mac"/>
229
+ </fingerprint>
230
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;ST (\d+) R 5.x Telecom Italia&quot;, nonce=&quot;[0-9A-Z]+:([0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}):\d+:\d+&quot;, qop=&quot;auth&quot;$">
231
+ <description>Thomson SpeedTouch xDSL router - Telecom Italia</description>
232
+ <param pos="0" name="service.vendor" value="Thomson"/>
233
+ <param pos="0" name="service.product" value="SpeedTouch"/>
234
+ <param pos="0" name="service.family" value="SpeedTouch"/>
235
+ <param pos="0" name="os.vendor" value="Thomson"/>
236
+ <param pos="0" name="os.device" value="Broadband router"/>
237
+ <param pos="0" name="os.family" value="SpeedTouch"/>
238
+ <param pos="0" name="hw.vendor" value="Thomson"/>
239
+ <param pos="0" name="hw.family" value="SpeedTouch"/>
240
+ <param pos="0" name="hw.device" value="Broadband router"/>
241
+ <param pos="1" name="os.product"/>
242
+ <param pos="2" name="host.mac"/>
243
+ </fingerprint>
244
+ <fingerprint pattern="^(?:Basic|Digest).*realm=&quot;Thomson(?: Gateway)?&quot;.*$">
245
+ <description>Thomson generic devices</description>
246
+ <example>Digest realm="Thomson Gateway"</example>
247
+ <example>Basic realm="Thomson"</example>
248
+ <param pos="0" name="hw.vendor" value="Thomson"/>
249
+ <param pos="0" name="hw.device" value="Broadband router"/>
250
+ </fingerprint>
251
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;(?:SmartAX )?(MT\d+[^ ]*)(?: ADSL Router)?&quot;$">
252
+ <description>Huawei xDSL routers</description>
253
+ <example hw.product="MT882">Basic realm="SmartAX MT882"</example>
254
+ <param pos="0" name="service.vendor" value="Huawei"/>
255
+ <param pos="0" name="service.family" value="MT"/>
256
+ <param pos="1" name="service.product"/>
257
+ <param pos="0" name="os.vendor" value="Huawei"/>
258
+ <param pos="0" name="os.device" value="Broadband router"/>
259
+ <param pos="0" name="os.family" value="MT"/>
260
+ <param pos="1" name="os.product"/>
261
+ <param pos="0" name="hw.vendor" value="Huawei"/>
262
+ <param pos="0" name="hw.device" value="Broadband router"/>
263
+ <param pos="0" name="hw.family" value="MT"/>
264
+ <param pos="1" name="hw.product"/>
265
+ </fingerprint>
266
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;HuaweiHomeGateway&quot;.*$">
267
+ <description>Huawei Home Gateway Routers</description>
268
+ <example>Basic realm="HuaweiHomeGateway"</example>
269
+ <param pos="0" name="hw.vendor" value="Huawei"/>
270
+ <param pos="0" name="hw.device" value="Broadband router"/>
271
+ <param pos="0" name="hw.product" value="Home Gateway"/>
272
+ </fingerprint>
273
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;EchoLife .*&quot;.*$">
274
+ <description>Huawei EchoLife Home Gateways</description>
275
+ <example>Basic realm="EchoLife Portal de Inicio"</example>
276
+ <example>Basic realm="EchoLife Home Gateway"</example>
277
+ <param pos="0" name="hw.vendor" value="Huawei"/>
278
+ <param pos="0" name="hw.device" value="Broadband router"/>
279
+ <param pos="0" name="hw.product" value="EchoLife Home Gateway"/>
280
+ </fingerprint>
281
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;(WRT54G\w*)&quot;$">
282
+ <description>Linksys WRT54G wireless access point (dozen of variants of the product)</description>
283
+ <example hw.product="WRT54G">Basic realm="WRT54G"</example>
284
+ <example hw.product="WRT54GL">Basic realm="WRT54GL"</example>
285
+ <example hw.product="WRT54GSV4">Basic realm="WRT54GSV4"</example>
286
+ <example hw.product="WRT54GCv3">Basic realm="WRT54GCv3"</example>
287
+ <param pos="0" name="os.vendor" value="Linksys"/>
288
+ <param pos="0" name="os.device" value="WAP"/>
289
+ <param pos="1" name="os.product"/>
290
+ <param pos="0" name="hw.vendor" value="Linksys"/>
291
+ <param pos="0" name="hw.device" value="WAP"/>
292
+ <param pos="1" name="hw.product"/>
293
+ </fingerprint>
294
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;(TD-[VW8][A-Z0-9]+)(?:| \d+\.\d+)&quot;$">
295
+ <description>TP-LINK SoHo Router - dash variant</description>
296
+ <example>Basic realm="TD-W8901G"</example>
297
+ <example>Basic realm="TD-8840T 2.0"</example>
298
+ <example>Basic realm="TD-8811"</example>
299
+ <param pos="0" name="os.vendor" value="TP-LINK"/>
300
+ <param pos="0" name="os.device" value="Router"/>
301
+ <param pos="1" name="os.product"/>
302
+ </fingerprint>
303
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;(TD8[A-Z0-9]+)&quot;$">
304
+ <description>TP-LINK SoHo Router</description>
305
+ <example>Basic realm="TD854W"</example>
306
+ <example>Basic realm="TD811"</example>
307
+ <example>Basic realm="TD821"</example>
308
+ <example>Basic realm="TD841"</example>
309
+ <param pos="0" name="os.vendor" value="TP-LINK"/>
310
+ <param pos="0" name="os.device" value="Router"/>
311
+ <param pos="1" name="os.product"/>
312
+ </fingerprint>
313
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;TP-LINK.*(?:Access Point|Extender|AP) ([A-Z0-9\-\+]+)&quot;.*$">
314
+ <description>TP-LINK SoHo Router - verbose variant</description>
315
+ <example>Basic realm="TP-LINK Wireless N Access Point WA801N"</example>
316
+ <example>Basic realm="TP-LINK Wireless Range Extender WA830RE"</example>
317
+ <example>Basic realm="TP-LINK Wireless Range Extender WA850RE"</example>
318
+ <example>Basic realm="TP-LINK Wireless AP WA501G"</example>
319
+ <example>Basic realm="TP-LINK Wireless N Access Point WA701ND"</example>
320
+ <example>Basic realm="TP-LINK Wireless N Access Point WA901ND"</example>
321
+ <example>Basic realm="TP-LINK Wireless AP WA601G"</example>
322
+ <example>Basic realm="TP-LINK Wireless AP WR710N"</example>
323
+ <example>Basic realm="TP-LINK Wireless AP WR700N"</example>
324
+ <example>Basic realm="TP-LINK Wireless Range Extender WA750RE"</example>
325
+ <example>Basic realm="TP-LINK Wireless AP WR702N"</example>
326
+ <example>Basic realm="TP-LINK Wireless AP WR800N"</example>
327
+ <example>Basic realm="TP-LINK Wireless Range Extender WA730RE"</example>
328
+ <example>Basic realm="TP-LINK Wireless N Access Point WA805N"</example>
329
+ <example>Basic realm="TP-LINK Wireless N Access Point WA701N"</example>
330
+ <example>Basic realm="TP-LINK Wireless AP WR706N"</example>
331
+ <param pos="0" name="os.vendor" value="TP-LINK"/>
332
+ <param pos="0" name="os.device" value="WAP"/>
333
+ <param pos="1" name="os.product"/>
334
+ </fingerprint>
335
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;TP-LINK (.*Router.*)&quot;.*$">
336
+ <description>TP-LINK Routers</description>
337
+ <example>Basic realm="TP-LINK Wireless N Router WR841N"</example>
338
+ <example>Basic realm="TP-LINK Gigabit Broadband VPN Router R600VPN"</example>
339
+ <example>Basic realm="TP-LINK Wireless Lite N Router WR740N/WR741ND"</example>
340
+ <param pos="0" name="hw.vendor" value="TP-Link"/>
341
+ <param pos="0" name="hw.device" value="Router"/>
342
+ <param pos="1" name="hw.product"/>
343
+ </fingerprint>
344
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;TP-LINK IP-Camera&quot;.*$">
345
+ <description>TP-LINK IP-Cameras</description>
346
+ <example>Basic realm="TP-LINK IP-Camera"</example>
347
+ <param pos="0" name="hw.vendor" value="TP-Link"/>
348
+ <param pos="0" name="hw.device" value="Web cam"/>
349
+ </fingerprint>
350
+ <fingerprint pattern="(?i)^(?:Basic|Digest) .*realm=&quot;Broadcom Management Service&quot;.*$">
351
+ <description>Supposedly part of Broadcom Advanced Control Suite 3 (BACS3) or something similar</description>
352
+ <example>Digest qop="auth", realm="Broadcom Management Service", nonce="AAAAAAAAAAAAAP//DwHpMwYy1zc=", algorithm="MD5"</example>
353
+ <param pos="0" name="service.vendor" value="Broadcom"/>
354
+ <param pos="0" name="service.product" value="Management Service"/>
355
+ </fingerprint>
356
+ <fingerprint pattern="^(?:Basic|Digest) .*realm=&quot;SWAT&quot;.*$">
357
+ <description>Samba Web Administration Tool (SWAT)</description>
358
+ <example>Basic realm="SWAT"</example>
359
+ <param pos="0" name="service.vendor" value="Samba"/>
360
+ <param pos="0" name="service.family" value="Samba"/>
361
+ <param pos="0" name="service.product" value="SWAT"/>
362
+ </fingerprint>
363
+ <fingerprint pattern="^.*(?:Basic|Digest) realm=&quot;SPIP Configuration&quot;.*$">
364
+ <description>SPIP publishing system (www.spip.net)</description>
365
+ <example>Basic realm="SPIP Configuration", Digest realm="SPIP Configuration", nonce="116761147", algorithm="MD5"</example>
366
+ <param pos="0" name="service.vendor" value="SPIP"/>
367
+ <param pos="0" name="service.product" value="SPIP"/>
368
+ <param pos="0" name="service.cpe23" value="cpe:/a:spip:spip:-"/>
369
+ </fingerprint>
370
+ <fingerprint pattern="^.*(?:Basic|Digest) .*realm=&quot;HP ISEE @ ([^&quot;]+)&quot;.*$">
371
+ <description>HP Instant Support Enterprise Edition with a hostname</description>
372
+ <example host.name="blah">Basic realm="HP ISEE @ blah"</example>
373
+ <param pos="0" name="service.vendor" value="HP"/>
374
+ <param pos="0" name="service.product" value="ISEE"/>
375
+ <param pos="1" name="host.name"/>
376
+ </fingerprint>
377
+ <fingerprint pattern="^.*(?:Basic|Digest) .*realm=&quot;BIG-IP&quot;.*$">
378
+ <description>Generic F5 Big-IP</description>
379
+ <example>Basic realm="BIG-IP"</example>
380
+ <param pos="0" name="service.vendor" value="F5"/>
381
+ <param pos="0" name="service.family" value="BIG-IP"/>
382
+ <param pos="0" name="service.product" value="BIG-IP LTM"/>
383
+ <param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
384
+ </fingerprint>
385
+ <!-- HP ProCurve -->
386
+ <fingerprint pattern="(?i)^(?:Basic|Digest) realm=&quot;(?:HP|ProCurve) (J[3]\d{3}A)&quot;$">
387
+ <description>HP ProCurve Hubs</description>
388
+ <example os.product="J3295A">Basic realm="HP J3295A"</example>
389
+ <param pos="0" name="os.vendor" value="HP"/>
390
+ <param pos="0" name="os.family" value="ProCurve"/>
391
+ <param pos="0" name="os.device" value="Hub"/>
392
+ <param pos="1" name="os.product"/>
393
+ </fingerprint>
394
+ <fingerprint pattern="(?i)^(?:Basic|Digest) realm=&quot;(?:HP|ProCurve) (J[489]\d{3}A)&quot;$">
395
+ <description>HP ProCurve Switches</description>
396
+ <example os.product="J4110A">Basic realm="HP J4110A"</example>
397
+ <example os.product="J8164A">Basic realm="ProCurve J8164A"</example>
398
+ <example os.product="J8165A">Basic realm="HP J8165A"</example>
399
+ <example os.product="J9021A">Basic realm="HP J9021A"</example>
400
+ <param pos="0" name="os.vendor" value="HP"/>
401
+ <param pos="0" name="os.family" value="ProCurve"/>
402
+ <param pos="0" name="os.device" value="Switch"/>
403
+ <param pos="1" name="os.product"/>
404
+ </fingerprint>
405
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;SERCOMM CPE Authentication&quot;.*$">
406
+ <description>Assorted Sercomm CPE devices</description>
407
+ <example>Digest realm="SERCOMM CPE Authentication"</example>
408
+ <param pos="0" name="hw.vendor" value="Sercomm"/>
409
+ </fingerprint>
410
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;TiVo DVR&quot;.*$">
411
+ <description>Tivo DVR</description>
412
+ <example>Digest realm="TiVo DVR"</example>
413
+ <param pos="0" name="hw.vendor" value="Tivo"/>
414
+ <param pos="0" name="hw.family" value="DVR"/>
415
+ <param pos="0" name="hw.device" value="DVR"/>
416
+ </fingerprint>
417
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;UBEE&quot;.*$">
418
+ <description>Ubee Cable Modems</description>
419
+ <example>Digest qop="auth", realm="Ubee", nonce="1544738973"</example>
420
+ <param pos="0" name="hw.vendor" value="Ubee"/>
421
+ <param pos="0" name="hw.device" value="Broadband router"/>
422
+ </fingerprint>
423
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;XDB&quot;$">
424
+ <description>Web server providing web services for Oracle's XML DB.</description>
425
+ <example>Basic realm="XDB"</example>
426
+ <param pos="0" name="service.vendor" value="Oracle"/>
427
+ <param pos="0" name="service.product" value="XML DB"/>
428
+ <param pos="0" name="service.family" value="Oracle"/>
429
+ </fingerprint>
430
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;cpe@zte.com&quot;.*$">
431
+ <description>Assorted ZTE CPE devices</description>
432
+ <example>Digest realm="cpe@zte.com"</example>
433
+ <param pos="0" name="hw.vendor" value="ZTE"/>
434
+ </fingerprint>
435
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;ZXHN (\S+)&quot;.*$">
436
+ <description>ZTE ZXHN router</description>
437
+ <example>Basic realm="ZXHN H108L"</example>
438
+ <param pos="0" name="hw.vendor" value="ZTE"/>
439
+ <param pos="0" name="hw.device" value="Router"/>
440
+ <param pos="0" name="hw.family" value="ZXHN"/>
441
+ <param pos="1" name="hw.product"/>
442
+ </fingerprint>
443
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;(ZXV\S* \S+)&quot;.*$">
444
+ <description>ZTE ZXV router</description>
445
+ <example hw.product="ZXV10 W300">Basic realm="ZXV10 W300"</example>
446
+ <param pos="0" name="hw.vendor" value="ZTE"/>
447
+ <param pos="0" name="hw.device" value="Router"/>
448
+ <param pos="0" name="hw.family" value="ZXV"/>
449
+ <param pos="1" name="hw.product"/>
450
+ </fingerprint>
451
+ <!-- a variety of headers we currently just ignore -->
452
+ <fingerprint pattern="(?i)^NTLM$">
453
+ <description>Ignore NTLM-only</description>
454
+ <example>NTLM</example>
455
+ <example>Ntlm</example>
456
+ </fingerprint>
457
+ <fingerprint pattern="^Negotiate$">
458
+ <description>Ignore Negotiate-only</description>
459
+ <example>Negotiate</example>
460
+ </fingerprint>
461
+ <!--
462
+ Using a wildcard . instead of ['&quot;] in the following line will result in
463
+ this fingerprint matching examples from other fingerprints.
464
+ -->
465
+ <fingerprint pattern="^(?:Basic|Digest) .*realm=['&quot;](?:\/|\.|null|\/?index.html?)?['&quot;]">
466
+ <description>Ignore null/empty/period/index.</description>
467
+ <example>Basic realm="null"</example>
468
+ <example>Basic realm="."</example>
469
+ <example>Basic realm=""</example>
470
+ <example>Basic realm="/"</example>
471
+ <example>Basic realm='/'</example>
472
+ <example>Basic realm="index.html"</example>
473
+ </fingerprint>
474
+ <fingerprint pattern="^(?:Basic|Digest) .*realm=&quot;(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)&quot;.*$">
475
+ <description>Ignore realms with an IPv4 address</description>
476
+ <example>Basic realm="192.168.0.1"</example>
477
+ <example>Digest qop="auth", realm="172.16.0.1", nonce="AAAAAAAAAAAAAP//DwHpM0IvM78=", algorithm="MD5"</example>
478
+ </fingerprint>
479
+ <fingerprint pattern="^(?:Basic|Digest) .*realm=&quot;config&quot;.*$">
480
+ <description>Ignore generic 'config' realms</description>
481
+ <example>Digest realm="config", nonce="1155041914", algorithm="MD5", qop="auth"</example>
482
+ </fingerprint>
483
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;[iI]RMC(?:@(IRMC[0-9a-fA-F]{6}))?&quot;.*$">
484
+ <description>Fujitsu Siemens Primergy with BMC RemoteView on an iRMC card</description>
485
+ <example host.name="IRMCA0EC88">Digest realm="iRMC@IRMCA0EC88", qop="auth", nonce="d569ace4-00029040", opaque="29040", stale="FALSE"</example>
486
+ <param pos="0" name="service.vendor" value="Fujitsu Siemens"/>
487
+ <param pos="0" name="service.product" value="RemoteView"/>
488
+ <param pos="0" name="service.family" value="RemoteView"/>
489
+ <param pos="0" name="hw.vendor" value="Fujitsu Siemens"/>
490
+ <param pos="0" name="hw.family" value="Primergy"/>
491
+ <param pos="0" name="hw.product" value="Primergy"/>
492
+ <param pos="1" name="host.name"/>
493
+ </fingerprint>
494
+ <!--
495
+ Temporarily disable this version-less fingerprint because it overrode the
496
+ one in http_servers.xml (see NEX-1255).
497
+
498
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;Lyris ListManager: enter email address and password&quot;$">
499
+ <description>Lyris ListManager</description>
500
+ <example>Basic realm="Lyris ListManager: enter email address and password"</example>
501
+ <param pos="0" name="service.vendor" value="Lyris"/>
502
+ <param pos="0" name="service.product" value="ListManager"/>
503
+ </fingerprint>
504
+ -->
505
+ <!--
506
+ Basic realm= StarVoice
507
+ Basic realm="802.11g Remote-Motion CCD Network Camera"
508
+ Basic realm="Access to Workgroup Switch FX5124"
509
+ Basic realm="ADSL Modem"
510
+ Basic realm="ADSL Modem/Router"
511
+ Basic realm="ADSL Router"
512
+ Basic realm="ADSL2+ Router"
513
+ // Nomadix Access Gateway (AG)
514
+ Basic realm="AG "
515
+ Basic realm="AG"
516
+ Basic realm="Broad Net Mux Corp."
517
+ Basic realm="Cayman-3000"
518
+ Basic realm="Cayman3000 "
519
+ Basic realm="Cayman3000"
520
+ Basic realm="ClubInternet"
521
+ Basic realm="Comcast Home Networking"
522
+ // MegaBit Gear TE xxxx
523
+ Basic realm="Config"
524
+ Basic realm="configuration"
525
+ Basic realm="Connecting to router"
526
+ Basic realm="DB102 ADSL 2/2+ Modem"
527
+ Basic realm="Default: admin/1234"
528
+ Basic realm="device"
529
+ Basic realm="DFL Admin Interface"
530
+ Basic realm="DI-804HV"
531
+ Basic realm="dreambox"
532
+ Basic Realm="DSL-500G Admin Login"
533
+ Basic Realm="DSL-500G"
534
+ Basic Realm="DSL-504G"
535
+ Basic realm="DSL Router"
536
+ Basic realm="DSL WLAN Modem 200"
537
+ Basic realm="Ecco Chimbote"
538
+ Basic realm="Efficient Networks Web User Interface"
539
+ Basic realm="General User"
540
+ Basic realm="geschuetzter Bereich"
541
+ Basic realm="Home Gateway"
542
+ Basic realm="iBoot"
543
+ Basic realm="IES-1000/SAM1008"
544
+ Basic realm="Instant Internet"
545
+ Basic realm="IR IP Camera"
546
+ Basic realm="Linksys BEFSR41/BEFSR11/BEFSRU31"
547
+ Basic realm="Login to the Router Web Configurator"
548
+ Basic realm="Login to Vigor 3300"
549
+ Basic realm="Login"
550
+ Basic realm="MR314"
551
+ Basic realm="NetComm NB1300"
552
+ Basic realm="NETGEAR DG834 "
553
+ Basic realm="NetLinx"
554
+ Basic realm="Netopia-2000"
555
+ Basic realm="Netopia-3000"
556
+ Basic realm="NXU-2"
557
+ Basic realm="OCR-812"
558
+ Basic realm="P653HWI-13"
559
+ Basic realm="Please enter your user name and password on DSL-502T"
560
+ Basic realm="pmdf1"
561
+ Basic realm="Prestige 643"
562
+ Basic realm="Prestige 650H-17"
563
+ Basic realm="Prestige 650H-E1"
564
+ Basic realm="Prestige 792H"
565
+ Basic realm="Private zone"
566
+ Basic realm="privileged access"
567
+ Basic realm="quenta"
568
+ Basic realm="Radware"
569
+ Basic realm="READONLY"
570
+ Basic realm="Roadside"
571
+ Basic realm="Siemens ADSL SL2-141-I"
572
+ Basic realm="Siemens Web User Interface"
573
+ Basic realm="System Configuration"
574
+ Basic realm="TrendChip ADSL Router"
575
+ Basic realm="USR ADSL Gateway"
576
+ Basic realm="Viking"
577
+ basic realm="Vina Technologies T1 Integrator"
578
+ Basic realm="WA3002-g1"
579
+ Basic realm="Web Management"
580
+ Basic realm="Web Manager"
581
+ Basic realm="WebAdmin"
582
+ Basic realm="Webr@cer 8001"
583
+ Basic realm="Wireless Access Point"
584
+ Basic realm="WL-5460AP v2"
585
+ Basic realm="WL500g.Premium"
586
+ Basic realm="WL500W"
587
+ Basic realm="XG6545p2 VoIP Gateway"
588
+ Digest realm="HiPER", domain="222.66.99.209", qop="auth", nonce="aa81b6584c4716f22f1d20e1747c5841", opaque="5ccc069c403ebaf9f0171e9517f40e41", algorithm="MD5", stale="FALSE"
589
+ Digest realm="i3micro VRG", nonce="1186428394", qop="auth", algorithm=MD5
590
+ Digest realm="WatchGuard SOHO Configuration",qop="auth",nonce="7c8e98007db668881687bd538e6e8581"
591
+ -->
592
+ <!-- This is in various PHP coding examples, but is not a reliable FP source:
593
+ Basic realm="User Login"
594
+ -->
595
+ </fingerprints>