recog 0.01

data/xml/hp_pjl_id.xml

@@ -0,0 +1,435 @@
+<?xml version="1.0"?>
+<!--
+For printers running the PJL protocol (usually on 9100/tcp), their type can be requested
+by the INFO ID command. The printer types (strings surrounded by double quotes) are
+matched against these patterns to fingerprint the printer.
+-->
+
+<fingerprints>
+   <!--
+   LaserJet and Designjet are registered trademarks of HP. Therefore matching for the keywords
+   is sufficient for asserting all relevant information
+   -->
+   <fingerprint pattern="laserjet (.*)(?: series)?" flags="REG_ICASE">
+      <description>HP JetDirect Printer</description>
+      <example>HP LaserJet 4100 Series</example>
+      <example>HP LaserJet 2200</example>
+      <example>LASERJET 4050</example>
+      <example>LASERJET 4 PLUS</example>
+      <example>hp LaserJet 1320 series</example>
+      <example>hp color LaserJet 4600</example>
+      <example>HP Color LaserJet 3600</example>
+      <example>HP LASERJET 4ML</example>
+      <example>hp LaserJet 4345 mfp</example>
+      <example>HP Color LaserJet CM2320nf MFP</example>
+      <example>HP LaserJet 600 M602</example>
+      <example>HP LaserJet 1022n</example>
+      <example>HP LaserJet M1120n MFP</example>
+      <example>HP LaserJet P1505n</example>
+      <example>HP LaserJet P2014n</example>
+      <example>HP LaserJet P2035n</example>
+      <example>HP LaserJet P2055 Series</example>
+      <example>HP LaserJet Professional M1212nf MFP</example>
+      <example>HP LaserJet Professional P1606dn</example>
+      <example>20080613_1836 HP LaserJet P2055 Series</example>
+      <example>20080718_1441 HP LaserJet P2055 Series</example>
+      <example>20081103_1652 HP LaserJet P2055 Series</example>
+      <example>20081124_1804 HP LaserJet P2055 Series</example>
+      <example>20081124_1858 HP LaserJet P2055 Series</example>
+      <param pos="0" name="service.vendor" value="HP"/>
+      <param pos="0" name="service.product" value="JetDirect"/>
+      <param pos="0" name="service.family" value="JetDirect"/>
+      <param pos="0" name="os.vendor" value="HP"/>
+      <param pos="0" name="os.device" value="Printer"/>
+      <param pos="0" name="os.family" value="LaserJet"/>
+      <param pos="1" name="os.product"/>
+   </fingerprint>
+
+  <fingerprint pattern="(designjet \S+)" flags="REG_ICASE">
+      <description>HP Designjet printer</description>
+      <example>hp designjet 110plus</example>
+      <example>DESIGNJET 1050C</example>
+      <example>DESIGNJET 1055CM</example>
+      <example>DESIGNJET 700</example>
+      <param pos="0" name="service.vendor" value="HP"/>
+      <param pos="0" name="service.product" value="JetDirect"/>
+      <param pos="0" name="service.family" value="JetDirect"/>
+      <param pos="0" name="os.vendor" value="HP"/>
+      <param pos="0" name="os.family" value="DesignJet"/>
+      <param pos="0" name="os.device" value="Printer"/>
+      <param pos="1" name="os.product"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Xerox ColorQube (\S+)$">
+      <description>Xerox ColorQube Multifunction Printer</description>
+      <example>Xerox ColorQube 8570DN</example>
+      <example>Xerox ColorQube 8570DT</example>
+      <example>Xerox ColorQube 8570N</example>
+      <param pos="0" name="os.vendor" value="Xerox"/>
+      <param pos="0" name="os.family" value="ColorQube"/>
+      <param pos="1" name="os.product"/>
+      <param pos="0" name="os.device" value="Multifunction Device"/>
+  </fingerprint>
+
+   <fingerprint pattern="^Brother (.+)$">
+      <description>Brother Printer</description>
+      <example>Brother HL-1660e</example>
+      <param pos="0" name="os.vendor" value="Brother"/>
+      <param pos="0" name="os.device" value="Printer"/>
+      <param pos="1" name="os.product"/>
+   </fingerprint>
+
+   <!-- Assert the product range as a product fingerprint. -->
+   <fingerprint pattern="^(iR ?\S+)">
+      <description>Canon iR multifunction device</description>
+      <example>iR 3180C EUR</example>
+      <example>iR C4080/C4580</example>
+      <example>iR1020/1024/1025</example>
+      <param pos="0" name="os.vendor" value="Canon"/>
+      <param pos="0" name="os.family" value="iR Series"/>
+      <param pos="0" name="os.device" value="Multifunction Device"/>
+      <param pos="1" name="os.product"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(?:Dell (?:Color Laser |Laser Printer )?|(?:Color Laser |Laser Printer ))(\d+(?:n|cn|dn|cdn))(?: Color Laser| Laser Printer)?$"> -->
+      <description>Dell Laser Printer</description>
+      <example>Dell Laser Printer 1710n</example>
+      <example>Dell Color Laser 3110cn</example>
+      <example>Laser Printer 5100cn</example>
+      <example>Dell 2130cn Color Laser</example>
+      <example>Dell 2330dn Laser Printer</example>
+      <example>Dell 2350dn Laser Printer</example>
+      <example>Dell 3130cn Color Laser</example>
+      <example>Dell 5130cdn Color Laser</example>
+      <example>Dell 5230n Laser Printer</example>
+      <example>Dell 2145cn</example>
+      <param pos="0" name="os.vendor" value="Dell"/>
+      <param pos="0" name="os.family" value="Laser Printer"/>
+      <param pos="0" name="os.device" value="Printer"/>
+      <param pos="1" name="os.product"/>
+   </fingerprint>
+
+   <fingerprint pattern="^Dell (\d+(?:n|cn|dn|cdn)) MFP$">
+      <description>Dell Laser multifunction device</description>
+      <example>Dell 2135cn MFP</example>
+      <example>Dell 2335dn MFP</example>
+      <param pos="0" name="os.vendor" value="Dell"/>
+      <param pos="0" name="os.family" value="Laser Printer"/>
+      <param pos="0" name="os.device" value="Multifunction Device"/>
+      <param pos="1" name="os.product"/>
+   </fingerprint>
+
+    <fingerprint pattern="^HP (\S+ Digital Sender)$">
+      <description>HP Digital Sender scanner</description>
+      <example>HP 9250C Digital Sender</example>
+      <param pos="0" name="os.vendor" value="HP"/>
+      <param pos="0" name="os.device" value="Scanner"/>
+      <param pos="0" name="os.family" value="Digital Sender"/>
+      <param pos="1" name="os.product"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(?:IBM )?Infoprint(?: Color)? (\S+)$">
+      <description>IBM Infoprint Printer</description>
+      <param pos="0" name="os.vendor" value="IBM"/>
+      <param pos="0" name="os.family" value="Infoprint"/>
+      <param pos="0" name="os.device" value="Printer"/>
+      <param pos="1" name="os.product"/>
+   </fingerprint>
+
+   <fingerprint pattern="^KM-(.*)$">
+      <description>Konica Minolta printer</description>
+      <example>KM-5050</example>
+      <param pos="0" name="os.vendor" value="Lexmark"/>
+      <param pos="0" name="os.device" value="Printer"/>
+      <param pos="1" name="os.product"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(FS-\S+MFP\S*)$">
+      <description>Kyocera Mita Multifunction device</description>
+      <example>FS-C2126MFP</example>
+      <example>FS-C2126MFP+</example>
+      <example>FS-1035MFP/DP</example>
+      <param pos="0" name="os.vendor" value="Kyocera Mita"/>
+      <param pos="0" name="os.device" value="Multifunction Device"/>
+      <param pos="0" name="os.family" value="FS"/>
+      <param pos="1" name="os.product"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(FS-(?:C)?\d+(?:D|DN))$">
+      <description>Kyocera Mita Printer</description>
+      <example>FS-C8500DN</example>
+      <example>FS-4100DN</example>
+      <example>FS-2020D</example>
+      <param pos="0" name="os.vendor" value="Kyocera Mita"/>
+      <param pos="0" name="os.device" value="Printer"/>
+      <param pos="0" name="os.family" value="FS"/>
+      <param pos="1" name="os.product"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(TASKalfa \S+)$">
+      <description>Kyocera Mita TASKalfa multifunction device</description>
+      <example>TASKalfa 300ci</example>
+      <example>TASKalfa 520i</example>
+      <example>TASKalfa 250ci</example>
+      <param pos="0" name="os.vendor" value="Kyocera Mita"/>
+      <param pos="0" name="os.device" value="Multifunction Device"/>
+      <param pos="0" name="os.family" value="TASKalfa"/>
+      <param pos="1" name="os.product"/>
+   </fingerprint>
+
+    <fingerprint pattern="^Lexmark (.*)$">
+      <description>Lexmark JetDirect printer</description>
+      <example>Lexmark C910</example>
+      <example>Lexmark Optra LaserPrinter</example>
+      <example>Lexmark Optra S 1250</example>
+      <param pos="0" name="os.vendor" value="Lexmark"/>
+      <param pos="0" name="os.device" value="Printer"/>
+      <param pos="1" name="os.product"/>
+   </fingerprint>
+   
+   <fingerprint pattern="^Oce (fx[^(?:\s|:)]+):.*$" flags="REG_ICASE">
+      <description>Oce FX series multifunction device</description>
+      <example os.product="fx3000">Oce fx3000:8C5-B29:Ver.D:U0707161719:B0601271355</example>
+      <param pos="0" name="os.vendor" value="Oce"/>
+      <param pos="0" name="os.family" value="FX Series"/>
+      <param pos="0" name="os.device" value="Multifunction Device"/>
+      <param pos="1" name="os.product"/>
+   </fingerprint>
+
+   <fingerprint pattern="^Oce (VL\S+):.*$" flags="REG_ICASE">
+      <description>Oce VarioLink multifunction device</description>
+      <example>Oce VL3200:8C5-D92:Ver.B</example>
+      <param pos="0" name="os.vendor" value="Oce"/>
+      <param pos="0" name="os.family" value="VarioLink"/>
+      <param pos="0" name="os.device" value="Multifunction Device"/>
+      <param pos="1" name="os.product"/>
+   </fingerprint>
+
+   <!-- IGI is Imagistics International, which was acquired by Oce.
+        I can't find MX-MBX3 or any variant online. -->
+   <fingerprint pattern="^OceIGI MX-\S+" flags="REG_ICASE">
+      <description>Oce-acquired IGI printer</description>
+      <example>OceIGI MX-NBX3 02-Jul-07 14:47</example>
+      <param pos="0" name="os.vendor" value="Oce"/>
+      <param pos="0" name="os.device" value="Printer"/>
+   </fingerprint>
+
+   <!-- im3510/4510 is actually a range of model numbers, but asserting a range
+        of models as a product is preferableto asserting nothing. -->
+   <fingerprint pattern="^Imagistics (im\S+) (.+)" flags="REG_ICASE">
+      <description>Oce IM series multifunction device</description>
+      <example>Imagistics im3510/4510 02-Aug-04 10:56</example>
+      <param pos="0" name="os.vendor" value="Oce"/>
+      <param pos="0" name="os.family" value="IM Series"/>
+      <param pos="0" name="os.device" value="Multifunction Device"/>
+      <param pos="0" name="system.time.format" value="dd-MMM-yy HH:mm"/>
+      <param pos="1" name="os.product"/>
+      <param pos="2" name="system.time"/>
+   </fingerprint>
+
+   <!-- C610 is a series; there are several models with suffixes n, dn, dtn, cdn -->
+   <fingerprint pattern="^OKI (C\d+)\S*$">
+      <description>Okidata color printer</description>
+      <example>OKI C610</example>
+      <example>OKI C710</example>
+      <!-- Conjectured -->
+      <example>OKI C710dn</example>
+      <param pos="0" name="os.vendor" value="Okidata"/>
+      <param pos="0" name="os.device" value="Printer"/>
+      <param pos="1" name="os.product"/>
+   </fingerprint>
+
+   <fingerprint pattern="^OKI (MC\d+)\S*$">
+      <description>Okidata multifunction device</description>
+      <example>OKI MC860</example>
+      <param pos="0" name="os.vendor" value="Okidata"/>
+      <param pos="0" name="os.device" value="Multifunction Device"/>
+      <param pos="1" name="os.product"/>
+   </fingerprint>
+
+   <fingerprint pattern="^RICOH ((?:Aficio|MP|SP) .*)$" flags="REG_ICASE">
+      <description>Ricoh Aficio Printer</description>
+      <example>RICOH Aficio 2075</example>
+      <example>RICOH Aficio AP610N</example>
+      <example>RICOH Aficio SP 8100DN</example>
+      <example>RICOH MP C1500/615C</example>
+      <param pos="0" name="os.vendor" value="Ricoh"/>
+      <param pos="0" name="os.family" value="Aficio"/>
+      <param pos="1" name="os.product"/>
+      <param pos="0" name="os.device" value="Printer"/>
+   </fingerprint>
+
+    <!-- NRG was acquired by Ricoh; classify NRG printers as such.
+         Be consistent with snmp_sysdescr.xml. -->
+   <fingerprint pattern="^NRG ([MS]P \S+)$" flags="REG_ICASE">
+      <description>Ricoh NRG printer</description>
+      <example>NRG MP 171</example>
+      <example>NRG MP 3350</example>
+      <example>NRG MP C2550</example>
+      <example>NRG MP C2800</example>
+      <example>NRG MP C3500</example>
+      <example>NRG MP C4000</example>
+      <example>NRG MP C4500</example>
+      <example>NRG SP C231SF</example>
+      <param pos="0" name="os.vendor" value="Ricoh"/>
+      <param pos="0" name="os.device" value="Printer"/>
+      <param pos="1" name="os.product"/>
+   </fingerprint>
+
+    <!-- Gestetner == NRG, and was acquired by Ricoh.
+         Assert the range of products as os.product. -->
+    <fingerprint pattern="^Gestetner (MP\S+/DSc\S+)$" flags="REG_ICASE">
+       <description>Ricoh Gestetner multifunction device</description>
+       <example>Gestetner MPC2500/DSc525</example>
+       <param pos="0" name="os.vendor" value="Ricoh"/>
+       <param pos="0" name="os.device" value="Multifunction Device"/>
+       <param pos="1" name="os.product"/>
+    </fingerprint>
+    
+    <fingerprint pattern="^HYDRA$" flags="REG_ICASE">
+      <description>RSI Hydra printer</description>
+      <example>HYDRA</example>
+      <param pos="0" name="os.vendor" value="RSI"/>
+      <param pos="0" name="os.device" value="Printer"/>
+      <param pos="0" name="os.product" value="Hydra"/>
+    </fingerprint>
+
+    <fingerprint pattern="^Savin (\S+)$" flags="REG_ICASE">
+      <description>Savin Printer</description>
+      <example>SAVIN 4075</example>
+      <param pos="0" name="os.vendor" value="Savin"/>
+      <param pos="0" name="os.device" value="Printer"/>
+      <param pos="1" name="os.product"/>
+    </fingerprint>
+
+    <fingerprint pattern="^Samsung ((?:SCX|CLX)-\S+) Series$" flags="REG_ICASE">
+      <description>Samsung multifunction device</description>
+      <example>Samsung SCX-5835_5935 Series</example>
+      <!-- Conjectured -->
+      <example>Samsung CLX-4195 Series</example>
+      <param pos="0" name="os.vendor" value="Samsung"/>
+      <param pos="0" name="os.device" value="Multifunction Device"/>
+      <param pos="1" name="os.product"/>
+    </fingerprint>
+
+    <fingerprint pattern="^Samsung ((?:ML|CLP)-\S+) Series$" flags="REG_ICASE">
+      <description>Samsung printer</description>
+      <example>Samsung CLP-680 Series</example>
+      <example>Samsung ML-5012_5512 Series</example>
+      <param pos="0" name="os.vendor" value="Samsung"/>
+      <param pos="0" name="os.device" value="Printer"/>
+      <param pos="1" name="os.product"/>
+    </fingerprint>
+
+    <fingerprint pattern="^SHARP (\S+-\S+) .*$" flags="REG_ICASE">
+      <description>Sharp Printer</description>
+      <example>Sharp MX-NBX3 18-Mar-08 10:22</example>
+      <example>Sharp AR-P17 24-Mar-04 19:55</example>
+      <param pos="0" name="os.vendor" value="Sharp"/>
+      <param pos="0" name="os.device" value="Printer"/>
+      <param pos="1" name="os.product"/>
+    </fingerprint>
+
+    <fingerprint pattern="^Source Technologies (\S+)$" flags="REG_ICASE">
+      <description>Source Technologies Printer</description>
+      <example>Source Technologies ST-9620</example>
+      <param pos="0" name="os.vendor" value="Source Technologies"/>
+      <param pos="0" name="os.device" value="Printer"/>
+      <param pos="1" name="os.product"/>
+   </fingerprint>
+
+   <!-- Consistent with snmp_sysdescr.xml -->
+   <fingerprint pattern="^TOSHIBA (e-STUDIO\S+)(?:\s+.*)?" certainty="0.9">
+      <description>Toshiba e-STUDIO multifunction device</description>
+      <example>TOSHIBA e-STUDIO350 V468Z 20061013</example>
+      <example>TOSHIBA e-STUDIO350-450 V444Z 20041104</example>
+      <example>TOSHIBA e-STUDIO450 V468Z 20061013</example>
+      <example>TOSHIBA e-STUDIO500S</example>
+      <param pos="0" name="os.vendor" value="Toshiba"/>
+      <param pos="0" name="os.family" value="e-STUDIO"/>
+      <param pos="0" name="os.device" value="Multifunction Device"/>
+      <param pos="1" name="os.product"/>
+   </fingerprint>
+
+   <!-- TODO:
+        Xerox AccXES devices are documented to return:
+
+        "<printer name> <release #>"
+        <FF>
+
+        In the above, <printer name> is the official product name of the
+        AccXES printer, and <release #> corresponds to a software release
+        number.
+     -->
+
+   <fingerprint pattern="^(?:ID=)?Xerox (Phaser \S+)$" certainty="0.9">
+      <description>Xerox Phaser Printer</description>
+      <example>Xerox Phaser 6180MFP-D</example>
+      <example>ID=Xerox Phaser 5400</example>
+      <example>Xerox Phaser 4400DT</example>
+      <example>Xerox Phaser 4400N</example>
+      <example>Xerox Phaser 4500DT</example>
+      <example>Xerox Phaser 4500N</example>
+      <example>Xerox Phaser 4510DT</example>
+      <example>Xerox Phaser 4510N</example>
+      <example>Xerox Phaser 5500DN</example>
+      <example>Xerox Phaser 5550DN</example>
+      <example>Xerox Phaser 5550DT</example>
+      <example>Xerox Phaser 6300DN</example>
+      <example>Xerox Phaser 6360DN</example>
+      <example>Xerox Phaser 6360DT</example>
+      <example>Xerox Phaser 7750DN</example>
+      <example>Xerox Phaser 7750GX</example>
+      <example>Xerox Phaser 7760DN</example>
+      <example>Xerox Phaser 7760GX</example>
+      <example>Xerox Phaser 8400N</example>
+      <example>Xerox Phaser 8550DP</example>
+      <example>Xerox Phaser 8560</example>
+      <example>Xerox Phaser 8560DN</example>
+      <example>Xerox Phaser 8560N</example>
+      <example>Xerox Phaser 8860MFP</example>
+      <param pos="0" name="os.vendor" value="Xerox"/>
+      <param pos="0" name="os.family" value="Phaser"/>
+      <param pos="0" name="os.device" value="Printer"/>
+      <param pos="1" name="os.product"/>
+    </fingerprint>
+
+   <fingerprint pattern="^Xerox (WorkCentre .*)$" certainty="0.9">
+      <description>Xerox Workcentre Printer</description>
+      <example>Xerox WorkCentre 7425</example>
+      <example>Xerox WorkCentre Pro 245</example>
+      <example>Xerox WorkCentre Pro 55, v1 Multifunction System</example>
+      <param pos="0" name="os.vendor" value="Xerox"/>
+      <param pos="0" name="os.family" value="WorkCentre"/>
+      <param pos="1" name="os.product"/>
+      <param pos="0" name="os.device" value="Printer"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(XC\S+)$" certainty="0.9">
+      <description>Xerox XC Printer</description>
+      <example>XC560</example>
+      <param pos="0" name="os.vendor" value="Xerox"/>
+      <param pos="0" name="os.family" value="XC"/>
+      <param pos="0" name="os.device" value="Printer"/>
+      <param pos="1" name="os.product"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(DC\S+)$" certainty="0.9">
+      <description>Xerox DocuColor Printer</description>
+      <example>DC250</example>
+      <param pos="0" name="os.vendor" value="Xerox"/>
+      <param pos="0" name="os.family" value="DocuColor"/>
+      <param pos="0" name="os.device" value="Printer"/>
+      <param pos="1" name="os.product"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(EX\d+-\d+)$" certainty="0.9">
+      <description>Xerox EX Print Server, powered by EFI Fiery</description>
+      <example>EX4112-4127</example>
+      <param pos="0" name="os.vendor" value="Xerox"/>
+      <param pos="0" name="os.family" value="EX"/>
+      <param pos="0" name="os.device" value="Print server"/>
+      <param pos="1" name="os.product"/>
+   </fingerprint>
+
+ </fingerprints>

data/xml/http_cookies.xml

@@ -0,0 +1,379 @@
+<?xml version="1.0"?>
+<!--
+Set-Cookie HTTP header values are matched against these patterns to fingerprint HTTP
+servers.
+-->
+
+<fingerprints matches="http_header.cookie">
+   <fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)=.*">
+      <description>
+         Adobe (Macromedia) ColdFusion uses various cookies.
+         See http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_17915&amp;sliceId=1
+         and http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_17919&amp;sliceId=2
+      </description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="Adobe"/>
+      <param pos="0" name="service.family" value="ColdFusion"/>
+      <param pos="0" name="service.product" value="ColdFusion"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(Apache)=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.([0-9]+);.*">
+      <description>Apache</description>
+      <param pos="1" name="cookie"/>
+      <param pos="2" name="system.time.micros"/>
+      <param pos="0" name="service.vendor" value="Apache"/>
+      <param pos="0" name="service.family" value="Apache"/>
+      <param pos="0" name="service.product" value="HTTPD"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(JServSessionIdroot)=.*">
+      <description>Apache JServ</description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="Apache"/>
+      <param pos="0" name="service.family" value="JServ"/>
+      <param pos="0" name="service.product" value="JServ"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)=.*">
+      <description>ATG Dynamo</description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="ATG"/>
+      <param pos="0" name="service.family" value="Dynamo"/>
+      <param pos="0" name="service.product" value="Dynamo"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(WebLogicSession)=[^!]+![^!]+!([0-9]+);.*">
+      <description>BEA WebLogic (with timestamp)</description>
+      <param pos="1" name="cookie"/>
+      <param pos="2" name="system.time.millis"/>
+      <param pos="0" name="service.vendor" value="BEA"/>
+      <param pos="0" name="service.family" value="WebLogic"/>
+      <param pos="0" name="service.product" value="WebLogic"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(WebLogicSession)=.*">
+      <description>BEA WebLogic (no timestamp)</description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="BEA"/>
+      <param pos="0" name="service.family" value="WebLogic"/>
+      <param pos="0" name="service.product" value="WebLogic"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(BCSI-CSC[0-9A-Za-z]+)=.*">
+      <description>BlueCoat Proxy</description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="Blue Coat"/>
+      <param pos="0" name="service.family" value="Proxy"/>
+      <param pos="0" name="service.product" value="Proxy"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(CAKEPHP)=.*">
+      <description>CakePHP http://www.cakephp.org/</description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.family" value="PHP"/>
+      <param pos="0" name="service.product" value="CakePHP"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(ARPT)=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})([A-Z]+).*">
+      <description>Cisco 11000 Series Content Service Switch (CSS)
+      http://www.cisco.com/warp/public/117/AP_cookies.html
+
+      The cookie value breaks down to [box-id][service-id][timeout-value]
+      unfortunately, there's no separator so it's hard to tell what the
+      actual break is between the pieces of data.
+      </description>
+      <param pos="1" name="cookie"/>
+      <param pos="2" name="host.id"/>
+      <param pos="3" name="host.ip"/>
+      <param pos="4" name="timeout"/>
+      <param pos="0" name="service.vendor" value="Cisco"/>
+      <param pos="0" name="service.family" value="Content Service Switch"/>
+      <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(ARPT)=.*">
+      <description>Cisco 11000 Series Content Service Switch (CSS)
+      http://www.cisco.com/warp/public/117/AP_cookies.html
+
+      The cookie value breaks down to [box-id][service-id][timeout-value]
+      unfortunately, there's no separator so it's hard to tell what the
+      actual break is between the pieces of data.
+      </description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="Cisco"/>
+      <param pos="0" name="service.family" value="Content Service Switch"/>
+      <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(st8id)=.*">
+      <description>Citrix Application Protection System, Enterprise
+      http://support.citrix.com/article/CTX109330
+      </description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="Citrix"/>
+      <param pos="0" name="service.family" value="Application Protection System"/>
+      <param pos="0" name="service.product" value="Application Protection System, Enterprise"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(EktGUID|ecm)=.*">
+      <description>Ektron CMS400.net
+      http://www.ektron.com/developers/cms400kb.cfm?id=2174
+      </description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="Ektron"/>
+      <param pos="0" name="service.family" value="CMS400.NET"/>
+      <param pos="0" name="service.product" value="CMS400.NET"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(BIGipServer([^=]+))=.*">
+      <description>F5 BIG-IP LTM
+      http://www.f5.com/solutions/deployment/pdfs/peoplesoft-ltm-dg.pdf
+      http://www.f5.com/solutions/deployment/pdfs/SAP_v94_dg.pdf
+      </description>
+      <param pos="1" name="cookie"/>
+      <param pos="2" name="loadbalancer.poolname"/>
+      <param pos="0" name="service.vendor" value="F5 Labs"/>
+      <param pos="0" name="service.family" value="BIG-IP"/>
+      <param pos="0" name="service.product" value="BIG-IP LTM"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(BigIPCookie)=.*">
+      <description>F5 BIG-IP LTM
+      http://www.f5.com/solutions/deployment/pdfs/peoplesoft-ltm-dg.pdf
+      http://www.f5.com/solutions/deployment/pdfs/SAP_v94_dg.pdf
+      </description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="F5 Labs"/>
+      <param pos="0" name="service.family" value="BIG-IP"/>
+      <param pos="0" name="service.product" value="BIG-IP LTM"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(SERVERID)=([A-Za-z0-9\-_]+)">
+      <description>HAProxy
+      http://haproxy.1wt.eu/download/1.2/doc/architecture.txt
+      </description>
+      <param pos="1" name="cookie"/>
+      <param pos="2" name="host.name"/>
+      <param pos="0" name="service.family" value="HAProxy"/>
+      <param pos="0" name="service.product" value="HAProxy"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(AMWEBJCT!([^!]+)!([^=]+))=.*">
+      <description>IBM Tivoli Access Manager for e-business WebSEAL
+      http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin180.htm
+      </description>
+      <param pos="1" name="cookie"/>
+      <param pos="2" name="junction.name"/>
+      <param pos="3" name="junction.cookie"/>
+      <param pos="0" name="service.vendor" value="IBM"/>
+      <param pos="0" name="service.family" value="Tivoli"/>
+      <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(PD-S-SESSION-ID|PD-H-SESSION-ID|PD_STATEFUL_[^=]+)=.*">
+      <description>IBM Tivoli Access Manager for e-business WebSeal
+      http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin117.htm
+      </description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="IBM"/>
+      <param pos="0" name="service.family" value="Tivoli"/>
+      <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(IBMCBR)=.*">
+      <description>IBM WebSphere Load Balancer
+      http://www-306.ibm.com/software/webservers/appserv/doc/v51/ec/infocenter/edge/LBguide.htm
+      </description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="IBM"/>
+      <param pos="0" name="service.family" value="WebSphere"/>
+      <param pos="0" name="service.product" value="WebSphere Load Balancer"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(mbfcookie(\[lang\])?)=.*">
+      <description>Joom!Fish http://www.joomfish.net/
+      </description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.family" value="Joom!Fish"/>
+      <param pos="0" name="service.product" value="Joom!Fish"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(MSCSAuth|MSCSProfile)=.*">
+      <description>Microsoft Commerce Server
+      http://msdn2.microsoft.com/en-us/library/ms953828.aspx
+      </description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="Microsoft"/>
+      <param pos="0" name="service.family" value="Commerce Server"/>
+      <param pos="0" name="service.product" value="Commerce Server"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=.*">
+      <description>Microsoft IIS (ASP.NET)
+      http://msdn2.microsoft.com/en-us/library/ms953828.aspx
+      http://support.microsoft.com/kb/899918
+      http://msdn2.microsoft.com/en-us/library/91ka2e6a.aspx
+      </description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="Microsoft"/>
+      <param pos="0" name="service.family" value="IIS"/>
+      <param pos="0" name="service.product" value="IIS"/>
+      <param pos="0" name="service.component.vendor" value="Microsoft"/>
+      <param pos="0" name="service.component.family" value="ASP.NET"/>
+      <param pos="0" name="service.component.product" value="ASP.NET"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(AlteonP)=.*">
+      <description>Nortel Alteon Web Switch</description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="Nortel"/>
+      <param pos="0" name="service.family" value="Alteon"/>
+      <param pos="0" name="service.product" value="Alteon Web Switch"/>
+   </fingerprint>
+
+   <fingerprint pattern="^((SS_X_)?CSINTERSESSIONID)=.*">
+      <description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="FatWire"/>
+      <param pos="0" name="service.family" value="Content Server"/>
+      <param pos="0" name="service.product" value="Content Server"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(parkinglot)=.*">
+      <description>Oversee Webserver</description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="Oversee"/>
+      <param pos="0" name="service.family" value="Webserver"/>
+      <param pos="0" name="service.product" value="Webserver"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(PHPSESSID|PHPSESSION)=.*">
+      <description>PHP http://www.php.net/ref.session</description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="PHP"/>
+      <param pos="0" name="service.family" value="PHP"/>
+      <param pos="0" name="service.product" value="PHP"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(RMID)=.*">
+      <description>RealMedia OpenAdStream</description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="RealMedia"/>
+      <param pos="0" name="service.family" value="OpenAdStream"/>
+      <param pos="0" name="service.product" value="OpenAdStream"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(RoxenUserID)=.*">
+      <description>Roxen WebServer</description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="Roxen"/>
+      <param pos="0" name="service.family" value="WebServer"/>
+      <param pos="0" name="service.product" value="WebServer"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(_sn)=.*">
+      <description>Siebel CRM</description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="Siebel"/>
+      <param pos="0" name="service.family" value="CRM"/>
+      <param pos="0" name="service.product" value="CRM"/>
+   </fingerprint>
+
+   <!-- This fingerprint is not specific enough. Multiple products are sold under
+   the brand iPlanet/Sun ONE/Sun Java.
+   <fingerprint pattern="^(iPlanetUserId)=.*">
+      <description>Sun iPlanet</description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="Sun"/>
+      <param pos="0" name="service.family" value="???"/>
+      <param pos="0" name="service.product" value="???"/>
+   </fingerprint>
+   -->
+
+   <fingerprint pattern="^(NSES40Session)=.*">
+      <description>Netscape Enterprise Server (subsequently iPlanet Web Server,
+        Sun ONE Web Server, presently Sun Java System Web Server)</description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="Sun"/>
+      <param pos="0" name="service.family" value="Java System Web Server"/>
+      <param pos="0" name="service.product" value="Java System Web Server"/>
+      <param pos="0" name="service.version" value="4.0"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(gx_session_id|JROUTE)=.*">
+      <description>Sun Java System Application Server (formerly iPlanet Application Server,
+         Sun ONE Application Server)</description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="Sun"/>
+      <param pos="0" name="service.family" value="Java System Application Server"/>
+      <param pos="0" name="service.product" value="Java System Application Server"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(fe_typo_user)=.*">
+      <description>TYPO3 CMS - http://typo3.com/</description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="TYPO3"/>
+      <param pos="0" name="service.family" value="CMS"/>
+      <param pos="0" name="service.product" value="CMS"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(SaneID)=.*">
+      <description>Unica NetTracker - http://netinsight.unica.com/Products/NetTracker.cfm</description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="Unica"/>
+      <param pos="0" name="service.family" value="NetTracker"/>
+      <param pos="0" name="service.product" value="NetTracker"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(__utm[a-z])=.*">
+      <description>Urchin Tracking Module
+      http://www.google.com/support/urchin45/bin/answer.py?answer=28307&amp;topic=7425
+      </description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="Google"/>
+      <param pos="0" name="service.family" value="Urchin"/>
+      <param pos="0" name="service.product" value="Urchin Tracking Module"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=.*">
+      <description>Vignette</description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="Vignette"/>
+      <param pos="0" name="service.family" value="Vignette"/>
+      <param pos="0" name="service.product" value="Vignette"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(wgSession)=.*">
+      <description>Plain Black WebGUI - http://www.plainblack.com/webgui</description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="Plain Black"/>
+      <param pos="0" name="service.family" value="WebGUI"/>
+      <param pos="0" name="service.product" value="WebGUI"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(WEBTRENDSID|WEBTRENDS_ID)=.*">
+      <description>WebTrends</description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.vendor" value="WebTrends"/>
+      <param pos="0" name="service.family" value="WebTrends"/>
+      <param pos="0" name="service.product" value="WebTrends"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(_ZopeId)=.*">
+      <description>Zope</description>
+      <param pos="1" name="cookie"/>
+      <param pos="0" name="service.family" value="Zope"/>
+      <param pos="0" name="service.product" value="Zope"/>
+   </fingerprint>
+
+   <fingerprint pattern="^(portal)=([0-9]+\.[0-9]+\.[0-9]+).*">
+      <description>This is the default OracleAS Portal cookie name
+      http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_f.htm
+      </description>
+      <param pos="1" name="cookie"/>
+      <param pos="2" name="service.version"/>
+      <param pos="0" name="service.vendor" value="Oracle"/>
+      <param pos="0" name="service.family" value="OracleAS"/>
+      <param pos="0" name="service.product" value="OracleAS Portal"/>
+   </fingerprint>
+</fingerprints>