recog 0.01

data/xml/architecture.xml

@@ -0,0 +1,45 @@
+<?xml version="1.0"?>
+
+<!--
+  Generic rules for matching a machine architecture, platform, or chipset
+-->
+
+<fingerprints matches="architecture">
+
+   <fingerprint pattern="x64|amd64|x86_64" flags="REG_ICASE">
+      <description>x64 (x86_x64)</description>
+      <example>Linux claw 3.11.0-15-generic #23-Ubuntu SMP Mon Dec 9 18:17:04 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux</example>
+      <param pos="0" name="os.arch" value="x64"/>
+   </fingerprint>
+
+   <fingerprint pattern="x86|i[3456]86" flags="REG_ICASE">
+      <description>x86</description>
+      <example>Linux bob 3.2.0-1-generic #3-Ubuntu SMP Wed Dec 11 19:12:55 UTC 2013 i686 i686 i686 GNU/Linux</example>
+      <param pos="0" name="os.arch" value="x86"/>
+   </fingerprint>
+
+   <fingerprint pattern="PowerPC|PPC|POWER|ppc">
+      <description>PowerPC</description>
+      <!-- XXX: Need an example -->
+      <param pos="0" name="os.arch" value="ppc"/>
+   </fingerprint>
+
+   <fingerprint pattern="SPARC" flags="REG_ICASE">
+      <description>SPARC</description>
+      <!-- XXX: Need an example -->
+      <param pos="0" name="os.arch" value="sparc"/>
+   </fingerprint>
+
+   <fingerprint pattern="mips" flags="REG_ICASE">
+      <description>MIPS</description>
+      <!-- XXX: Need an example -->
+      <param pos="0" name="os.arch" value="mips"/>
+   </fingerprint>
+
+   <fingerprint pattern="arm" flags="REG_ICASE">
+      <description>ARM</description>
+      <!-- XXX: Need an example -->
+      <param pos="0" name="os.arch" value="arm"/>
+   </fingerprint>
+
+</fingerprints>

data/xml/ftp_banners.xml

@@ -0,0 +1,808 @@
+<?xml version="1.0"?>
+<!--
+FTP greeting messages (part of the banner after the response code) are matched
+against these patterns to fingerprint FTP servers.
+-->
+<fingerprints matches="ftp.banner">
+  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version ([1234]\.\d+)\)\.$">
+    <example>xx Microsoft FTP Service (Version 3.0).</example>
+    <description>Microsoft FTP Server on Windows NT</description>
+    <param pos="0" name="service.vendor" value="Microsoft"/>
+    <param pos="0" name="service.product" value="IIS"/>
+    <param pos="0" name="service.family" value="IIS"/>
+    <param pos="2" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows NT"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
+  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.0\)\.$">
+    <example>xxx Microsoft FTP Service (Version 5.0).</example>
+    <description>Microsoft FTP Server on Windows 2000</description>
+    <param pos="0" name="service.vendor" value="Microsoft"/>
+    <param pos="0" name="service.product" value="IIS"/>
+    <param pos="0" name="service.family" value="IIS"/>
+    <param pos="0" name="service.version" value="5.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows 2000"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
+  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.1\)\.$">
+    <example>xxx Microsoft FTP Service (Version 5.1).</example>
+    <description>Microsoft FTP Server on Windows XP, 2003 or later versions of 2000</description>
+    <param pos="0" name="service.vendor" value="Microsoft"/>
+    <param pos="0" name="service.product" value="IIS"/>
+    <param pos="0" name="service.family" value="IIS"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
+  <fingerprint pattern="^([^ ]+) Microsoft FTP Service$">
+    <example>hostname Microsoft FTP Service</example>
+    <description>Microsoft FTP Server on Windows XP, 2003 or later without version</description>
+    <param pos="0" name="service.vendor" value="Microsoft"/>
+    <param pos="0" name="service.product" value="IIS"/>
+    <param pos="0" name="service.family" value="IIS"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
+  <fingerprint pattern="^Microsoft FTP Service$">
+    <example>Microsoft FTP Service</example>
+    <description>Microsoft FTP Server on Windows XP, 2003 or later without version or hostname</description>
+    <param pos="0" name="service.vendor" value="Microsoft"/>
+    <param pos="0" name="service.product" value="IIS"/>
+    <param pos="0" name="service.family" value="IIS"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows"/>
+  </fingerprint>
+  <fingerprint pattern="^([^ ]+) +FTP +Server \(Version ([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
+    <description>
+         FTP on HPUX with a PHNE (HP Networking patch) installed
+      </description>
+    <example>example.com FTP server (Version 1.1.214.4(PHNE_38458) Mon Feb 15 06:03:12 GMT 2010) ready.</example>
+    <param pos="0" name="service.vendor" value="HP"/>
+    <param pos="0" name="service.product" value="FTPD"/>
+    <param pos="0" name="os.vendor" value="HP"/>
+    <param pos="0" name="os.family" value="HP-UX"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="0" name="os.product" value="HP-UX"/>
+    <param pos="1" name="host.name"/>
+    <param pos="2" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^([^ ]+) +FTP +Server \(Revision \S+ Version wuftpd-([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
+    <description>
+         WU-FTPD on HPUX with a PHNE (HP Networking patch) installed
+      </description>
+    <example>example.com FTP server (Revision 1.1 Version wuftpd-2.6.1(PHNE_38578) Fri Sep 5 12:10:54 GMT 2008) ready.</example>
+    <param pos="0" name="service.vendor" value="Washington University"/>
+    <param pos="0" name="service.product" value="WU-FTPD"/>
+    <param pos="0" name="os.vendor" value="HP"/>
+    <param pos="0" name="os.family" value="HP-UX"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="0" name="os.product" value="HP-UX"/>
+    <param pos="1" name="host.name"/>
+    <param pos="2" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(\S+)(?: \S+)? FTP Server \(Version wu(?:ftpd)?-([\d\.]+).*\) ready.?$" flags="REG_ICASE">
+    <description>WU-FTPD on various OS</description>
+    <example>example.com FTP server (Version wu-2.6.2(1) Sat Jul 19 16:21:30 UTC 2008) ready.</example>
+    <example>example.com 192.168.0.1 FTP server (Version wu-2.6.2(1) Wed Sep 21 11:16:21 MEST 2005) ready.</example>
+    <example>example.com FTP server (Version wu-2.6.2-11.73.1) ready.</example>
+    <param pos="0" name="service.vendor" value="Washington University"/>
+    <param pos="0" name="service.product" value="WU-FTPD"/>
+    <param pos="1" name="host.name"/>
+    <param pos="2" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(\S+)(?: \S+)? FTP Server \(Version:\s+Mac OS X Server\s*([\d\.]*).*\) ready.?$" flags="REG_ICASE">
+    <description>FTPD on Mac OS X Server</description>
+    <example>example.com FTP server (Version:  Mac OS X Server 10.3 - +GSSAPI) ready.</example>
+    <param pos="0" name="service.vendor" value="Apple"/>
+    <param pos="0" name="service.product" value="FTP"/>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="os.family" value="Mac OS X"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="0" name="os.product" value="Mac OS X Server"/>
+    <param pos="1" name="host.name"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(\S+) FTP Server \(SunOS (\S+)\) ready\.?$" flags="REG_ICASE">
+    <description>SunOS/Solaris</description>
+    <example>example.com FTP server (SunOS 5.7) ready.</example>
+    <param pos="0" name="os.vendor" value="Sun"/>
+    <param pos="0" name="os.family" value="Solaris"/>
+    <param pos="0" name="os.product" value="Solaris"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="1" name="host.name"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Debian\) \[(.+)\]$">
+    <example>ProFTPD 1.3.0rc2 Server (Debian) [host]</example>
+    <description>ProFTPD on Debian Linux</description>
+    <param pos="0" name="service.family" value="ProFTPD"/>
+    <param pos="0" name="service.product" value="ProFTPD"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Debian"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="2" name="host.name"/>
+  </fingerprint>
+  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(W.+)\) \[(.+)\]$">
+    <example>ProFTPD 1.3.0rc2 Server (LinksysWRT350N) [host]</example>
+    <description>ProFTPD on a Linksys Wireless Access Point/Router</description>
+    <param pos="0" name="service.family" value="ProFTPD"/>
+    <param pos="0" name="service.product" value="ProFTPD"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Linksys"/>
+    <param pos="0" name="os.device" value="WAP"/>
+    <param pos="2" name="os.product"/>
+    <param pos="3" name="host.name"/>
+  </fingerprint>
+  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(.*)\) \[(.+)\]$">
+    <!-- TODO: find a greeting message example -->
+    <description>ProFTPD on a wired Linksys device</description>
+    <param pos="0" name="service.family" value="ProFTPD"/>
+    <param pos="0" name="service.product" value="ProFTPD"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Linksys"/>
+    <param pos="0" name="os.device" value="Router"/>
+    <param pos="2" name="os.product"/>
+    <param pos="3" name="host.name"/>
+  </fingerprint>
+  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[(.+)\]$">
+    <example>ProFTPD 1.2.10 Server (Main FTP Server) [host]</example>
+    <example>ProFTPD 1.2.10 Server (ProFTPD) [host]</example>
+    <example>ProFTPD 1.2.10rc3 Server (ProFTPD Default Installation) [host]</example>
+    <description>ProFTPD with version info but no obvious OS info</description>
+    <param pos="0" name="service.family" value="ProFTPD"/>
+    <param pos="0" name="service.product" value="ProFTPD"/>
+    <param pos="1" name="service.version"/>
+    <param pos="2" name="proftpd.server.name"/>
+    <param pos="3" name="host.name"/>
+  </fingerprint>
+  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server ready\.$">
+    <example>ProFTPD 1.3.0rc2 Server ready.</example>
+    <description>ProFTPD with only version info</description>
+    <param pos="0" name="service.family" value="ProFTPD"/>
+    <param pos="0" name="service.product" value="ProFTPD"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^ProFTPD FTP Server ready\.$">
+    <example>ProFTPD FTP Server ready.</example>
+    <description>ProFTPD with no version info</description>
+    <param pos="0" name="service.family" value="ProFTPD"/>
+    <param pos="0" name="service.product" value="ProFTPD"/>
+  </fingerprint>
+  <fingerprint pattern="^-{10} Welcome to Pure-FTPd (.*)-{10}$">
+    <example>---------- Welcome to Pure-FTPd ----------</example>
+    <description>Pure-FTPd
+      Config data can be zero or more of: [privsep] [TLS]
+      </description>
+    <param pos="1" name="pureftpd.config"/>
+    <param pos="0" name="service.family" value="Pure-FTPd"/>
+    <param pos="0" name="service.product" value="Pure-FTPd"/>
+  </fingerprint>
+  <fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-$">
+    <example>=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-</example>
+    <description>Older Pure-FTPd versions</description>
+    <param pos="0" name="service.family" value="Pure-FTPd"/>
+    <param pos="0" name="service.product" value="Pure-FTPd"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\..+)(?: for WinSock)? ready\.*$">
+    <example>Serv-U FTP-Server v2.5n for WinSock ready...</example>
+    <example>Serv-U FTP Server v6.0 for WinSock ready</example>
+    <example>Serv-U FTP Server v7.2 ready...</example>
+    <description>Serv-U (only runs on Windows)</description>
+    <param pos="0" name="service.vendor" value="Rhino Software"/>
+    <param pos="0" name="service.product" value="Serv-U"/>
+    <param pos="0" name="service.family" value="Serv-U"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows"/>
+  </fingerprint>
+  <fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
+    <example>zFTPServer v4.0, build 2008-12-24 01:41 ready.</example>
+    <description>zftpserver (only runs on Windows)</description>
+    <param pos="0" name="service.product" value="zFTPServer"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows"/>
+  </fingerprint>
+  <fingerprint pattern="^\(vsFTPd (\d+\..+)\)(?: (.+))?$">
+    <example>(vsFTPd 1.1.3) host</example>
+    <example>(vsFTPd 2.0.5)</example>
+    <description>vsFTPd (Very Secure FTP Daemon)</description>
+    <param pos="0" name="service.family" value="vsFTPd"/>
+    <param pos="0" name="service.product" value="vsFTPd"/>
+    <param pos="1" name="service.version"/>
+    <param pos="2" name="host.name"/>
+  </fingerprint>
+  <fingerprint pattern="^ready, dude \(vsFTPd (\d+\..+): beat me, break me\)$">
+    <example>ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
+    <description>vsFTPd (Very Secure FTP Daemon)</description>
+    <param pos="0" name="service.family" value="vsFTPd"/>
+    <param pos="0" name="service.product" value="vsFTPd"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^FileZilla Server version (\d\..+)$">
+    <example>FileZilla Server version 0.9.2 beta</example>
+    <description>FileZilla FTP Server</description>
+    <param pos="0" name="service.family" value="FileZilla FTP Server"/>
+    <param pos="0" name="service.product" value="FileZilla FTP Server"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^\s*APC FTP server ready\.$">
+    <example>APC FTP server ready.</example>
+    <description>APC device</description>
+    <param pos="0" name="service.vendor" value="APC"/>
+    <param pos="0" name="service.product" value="FTP"/>
+    <param pos="0" name="os.vendor" value="APC"/>
+    <param pos="0" name="os.device" value="Power device"/>
+  </fingerprint>
+  <fingerprint pattern="^(\S+) Network Management Card AOS v(\d+\..+) FTP server ready\.$">
+    <example>AP7932 Network Management Card AOS v3.3.4 FTP server ready.</example>
+    <example>ACRC103 Network Management Card AOS v3.6.1 FTP server ready.</example>
+    <example>0G-9354-01 Network Management Card AOS v3.6.1 FTP server ready.</example>
+    <description>APC power/cooling device</description>
+    <param pos="0" name="service.vendor" value="APC"/>
+    <param pos="0" name="service.product" value="AOS"/>
+    <param pos="0" name="service.family" value="AOS"/>
+    <param pos="2" name="service.version"/>
+    <param pos="0" name="os.vendor" value="APC"/>
+    <param pos="0" name="os.device" value="Power device"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(\S+) FTP server \(EMC-SNAS: ([^\)]+)\)(:? \S+)?$">
+    <example>foo2 FTP server (EMC-SNAS: 5.6.47.11)</example>
+    <example>foo2 FTP server (EMC-SNAS: 5.6.50.203) ready.</example>
+    <example>foo4 FTP server (EMC-SNAS: 5.5.31.6) r</example>
+    <description>EMC Celerra</description>
+    <param pos="0" name="service.vendor" value="EMC"/>
+    <param pos="0" name="service.product" value="Celerra"/>
+    <param pos="2" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Celerra"/>
+    <param pos="0" name="os.device" value="Storage"/>
+    <param pos="0" name="os.product" value="Celerra"/>
+    <param pos="2" name="os.version"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
+  <fingerprint pattern="^JD FTP Server Ready.*$">
+    <example>JD FTP Server Ready</example>
+    <example>JD FTP Server Ready.</example>
+    <description>HP JetDirect printer</description>
+    <param pos="0" name="service.vendor" value="HP"/>
+    <param pos="0" name="service.product" value="JetDirect"/>
+    <param pos="0" name="service.family" value="JetDirect"/>
+    <param pos="0" name="os.vendor" value="HP"/>
+    <param pos="0" name="os.device" value="Printer"/>
+    <param pos="0" name="os.family" value="JetDirect"/>
+    <param pos="0" name="os.product" value="JetDirect"/>
+  </fingerprint>
+  <fingerprint pattern="^Check Point FireWall-1 Secure FTP server running on (.+)$">
+    <example>Check Point FireWall-1 Secure FTP server running on host</example>
+    <description>Check Point FireWall-1</description>
+    <param pos="0" name="service.vendor" value="Check Point"/>
+    <param pos="0" name="service.product" value="Firewall-1"/>
+    <param pos="0" name="service.family" value="Firewall-1"/>
+    <param pos="0" name="os.vendor" value="Check Point"/>
+    <param pos="0" name="os.device" value="Firewall"/>
+    <param pos="0" name="os.family" value="Firewall-1"/>
+    <param pos="0" name="os.product" value="Firewall-1"/>
+  </fingerprint>
+  <fingerprint pattern="^Blue Coat FTP Service$">
+    <example>Blue Coat FTP Service</example>
+    <description>Blue Coat security appliances</description>
+    <param pos="0" name="service.vendor" value="Blue Coat"/>
+    <param pos="0" name="service.product" value="Proxy"/>
+    <param pos="0" name="os.vendor" value="Blue Coat"/>
+    <param pos="0" name="os.product" value="Unknown"/>
+    <param pos="0" name="os.device" value="Web proxy"/>
+  </fingerprint>
+  <fingerprint pattern="^---freeFTPd 1.0---warFTPd 1.65---$">
+    <description>Nepenthes honeypot</description>
+    <param pos="0" name="service.family" value="Nepenthes"/>
+    <param pos="0" name="service.product" value="Nepenthes"/>
+  </fingerprint>
+  <fingerprint pattern="^[^ ]+ IBM FTP CS (V1R\d+) at ([^,]*),.*">
+    <example>SFTPD1 IBM FTP CS V1R4 at x.y.z, 21:02:19 on 2007-12-15.</example>
+    <description>IBM z/OS FTP Service</description>
+    <param pos="0" name="service.vendor" value="IBM"/>
+    <param pos="0" name="service.product" value="z/OS FTP Server"/>
+    <param pos="0" name="os.vendor" value="IBM"/>
+    <param pos="0" name="os.product" value="z/OS"/>
+    <param pos="0" name="os.family" value="z/OS"/>
+    <param pos="0" name="os.device" value="Mainframe"/>
+    <param pos="1" name="os.version"/>
+    <param pos="2" name="host.name"/>
+  </fingerprint>
+  <fingerprint pattern="^FTP server \(IBM 4690 TCP/IP FTP Version 1\.0\) ready\.">
+    <example>FTP server (IBM 4690 TCP/IP FTP Version 1.0) ready.</example>
+    <description>IBM 4690 FTP Service</description>
+    <param pos="0" name="service.vendor" value="IBM"/>
+    <param pos="0" name="service.product" value="4690 FTP Server"/>
+    <param pos="0" name="os.vendor" value="IBM"/>
+    <param pos="0" name="os.product" value="4690"/>
+    <param pos="0" name="os.family" value="4690"/>
+    <param pos="0" name="os.device" value="Point of sale"/>
+  </fingerprint>
+  <fingerprint pattern="^([^ ]+) NcFTPd Server \(licensed copy\) ready\.$">
+    <example>ftp.example.com NcFTPd Server (licensed copy) ready.</example>
+    <description>NcFTPd Server
+      http://www.ncftp.com/ncftpd/</description>
+    <param pos="0" name="service.vendor" value="NcFTP Software"/>
+    <param pos="0" name="service.product" value="NcFTPd Server"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
+  <fingerprint pattern="^(\S+) DCS-2100 FTP server ready\.$">
+    <example>hostname DCS-2100 FTP server ready.</example>
+    <description>D-Link DCS-2100 wireless internet camera</description>
+    <param pos="0" name="os.vendor" value="D-Link"/>
+    <param pos="0" name="os.product" value="DCS-2100"/>
+    <param pos="0" name="os.device" value="Web cam"/>
+  </fingerprint>
+  <fingerprint pattern="^Secure Gateway FTP server ready\.$">
+    <example>Secure Gateway FTP server ready.</example>
+    <description>Raptor firewall</description>
+    <param pos="0" name="os.vendor" value="Symantec"/>
+    <param pos="0" name="os.family" value="Raptor"/>
+    <param pos="0" name="os.product" value="Raptor"/>
+    <param pos="0" name="os.device" value="Firewall"/>
+  </fingerprint>
+  <fingerprint pattern="^SUN StorEdge (\S+) RAID FTP server ready\.$">
+    <description>Sun StorEdge disk array</description>
+    <example>SUN StorEdge 3511 RAID FTP server ready.</example>
+    <param pos="0" name="os.vendor" value="Sun"/>
+    <param pos="0" name="os.family" value="StorEdge"/>
+    <param pos="1" name="os.product"/>
+    <param pos="0" name="os.device" value="Storage"/>
+  </fingerprint>
+  <fingerprint pattern="^AXIS (\S+) (?:Network( Fixed Dome)? Camera) ([\d\.]+) .* ready\.?$" flags="REG_ICASE">
+    <example>Axis 2100 Network Camera 2.43 Nov 04 2008 ready.</example>
+    <example>AXIS 207 Network Camera 4.40.1 (Apr 16 2007) ready.</example>
+    <example>AXIS 216FD Network Fixed Dome Camera 4.47 (Mar 13 2008) ready.</example>
+    <description>Axis Network Camera</description>
+    <param pos="0" name="os.vendor" value="Axis"/>
+    <param pos="0" name="os.device" value="Web cam"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^AXIS (\S+) Video (?:Encoder Blade|Server|Decoder) ([\d\.]+) .* ready\.?$" flags="REG_ICASE">
+    <example>AXIS Q7406 Video Encoder Blade 5.01 (Aug 01 2008) ready.</example>
+    <example>AXIS 241Q Video Server 4.47.2 (Dec 11 2008) ready.</example>
+    <example>AXIS P7701 Video Decoder 5.07.2 (Apr 20 2010) ready.</example>
+    <description>Axis Video encoders/servers</description>
+    <param pos="0" name="os.vendor" value="Axis"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^AXIS (\S+) .*FTP Network Print Server V?([\d\.]+\S+) .* ready\.?$" flags="REG_ICASE">
+    <example>AXIS 5600+ (rev 3) FTP Network Print Server V7.00 Sep 10 2004 ready.</example>
+    <example>AXIS 560 FTP Network Print Server V6.00 Jul 7 1999 ready.</example>
+    <example>AXIS 5470e FTP Network Print Server V6.30.beta2 Sep 25 2002 ready.</example>
+    <description>Axis print servers</description>
+    <param pos="0" name="os.vendor" value="Axis"/>
+    <param pos="0" name="os.device" value="Print server"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^RICOH Aficio ((?:[MS]P )?\S+) FTP server \(([0-9\.a-zA-Z]+)\) ready.?$" flags="REG_ICASE">
+    <description>Ricoh Aficio multifunction device</description>
+    <example>RICOH Aficio 2045e FTP server (4.12) ready.</example>
+    <example>RICOH Aficio SP 4210N FTP server (8.63) ready.</example>
+    <example>RICOH Aficio MP C3000 FTP server (5.11) ready.</example>
+    <param pos="0" name="os.vendor" value="Ricoh"/>
+    <param pos="0" name="os.family" value="Aficio"/>
+    <param pos="0" name="os.device" value="Multifunction Device"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^NRG ((?:[MS]P )?\S+) FTP server \(([0-9\.a-zA-Z]+)\) ready.?$" flags="REG_ICASE">
+    <description>Ricoh NRG multifunction device</description>
+    <example>NRG MP C2800 FTP server (8.25) ready.</example>
+    <example>NRG MP 3350 FTP server (7.05) ready.</example>
+    <example>NRG MP C3500 FTP server (5.17) ready.</example>
+    <example>NRG MP 171 FTP server (9.02.1) ready.</example>
+    <example>NRG MP 3350 FTP server (7.05) ready.</example>
+    <example>NRG MP C2550 FTP server (8.25) ready.</example>
+    <example>NRG MP C2800 FTP server (8.25) ready.</example>
+    <example>NRG MP C3500 FTP server (5.17) ready.</example>
+    <example>NRG MP C3500 FTP server (5.19) ready.</example>
+    <example>NRG MP C4000 FTP server (8.30) ready.</example>
+    <example>NRG MP C4500 FTP server (5.14) ready.</example>
+    <param pos="0" name="os.vendor" value="Ricoh"/>
+    <param pos="0" name="os.device" value="Multifunction Device"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^Xerox Phaser (\S+)$" certainty="1.0">
+    <description>Xerox Phaser Laser Printer</description>
+    <example>Xerox Phaser 6130N</example>
+    <example>Xerox Phaser 6180MFP-D</example>
+    <param pos="0" name="os.vendor" value="Xerox"/>
+    <param pos="0" name="os.family" value="Phaser"/>
+    <param pos="0" name="os.device" value="Printer"/>
+    <param pos="1" name="os.product"/>
+  </fingerprint>
+  <fingerprint pattern="^XEROX (\d+) Wide Format .*$" certainty="1.0">
+    <description>Xerox Wide Format Series of Printers</description>
+    <example>XEROX 6204 Wide Format FTP server ready</example>
+    <param pos="0" name="os.vendor" value="Xerox"/>
+    <param pos="0" name="os.family" value="Wide Format"/>
+    <param pos="0" name="os.device" value="Printer"/>
+    <param pos="1" name="os.product"/>
+  </fingerprint>
+  <fingerprint pattern="^FUJI XEROX DocuPrint (.*)$" certainity="1.0">
+    <description>FUJI XEROX DocuPrint Series of Printers</description>
+    <example>FUJI XEROX DocuPrint 3055</example>
+    <example>FUJI XEROX DocuPrint C1190 FS</example>
+    <example>FUJI XEROX DocuPrint C2100</example>
+    <param pos="0" name="os.vendor" value="FUJI XEROX"/>
+    <param pos="0" name="os.family" value="DocuPrint"/>
+    <param pos="0" name="os.device" value="Printer"/>
+    <param pos="1" name="os.product"/>
+  </fingerprint>
+  <fingerprint pattern="^ET(\S{12}) Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
+    <description>Lexmark printers</description>
+    <example>ET000400CEA560 Lexmark T640 FTP Server NS.NP.N219 ready.</example>
+    <param pos="0" name="os.vendor" value="Lexmark"/>
+    <param pos="0" name="os.device" value="Printer"/>
+    <param pos="1" name="host.mac"/>
+    <param pos="2" name="os.product"/>
+    <param pos="3" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^.*Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
+    <description>Lexmark printers</description>
+    <example>ET0021718 Lexmark T654 FTP Server NR.APS.F368 ready.</example>
+    <param pos="0" name="os.vendor" value="Lexmark"/>
+    <param pos="0" name="os.device" value="Printer"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^.*Lexmark (\S+) FTP Server ready\.?$" certainty="1.0" flags="REG_ICASE">
+    <description>Lexmark printers</description>
+    <example>Lexmark X500 FTP server ready</example>
+    <param pos="0" name="os.vendor" value="Lexmark"/>
+    <param pos="0" name="os.device" value="Printer"/>
+    <param pos="1" name="os.product"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:Tornado-)?VxWorks \((?:VxWorks)?([^\)]+)\) FTP server(?: ready)?$" flags="REG_ICASE">
+    <example>VxWorks (5.3.1) FTP server ready</example>
+    <example>VxWorks (VxWorks5.5.1) FTP server ready</example>
+    <example>Tornado-vxWorks (VxWorks5.5.1) FTP server</example>
+    <description>VxWorks with version information</description>
+    <param pos="0" name="os.vendor" value="Wind River"/>
+    <param pos="0" name="os.product" value="VxWorks"/>
+    <param pos="1" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^Tornado-vxWorks FTP server ready$" flags="REG_ICASE">
+    <example>Tornado-vxWorks FTP server ready</example>
+    <description>VxWorks without version information</description>
+    <param pos="0" name="os.vendor" value="Wind River"/>
+    <param pos="0" name="os.product" value="VxWorks"/>
+  </fingerprint>
+  <fingerprint pattern="^ADC iScale$">
+    <description>ADC iScale</description>
+    <example>ADC iScale</example>
+    <param pos="0" name="service.vendor" value="ADC"/>
+    <param pos="0" name="service.product" value="iScale"/>
+    <param pos="0" name="os.vendor" value="ADC"/>
+    <param pos="0" name="os.product" value="iScale"/>
+  </fingerprint>
+  <fingerprint pattern="^TASKalfa (\d+c?i) FTP server" certainty="1.0">
+    <description>Taskalfa Series of Printers</description>
+    <example>TASKalfa 300ci FTP server</example>
+    <example>TASKalfa 520i FTP server</example>
+    <param pos="0" name="os.vendor" value="Kyocera"/>
+    <param pos="0" name="os.family" value="TASKalfa"/>
+    <param pos="0" name="os.device" value="Multifunction Device"/>
+    <param pos="1" name="os.product"/>
+  </fingerprint>
+  <fingerprint pattern="^SAVIN (\S+) FTP server \((.*)\) ready.$" certainty="1.0">
+    <description>SAVIN Printer FTP Server</description>
+    <example>SAVIN 4075 FTP server (4.08) ready.</example>
+    <example>SAVIN 9025 FTP server (7.23) ready.</example>
+    <example>SAVIN 9050 FTP server (7.30) ready.</example>
+    <example>SAVIN 917 FTP server (9.03) ready.</example>
+    <example>SAVIN 917 FTP server (9.05.2) ready.</example>
+    <example>SAVIN C2525 FTP server (5.14) ready.</example>
+    <example>SAVIN C3528 FTP server (4.08.3) ready.</example>
+    <example>SAVIN C3528 FTP server (4.17) ready.</example>
+    <example>SAVIN C6055 FTP server (7.16) ready.</example>
+    <example>SAVIN C9145 FTP server (10.51) ready.</example>
+    <param pos="0" name="os.vendor" value="Savin"/>
+    <param pos="0" name="os.device" value="Printer"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^Oce (im\d+) Ver (\S+) FTP server\.$" certainty="1.0">
+    <description>OCE IM series Printer</description>
+    <example>Oce im4512 Ver 01.04.00.0c FTP server.</example>
+    <example>Oce im3512 Ver 01.04.00.0c FTP server.</example>
+    <param pos="0" name="os.vendor" value="Oce"/>
+    <param pos="0" name="os.device" value="Multifunction Device"/>
+    <param pos="0" name="os.family" value="IM Series"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^Oce (Plotwave\d+) FTP Service \(Version (\S+)\)\.$" certainty="1.0">
+    <description>OCE Printer</description>
+    <example>Oce Plotwave300 FTP Service (Version 4.5.7).</example>
+    <param pos="0" name="os.vendor" value="Oce"/>
+    <param pos="0" name="os.device" value="Printer"/>
+    <param pos="0" name="os.family" value="Plotwave Series"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^LinkCom Xpress (.*) FTP version ([\d\.]+) ready$" certainty="1.0">
+    <description>MPI Technologies Linkcom Express FTP Server</description>
+    <example>LinkCom Xpress 10/100 +IPDS FTP version 1.0 ready</example>
+    <param pos="0" name="os.vendor" value="MPI Technologies"/>
+    <param pos="0" name="os.family" value="LinkCom Xpress"/>
+    <param pos="0" name="os.device" value="Print server"/>
+    <param pos="1" name="os.product"/>
+  </fingerprint>
+  <fingerprint pattern="^LinkCom Xpress (.*)$" certainty="1.0">
+    <description>MPI Technologies Linkcom Express FTP Server</description>
+    <example>LinkCom Xpress EIO PRO 10</example>
+    <param pos="0" name="os.vendor" value="MPI Technologies"/>
+    <param pos="0" name="os.family" value="LinkCom Xpress"/>
+    <param pos="0" name="os.device" value="Print server"/>
+    <param pos="1" name="os.product"/>
+  </fingerprint>
+  <fingerprint pattern="^LXKE\S+ IBM Infoprint (\d+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
+    <description>IBM Infoprint FTP</description>
+    <example>LXKE82124 IBM Infoprint 1332 FTP Server 55.10.21 ready.</example>
+    <example>LXKE8255D IBM Infoprint 1332 FTP Server 55.10.21 ready.</example>
+    <example>LXKE825A0 IBM Infoprint 1332 FTP Server 55.10.21 ready.</example>
+    <example>LXKE93276 IBM Infoprint 1332 FTP Server 55.10.19 ready.</example>
+    <param pos="0" name="os.vendor" value="Ricoh"/>
+    <param pos="0" name="os.family" value="Infoprint"/>
+    <param pos="0" name="os.device" value="Printer"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(Gestetner \S+(?: \S+)?) FTP server \((.*)\)" certainty="1.0">
+    <description>Gestetner Printer FTP</description>
+    <example os.product="Gestetner MP5500/DSm755" os.version="5.11c">Gestetner MP5500/DSm755 FTP server (5.11c) ready.</example>
+    <example os.product="Gestetner MP C4502" os.version="11.77">Gestetner MP C4502 FTP server (11.77) ready.</example>
+    <example>Gestetner MP 161/DSm416 FTP server (6.11) ready. </example>
+    <example>Gestetner 3502 FTP server (1.66.1) ready</example>
+    <example>Gestetner C7526dn FTP server (6.05.1) ready.</example>
+    <param pos="0" name="os.vendor" value="Ricoh"/>
+    <param pos="0" name="os.device" value="Multifunction Device"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(Gestetner \S+)$" certainty="1.0">
+    <description>Gestetner Printer FTP</description>
+    <example>Gestetner MPC2500</example>
+    <param pos="0" name="os.vendor" value="Ricoh"/>
+    <param pos="0" name="os.device" value="Multifunction Device"/>
+    <param pos="1" name="os.product"/>
+  </fingerprint>
+  <fingerprint pattern="^EUFSALE MarkNet (\S+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
+    <description>Lexmark Marknet Printers FTP</description>
+    <example>EUFSALE MarkNet X2011e FTP Server 4.20.21 ready.</example>
+    <param pos="0" name="os.vendor" value="Lexmark"/>
+    <param pos="0" name="os.family" value="MarkNet"/>
+    <param pos="0" name="os.device" value="Print server"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^ET(\S+) Source Technologies (ST-96\S+) FTP Server (\S+) ready\.?$">
+    <description>Source Technologies ST9600 Series Secure Printer</description>
+    <example>ET0021B730F70E Source Technologies ST-9620 FTP Server NJ.APS.N254e ready.</example>
+    <example>ET0021B7549AF2 Source Technologies ST-9620 FTP Server NR.APS.N447b2 ready.</example>
+    <example>ET0021B7300F01 Source Technologies ST-9620 FTP Server NJ.APS.N254e ready.</example>
+    <param pos="0" name="os.vendor" value="Source Technologies"/>
+    <param pos="0" name="os.family" value="ST9600 Series"/>
+    <param pos="0" name="os.device" value="Printer"/>
+    <param pos="1" name="host.mac"/>
+    <param pos="2" name="os.product"/>
+    <param pos="3" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^ET(\S+) (Pro\d+) Series FTP Server ready\.$" certainty="1.0">
+    <description>Lexmark ProXXX Series of Printers</description>
+    <example>ET0020007E4D2A Pro700 Series FTP Server ready.</example>
+    <param pos="0" name="os.vendor" value="Lexmark"/>
+    <param pos="0" name="os.device" value="Printer"/>
+    <param pos="0" name="os.family" value="Pro Series"/>
+    <param pos="1" name="host.mac"/>
+    <param pos="2" name="os.product"/>
+  </fingerprint>
+  <fingerprint pattern="^ET(\S+) Lexmark Forms Printer (\d+) Ethernet FTP Server (\S+) ready\.$" certainty="1.0">
+    <description>Lexmark Forms Printer</description>
+    <example>ET0020004F54EE Lexmark Forms Printer 2590 Ethernet FTP Server LCL.CU.P012c ready.</example>
+    <param pos="0" name="os.vendor" value="Lexmark"/>
+    <param pos="0" name="os.family" value="Forms Printer"/>
+    <param pos="0" name="os.device" value="Printer"/>
+    <param pos="1" name="host.mac"/>
+    <param pos="2" name="os.product"/>
+    <param pos="3" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^ET(\S+) TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
+    <description>Toshiba Printer</description>
+    <example>ET0004001E9C00 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N221 ready.</example>
+    <example>ET00040089BE42 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
+    <param pos="0" name="os.vendor" value="Toshiba"/>
+    <param pos="0" name="os.device" value="Multifunction Device"/>
+    <param pos="0" name="os.product" value="e-STUDIO"/>
+    <param pos="1" name="host.mac"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^\S+ TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
+    <description>Toshiba Printer</description>
+    <example>JHBPRN13 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
+    <param pos="0" name="os.vendor" value="Toshiba"/>
+    <param pos="0" name="os.device" value="Multifunction Device"/>
+    <param pos="0" name="os.product" value="e-STUDIO"/>
+    <param pos="1" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^.*Lexmark Optra (\S+) FTP Server (\S+) ready\.$" certainty="1.0">
+    <description>Lexmark Optra Printer</description>
+    <example>lex142785470853 Lexmark Optra T612 FTP Server 3.20.30 ready.</example>
+    <example>oppr1.s02504.us Lexmark Optra T610 FTP Server 3.20.20 ready.</example>
+    <param pos="0" name="os.vendor" value="Lexmark"/>
+    <param pos="0" name="os.family" value="Optra"/>
+    <param pos="0" name="os.device" value="Printer"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^SHARP (MX-\S+) Ver (\S+) FTP server\.$" certainty="1.0">
+    <description>Sharp Printer/Copier/Scanne</description>
+    <example os.product="MX-6200N" os.version="01.02.00.0e">SHARP MX-6200N Ver 01.02.00.0e FTP server.</example>
+    <example>SHARP MX-M363N Ver 01.05.00.0k FTP server.</example>
+    <example>SHARP MX-M363N Ver 01.05.00.1k FTP server.</example>
+    <example>SHARP MX-5001N Ver 01.05.00.0n FTP server.</example>
+    <example>SHARP MX-5500N Ver 01.02.00.09 FTP server.</example>
+    <example>SHARP MX-M453N Ver 01.05.00.0k FTP server.</example>
+    <example>SHARP MX-M503N Ver 01.05.00.1k FTP server.</example>
+    <example>SHARP MX-M620U Ver 01.03.00 FTP server.</example>
+    <example>SHARP MX-M620U Ver 01.04.00.04 FTP server.</example>
+    <param pos="0" name="os.vendor" value="Sharp"/>
+    <param pos="0" name="os.device" value="Printer"/>
+    <param pos="0" name="os.family" value="MX Series"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(FS-\S+MFP\S*?) FTP server\.?$" certainty="1.0">
+    <description>Kyocera Printers</description>
+    <example>FS-C2126MFP FTP server</example>
+    <example>FS-C2026MFP+ FTP server</example>
+    <example>FS-1128MFP FTP server</example>
+    <param pos="0" name="os.vendor" value="Kyocera"/>
+    <param pos="0" name="os.device" value="Multifunction Device"/>
+    <param pos="1" name="os.product"/>
+  </fingerprint>
+  <fingerprint pattern="^(FS-\S+(?:DN|D|N)) FTP server\.?$" certainty="1.0">
+    <description>Kyocera Printers</description>
+    <example>FS-1370DN FTP server</example>
+    <example>FS-C5015N FTP server.</example>
+    <param pos="0" name="os.vendor" value="Kyocera"/>
+    <param pos="0" name="os.device" value="Printer"/>
+    <param pos="0" name="os.family" value="FS"/>
+    <param pos="1" name="os.product"/>
+  </fingerprint>
+  <fingerprint pattern="^(ESI-\S+) Version (\S+) ready\.$" certainty="1.0">
+    <description>Extended Systems ExtendNet Print Server</description>
+    <example>ESI-2941B Version 6.34 ready.</example>
+    <example>ESI-2941A Version 6.03 ready.</example>
+    <example>ESI-2933A Version 6.40 ready.</example>
+    <example>ESI-2831 Version 2.1 ready.</example>
+    <example>ESI-2833A Version 6.3 ready.</example>
+    <example>ESI-2900A Version 6.31 ready.</example>
+    <example>ESI-2841B Version 3.01 ready.</example>
+    <example>ESI-2841C Version 5.09e ready.</example>
+    <example>ESI-2933A Version 6.40a.05 ready.</example>
+    <example>ESI-2999A Version 6.30a.07 ready.</example>
+    <param pos="0" name="os.vendor" value="Sybase"/>
+    <param pos="0" name="os.family" value="Extended Systems ExtendNet"/>
+    <param pos="0" name="os.device" value="Print server"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^SATO SATO PRINTER Ver (\S+) FTP server\.$" certainty="1.0">
+    <description>SATO Printer</description>
+    <example>SATO SATO PRINTER Ver A1.2.3 FTP server.</example>
+    <example>SATO SATO PRINTER Ver A2.3.0 FTP server.</example>
+    <param pos="0" name="os.vendor" value="SATO"/>
+    <param pos="0" name="os.device" value="Printer"/>
+    <param pos="1" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^Printer FTP (\d+\.\d+\.\d+) ready at (\w{3} \d{2} \d{2}:\d{2}:\d{2})$" certainty="1.0">
+    <description>AMTDatasouth Fastmark M5</description>
+    <example>Printer FTP 4.8.7 ready at Apr 30 20:13:23</example>
+    <example>Printer FTP 4.8.7 ready at Aug 31 16:43:22</example>
+    <example>Printer FTP 4.8.7 ready at Feb 28 11:27:46</example>
+    <example>Printer FTP 4.8.7 ready at Jan 31 00:40:04</example>
+    <example>Printer FTP 4.8.7 ready at Mar 31 06:28:25</example>
+    <param pos="0" name="os.vendor" value="AMTDatasouth"/>
+    <param pos="0" name="os.product" value="Fastmark M5"/>
+    <param pos="0" name="os.device" value="Printer"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="system.time.format" value="MMM dd HH:mm::ss"/>
+    <param pos="2" name="system.time"/>
+  </fingerprint>
+  <fingerprint pattern="^EFI FTP Print server ready\.$" certainty="0.8">
+    <description>EFI FTP Print Server</description>
+    <example>EFI FTP Print server ready.</example>
+    <param pos="0" name="service.vendor" value="EFI"/>
+    <param pos="0" name="service.product" value="Fiery Print Server"/>
+    <param pos="0" name="os.vendor" value="EFI"/>
+    <param pos="0" name="os.product" value="Fiery Print Server"/>
+    <param pos="0" name="os.device" value="Print server"/>
+  </fingerprint>
+  <!-- Conjectured based on known MX FTP fingerprints -->
+  <fingerprint pattern="^SHARP (AR-\S+) Ver (\S+) FTP server">
+    <description>Sharp AR Series multifunction device</description>
+    <example>SHARP AR-M450 Ver 01.05.00.0k FTP server.</example>
+    <param pos="0" name="os.vendor" value="Sharp"/>
+    <param pos="0" name="os.device" value="Multifunction Device"/>
+    <param pos="0" name="os.family" value="AR Series"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^KONICA MINOLTA FTP server ready\.?$">
+    <description>Konica Minolta FTP Server</description>
+    <example>KONICA MINOLTA FTP server ready.</example>
+    <param pos="0" name="os.device" value="Printer"/>
+    <param pos="0" name="os.vendor" value="Konica Minolta"/>
+    <param pos="0" name="os.product" value="Printer"/>
+    <param pos="0" name="service.vendor" value="Konica Minolta"/>
+    <param pos="0" name="service.product" value="KM FTPD"/>
+  </fingerprint>
+  <fingerprint pattern="^(KM\S+) FTP server \(KM FTPD version (\d*(?:\.\d*))\) ready\.?$">
+    <description>Konica Minolta FTP Server</description>
+    <example>KM23BC97 FTP server (KM FTPD version 1.00) ready.</example>
+    <example>KM23BF0A FTP server (KM FTPD version 1.00) ready.</example>
+    <example>KM23CBDB FTP server (KM FTPD version 1.00) ready.</example>
+    <example>KM23E608 FTP server (KM FTPD version 1.00) ready.</example>
+    <example>KM23E8A2 FTP server (KM FTPD version 1.00) ready.</example>
+    <example>KM25015E FTP server (KM FTPD version 1.00) ready.</example>
+    <example>KM250E38 FTP server (KM FTPD version 1.00) ready.</example>
+    <example>KM251A4C FTP server (KM FTPD version 1.00) ready.</example>
+    <param pos="0" name="os.device" value="Printer"/>
+    <param pos="0" name="os.vendor" value="Konica Minolta"/>
+    <param pos="1" name="os.product"/>
+    <param pos="0" name="service.vendor" value="Konica Minolta"/>
+    <param pos="0" name="service.product" value="KM FTPD"/>
+    <param pos="2" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(ZBR-\d+) Version (\S+) ready\.?$">
+    <description>ZebraNet Print Server FTP</description>
+    <example>ZBR-46686 Version 7.02 ready.</example>
+    <example>ZBR-79071 Version V56.17.5Z ready.</example>
+    <example>ZBR-46687 Version 7.02 ready.</example>
+    <param pos="0" name="os.vendor" value="ZebraNet"/>
+    <param pos="0" name="os.device" value="Print server"/>
+    <param pos="1" name="os.product"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+  <fingerprint pattern="^(\S+) FTP server \(Version (\S+) \w+ \w+ \d{1,2} \d{1,2}:\d{1,2}:\d{1,2} [A-Z]+ (?:1|2)\d{3}\) ready\.?$">
+    <description>IBM AIX FTP Server</description>
+    <example host.name="ibmoz.tor.rapid7.com" service.version="4.1">ibmoz.tor.rapid7.com FTP server (Version 4.1 Sat Sep 7 14:31:53 CDT 2002) ready.</example>
+    <example>ibmoz.tor.rapid7.com FTP server (Version 5.3 Sat Jan 10 14:01:03 CDT 2012) ready</example>
+    <param pos="0" name="os.vendor" value="IBM"/>
+    <param pos="0" name="os.product" value="AIX"/>
+    <param pos="0" name="service.vendor" value="AIX"/>
+    <param pos="0" name="service.product" value="AIX FTP Server"/>
+    <param pos="1" name="host.name"/>
+    <param pos="2" name="service.version"/>
+  </fingerprint>
+</fingerprints>