recog 0.01

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. data/.gitignore +3 -0
  2. data/.rspec +2 -0
  3. data/Gemfile +9 -0
  4. data/Gemfile.lock +42 -0
  5. data/LICENSE +23 -0
  6. data/README.md +63 -0
  7. data/bin/recog_export.rb +81 -0
  8. data/bin/recog_match.rb +51 -0
  9. data/bin/recog_verify.rb +45 -0
  10. data/features/match.feature +16 -0
  11. data/features/support/env.rb +5 -0
  12. data/features/verify.feature +31 -0
  13. data/features/xml/banners.xml +2 -0
  14. data/features/xml/failing_banners_fingerprints.xml +20 -0
  15. data/features/xml/matching_banners_fingerprints.xml +22 -0
  16. data/features/xml/no_tests.xml +53 -0
  17. data/features/xml/successful_tests.xml +33 -0
  18. data/features/xml/tests_with_failures.xml +10 -0
  19. data/features/xml/tests_with_warnings.xml +10 -0
  20. data/lib/recog.rb +3 -0
  21. data/lib/recog/db.rb +38 -0
  22. data/lib/recog/db_manager.rb +27 -0
  23. data/lib/recog/fingerprint.rb +60 -0
  24. data/lib/recog/formatter.rb +51 -0
  25. data/lib/recog/match_reporter.rb +77 -0
  26. data/lib/recog/matcher.rb +60 -0
  27. data/lib/recog/matcher_factory.rb +14 -0
  28. data/lib/recog/nizer.rb +263 -0
  29. data/lib/recog/verifier.rb +46 -0
  30. data/lib/recog/verifier_factory.rb +13 -0
  31. data/lib/recog/verify_reporter.rb +85 -0
  32. data/lib/recog/version.rb +3 -0
  33. data/recog.gemspec +34 -0
  34. data/spec/data/best_os_match_1.yml +17 -0
  35. data/spec/data/best_os_match_2.yml +17 -0
  36. data/spec/data/best_service_match_1.yml +17 -0
  37. data/spec/data/smb_native_os.txt +31 -0
  38. data/spec/data/test_fingerprints.xml +24 -0
  39. data/spec/lib/db_spec.rb +89 -0
  40. data/spec/lib/formatter_spec.rb +69 -0
  41. data/spec/lib/match_reporter_spec.rb +90 -0
  42. data/spec/lib/nizer_spec.rb +124 -0
  43. data/spec/lib/verify_reporter_spec.rb +112 -0
  44. data/xml/apache_os.xml +295 -0
  45. data/xml/architecture.xml +45 -0
  46. data/xml/ftp_banners.xml +808 -0
  47. data/xml/h323_callresp.xml +701 -0
  48. data/xml/hp_pjl_id.xml +435 -0
  49. data/xml/http_cookies.xml +379 -0
  50. data/xml/http_servers.xml +3326 -0
  51. data/xml/http_wwwauth.xml +412 -0
  52. data/xml/imap_banners.xml +267 -0
  53. data/xml/nntp_banners.xml +51 -0
  54. data/xml/ntp_banners.xml +538 -0
  55. data/xml/pop_banners.xml +452 -0
  56. data/xml/rsh_resp.xml +90 -0
  57. data/xml/sip_banners.xml +14 -0
  58. data/xml/smb_native_os.xml +385 -0
  59. data/xml/smtp_banners.xml +1738 -0
  60. data/xml/smtp_debug.xml +45 -0
  61. data/xml/smtp_ehlo.xml +53 -0
  62. data/xml/smtp_expn.xml +95 -0
  63. data/xml/smtp_help.xml +212 -0
  64. data/xml/smtp_mailfrom.xml +24 -0
  65. data/xml/smtp_noop.xml +45 -0
  66. data/xml/smtp_quit.xml +31 -0
  67. data/xml/smtp_rcptto.xml +33 -0
  68. data/xml/smtp_rset.xml +23 -0
  69. data/xml/smtp_turn.xml +23 -0
  70. data/xml/smtp_vrfy.xml +109 -0
  71. data/xml/snmp_sysdescr.xml +8008 -0
  72. data/xml/snmp_sysobjid.xml +284 -0
  73. data/xml/ssh_banners.xml +790 -0
  74. data/xml/upnp_banners.xml +590 -0
  75. metadata +190 -0
@@ -0,0 +1,90 @@
1
+ require_relative '../../lib/recog/match_reporter'
2
+
3
+ describe Recog::MatchReporter do
4
+ let(:options) { double(detail: false) }
5
+ let(:formatter) { double('formatter').as_null_object }
6
+ subject { Recog::MatchReporter.new(options, formatter) }
7
+
8
+ def run_report
9
+ subject.report do
10
+ subject.increment_line_count
11
+ subject.match 'a match'
12
+ subject.failure 'a failure'
13
+ end
14
+ end
15
+
16
+ describe "#report" do
17
+ it "prints matches" do
18
+ expect(formatter).to receive(:success_message).with('a match')
19
+ run_report
20
+ end
21
+
22
+ it "prints failures" do
23
+ expect(formatter).to receive(:failure_message).with('a failure')
24
+ run_report
25
+ end
26
+
27
+ context "with detail" do
28
+ subject { Recog::MatchReporter.new(double(detail: true), formatter) }
29
+
30
+ it "prints the lines processed" do
31
+ expect(formatter).to receive(:status_message).with("\nProcessed 1 lines")
32
+ run_report
33
+ end
34
+
35
+ it "prints summary" do
36
+ expect(formatter).to receive(:failure_message).with("SUMMARY: 1 matches and 1 failures")
37
+ run_report
38
+ end
39
+ end
40
+ end
41
+
42
+ describe "#print_summary" do
43
+ context "with all matches" do
44
+ before { subject.match 'match' }
45
+
46
+ it "prints a successful summary" do
47
+ msg = "SUMMARY: 1 matches and 0 failures"
48
+ expect(formatter).to receive(:success_message).with(msg)
49
+ subject.print_summary
50
+ end
51
+ end
52
+
53
+ context "with failures" do
54
+ before { subject.failure 'fail' }
55
+
56
+ it "prints a failure summary" do
57
+ msg = "SUMMARY: 0 matches and 1 failures"
58
+ expect(formatter).to receive(:failure_message).with(msg)
59
+ subject.print_summary
60
+ end
61
+ end
62
+ end
63
+
64
+ describe "#stop?" do
65
+ context "with a failure limit" do
66
+ before do
67
+ options.stub(fail_fast: true, stop_after: 3)
68
+ subject.failure 'first'
69
+ subject.failure 'second'
70
+ end
71
+
72
+ it "returns true when the limit is reached " do
73
+ subject.failure 'third'
74
+ expect(subject.stop?).to be_true
75
+ end
76
+
77
+ it "returns false when under the limit" do
78
+ expect(subject.stop?).to be_false
79
+ end
80
+ end
81
+
82
+ context "with no failure limit" do
83
+ before { options.stub(fail_fast: false) }
84
+
85
+ it "return false" do
86
+ expect(subject.stop?).to be_false
87
+ end
88
+ end
89
+ end
90
+ end
@@ -0,0 +1,124 @@
1
+ require_relative '../../lib/recog'
2
+ require 'yaml'
3
+
4
+ describe Recog::Nizer do
5
+ subject { Recog::Nizer }
6
+
7
+ describe "#match" do
8
+ File.readlines(File.expand_path(File.join('spec', 'data', 'smb_native_os.txt'))).each do |line|
9
+ data = line.strip
10
+ context "with smb_native_os:#{data}" do
11
+ let(:match_result) { subject.match('smb.native_os', data) }
12
+
13
+ it "returns a hash" do
14
+ expect(match_result.class).to eq(::Hash)
15
+ end
16
+
17
+ it "returns a successful match" do
18
+ expect(match_result['matched'].to_s).to match(/^[A-Z]/)
19
+ end
20
+
21
+ it "correctly matches service or os" do
22
+ if data =~ /^Windows/
23
+ expect(match_result['os.product']).to match(/^Windows/)
24
+ end
25
+
26
+ if data =~ /^Samba/
27
+ expect(match_result['service.product']).to match(/^Samba/)
28
+ end
29
+ end
30
+
31
+ end
32
+ end
33
+ end
34
+
35
+ describe "self.best_os_match" do
36
+
37
+ # Demonstrates how this method picks up additional attributes from other members of the winning
38
+ # os.product match group and applies them to the result.
39
+ matches1 = YAML.load(File.read(File.expand_path(File.join('spec', 'data', 'best_os_match_1.yml'))))
40
+ context "with best_os_match_1.yml" do
41
+ let(:result) { subject.best_os_match(matches1) }
42
+
43
+ it "returns a hash" do
44
+ expect(result.class).to eq(::Hash)
45
+ end
46
+
47
+ it "matches Windows 2008" do
48
+ expect(result['os.product']).to eq('Windows 2008')
49
+ end
50
+
51
+ it "matches Microsoft" do
52
+ expect(result['os.vendor']).to eq('Microsoft')
53
+ end
54
+
55
+ it "matches English" do
56
+ expect(result['os.language']).to eq('English')
57
+ end
58
+
59
+ it "matches service pack 2" do
60
+ expect(result['os.version']).to eq('Service Pack 2')
61
+ end
62
+ end
63
+
64
+ # Demonstrates how additive os.certainty values allow a 1.0 certainty rule to be overridden
65
+ # by multiple lower certainty matches
66
+ matches2 = YAML.load(File.read(File.expand_path(File.join('spec', 'data', 'best_os_match_2.yml'))))
67
+ context "with best_os_match_2.yml" do
68
+ let(:result) { subject.best_os_match(matches2) }
69
+
70
+ it "returns a hash" do
71
+ expect(result.class).to eq(::Hash)
72
+ end
73
+
74
+ it "matches Windows 2012" do
75
+ expect(result['os.product']).to eq('Windows 2012')
76
+ end
77
+
78
+ it "matches Microsoft" do
79
+ expect(result['os.vendor']).to eq('Microsoft')
80
+ end
81
+
82
+ it "matches Arabic" do
83
+ expect(result['os.language']).to eq('Arabic')
84
+ end
85
+
86
+ it "matches service pack 1" do
87
+ expect(result['os.version']).to eq('Service Pack 1')
88
+ end
89
+ end
90
+
91
+ end
92
+
93
+ describe "self.best_service_match" do
94
+
95
+ # Demonstrates how this method picks up additional attributes from other members of the winning
96
+ # service.product match group and applies them to the result.
97
+ matches1 = YAML.load(File.read(File.expand_path(File.join('spec', 'data', 'best_service_match_1.yml'))))
98
+ context "with best_service_match_1.yml" do
99
+ let(:result) { subject.best_service_match(matches1) }
100
+
101
+ it "returns a hash" do
102
+ expect(result.class).to eq(::Hash)
103
+ end
104
+
105
+ it "matches IIS" do
106
+ expect(result['service.product']).to eq('IIS')
107
+ end
108
+
109
+ it "matches Microsoft" do
110
+ expect(result['service.vendor']).to eq('Microsoft')
111
+ end
112
+
113
+ it "matches English" do
114
+ expect(result['service.language']).to eq('English')
115
+ end
116
+
117
+ it "matches version 6.0" do
118
+ expect(result['service.version'].to_i).to eq(6.0)
119
+ end
120
+ end
121
+
122
+ end
123
+
124
+ end
@@ -0,0 +1,112 @@
1
+ require_relative '../../lib/recog/verify_reporter'
2
+
3
+ describe Recog::VerifyReporter do
4
+ let(:formatter) { double('formatter').as_null_object }
5
+ let(:fingerprint) { double(name: 'a name', tests: [double, double, double]) }
6
+ let(:summary_line) do
7
+ "SUMMARY: Test completed with 1 successful, 1 warnings, and 1 failures"
8
+ end
9
+
10
+ subject { Recog::VerifyReporter.new(double(detail: false), formatter) }
11
+
12
+ def run_report
13
+ subject.report(1) do
14
+ subject.print_name fingerprint
15
+ subject.success 'passed'
16
+ subject.warning 'a warning'
17
+ subject.failure 'a failure'
18
+ end
19
+ end
20
+
21
+ describe "#report" do
22
+ it "prints warnings" do
23
+ expect(formatter).to receive(:warning_message).with('a warning')
24
+ run_report
25
+ end
26
+
27
+ it "prints failures" do
28
+ expect(formatter).to receive(:failure_message).with('a failure')
29
+ run_report
30
+ end
31
+
32
+ it "prints summary" do
33
+ expect(formatter).to receive(:failure_message).with(summary_line)
34
+ run_report
35
+ end
36
+
37
+ context "with detail" do
38
+ subject { Recog::VerifyReporter.new(double(detail: true), formatter) }
39
+
40
+ it "prints the fingerprint name" do
41
+ expect(formatter).to receive(:status_message).with("\na name")
42
+ run_report
43
+ end
44
+
45
+ it "prints successes" do
46
+ expect(formatter).to receive(:success_message).with(' passed')
47
+ run_report
48
+ end
49
+
50
+ it "prints warnings" do
51
+ expect(formatter).to receive(:warning_message).with(' a warning')
52
+ run_report
53
+ end
54
+
55
+ it "prints failures" do
56
+ expect(formatter).to receive(:failure_message).with(' a failure')
57
+ run_report
58
+ end
59
+
60
+ it "prints the fingerprint count" do
61
+ expect(formatter).to receive(:status_message).with("\nVerified 1 fingerprints:")
62
+ run_report
63
+ end
64
+
65
+ it "prints summary" do
66
+ expect(formatter).to receive(:failure_message).with(summary_line)
67
+ run_report
68
+ end
69
+
70
+ context "with no fingerprint tests" do
71
+ before { fingerprint.stub(tests: []) }
72
+
73
+ it "does not print the name" do
74
+ expect(formatter).not_to receive(:status_message).with("\na name")
75
+ run_report
76
+ end
77
+ end
78
+ end
79
+ end
80
+
81
+ describe "#print_summary" do
82
+ context "with success" do
83
+ before { subject.success 'pass' }
84
+
85
+ it "prints a successful summary" do
86
+ msg = "SUMMARY: Test completed with 1 successful, 0 warnings, and 0 failures"
87
+ expect(formatter).to receive(:success_message).with(msg)
88
+ subject.print_summary
89
+ end
90
+ end
91
+
92
+ context "with warnings" do
93
+ before { subject.warning 'warn' }
94
+
95
+ it "prints a warning summary" do
96
+ msg = "SUMMARY: Test completed with 0 successful, 1 warnings, and 0 failures"
97
+ expect(formatter).to receive(:warning_message).with(msg)
98
+ subject.print_summary
99
+ end
100
+ end
101
+
102
+ context "with failures" do
103
+ before { subject.failure 'fail' }
104
+
105
+ it "prints a failure summary" do
106
+ msg = "SUMMARY: Test completed with 0 successful, 0 warnings, and 1 failures"
107
+ expect(formatter).to receive(:failure_message).with(msg)
108
+ subject.print_summary
109
+ end
110
+ end
111
+ end
112
+ end
@@ -0,0 +1,295 @@
1
+ <?xml version="1.0"?>
2
+ <!--
3
+ When an HTTP server is fingerprinted as Apache, a second analysis pass can be done
4
+ on the server headers to extract OS information.
5
+ -->
6
+
7
+ <fingerprints matches="apache_os">
8
+ <fingerprint pattern=".*\(iSeries\).*">
9
+ <description>IBM i5/OS iSeries (OS/400)</description>
10
+ <param pos="0" name="os.vendor" value="IBM"/>
11
+ <param pos="0" name="os.device" value="General"/>
12
+ <param pos="0" name="os.family" value="OS/400"/>
13
+ <param pos="0" name="os.product" value="OS/400"/>
14
+ </fingerprint>
15
+
16
+ <fingerprint pattern=".*\(Mandrake Linux/\d+\.\d+\.92mdk\).*">
17
+ <!-- (Mandrake Linux/6.12.92mdk) -->
18
+ <description>Mandriva (formerly Mandrake) Linux 9.2</description>
19
+ <param pos="0" name="os.certainty" value="0.9"/>
20
+ <param pos="0" name="os.vendor" value="Mandriva"/>
21
+ <param pos="0" name="os.device" value="General"/>
22
+ <param pos="0" name="os.family" value="Linux"/>
23
+ <param pos="0" name="os.product" value="Linux"/>
24
+ <param pos="0" name="os.version" value="9.2"/>
25
+ </fingerprint>
26
+
27
+ <fingerprint pattern=".*\(Mandrake Linux/\d+\.\d+\.100mdk\).*">
28
+ <!-- (Mandrake Linux/6.8.100mdk) -->
29
+ <description>Mandriva (formerly Mandrake) Linux 10.0</description>
30
+ <param pos="0" name="os.certainty" value="0.9"/>
31
+ <param pos="0" name="os.vendor" value="Mandriva"/>
32
+ <param pos="0" name="os.device" value="General"/>
33
+ <param pos="0" name="os.family" value="Linux"/>
34
+ <param pos="0" name="os.product" value="Linux"/>
35
+ <param pos="0" name="os.version" value="10.0"/>
36
+ </fingerprint>
37
+
38
+ <fingerprint pattern=".*\((?:Mandrake|Mandriva) Linux/.*">
39
+ <!-- (Mandrake Linux/11mdk)
40
+ (Mandriva Linux/PREFORK-13.3.20060mdk)
41
+ (Mandriva Linux/PREFORK-13mdk)
42
+ (Mandriva Linux/PREFORK-1.1mdv2007.0)
43
+ -->
44
+ <description>Mandriva (formerly Mandrake) Linux unknown version</description>
45
+ <param pos="0" name="os.vendor" value="Mandriva"/>
46
+ <param pos="0" name="os.device" value="General"/>
47
+ <param pos="0" name="os.family" value="Linux"/>
48
+ <param pos="0" name="os.product" value="Linux"/>
49
+ </fingerprint>
50
+
51
+ <fingerprint pattern=".*\(Mandrakelinux/.*">
52
+ <!-- (Mandrakelinux/PREFORK-9mdk) -->
53
+ <description>Mandriva (formerly Mandrake) Linux unknown version</description>
54
+ <param pos="0" name="os.vendor" value="Mandriva"/>
55
+ <param pos="0" name="os.device" value="General"/>
56
+ <param pos="0" name="os.family" value="Linux"/>
57
+ <param pos="0" name="os.product" value="Linux"/>
58
+ </fingerprint>
59
+
60
+ <fingerprint pattern=".*\(PalmOS\).*">
61
+ <description>PalmOS</description>
62
+ <param pos="0" name="os.vendor" value="Palm"/>
63
+ <param pos="0" name="os.device" value="General"/>
64
+ <param pos="0" name="os.family" value="PalmOS"/>
65
+ <param pos="0" name="os.product" value="PalmOS"/>
66
+ </fingerprint>
67
+
68
+ <fingerprint pattern=".*\(Win32\).*">
69
+ <description>Microsoft Windows</description>
70
+ <param pos="0" name="os.certainty" value="0.75"/>
71
+ <param pos="0" name="os.vendor" value="Microsoft"/>
72
+ <param pos="0" name="os.device" value="General"/>
73
+ <param pos="0" name="os.family" value="Windows"/>
74
+ <param pos="0" name="os.product" value="Windows"/>
75
+ </fingerprint>
76
+
77
+ <fingerprint pattern=".*\(Darwin\).*">
78
+ <description>Apple Mac OS X</description>
79
+ <param pos="0" name="os.vendor" value="Apple"/>
80
+ <param pos="0" name="os.device" value="General"/>
81
+ <param pos="0" name="os.family" value="Mac OS X"/>
82
+ <param pos="0" name="os.product" value="Mac OS X"/>
83
+ </fingerprint>
84
+
85
+ <fingerprint pattern=".*\(Ubuntu\).*">
86
+ <description>Ubuntu</description>
87
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
88
+ <param pos="0" name="os.device" value="General"/>
89
+ <param pos="0" name="os.family" value="Linux"/>
90
+ <param pos="0" name="os.product" value="Linux"/>
91
+ </fingerprint>
92
+
93
+ <fingerprint pattern=".*(?:Sun )?Cobalt \(Unix\)?.*">
94
+ <!-- Sun Cobalt (Unix)
95
+ Cobalt (Unix)
96
+ Cobalt (Unix) (Red Hat/Linux)
97
+ -->
98
+ <description>Sun Cobalt RaQ (Red Hat based Linux)</description>
99
+ <param pos="0" name="os.vendor" value="Sun"/>
100
+ <param pos="0" name="os.device" value="General"/>
101
+ <param pos="0" name="os.family" value="Linux"/>
102
+ <param pos="0" name="os.product" value="Cobalt RaQ"/>
103
+ </fingerprint>
104
+
105
+ <fingerprint pattern=".*\(BlueQuartz\).*">
106
+ <description>Blue Quartz is created by a Cobalt RaQ UG</description>
107
+ <param pos="0" name="os.vendor" value="Sun"/>
108
+ <param pos="0" name="os.device" value="General"/>
109
+ <param pos="0" name="os.family" value="Linux"/>
110
+ <param pos="0" name="os.product" value="Cobalt RaQ"/>
111
+ </fingerprint>
112
+
113
+ <fingerprint pattern=".*\(Fedora\).*">
114
+ <description>Red Hat Fedora</description>
115
+ <param pos="0" name="os.vendor" value="Red Hat"/>
116
+ <param pos="0" name="os.device" value="General"/>
117
+ <param pos="0" name="os.family" value="Linux"/>
118
+ <param pos="0" name="os.product" value="Fedora Core Linux"/>
119
+ </fingerprint>
120
+
121
+ <fingerprint pattern=".*\(RHEL\).*">
122
+ <description>Red Hat Fedora</description>
123
+ <param pos="0" name="os.vendor" value="Red Hat"/>
124
+ <param pos="0" name="os.device" value="General"/>
125
+ <param pos="0" name="os.family" value="Linux"/>
126
+ <param pos="0" name="os.product" value="Enterprise Linux"/>
127
+ </fingerprint>
128
+
129
+ <fingerprint pattern=".*\(Red[ -]Hat(?:[/ ]Linux)?\).*">
130
+ <!-- (Red Hat/Linux)
131
+ (Red-Hat/Linux)
132
+ (Red Hat Linux)
133
+ (Red Hat)
134
+ -->
135
+ <description>Red Hat Linux</description>
136
+ <param pos="0" name="os.vendor" value="Red Hat"/>
137
+ <param pos="0" name="os.device" value="General"/>
138
+ <param pos="0" name="os.family" value="Linux"/>
139
+ <param pos="0" name="os.product" value="Linux"/>
140
+ </fingerprint>
141
+
142
+ <fingerprint pattern=".*Debian(?:[/ ]GNU)?(?:/Linux)?.*">
143
+ <!-- (Debian)
144
+ (Debian GNU/Linux)
145
+ (Unix) Debian GNU/Linux
146
+ (Unix) Debian/GNU
147
+ -->
148
+ <description>Debian Linux</description>
149
+ <param pos="0" name="os.vendor" value="Debian"/>
150
+ <param pos="0" name="os.device" value="General"/>
151
+ <param pos="0" name="os.family" value="Linux"/>
152
+ <param pos="0" name="os.product" value="Linux"/>
153
+ </fingerprint>
154
+
155
+ <fingerprint pattern=".*\((?:Linux/)?S[uU]SE(?:/Linux)?\).*">
156
+ <!-- (SuSE)
157
+ (SuSE/Linux)
158
+ (Linux/SuSE)
159
+ (Linux/SUSE)
160
+ -->
161
+ <description>Novell SuSE Linux</description>
162
+ <param pos="0" name="os.vendor" value="SuSE"/>
163
+ <param pos="0" name="os.device" value="General"/>
164
+ <param pos="0" name="os.family" value="Linux"/>
165
+ <param pos="0" name="os.product" value="Linux"/>
166
+ </fingerprint>
167
+
168
+ <fingerprint pattern=".*\(NETWARE\).*">
169
+ <description>Novell NetWare</description>
170
+ <param pos="0" name="os.vendor" value="Novell"/>
171
+ <param pos="0" name="os.device" value="General"/>
172
+ <param pos="0" name="os.family" value="NetWare"/>
173
+ <param pos="0" name="os.product" value="NetWare"/>
174
+ </fingerprint>
175
+
176
+ <fingerprint pattern=".*HP-UX_Apache-based_Web_Server.*">
177
+ <description>HP HP-UX</description>
178
+ <param pos="0" name="os.vendor" value="HP"/>
179
+ <param pos="0" name="os.device" value="General"/>
180
+ <param pos="0" name="os.family" value="HP-UX"/>
181
+ <param pos="0" name="os.product" value="HP-UX"/>
182
+ </fingerprint>
183
+
184
+ <fingerprint pattern=".*\(CentOS\).*">
185
+ <description>CentOS Linux</description>
186
+ <param pos="0" name="os.vendor" value="CentOS"/>
187
+ <param pos="0" name="os.device" value="General"/>
188
+ <param pos="0" name="os.family" value="Linux"/>
189
+ <param pos="0" name="os.product" value="Linux"/>
190
+ </fingerprint>
191
+
192
+ <fingerprint pattern=".*\(Turbolinux\).*">
193
+ <description>Turbolinux</description>
194
+ <param pos="0" name="os.vendor" value="Turbolinux"/>
195
+ <param pos="0" name="os.device" value="General"/>
196
+ <param pos="0" name="os.family" value="Linux"/>
197
+ <param pos="0" name="os.product" value="Linux"/>
198
+ </fingerprint>
199
+
200
+ <fingerprint pattern=".*\(FreeBSD\).*">
201
+ <description>FreeBSD</description>
202
+ <param pos="0" name="os.vendor" value="FreeBSD"/>
203
+ <param pos="0" name="os.device" value="General"/>
204
+ <param pos="0" name="os.family" value="FreeBSD"/>
205
+ <param pos="0" name="os.product" value="FreeBSD"/>
206
+ </fingerprint>
207
+
208
+ <fingerprint pattern=".*\(Asianux\).*">
209
+ <description>Asianux Linux</description>
210
+ <param pos="0" name="os.vendor" value="Asianux"/>
211
+ <param pos="0" name="os.device" value="General"/>
212
+ <param pos="0" name="os.family" value="Linux"/>
213
+ <param pos="0" name="os.product" value="Linux"/>
214
+ </fingerprint>
215
+
216
+ <fingerprint pattern=".*\(Gentoo(?:/Linux)?\).*">
217
+ <description>Gentoo Linux</description>
218
+ <param pos="0" name="os.vendor" value="Gentoo"/>
219
+ <param pos="0" name="os.device" value="General"/>
220
+ <param pos="0" name="os.family" value="Linux"/>
221
+ <param pos="0" name="os.product" value="Linux"/>
222
+ </fingerprint>
223
+
224
+ <fingerprint pattern=".*\(Conectiva(?:/Linux)?\).*">
225
+ <description>CentOS Linux</description>
226
+ <param pos="0" name="os.vendor" value="Conectiva"/>
227
+ <param pos="0" name="os.device" value="General"/>
228
+ <param pos="0" name="os.family" value="Linux"/>
229
+ <param pos="0" name="os.product" value="Linux"/>
230
+ </fingerprint>
231
+
232
+ <fingerprint pattern=".*\(Trustix Secure Linux(?:/Linux)?\).*">
233
+ <description>CentOS Linux</description>
234
+ <param pos="0" name="os.vendor" value="Trustix"/>
235
+ <param pos="0" name="os.device" value="General"/>
236
+ <param pos="0" name="os.family" value="Linux"/>
237
+ <param pos="0" name="os.product" value="Secure Linux"/>
238
+ </fingerprint>
239
+
240
+ <fingerprint pattern=".*\(White Box\).*">
241
+ <description>White Box Enterprise Linux</description>
242
+ <param pos="0" name="os.vendor" value="White Box"/>
243
+ <param pos="0" name="os.device" value="General"/>
244
+ <param pos="0" name="os.family" value="Linux"/>
245
+ <param pos="0" name="os.product" value="Enterprise Linux"/>
246
+ </fingerprint>
247
+
248
+ <fingerprint pattern=".*\(UnitedLinux\).*">
249
+ <description>UnitedLinux</description>
250
+ <param pos="0" name="os.vendor" value="UnitedLinux"/>
251
+ <param pos="0" name="os.device" value="General"/>
252
+ <param pos="0" name="os.family" value="Linux"/>
253
+ <param pos="0" name="os.product" value="Linux"/>
254
+ </fingerprint>
255
+
256
+ <fingerprint pattern=".*\(PLD/Linux\).*">
257
+ <description>PLD Linux</description>
258
+ <param pos="0" name="os.vendor" value="PLD"/>
259
+ <param pos="0" name="os.device" value="General"/>
260
+ <param pos="0" name="os.family" value="Linux"/>
261
+ <param pos="0" name="os.product" value="Linux"/>
262
+ </fingerprint>
263
+
264
+ <fingerprint pattern=".*\(Vine/Linux\).*">
265
+ <description>Vine Linux</description>
266
+ <param pos="0" name="os.vendor" value="Vine"/>
267
+ <param pos="0" name="os.device" value="General"/>
268
+ <param pos="0" name="os.family" value="Linux"/>
269
+ <param pos="0" name="os.product" value="Linux"/>
270
+ </fingerprint>
271
+
272
+ <fingerprint pattern=".*\(rPath\).*">
273
+ <description>rPath Linux</description>
274
+ <param pos="0" name="os.vendor" value="rPath"/>
275
+ <param pos="0" name="os.device" value="General"/>
276
+ <param pos="0" name="os.family" value="Linux"/>
277
+ <param pos="0" name="os.product" value="Linux"/>
278
+ </fingerprint>
279
+
280
+ <fingerprint pattern=".*\(StartCom Linux\).*">
281
+ <description>StartCom Linux</description>
282
+ <param pos="0" name="os.vendor" value="StartCom"/>
283
+ <param pos="0" name="os.device" value="General"/>
284
+ <param pos="0" name="os.family" value="Linux"/>
285
+ <param pos="0" name="os.product" value="Linux"/>
286
+ </fingerprint>
287
+
288
+ <fingerprint pattern=".*Linux.*">
289
+ <description>Generic Linux fallback</description>
290
+ <param pos="0" name="os.certainty" value="0.75"/>
291
+ <param pos="0" name="os.device" value="General"/>
292
+ <param pos="0" name="os.family" value="Linux"/>
293
+ <param pos="0" name="os.product" value="Linux"/>
294
+ </fingerprint>
295
+ </fingerprints>