RubyGems - recog-intrigue - Versions diffs - 2.3.7 - Mend

recog-intrigue 2.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (130) hide show

checksums.yaml +7 -0
data/.github/ISSUE_TEMPLATE/bug_report.md +37 -0
data/.github/ISSUE_TEMPLATE/feature_request.md +17 -0
data/.github/ISSUE_TEMPLATE/fingerprint_request.md +27 -0
data/.github/PULL_REQUEST_TEMPLATE +24 -0
data/.gitignore +14 -0
data/.rbenv-gemset +1 -0
data/.rspec +3 -0
data/.ruby-gemset +1 -0
data/.ruby-version +1 -0
data/.travis.yml +25 -0
data/.yardopts +1 -0
data/CONTRIBUTING.md +171 -0
data/COPYING +23 -0
data/Gemfile +10 -0
data/LICENSE +7 -0
data/README.md +85 -0
data/Rakefile +22 -0
data/bin/recog_export +81 -0
data/bin/recog_match +55 -0
data/bin/recog_standardize +118 -0
data/bin/recog_verify +64 -0
data/cpe-remap.yaml +134 -0
data/features/data/failing_banners_fingerprints.xml +20 -0
data/features/data/matching_banners_fingerprints.xml +23 -0
data/features/data/multiple_banners_fingerprints.xml +32 -0
data/features/data/no_tests.xml +3 -0
data/features/data/sample_banner.txt +2 -0
data/features/data/successful_tests.xml +18 -0
data/features/data/tests_with_failures.xml +20 -0
data/features/data/tests_with_warnings.xml +17 -0
data/features/match.feature +36 -0
data/features/support/aruba.rb +3 -0
data/features/support/env.rb +6 -0
data/features/verify.feature +48 -0
data/identifiers/README.md +47 -0
data/identifiers/os_architecture.txt +20 -0
data/identifiers/os_device.txt +52 -0
data/identifiers/os_family.txt +160 -0
data/identifiers/os_product.txt +199 -0
data/identifiers/service_family.txt +185 -0
data/identifiers/service_product.txt +255 -0
data/identifiers/software_class.txt +26 -0
data/identifiers/software_family.txt +91 -0
data/identifiers/software_product.txt +333 -0
data/identifiers/vendor.txt +405 -0
data/lib/recog.rb +4 -0
data/lib/recog/db.rb +78 -0
data/lib/recog/db_manager.rb +31 -0
data/lib/recog/fingerprint.rb +280 -0
data/lib/recog/fingerprint/regexp_factory.rb +56 -0
data/lib/recog/fingerprint/test.rb +18 -0
data/lib/recog/formatter.rb +51 -0
data/lib/recog/match_reporter.rb +77 -0
data/lib/recog/matcher.rb +94 -0
data/lib/recog/matcher_factory.rb +14 -0
data/lib/recog/nizer.rb +347 -0
data/lib/recog/verifier.rb +39 -0
data/lib/recog/verifier_factory.rb +13 -0
data/lib/recog/verify_reporter.rb +86 -0
data/lib/recog/version.rb +3 -0
data/misc/convert_mysql_err +61 -0
data/misc/order.xsl +17 -0
data/recog-intrigue.gemspec +45 -0
data/requirements.txt +2 -0
data/spec/data/best_os_match_1.yml +17 -0
data/spec/data/best_os_match_2.yml +17 -0
data/spec/data/best_service_match_1.yml +17 -0
data/spec/data/smb_native_os.txt +25 -0
data/spec/data/test_fingerprints.xml +36 -0
data/spec/data/verification_fingerprints.xml +86 -0
data/spec/data/whitespaced_fingerprint.xml +5 -0
data/spec/lib/fingerprint_self_test_spec.rb +174 -0
data/spec/lib/recog/db_spec.rb +98 -0
data/spec/lib/recog/fingerprint/regexp_factory_spec.rb +73 -0
data/spec/lib/recog/fingerprint_spec.rb +112 -0
data/spec/lib/recog/formatter_spec.rb +69 -0
data/spec/lib/recog/match_reporter_spec.rb +91 -0
data/spec/lib/recog/nizer_spec.rb +330 -0
data/spec/lib/recog/verify_reporter_spec.rb +113 -0
data/spec/spec_helper.rb +82 -0
data/update_cpes.py +186 -0
data/xml/apache_modules.xml +1911 -0
data/xml/apache_os.xml +273 -0
data/xml/architecture.xml +36 -0
data/xml/dns_versionbind.xml +761 -0
data/xml/fingerprints.xsd +128 -0
data/xml/ftp_banners.xml +1553 -0
data/xml/h323_callresp.xml +603 -0
data/xml/hp_pjl_id.xml +358 -0
data/xml/html_title.xml +1630 -0
data/xml/http_cookies.xml +411 -0
data/xml/http_servers.xml +3195 -0
data/xml/http_wwwauth.xml +595 -0
data/xml/imap_banners.xml +245 -0
data/xml/ldap_searchresult.xml +711 -0
data/xml/mdns_device-info_txt.xml +1796 -0
data/xml/mdns_workstation_txt.xml +15 -0
data/xml/mysql_banners.xml +1649 -0
data/xml/mysql_error.xml +871 -0
data/xml/nntp_banners.xml +82 -0
data/xml/ntp_banners.xml +1223 -0
data/xml/operating_system.xml +629 -0
data/xml/pop_banners.xml +499 -0
data/xml/rsh_resp.xml +76 -0
data/xml/rtsp_servers.xml +76 -0
data/xml/sip_banners.xml +359 -0
data/xml/sip_user_agents.xml +221 -0
data/xml/smb_native_lm.xml +62 -0
data/xml/smb_native_os.xml +662 -0
data/xml/smtp_banners.xml +1690 -0
data/xml/smtp_debug.xml +39 -0
data/xml/smtp_ehlo.xml +49 -0
data/xml/smtp_expn.xml +82 -0
data/xml/smtp_help.xml +157 -0
data/xml/smtp_mailfrom.xml +20 -0
data/xml/smtp_noop.xml +44 -0
data/xml/smtp_quit.xml +29 -0
data/xml/smtp_rcptto.xml +25 -0
data/xml/smtp_rset.xml +26 -0
data/xml/smtp_turn.xml +26 -0
data/xml/smtp_vrfy.xml +89 -0
data/xml/snmp_sysdescr.xml +6507 -0
data/xml/snmp_sysobjid.xml +430 -0
data/xml/ssh_banners.xml +1968 -0
data/xml/telnet_banners.xml +1595 -0
data/xml/x11_banners.xml +232 -0
data/xml/x509_issuers.xml +134 -0
data/xml/x509_subjects.xml +1268 -0
metadata +304 -0

data/xml/sip_user_agents.xml ADDED

@@ -0,0 +1,221 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<fingerprints matches="sip_header.user_agent" protocol="sip" database_type="service">
+  <!--
+  SIP User Agent header values are matched against these patterns to fingerprint SIP devices.
+  -->
+  <!-- Axis devices -->
+  <fingerprint pattern="(?i)^AXIS (\S+) Network Video Door Station$">
+    <description>Axis Network Video Door stations, which have voice</description>
+    <example hw.product="A8105-E">AXIS A8105-E Network Video Door Station</example>
+    <param pos="0" name="hw.vendor" value="Axis"/>
+    <param pos="0" name="hw.device" value="Web cam"/>
+    <param pos="0" name="hw.family" value="Network Video Door Station"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="os.vendor" value="AXIS"/>
+    <param pos="0" name="os.family" value="Linux"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^AXIS (\S+) Network (?:Audio Bridge|(?:Cabinet|Horn) Speaker)$">
+    <description>Axis Network audio devices</description>
+    <example hw.product="C3003-E">AXIS C3003-E Network Horn Speaker</example>
+    <example hw.product="C8033">AXIS C8033 Network Audio Bridge</example>
+    <example hw.product="C1004-E">AXIS C1004-E Network Cabinet Speaker</example>
+    <param pos="0" name="hw.vendor" value="Axis"/>
+    <param pos="0" name="hw.family" value="Network Audio"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="os.vendor" value="AXIS"/>
+    <param pos="0" name="os.family" value="Linux"/>
+  </fingerprint>
+  <!-- Cisco Devices -->
+  <fingerprint pattern="^Cisco-SIPGateway/IOS-([\d\.x]+)$">
+    <description>Cisco SIPGateway</description>
+    <example>Cisco-SIPGateway/IOS-12.x</example>
+    <param pos="0" name="os.vendor" value="Cisco"/>
+    <param pos="0" name="os.product" value="IOS"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:{os.version}"/>
+  </fingerprint>
+  <!-- AVM.DE Devices -->
+  <fingerprint pattern="^FRITZ!OS$">
+    <description>AVM FritzOS Device</description>
+    <example>FRITZ!OS</example>
+    <param pos="0" name="os.vendor" value="AVM"/>
+    <param pos="0" name="os.product" value="FRITZ!BOX"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:AVM )?(FRITZ!Box .*) +(\d+\.\d+\.\d+)">
+    <description>AVM FritzBox</description>
+    <example>AVM FRITZ!Box Fon 06.03.13</example>
+    <example>AVM FRITZ!Box Fon 06.03.65 (Jun  7 2005)</example>
+    <example>AVM FRITZ!Box Fon 5010 Annex A (ITA) 48.04.46 (Sep 14 2007)</example>
+    <example>AVM FRITZ!Box Fon 5012 (UI) 25.03.90 (3.01.03 tested by accredited T-Com test lab) (Oct 28 2005)</example>
+    <example>AVM FRITZ!Box Fon 5113 Annex A 83.04.69 (Dec  2 2008)</example>
+    <example>AVM FRITZ!Box Fon 5124 56.04.77 (Feb 14 2014)</example>
+    <example>AVM FRITZ!Box Fon 7170 Annex A.B ML Speedport W701V 58.04.67 (Dec 18 2008)</example>
+    <example>AVM FRITZ!Box 3272 126.05.50 (Feb 27 2013)</example>
+    <example>AVM FRITZ!Box 7170 Annex A 58.04.85 (Apr  4 2011)</example>
+    <example>AVM FRITZ!Box 7312 117.05.23 TAL (Jun  1 2012)</example>
+    <example>AVM FRITZ!Box WLAN 3270 v3 Edition Italia 125.05.52 (Feb  7 2014)</example>
+    <example>AVM FRITZ!Box Speedport W701V Annex A 58.04.82 (May 12 2010)</example>
+    <param pos="0" name="os.vendor" value="AVM"/>
+    <param pos="0" name="os.family" value="FRITZ!Box"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:AVM )?(FRITZ!Fon .*) +(\d+\.\d+\.\d+)">
+    <description>AVM FritzFon</description>
+    <example>AVM FRITZ!Fon 7150 (fs) 38.04.56 (Mar 31 2008)</example>
+    <example>AVM FRITZ!Fon WLAN 7150 Annex A 58.04.84 (Apr  4 2011)</example>
+    <param pos="0" name="os.vendor" value="AVM"/>
+    <param pos="0" name="os.family" value="FRITZ!Fon"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:AVM )?(Multibox .*) +(\d+\.\d+\.\d+)">
+    <description>AVM Multibox</description>
+    <example>AVM Multibox 7390 NGN 84.05.09 (Jan 13 2012)</example>
+    <param pos="0" name="os.vendor" value="AVM"/>
+    <param pos="0" name="os.family" value="Multibox"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <!-- Huawei devices -->
+  <fingerprint pattern="(?i)^Huawei$">
+    <description>Huawei generic</description>
+    <example>Huawei</example>
+    <param pos="0" name="hw.vendor" value="Huawei"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^Huawei-HomeGateway/V(?:\d.*)$">
+    <description>Huawei Home Gateway</description>
+    <example>Huawei-HomeGateway/V100R001</example>
+    <param pos="0" name="hw.vendor" value="Huawei"/>
+    <param pos="0" name="hw.device" value="Broadband router"/>
+    <param pos="0" name="hw.product" value="Home Gateway"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^Huawei-EchoLife (HG.*)/V(?:\d.*)$">
+    <description>Huawei EchoLife Home Gateway</description>
+    <example hw.model="HG8121H">HUAWEI-EchoLife HG8121H/V3R018C00S110</example>
+    <param pos="0" name="hw.vendor" value="Huawei"/>
+    <param pos="0" name="hw.device" value="Broadband router"/>
+    <param pos="0" name="hw.product" value="EchoLife Home Gateway"/>
+    <param pos="1" name="hw.model"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^Huawei (SoftX\d+) (?:V\d.*)$">
+    <description>Huawei Softswitch</description>
+    <example hw.model="SoftX3000">Huawei SoftX3000 V300R010</example>
+    <param pos="0" name="hw.vendor" value="Huawei"/>
+    <param pos="0" name="hw.device" value="Telecom"/>
+    <param pos="0" name="hw.product" value="Softswitch"/>
+    <param pos="1" name="hw.model"/>
+  </fingerprint>
+  <fingerprint pattern="^Mitel-(\S+)-SIP-Phone ([\d\.]+) (.{12})$">
+    <description>Mitel SIP Phones</description>
+    <example hw.product="5320" hw.version="06.05.00.11" host.mac="010203040506">Mitel-5320-SIP-Phone 06.05.00.11 010203040506</example>
+    <param pos="0" name="hw.vendor" value="Mitel"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="2" name="hw.version"/>
+    <param pos="3" name="host.mac"/>
+  </fingerprint>
+  <fingerprint pattern="^Mitel Border GW/(\S+)$">
+    <description>Mitel SIP Gateway</description>
+    <example hw.version="4.0.0.9">Mitel Border GW/4.0.0.9</example>
+    <param pos="0" name="hw.vendor" value="Mitel"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="0" name="hw.product" value="Border GW"/>
+    <param pos="1" name="hw.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:Polycom/[\d\.]+ )?Polycom(SoundPoint|VVX|SoundStation)\S+_(\d+)-UA/([\d\.]+)(?:_(.{12}))?$">
+    <description>Polycom SoundPoint, SountdStation, VVX VoIP phones</description>
+    <example hw.version="5.8.0.13337" hw.family="VVX" hw.product="VVX 350">PolycomVVX-VVX_350-UA/5.8.0.13337</example>
+    <example hw.version="4.1.4.7430" hw.family="VVX" hw.product="VVX 400" host.mac="010203040506">PolycomVVX-VVX_400-UA/4.1.4.7430_010203040506</example>
+    <example hw.version="5.5.0.23866" hw.family="VVX" hw.product="VVX 501">Polycom/5.5.0.23866 PolycomVVX-VVX_501-UA/5.5.0.23866</example>
+    <example hw.version="4.0.7.2514" hw.family="SoundPoint" hw.product="SoundPoint 670">PolycomSoundPointIP-SPIP_670-UA/4.0.7.2514</example>
+    <example hw.version="4.0.8.1608" hw.model="7000" hw.family="SoundStation" hw.product="SoundStation 7000">PolycomSoundStationIP-SSIP_7000-UA/4.0.8.1608</example>
+    <param pos="0" name="hw.vendor" value="Polycom"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="1" name="hw.family"/>
+    <param pos="0" name="hw.product" value="{hw.family} {hw.model}"/>
+    <param pos="2" name="hw.model"/>
+    <param pos="3" name="hw.version"/>
+    <param pos="4" name="host.mac"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:Polycom/[\d\.]+ )?Polycom(?:RealPresenceTrio)-Trio_(\S+)-UA/([\d\.]+)(?:_(.{12}))?$">
+    <description>Polycom RealPresence Trio Phones</description>
+    <example hw.version="5.4.0.12197" hw.product="RealPresence Trio 8800">PolycomRealPresenceTrio-Trio_8800-UA/5.4.0.12197</example>
+    <example hw.version="5.7.2.3123" hw.product="RealPresence Trio Visual+">PolycomRealPresenceTrio-Trio_Visual+-UA/5.7.2.3123</example>
+    <example hw.version="5.4.3.2389" hw.product="RealPresence Trio 8800">Polycom/5.4.3.2389 PolycomRealPresenceTrio-Trio_8800-UA/5.4.3.2389</example>
+    <param pos="0" name="hw.vendor" value="Polycom"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="0" name="hw.family" value="RealPresence"/>
+    <param pos="0" name="hw.product" value="RealPresence Trio {hw.model}"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="2" name="hw.version"/>
+    <param pos="3" name="host.mac"/>
+  </fingerprint>
+  <fingerprint pattern="^Polycom ?HDX ?(\d+)(?: ?HD)?(?:/| \(Release - )([^\)]+)\)?">
+    <description>Polycom HDX Video Conferencing</description>
+    <example hw.model="9006" hw.product="HDX 9006" hw.version="3.0.6-37004">Polycom HDX 9006 (Release - 3.0.6-37004)</example>
+    <example hw.model="4000" hw.product="HDX 4000" hw.version="3.1.0">PolycomHDX4000/3.1.0</example>
+    <example hw.model="7000" hw.product="HDX 7000" hw.version="3.0.2.1-17007">Polycom HDX 7000 HD (Release - 3.0.2.1-17007)</example>
+    <example hw.model="8000" hw.product="HDX 8000" hw.version="3.1.7">PolycomHDX8000HD/3.1.7</example>
+    <param pos="0" name="hw.vendor" value="Polycom"/>
+    <param pos="0" name="hw.family" value="HDX"/>
+    <param pos="0" name="hw.device" value="Video Conferencing"/>
+    <param pos="0" name="hw.product" value="HDX {hw.model}"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="2" name="hw.version"/>
+  </fingerprint>
+  <fingerprint pattern="^PolycomRealPresenceGroup(\d+)/([\d\._]+)+$">
+    <description>Polycom RealPresence Group Video Conferencing</description>
+    <example hw.model="700" hw.product="RealPresence Group 700" hw.version="6.2.0">PolycomRealPresenceGroup700/6.2.0</example>
+    <param pos="0" name="hw.vendor" value="Polycom"/>
+    <param pos="0" name="hw.family" value="RealPresence Group"/>
+    <param pos="0" name="hw.device" value="Video Conferencing"/>
+    <param pos="0" name="hw.product" value="RealPresence Group {hw.model}"/>
+    <param pos="1" name="hw.model"/>
+    <param pos="2" name="hw.version"/>
+  </fingerprint>
+  <fingerprint pattern="^Nero SIPPS IP Phone Version ([\d\.]+)+$">
+    <description>Nero SIPPS IP Phone</description>
+    <example service.version="2.0.51.16">Nero SIPPS IP Phone Version 2.0.51.16</example>
+    <param pos="0" name="service.vendor" value="Nero"/>
+    <param pos="0" name="service.family" value="SIPPS"/>
+    <param pos="0" name="service.protocol" value="VoIP"/>
+    <param pos="0" name="service.product" value="SIPPS IP Phone"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^ShoreGear/([\d\.]+)\s+\(ShoreTel \d+\)$">
+    <description>ShoreTel VoIP Switch</description>
+    <example hw.version="21.90.4128.0">ShoreGear/21.90.4128.0 (ShoreTel 15)</example>
+    <example hw.version="22.11.4900.0">ShoreGear/22.11.4900.0 (ShoreTel 15)</example>
+    <param pos="0" name="hw.vendor" value="ShoreTel"/>
+    <param pos="0" name="hw.device" value="VoIP Switch"/>
+    <param pos="1" name="hw.version"/>
+  </fingerprint>
+  <fingerprint pattern="^MERCURY-([a-fA-F0-9]{12})$">
+    <description>Crestron Mercury</description>
+    <example host.mac="00107F1ABAA0">MERCURY-00107F1ABAA0</example>
+    <param pos="0" name="hw.vendor" value="Crestron"/>
+    <param pos="0" name="hw.device" value="Video Conferencing"/>
+    <param pos="0" name="hw.product" value="Mercury"/>
+    <param pos="0" name="os.vendor" value="Crestron"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.device" value="Video Conferencing"/>
+    <param pos="1" name="host.mac"/>
+  </fingerprint>
+  <fingerprint pattern="^IPDECT/([\d\.]+)\s+\(MAC=([a-fA-F0-9]{12}); SER=">
+    <description>Konftel IP Phone</description>
+    <example host.mac="00087B0F1D30" hw.version="03.55.0013">IPDECT/03.55.0013 (MAC=00087B0F1D30; SER= 00000; HW=1)</example>
+    <param pos="0" name="hw.vendor" value="Konftel"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="1" name="hw.version"/>
+    <param pos="2" name="host.mac"/>
+  </fingerprint>
+  <fingerprint pattern="^Sangoma ([^\s]+) V([a-zA-Z0-9\.]+)=?">
+    <description>Sangoma IP Phone</description>
+    <example hw.product="S305" hw.version="3.0.4.72">Sangoma S305 V3.0.4.72</example>
+    <param pos="0" name="hw.vendor" value="Sangoma"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="2" name="hw.version"/>
+    <param pos="1" name="hw.product"/>
+  </fingerprint>
+</fingerprints>

data/xml/smb_native_lm.xml ADDED

@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<fingerprints matches="smb.native_lm" protocol="smb" database_type="service">
+  <!--
+    SMB fingerprints obtained from the Native LM (LAN manager) field of SMB
+    negotations
+  -->
+  <!-- Mac OS X -->
+  <fingerprint pattern="^Samba (3\.0\.28a-apple)$">
+    <description>Samba on OS X 10.6</description>
+    <example service.version="3.0.28a-apple">Samba 3.0.28a-apple</example>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="os.family" value="Mac OS X"/>
+    <param pos="0" name="os.product" value="Mac OS X"/>
+    <param pos="0" name="os.version" value="10.6"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.6"/>
+    <param pos="0" name="service.vendor" value="Samba"/>
+    <param pos="0" name="service.product" value="Samba"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Samba (3\.0\.25b-apple)$">
+    <description>Samba on OS X 10.5</description>
+    <example service.version="3.0.25b-apple">Samba 3.0.25b-apple</example>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="os.family" value="Mac OS X"/>
+    <param pos="0" name="os.product" value="Mac OS X"/>
+    <param pos="0" name="os.version" value="10.5"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.5"/>
+    <param pos="0" name="service.vendor" value="Samba"/>
+    <param pos="0" name="service.product" value="Samba"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
+  </fingerprint>
+  <!-- TODO: Detect vendor, distribution, and package versions -->
+  <fingerprint pattern="^Samba (\d\.\d+.\d+\w*)">
+    <description>Samba</description>
+    <example>Samba 3.0.24</example>
+    <example>Samba 3.0.28a</example>
+    <example>Samba 3.0.32-0.2-2210-SUSE-SL10.3</example>
+    <example>Samba 3.6.3</example>
+    <example>Samba 3.6.6</example>
+    <example>Samba 3.6.9-151.el6_4.1</example>
+    <param pos="0" name="service.vendor" value="Samba"/>
+    <param pos="0" name="service.product" value="Samba"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Netreon LANMAN 1.0$">
+    <description>Netreon SAN software</description>
+    <example>Netreon LANMAN 1.0</example>
+    <param pos="0" name="service.vendor" value="Netreon"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^MikrotikSMB$">
+    <description>Mikrotik</description>
+    <example>MikrotikSMB</example>
+    <param pos="0" name="os.vendor" value="MikroTik"/>
+    <param pos="0" name="os.device" value="Router"/>
+    <param pos="0" name="os.family" value="RouterOS"/>
+    <param pos="0" name="os.product" value="RouterOS"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:-"/>
+  </fingerprint>
+</fingerprints>

data/xml/smb_native_os.xml ADDED

@@ -0,0 +1,662 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<fingerprints matches="smb.native_os" protocol="smb" database_type="util.os">
+  <!--
+    SMB fingerprints obtained from the Native OS field of SMB negotations
+  -->
+  <fingerprint pattern="^(Windows NT \d\.\d+)$">
+    <description>Windows NT</description>
+    <example os.product="Windows NT 4.0">Windows NT 4.0</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="1" name="os.product"/>
+  </fingerprint>
+  <fingerprint pattern="^(Windows (?:95|98|ME))$">
+    <description>Windows 95/98/ME</description>
+    <example os.product="Windows 95">Windows 95</example>
+    <example os.product="Windows 98">Windows 98</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="1" name="os.product"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows 5\.0$">
+    <description>Windows 2000</description>
+    <example>Windows 5.0</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows 2000"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows 5\.1$">
+    <description>Windows XP</description>
+    <example>Windows 5.1</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows XP"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows XP (\d+) (Service Pack \d+)$">
+    <description>Windows XP with Service Pack</description>
+    <example os.build="2600" os.version="Service Pack 1">Windows XP 2600 Service Pack 1</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows XP"/>
+    <param pos="1" name="os.build"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:{os.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows XP (\d+)$">
+    <description>Windows XP with build number</description>
+    <example os.build="2600">Windows XP 2600</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows XP"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows XP (Home|Professional)(?: Edition)?$">
+    <description>Windows XP without a version</description>
+    <example os.edition="Home">Windows XP Home Edition</example>
+    <example os.edition="Professional">Windows XP Professional</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows XP"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows \.NET">
+    <description>Windows Server 2003 Beta</description>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2003"/>
+    <param pos="0" name="os.version" value="Beta"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:Beta"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Server 2003 R2 (\d+)$">
+    <description>Windows Server 2003 R2</description>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2003 R2"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Server 2003 R2 (\d+) (Service Pack \d+)(?:, v\.\d+)?$">
+    <description>Windows Server 2003 R2 (SP)</description>
+    <example os.build="3790" os.version="Service Pack 2">Windows Server 2003 R2 3790 Service Pack 2</example>
+    <example os.build="3790" os.version="Service Pack 2">Windows Server 2003 R2 3790 Service Pack 2, v.2825</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2003 R2"/>
+    <param pos="1" name="os.build"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:{os.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Server 2003 (\d+)$">
+    <description>Windows Server 2003 with a build</description>
+    <example os.build="3790">Windows Server 2003 3790</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2003"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Server 2003$">
+    <description>Windows Server 2003 without a build</description>
+    <example>Windows Server 2003</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2003"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Server 2003 (\d+) (Service Pack \d+)(?:, v\.\d+)?$">
+    <description>Windows Server 2003 (SP)</description>
+    <example os.build="3790" os.version="Service Pack 1">Windows Server 2003 3790 Service Pack 1, v.3309</example>
+    <example os.build="3790" os.version="Service Pack 2">Windows Server 2003 3790 Service Pack 2</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2003"/>
+    <param pos="1" name="os.build"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:{os.version}"/>
+  </fingerprint>
+  <!-- Note that 2008 SP1 is technically "2008 Gold" according to Microsoft -->
+  <fingerprint pattern="^Windows Server 2008$">
+    <description>Windows Server 2008 without a build</description>
+    <example>Windows Server 2008</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Server \(R\) 2008 (\w+|\w+ \w+|\w+ \w+ \w+)(?: (?:with|without) Hyper-V|) (\d+) (Service Pack \d+)(?:, v\.\d+)?$">
+    <description>Windows Server 2008</description>
+    <example os.edition="Enterprise" os.version="Service Pack 1">Windows Server (R) 2008 Enterprise without Hyper-V 6001 Service Pack 1</example>
+    <example os.edition="Enterprise" os.version="Service Pack 2">Windows Server (R) 2008 Enterprise 6002 Service Pack 2, v.275</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="3" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows \(R\) Web Server 2008 (\d+) (Service Pack \d+)$">
+    <description>Windows Web Server 2008 (SP)</description>
+    <example os.edition="Web" os.version="Service Pack 2">Windows (R) Web Server 2008 6002 Service Pack 2</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008"/>
+    <param pos="0" name="os.edition" value="Web"/>
+    <param pos="1" name="os.build"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows \(R\) Web Server 2008 (\d+)$">
+    <description>Windows Web Server 2008</description>
+    <example>Windows (R) Web Server 2008 6002</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008"/>
+    <param pos="0" name="os.edition" value="Web"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
+  </fingerprint>
+  <!-- TODO: Need an example string -->
+  <fingerprint pattern="^Windows \(R\) Storage Server 2008 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
+    <description>Windows Server 2008 Storage (SP)</description>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008"/>
+    <param pos="0" name="os.edition" value="Storage"/>
+    <param pos="1" name="os.build"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
+  </fingerprint>
+  <!-- TODO: Need an example string -->
+  <fingerprint pattern="^Windows \(R\) Storage Server 2008 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows Web Server 2008 Storage</description>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008"/>
+    <param pos="0" name="os.edition" value="Storage"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Server 2008 HPC Edition (\d+) (Service Pack \d+)$">
+    <description>Windows Server 2008 HPC</description>
+    <example>Windows Server 2008 HPC Edition 7601 Service Pack 1</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008"/>
+    <param pos="0" name="os.edition" value="HPC"/>
+    <param pos="1" name="os.build"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
+  </fingerprint>
+  <!-- TODO: Need an example string -->
+  <fingerprint pattern="^Windows Server 2008 HPC Edition (\d+)$">
+    <description>Windows Web Server 2008 HPC</description>
+    <example>Windows Server 2008 HPC Edition 7600</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008"/>
+    <param pos="0" name="os.edition" value="HPC"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
+  </fingerprint>
+  <!-- 2008 R2 -->
+  <fingerprint pattern="^Windows Server 2008 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)(?:, v\.\d+)?$">
+    <description>Windows Server 2008 R2</description>
+    <example>Windows Server 2008 R2 Enterprise 7601 Service Pack 1</example>
+    <example>Windows Server 2008 R2 Standard 7601 Service Pack 1</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="3" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Server 2008 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows Server 2008 R2 without Service Pack</description>
+    <example os.edition="Enterprise">Windows Server 2008 R2 Enterprise 7600</example>
+    <example os.edition="Standard">Windows Server 2008 R2 Standard 7600</example>
+    <example os.edition="Datacenter">Windows Server 2008 R2 Datacenter 7600</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Server 2016(?: Technical Preview \d+)? (\w+|\w+ \w+|\w+ \w+ \w+)(?: Evaluation)? (\d+)$">
+    <description>Windows Server 2016 with a build, without service pack</description>
+    <example os.edition="Datacenter" os.build="14393">Windows Server 2016 Datacenter 14393</example>
+    <example os.edition="Standard" os.build="14393">Windows Server 2016 Standard Evaluation 14393</example>
+    <example os.edition="Essentials" os.build="10586">Windows Server 2016 Technical Preview 4 Essentials 10586</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2016"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Storage Server 2016 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows Server 2016 Storage</description>
+    <example os.build="14393">Windows Storage Server 2016 Standard 14393</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2016"/>
+    <param pos="0" name="os.edition" value="Storage"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Web Server 2008 R2 (\d+) (Service Pack \d+)$">
+    <description>Windows Server 2008 R2 Web</description>
+    <example os.version="Service Pack 1">Windows Web Server 2008 R2 7601 Service Pack 1</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
+    <param pos="0" name="os.edition" value="Web"/>
+    <param pos="1" name="os.build"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Web Server 2008 R2 (\d+)$">
+    <description>Windows Web Server 2008 R2 Web</description>
+    <example>Windows Web Server 2008 R2 7600</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
+    <param pos="0" name="os.edition" value="Web"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Storage Server 2008 R2 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
+    <description>Windows Server 2008 Storage R2 (SP)</description>
+    <example os.version="Service Pack 1" os.build="7601">Windows Storage Server 2008 R2 Essentials 7601 Service Pack 1</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
+    <param pos="0" name="os.edition" value="Storage"/>
+    <param pos="1" name="os.build"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Vista \(TM\) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
+    <description>Windows Vista (SP)</description>
+    <example os.edition="Home Premium" os.version="Service Pack 2">Windows Vista (TM) Home Premium 6002 Service Pack 2</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Vista"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="3" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_vista:{os.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Vista \(TM\) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows Vista</description>
+    <example os.edition="Home Premium">Windows Vista (TM) Home Premium 6000</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Vista"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_vista:-"/>
+  </fingerprint>
+  <fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)(?:, v\.\d+)?$">
+    <description>Windows 7/8 (SP + Edition)</description>
+    <example os.edition="Enterprise" os.version="Service Pack 1">Windows 7 Enterprise 7601 Service Pack 1</example>
+    <example os.edition="Starter" os.version="Service Pack 1">Windows 7 Starter 7601 Service Pack 1</example>
+    <example os.edition="Ultimate" os.build="7601" os.version="Service Pack 1">Windows 7 Ultimate 7601 Service Pack 1, v.178</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.edition"/>
+    <param pos="3" name="os.build"/>
+    <param pos="4" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\d+) (Service Pack \d+)$">
+    <description>Windows 7/8 (SP)</description>
+    <example os.version="Service Pack 1">Windows 7 7601 Service Pack 1</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.build"/>
+    <param pos="3" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows 7/8 (Edition)</description>
+    <example os.edition="Enterprise">Windows 7 Enterprise 7600</example>
+    <example os.edition="Enterprise">Windows 8.1 Enterprise 9600</example>
+    <example os.edition="Enterprise">Windows 8 Enterprise 9200</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.edition"/>
+    <param pos="3" name="os.build"/>
+  </fingerprint>
+  <fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\d+)$">
+    <description>Windows 7/8</description>
+    <example>Windows 8 9200</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.build"/>
+  </fingerprint>
+  <!-- Windows 2012 R2 matches go first to simplify the regular expressions -->
+  <!-- TODO: Need an example string -->
+  <fingerprint pattern="^Windows Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
+    <description>Windows Server 2012 R2 (SP)</description>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="3" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:{os.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows Server 2012 R2</description>
+    <example os.edition="Standard">Windows Server 2012 R2 Standard 9600</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
+  </fingerprint>
+  <!-- TODO: Need an example string -->
+  <fingerprint pattern="^Windows Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
+    <description>Windows Server 2012 (SP)</description>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="3" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:{os.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows Server 2012</description>
+    <example>Windows Server 2012 Standard 9200</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows MultiPoint Server 2012 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
+    <description>Windows MultiPoint Server 2012 (SP)</description>
+    <example os.build="9201" os.version="Service Pack 1">Windows MultiPoint Server 2012 Premium 9201 Service Pack 1</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012"/>
+    <param pos="0" name="os.edition" value="MultiPoint"/>
+    <param pos="1" name="os.build"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:{os.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows MultiPoint Server 2012 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows MultiPoint Server 2012</description>
+    <example os.build="9200">Windows MultiPoint Server 2012 Premium 9200</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012"/>
+    <param pos="0" name="os.edition" value="MultiPoint"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
+  </fingerprint>
+  <!-- Windows 10 Preview -->
+  <fingerprint pattern="^Windows 10 (\w+|\w+ \w+|\w+ \w+ \w+) Insider Preview (\d+)$">
+    <description>Windows 10 Enterprise Insider Preview</description>
+    <example os.build="10130" os.edition="Enterprise">Windows 10 Enterprise Insider Preview 10130</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows 10"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_10:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows 10 ((?:\w+|\w+ \w+|\w+ \w+ \w+)(?: LTSB(?: Evaluation)?)?) (\d+)$">
+    <description>Windows 10</description>
+    <example os.build="10130" os.edition="Enterprise">Windows 10 Enterprise 10130</example>
+    <example os.build="10130" os.edition="Mobile Enterprise">Windows 10 Mobile Enterprise 10130</example>
+    <example os.build="10130" os.edition="Mobile">Windows 10 Mobile 10130</example>
+    <example os.build="10130" os.edition="Home">Windows 10 Home 10130</example>
+    <example os.build="10130" os.edition="Education">Windows 10 Education 10130</example>
+    <example os.build="10130" os.edition="Professional">Windows 10 Professional 10130</example>
+    <example os.build="10240" os.edition="Enterprise N 2015 LTSB">Windows 10 Enterprise N 2015 LTSB 10240</example>
+    <example os.build="14393" os.edition="Enterprise 2016 LTSB Evaluation">Windows 10 Enterprise 2016 LTSB Evaluation 14393</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows 10"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_10:-"/>
+  </fingerprint>
+  <fingerprint pattern="^VxWorks">
+    <description>VxWorks</description>
+    <example>VxWorks</example>
+    <param pos="0" name="os.certainty" value="0.5"/>
+    <param pos="0" name="os.vendor" value="Wind River"/>
+    <param pos="0" name="os.product" value="VxWorks"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-"/>
+    <param pos="0" name="service.vendor" value="Wind River"/>
+    <param pos="0" name="service.product" value="VxWorks CIFS"/>
+  </fingerprint>
+  <fingerprint pattern="^OS/400 \D(\d+)\D(\d+)\D(\d+)">
+    <description>OS/400</description>
+    <example os.version="4" os.version.version="5" os.version.version.version="0">OS/400 V4R5M0</example>
+    <param pos="0" name="os.vendor" value="IBM"/>
+    <param pos="0" name="os.product" value="OS/400"/>
+    <param pos="1" name="os.version"/>
+    <param pos="2" name="os.version.version"/>
+    <param pos="3" name="os.version.version.version"/>
+  </fingerprint>
+  <fingerprint pattern="^Apple Base Station$">
+    <description>SMB exposed via SMB shared USB disks on Apple devices</description>
+    <example>Apple Base Station</example>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="hw.vendor" value="Apple"/>
+  </fingerprint>
+  <fingerprint pattern="^EMC-SNAS:T([\d\.]+)?$">
+    <description>EMC Celerra</description>
+    <example service.version="7.1.80.7">EMC-SNAS:T7.1.80.7</example>
+    <param pos="0" name="service.vendor" value="EMC"/>
+    <param pos="0" name="service.product" value="Celerra"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="EMC"/>
+    <param pos="0" name="os.device" value="Storage"/>
+    <param pos="0" name="os.product" value="Celerra"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="EMC"/>
+    <param pos="0" name="hw.device" value="Storage"/>
+    <param pos="0" name="hw.product" value="Celerra"/>
+  </fingerprint>
+  <fingerprint pattern="^Netreon OS 1.0$">
+    <description>Netreon SAN software</description>
+    <example>Netreon OS 1.0</example>
+    <param pos="0" name="service.vendor" value="Netreon"/>
+  </fingerprint>
+  <!-- VisionFS -->
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)ai(\d{4})">
+    <description>AIX</description>
+    <example service.version="9876">axai9876</example>
+    <param pos="0" name="os.vendor" value="IBM"/>
+    <param pos="0" name="os.family" value="AIX"/>
+    <param pos="0" name="os.product" value="AIX"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:-"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)dg(\d{4})">
+    <description>DG/UX</description>
+    <example service.version="9876">i3dg9876</example>
+    <param pos="0" name="os.vendor" value="Data General"/>
+    <param pos="0" name="os.family" value="DG/UX"/>
+    <param pos="0" name="os.product" value="DG/UX"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)dw(\d{4})">
+    <description>Darwin</description>
+    <example service.version="9876">m8dw9876</example>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="os.family" value="Mac OS X"/>
+    <param pos="0" name="os.product" value="Mac OS X"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:-"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)dy(\d{4})">
+    <description>DYNIX</description>
+    <example service.version="9876">m8dy9876</example>
+    <param pos="0" name="os.vendor" value="Sequent"/>
+    <param pos="0" name="os.family" value="Dynix"/>
+    <param pos="0" name="os.product" value="Dynix"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)fb(\d{4})">
+    <description>FreeBSD</description>
+    <example service.version="9876">m8fb9876</example>
+    <param pos="0" name="os.vendor" value="FreeBSD"/>
+    <param pos="0" name="os.family" value="FreeBSD"/>
+    <param pos="0" name="os.product" value="FreeBSD"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:freebsd:freebsd:-"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)hp(\d{4})">
+    <description>HP-UX</description>
+    <example service.version="9876">m8hp9876</example>
+    <param pos="0" name="os.vendor" value="HP"/>
+    <param pos="0" name="os.family" value="HP-UX"/>
+    <param pos="0" name="os.product" value="HP-UX"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)ir(\d{4})">
+    <description>IRIX</description>
+    <example service.version="9876">m8ir9876</example>
+    <param pos="0" name="os.vendor" value="SGI"/>
+    <param pos="0" name="os.family" value="Irix"/>
+    <param pos="0" name="os.product" value="Irix"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:sgi:irix:-"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)li(\d{4})">
+    <description>Linux</description>
+    <example service.version="9876">m8li9876</example>
+    <param pos="0" name="os.vendor" value="Linux"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:-"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)mo(\d{4})">
+    <description>SVR</description>
+    <example service.version="9876">m8mo9876</example>
+    <param pos="0" name="os.vendor" value="Motorola"/>
+    <param pos="0" name="os.family" value="SVR4"/>
+    <param pos="0" name="os.product" value="SVR"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)o1(\d{4})">
+    <description>OSF/1</description>
+    <example service.version="9876">m8o19876</example>
+    <param pos="0" name="os.vendor" value="DEC"/>
+    <param pos="0" name="os.family" value="Digital UNIX"/>
+    <param pos="0" name="os.product" value="OSF/1"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)ro(\d{4})">
+    <description>RISC OS</description>
+    <example service.version="9876">m8ro9876</example>
+    <param pos="0" name="os.family" value="RISC OS"/>
+    <param pos="0" name="os.product" value="RISC OS"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)sc(\d{4})">
+    <description>OpenServer</description>
+    <example service.version="9876">m8sc9876</example>
+    <param pos="0" name="os.vendor" value="SCO"/>
+    <param pos="0" name="os.family" value="OpenServer"/>
+    <param pos="0" name="os.product" value="OpenServer"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)so(\d{4})">
+    <description>SunOS</description>
+    <example service.version="9876">m8so9876</example>
+    <param pos="0" name="os.vendor" value="Sun"/>
+    <param pos="0" name="os.family" value="SunOS"/>
+    <param pos="0" name="os.product" value="SunOS"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:sun:sunos:-"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)su(\d{4})">
+    <description>Solaris</description>
+    <example service.version="9876">m8su9876</example>
+    <param pos="0" name="os.vendor" value="Sun"/>
+    <param pos="0" name="os.family" value="Solaris"/>
+    <param pos="0" name="os.product" value="Solaris"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:-"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)sx(\d{4})">
+    <description>SINIX</description>
+    <example service.version="9876">m8sx9876</example>
+    <param pos="0" name="os.vendor" value="Siemens"/>
+    <param pos="0" name="os.family" value="SINIX"/>
+    <param pos="0" name="os.product" value="SINIX"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)ul(\d{4})">
+    <description>Ultrix/1</description>
+    <example service.version="9876">m8ul9876</example>
+    <param pos="0" name="os.vendor" value="DEC"/>
+    <param pos="0" name="os.family" value="Ultrix"/>
+    <param pos="0" name="os.product" value="Ultrix"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)un(\d{4})">
+    <description>UnixWare</description>
+    <example service.version="9876">m8un9876</example>
+    <param pos="0" name="os.vendor" value="SCO"/>
+    <param pos="0" name="os.family" value="UnixWare"/>
+    <param pos="0" name="os.product" value="UnixWare"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)wi(\d{4})">
+    <description>Windows</description>
+    <example service.version="9876">m8wi9876</example>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
+    <param pos="0" name="service.product" value="VisionFS"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(?i:unix)$">
+    <description>Generally some Samba variant, which reports Unix</description>
+    <example>Unix</example>
+    <param pos="0" name="os.family" value="Unix"/>
+    <param pos="0" name="os.certainty" value="0.75"/>
+    <param pos="0" name="service.product" value="Samba"/>
+    <param pos="0" name="service.vendor" value="Samba"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:-"/>
+  </fingerprint>
+</fingerprints>