recog 0.01

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. data/.gitignore +3 -0
  2. data/.rspec +2 -0
  3. data/Gemfile +9 -0
  4. data/Gemfile.lock +42 -0
  5. data/LICENSE +23 -0
  6. data/README.md +63 -0
  7. data/bin/recog_export.rb +81 -0
  8. data/bin/recog_match.rb +51 -0
  9. data/bin/recog_verify.rb +45 -0
  10. data/features/match.feature +16 -0
  11. data/features/support/env.rb +5 -0
  12. data/features/verify.feature +31 -0
  13. data/features/xml/banners.xml +2 -0
  14. data/features/xml/failing_banners_fingerprints.xml +20 -0
  15. data/features/xml/matching_banners_fingerprints.xml +22 -0
  16. data/features/xml/no_tests.xml +53 -0
  17. data/features/xml/successful_tests.xml +33 -0
  18. data/features/xml/tests_with_failures.xml +10 -0
  19. data/features/xml/tests_with_warnings.xml +10 -0
  20. data/lib/recog.rb +3 -0
  21. data/lib/recog/db.rb +38 -0
  22. data/lib/recog/db_manager.rb +27 -0
  23. data/lib/recog/fingerprint.rb +60 -0
  24. data/lib/recog/formatter.rb +51 -0
  25. data/lib/recog/match_reporter.rb +77 -0
  26. data/lib/recog/matcher.rb +60 -0
  27. data/lib/recog/matcher_factory.rb +14 -0
  28. data/lib/recog/nizer.rb +263 -0
  29. data/lib/recog/verifier.rb +46 -0
  30. data/lib/recog/verifier_factory.rb +13 -0
  31. data/lib/recog/verify_reporter.rb +85 -0
  32. data/lib/recog/version.rb +3 -0
  33. data/recog.gemspec +34 -0
  34. data/spec/data/best_os_match_1.yml +17 -0
  35. data/spec/data/best_os_match_2.yml +17 -0
  36. data/spec/data/best_service_match_1.yml +17 -0
  37. data/spec/data/smb_native_os.txt +31 -0
  38. data/spec/data/test_fingerprints.xml +24 -0
  39. data/spec/lib/db_spec.rb +89 -0
  40. data/spec/lib/formatter_spec.rb +69 -0
  41. data/spec/lib/match_reporter_spec.rb +90 -0
  42. data/spec/lib/nizer_spec.rb +124 -0
  43. data/spec/lib/verify_reporter_spec.rb +112 -0
  44. data/xml/apache_os.xml +295 -0
  45. data/xml/architecture.xml +45 -0
  46. data/xml/ftp_banners.xml +808 -0
  47. data/xml/h323_callresp.xml +701 -0
  48. data/xml/hp_pjl_id.xml +435 -0
  49. data/xml/http_cookies.xml +379 -0
  50. data/xml/http_servers.xml +3326 -0
  51. data/xml/http_wwwauth.xml +412 -0
  52. data/xml/imap_banners.xml +267 -0
  53. data/xml/nntp_banners.xml +51 -0
  54. data/xml/ntp_banners.xml +538 -0
  55. data/xml/pop_banners.xml +452 -0
  56. data/xml/rsh_resp.xml +90 -0
  57. data/xml/sip_banners.xml +14 -0
  58. data/xml/smb_native_os.xml +385 -0
  59. data/xml/smtp_banners.xml +1738 -0
  60. data/xml/smtp_debug.xml +45 -0
  61. data/xml/smtp_ehlo.xml +53 -0
  62. data/xml/smtp_expn.xml +95 -0
  63. data/xml/smtp_help.xml +212 -0
  64. data/xml/smtp_mailfrom.xml +24 -0
  65. data/xml/smtp_noop.xml +45 -0
  66. data/xml/smtp_quit.xml +31 -0
  67. data/xml/smtp_rcptto.xml +33 -0
  68. data/xml/smtp_rset.xml +23 -0
  69. data/xml/smtp_turn.xml +23 -0
  70. data/xml/smtp_vrfy.xml +109 -0
  71. data/xml/snmp_sysdescr.xml +8008 -0
  72. data/xml/snmp_sysobjid.xml +284 -0
  73. data/xml/ssh_banners.xml +790 -0
  74. data/xml/upnp_banners.xml +590 -0
  75. metadata +190 -0
@@ -0,0 +1,51 @@
1
+ <?xml version="1.0"?>
2
+ <!--
3
+ NNTP greeting messages (part of the banner after the response code) are matched
4
+ against these patterns to fingerprint NNTP servers.
5
+ -->
6
+
7
+ <fingerprints matches="nntp.banner">
8
+ <fingerprint pattern="^NNTP Service (?:.*) Version: (5.0.2195.[0-9]+) .*$">
9
+ <example>NNTP Service 5.00.0984 Version: 5.0.2195.7034 Posting Allowed</example>
10
+ <example>NNTP Service 5.00.0984 Version: 5.0.2195.5329 Posting Allowed</example>
11
+ <description>Microsoft IIS NNTP Server on Windows 2000</description>
12
+ <param pos="0" name="service.vendor" value="Microsoft"/>
13
+ <param pos="0" name="service.product" value="IIS"/>
14
+ <param pos="0" name="service.family" value="IIS"/>
15
+ <param pos="1" name="service.version"/>
16
+ <param pos="0" name="os.vendor" value="Microsoft"/>
17
+ <param pos="0" name="os.device" value="General"/>
18
+ <param pos="0" name="os.family" value="Windows"/>
19
+ <param pos="0" name="os.product" value="Windows 2000"/>
20
+ <param pos="1" name="ms.nttp.version"/>
21
+ </fingerprint>
22
+
23
+ <fingerprint pattern="^NNTP Service (?:.*) Version: (6.0.3790.[0-9]+) .*$">
24
+ <example>NNTP Service 6.0.3790.3959 Version: 6.0.3790.3959 Posting Allowed</example>
25
+ <example>NNTP Service 6.0.3790.206 Version: 6.0.3790.206 Posting Allowed</example>
26
+ <description>Microsoft IIS NNTP Server on Windows Server 2003</description>
27
+ <param pos="0" name="service.vendor" value="Microsoft"/>
28
+ <param pos="0" name="service.product" value="IIS"/>
29
+ <param pos="0" name="service.family" value="IIS"/>
30
+ <param pos="1" name="service.version"/>
31
+ <param pos="0" name="os.vendor" value="Microsoft"/>
32
+ <param pos="0" name="os.device" value="General"/>
33
+ <param pos="0" name="os.family" value="Windows"/>
34
+ <param pos="0" name="os.product" value="Windows Server 2003"/>
35
+ <param pos="1" name="ms.nttp.version"/>
36
+ </fingerprint>
37
+
38
+ <fingerprint pattern="^NNTP Service Microsoft. Internet Services (?:.*) Version: (?:[^ ]+) .*$">
39
+ <example>NNTP Service Microsoft. Internet Services 5.00 Version: 5.0.2068.0 Posting Allowed</example>
40
+ <example>NNTP Service Microsoft. Internet Services 5.00.7515. Version: 5.0.0.7515 Posting Allowed</example>
41
+ <example>NNTP Service Microsoft. Internet Services 5.5 Version: 5.5.1726.0 Posting Allowed</example>
42
+ <description>Older Microsoft IIS NNTP Servers</description>
43
+ <param pos="0" name="service.vendor" value="Microsoft"/>
44
+ <param pos="0" name="service.family" value="Exchange Server"/>
45
+ <param pos="0" name="service.product" value="Exchange Server"/>
46
+ <param pos="0" name="os.vendor" value="Microsoft"/>
47
+ <param pos="0" name="os.device" value="General"/>
48
+ <param pos="0" name="os.family" value="Windows"/>
49
+ <param pos="0" name="os.product" value="Windows"/>
50
+ </fingerprint>
51
+ </fingerprints>
@@ -0,0 +1,538 @@
1
+ <?xml version="1.0"?>
2
+ <!--
3
+ NTP "banners", taken from a readvar response
4
+ -->
5
+ <fingerprints matches="ntp.readvar">
6
+ <fingerprint pattern="^.*version=&quot;ntpd (\S+)[^&quot;]+&quot;,.*system=&quot;Equallogic \(R\) storage array&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
7
+ <description>ntpd running on an EqualLogic Storage Array that includes the NTP version</description>
8
+ <example>
9
+ version="ntpd 4.2.0-r Fri Feb 5 15:18:30 EST 2010 (1)",
10
+ processor="Working", system="EqualLogic (R) storage array", leap=0,
11
+ stratum=3, precision=-7, rootdelay=102.894, rootdispersion=245.154,
12
+ peer=63940, refid=172.23.16.40, reftime=0xd22791f2.e4026bd4, poll=10,
13
+ clock=0xd2279937.d078b9f3, state=4, offset=8.644, frequency=39.586,
14
+ jitter=10.870, stability=0.795
15
+ </example>
16
+ <param pos="0" name="service.family" value="NTP"/>
17
+ <param pos="0" name="service.product" value="NTP"/>
18
+ <param pos="1" name="service.version"/>
19
+ <param pos="0" name="os.vendor" value="EqualLogic"/>
20
+ <param pos="0" name="os.product" value="Storage Array"/>
21
+ </fingerprint>
22
+ <fingerprint pattern="^.*system=&quot;Equallogic \(R\) storage array&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
23
+ <description>ntpd running on an EqualLogic Storage Array that does not include the NTP version</description>
24
+ <example>
25
+ processor="Working", system="Equallogic (R) storage array", leap=3,
26
+ stratum=16, precision=-7, rootdelay=0.000, rootdispersion=11715.765,
27
+ peer=0, refid=0.0.0.0, reftime=0x00000000.00000000, poll=6,
28
+ clock=0xd229efe1.5559b3d0, state=1, phase=0.000, frequency=0.000,
29
+ jitter=0.000, stability=0.000
30
+ </example>
31
+ <param pos="0" name="os.vendor" value="EqualLogic"/>
32
+ <param pos="0" name="os.product" value="Storage Array"/>
33
+ </fingerprint>
34
+ <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;Linux/?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
35
+ <description>ntpd running on Linux</description>
36
+ <example>
37
+ version="ntpd 4.2.4p3@1.1502-o Wed Jul 18 11:45:01 UTC 2007 (1)",
38
+ processor="i686", system="Linux/2.4.29", leap=00, stratum=3,
39
+ </example>
40
+ <param pos="0" name="service.family" value="NTP"/>
41
+ <param pos="0" name="service.product" value="NTP"/>
42
+ <param pos="1" name="service.version"/>
43
+ <param pos="0" name="os.vendor" value="Linux"/>
44
+ <param pos="0" name="os.family" value="Linux"/>
45
+ <param pos="0" name="os.product" value="Linux"/>
46
+ <param pos="2" name="os.arch"/>
47
+ <param pos="3" name="os.version"/>
48
+ </fingerprint>
49
+ <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^&quot;]+)&quot;,.*system=&quot;Darwin/?7\.([^&quot;]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
50
+ <description>ntpd running on Mac OSX 10.3/Panther</description>
51
+ <param pos="0" name="service.family" value="NTP"/>
52
+ <param pos="0" name="service.product" value="NTP"/>
53
+ <param pos="1" name="service.version"/>
54
+ <param pos="0" name="os.vendor" value="Apple"/>
55
+ <param pos="0" name="os.family" value="Mac OS X"/>
56
+ <param pos="0" name="os.product" value="Mac OS X"/>
57
+ <param pos="0" name="os.device" value="General"/>
58
+ <param pos="2" name="os.arch"/>
59
+ <param pos="0" name="os.version" value="10.3"/>
60
+ <param pos="3" name="os.version.version"/>
61
+ <param pos="0" name="os.certainty" value="0.9"/>
62
+ </fingerprint>
63
+ <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^&quot;]+)&quot;,.*system=&quot;Darwin/?8\.([^&quot;]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
64
+ <description>ntpd running on Mac OSX 10.4/Tiger</description>
65
+ <example>
66
+ version="ntpd 4.2.0@1.1161-r Fri Jan 13 11:36:23 PST 2006 (1)",
67
+ processor="i386", system="Darwin/8.11.1", leap=11, stratum=16,
68
+ </example>
69
+ <param pos="0" name="service.family" value="NTP"/>
70
+ <param pos="0" name="service.product" value="NTP"/>
71
+ <param pos="1" name="service.version"/>
72
+ <param pos="0" name="os.vendor" value="Apple"/>
73
+ <param pos="0" name="os.family" value="Mac OS X"/>
74
+ <param pos="0" name="os.product" value="Mac OS X"/>
75
+ <param pos="0" name="os.device" value="General"/>
76
+ <param pos="2" name="os.arch"/>
77
+ <param pos="0" name="os.version" value="10.4"/>
78
+ <param pos="3" name="os.version.version"/>
79
+ <param pos="0" name="os.certainty" value="0.9"/>
80
+ </fingerprint>
81
+ <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^&quot;]+)&quot;,.*system=&quot;Darwin/?9\.([^&quot;]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
82
+ <description>ntpd running on Mac OSX 10.5/Leopard</description>
83
+ <example>
84
+ version="ntpd 4.2.2@1.1532-o Mon Sep 24 01:42:27 UTC 2007 (1)",
85
+ processor="Power Macintosh", system="Darwin/9.0.0", leap=3, stratum=16,
86
+ </example>
87
+ <param pos="0" name="service.family" value="NTP"/>
88
+ <param pos="0" name="service.product" value="NTP"/>
89
+ <param pos="1" name="service.version"/>
90
+ <param pos="0" name="os.vendor" value="Apple"/>
91
+ <param pos="0" name="os.family" value="Mac OS X"/>
92
+ <param pos="0" name="os.product" value="Mac OS X"/>
93
+ <param pos="0" name="os.device" value="General"/>
94
+ <param pos="2" name="os.arch"/>
95
+ <param pos="0" name="os.version" value="10.5"/>
96
+ <param pos="3" name="os.version.version"/>
97
+ <param pos="0" name="os.certainty" value="0.9"/>
98
+ </fingerprint>
99
+ <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^&quot;]+)&quot;,.*system=&quot;Darwin/?10\.([^&quot;]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
100
+ <description>ntpd running on Mac OSX 10.6/Snow Leopard</description>
101
+ <example>
102
+ version="ntpd 4.2.4p4@1.1520-o Mon May 18 19:38:25 UTC 2009 (1)",
103
+ processor="i386", system="Darwin/10.8.0", leap=0, stratum=3,
104
+ </example>
105
+ <param pos="0" name="service.family" value="NTP"/>
106
+ <param pos="0" name="service.product" value="NTP"/>
107
+ <param pos="1" name="service.version"/>
108
+ <param pos="0" name="os.vendor" value="Apple"/>
109
+ <param pos="0" name="os.family" value="Mac OS X"/>
110
+ <param pos="0" name="os.product" value="Mac OS X"/>
111
+ <param pos="0" name="os.device" value="General"/>
112
+ <param pos="2" name="os.arch"/>
113
+ <param pos="0" name="os.version" value="10.6"/>
114
+ <param pos="3" name="os.version.version"/>
115
+ <param pos="0" name="os.certainty" value="0.9"/>
116
+ </fingerprint>
117
+ <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^&quot;]+)&quot;,.*system=&quot;Darwin/?11\.([^&quot;]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
118
+ <description>ntpd running on Mac OSX 10.7/Lion</description>
119
+ <example>
120
+ version="ntpd 4.2.6@1.2089-o Fri May 28 01:20:53 UTC 2010 (1)",
121
+ processor="x86_64", system="Darwin/11.2.0", leap=11, stratum=16,
122
+ </example>
123
+ <param pos="0" name="service.family" value="NTP"/>
124
+ <param pos="0" name="service.product" value="NTP"/>
125
+ <param pos="1" name="service.version"/>
126
+ <param pos="0" name="os.vendor" value="Apple"/>
127
+ <param pos="0" name="os.family" value="Mac OS X"/>
128
+ <param pos="0" name="os.product" value="Mac OS X"/>
129
+ <param pos="0" name="os.device" value="General"/>
130
+ <param pos="2" name="os.arch"/>
131
+ <param pos="0" name="os.version" value="10.7"/>
132
+ <param pos="3" name="os.version.version"/>
133
+ <param pos="0" name="os.certainty" value="0.9"/>
134
+ </fingerprint>
135
+ <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;FreeBSD/?(?:[^ ]+-NETSCALER-([^ ]+))&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
136
+ <description>ntpd running on Citrix Netscaler, which is based on FreeBSD</description>
137
+ <example>
138
+ version="ntpd 4.2.6p2@1.2194 Wed Nov 24 15:54:11 UTC 2010 (1)",
139
+ processor="i386", system="FreeBSD/6.3-NETSCALER-9.3", leap=00, stratum=3,
140
+ </example>
141
+ <param pos="0" name="service.family" value="NTP"/>
142
+ <param pos="0" name="service.product" value="NTP"/>
143
+ <param pos="1" name="service.version"/>
144
+ <param pos="0" name="os.vendor" value="Citrix"/>
145
+ <param pos="0" name="os.product" value="NetScaler"/>
146
+ <param pos="2" name="os.arch"/>
147
+ <param pos="3" name="os.version"/>
148
+ </fingerprint>
149
+ <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;FreeBSD/?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
150
+ <description>ntpd running on FreeBSD</description>
151
+ <example>
152
+ version="ntpd 4.2.6p2@1.2194 Wed Nov 24 15:54:11 UTC 2010 (1)",
153
+ processor="i386", system="FreeBSD/7.4-PRERELEASE", leap=00, stratum=3,
154
+ </example>
155
+ <param pos="0" name="service.family" value="NTP"/>
156
+ <param pos="0" name="service.product" value="NTP"/>
157
+ <param pos="1" name="service.version"/>
158
+ <param pos="0" name="os.vendor" value="FreeBSD"/>
159
+ <param pos="0" name="os.family" value="FreeBSD"/>
160
+ <param pos="0" name="os.product" value="FreeBSD"/>
161
+ <param pos="2" name="os.arch"/>
162
+ <param pos="3" name="os.version"/>
163
+ </fingerprint>
164
+ <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;NetBSD/?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
165
+ <description>ntpd running on NetBSD</description>
166
+ <example>
167
+ version="ntpd 4.2.4p6-o Thu Jan 8 21:02:40 MET 2009 (import)",
168
+ processor="sparc64", system="NetBSD/5.0_STABLE", leap=00, stratum=1,
169
+ </example>
170
+ <param pos="0" name="service.family" value="NTP"/>
171
+ <param pos="0" name="service.product" value="NTP"/>
172
+ <param pos="1" name="service.version"/>
173
+ <param pos="0" name="os.vendor" value="NetBSD"/>
174
+ <param pos="0" name="os.family" value="NetBSD"/>
175
+ <param pos="0" name="os.product" value="NetBSD"/>
176
+ <param pos="2" name="os.arch"/>
177
+ <param pos="3" name="os.version"/>
178
+ </fingerprint>
179
+ <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;SunOS/?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
180
+ <description>ntpd running on Solaris</description>
181
+ <example>
182
+ version="ntpd 4.2.0@1.1161-r Wed Apr 20 11:28:05 EDT 2005 (1)",
183
+ processor="sun4u", system="SunOS/5.9", leap=00, stratum=2,
184
+ </example>
185
+ <param pos="0" name="os.vendor" value="Sun"/>
186
+ <param pos="0" name="os.family" value="Solaris"/>
187
+ <param pos="0" name="os.product" value="Solaris"/>
188
+ <param pos="0" name="service.family" value="NTP"/>
189
+ <param pos="0" name="service.product" value="NTP"/>
190
+ <param pos="1" name="service.version"/>
191
+ <param pos="2" name="os.arch"/>
192
+ <param pos="3" name="os.version"/>
193
+ </fingerprint>
194
+ <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;JUNOS/?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
195
+ <description>ntpd running on Juniper/Netscreen JunOS</description>
196
+ <example>
197
+ version="ntpd 4.2.0-a Wed Aug 12 04:22:47 UTC 2009 (1)",
198
+ processor="i386", system="JUNOS9.3R4.4", leap=11, stratum=16,
199
+ </example>
200
+ <param pos="0" name="os.vendor" value="Juniper"/>
201
+ <param pos="0" name="os.family" value="JUNOS"/>
202
+ <param pos="0" name="os.product" value="JUNOS"/>
203
+ <param pos="0" name="service.family" value="NTP"/>
204
+ <param pos="0" name="service.product" value="NTP"/>
205
+ <param pos="1" name="service.version"/>
206
+ <param pos="2" name="os.arch"/>
207
+ <param pos="3" name="os.version"/>
208
+ </fingerprint>
209
+ <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;Windows/?([^ ]+)?&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
210
+ <description>ntpd running on Windows</description>
211
+ <example>
212
+ version="ntpd 4.2.4p7@copenhagen-o May 22 11:25:36 (UTC+02:00) 2009 (3)",
213
+ processor="x86", system="Windows", leap=00, stratum=2, precision=-19,
214
+ </example>
215
+ <example>
216
+ version="ntpd 4.2.4p4@1.1520-modena-o Dec 05 9:35:28 (UTC+01:00) 2007 (11)",
217
+ processor="unknown", system="WINDOWS/NT", leap=00, stratum=2,
218
+ </example>
219
+ <param pos="0" name="service.family" value="NTP"/>
220
+ <param pos="0" name="service.product" value="NTP"/>
221
+ <param pos="1" name="service.version"/>
222
+ <param pos="0" name="os.vendor" value="Microsoft"/>
223
+ <param pos="0" name="os.family" value="Windows"/>
224
+ <param pos="0" name="os.product" value="Windows"/>
225
+ <param pos="2" name="os.arch"/>
226
+ <param pos="3" name="os.version"/>
227
+ </fingerprint>
228
+ <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;HP-UX/?([^ ]+)?&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
229
+ <description>ntpd running on HP-UX</description>
230
+ <example>
231
+ version="ntpd 4.2.2@1.1532-o Wed Sep 6 16:49:43 EDT 2006 (2)",
232
+ processor="9000/800", system="HP-UX/B.11.11", leap=00, stratum=1,
233
+ </example>
234
+ <param pos="0" name="service.family" value="NTP"/>
235
+ <param pos="0" name="service.product" value="NTP"/>
236
+ <param pos="1" name="service.version"/>
237
+ <param pos="0" name="os.vendor" value="HP"/>
238
+ <param pos="0" name="os.family" value="HP-UX"/>
239
+ <param pos="0" name="os.product" value="HP-UX"/>
240
+ <param pos="2" name="os.arch"/>
241
+ <param pos="3" name="os.version"/>
242
+ </fingerprint>
243
+ <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;[^ ]+&quot;,.*system=&quot;([^ ]+)-hp-hpux([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
244
+ <description>ntpd running on HP-UX, where the processor is in the 'system' variable</description>
245
+ <example>
246
+ version="ntpd 4.2.5p154@1.1802 Tue Mar 22 22:09:00 UTC 2011 (39)",
247
+ processor="unknown", system="ia64-hp-hpux11.31", leap=00, stratum=1,
248
+ </example>
249
+ <param pos="0" name="service.family" value="NTP"/>
250
+ <param pos="0" name="service.product" value="NTP"/>
251
+ <param pos="1" name="service.version"/>
252
+ <param pos="0" name="os.vendor" value="HP"/>
253
+ <param pos="0" name="os.family" value="HP-UX"/>
254
+ <param pos="0" name="os.product" value="HP-UX"/>
255
+ <param pos="2" name="os.arch"/>
256
+ <param pos="3" name="os.version"/>
257
+ </fingerprint>
258
+ <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;VMkernel/?([^ ]+)?&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
259
+ <description>ntpd running on VMware ESXi</description>
260
+ <example>
261
+ version="ntpd 4.2.4p6@1.1495 Wed Sep 22 02:33:15 UTC 2010 (1)",
262
+ processor="x86_64", system="VMkernel/4.1.0", leap=11, stratum=16,
263
+ </example>
264
+ <param pos="0" name="service.family" value="NTP"/>
265
+ <param pos="0" name="service.product" value="NTP"/>
266
+ <param pos="1" name="service.version"/>
267
+ <param pos="0" name="os.vendor" value="VMware"/>
268
+ <param pos="0" name="os.family" value="VMware ESX/ESXi"/>
269
+ <param pos="0" name="os.product" value="VMware ESXi Server"/>
270
+ <param pos="2" name="os.arch"/>
271
+ <param pos="3" name="os.version"/>
272
+ </fingerprint>
273
+ <fingerprint pattern=".*processor=&quot;([^ ]+)&quot;,.*system=&quot;OSF1/?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
274
+ <description>ntpd running on OSF/1</description>
275
+ <example>
276
+ processor="alpha", system="OSF1V4.0", leap=00, stratum=1, precision=-18,
277
+ </example>
278
+ <param pos="0" name="service.family" value="NTP"/>
279
+ <param pos="0" name="service.product" value="NTP"/>
280
+ <param pos="0" name="os.vendor" value="DEC"/>
281
+ <param pos="0" name="os.product" value="OSF/1"/>
282
+ <param pos="2" name="os.version"/>
283
+ <param pos="1" name="os.arch"/>
284
+ </fingerprint>
285
+ <fingerprint pattern="^.*system=&quot;Linux&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
286
+ <description>Linux with NTP enabled, no processor/version</description>
287
+ <example>
288
+ system="Linux", leap=00, stratum=2, rootdelay=6.480,
289
+ </example>
290
+ <param pos="0" name="os.vendor" value="Linux"/>
291
+ <param pos="0" name="os.family" value="Linux"/>
292
+ <param pos="0" name="os.product" value="Linux"/>
293
+ <param pos="0" name="service.family" value="NTP"/>
294
+ <param pos="0" name="service.product" value="NTP"/>
295
+ </fingerprint>
296
+ <fingerprint pattern="^.*system=&quot;UNIX/AIX&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
297
+ <description>AIX with NTP enabled, no processor/version</description>
298
+ <example>
299
+ system="UNIX/AIX", leap=00, stratum=3, rootdelay=2.000,
300
+ </example>
301
+ <param pos="0" name="os.vendor" value="IBM"/>
302
+ <param pos="0" name="os.family" value="AIX"/>
303
+ <param pos="0" name="os.product" value="AIX"/>
304
+ <param pos="0" name="service.family" value="NTP"/>
305
+ <param pos="0" name="service.product" value="NTP"/>
306
+ <param pos="0" name="service.vendor" value="IBM"/>
307
+ </fingerprint>
308
+ <fingerprint pattern="^.*system=&quot;SunOS&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
309
+ <description>Solaris with NTP enabled, no processor/version</description>
310
+ <example>
311
+ system="SunOS", leap=00, stratum=1, rootdelay=0.000,
312
+ </example>
313
+ <param pos="0" name="os.vendor" value="Sun"/>
314
+ <param pos="0" name="os.family" value="Solaris"/>
315
+ <param pos="0" name="os.product" value="Solaris"/>
316
+ <param pos="0" name="service.family" value="NTP"/>
317
+ <param pos="0" name="service.product" value="NTP"/>
318
+ <param pos="0" name="service.vendor" value="Solaris"/>
319
+ </fingerprint>
320
+ <fingerprint pattern="^.*system=&quot;cisco&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
321
+ <description>Cisco IOS with NTP enabled</description>
322
+ <example>
323
+ system="cisco", leap=00, stratum=2, rootdelay=39.900,
324
+ </example>
325
+ <param pos="0" name="os.vendor" value="Cisco"/>
326
+ <param pos="0" name="os.family" value="IOS"/>
327
+ <param pos="0" name="os.product" value="IOS"/>
328
+ <param pos="0" name="service.family" value="NTP"/>
329
+ <param pos="0" name="service.product" value="NTP"/>
330
+ <param pos="0" name="service.vendor" value="Cisco"/>
331
+ </fingerprint>
332
+ <fingerprint pattern="^.*system=&quot;Data ONTAP/+(\S+)&quot;.*$" flags="REG_DOT_NEWLINE,REG_ICASE">
333
+ <description>NetApp file servers</description>
334
+ <example>
335
+ system="Data ONTAP/8.1RC2"
336
+ </example>
337
+ <param pos="0" name="os.vendor" value="NetApp"/>
338
+ <param pos="0" name="os.family" value="Data ONTAP"/>
339
+ <param pos="0" name="os.product" value="Data ONTAP"/>
340
+ <param pos="0" name="os.device" value="File server"/>
341
+ <param pos="1" name="os.version"/>
342
+ </fingerprint>
343
+ <fingerprint pattern="system=&quot;UNIX/HPUX&quot;" flags="REG_ICASE">
344
+ <description>Generic HPUX</description>
345
+ <example>
346
+ system="UNIX/HPUX", leap=0, stratum=3, rootdelay=1.16,
347
+ rootdispersion=1.89, peer=52828, refid=A.B.C.D,
348
+ reftime=0xd2ec64af.5cca1000, poll=10, clock=0xd2ec6545.46514000,
349
+ phase=-1.080, freq=-2231.51, error=0.40
350
+ </example>
351
+ <param pos="0" name="os.vendor" value="HP"/>
352
+ <param pos="0" name="os.family" value="HP-UX"/>
353
+ <param pos="0" name="os.product" value="HP-UX"/>
354
+ </fingerprint>
355
+ <fingerprint pattern="system=&quot;UNIX&quot;" flags="REG_ICASE" certainty="0.5">
356
+ <description>Generic UNIX</description>
357
+ <example>
358
+ version="4", processor="unknown", system="UNIX", leap=0, stratum=2,
359
+ </example>
360
+ <param pos="0" name="os.family" value="UNIX"/>
361
+ <param pos="0" name="os.product" value="UNIX"/>
362
+ </fingerprint>
363
+ <fingerprint pattern="system=&quot;VxWorks&quot;" flags="REG_ICASE">
364
+ <description>Generic VxWorks</description>
365
+ <example>
366
+ system="VxWorks", leap=0, stratum=8, rootdelay=63.74,
367
+ rootdispersion=151.29, peer=65508, refid=192.168.2.100,
368
+ reftime=0xd4747c5c.5851f000, poll=6, clock=0xd4747c6d.31206000,
369
+ phase=4.131, freq=18961.38, compliance=0
370
+ </example>
371
+ <param pos="0" name="os.vendor" value="Wind River"/>
372
+ <param pos="0" name="os.product" value="VxWorks"/>
373
+ </fingerprint>
374
+ <fingerprint pattern="system=&quot;UNIX/(Unixware([^ ]+))&quot;" flags="REG_ICASE">
375
+ <description>Add support for SCO Unixware NTP</description>
376
+ <example>
377
+ system="UNIX/Unixware2", leap=3, stratum=16, rootdelay=0.00,
378
+ rootdispersion=0.00, peer=0, refid=0.0.0.0, reftime=0x00000000.00000000,
379
+ poll=4, clock=0xd1d874b7.051ec000, phase=0.000, freq=0.00, error=0.00
380
+ </example>
381
+ <param pos="0" name="service.family" value="NTP"/>
382
+ <param pos="0" name="service.product" value="NTP"/>
383
+ <param pos="0" name="os.vendor" value="SCO"/>
384
+ <param pos="1" name="os.product"/>
385
+ </fingerprint>
386
+ <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*\s*processor=&quot;([^ ]+)&quot;,.*system=&quot;SecureOS/([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
387
+ <description>McAfee Network Firewall Enterprise NTP (SecureOS)</description>
388
+ <example>
389
+ version="ntpd 4.2.0-r Thu Aug 11 12:41:19 CDT 2005 (1)",
390
+ processor="i386", system="SecureOS/7.0.1.00", leap=0, stratum=3,
391
+ precision=-19, rootdelay=27.044, rootdispersion=87.845, peer=2357,
392
+ refid=A.B.C.D, reftime=0xd2636966.fd61b098, poll=10,
393
+ clock=0xd2636c8e.d5e2d427, state=4, offset=0.519, frequency=-3.027,
394
+ jitter=5.132, stability=0.394
395
+ </example>
396
+ <example>
397
+ version="ntpd 4.2.0-r Thu Aug 11 12:41:19 CDT 2005 (1)",
398
+ processor="i386", system="SecureOS/7.0.0.04", leap=0, stratum=2,
399
+ precision=-19, rootdelay=56.480, rootdispersion=35.772, peer=8677,
400
+ refid=A.B.C.D, reftime=0xd260ce25.8f9e2b59, poll=10,
401
+ clock=0xd260cf6c.7e0f1646, state=4, offset=-0.129, frequency=8.718,
402
+ jitter=0.548, stability=0.055
403
+ </example>
404
+ <param pos="0" name="service.family" value="NTP"/>
405
+ <param pos="0" name="service.product" value="NTP"/>
406
+ <param pos="0" name="os.vendor" value="McAfee"/>
407
+ <param pos="0" name="os.product" value="SecureOS"/>
408
+ <param pos="1" name="service.version"/>
409
+ <param pos="2" name="os.arch"/>
410
+ <param pos="3" name="os.version"/>
411
+ </fingerprint>
412
+ <fingerprint pattern="^.*processor=&quot;([^ ]+)&quot;.*system=&quot;Linux([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
413
+ <description>ntpd running on linux</description>
414
+ <example>
415
+ processor="i686", system="Linux2.6.10", leap=0, stratum=2,
416
+ precision=-17, rootdelay=44.644, rootdispersion=29.933, peer=13317,
417
+ refid=A.B.C.D, reftime=0xd2c29f69.407570c5, poll=10,
418
+ clock=0xd2c2a335.360999dc, state=4, phase=1.037, frequency=55.898,
419
+ jitter=0.203, stability=0.004
420
+ </example>
421
+ <example>
422
+ processor="i686", system="Linux2.6.23.waas", leap=0, stratum=2,
423
+ precision=-18, rootdelay=37.550, rootdispersion=427.047, peer=40613,
424
+ refid=172.20.62.191, reftime=0xd297a442.8b66c6de, poll=14,
425
+ clock=0xd297d4bf.4a69be09, state=4, phase=2.927, frequency=25.968,
426
+ jitter=3.460, stability=0.043
427
+ </example>
428
+ <param pos="0" name="service.family" value="NTP"/>
429
+ <param pos="0" name="service.product" value="NTP"/>
430
+ <param pos="0" name="os.vendor" value="Linux"/>
431
+ <param pos="0" name="os.family" value="Linux"/>
432
+ <param pos="0" name="os.product" value="Linux"/>
433
+ <param pos="0" name="os.certainty" value="0.75"/>
434
+ <param pos="1" name="os.arch"/>
435
+ <param pos="2" name="os.version"/>
436
+ </fingerprint>
437
+ <fingerprint pattern=".*version=&quot;ntpd (\S+)[^&quot;]+&quot;,.*\s*processor=&quot;([^ ]+)&quot;.*system=&quot;Isilon OneFS/v([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
438
+ <description>Isilon OneFS NTP Server</description>
439
+ <example>
440
+ version="ntpd 4.2.4p4-o Thu Feb 4 20:43:00 UTC 2010 (1)",
441
+ processor="i386", system="Isilon OneFS/v5.5.4.21", leap=0, stratum=14,
442
+ precision=-19, rootdelay=0.000, rootdispersion=11.260, peer=60044,
443
+ refid=A.B.C.D, reftime=0xd2c1c806.b32bca4f, poll=10,
444
+ clock=0xd2c1c81b.d2869541, state=4, offset=0.000, frequency=-9.100,
445
+ jitter=0.002, noise=0.002, stability=0.000, tai=0
446
+ </example>
447
+ <param pos="0" name="service.family" value="NTP"/>
448
+ <param pos="0" name="service.product" value="NTP"/>
449
+ <param pos="0" name="os.vendor" value="Isilon"/>
450
+ <param pos="0" name="os.product" value="OneFS"/>
451
+ <param pos="1" name="service.version"/>
452
+ <param pos="2" name="os.arch"/>
453
+ <param pos="3" name="os.version"/>
454
+ </fingerprint>
455
+ <fingerprint pattern="system=&quot;IPSO&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
456
+ <description>Nokia IPSO NTP</description>
457
+ <example>
458
+ system="IPSO", leap=3, stratum=16, rootdelay=0.00, rootdispersion=0.00,
459
+ peer=0, refid=0.0.0.0, reftime=0x00000000.00000000, poll=4,
460
+ clock=0xd2066990.82704000, phase=0.000, freq=0.00, error=0.00
461
+ </example>
462
+ <example>
463
+ system="IPSO", leap=0, stratum=3, rootdelay=121.57,
464
+ rootdispersion=13.55, peer=29038, refid=A.B.C.D,
465
+ reftime=0xd1e2ab9b.ac19b000, poll=7, clock=0xd1e2abf4.b8ef1000,
466
+ phase=0.756, freq=27452.24, error=0.58
467
+ </example>
468
+ <param pos="0" name="service.family" value="NTP"/>
469
+ <param pos="0" name="service.product" value="NTP"/>
470
+ <param pos="0" name="os.vendor" value="Nokia"/>
471
+ <param pos="0" name="os.product" value="IPSO"/>
472
+ <param pos="0" name="os.device" value="Firewall"/>
473
+ </fingerprint>
474
+ <fingerprint pattern="system=&quot;UNIX/Solaris\s[^ ]+&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
475
+ <description>Sun Solaris NTP</description>
476
+ <example>
477
+ system="UNIX/Solaris 2.x", leap=3, stratum=16, rootdelay=0.00,
478
+ rootdispersion=0.00, peer=0, refid=0.0.0.0, reftime=0x00000000.00000000,
479
+ poll=4, clock=0xd23e08ab.ecd7f000, phase=0.000, freq=11392.00,
480
+ error=0.00
481
+ </example>
482
+ <example>
483
+ system="UNIX/Solaris 2.x", leap=3, stratum=16, rootdelay=0.00,
484
+ rootdispersion=0.00, peer=0, refid=0.0.0.0, reftime=0x00000000.00000000,
485
+ poll=4, clock=0xd2353ae7.7bca8000, phase=0.000, freq=11392.00,
486
+ error=0.00
487
+ </example>
488
+ <param pos="0" name="os.vendor" value="Sun"/>
489
+ <param pos="0" name="os.family" value="Solaris"/>
490
+ <param pos="0" name="os.product" value="Solaris"/>
491
+ <param pos="0" name="service.family" value="NTP"/>
492
+ <param pos="0" name="service.product" value="NTP"/>
493
+ <param pos="0" name="service.vendor" value="Sun"/>
494
+ </fingerprint>
495
+ <fingerprint pattern="version=&quot;ntpd version = ([^ ]+)&quot;,\s*processor=&quot;([A-Z0-9]+)&quot;,\s*system=&quot;OpenVMS/V([A-Z0-9.-]+)" flags="REG_DOT_NEWLINE,REG_ICASE">
496
+ <description>OpenVMS NTP Server</description>
497
+ <example service.version="4.2.0" os.arch="PHMNFP" os.version="8.3">
498
+ version="ntpd version = 4.2.0", processor="PHMNFP",
499
+ system="OpenVMS/V8.3", leap=0, stratum=4, precision=-10,
500
+ rootdelay=56.458, rootdispersion=51.315, peer=53868, refid=A.B.C.D,
501
+ reftime=0xd248836a.1af277e1, poll=10, clock=0xd2488581.0790e0a1,
502
+ state=4, offset=-0.561, frequency=8.597, jitter=1.507, stability=0.041
503
+ </example>
504
+ <example service.version="4.2.0" os.arch="STHRN2" os.version="8.3-1H1">
505
+ version="ntpd version = 4.2.0", processor="STHRN2",
506
+ system="OpenVMS/V8.3-1H1", leap=0, stratum=3, precision=-10,
507
+ rootdelay=8.615, rootdispersion=80.724, peer=55037,
508
+ refid=A.B.C.D, reftime=0xd1aa6b0e.bc19eb3b, poll=10,
509
+ clock=0xd1aa6d19.d5a12600, state=4, offset=7.844, frequency=4.737,
510
+ jitter=2.222, stability=0.096
511
+ </example>
512
+ <param pos="0" name="service.family" value="NTP"/>
513
+ <param pos="0" name="service.product" value="NTP"/>
514
+ <param pos="0" name="os.vendor" value="OpenVMS"/>
515
+ <param pos="0" name="os.product" value="OpenVMS"/>
516
+ <param pos="1" name="service.version"/>
517
+ <param pos="2" name="os.arch"/>
518
+ <param pos="3" name="os.version"/>
519
+ </fingerprint>
520
+ <fingerprint pattern=".*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,\s*processor=&quot;([^ ]+)&quot;,\s*system=&quot;[^ ]+.([^&quot;]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
521
+ <description>F5 Big-IP Load Balancers NTP</description>
522
+ <example service.version="4.1.1a@1.791" os.arch="i386" os.version="4.5PTF-0">
523
+ version="ntpd 4.1.1a@1.791 Fri Aug 8 04:08:19 PDT 2003 (1)",
524
+ processor="i386", system="BIG-IPBIG-IP 4.5PTF-0", leap=3, stratum=16,
525
+ precision=-16, rootdelay=0.000, rootdispersion=103599.120, peer=0,
526
+ refid=0.0.0.0, reftime=0x00000000.00000000, poll=4,
527
+ clock=0xd20533b8.903aa79b, state=1, offset=0.000, frequency=0.000,
528
+ jitter=0.015, stability=0.000
529
+ </example>
530
+ <param pos="0" name="service.family" value="NTP"/>
531
+ <param pos="0" name="service.product" value="NTP"/>
532
+ <param pos="0" name="os.vendor" value="F5"/>
533
+ <param pos="0" name="os.product" value="BIG-IP"/>
534
+ <param pos="1" name="service.version"/>
535
+ <param pos="2" name="os.arch"/>
536
+ <param pos="3" name="os.version"/>
537
+ </fingerprint>
538
+ </fingerprints>