recog 0.01

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. data/.gitignore +3 -0
  2. data/.rspec +2 -0
  3. data/Gemfile +9 -0
  4. data/Gemfile.lock +42 -0
  5. data/LICENSE +23 -0
  6. data/README.md +63 -0
  7. data/bin/recog_export.rb +81 -0
  8. data/bin/recog_match.rb +51 -0
  9. data/bin/recog_verify.rb +45 -0
  10. data/features/match.feature +16 -0
  11. data/features/support/env.rb +5 -0
  12. data/features/verify.feature +31 -0
  13. data/features/xml/banners.xml +2 -0
  14. data/features/xml/failing_banners_fingerprints.xml +20 -0
  15. data/features/xml/matching_banners_fingerprints.xml +22 -0
  16. data/features/xml/no_tests.xml +53 -0
  17. data/features/xml/successful_tests.xml +33 -0
  18. data/features/xml/tests_with_failures.xml +10 -0
  19. data/features/xml/tests_with_warnings.xml +10 -0
  20. data/lib/recog.rb +3 -0
  21. data/lib/recog/db.rb +38 -0
  22. data/lib/recog/db_manager.rb +27 -0
  23. data/lib/recog/fingerprint.rb +60 -0
  24. data/lib/recog/formatter.rb +51 -0
  25. data/lib/recog/match_reporter.rb +77 -0
  26. data/lib/recog/matcher.rb +60 -0
  27. data/lib/recog/matcher_factory.rb +14 -0
  28. data/lib/recog/nizer.rb +263 -0
  29. data/lib/recog/verifier.rb +46 -0
  30. data/lib/recog/verifier_factory.rb +13 -0
  31. data/lib/recog/verify_reporter.rb +85 -0
  32. data/lib/recog/version.rb +3 -0
  33. data/recog.gemspec +34 -0
  34. data/spec/data/best_os_match_1.yml +17 -0
  35. data/spec/data/best_os_match_2.yml +17 -0
  36. data/spec/data/best_service_match_1.yml +17 -0
  37. data/spec/data/smb_native_os.txt +31 -0
  38. data/spec/data/test_fingerprints.xml +24 -0
  39. data/spec/lib/db_spec.rb +89 -0
  40. data/spec/lib/formatter_spec.rb +69 -0
  41. data/spec/lib/match_reporter_spec.rb +90 -0
  42. data/spec/lib/nizer_spec.rb +124 -0
  43. data/spec/lib/verify_reporter_spec.rb +112 -0
  44. data/xml/apache_os.xml +295 -0
  45. data/xml/architecture.xml +45 -0
  46. data/xml/ftp_banners.xml +808 -0
  47. data/xml/h323_callresp.xml +701 -0
  48. data/xml/hp_pjl_id.xml +435 -0
  49. data/xml/http_cookies.xml +379 -0
  50. data/xml/http_servers.xml +3326 -0
  51. data/xml/http_wwwauth.xml +412 -0
  52. data/xml/imap_banners.xml +267 -0
  53. data/xml/nntp_banners.xml +51 -0
  54. data/xml/ntp_banners.xml +538 -0
  55. data/xml/pop_banners.xml +452 -0
  56. data/xml/rsh_resp.xml +90 -0
  57. data/xml/sip_banners.xml +14 -0
  58. data/xml/smb_native_os.xml +385 -0
  59. data/xml/smtp_banners.xml +1738 -0
  60. data/xml/smtp_debug.xml +45 -0
  61. data/xml/smtp_ehlo.xml +53 -0
  62. data/xml/smtp_expn.xml +95 -0
  63. data/xml/smtp_help.xml +212 -0
  64. data/xml/smtp_mailfrom.xml +24 -0
  65. data/xml/smtp_noop.xml +45 -0
  66. data/xml/smtp_quit.xml +31 -0
  67. data/xml/smtp_rcptto.xml +33 -0
  68. data/xml/smtp_rset.xml +23 -0
  69. data/xml/smtp_turn.xml +23 -0
  70. data/xml/smtp_vrfy.xml +109 -0
  71. data/xml/snmp_sysdescr.xml +8008 -0
  72. data/xml/snmp_sysobjid.xml +284 -0
  73. data/xml/ssh_banners.xml +790 -0
  74. data/xml/upnp_banners.xml +590 -0
  75. metadata +190 -0
@@ -0,0 +1,452 @@
1
+ <?xml version="1.0"?>
2
+ <!--
3
+ POP3 greeting messages (part of the banner after the status indicator +OK or -ERR) are
4
+ matched against these patterns to fingerprint POP3 servers.
5
+ -->
6
+
7
+ <fingerprints matches="pop3.banner">
8
+
9
+ <fingerprint pattern="^([^ ]+) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
10
+ <description>OSX Cyrus POP</description>
11
+ <example>8.8.8.8 Cyrus POP3 v2.3.8-OS X Server 10.5: 9A562 server ready &lt;1999107648.1324502155@8.8.8.8&gt;</example>
12
+ <param pos="0" name="service.family" value="Cyrus"/>
13
+ <param pos="0" name="service.product" value="Cyrus POP"/>
14
+ <param pos="0" name="service.vendor" value="CMU"/>
15
+ <param pos="2" name="service.version"/>
16
+ <param pos="0" name="os.vendor" value="Apple"/>
17
+ <param pos="0" name="os.family" value="Mac OS X"/>
18
+ <param pos="0" name="os.product" value="Mac OS X"/>
19
+ <param pos="0" name="os.device" value="General"/>
20
+ <param pos="3" name="os.version"/>
21
+ </fingerprint>
22
+
23
+ <fingerprint pattern="^([^ ]+) +Cyrus POP3 v([\d\.]+)[^OS\s+X].*$">
24
+ <description>CMU Cyrus POP</description>
25
+ <example>foo Cyrus POP3 v2.3</example>
26
+ <example>foo Cyrus POP3 v2.3.14 server ready &lt;13087751828270990591.1301068892@foo&gt;</example>
27
+ <param pos="0" name="service.vendor" value="CMU"/>
28
+ <param pos="0" name="service.family" value="Cyrus"/>
29
+ <param pos="0" name="service.product" value="Cyrus POP"/>
30
+ <param pos="1" name="service.version"/>
31
+ <param pos="2" name="host.domain"/>
32
+ </fingerprint>
33
+
34
+ <fingerprint pattern="^Lotus Notes POP3 server version X[^ ]+ ready on .*$">
35
+ <example>Lotus Notes POP3 server version X2.0 ready on foo/bar.</example>
36
+ <description>IBM Lotus Notes/Domino</description>
37
+ <param pos="0" name="service.vendor" value="IBM"/>
38
+ <param pos="0" name="service.family" value="Lotus Domino"/>
39
+ <param pos="0" name="service.product" value="Lotus Domino"/>
40
+ </fingerprint>
41
+
42
+ <fingerprint pattern="^Lotus Notes POP3 server version Release ([^ ]+) ready on .*$">
43
+ <example>Lotus Notes POP3 server version Release 8.5.1FP5 ready on foo/US.</example>
44
+ <description>IBM Lotus Notes/Domino</description>
45
+ <param pos="0" name="service.vendor" value="IBM"/>
46
+ <param pos="0" name="service.family" value="Lotus Domino"/>
47
+ <param pos="0" name="service.product" value="Lotus Domino"/>
48
+ <param pos="1" name="service.version"/>
49
+ </fingerprint>
50
+
51
+ <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+), modified by Sphera Technologies\) at (.+) starting\..*$">
52
+ <description>Qpopper with Sphera mods</description>
53
+ <example>Qpopper (version 4.0.3, modified by Sphera Technologies) at domain starting. &lt;xxx@domain&gt;</example>
54
+ <param pos="0" name="service.vendor" value="Sphera"/>
55
+ <param pos="0" name="service.family" value="Qpopper"/>
56
+ <param pos="0" name="service.product" value="Qpopper"/>
57
+ <param pos="1" name="service.version"/>
58
+ <param pos="2" name="host.domain"/>
59
+ </fingerprint>
60
+
61
+ <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+)-mysql-(.+)\) at (.+) starting\..*$">
62
+ <description>Qpopper with MySQL auth module</description>
63
+ <example>Qpopper (version 4.0.3-mysql-0.13) at domain starting. &lt;xxx@domain&gt;</example>
64
+ <param pos="0" name="service.vendor" value="Qualcomm"/>
65
+ <param pos="0" name="service.family" value="Qpopper"/>
66
+ <param pos="0" name="service.product" value="Qpopper"/>
67
+ <param pos="1" name="service.version"/>
68
+ <param pos="0" name="service.component.family" value="qpopper-mysql"/>
69
+ <param pos="0" name="service.component.product" value="qpopper-mysql"/>
70
+ <param pos="2" name="service.component.version"/>
71
+ <param pos="3" name="host.domain"/>
72
+ </fingerprint>
73
+
74
+ <fingerprint pattern="^Qpop(?:per)? \(version ([\d\.]+)\) at (.+)(?: starting\.)?.*$" flags="REG_ICASE">
75
+ <description>Qpopper missing version info</description>
76
+ <example>Qpopper (version 4.0.16) at foo.example.com</example>
77
+ <example>QPOP (version 2.53) at domain starting. &lt;xxx@domain&gt;</example>
78
+ <example>Qpopper (version 4.0.3) at domain starting. &lt;xxx@domain&gt;</example>
79
+ <param pos="0" name="service.vendor" value="Qualcomm"/>
80
+ <param pos="0" name="service.family" value="Qpopper"/>
81
+ <param pos="0" name="service.product" value="Qpopper"/>
82
+ <param pos="1" name="service.version"/>
83
+ <param pos="2" name="host.domain"/>
84
+ </fingerprint>
85
+
86
+ <fingerprint pattern="^QPOP \(version (.*)\) at (.+) starting\..*$">
87
+ <description>Qpopper with missing version info</description>
88
+ <example>QPOP (version ?) at domain starting. &lt;xxx@domain&gt;</example>
89
+ <param pos="0" name="service.vendor" value="Qualcomm"/>
90
+ <param pos="0" name="service.family" value="Qpopper"/>
91
+ <param pos="0" name="service.product" value="Qpopper"/>
92
+ <param pos="1" name="qpopper.version"/>
93
+ <param pos="2" name="host.domain"/>
94
+ </fingerprint>
95
+
96
+ <fingerprint pattern="^Microsoft Exchange Server 2003 POP3 server version (\d+\.\d+\.\d+\.\d+) (.+) ready.$">
97
+ <description>Microsoft Exchange Server 2003</description>
98
+ <example>Microsoft Exchange Server 2003 POP3 server version 6.5.6944.0 (host) ready.</example>
99
+ <param pos="0" name="service.vendor" value="Microsoft"/>
100
+ <param pos="0" name="service.family" value="Exchange Server"/>
101
+ <param pos="0" name="service.product" value="Exchange 2003 Server"/>
102
+ <param pos="1" name="service.version"/>
103
+ <param pos="2" name="host.name"/>
104
+ <param pos="0" name="os.vendor" value="Microsoft"/>
105
+ <param pos="0" name="os.device" value="General"/>
106
+ <param pos="0" name="os.family" value="Windows"/>
107
+ <param pos="0" name="os.product" value="Windows"/>
108
+ </fingerprint>
109
+
110
+ <fingerprint pattern="^Microsoft Exchange 2000 POP3 server version (\d+\.\d+\.\d+\.\d+) (.+) ready.$">
111
+ <description>Microsoft Exchange Server 2000</description>
112
+ <example>Microsoft Exchange 2000 POP3 server version 6.0.6603.0 (host) ready.</example>
113
+ <param pos="0" name="service.vendor" value="Microsoft"/>
114
+ <param pos="0" name="service.family" value="Exchange Server"/>
115
+ <param pos="0" name="service.product" value="Exchange 2000 Server"/>
116
+ <param pos="1" name="service.version"/>
117
+ <param pos="2" name="host.name"/>
118
+ <param pos="0" name="os.vendor" value="Microsoft"/>
119
+ <param pos="0" name="os.device" value="General"/>
120
+ <param pos="0" name="os.family" value="Windows"/>
121
+ <param pos="0" name="os.product" value="Windows"/>
122
+ </fingerprint>
123
+
124
+ <fingerprint pattern="^Microsoft Exchange POP3 server version (\d+\.\d+\.\d+\.\d+) ready$">
125
+ <description>Microsoft Exchange Server</description>
126
+ <example>Microsoft Exchange POP3 server version 5.5.2654.50 ready</example>
127
+ <param pos="0" name="service.vendor" value="Microsoft"/>
128
+ <param pos="0" name="service.family" value="Exchange Server"/>
129
+ <param pos="0" name="service.product" value="Exchange Server"/>
130
+ <param pos="1" name="service.version"/>
131
+ <param pos="0" name="os.vendor" value="Microsoft"/>
132
+ <param pos="0" name="os.device" value="General"/>
133
+ <param pos="0" name="os.family" value="Windows"/>
134
+ <param pos="0" name="os.product" value="Windows"/>
135
+ </fingerprint>
136
+
137
+ <fingerprint pattern="^Microsoft Windows POP3 Service Version 1.0 &lt;.+@(.+)&gt; ready.$">
138
+ <description>Microsoft POP3 Services on Windows 2003</description>
139
+ <example>Microsoft Windows POP3 Service Version 1.0 &lt;xxx@host&gt; ready.</example>
140
+ <param pos="0" name="service.vendor" value="Microsoft"/>
141
+ <param pos="0" name="service.family" value="E-mail Services"/>
142
+ <param pos="0" name="service.product" value="E-mail Services"/>
143
+ <param pos="1" name="host.name"/>
144
+ <param pos="0" name="os.vendor" value="Microsoft"/>
145
+ <param pos="0" name="os.device" value="General"/>
146
+ <param pos="0" name="os.family" value="Windows"/>
147
+ <param pos="0" name="os.product" value="Windows Server 2003"/>
148
+ </fingerprint>
149
+
150
+ <fingerprint pattern="^Microsoft Exchange Server 2007 POP3 service ready\.?$">
151
+ <description>Microsoft Exchange Server 2007</description>
152
+ <example>Microsoft Exchange Server 2007 POP3 service ready</example>
153
+ <param pos="0" name="service.vendor" value="Microsoft"/>
154
+ <param pos="0" name="service.family" value="Exchange Server"/>
155
+ <param pos="0" name="service.product" value="Exchange 2007 Server"/>
156
+ <param pos="0" name="os.vendor" value="Microsoft"/>
157
+ <param pos="0" name="os.device" value="General"/>
158
+ <param pos="0" name="os.family" value="Windows"/>
159
+ <param pos="0" name="os.product" value="Windows"/>
160
+ </fingerprint>
161
+
162
+ <fingerprint pattern="^The? Microsoft Exchange POP3 service is ready\.?$">
163
+ <description>Microsoft Exchange Server, generic</description>
164
+ <example>The Microsoft Exchange POP3 service is ready.</example>
165
+ <param pos="0" name="service.vendor" value="Microsoft"/>
166
+ <param pos="0" name="service.family" value="Exchange Server"/>
167
+ <param pos="0" name="service.product" value="Exchange Server"/>
168
+ <param pos="0" name="os.vendor" value="Microsoft"/>
169
+ <param pos="0" name="os.device" value="General"/>
170
+ <param pos="0" name="os.family" value="Windows"/>
171
+ <param pos="0" name="os.product" value="Windows"/>
172
+ </fingerprint>
173
+
174
+ <fingerprint pattern="^[dD]ovecot (?:DA )?ready\.(?: &lt;.+@(.+)&gt;)?$">
175
+ <!-- Dovecot DA ready.
176
+ dovecot ready.
177
+ Dovecot ready.
178
+ Dovecot ready. <xxx@host>
179
+ -->
180
+ <description>Dovecot Secure POP Server</description>
181
+ <param pos="0" name="service.family" value="Dovecot"/>
182
+ <param pos="0" name="service.product" value="Dovecot"/>
183
+ <param pos="1" name="host.name"/>
184
+ </fingerprint>
185
+
186
+ <fingerprint pattern="^(\S+) Zimbra POP3 server ready\.?$">
187
+ <example>catfood.example.com Zimbra POP3 server ready</example>
188
+ <example>dogfood.example.com Zimbra POP3 server ready</example>
189
+ <description>VMware Zimbra POP</description>
190
+ <param pos="0" name="service.vendor" value="VMware"/>
191
+ <param pos="0" name="service.product" value="Zimbra"/>
192
+ <param pos="1" name="host.name"/>
193
+ </fingerprint>
194
+
195
+ <fingerprint pattern="^(\S+) Zimbra (\S+) POP3 server ready\.?$">
196
+ <example>example.com Zimbra 7.0.0_GA_3079 POP3 server ready</example>
197
+ <description>VMware Zimbra POP</description>
198
+ <param pos="0" name="service.vendor" value="VMware"/>
199
+ <param pos="0" name="service.product" value="Zimbra"/>
200
+ <param pos="2" name="service.version"/>
201
+ <param pos="1" name="host.name"/>
202
+ </fingerprint>
203
+
204
+ <fingerprint pattern="^(?:S?POP3? server ready |Hello there.? )?&lt;.*@([^&gt;]+)&gt;$">
205
+ <example>POP3 server ready &lt;58c29ae4-7316-429e-8109-060444ab1a28@foo.example.com&gt;</example>
206
+ <example>&lt;84427.1298535083@foo.example.com&gt;</example>
207
+ <description>Generic masked POP3 server</description>
208
+ <param pos="1" name="host.name"/>
209
+ </fingerprint>
210
+
211
+ <fingerprint pattern="^ApplePasswordServer ([\d\.]+) password">
212
+ <description>Apple Open Directory</description>
213
+ <example>ApplePasswordServer 10.6.0.0 password server at 10.2.90.228 ready.</example>
214
+ <example>ApplePasswordServer 10.5.0.1 password serv</example>
215
+ <param pos="0" name="service.vendor" value="Apple"/>
216
+ <param pos="0" name="service.product" value="Open Directory"/>
217
+ <param pos="0" name="os.vendor" value="Apple"/>
218
+ <param pos="0" name="os.family" value="Mac OS X"/>
219
+ <param pos="0" name="os.product" value="Mac OS X"/>
220
+ <param pos="1" name="os.version"/>
221
+ <!-- the version coming from this service is usually accurate for the major version
222
+ but horribly wrong for the minor and patch levels, therefore drop the certainty
223
+ in lieu of a "quality" attribute for fingerprints -->
224
+ <param pos="0" name="os.certainty" value="0.5"/>
225
+ </fingerprint>
226
+
227
+ <!--
228
+
229
+ ; Mandrake 8.1 - uses UW IMAP
230
+ ; +OK POP3 mandrake81-f540k v2000.70mdk server ready
231
+ // wu-imap?
232
+ // +OK POP3 pytha434.rsjp.net 2004.89w server ready
233
+ // +OK POP3 cctlaser.com 2004.89s server ready
234
+ // +OK POP3 [158.122.12.70] v2003.83mdk server ready
235
+ // +OK POP3 [161.58.53.189] 2006b.94 server ready
236
+ // +OK POP3 [192.168.0.250] v2000.70rh server ready
237
+
238
+ ; Lotus Domino - NOTE: POP versions do not map to Domino version
239
+ // +OK Lotus Notes POP3 server version X2.0 ready <0015521D.86257321.0000081C.00000008@Atlas/AgileTek> on Atlas/AgileTek.
240
+ ( call ?j_popPatterns add
241
+ "^\\+OK Lotus Notes POP3 server version ([^ ]*) ready on ([^\\.]*)\\.$" )
242
+ ( call ?j_popNames add "Lotus-Domino" )
243
+
244
+ // +OK alquilerpc.com.mx POP3 Server (Version 1.020h) ready.
245
+
246
+ // Ipswitch IMail
247
+ // +OK X1 NT-POP3 Server geneseenet06 (IMail 8.22 45450-1)
248
+
249
+ // +OK X1 POP3 Mail Server
250
+
251
+ // +OK server POP3 server (DeskNow POP3 Server 1.0) ready
252
+
253
+ // +OK <1185161310.3352@goto15028.com> [XMail 1.24 POP3 Server] service ready; Mon, 23 Jul 2007 11:28:30 +0800
254
+
255
+ // +OK IdeaPop3Server v0.50 ready.
256
+
257
+ // +OK qxztmail POP3 server (STD Ymailserver v1.8 POP3) ready
258
+
259
+ // +OK blue.forest-green.lan POP3 server (JAMES POP3 Server 2.2.0) ready
260
+
261
+ // +OK xxx CMailServer 5.2 POP3 Service Ready
262
+
263
+ // +OK iac3 Solstice (tm) Internet Mail Server (tm) POP3 2.0 at Mon, 23 Jul 2007 20:08:02 -0500 (CDT)
264
+
265
+ // +OK Gordano Messaging Suite POP3 server ready
266
+ // +OK Gordano Messaging Suite POP3 server ready <13501095613509@hollandcanadaline.com>
267
+
268
+ // +OK unitechna.lt Merak 8.9.1 POP3 Sun, 22 Jul 2007 23:16:25 +0300 <20070722231625@unitechna.lt>
269
+
270
+
271
+ // +OK Cubic Circle's v1.31 1998/05/13 POP3 ready <0c9300004104a246@www.dvdld.co.za>
272
+
273
+ // +OK Welcome to MailEnable POP3 Server
274
+
275
+ // +OK GroupWise POP3 server ready
276
+
277
+ // +OK POP3 AnalogX Proxy 4.14 (Release) ready.
278
+
279
+ // +OK lojack.com.ar POP MDaemon 9.6.0 ready <MDAEMON-F200707232110.AA1001241MD4604@lojack.com.ar>
280
+
281
+ // +OK DBMAIL pop3 server ready to rock <4393e6301f984e87ad7cdc766595c78f@mx>
282
+
283
+ // +OK POP3 Welcome to vm-pop3d 1.1.6 <83532.1185400462@romeo.hostlab.nl>
284
+
285
+ // +OK Solid POP3 server ready
286
+
287
+ // +OK ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.8.9)
288
+
289
+ // +OK POP3 titan [cppop 20.0] at [207.150.171.34]
290
+
291
+ // +OK ModusMail POP3 Server-NOTF 4.2.425.4 Ready <42760712.1185328354.283@gbso.net>
292
+
293
+ // +OK DPOP Version number supressed.
294
+
295
+ // +OK XPOP3 0.0.1 server ready
296
+
297
+ -ERR (Proxy) connect error:socket error:No route to host
298
+ -ERR No permission
299
+ -ERR sorry, POP server too busy right now. Try again later.
300
+ -ERR This IP is not configured for POP3 service. Please contact Allstream at 1-888-655-7670.
301
+ +OK
302
+ +OK
303
+ +OK <0bdec6022085d6c34a0e48bb77bf8cf3@juno.thinkburst.com>
304
+ +OK <869521546.23059@mail.tecedge.net>, POP3 server ready.
305
+ +OK host CMailServer 5.2 POP3 Service Ready
306
+ +OK 2net.com POP MDaemon 7.2.0 ready <MDAEMON-F200707241631.AA3131578MD3019@2net.com>
307
+ +OK alakhan.kz POP MDaemon 6.8.4 ready <MDAEMON-F200707231617.AA1715437MD3489@alakhan.kz>
308
+ +OK alquilerpc.com.mx POP3 Server (Version 1.020h) ready.
309
+ +OK ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.8.9)
310
+ +OK blue.forest-green.lan POP3 server (JAMES POP3 Server 2.2.0) ready
311
+ +OK canoeregatta.org POP3 Server (Version 1.020h) ready.
312
+ +OK codebase.com.au POP MDaemon 9.6.1 ready <MDAEMON-F200707220122.AA2235837MD8039@codebase.com.au>
313
+ +OK Cubic Circle's v1.31 1998/05/13 POP3 ready <0c9300004104a246@www.dvdld.co.za>
314
+ +OK DBMAIL pop3 server ready to rock <4393e6301f984e87ad7cdc766595c78f@mx>
315
+ +OK ddc.lv POP MDaemon 9.0.4 ready <MDAEMON-F200707221319.AA1908942MD2984@ddc.lv>
316
+ +OK DPOP Version number supressed.
317
+ +OK Gordano Messaging Suite POP3 server ready
318
+ +OK Gordano Messaging Suite POP3 server ready <13501095613509@hollandcanadaline.com>
319
+ +OK Gordano Messaging Suite POP3 server ready <17142725297473@nefonline.de>
320
+ +OK GroupWise POP3 server ready
321
+ +OK Hello there.
322
+ +OK Hello there. <4405.1185250906@localhost.localdomain>
323
+ +OK iac3 Solstice (tm) Internet Mail Server (tm) POP3 2.0 at Mon, 23 Jul 2007 20:08:02 -0500 (CDT)
324
+ +OK IdeaPop3Server v0.50 ready.
325
+ +OK justkidsmagazine.com POP3 Server (Version 1.020h) ready.
326
+ +OK lojack.com.ar POP MDaemon 9.6.0 ready <MDAEMON-F200707232110.AA1001241MD4604@lojack.com.ar>
327
+ +OK Lotus Notes POP3 server version X2.0 ready <0015521D.86257321.0000081C.00000008@Atlas/AgileTek> on Atlas/AgileTek.
328
+ +OK mail.inter-ecom.com MERAK 3.00.120 POP3 Fri, 20 Jul 2007 23:01:52 -0700 <20070720230152@mail.inter-ecom.com>
329
+ +OK ModusMail POP3 Server-NOTF 4.2.425.4 Ready <42760712.1185328354.283@gbso.net>
330
+ +OK myflock.christianwebhost.com POP3 Server (Version 1.020h) ready.
331
+ +OK pchomehouston.com POP3 Server (Version 1.020h) ready.
332
+ +OK POP server version 2.53 ready from w2k1332
333
+ +OK POP3 [158.122.12.70] v2003.83mdk server ready
334
+ +OK POP3 [161.58.53.189] 2006b.94 server ready
335
+ +OK POP3 [192.168.0.250] v2000.70rh server ready
336
+ +OK POP3 [193.203.43.90] 2004.89 server ready
337
+ +OK POP3 [199.236.35.240] v2000.70 server ready
338
+ +OK POP3 [199.236.46.233] v2000.70 server ready
339
+ +OK POP3 [216.17.96.200] 2004.89 server ready
340
+ +OK POP3 [220.111.0.198] v2000.70 server ready
341
+ +OK POP3 [60.43.204.115] v2000.70 server ready
342
+ +OK POP3 [61.126.32.231] v2000.70 server ready
343
+ +OK POP3 [66.49.140.201] v2003.83rh server ready
344
+ +OK POP3 [89.110.105.178] 2004.89 server ready
345
+ +OK POP3 [89.110.111.108] 2004.89 server ready
346
+ +OK POP3 [89.110.120.59] 2004.89 server ready
347
+ +OK POP3 [89.110.123.169] 2004.89 server ready
348
+ +OK POP3 [89.110.88.248] 2004.89 server ready
349
+ +OK POP3 220-130-130-112.HINET-IP.hinet.net v2000.70 server ready
350
+ +OK POP3 AnalogX Proxy 4.14 (Release) ready.
351
+ +OK POP3 artfulssoul.com v2001.78rh server ready
352
+ +OK POP3 bibliotake.nl v2001.78rh server ready
353
+ +OK POP3 blog.celebkings.com v2003.83rh server ready
354
+ +OK POP3 bureau25.ns.utoronto.ca 2006f.96 server ready
355
+ +OK POP3 cctlaser.com 2004.89s server ready
356
+ +OK POP3 creditsuisseplm.tempdomainname.com 2004.89s server ready
357
+ +OK POP3 energypress.com 2004.89 server ready
358
+ +OK POP3 ez3 [cppop 20.0] at [64.119.173.146]
359
+ +OK POP3 frankscenterinc.com 2004.89 server ready
360
+ +OK POP3 fred08.tempdomainname.com 2004.89s server ready
361
+ +OK POP3 giantkangaroo.com v2003.83rh server ready
362
+ +OK POP3 host [cppop 20.0] at [66.45.252.61]
363
+ +OK POP3 host62 [cppop 20.0] at [216.120.237.62]
364
+ +OK POP3 hypolite.com v2001.78rh server ready
365
+ +OK POP3 juma [cppop 20.0] at [140.99.39.68]
366
+ +OK POP3 ksblist.com v2003.83rh server ready
367
+ +OK POP3 lakegeorgedaycare.com 2004.89s server ready
368
+ +OK POP3 localhost server ready
369
+ +OK POP3 localhost 2004.89 server ready
370
+ +OK POP3 localhost v2000.69hw server ready
371
+ +OK POP3 localhost v2001.78rh server ready
372
+ +OK POP3 monki.net v2003.83rh server ready
373
+ +OK POP3 nativeamericanlinks.com v2001.78rh server ready
374
+ +OK POP3 ns.skymarkgroup.com v2001.78rh server ready
375
+ +OK POP3 oliveiradressage.com v2003.83rh server ready
376
+ +OK POP3 pegasus [cppop 20.0] at [64.235.240.105]
377
+ +OK POP3 pytha434.rsjp.net 2004.89w server ready
378
+ +OK POP3 qwiknet.com 2004.89 server ready
379
+ +OK POP3 rrm82.fastlinknet.com v2003.83rh server ready
380
+ +OK POP3 saruman [cppop 20.0] at [82.136.60.52]
381
+ +OK POP3 scitechlicensing.com v2003.83rh server ready
382
+ +OK POP3 server-p002 [cppop 19.0] at [217.26.51.207]
383
+ +OK POP3 server [cppop 20.0] at [72.249.45.83]
384
+ +OK POP3 server [cppop 21.0] at [216.227.223.68]
385
+ +OK POP3 server ready
386
+ +OK POP3 server ready QuickMail Pro Server for Mac 3.0.2 <9a937c2c@192.168.0.254>
387
+ +OK POP3 taiwanjohnson.com.tw v2001.78rh server ready
388
+ +OK POP3 telesto [cppop 20.0] at [209.123.140.118]
389
+ +OK POP3 titan [cppop 20.0] at [207.150.171.34]
390
+ +OK POP3 top [cppop 21.0] at [70.87.244.140]
391
+ +OK POP3 txsunset.com v2001.78rh server ready
392
+ +OK POP3 umb.bankersacademy.com 2004.89s server ready
393
+ +OK POP3 unrealfactory.com v2003.83rh server ready
394
+ +OK POP3 venus [cppop 20.0] at [216.54.232.223]
395
+ +OK POP3 vitalmoment.com v4.47 server ready
396
+ +OK POP3 vps [cppop 21.0] at [207.58.145.19]
397
+ +OK POP3 web1 [cppop 21.0] at [72.9.237.53]
398
+ +OK POP3 Welcome to vm-pop3d 1.1.6 <83532.1185400462@romeo.hostlab.nl>
399
+ +OK POP3 Welcome to vm-pop3d 1.1.7f-DA-2
400
+ +OK POP3 wirelessintro [cppop 20.0] at [72.18.130.64]
401
+ +OK POP3 www.boomingusedautoparts.com 2006b.94 server ready
402
+ +OK POP3 www.happytails2u.com 2004.89 server ready
403
+ +OK POP3 www.homebasedwizard.com 2004.89 server ready
404
+ +OK POP3 www.webmail.imperioe.com 2004.89 server ready
405
+ +OK qxztmail POP3 server (STD Ymailserver v1.8 POP3) ready
406
+ +OK Radish (Version 3.0.0-b021) ready
407
+ +OK ready
408
+ +OK ready <11514.1185210732@freedom.concept69.de>
409
+ +OK ready <14026.1184992338@s076-129.ub.firstserver.ne.jp>
410
+ +OK ready <16013.1185110479@p1.in11.squarestart.ne.jp>
411
+ +OK ready <1602.1185138403@p10084207.pureserver.de>
412
+ +OK ready <17391.1185103166@www.e-shci.org>
413
+ +OK ready <17638.1185005363@o6.s023v.squarestart.ne.jp>
414
+ +OK ready <21400.1185465572@q7.s036v.smilestart.ne.jp>
415
+ +OK ready <2964.1185086744@nissan-forksaitama.co.jp>
416
+ +OK ready <9704.1185097132@h9.s011v.squarestart.ne.jp>
417
+ +OK recvmail/he.net POP3 Server
418
+ +OK refinanceloanjones.com POP3 Server (Version 1.020h) ready.
419
+ +OK samare.it POP MDaemon 6.8.5 ready <MDAEMON-F200707220351.AA513460MD5338@samare.it>
420
+ +OK server POP3 server (DeskNow POP3 Server 1.0) ready
421
+ +OK silexaviacion.com POP3 Server (Version 1.020h) ready.
422
+ +OK simple-photography.com POP3 Server (Version 1.020h) ready.
423
+ +OK Solid POP3 server ready
424
+ +OK studiovisuals.com POP3 Server (Version 1.020h) ready.
425
+ +OK themeekermall.com POP3 Server (Version 1.020h) ready.
426
+ +OK unitechna.lt Merak 8.9.1 POP3 Sun, 22 Jul 2007 23:16:25 +0300 <20070722231625@unitechna.lt>
427
+ +OK Welcome to MailEnable POP3 Server
428
+ +OK X1 NT-POP3 Server 2436681011.monstercommercesites.com (IMail 7.15 560907-1)
429
+ +OK X1 NT-POP3 Server Calvin-Serv (IMail 8.22 1107-1)
430
+ +OK X1 NT-POP3 Server chealsea.com.cn (IMail 8.15 16990-1)
431
+ +OK X1 NT-POP3 Server dedicated (IMail 9.03 34585-1)
432
+ +OK X1 NT-POP3 Server exfast114 (IMail 8.10 1204-1)
433
+ +OK X1 NT-POP3 Server exfast114 (IMail 8.10 548-1)
434
+ +OK X1 NT-POP3 Server geneseenet06 (IMail 8.22 45450-1)
435
+ +OK X1 NT-POP3 Server karunrolling.com (IMail 9.10 33410-4)
436
+ +OK X1 NT-POP3 Server mail.domainebuilders.com (IMail 8.15 562966-2)
437
+ +OK X1 NT-POP3 Server mail.ectorumc.org (IMail 8.21 421362-1)
438
+ +OK X1 NT-POP3 Server mail.oecmail2.com (IMail 9.10 135441-3)
439
+ +OK X1 NT-POP3 Server mail.saturnofdc.com (IMail 7.13 214871-3)
440
+ +OK X1 NT-POP3 Server ph18.pennyhost.com (IMail 8.22 325883-2)
441
+ +OK X1 NT-POP3 Server wddx002.wddx.net (IMail 8.15 60353-2)
442
+ +OK X1 NT-POP3 Server webgistix.com (IMail 8.05 161161-1)
443
+ +OK X1 POP3 Mail Server
444
+ +OK XPOP3 0.0.1 server ready
445
+ 220 axigen slmail mdaemon mailserver
446
+ // apparently this is a P3Scan Proxy bug
447
+ // http://lists.freebsd.org/pipermail/freebsd-ports/2004-May/012400.html
448
+ Oops, that would loop!
449
+
450
+ -->
451
+
452
+ </fingerprints>
@@ -0,0 +1,90 @@
1
+ <?xml version="1.0"?>
2
+ <!--
3
+ Rservices responses to requests are matched against these patterns to fingerprint the OSes of servers.
4
+ -->
5
+
6
+ <fingerprints>
7
+ <fingerprint pattern="^.Permission denied: Error 0$">
8
+ <example>xPermission denied: Error 0</example>
9
+ <description>Digital Unix rlogind</description>
10
+ <param pos="0" name="os.vendor" value="HP"/>
11
+ <param pos="0" name="os.device" value="General"/>
12
+ <param pos="0" name="os.family" value="Digital Unix"/>
13
+ <param pos="0" name="os.product" value="Unknown"/>
14
+ </fingerprint>
15
+
16
+ <fingerprint pattern="^.Winsock RSHD/NT: Protocol negotiation error\..+$|^.in\.rlogind: Permission denied\..+$" flags="REG_DOT_NEWLINE">
17
+ <example>xWinsock RSHD/NT: Protocol negotiation error.
18
+ 0</example>
19
+ <example>xin.rlogind: Permission denied.
20
+ </example>
21
+ <description>Windows rlogind</description>
22
+ <param pos="0" name="os.vendor" value="Microsoft"/>
23
+ <param pos="0" name="os.device" value="General"/>
24
+ <param pos="0" name="os.family" value="Windows"/>
25
+ <param pos="0" name="os.product" value="Unknown"/>
26
+ </fingerprint>
27
+
28
+ <fingerprint pattern="^.permission denied\..+$" flags="REG_DOT_NEWLINE">
29
+ <example>xpermission denied.
30
+ </example>
31
+ <description>Solaris rlogind</description>
32
+ <param pos="0" name="os.vendor" value="Sun"/>
33
+ <param pos="0" name="os.device" value="General"/>
34
+ <param pos="0" name="os.family" value="Solaris"/>
35
+ <param pos="0" name="os.product" value="Solaris"/>
36
+ </fingerprint>
37
+
38
+ <fingerprint pattern="^.rlogind: Acc.s refus.\..+$" flags="REG_DOT_NEWLINE">
39
+ <example>xrlogind: Accxs refusx.
40
+ </example>
41
+ <description>AIX rlogind</description>
42
+ <param pos="0" name="os.vendor" value="IBM"/>
43
+ <param pos="0" name="os.device" value="General"/>
44
+ <param pos="0" name="os.family" value="AIX"/>
45
+ <param pos="0" name="os.product" value="AIX"/>
46
+ </fingerprint>
47
+
48
+ <fingerprint pattern="^.rlogind: Host name for your address \([\d.]+\) unknown\..*$" flags="REG_DOT_NEWLINE">
49
+ <example>xrlogind: Host name for your address (127.0.0.1) unknown.
50
+ </example>
51
+ <description>A/UX rlogind</description>
52
+ <param pos="0" name="os.vendor" value="Apple"/>
53
+ <param pos="0" name="os.device" value="General"/>
54
+ <param pos="0" name="os.family" value="A/UX"/>
55
+ <param pos="0" name="os.product" value="Unknown"/>
56
+ </fingerprint>
57
+
58
+ <fingerprint pattern="^.rexecd: Login incorrect\..*$" flags="REG_DOT_NEWLINE">
59
+ <example>xrexecd: Login incorrect.
60
+ </example>
61
+ <description>HP-UX rexecd</description>
62
+ <param pos="0" name="os.vendor" value="HP"/>
63
+ <param pos="0" name="os.device" value="General"/>
64
+ <param pos="0" name="os.family" value="HP-UX"/>
65
+ <param pos="0" name="os.product" value="HP-UX"/>
66
+ </fingerprint>
67
+
68
+ <fingerprint pattern="^.rexecd: [-\d]+.*$" flags="REG_DOT_NEWLINE">
69
+ <example>xrexecd: 0-1 The login is not correct.
70
+ </example>
71
+ <description>AIX rexecd</description>
72
+ <param pos="0" name="os.vendor" value="IBM"/>
73
+ <param pos="0" name="os.device" value="General"/>
74
+ <param pos="0" name="os.family" value="AIX"/>
75
+ <param pos="0" name="os.product" value="AIX"/>
76
+ </fingerprint>
77
+
78
+ <fingerprint pattern="^.remshd: (getservbyname.+|Kerberos Authentication not enabled\..+|Error! Kerberos authentication failed)$" flags="REG_DOT_NEWLINE">
79
+ <example>xremshd: getservbyname
80
+ </example>
81
+ <example>xremshd: Kerberos Authentication not enabled.
82
+ </example>
83
+ <example>xremshd: Error! Kerberos authentication failed</example>
84
+ <description>HP-UX rshd</description>
85
+ <param pos="0" name="os.vendor" value="HP"/>
86
+ <param pos="0" name="os.device" value="General"/>
87
+ <param pos="0" name="os.family" value="HP-UX"/>
88
+ <param pos="0" name="os.product" value="HP-UX"/>
89
+ </fingerprint>
90
+ </fingerprints>