recog 0.01
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +3 -0
- data/.rspec +2 -0
- data/Gemfile +9 -0
- data/Gemfile.lock +42 -0
- data/LICENSE +23 -0
- data/README.md +63 -0
- data/bin/recog_export.rb +81 -0
- data/bin/recog_match.rb +51 -0
- data/bin/recog_verify.rb +45 -0
- data/features/match.feature +16 -0
- data/features/support/env.rb +5 -0
- data/features/verify.feature +31 -0
- data/features/xml/banners.xml +2 -0
- data/features/xml/failing_banners_fingerprints.xml +20 -0
- data/features/xml/matching_banners_fingerprints.xml +22 -0
- data/features/xml/no_tests.xml +53 -0
- data/features/xml/successful_tests.xml +33 -0
- data/features/xml/tests_with_failures.xml +10 -0
- data/features/xml/tests_with_warnings.xml +10 -0
- data/lib/recog.rb +3 -0
- data/lib/recog/db.rb +38 -0
- data/lib/recog/db_manager.rb +27 -0
- data/lib/recog/fingerprint.rb +60 -0
- data/lib/recog/formatter.rb +51 -0
- data/lib/recog/match_reporter.rb +77 -0
- data/lib/recog/matcher.rb +60 -0
- data/lib/recog/matcher_factory.rb +14 -0
- data/lib/recog/nizer.rb +263 -0
- data/lib/recog/verifier.rb +46 -0
- data/lib/recog/verifier_factory.rb +13 -0
- data/lib/recog/verify_reporter.rb +85 -0
- data/lib/recog/version.rb +3 -0
- data/recog.gemspec +34 -0
- data/spec/data/best_os_match_1.yml +17 -0
- data/spec/data/best_os_match_2.yml +17 -0
- data/spec/data/best_service_match_1.yml +17 -0
- data/spec/data/smb_native_os.txt +31 -0
- data/spec/data/test_fingerprints.xml +24 -0
- data/spec/lib/db_spec.rb +89 -0
- data/spec/lib/formatter_spec.rb +69 -0
- data/spec/lib/match_reporter_spec.rb +90 -0
- data/spec/lib/nizer_spec.rb +124 -0
- data/spec/lib/verify_reporter_spec.rb +112 -0
- data/xml/apache_os.xml +295 -0
- data/xml/architecture.xml +45 -0
- data/xml/ftp_banners.xml +808 -0
- data/xml/h323_callresp.xml +701 -0
- data/xml/hp_pjl_id.xml +435 -0
- data/xml/http_cookies.xml +379 -0
- data/xml/http_servers.xml +3326 -0
- data/xml/http_wwwauth.xml +412 -0
- data/xml/imap_banners.xml +267 -0
- data/xml/nntp_banners.xml +51 -0
- data/xml/ntp_banners.xml +538 -0
- data/xml/pop_banners.xml +452 -0
- data/xml/rsh_resp.xml +90 -0
- data/xml/sip_banners.xml +14 -0
- data/xml/smb_native_os.xml +385 -0
- data/xml/smtp_banners.xml +1738 -0
- data/xml/smtp_debug.xml +45 -0
- data/xml/smtp_ehlo.xml +53 -0
- data/xml/smtp_expn.xml +95 -0
- data/xml/smtp_help.xml +212 -0
- data/xml/smtp_mailfrom.xml +24 -0
- data/xml/smtp_noop.xml +45 -0
- data/xml/smtp_quit.xml +31 -0
- data/xml/smtp_rcptto.xml +33 -0
- data/xml/smtp_rset.xml +23 -0
- data/xml/smtp_turn.xml +23 -0
- data/xml/smtp_vrfy.xml +109 -0
- data/xml/snmp_sysdescr.xml +8008 -0
- data/xml/snmp_sysobjid.xml +284 -0
- data/xml/ssh_banners.xml +790 -0
- data/xml/upnp_banners.xml +590 -0
- metadata +190 -0
@@ -0,0 +1,45 @@
|
|
1
|
+
<?xml version="1.0"?>
|
2
|
+
|
3
|
+
<!--
|
4
|
+
Generic rules for matching a machine architecture, platform, or chipset
|
5
|
+
-->
|
6
|
+
|
7
|
+
<fingerprints matches="architecture">
|
8
|
+
|
9
|
+
<fingerprint pattern="x64|amd64|x86_64" flags="REG_ICASE">
|
10
|
+
<description>x64 (x86_x64)</description>
|
11
|
+
<example>Linux claw 3.11.0-15-generic #23-Ubuntu SMP Mon Dec 9 18:17:04 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux</example>
|
12
|
+
<param pos="0" name="os.arch" value="x64"/>
|
13
|
+
</fingerprint>
|
14
|
+
|
15
|
+
<fingerprint pattern="x86|i[3456]86" flags="REG_ICASE">
|
16
|
+
<description>x86</description>
|
17
|
+
<example>Linux bob 3.2.0-1-generic #3-Ubuntu SMP Wed Dec 11 19:12:55 UTC 2013 i686 i686 i686 GNU/Linux</example>
|
18
|
+
<param pos="0" name="os.arch" value="x86"/>
|
19
|
+
</fingerprint>
|
20
|
+
|
21
|
+
<fingerprint pattern="PowerPC|PPC|POWER|ppc">
|
22
|
+
<description>PowerPC</description>
|
23
|
+
<!-- XXX: Need an example -->
|
24
|
+
<param pos="0" name="os.arch" value="ppc"/>
|
25
|
+
</fingerprint>
|
26
|
+
|
27
|
+
<fingerprint pattern="SPARC" flags="REG_ICASE">
|
28
|
+
<description>SPARC</description>
|
29
|
+
<!-- XXX: Need an example -->
|
30
|
+
<param pos="0" name="os.arch" value="sparc"/>
|
31
|
+
</fingerprint>
|
32
|
+
|
33
|
+
<fingerprint pattern="mips" flags="REG_ICASE">
|
34
|
+
<description>MIPS</description>
|
35
|
+
<!-- XXX: Need an example -->
|
36
|
+
<param pos="0" name="os.arch" value="mips"/>
|
37
|
+
</fingerprint>
|
38
|
+
|
39
|
+
<fingerprint pattern="arm" flags="REG_ICASE">
|
40
|
+
<description>ARM</description>
|
41
|
+
<!-- XXX: Need an example -->
|
42
|
+
<param pos="0" name="os.arch" value="arm"/>
|
43
|
+
</fingerprint>
|
44
|
+
|
45
|
+
</fingerprints>
|
data/xml/ftp_banners.xml
ADDED
@@ -0,0 +1,808 @@
|
|
1
|
+
<?xml version="1.0"?>
|
2
|
+
<!--
|
3
|
+
FTP greeting messages (part of the banner after the response code) are matched
|
4
|
+
against these patterns to fingerprint FTP servers.
|
5
|
+
-->
|
6
|
+
<fingerprints matches="ftp.banner">
|
7
|
+
<fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version ([1234]\.\d+)\)\.$">
|
8
|
+
<example>xx Microsoft FTP Service (Version 3.0).</example>
|
9
|
+
<description>Microsoft FTP Server on Windows NT</description>
|
10
|
+
<param pos="0" name="service.vendor" value="Microsoft"/>
|
11
|
+
<param pos="0" name="service.product" value="IIS"/>
|
12
|
+
<param pos="0" name="service.family" value="IIS"/>
|
13
|
+
<param pos="2" name="service.version"/>
|
14
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
15
|
+
<param pos="0" name="os.device" value="General"/>
|
16
|
+
<param pos="0" name="os.family" value="Windows"/>
|
17
|
+
<param pos="0" name="os.product" value="Windows NT"/>
|
18
|
+
<param pos="1" name="host.name"/>
|
19
|
+
</fingerprint>
|
20
|
+
<fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.0\)\.$">
|
21
|
+
<example>xxx Microsoft FTP Service (Version 5.0).</example>
|
22
|
+
<description>Microsoft FTP Server on Windows 2000</description>
|
23
|
+
<param pos="0" name="service.vendor" value="Microsoft"/>
|
24
|
+
<param pos="0" name="service.product" value="IIS"/>
|
25
|
+
<param pos="0" name="service.family" value="IIS"/>
|
26
|
+
<param pos="0" name="service.version" value="5.0"/>
|
27
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
28
|
+
<param pos="0" name="os.device" value="General"/>
|
29
|
+
<param pos="0" name="os.family" value="Windows"/>
|
30
|
+
<param pos="0" name="os.product" value="Windows 2000"/>
|
31
|
+
<param pos="1" name="host.name"/>
|
32
|
+
</fingerprint>
|
33
|
+
<fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.1\)\.$">
|
34
|
+
<example>xxx Microsoft FTP Service (Version 5.1).</example>
|
35
|
+
<description>Microsoft FTP Server on Windows XP, 2003 or later versions of 2000</description>
|
36
|
+
<param pos="0" name="service.vendor" value="Microsoft"/>
|
37
|
+
<param pos="0" name="service.product" value="IIS"/>
|
38
|
+
<param pos="0" name="service.family" value="IIS"/>
|
39
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
40
|
+
<param pos="0" name="os.device" value="General"/>
|
41
|
+
<param pos="0" name="os.family" value="Windows"/>
|
42
|
+
<param pos="0" name="os.product" value="Windows"/>
|
43
|
+
<param pos="1" name="host.name"/>
|
44
|
+
</fingerprint>
|
45
|
+
<fingerprint pattern="^([^ ]+) Microsoft FTP Service$">
|
46
|
+
<example>hostname Microsoft FTP Service</example>
|
47
|
+
<description>Microsoft FTP Server on Windows XP, 2003 or later without version</description>
|
48
|
+
<param pos="0" name="service.vendor" value="Microsoft"/>
|
49
|
+
<param pos="0" name="service.product" value="IIS"/>
|
50
|
+
<param pos="0" name="service.family" value="IIS"/>
|
51
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
52
|
+
<param pos="0" name="os.device" value="General"/>
|
53
|
+
<param pos="0" name="os.family" value="Windows"/>
|
54
|
+
<param pos="0" name="os.product" value="Windows"/>
|
55
|
+
<param pos="1" name="host.name"/>
|
56
|
+
</fingerprint>
|
57
|
+
<fingerprint pattern="^Microsoft FTP Service$">
|
58
|
+
<example>Microsoft FTP Service</example>
|
59
|
+
<description>Microsoft FTP Server on Windows XP, 2003 or later without version or hostname</description>
|
60
|
+
<param pos="0" name="service.vendor" value="Microsoft"/>
|
61
|
+
<param pos="0" name="service.product" value="IIS"/>
|
62
|
+
<param pos="0" name="service.family" value="IIS"/>
|
63
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
64
|
+
<param pos="0" name="os.device" value="General"/>
|
65
|
+
<param pos="0" name="os.family" value="Windows"/>
|
66
|
+
<param pos="0" name="os.product" value="Windows"/>
|
67
|
+
</fingerprint>
|
68
|
+
<fingerprint pattern="^([^ ]+) +FTP +Server \(Version ([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
|
69
|
+
<description>
|
70
|
+
FTP on HPUX with a PHNE (HP Networking patch) installed
|
71
|
+
</description>
|
72
|
+
<example>example.com FTP server (Version 1.1.214.4(PHNE_38458) Mon Feb 15 06:03:12 GMT 2010) ready.</example>
|
73
|
+
<param pos="0" name="service.vendor" value="HP"/>
|
74
|
+
<param pos="0" name="service.product" value="FTPD"/>
|
75
|
+
<param pos="0" name="os.vendor" value="HP"/>
|
76
|
+
<param pos="0" name="os.family" value="HP-UX"/>
|
77
|
+
<param pos="0" name="os.device" value="General"/>
|
78
|
+
<param pos="0" name="os.product" value="HP-UX"/>
|
79
|
+
<param pos="1" name="host.name"/>
|
80
|
+
<param pos="2" name="service.version"/>
|
81
|
+
</fingerprint>
|
82
|
+
<fingerprint pattern="^([^ ]+) +FTP +Server \(Revision \S+ Version wuftpd-([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
|
83
|
+
<description>
|
84
|
+
WU-FTPD on HPUX with a PHNE (HP Networking patch) installed
|
85
|
+
</description>
|
86
|
+
<example>example.com FTP server (Revision 1.1 Version wuftpd-2.6.1(PHNE_38578) Fri Sep 5 12:10:54 GMT 2008) ready.</example>
|
87
|
+
<param pos="0" name="service.vendor" value="Washington University"/>
|
88
|
+
<param pos="0" name="service.product" value="WU-FTPD"/>
|
89
|
+
<param pos="0" name="os.vendor" value="HP"/>
|
90
|
+
<param pos="0" name="os.family" value="HP-UX"/>
|
91
|
+
<param pos="0" name="os.device" value="General"/>
|
92
|
+
<param pos="0" name="os.product" value="HP-UX"/>
|
93
|
+
<param pos="1" name="host.name"/>
|
94
|
+
<param pos="2" name="service.version"/>
|
95
|
+
</fingerprint>
|
96
|
+
<fingerprint pattern="^(\S+)(?: \S+)? FTP Server \(Version wu(?:ftpd)?-([\d\.]+).*\) ready.?$" flags="REG_ICASE">
|
97
|
+
<description>WU-FTPD on various OS</description>
|
98
|
+
<example>example.com FTP server (Version wu-2.6.2(1) Sat Jul 19 16:21:30 UTC 2008) ready.</example>
|
99
|
+
<example>example.com 192.168.0.1 FTP server (Version wu-2.6.2(1) Wed Sep 21 11:16:21 MEST 2005) ready.</example>
|
100
|
+
<example>example.com FTP server (Version wu-2.6.2-11.73.1) ready.</example>
|
101
|
+
<param pos="0" name="service.vendor" value="Washington University"/>
|
102
|
+
<param pos="0" name="service.product" value="WU-FTPD"/>
|
103
|
+
<param pos="1" name="host.name"/>
|
104
|
+
<param pos="2" name="service.version"/>
|
105
|
+
</fingerprint>
|
106
|
+
<fingerprint pattern="^(\S+)(?: \S+)? FTP Server \(Version:\s+Mac OS X Server\s*([\d\.]*).*\) ready.?$" flags="REG_ICASE">
|
107
|
+
<description>FTPD on Mac OS X Server</description>
|
108
|
+
<example>example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.</example>
|
109
|
+
<param pos="0" name="service.vendor" value="Apple"/>
|
110
|
+
<param pos="0" name="service.product" value="FTP"/>
|
111
|
+
<param pos="0" name="os.vendor" value="Apple"/>
|
112
|
+
<param pos="0" name="os.family" value="Mac OS X"/>
|
113
|
+
<param pos="0" name="os.device" value="General"/>
|
114
|
+
<param pos="0" name="os.product" value="Mac OS X Server"/>
|
115
|
+
<param pos="1" name="host.name"/>
|
116
|
+
<param pos="2" name="os.version"/>
|
117
|
+
</fingerprint>
|
118
|
+
<fingerprint pattern="^(\S+) FTP Server \(SunOS (\S+)\) ready\.?$" flags="REG_ICASE">
|
119
|
+
<description>SunOS/Solaris</description>
|
120
|
+
<example>example.com FTP server (SunOS 5.7) ready.</example>
|
121
|
+
<param pos="0" name="os.vendor" value="Sun"/>
|
122
|
+
<param pos="0" name="os.family" value="Solaris"/>
|
123
|
+
<param pos="0" name="os.product" value="Solaris"/>
|
124
|
+
<param pos="0" name="os.device" value="General"/>
|
125
|
+
<param pos="1" name="host.name"/>
|
126
|
+
<param pos="2" name="os.version"/>
|
127
|
+
</fingerprint>
|
128
|
+
<fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Debian\) \[(.+)\]$">
|
129
|
+
<example>ProFTPD 1.3.0rc2 Server (Debian) [host]</example>
|
130
|
+
<description>ProFTPD on Debian Linux</description>
|
131
|
+
<param pos="0" name="service.family" value="ProFTPD"/>
|
132
|
+
<param pos="0" name="service.product" value="ProFTPD"/>
|
133
|
+
<param pos="1" name="service.version"/>
|
134
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
135
|
+
<param pos="0" name="os.device" value="General"/>
|
136
|
+
<param pos="0" name="os.family" value="Linux"/>
|
137
|
+
<param pos="0" name="os.product" value="Linux"/>
|
138
|
+
<param pos="2" name="host.name"/>
|
139
|
+
</fingerprint>
|
140
|
+
<fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(W.+)\) \[(.+)\]$">
|
141
|
+
<example>ProFTPD 1.3.0rc2 Server (LinksysWRT350N) [host]</example>
|
142
|
+
<description>ProFTPD on a Linksys Wireless Access Point/Router</description>
|
143
|
+
<param pos="0" name="service.family" value="ProFTPD"/>
|
144
|
+
<param pos="0" name="service.product" value="ProFTPD"/>
|
145
|
+
<param pos="1" name="service.version"/>
|
146
|
+
<param pos="0" name="os.vendor" value="Linksys"/>
|
147
|
+
<param pos="0" name="os.device" value="WAP"/>
|
148
|
+
<param pos="2" name="os.product"/>
|
149
|
+
<param pos="3" name="host.name"/>
|
150
|
+
</fingerprint>
|
151
|
+
<fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(.*)\) \[(.+)\]$">
|
152
|
+
<!-- TODO: find a greeting message example -->
|
153
|
+
<description>ProFTPD on a wired Linksys device</description>
|
154
|
+
<param pos="0" name="service.family" value="ProFTPD"/>
|
155
|
+
<param pos="0" name="service.product" value="ProFTPD"/>
|
156
|
+
<param pos="1" name="service.version"/>
|
157
|
+
<param pos="0" name="os.vendor" value="Linksys"/>
|
158
|
+
<param pos="0" name="os.device" value="Router"/>
|
159
|
+
<param pos="2" name="os.product"/>
|
160
|
+
<param pos="3" name="host.name"/>
|
161
|
+
</fingerprint>
|
162
|
+
<fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[(.+)\]$">
|
163
|
+
<example>ProFTPD 1.2.10 Server (Main FTP Server) [host]</example>
|
164
|
+
<example>ProFTPD 1.2.10 Server (ProFTPD) [host]</example>
|
165
|
+
<example>ProFTPD 1.2.10rc3 Server (ProFTPD Default Installation) [host]</example>
|
166
|
+
<description>ProFTPD with version info but no obvious OS info</description>
|
167
|
+
<param pos="0" name="service.family" value="ProFTPD"/>
|
168
|
+
<param pos="0" name="service.product" value="ProFTPD"/>
|
169
|
+
<param pos="1" name="service.version"/>
|
170
|
+
<param pos="2" name="proftpd.server.name"/>
|
171
|
+
<param pos="3" name="host.name"/>
|
172
|
+
</fingerprint>
|
173
|
+
<fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server ready\.$">
|
174
|
+
<example>ProFTPD 1.3.0rc2 Server ready.</example>
|
175
|
+
<description>ProFTPD with only version info</description>
|
176
|
+
<param pos="0" name="service.family" value="ProFTPD"/>
|
177
|
+
<param pos="0" name="service.product" value="ProFTPD"/>
|
178
|
+
<param pos="1" name="service.version"/>
|
179
|
+
</fingerprint>
|
180
|
+
<fingerprint pattern="^ProFTPD FTP Server ready\.$">
|
181
|
+
<example>ProFTPD FTP Server ready.</example>
|
182
|
+
<description>ProFTPD with no version info</description>
|
183
|
+
<param pos="0" name="service.family" value="ProFTPD"/>
|
184
|
+
<param pos="0" name="service.product" value="ProFTPD"/>
|
185
|
+
</fingerprint>
|
186
|
+
<fingerprint pattern="^-{10} Welcome to Pure-FTPd (.*)-{10}$">
|
187
|
+
<example>---------- Welcome to Pure-FTPd ----------</example>
|
188
|
+
<description>Pure-FTPd
|
189
|
+
Config data can be zero or more of: [privsep] [TLS]
|
190
|
+
</description>
|
191
|
+
<param pos="1" name="pureftpd.config"/>
|
192
|
+
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
193
|
+
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
194
|
+
</fingerprint>
|
195
|
+
<fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-$">
|
196
|
+
<example>=(<*>)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(<*>)=-</example>
|
197
|
+
<description>Older Pure-FTPd versions</description>
|
198
|
+
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
199
|
+
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
200
|
+
<param pos="1" name="service.version"/>
|
201
|
+
</fingerprint>
|
202
|
+
<fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\..+)(?: for WinSock)? ready\.*$">
|
203
|
+
<example>Serv-U FTP-Server v2.5n for WinSock ready...</example>
|
204
|
+
<example>Serv-U FTP Server v6.0 for WinSock ready</example>
|
205
|
+
<example>Serv-U FTP Server v7.2 ready...</example>
|
206
|
+
<description>Serv-U (only runs on Windows)</description>
|
207
|
+
<param pos="0" name="service.vendor" value="Rhino Software"/>
|
208
|
+
<param pos="0" name="service.product" value="Serv-U"/>
|
209
|
+
<param pos="0" name="service.family" value="Serv-U"/>
|
210
|
+
<param pos="1" name="service.version"/>
|
211
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
212
|
+
<param pos="0" name="os.device" value="General"/>
|
213
|
+
<param pos="0" name="os.family" value="Windows"/>
|
214
|
+
<param pos="0" name="os.product" value="Windows"/>
|
215
|
+
</fingerprint>
|
216
|
+
<fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
|
217
|
+
<example>zFTPServer v4.0, build 2008-12-24 01:41 ready.</example>
|
218
|
+
<description>zftpserver (only runs on Windows)</description>
|
219
|
+
<param pos="0" name="service.product" value="zFTPServer"/>
|
220
|
+
<param pos="1" name="service.version"/>
|
221
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
222
|
+
<param pos="0" name="os.device" value="General"/>
|
223
|
+
<param pos="0" name="os.family" value="Windows"/>
|
224
|
+
<param pos="0" name="os.product" value="Windows"/>
|
225
|
+
</fingerprint>
|
226
|
+
<fingerprint pattern="^\(vsFTPd (\d+\..+)\)(?: (.+))?$">
|
227
|
+
<example>(vsFTPd 1.1.3) host</example>
|
228
|
+
<example>(vsFTPd 2.0.5)</example>
|
229
|
+
<description>vsFTPd (Very Secure FTP Daemon)</description>
|
230
|
+
<param pos="0" name="service.family" value="vsFTPd"/>
|
231
|
+
<param pos="0" name="service.product" value="vsFTPd"/>
|
232
|
+
<param pos="1" name="service.version"/>
|
233
|
+
<param pos="2" name="host.name"/>
|
234
|
+
</fingerprint>
|
235
|
+
<fingerprint pattern="^ready, dude \(vsFTPd (\d+\..+): beat me, break me\)$">
|
236
|
+
<example>ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
|
237
|
+
<description>vsFTPd (Very Secure FTP Daemon)</description>
|
238
|
+
<param pos="0" name="service.family" value="vsFTPd"/>
|
239
|
+
<param pos="0" name="service.product" value="vsFTPd"/>
|
240
|
+
<param pos="1" name="service.version"/>
|
241
|
+
</fingerprint>
|
242
|
+
<fingerprint pattern="^FileZilla Server version (\d\..+)$">
|
243
|
+
<example>FileZilla Server version 0.9.2 beta</example>
|
244
|
+
<description>FileZilla FTP Server</description>
|
245
|
+
<param pos="0" name="service.family" value="FileZilla FTP Server"/>
|
246
|
+
<param pos="0" name="service.product" value="FileZilla FTP Server"/>
|
247
|
+
<param pos="1" name="service.version"/>
|
248
|
+
</fingerprint>
|
249
|
+
<fingerprint pattern="^\s*APC FTP server ready\.$">
|
250
|
+
<example>APC FTP server ready.</example>
|
251
|
+
<description>APC device</description>
|
252
|
+
<param pos="0" name="service.vendor" value="APC"/>
|
253
|
+
<param pos="0" name="service.product" value="FTP"/>
|
254
|
+
<param pos="0" name="os.vendor" value="APC"/>
|
255
|
+
<param pos="0" name="os.device" value="Power device"/>
|
256
|
+
</fingerprint>
|
257
|
+
<fingerprint pattern="^(\S+) Network Management Card AOS v(\d+\..+) FTP server ready\.$">
|
258
|
+
<example>AP7932 Network Management Card AOS v3.3.4 FTP server ready.</example>
|
259
|
+
<example>ACRC103 Network Management Card AOS v3.6.1 FTP server ready.</example>
|
260
|
+
<example>0G-9354-01 Network Management Card AOS v3.6.1 FTP server ready.</example>
|
261
|
+
<description>APC power/cooling device</description>
|
262
|
+
<param pos="0" name="service.vendor" value="APC"/>
|
263
|
+
<param pos="0" name="service.product" value="AOS"/>
|
264
|
+
<param pos="0" name="service.family" value="AOS"/>
|
265
|
+
<param pos="2" name="service.version"/>
|
266
|
+
<param pos="0" name="os.vendor" value="APC"/>
|
267
|
+
<param pos="0" name="os.device" value="Power device"/>
|
268
|
+
<param pos="1" name="os.product"/>
|
269
|
+
<param pos="2" name="os.version"/>
|
270
|
+
</fingerprint>
|
271
|
+
<fingerprint pattern="^(\S+) FTP server \(EMC-SNAS: ([^\)]+)\)(:? \S+)?$">
|
272
|
+
<example>foo2 FTP server (EMC-SNAS: 5.6.47.11)</example>
|
273
|
+
<example>foo2 FTP server (EMC-SNAS: 5.6.50.203) ready.</example>
|
274
|
+
<example>foo4 FTP server (EMC-SNAS: 5.5.31.6) r</example>
|
275
|
+
<description>EMC Celerra</description>
|
276
|
+
<param pos="0" name="service.vendor" value="EMC"/>
|
277
|
+
<param pos="0" name="service.product" value="Celerra"/>
|
278
|
+
<param pos="2" name="service.version"/>
|
279
|
+
<param pos="0" name="os.vendor" value="Celerra"/>
|
280
|
+
<param pos="0" name="os.device" value="Storage"/>
|
281
|
+
<param pos="0" name="os.product" value="Celerra"/>
|
282
|
+
<param pos="2" name="os.version"/>
|
283
|
+
<param pos="1" name="host.name"/>
|
284
|
+
</fingerprint>
|
285
|
+
<fingerprint pattern="^JD FTP Server Ready.*$">
|
286
|
+
<example>JD FTP Server Ready</example>
|
287
|
+
<example>JD FTP Server Ready.</example>
|
288
|
+
<description>HP JetDirect printer</description>
|
289
|
+
<param pos="0" name="service.vendor" value="HP"/>
|
290
|
+
<param pos="0" name="service.product" value="JetDirect"/>
|
291
|
+
<param pos="0" name="service.family" value="JetDirect"/>
|
292
|
+
<param pos="0" name="os.vendor" value="HP"/>
|
293
|
+
<param pos="0" name="os.device" value="Printer"/>
|
294
|
+
<param pos="0" name="os.family" value="JetDirect"/>
|
295
|
+
<param pos="0" name="os.product" value="JetDirect"/>
|
296
|
+
</fingerprint>
|
297
|
+
<fingerprint pattern="^Check Point FireWall-1 Secure FTP server running on (.+)$">
|
298
|
+
<example>Check Point FireWall-1 Secure FTP server running on host</example>
|
299
|
+
<description>Check Point FireWall-1</description>
|
300
|
+
<param pos="0" name="service.vendor" value="Check Point"/>
|
301
|
+
<param pos="0" name="service.product" value="Firewall-1"/>
|
302
|
+
<param pos="0" name="service.family" value="Firewall-1"/>
|
303
|
+
<param pos="0" name="os.vendor" value="Check Point"/>
|
304
|
+
<param pos="0" name="os.device" value="Firewall"/>
|
305
|
+
<param pos="0" name="os.family" value="Firewall-1"/>
|
306
|
+
<param pos="0" name="os.product" value="Firewall-1"/>
|
307
|
+
</fingerprint>
|
308
|
+
<fingerprint pattern="^Blue Coat FTP Service$">
|
309
|
+
<example>Blue Coat FTP Service</example>
|
310
|
+
<description>Blue Coat security appliances</description>
|
311
|
+
<param pos="0" name="service.vendor" value="Blue Coat"/>
|
312
|
+
<param pos="0" name="service.product" value="Proxy"/>
|
313
|
+
<param pos="0" name="os.vendor" value="Blue Coat"/>
|
314
|
+
<param pos="0" name="os.product" value="Unknown"/>
|
315
|
+
<param pos="0" name="os.device" value="Web proxy"/>
|
316
|
+
</fingerprint>
|
317
|
+
<fingerprint pattern="^---freeFTPd 1.0---warFTPd 1.65---$">
|
318
|
+
<description>Nepenthes honeypot</description>
|
319
|
+
<param pos="0" name="service.family" value="Nepenthes"/>
|
320
|
+
<param pos="0" name="service.product" value="Nepenthes"/>
|
321
|
+
</fingerprint>
|
322
|
+
<fingerprint pattern="^[^ ]+ IBM FTP CS (V1R\d+) at ([^,]*),.*">
|
323
|
+
<example>SFTPD1 IBM FTP CS V1R4 at x.y.z, 21:02:19 on 2007-12-15.</example>
|
324
|
+
<description>IBM z/OS FTP Service</description>
|
325
|
+
<param pos="0" name="service.vendor" value="IBM"/>
|
326
|
+
<param pos="0" name="service.product" value="z/OS FTP Server"/>
|
327
|
+
<param pos="0" name="os.vendor" value="IBM"/>
|
328
|
+
<param pos="0" name="os.product" value="z/OS"/>
|
329
|
+
<param pos="0" name="os.family" value="z/OS"/>
|
330
|
+
<param pos="0" name="os.device" value="Mainframe"/>
|
331
|
+
<param pos="1" name="os.version"/>
|
332
|
+
<param pos="2" name="host.name"/>
|
333
|
+
</fingerprint>
|
334
|
+
<fingerprint pattern="^FTP server \(IBM 4690 TCP/IP FTP Version 1\.0\) ready\.">
|
335
|
+
<example>FTP server (IBM 4690 TCP/IP FTP Version 1.0) ready.</example>
|
336
|
+
<description>IBM 4690 FTP Service</description>
|
337
|
+
<param pos="0" name="service.vendor" value="IBM"/>
|
338
|
+
<param pos="0" name="service.product" value="4690 FTP Server"/>
|
339
|
+
<param pos="0" name="os.vendor" value="IBM"/>
|
340
|
+
<param pos="0" name="os.product" value="4690"/>
|
341
|
+
<param pos="0" name="os.family" value="4690"/>
|
342
|
+
<param pos="0" name="os.device" value="Point of sale"/>
|
343
|
+
</fingerprint>
|
344
|
+
<fingerprint pattern="^([^ ]+) NcFTPd Server \(licensed copy\) ready\.$">
|
345
|
+
<example>ftp.example.com NcFTPd Server (licensed copy) ready.</example>
|
346
|
+
<description>NcFTPd Server
|
347
|
+
http://www.ncftp.com/ncftpd/</description>
|
348
|
+
<param pos="0" name="service.vendor" value="NcFTP Software"/>
|
349
|
+
<param pos="0" name="service.product" value="NcFTPd Server"/>
|
350
|
+
<param pos="1" name="host.name"/>
|
351
|
+
</fingerprint>
|
352
|
+
<fingerprint pattern="^(\S+) DCS-2100 FTP server ready\.$">
|
353
|
+
<example>hostname DCS-2100 FTP server ready.</example>
|
354
|
+
<description>D-Link DCS-2100 wireless internet camera</description>
|
355
|
+
<param pos="0" name="os.vendor" value="D-Link"/>
|
356
|
+
<param pos="0" name="os.product" value="DCS-2100"/>
|
357
|
+
<param pos="0" name="os.device" value="Web cam"/>
|
358
|
+
</fingerprint>
|
359
|
+
<fingerprint pattern="^Secure Gateway FTP server ready\.$">
|
360
|
+
<example>Secure Gateway FTP server ready.</example>
|
361
|
+
<description>Raptor firewall</description>
|
362
|
+
<param pos="0" name="os.vendor" value="Symantec"/>
|
363
|
+
<param pos="0" name="os.family" value="Raptor"/>
|
364
|
+
<param pos="0" name="os.product" value="Raptor"/>
|
365
|
+
<param pos="0" name="os.device" value="Firewall"/>
|
366
|
+
</fingerprint>
|
367
|
+
<fingerprint pattern="^SUN StorEdge (\S+) RAID FTP server ready\.$">
|
368
|
+
<description>Sun StorEdge disk array</description>
|
369
|
+
<example>SUN StorEdge 3511 RAID FTP server ready.</example>
|
370
|
+
<param pos="0" name="os.vendor" value="Sun"/>
|
371
|
+
<param pos="0" name="os.family" value="StorEdge"/>
|
372
|
+
<param pos="1" name="os.product"/>
|
373
|
+
<param pos="0" name="os.device" value="Storage"/>
|
374
|
+
</fingerprint>
|
375
|
+
<fingerprint pattern="^AXIS (\S+) (?:Network( Fixed Dome)? Camera) ([\d\.]+) .* ready\.?$" flags="REG_ICASE">
|
376
|
+
<example>Axis 2100 Network Camera 2.43 Nov 04 2008 ready.</example>
|
377
|
+
<example>AXIS 207 Network Camera 4.40.1 (Apr 16 2007) ready.</example>
|
378
|
+
<example>AXIS 216FD Network Fixed Dome Camera 4.47 (Mar 13 2008) ready.</example>
|
379
|
+
<description>Axis Network Camera</description>
|
380
|
+
<param pos="0" name="os.vendor" value="Axis"/>
|
381
|
+
<param pos="0" name="os.device" value="Web cam"/>
|
382
|
+
<param pos="1" name="os.product"/>
|
383
|
+
<param pos="2" name="os.version"/>
|
384
|
+
</fingerprint>
|
385
|
+
<fingerprint pattern="^AXIS (\S+) Video (?:Encoder Blade|Server|Decoder) ([\d\.]+) .* ready\.?$" flags="REG_ICASE">
|
386
|
+
<example>AXIS Q7406 Video Encoder Blade 5.01 (Aug 01 2008) ready.</example>
|
387
|
+
<example>AXIS 241Q Video Server 4.47.2 (Dec 11 2008) ready.</example>
|
388
|
+
<example>AXIS P7701 Video Decoder 5.07.2 (Apr 20 2010) ready.</example>
|
389
|
+
<description>Axis Video encoders/servers</description>
|
390
|
+
<param pos="0" name="os.vendor" value="Axis"/>
|
391
|
+
<param pos="1" name="os.product"/>
|
392
|
+
<param pos="2" name="os.version"/>
|
393
|
+
</fingerprint>
|
394
|
+
<fingerprint pattern="^AXIS (\S+) .*FTP Network Print Server V?([\d\.]+\S+) .* ready\.?$" flags="REG_ICASE">
|
395
|
+
<example>AXIS 5600+ (rev 3) FTP Network Print Server V7.00 Sep 10 2004 ready.</example>
|
396
|
+
<example>AXIS 560 FTP Network Print Server V6.00 Jul 7 1999 ready.</example>
|
397
|
+
<example>AXIS 5470e FTP Network Print Server V6.30.beta2 Sep 25 2002 ready.</example>
|
398
|
+
<description>Axis print servers</description>
|
399
|
+
<param pos="0" name="os.vendor" value="Axis"/>
|
400
|
+
<param pos="0" name="os.device" value="Print server"/>
|
401
|
+
<param pos="1" name="os.product"/>
|
402
|
+
<param pos="2" name="os.version"/>
|
403
|
+
</fingerprint>
|
404
|
+
<fingerprint pattern="^RICOH Aficio ((?:[MS]P )?\S+) FTP server \(([0-9\.a-zA-Z]+)\) ready.?$" flags="REG_ICASE">
|
405
|
+
<description>Ricoh Aficio multifunction device</description>
|
406
|
+
<example>RICOH Aficio 2045e FTP server (4.12) ready.</example>
|
407
|
+
<example>RICOH Aficio SP 4210N FTP server (8.63) ready.</example>
|
408
|
+
<example>RICOH Aficio MP C3000 FTP server (5.11) ready.</example>
|
409
|
+
<param pos="0" name="os.vendor" value="Ricoh"/>
|
410
|
+
<param pos="0" name="os.family" value="Aficio"/>
|
411
|
+
<param pos="0" name="os.device" value="Multifunction Device"/>
|
412
|
+
<param pos="1" name="os.product"/>
|
413
|
+
<param pos="2" name="os.version"/>
|
414
|
+
</fingerprint>
|
415
|
+
<fingerprint pattern="^NRG ((?:[MS]P )?\S+) FTP server \(([0-9\.a-zA-Z]+)\) ready.?$" flags="REG_ICASE">
|
416
|
+
<description>Ricoh NRG multifunction device</description>
|
417
|
+
<example>NRG MP C2800 FTP server (8.25) ready.</example>
|
418
|
+
<example>NRG MP 3350 FTP server (7.05) ready.</example>
|
419
|
+
<example>NRG MP C3500 FTP server (5.17) ready.</example>
|
420
|
+
<example>NRG MP 171 FTP server (9.02.1) ready.</example>
|
421
|
+
<example>NRG MP 3350 FTP server (7.05) ready.</example>
|
422
|
+
<example>NRG MP C2550 FTP server (8.25) ready.</example>
|
423
|
+
<example>NRG MP C2800 FTP server (8.25) ready.</example>
|
424
|
+
<example>NRG MP C3500 FTP server (5.17) ready.</example>
|
425
|
+
<example>NRG MP C3500 FTP server (5.19) ready.</example>
|
426
|
+
<example>NRG MP C4000 FTP server (8.30) ready.</example>
|
427
|
+
<example>NRG MP C4500 FTP server (5.14) ready.</example>
|
428
|
+
<param pos="0" name="os.vendor" value="Ricoh"/>
|
429
|
+
<param pos="0" name="os.device" value="Multifunction Device"/>
|
430
|
+
<param pos="1" name="os.product"/>
|
431
|
+
<param pos="2" name="os.version"/>
|
432
|
+
</fingerprint>
|
433
|
+
<fingerprint pattern="^Xerox Phaser (\S+)$" certainty="1.0">
|
434
|
+
<description>Xerox Phaser Laser Printer</description>
|
435
|
+
<example>Xerox Phaser 6130N</example>
|
436
|
+
<example>Xerox Phaser 6180MFP-D</example>
|
437
|
+
<param pos="0" name="os.vendor" value="Xerox"/>
|
438
|
+
<param pos="0" name="os.family" value="Phaser"/>
|
439
|
+
<param pos="0" name="os.device" value="Printer"/>
|
440
|
+
<param pos="1" name="os.product"/>
|
441
|
+
</fingerprint>
|
442
|
+
<fingerprint pattern="^XEROX (\d+) Wide Format .*$" certainty="1.0">
|
443
|
+
<description>Xerox Wide Format Series of Printers</description>
|
444
|
+
<example>XEROX 6204 Wide Format FTP server ready</example>
|
445
|
+
<param pos="0" name="os.vendor" value="Xerox"/>
|
446
|
+
<param pos="0" name="os.family" value="Wide Format"/>
|
447
|
+
<param pos="0" name="os.device" value="Printer"/>
|
448
|
+
<param pos="1" name="os.product"/>
|
449
|
+
</fingerprint>
|
450
|
+
<fingerprint pattern="^FUJI XEROX DocuPrint (.*)$" certainity="1.0">
|
451
|
+
<description>FUJI XEROX DocuPrint Series of Printers</description>
|
452
|
+
<example>FUJI XEROX DocuPrint 3055</example>
|
453
|
+
<example>FUJI XEROX DocuPrint C1190 FS</example>
|
454
|
+
<example>FUJI XEROX DocuPrint C2100</example>
|
455
|
+
<param pos="0" name="os.vendor" value="FUJI XEROX"/>
|
456
|
+
<param pos="0" name="os.family" value="DocuPrint"/>
|
457
|
+
<param pos="0" name="os.device" value="Printer"/>
|
458
|
+
<param pos="1" name="os.product"/>
|
459
|
+
</fingerprint>
|
460
|
+
<fingerprint pattern="^ET(\S{12}) Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
|
461
|
+
<description>Lexmark printers</description>
|
462
|
+
<example>ET000400CEA560 Lexmark T640 FTP Server NS.NP.N219 ready.</example>
|
463
|
+
<param pos="0" name="os.vendor" value="Lexmark"/>
|
464
|
+
<param pos="0" name="os.device" value="Printer"/>
|
465
|
+
<param pos="1" name="host.mac"/>
|
466
|
+
<param pos="2" name="os.product"/>
|
467
|
+
<param pos="3" name="os.version"/>
|
468
|
+
</fingerprint>
|
469
|
+
<fingerprint pattern="^.*Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
|
470
|
+
<description>Lexmark printers</description>
|
471
|
+
<example>ET0021718 Lexmark T654 FTP Server NR.APS.F368 ready.</example>
|
472
|
+
<param pos="0" name="os.vendor" value="Lexmark"/>
|
473
|
+
<param pos="0" name="os.device" value="Printer"/>
|
474
|
+
<param pos="1" name="os.product"/>
|
475
|
+
<param pos="2" name="os.version"/>
|
476
|
+
</fingerprint>
|
477
|
+
<fingerprint pattern="^.*Lexmark (\S+) FTP Server ready\.?$" certainty="1.0" flags="REG_ICASE">
|
478
|
+
<description>Lexmark printers</description>
|
479
|
+
<example>Lexmark X500 FTP server ready</example>
|
480
|
+
<param pos="0" name="os.vendor" value="Lexmark"/>
|
481
|
+
<param pos="0" name="os.device" value="Printer"/>
|
482
|
+
<param pos="1" name="os.product"/>
|
483
|
+
</fingerprint>
|
484
|
+
<fingerprint pattern="^(?:Tornado-)?VxWorks \((?:VxWorks)?([^\)]+)\) FTP server(?: ready)?$" flags="REG_ICASE">
|
485
|
+
<example>VxWorks (5.3.1) FTP server ready</example>
|
486
|
+
<example>VxWorks (VxWorks5.5.1) FTP server ready</example>
|
487
|
+
<example>Tornado-vxWorks (VxWorks5.5.1) FTP server</example>
|
488
|
+
<description>VxWorks with version information</description>
|
489
|
+
<param pos="0" name="os.vendor" value="Wind River"/>
|
490
|
+
<param pos="0" name="os.product" value="VxWorks"/>
|
491
|
+
<param pos="1" name="os.version"/>
|
492
|
+
</fingerprint>
|
493
|
+
<fingerprint pattern="^Tornado-vxWorks FTP server ready$" flags="REG_ICASE">
|
494
|
+
<example>Tornado-vxWorks FTP server ready</example>
|
495
|
+
<description>VxWorks without version information</description>
|
496
|
+
<param pos="0" name="os.vendor" value="Wind River"/>
|
497
|
+
<param pos="0" name="os.product" value="VxWorks"/>
|
498
|
+
</fingerprint>
|
499
|
+
<fingerprint pattern="^ADC iScale$">
|
500
|
+
<description>ADC iScale</description>
|
501
|
+
<example>ADC iScale</example>
|
502
|
+
<param pos="0" name="service.vendor" value="ADC"/>
|
503
|
+
<param pos="0" name="service.product" value="iScale"/>
|
504
|
+
<param pos="0" name="os.vendor" value="ADC"/>
|
505
|
+
<param pos="0" name="os.product" value="iScale"/>
|
506
|
+
</fingerprint>
|
507
|
+
<fingerprint pattern="^TASKalfa (\d+c?i) FTP server" certainty="1.0">
|
508
|
+
<description>Taskalfa Series of Printers</description>
|
509
|
+
<example>TASKalfa 300ci FTP server</example>
|
510
|
+
<example>TASKalfa 520i FTP server</example>
|
511
|
+
<param pos="0" name="os.vendor" value="Kyocera"/>
|
512
|
+
<param pos="0" name="os.family" value="TASKalfa"/>
|
513
|
+
<param pos="0" name="os.device" value="Multifunction Device"/>
|
514
|
+
<param pos="1" name="os.product"/>
|
515
|
+
</fingerprint>
|
516
|
+
<fingerprint pattern="^SAVIN (\S+) FTP server \((.*)\) ready.$" certainty="1.0">
|
517
|
+
<description>SAVIN Printer FTP Server</description>
|
518
|
+
<example>SAVIN 4075 FTP server (4.08) ready.</example>
|
519
|
+
<example>SAVIN 9025 FTP server (7.23) ready.</example>
|
520
|
+
<example>SAVIN 9050 FTP server (7.30) ready.</example>
|
521
|
+
<example>SAVIN 917 FTP server (9.03) ready.</example>
|
522
|
+
<example>SAVIN 917 FTP server (9.05.2) ready.</example>
|
523
|
+
<example>SAVIN C2525 FTP server (5.14) ready.</example>
|
524
|
+
<example>SAVIN C3528 FTP server (4.08.3) ready.</example>
|
525
|
+
<example>SAVIN C3528 FTP server (4.17) ready.</example>
|
526
|
+
<example>SAVIN C6055 FTP server (7.16) ready.</example>
|
527
|
+
<example>SAVIN C9145 FTP server (10.51) ready.</example>
|
528
|
+
<param pos="0" name="os.vendor" value="Savin"/>
|
529
|
+
<param pos="0" name="os.device" value="Printer"/>
|
530
|
+
<param pos="1" name="os.product"/>
|
531
|
+
<param pos="2" name="os.version"/>
|
532
|
+
</fingerprint>
|
533
|
+
<fingerprint pattern="^Oce (im\d+) Ver (\S+) FTP server\.$" certainty="1.0">
|
534
|
+
<description>OCE IM series Printer</description>
|
535
|
+
<example>Oce im4512 Ver 01.04.00.0c FTP server.</example>
|
536
|
+
<example>Oce im3512 Ver 01.04.00.0c FTP server.</example>
|
537
|
+
<param pos="0" name="os.vendor" value="Oce"/>
|
538
|
+
<param pos="0" name="os.device" value="Multifunction Device"/>
|
539
|
+
<param pos="0" name="os.family" value="IM Series"/>
|
540
|
+
<param pos="1" name="os.product"/>
|
541
|
+
<param pos="2" name="os.version"/>
|
542
|
+
</fingerprint>
|
543
|
+
<fingerprint pattern="^Oce (Plotwave\d+) FTP Service \(Version (\S+)\)\.$" certainty="1.0">
|
544
|
+
<description>OCE Printer</description>
|
545
|
+
<example>Oce Plotwave300 FTP Service (Version 4.5.7).</example>
|
546
|
+
<param pos="0" name="os.vendor" value="Oce"/>
|
547
|
+
<param pos="0" name="os.device" value="Printer"/>
|
548
|
+
<param pos="0" name="os.family" value="Plotwave Series"/>
|
549
|
+
<param pos="1" name="os.product"/>
|
550
|
+
<param pos="2" name="os.version"/>
|
551
|
+
</fingerprint>
|
552
|
+
<fingerprint pattern="^LinkCom Xpress (.*) FTP version ([\d\.]+) ready$" certainty="1.0">
|
553
|
+
<description>MPI Technologies Linkcom Express FTP Server</description>
|
554
|
+
<example>LinkCom Xpress 10/100 +IPDS FTP version 1.0 ready</example>
|
555
|
+
<param pos="0" name="os.vendor" value="MPI Technologies"/>
|
556
|
+
<param pos="0" name="os.family" value="LinkCom Xpress"/>
|
557
|
+
<param pos="0" name="os.device" value="Print server"/>
|
558
|
+
<param pos="1" name="os.product"/>
|
559
|
+
</fingerprint>
|
560
|
+
<fingerprint pattern="^LinkCom Xpress (.*)$" certainty="1.0">
|
561
|
+
<description>MPI Technologies Linkcom Express FTP Server</description>
|
562
|
+
<example>LinkCom Xpress EIO PRO 10</example>
|
563
|
+
<param pos="0" name="os.vendor" value="MPI Technologies"/>
|
564
|
+
<param pos="0" name="os.family" value="LinkCom Xpress"/>
|
565
|
+
<param pos="0" name="os.device" value="Print server"/>
|
566
|
+
<param pos="1" name="os.product"/>
|
567
|
+
</fingerprint>
|
568
|
+
<fingerprint pattern="^LXKE\S+ IBM Infoprint (\d+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
|
569
|
+
<description>IBM Infoprint FTP</description>
|
570
|
+
<example>LXKE82124 IBM Infoprint 1332 FTP Server 55.10.21 ready.</example>
|
571
|
+
<example>LXKE8255D IBM Infoprint 1332 FTP Server 55.10.21 ready.</example>
|
572
|
+
<example>LXKE825A0 IBM Infoprint 1332 FTP Server 55.10.21 ready.</example>
|
573
|
+
<example>LXKE93276 IBM Infoprint 1332 FTP Server 55.10.19 ready.</example>
|
574
|
+
<param pos="0" name="os.vendor" value="Ricoh"/>
|
575
|
+
<param pos="0" name="os.family" value="Infoprint"/>
|
576
|
+
<param pos="0" name="os.device" value="Printer"/>
|
577
|
+
<param pos="1" name="os.product"/>
|
578
|
+
<param pos="2" name="os.version"/>
|
579
|
+
</fingerprint>
|
580
|
+
<fingerprint pattern="^(Gestetner \S+(?: \S+)?) FTP server \((.*)\)" certainty="1.0">
|
581
|
+
<description>Gestetner Printer FTP</description>
|
582
|
+
<example os.product="Gestetner MP5500/DSm755" os.version="5.11c">Gestetner MP5500/DSm755 FTP server (5.11c) ready.</example>
|
583
|
+
<example os.product="Gestetner MP C4502" os.version="11.77">Gestetner MP C4502 FTP server (11.77) ready.</example>
|
584
|
+
<example>Gestetner MP 161/DSm416 FTP server (6.11) ready. </example>
|
585
|
+
<example>Gestetner 3502 FTP server (1.66.1) ready</example>
|
586
|
+
<example>Gestetner C7526dn FTP server (6.05.1) ready.</example>
|
587
|
+
<param pos="0" name="os.vendor" value="Ricoh"/>
|
588
|
+
<param pos="0" name="os.device" value="Multifunction Device"/>
|
589
|
+
<param pos="1" name="os.product"/>
|
590
|
+
<param pos="2" name="os.version"/>
|
591
|
+
</fingerprint>
|
592
|
+
<fingerprint pattern="^(Gestetner \S+)$" certainty="1.0">
|
593
|
+
<description>Gestetner Printer FTP</description>
|
594
|
+
<example>Gestetner MPC2500</example>
|
595
|
+
<param pos="0" name="os.vendor" value="Ricoh"/>
|
596
|
+
<param pos="0" name="os.device" value="Multifunction Device"/>
|
597
|
+
<param pos="1" name="os.product"/>
|
598
|
+
</fingerprint>
|
599
|
+
<fingerprint pattern="^EUFSALE MarkNet (\S+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
|
600
|
+
<description>Lexmark Marknet Printers FTP</description>
|
601
|
+
<example>EUFSALE MarkNet X2011e FTP Server 4.20.21 ready.</example>
|
602
|
+
<param pos="0" name="os.vendor" value="Lexmark"/>
|
603
|
+
<param pos="0" name="os.family" value="MarkNet"/>
|
604
|
+
<param pos="0" name="os.device" value="Print server"/>
|
605
|
+
<param pos="1" name="os.product"/>
|
606
|
+
<param pos="2" name="os.version"/>
|
607
|
+
</fingerprint>
|
608
|
+
<fingerprint pattern="^ET(\S+) Source Technologies (ST-96\S+) FTP Server (\S+) ready\.?$">
|
609
|
+
<description>Source Technologies ST9600 Series Secure Printer</description>
|
610
|
+
<example>ET0021B730F70E Source Technologies ST-9620 FTP Server NJ.APS.N254e ready.</example>
|
611
|
+
<example>ET0021B7549AF2 Source Technologies ST-9620 FTP Server NR.APS.N447b2 ready.</example>
|
612
|
+
<example>ET0021B7300F01 Source Technologies ST-9620 FTP Server NJ.APS.N254e ready.</example>
|
613
|
+
<param pos="0" name="os.vendor" value="Source Technologies"/>
|
614
|
+
<param pos="0" name="os.family" value="ST9600 Series"/>
|
615
|
+
<param pos="0" name="os.device" value="Printer"/>
|
616
|
+
<param pos="1" name="host.mac"/>
|
617
|
+
<param pos="2" name="os.product"/>
|
618
|
+
<param pos="3" name="os.version"/>
|
619
|
+
</fingerprint>
|
620
|
+
<fingerprint pattern="^ET(\S+) (Pro\d+) Series FTP Server ready\.$" certainty="1.0">
|
621
|
+
<description>Lexmark ProXXX Series of Printers</description>
|
622
|
+
<example>ET0020007E4D2A Pro700 Series FTP Server ready.</example>
|
623
|
+
<param pos="0" name="os.vendor" value="Lexmark"/>
|
624
|
+
<param pos="0" name="os.device" value="Printer"/>
|
625
|
+
<param pos="0" name="os.family" value="Pro Series"/>
|
626
|
+
<param pos="1" name="host.mac"/>
|
627
|
+
<param pos="2" name="os.product"/>
|
628
|
+
</fingerprint>
|
629
|
+
<fingerprint pattern="^ET(\S+) Lexmark Forms Printer (\d+) Ethernet FTP Server (\S+) ready\.$" certainty="1.0">
|
630
|
+
<description>Lexmark Forms Printer</description>
|
631
|
+
<example>ET0020004F54EE Lexmark Forms Printer 2590 Ethernet FTP Server LCL.CU.P012c ready.</example>
|
632
|
+
<param pos="0" name="os.vendor" value="Lexmark"/>
|
633
|
+
<param pos="0" name="os.family" value="Forms Printer"/>
|
634
|
+
<param pos="0" name="os.device" value="Printer"/>
|
635
|
+
<param pos="1" name="host.mac"/>
|
636
|
+
<param pos="2" name="os.product"/>
|
637
|
+
<param pos="3" name="os.version"/>
|
638
|
+
</fingerprint>
|
639
|
+
<fingerprint pattern="^ET(\S+) TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
|
640
|
+
<description>Toshiba Printer</description>
|
641
|
+
<example>ET0004001E9C00 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N221 ready.</example>
|
642
|
+
<example>ET00040089BE42 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
|
643
|
+
<param pos="0" name="os.vendor" value="Toshiba"/>
|
644
|
+
<param pos="0" name="os.device" value="Multifunction Device"/>
|
645
|
+
<param pos="0" name="os.product" value="e-STUDIO"/>
|
646
|
+
<param pos="1" name="host.mac"/>
|
647
|
+
<param pos="2" name="os.version"/>
|
648
|
+
</fingerprint>
|
649
|
+
<fingerprint pattern="^\S+ TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
|
650
|
+
<description>Toshiba Printer</description>
|
651
|
+
<example>JHBPRN13 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
|
652
|
+
<param pos="0" name="os.vendor" value="Toshiba"/>
|
653
|
+
<param pos="0" name="os.device" value="Multifunction Device"/>
|
654
|
+
<param pos="0" name="os.product" value="e-STUDIO"/>
|
655
|
+
<param pos="1" name="os.version"/>
|
656
|
+
</fingerprint>
|
657
|
+
<fingerprint pattern="^.*Lexmark Optra (\S+) FTP Server (\S+) ready\.$" certainty="1.0">
|
658
|
+
<description>Lexmark Optra Printer</description>
|
659
|
+
<example>lex142785470853 Lexmark Optra T612 FTP Server 3.20.30 ready.</example>
|
660
|
+
<example>oppr1.s02504.us Lexmark Optra T610 FTP Server 3.20.20 ready.</example>
|
661
|
+
<param pos="0" name="os.vendor" value="Lexmark"/>
|
662
|
+
<param pos="0" name="os.family" value="Optra"/>
|
663
|
+
<param pos="0" name="os.device" value="Printer"/>
|
664
|
+
<param pos="1" name="os.product"/>
|
665
|
+
<param pos="2" name="os.version"/>
|
666
|
+
</fingerprint>
|
667
|
+
<fingerprint pattern="^SHARP (MX-\S+) Ver (\S+) FTP server\.$" certainty="1.0">
|
668
|
+
<description>Sharp Printer/Copier/Scanne</description>
|
669
|
+
<example os.product="MX-6200N" os.version="01.02.00.0e">SHARP MX-6200N Ver 01.02.00.0e FTP server.</example>
|
670
|
+
<example>SHARP MX-M363N Ver 01.05.00.0k FTP server.</example>
|
671
|
+
<example>SHARP MX-M363N Ver 01.05.00.1k FTP server.</example>
|
672
|
+
<example>SHARP MX-5001N Ver 01.05.00.0n FTP server.</example>
|
673
|
+
<example>SHARP MX-5500N Ver 01.02.00.09 FTP server.</example>
|
674
|
+
<example>SHARP MX-M453N Ver 01.05.00.0k FTP server.</example>
|
675
|
+
<example>SHARP MX-M503N Ver 01.05.00.1k FTP server.</example>
|
676
|
+
<example>SHARP MX-M620U Ver 01.03.00 FTP server.</example>
|
677
|
+
<example>SHARP MX-M620U Ver 01.04.00.04 FTP server.</example>
|
678
|
+
<param pos="0" name="os.vendor" value="Sharp"/>
|
679
|
+
<param pos="0" name="os.device" value="Printer"/>
|
680
|
+
<param pos="0" name="os.family" value="MX Series"/>
|
681
|
+
<param pos="1" name="os.product"/>
|
682
|
+
<param pos="2" name="os.version"/>
|
683
|
+
</fingerprint>
|
684
|
+
<fingerprint pattern="^(FS-\S+MFP\S*?) FTP server\.?$" certainty="1.0">
|
685
|
+
<description>Kyocera Printers</description>
|
686
|
+
<example>FS-C2126MFP FTP server</example>
|
687
|
+
<example>FS-C2026MFP+ FTP server</example>
|
688
|
+
<example>FS-1128MFP FTP server</example>
|
689
|
+
<param pos="0" name="os.vendor" value="Kyocera"/>
|
690
|
+
<param pos="0" name="os.device" value="Multifunction Device"/>
|
691
|
+
<param pos="1" name="os.product"/>
|
692
|
+
</fingerprint>
|
693
|
+
<fingerprint pattern="^(FS-\S+(?:DN|D|N)) FTP server\.?$" certainty="1.0">
|
694
|
+
<description>Kyocera Printers</description>
|
695
|
+
<example>FS-1370DN FTP server</example>
|
696
|
+
<example>FS-C5015N FTP server.</example>
|
697
|
+
<param pos="0" name="os.vendor" value="Kyocera"/>
|
698
|
+
<param pos="0" name="os.device" value="Printer"/>
|
699
|
+
<param pos="0" name="os.family" value="FS"/>
|
700
|
+
<param pos="1" name="os.product"/>
|
701
|
+
</fingerprint>
|
702
|
+
<fingerprint pattern="^(ESI-\S+) Version (\S+) ready\.$" certainty="1.0">
|
703
|
+
<description>Extended Systems ExtendNet Print Server</description>
|
704
|
+
<example>ESI-2941B Version 6.34 ready.</example>
|
705
|
+
<example>ESI-2941A Version 6.03 ready.</example>
|
706
|
+
<example>ESI-2933A Version 6.40 ready.</example>
|
707
|
+
<example>ESI-2831 Version 2.1 ready.</example>
|
708
|
+
<example>ESI-2833A Version 6.3 ready.</example>
|
709
|
+
<example>ESI-2900A Version 6.31 ready.</example>
|
710
|
+
<example>ESI-2841B Version 3.01 ready.</example>
|
711
|
+
<example>ESI-2841C Version 5.09e ready.</example>
|
712
|
+
<example>ESI-2933A Version 6.40a.05 ready.</example>
|
713
|
+
<example>ESI-2999A Version 6.30a.07 ready.</example>
|
714
|
+
<param pos="0" name="os.vendor" value="Sybase"/>
|
715
|
+
<param pos="0" name="os.family" value="Extended Systems ExtendNet"/>
|
716
|
+
<param pos="0" name="os.device" value="Print server"/>
|
717
|
+
<param pos="1" name="os.product"/>
|
718
|
+
<param pos="2" name="os.version"/>
|
719
|
+
</fingerprint>
|
720
|
+
<fingerprint pattern="^SATO SATO PRINTER Ver (\S+) FTP server\.$" certainty="1.0">
|
721
|
+
<description>SATO Printer</description>
|
722
|
+
<example>SATO SATO PRINTER Ver A1.2.3 FTP server.</example>
|
723
|
+
<example>SATO SATO PRINTER Ver A2.3.0 FTP server.</example>
|
724
|
+
<param pos="0" name="os.vendor" value="SATO"/>
|
725
|
+
<param pos="0" name="os.device" value="Printer"/>
|
726
|
+
<param pos="1" name="os.version"/>
|
727
|
+
</fingerprint>
|
728
|
+
<fingerprint pattern="^Printer FTP (\d+\.\d+\.\d+) ready at (\w{3} \d{2} \d{2}:\d{2}:\d{2})$" certainty="1.0">
|
729
|
+
<description>AMTDatasouth Fastmark M5</description>
|
730
|
+
<example>Printer FTP 4.8.7 ready at Apr 30 20:13:23</example>
|
731
|
+
<example>Printer FTP 4.8.7 ready at Aug 31 16:43:22</example>
|
732
|
+
<example>Printer FTP 4.8.7 ready at Feb 28 11:27:46</example>
|
733
|
+
<example>Printer FTP 4.8.7 ready at Jan 31 00:40:04</example>
|
734
|
+
<example>Printer FTP 4.8.7 ready at Mar 31 06:28:25</example>
|
735
|
+
<param pos="0" name="os.vendor" value="AMTDatasouth"/>
|
736
|
+
<param pos="0" name="os.product" value="Fastmark M5"/>
|
737
|
+
<param pos="0" name="os.device" value="Printer"/>
|
738
|
+
<param pos="1" name="os.version"/>
|
739
|
+
<param pos="0" name="system.time.format" value="MMM dd HH:mm::ss"/>
|
740
|
+
<param pos="2" name="system.time"/>
|
741
|
+
</fingerprint>
|
742
|
+
<fingerprint pattern="^EFI FTP Print server ready\.$" certainty="0.8">
|
743
|
+
<description>EFI FTP Print Server</description>
|
744
|
+
<example>EFI FTP Print server ready.</example>
|
745
|
+
<param pos="0" name="service.vendor" value="EFI"/>
|
746
|
+
<param pos="0" name="service.product" value="Fiery Print Server"/>
|
747
|
+
<param pos="0" name="os.vendor" value="EFI"/>
|
748
|
+
<param pos="0" name="os.product" value="Fiery Print Server"/>
|
749
|
+
<param pos="0" name="os.device" value="Print server"/>
|
750
|
+
</fingerprint>
|
751
|
+
<!-- Conjectured based on known MX FTP fingerprints -->
|
752
|
+
<fingerprint pattern="^SHARP (AR-\S+) Ver (\S+) FTP server">
|
753
|
+
<description>Sharp AR Series multifunction device</description>
|
754
|
+
<example>SHARP AR-M450 Ver 01.05.00.0k FTP server.</example>
|
755
|
+
<param pos="0" name="os.vendor" value="Sharp"/>
|
756
|
+
<param pos="0" name="os.device" value="Multifunction Device"/>
|
757
|
+
<param pos="0" name="os.family" value="AR Series"/>
|
758
|
+
<param pos="1" name="os.product"/>
|
759
|
+
<param pos="2" name="os.version"/>
|
760
|
+
</fingerprint>
|
761
|
+
<fingerprint pattern="^KONICA MINOLTA FTP server ready\.?$">
|
762
|
+
<description>Konica Minolta FTP Server</description>
|
763
|
+
<example>KONICA MINOLTA FTP server ready.</example>
|
764
|
+
<param pos="0" name="os.device" value="Printer"/>
|
765
|
+
<param pos="0" name="os.vendor" value="Konica Minolta"/>
|
766
|
+
<param pos="0" name="os.product" value="Printer"/>
|
767
|
+
<param pos="0" name="service.vendor" value="Konica Minolta"/>
|
768
|
+
<param pos="0" name="service.product" value="KM FTPD"/>
|
769
|
+
</fingerprint>
|
770
|
+
<fingerprint pattern="^(KM\S+) FTP server \(KM FTPD version (\d*(?:\.\d*))\) ready\.?$">
|
771
|
+
<description>Konica Minolta FTP Server</description>
|
772
|
+
<example>KM23BC97 FTP server (KM FTPD version 1.00) ready.</example>
|
773
|
+
<example>KM23BF0A FTP server (KM FTPD version 1.00) ready.</example>
|
774
|
+
<example>KM23CBDB FTP server (KM FTPD version 1.00) ready.</example>
|
775
|
+
<example>KM23E608 FTP server (KM FTPD version 1.00) ready.</example>
|
776
|
+
<example>KM23E8A2 FTP server (KM FTPD version 1.00) ready.</example>
|
777
|
+
<example>KM25015E FTP server (KM FTPD version 1.00) ready.</example>
|
778
|
+
<example>KM250E38 FTP server (KM FTPD version 1.00) ready.</example>
|
779
|
+
<example>KM251A4C FTP server (KM FTPD version 1.00) ready.</example>
|
780
|
+
<param pos="0" name="os.device" value="Printer"/>
|
781
|
+
<param pos="0" name="os.vendor" value="Konica Minolta"/>
|
782
|
+
<param pos="1" name="os.product"/>
|
783
|
+
<param pos="0" name="service.vendor" value="Konica Minolta"/>
|
784
|
+
<param pos="0" name="service.product" value="KM FTPD"/>
|
785
|
+
<param pos="2" name="service.version"/>
|
786
|
+
</fingerprint>
|
787
|
+
<fingerprint pattern="^(ZBR-\d+) Version (\S+) ready\.?$">
|
788
|
+
<description>ZebraNet Print Server FTP</description>
|
789
|
+
<example>ZBR-46686 Version 7.02 ready.</example>
|
790
|
+
<example>ZBR-79071 Version V56.17.5Z ready.</example>
|
791
|
+
<example>ZBR-46687 Version 7.02 ready.</example>
|
792
|
+
<param pos="0" name="os.vendor" value="ZebraNet"/>
|
793
|
+
<param pos="0" name="os.device" value="Print server"/>
|
794
|
+
<param pos="1" name="os.product"/>
|
795
|
+
<param pos="2" name="os.version"/>
|
796
|
+
</fingerprint>
|
797
|
+
<fingerprint pattern="^(\S+) FTP server \(Version (\S+) \w+ \w+ \d{1,2} \d{1,2}:\d{1,2}:\d{1,2} [A-Z]+ (?:1|2)\d{3}\) ready\.?$">
|
798
|
+
<description>IBM AIX FTP Server</description>
|
799
|
+
<example host.name="ibmoz.tor.rapid7.com" service.version="4.1">ibmoz.tor.rapid7.com FTP server (Version 4.1 Sat Sep 7 14:31:53 CDT 2002) ready.</example>
|
800
|
+
<example>ibmoz.tor.rapid7.com FTP server (Version 5.3 Sat Jan 10 14:01:03 CDT 2012) ready</example>
|
801
|
+
<param pos="0" name="os.vendor" value="IBM"/>
|
802
|
+
<param pos="0" name="os.product" value="AIX"/>
|
803
|
+
<param pos="0" name="service.vendor" value="AIX"/>
|
804
|
+
<param pos="0" name="service.product" value="AIX FTP Server"/>
|
805
|
+
<param pos="1" name="host.name"/>
|
806
|
+
<param pos="2" name="service.version"/>
|
807
|
+
</fingerprint>
|
808
|
+
</fingerprints>
|