recog 1.0.14 → 1.0.15
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +1 -0
- data/Gemfile +1 -0
- data/lib/recog/fingerprint.rb +0 -20
- data/lib/recog/matcher.rb +5 -18
- data/lib/recog/version.rb +1 -1
- data/spec/lib/fingerprint_self_test_spec.rb +26 -1
- data/xml/h323_callresp.xml +6 -6
- data/xml/http_cookies.xml +1 -1
- data/xml/pop_banners.xml +15 -14
- data/xml/smb_native_os.xml +12 -12
- data/xml/smtp_banners.xml +37 -49
- data/xml/snmp_sysdescr.xml +118 -157
- data/xml/ssh_banners.xml +5 -4
- data/xml/upnp_banners.xml +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ce44c3b625cc253b8729d4aac5677dbda2f71c46
|
|
4
|
+
data.tar.gz: b4ab896d1fc5e06370a73fc51efc339e24e13794
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4bad5f89498020b13dc9d667004f6d07ab1a39aec9feaefd39a75714bfbf16fef7a180dfd0c8c949b06b2409b680a976a487d450037948a728b5c82269396ec9
|
|
7
|
+
data.tar.gz: 1056e591a107d473509c8f9c99058c399ad2d604eb0aa77401722a8c9dc88e4179e3eda201beca530c306c0013ca9ed79249d6ecadcc6ebfc54f37128551cabe
|
data/.travis.yml
CHANGED
data/Gemfile
CHANGED
data/lib/recog/fingerprint.rb
CHANGED
|
@@ -45,26 +45,6 @@ class Fingerprint
|
|
|
45
45
|
match_data = @regex.match(match_string)
|
|
46
46
|
return if match_data.nil?
|
|
47
47
|
|
|
48
|
-
# sanity check any positional extractions
|
|
49
|
-
positions = @params.values.map(&:first).map(&:to_i)
|
|
50
|
-
captures_size = match_data.captures.size
|
|
51
|
-
if @params.empty? && captures_size > 0
|
|
52
|
-
raise "Non-asserting fingerprint with regex #{@regex} captures #{captures_size} time(s); 0 are needed"
|
|
53
|
-
else
|
|
54
|
-
if captures_size > 0
|
|
55
|
-
max_pos = positions.max
|
|
56
|
-
# if it is actually looking to extract, ensure that there is enough to extract
|
|
57
|
-
if max_pos > 0 && captures_size < max_pos
|
|
58
|
-
raise "Regex #{@regex} only has #{captures_size} captures; cannot extract from position #{max_pos}"
|
|
59
|
-
end
|
|
60
|
-
# if there is not extraction but capturing is happening, fail since this is a waste
|
|
61
|
-
if captures_size > max_pos
|
|
62
|
-
raise "Regex #{@regex} captures #{captures_size - max_pos} too many (#{captures_size} vs #{max_pos})"
|
|
63
|
-
end
|
|
64
|
-
end
|
|
65
|
-
end
|
|
66
|
-
|
|
67
|
-
# now do extraction
|
|
68
48
|
result = { 'matched' => @name }
|
|
69
49
|
@params.each_pair do |k,v|
|
|
70
50
|
pos = v[0]
|
data/lib/recog/matcher.rb
CHANGED
|
@@ -22,27 +22,14 @@ class Matcher
|
|
|
22
22
|
reporter.increment_line_count
|
|
23
23
|
|
|
24
24
|
line = line.to_s.unpack("C*").pack("C*").strip.gsub(/\\[rn]/, '')
|
|
25
|
-
|
|
25
|
+
extractions = nil
|
|
26
26
|
fingerprints.each do |fp|
|
|
27
|
-
|
|
28
|
-
if m
|
|
29
|
-
found = [fp, m]
|
|
30
|
-
break
|
|
31
|
-
end
|
|
27
|
+
break if (extractions = fp.match(line))
|
|
32
28
|
end
|
|
33
29
|
|
|
34
|
-
if
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
fp.params.each_pair do |k,v|
|
|
38
|
-
if v[0] == 0
|
|
39
|
-
info[k] = v[1]
|
|
40
|
-
else
|
|
41
|
-
info[k] = m[ v[0] ]
|
|
42
|
-
end
|
|
43
|
-
end
|
|
44
|
-
info['data'] = line
|
|
45
|
-
reporter.match "MATCH: #{info.inspect}"
|
|
30
|
+
if extractions
|
|
31
|
+
extractions['data'] = line
|
|
32
|
+
reporter.match "MATCH: #{extractions.inspect}"
|
|
46
33
|
else
|
|
47
34
|
reporter.failure "FAIL: #{line}"
|
|
48
35
|
end
|
data/lib/recog/version.rb
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
require 'recog/db'
|
|
2
|
+
require 'regexp_parser'
|
|
2
3
|
|
|
3
4
|
describe Recog::DB do
|
|
4
5
|
Dir[File.expand_path File.join('xml', '*.xml')].each do |xml_file_name|
|
|
@@ -27,6 +28,30 @@ describe Recog::DB do
|
|
|
27
28
|
expect(fp.regex.class).to be ::Regexp
|
|
28
29
|
end
|
|
29
30
|
|
|
31
|
+
it 'uses capturing regular expressions properly' do
|
|
32
|
+
# the list of index-based captures that the fingerprint is expecting
|
|
33
|
+
expected_capture_positions = fp.params.values.map(&:first).map(&:to_i).select { |i| i > 0 }
|
|
34
|
+
if fp.params.empty? && expected_capture_positions.size > 0
|
|
35
|
+
fail "Non-asserting fingerprint with regex #{fp.regex} captures #{expected_capture_positions.size} time(s); 0 are needed"
|
|
36
|
+
else
|
|
37
|
+
# parse the regex and count the number of captures
|
|
38
|
+
actual_capture_positions = []
|
|
39
|
+
capture_number = 1
|
|
40
|
+
Regexp::Scanner.scan(fp.regex).each do |token_parts|
|
|
41
|
+
if token_parts.first == :group && ![:close, :passive].include?(token_parts[1])
|
|
42
|
+
actual_capture_positions << capture_number
|
|
43
|
+
capture_number += 1
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
# compare the captures actually performed to those being used and ensure that they contain
|
|
47
|
+
# the same elements regardless of order, preventing, over-, under- and other forms of mis-capturing.
|
|
48
|
+
actual_capture_positions = actual_capture_positions.sort.uniq
|
|
49
|
+
expected_capture_positions = expected_capture_positions.sort.uniq
|
|
50
|
+
expect(actual_capture_positions).to eq(expected_capture_positions),
|
|
51
|
+
"Regex didn't capture (#{actual_capture_positions}) exactly what fingerprint extracted (#{expected_capture_positions})"
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
|
|
30
55
|
# Not yet enforced
|
|
31
56
|
# it "has test cases" do
|
|
32
57
|
# expect(fp.tests.length).not_to equal(0)
|
|
@@ -38,7 +63,7 @@ describe Recog::DB do
|
|
|
38
63
|
expect(match).to_not be_nil, 'Regex did not match'
|
|
39
64
|
# test any extractions specified in the example
|
|
40
65
|
example.attributes.each_pair do |k,v|
|
|
41
|
-
expect(match[k]).to eq(v), "Regex didn't
|
|
66
|
+
expect(match[k]).to eq(v), "Regex didn't extract expected value for fingerprint attribute #{k} -- got #{match[k]} instead of #{v}"
|
|
42
67
|
end
|
|
43
68
|
end
|
|
44
69
|
|
data/xml/h323_callresp.xml
CHANGED
|
@@ -117,11 +117,11 @@ to fingerprint H.323 servers.
|
|
|
117
117
|
<param pos="2" name="service.version"/>
|
|
118
118
|
</fingerprint>
|
|
119
119
|
|
|
120
|
-
<fingerprint pattern="^0x(82000002|a5000001)\:(.*)\:.*?(\d*\.*\d*\.*\d*).*$" flags="REG_ICASE">
|
|
120
|
+
<fingerprint pattern="^0x(?:82000002|a5000001)\:(.*)\:.*?(\d*\.*\d*\.*\d*).*$" flags="REG_ICASE">
|
|
121
121
|
<description>Ericsson H.323 Server</description>
|
|
122
122
|
<param pos="0" name="service.vendor" value="Ericsson"/>
|
|
123
|
-
<param pos="
|
|
124
|
-
<param pos="
|
|
123
|
+
<param pos="1" name="service.product"/>
|
|
124
|
+
<param pos="2" name="service.version"/>
|
|
125
125
|
</fingerprint>
|
|
126
126
|
|
|
127
127
|
<fingerprint pattern="^0x8a000003\:(.*)\:.*?(\d*\.*\d*\.*\d*).*$" flags="REG_ICASE">
|
|
@@ -657,11 +657,11 @@ to fingerprint H.323 servers.
|
|
|
657
657
|
<param pos="2" name="service.version"/>
|
|
658
658
|
</fingerprint>
|
|
659
659
|
|
|
660
|
-
<fingerprint pattern="^0xb500(4c54|600d)\:(.*)\:.*?(\d*\.*\d*\.*\d*).*$" flags="REG_ICASE">
|
|
660
|
+
<fingerprint pattern="^0xb500(?:4c54|600d)\:(.*)\:.*?(\d*\.*\d*\.*\d*).*$" flags="REG_ICASE">
|
|
661
661
|
<description>Lucent Technologies H.323 Server</description>
|
|
662
662
|
<param pos="0" name="service.vendor" value="Lucent Technologies"/>
|
|
663
|
-
<param pos="
|
|
664
|
-
<param pos="
|
|
663
|
+
<param pos="1" name="service.product"/>
|
|
664
|
+
<param pos="2" name="service.version"/>
|
|
665
665
|
</fingerprint>
|
|
666
666
|
|
|
667
667
|
<fingerprint pattern="^0xb5004d47\:(.*)\:.*?(\d*\.*\d*\.*\d*).*$" flags="REG_ICASE">
|
data/xml/http_cookies.xml
CHANGED
|
@@ -231,7 +231,7 @@ servers.
|
|
|
231
231
|
<param pos="0" name="service.product" value="Alteon Web Switch"/>
|
|
232
232
|
</fingerprint>
|
|
233
233
|
|
|
234
|
-
<fingerprint pattern="^((SS_X_)?CSINTERSESSIONID)=.*">
|
|
234
|
+
<fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=.*">
|
|
235
235
|
<description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
|
|
236
236
|
<param pos="1" name="cookie"/>
|
|
237
237
|
<param pos="0" name="service.vendor" value="FatWire"/>
|
data/xml/pop_banners.xml
CHANGED
|
@@ -8,7 +8,7 @@ matched against these patterns to fingerprint POP3 servers.
|
|
|
8
8
|
|
|
9
9
|
<fingerprint pattern="^([^ ]+) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
|
|
10
10
|
<description>OSX Cyrus POP</description>
|
|
11
|
-
<example>8.8.8.8 Cyrus POP3 v2.3.8-OS X Server 10.5: 9A562 server ready <1999107648.1324502155@8.8.8.8></example>
|
|
11
|
+
<example host.domain="8.8.8.8" service.version="2.3.8" os.version="10.5">8.8.8.8 Cyrus POP3 v2.3.8-OS X Server 10.5: 9A562 server ready <1999107648.1324502155@8.8.8.8></example>
|
|
12
12
|
<param pos="0" name="service.family" value="Cyrus"/>
|
|
13
13
|
<param pos="0" name="service.product" value="Cyrus POP"/>
|
|
14
14
|
<param pos="0" name="service.vendor" value="CMU"/>
|
|
@@ -18,17 +18,18 @@ matched against these patterns to fingerprint POP3 servers.
|
|
|
18
18
|
<param pos="0" name="os.product" value="Mac OS X"/>
|
|
19
19
|
<param pos="0" name="os.device" value="General"/>
|
|
20
20
|
<param pos="3" name="os.version"/>
|
|
21
|
+
<param pos="1" name="host.domain"/>
|
|
21
22
|
</fingerprint>
|
|
22
23
|
|
|
23
|
-
<fingerprint pattern="^([^ ]+) +Cyrus POP3 v([\d\.]+)
|
|
24
|
+
<fingerprint pattern="^([^ ]+) +Cyrus POP3 v([\d\.]+)">
|
|
24
25
|
<description>CMU Cyrus POP</description>
|
|
25
|
-
<example>foo Cyrus POP3 v2.3</example>
|
|
26
|
-
<example>foo Cyrus POP3 v2.3.14 server ready <13087751828270990591.1301068892@foo></example>
|
|
26
|
+
<example host.domain="foo" service.version="2.3">foo Cyrus POP3 v2.3</example>
|
|
27
|
+
<example host.domain="foo" service.version="2.3.14">foo Cyrus POP3 v2.3.14 server ready <13087751828270990591.1301068892@foo></example>
|
|
27
28
|
<param pos="0" name="service.vendor" value="CMU"/>
|
|
28
29
|
<param pos="0" name="service.family" value="Cyrus"/>
|
|
29
30
|
<param pos="0" name="service.product" value="Cyrus POP"/>
|
|
30
|
-
<param pos="
|
|
31
|
-
<param pos="
|
|
31
|
+
<param pos="2" name="service.version"/>
|
|
32
|
+
<param pos="1" name="host.domain"/>
|
|
32
33
|
</fingerprint>
|
|
33
34
|
|
|
34
35
|
<fingerprint pattern="^Lotus Notes POP3 server version X[^ ]+ ready on .*$">
|
|
@@ -248,15 +249,15 @@ matched against these patterns to fingerprint POP3 servers.
|
|
|
248
249
|
|
|
249
250
|
// +OK X1 POP3 Mail Server
|
|
250
251
|
|
|
251
|
-
// +OK server POP3 server (DeskNow POP3 Server 1.0) ready
|
|
252
|
+
// +OK server POP3 server (DeskNow POP3 Server 1.0) ready
|
|
252
253
|
|
|
253
254
|
// +OK <1185161310.3352@goto15028.com> [XMail 1.24 POP3 Server] service ready; Mon, 23 Jul 2007 11:28:30 +0800
|
|
254
255
|
|
|
255
256
|
// +OK IdeaPop3Server v0.50 ready.
|
|
256
257
|
|
|
257
|
-
// +OK qxztmail POP3 server (STD Ymailserver v1.8 POP3) ready
|
|
258
|
+
// +OK qxztmail POP3 server (STD Ymailserver v1.8 POP3) ready
|
|
258
259
|
|
|
259
|
-
// +OK blue.forest-green.lan POP3 server (JAMES POP3 Server 2.2.0) ready
|
|
260
|
+
// +OK blue.forest-green.lan POP3 server (JAMES POP3 Server 2.2.0) ready
|
|
260
261
|
|
|
261
262
|
// +OK xxx CMailServer 5.2 POP3 Service Ready
|
|
262
263
|
|
|
@@ -299,7 +300,7 @@ matched against these patterns to fingerprint POP3 servers.
|
|
|
299
300
|
-ERR sorry, POP server too busy right now. Try again later.
|
|
300
301
|
-ERR This IP is not configured for POP3 service. Please contact Allstream at 1-888-655-7670.
|
|
301
302
|
+OK
|
|
302
|
-
+OK
|
|
303
|
+
+OK
|
|
303
304
|
+OK <0bdec6022085d6c34a0e48bb77bf8cf3@juno.thinkburst.com>
|
|
304
305
|
+OK <869521546.23059@mail.tecedge.net>, POP3 server ready.
|
|
305
306
|
+OK host CMailServer 5.2 POP3 Service Ready
|
|
@@ -307,7 +308,7 @@ matched against these patterns to fingerprint POP3 servers.
|
|
|
307
308
|
+OK alakhan.kz POP MDaemon 6.8.4 ready <MDAEMON-F200707231617.AA1715437MD3489@alakhan.kz>
|
|
308
309
|
+OK alquilerpc.com.mx POP3 Server (Version 1.020h) ready.
|
|
309
310
|
+OK ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.8.9)
|
|
310
|
-
+OK blue.forest-green.lan POP3 server (JAMES POP3 Server 2.2.0) ready
|
|
311
|
+
+OK blue.forest-green.lan POP3 server (JAMES POP3 Server 2.2.0) ready
|
|
311
312
|
+OK canoeregatta.org POP3 Server (Version 1.020h) ready.
|
|
312
313
|
+OK codebase.com.au POP MDaemon 9.6.1 ready <MDAEMON-F200707220122.AA2235837MD8039@codebase.com.au>
|
|
313
314
|
+OK Cubic Circle's v1.31 1998/05/13 POP3 ready <0c9300004104a246@www.dvdld.co.za>
|
|
@@ -402,9 +403,9 @@ matched against these patterns to fingerprint POP3 servers.
|
|
|
402
403
|
+OK POP3 www.happytails2u.com 2004.89 server ready
|
|
403
404
|
+OK POP3 www.homebasedwizard.com 2004.89 server ready
|
|
404
405
|
+OK POP3 www.webmail.imperioe.com 2004.89 server ready
|
|
405
|
-
+OK qxztmail POP3 server (STD Ymailserver v1.8 POP3) ready
|
|
406
|
+
+OK qxztmail POP3 server (STD Ymailserver v1.8 POP3) ready
|
|
406
407
|
+OK Radish (Version 3.0.0-b021) ready
|
|
407
|
-
+OK ready
|
|
408
|
+
+OK ready
|
|
408
409
|
+OK ready <11514.1185210732@freedom.concept69.de>
|
|
409
410
|
+OK ready <14026.1184992338@s076-129.ub.firstserver.ne.jp>
|
|
410
411
|
+OK ready <16013.1185110479@p1.in11.squarestart.ne.jp>
|
|
@@ -417,7 +418,7 @@ matched against these patterns to fingerprint POP3 servers.
|
|
|
417
418
|
+OK recvmail/he.net POP3 Server
|
|
418
419
|
+OK refinanceloanjones.com POP3 Server (Version 1.020h) ready.
|
|
419
420
|
+OK samare.it POP MDaemon 6.8.5 ready <MDAEMON-F200707220351.AA513460MD5338@samare.it>
|
|
420
|
-
+OK server POP3 server (DeskNow POP3 Server 1.0) ready
|
|
421
|
+
+OK server POP3 server (DeskNow POP3 Server 1.0) ready
|
|
421
422
|
+OK silexaviacion.com POP3 Server (Version 1.020h) ready.
|
|
422
423
|
+OK simple-photography.com POP3 Server (Version 1.020h) ready.
|
|
423
424
|
+OK Solid POP3 server ready
|
data/xml/smb_native_os.xml
CHANGED
|
@@ -139,24 +139,24 @@
|
|
|
139
139
|
</fingerprint>
|
|
140
140
|
|
|
141
141
|
<!-- TODO: Need an example string -->
|
|
142
|
-
<fingerprint pattern="^Windows \(R\) Storage Server 2008 (
|
|
142
|
+
<fingerprint pattern="^Windows \(R\) Storage Server 2008 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
|
|
143
143
|
<description>Windows Server 2008 Storage (SP)</description>
|
|
144
144
|
<param pos="0" name="os.certainty" value="1.0"/>
|
|
145
145
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
146
146
|
<param pos="0" name="os.product" value="Windows Server 2008"/>
|
|
147
147
|
<param pos="0" name="os.edition" value="Storage"/>
|
|
148
|
-
<param pos="
|
|
149
|
-
<param pos="
|
|
148
|
+
<param pos="1" name="os.build"/>
|
|
149
|
+
<param pos="2" name="os.version"/>
|
|
150
150
|
</fingerprint>
|
|
151
151
|
|
|
152
152
|
<!-- TODO: Need an example string -->
|
|
153
|
-
<fingerprint pattern="^Windows \(R\) Storage Server 2008 (
|
|
153
|
+
<fingerprint pattern="^Windows \(R\) Storage Server 2008 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
|
|
154
154
|
<description>Windows Web Server 2008 Storage</description>
|
|
155
155
|
<param pos="0" name="os.certainty" value="1.0"/>
|
|
156
156
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
157
157
|
<param pos="0" name="os.product" value="Windows Server 2008"/>
|
|
158
158
|
<param pos="0" name="os.edition" value="Storage"/>
|
|
159
|
-
<param pos="
|
|
159
|
+
<param pos="1" name="os.build"/>
|
|
160
160
|
</fingerprint>
|
|
161
161
|
|
|
162
162
|
<fingerprint pattern="^Windows Server 2008 HPC Edition (\d+) (Service Pack \d+)$">
|
|
@@ -337,25 +337,25 @@
|
|
|
337
337
|
<param pos="2" name="os.build"/>
|
|
338
338
|
</fingerprint>
|
|
339
339
|
|
|
340
|
-
<fingerprint pattern="^Windows MultiPoint Server 2012 (
|
|
340
|
+
<fingerprint pattern="^Windows MultiPoint Server 2012 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
|
|
341
341
|
<description>Windows MultiPoint Server 2012 (SP)</description>
|
|
342
|
-
<example>Windows MultiPoint Server 2012 Premium 9201 Service Pack 1</example>
|
|
342
|
+
<example os.build="9201" os.version="Service Pack 1">Windows MultiPoint Server 2012 Premium 9201 Service Pack 1</example>
|
|
343
343
|
<param pos="0" name="os.certainty" value="1.0"/>
|
|
344
344
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
345
345
|
<param pos="0" name="os.product" value="Windows Server 2012"/>
|
|
346
346
|
<param pos="0" name="os.edition" value="MultiPoint"/>
|
|
347
|
-
<param pos="
|
|
348
|
-
<param pos="
|
|
347
|
+
<param pos="1" name="os.build"/>
|
|
348
|
+
<param pos="2" name="os.version"/>
|
|
349
349
|
</fingerprint>
|
|
350
350
|
|
|
351
|
-
<fingerprint pattern="^Windows MultiPoint Server 2012 (
|
|
351
|
+
<fingerprint pattern="^Windows MultiPoint Server 2012 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
|
|
352
352
|
<description>Windows MultiPoint Server 2012</description>
|
|
353
|
-
<example>Windows MultiPoint Server 2012 Premium 9200</example>
|
|
353
|
+
<example os.build="9200">Windows MultiPoint Server 2012 Premium 9200</example>
|
|
354
354
|
<param pos="0" name="os.certainty" value="1.0"/>
|
|
355
355
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
356
356
|
<param pos="0" name="os.product" value="Windows Server 2012"/>
|
|
357
357
|
<param pos="0" name="os.edition" value="MultiPoint"/>
|
|
358
|
-
<param pos="
|
|
358
|
+
<param pos="1" name="os.build"/>
|
|
359
359
|
</fingerprint>
|
|
360
360
|
|
|
361
361
|
<!-- TODO: Detect vendor, distribution, and package versions -->
|
data/xml/smtp_banners.xml
CHANGED
|
@@ -15,7 +15,7 @@ These XML files are used in this order:
|
|
|
15
15
|
smtp_turn.xml
|
|
16
16
|
smtp_rset.xml
|
|
17
17
|
smtp_quit.xml
|
|
18
|
-
|
|
18
|
+
|
|
19
19
|
The system or service fingerprint with the highest certainty overwrites the others.
|
|
20
20
|
-->
|
|
21
21
|
|
|
@@ -55,17 +55,19 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
55
55
|
AnalogX proxy
|
|
56
56
|
http://www.analogx.com/contents/download/network/proxy.htm
|
|
57
57
|
</description>
|
|
58
|
+
<example host.name="192.168.1.1" service.version="4.15">192.168.1.1 SMTP AnalogX Proxy 4.15 (Release) ready</example>
|
|
58
59
|
<param pos="0" name="service.vendor" value="AnalogX"/>
|
|
59
60
|
<param pos="0" name="service.family" value="Proxy"/>
|
|
60
61
|
<param pos="0" name="service.product" value="Proxy"/>
|
|
61
|
-
<param pos="
|
|
62
|
+
<param pos="2" name="service.version"/>
|
|
63
|
+
<param pos="1" name="host.name"/>
|
|
62
64
|
</fingerprint>
|
|
63
65
|
|
|
64
66
|
<fingerprint pattern="^ArGoSoft Mail Server, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
|
|
65
67
|
<description>
|
|
66
68
|
ArGoSoft Mail Server is fully functional STMP/POP3/Finger server for Windows 95/98/NT/2000.
|
|
67
69
|
http://www.argosoft.com/applications/mailserver/
|
|
68
|
-
Example: 220 ArGoSoft Mail Server, Version 1.4 (1.4.0.3)
|
|
70
|
+
Example: 220 ArGoSoft Mail Server, Version 1.4 (1.4.0.3)
|
|
69
71
|
</description>
|
|
70
72
|
<param pos="0" name="service.vendor" value="ArGoSoft"/>
|
|
71
73
|
<param pos="0" name="service.family" value="Mail Server"/>
|
|
@@ -124,7 +126,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
124
126
|
<param pos="0" name="service.version" value="4"/>
|
|
125
127
|
</fingerprint>
|
|
126
128
|
|
|
127
|
-
<fingerprint pattern="^
|
|
129
|
+
<fingerprint pattern="^[\*20 ]+$">
|
|
128
130
|
<description>
|
|
129
131
|
Cisco PIX firewall: PIX sits between an internal SMTP server and the rest of the world.
|
|
130
132
|
|
|
@@ -275,7 +277,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
275
277
|
<param pos="0" name="service.product" value="IIS"/>
|
|
276
278
|
<param pos="3" name="service.version"/>
|
|
277
279
|
<param pos="1" name="host.name"/>
|
|
278
|
-
<param pos="2" name="system.time"/>
|
|
280
|
+
<param pos="2" name="system.time"/>
|
|
279
281
|
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
|
280
282
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
281
283
|
<param pos="0" name="os.family" value="Windows"/>
|
|
@@ -330,7 +332,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
330
332
|
<param pos="1" name="host.name"/>
|
|
331
333
|
</fingerprint>
|
|
332
334
|
|
|
333
|
-
<fingerprint pattern="^([^ ]+) +SMTP/smap Ready\.$">
|
|
335
|
+
<fingerprint pattern="^(?:[^ ]+) +SMTP/smap Ready\.$">
|
|
334
336
|
<description>
|
|
335
337
|
TIS FWTK and derivatives
|
|
336
338
|
http://www.tis.com/research/software/
|
|
@@ -418,11 +420,12 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
418
420
|
Syntegra/CDC IntraStore TurboSendmail, part of the IntraStore server which runs on
|
|
419
421
|
the following platforms ONLY: Linux, HP-UX, Solaris, AIX, and Windows NT/2000
|
|
420
422
|
see http://www.cdc.com for more information
|
|
421
|
-
example: 220 tigger.disneyonline.com (IntraStore TurboSendmail) ESMTP Service ready
|
|
422
423
|
</description>
|
|
424
|
+
<example host.name="192.168.1.1">192.168.1.1 (IntraStore TurboSendmail) ESMTP Service ready</example>
|
|
423
425
|
<param pos="0" name="service.vendor" value="BT"/>
|
|
424
426
|
<param pos="0" name="service.family" value="IntraStore"/>
|
|
425
427
|
<param pos="0" name="service.product" value="IntraStore"/>
|
|
428
|
+
<param pos="1" name="host.name"/>
|
|
426
429
|
</fingerprint>
|
|
427
430
|
|
|
428
431
|
<fingerprint pattern="^([^ ]+) \(Mail-Max Version (\d+\.\d+\.\d+\.\d+), (.+, .+)\) ESMTP Mail Server Ready. *$">
|
|
@@ -436,7 +439,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
436
439
|
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
|
437
440
|
<param pos="1" name="host.name"/>
|
|
438
441
|
<param pos="2" name="service.version"/>
|
|
439
|
-
<param pos="3" name="system.time"/>
|
|
442
|
+
<param pos="3" name="system.time"/>
|
|
440
443
|
</fingerprint>
|
|
441
444
|
|
|
442
445
|
<fingerprint pattern="^([^ ]+) \(Mail-Max Version (\d+\.\d+), (.+, .+)\) ESMTP Mail Server Ready. *$">
|
|
@@ -450,7 +453,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
450
453
|
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
|
451
454
|
<param pos="1" name="host.name"/>
|
|
452
455
|
<param pos="2" name="service.version"/>
|
|
453
|
-
<param pos="3" name="system.time"/>
|
|
456
|
+
<param pos="3" name="system.time"/>
|
|
454
457
|
</fingerprint>
|
|
455
458
|
|
|
456
459
|
<fingerprint pattern="^([^ ]+) +MailSite ESMTP Receiver Version ([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+) Ready *$">
|
|
@@ -491,7 +494,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
491
494
|
|
|
492
495
|
<fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) UNREGISTERED; *(.+) *$">
|
|
493
496
|
<description>
|
|
494
|
-
MDaemon mail server
|
|
497
|
+
MDaemon mail server
|
|
495
498
|
220 foo.bar ESMTP MDaemon 4.0.5 UNREGISTERED; Sat, 06 Oct 2001 09:10:56 +0400
|
|
496
499
|
</description>
|
|
497
500
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
@@ -511,7 +514,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
511
514
|
|
|
512
515
|
<fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
|
|
513
516
|
<description>
|
|
514
|
-
MDaemon mail server
|
|
517
|
+
MDaemon mail server
|
|
515
518
|
220 foo.bar ESMTP MDaemon 4.0.2; Sat, 06 Oct 2001 01:46:44 -0500
|
|
516
519
|
</description>
|
|
517
520
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
@@ -530,7 +533,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
530
533
|
|
|
531
534
|
<fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) ready *$">
|
|
532
535
|
<description>
|
|
533
|
-
MDaemon mail server
|
|
536
|
+
MDaemon mail server
|
|
534
537
|
220 foo.bar ESMTP MDaemon 3.5.7 ready
|
|
535
538
|
</description>
|
|
536
539
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
@@ -547,7 +550,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
547
550
|
|
|
548
551
|
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] MDaemon v([^ ]+\.[^ ]+) ([^ ]+) *$">
|
|
549
552
|
<description>
|
|
550
|
-
MDaemon mail server
|
|
553
|
+
MDaemon mail server
|
|
551
554
|
220 foo.bar.com ESMTP service ready [1] MDaemon v2.84 R
|
|
552
555
|
</description>
|
|
553
556
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
@@ -565,7 +568,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
565
568
|
|
|
566
569
|
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] using MDaemon v([^ ]+\.[^ ]+\.[^ ]+) ([^ ]+) *$">
|
|
567
570
|
<description>
|
|
568
|
-
MDaemon mail server
|
|
571
|
+
MDaemon mail server
|
|
569
572
|
220 foo.bar.com ESMTP service ready [1] using MDaemon v3.0.3 R
|
|
570
573
|
</description>
|
|
571
574
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
@@ -583,7 +586,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
583
586
|
|
|
584
587
|
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] MDaemon v([^ ]+\.[^ ]+) ([^ ]+) ([^ ]+) *$">
|
|
585
588
|
<description>
|
|
586
|
-
MDaemon mail server
|
|
589
|
+
MDaemon mail server
|
|
587
590
|
220 foo.bar.com ESMTP service ready [1] MDaemon v2.7 SP5 R
|
|
588
591
|
</description>
|
|
589
592
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
@@ -602,7 +605,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
602
605
|
|
|
603
606
|
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] MDaemon v([^ ]+)\.([^ ]+)\.([^ ]+)\.([^ ]+) ([^ ]+) *$">
|
|
604
607
|
<description>
|
|
605
|
-
MDaemon mail server
|
|
608
|
+
MDaemon mail server
|
|
606
609
|
220 foo.bar.com ESMTP service ready [1] MDaemon v2.8.7.0 R
|
|
607
610
|
</description>
|
|
608
611
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
@@ -623,7 +626,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
623
626
|
|
|
624
627
|
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] \(MDaemon v([^ ]+\.[^ ]+) ([^ ]+) ([^ ]+)\) *$">
|
|
625
628
|
<description>
|
|
626
|
-
MDaemon mail server
|
|
629
|
+
MDaemon mail server
|
|
627
630
|
220 foo.bar.com ESMTP service ready [2] (MDaemon v2.7 SP4 R)
|
|
628
631
|
</description>
|
|
629
632
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
@@ -642,7 +645,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
642
645
|
|
|
643
646
|
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] \(MDaemon v([^ ]+\.[^ ]+) ([^ ]+) ([^ ]+) ([^ ]+)\) *$">
|
|
644
647
|
<description>
|
|
645
|
-
MDaemon mail server
|
|
648
|
+
MDaemon mail server
|
|
646
649
|
220 foo.bar.com ESMTP service ready [1] (MDaemon v2.5 rB b1 32-T)
|
|
647
650
|
</description>
|
|
648
651
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
@@ -700,7 +703,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
700
703
|
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
|
701
704
|
<param pos="1" name="service.version"/>
|
|
702
705
|
<param pos="2" name="service.version.version"/>
|
|
703
|
-
<param pos="3" name="service.version.version.version"/>
|
|
706
|
+
<param pos="3" name="service.version.version.version"/>
|
|
704
707
|
<param pos="4" name="mercur.os.info"/>
|
|
705
708
|
<param pos="5" name="system.time"/>
|
|
706
709
|
</fingerprint>
|
|
@@ -797,7 +800,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
797
800
|
|
|
798
801
|
<fingerprint pattern="^([^ ]+) Lotus SMTP MTA Service Ready *$">
|
|
799
802
|
<description>
|
|
800
|
-
Lotus Notes 4 SMTP MTA
|
|
803
|
+
Lotus Notes 4 SMTP MTA
|
|
801
804
|
</description>
|
|
802
805
|
<param pos="0" name="service.vendor" value="Lotus"/>
|
|
803
806
|
<param pos="0" name="service.family" value="Lotus Domino"/>
|
|
@@ -808,7 +811,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
808
811
|
|
|
809
812
|
<fingerprint pattern="^([^ ]+) ESMTP Service \(Lotus Domino Release (\d+\.\d+\.\w+)\) ready at (.+) *$">
|
|
810
813
|
<description>
|
|
811
|
-
Lotus Domino 5 SMTP MTA
|
|
814
|
+
Lotus Domino 5 SMTP MTA
|
|
812
815
|
220 foo.bar.com ESMTP Service (Lotus Domino Release 5.0.5) ready at Wed, 19 Dec 2001 19:54:55 -0500
|
|
813
816
|
</description>
|
|
814
817
|
<param pos="0" name="service.vendor" value="Lotus"/>
|
|
@@ -822,7 +825,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
822
825
|
|
|
823
826
|
<fingerprint pattern="^([^ ]+) ESMTP Service \(Lotus Domino Release (\d+\.\w+)\) ready at (.+) *$">
|
|
824
827
|
<description>
|
|
825
|
-
Lotus Domino 5 SMTP MTA
|
|
828
|
+
Lotus Domino 5 SMTP MTA
|
|
826
829
|
example: 220 foo.bar.com ESMTP Service (Lotus Domino Release 5.0a) ready at Wed, 20 Jun 2001 08:59:17 +0200
|
|
827
830
|
</description>
|
|
828
831
|
<param pos="0" name="service.vendor" value="Lotus"/>
|
|
@@ -836,17 +839,17 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
836
839
|
|
|
837
840
|
<fingerprint pattern="^([^ ]+) ESMTP Service \(Lotus Domino Release (\d+\.\d+\.\w+) \(Intl\)\) ready at (.+) *$">
|
|
838
841
|
<description>
|
|
839
|
-
Lotus Domino 5 SMTP MTA, International product version
|
|
842
|
+
Lotus Domino 5 SMTP MTA, International product version
|
|
840
843
|
example: 220 foo.bar.com ESMTP Service (Lotus Domino Release 5.0.5 (Intl)) ready at Tue, 6 Feb 2001 18:54:23 -0500
|
|
841
844
|
</description>
|
|
842
845
|
<param pos="0" name="service.vendor" value="Lotus"/>
|
|
843
846
|
<param pos="0" name="service.family" value="Lotus Domino"/>
|
|
844
847
|
<param pos="0" name="service.product" value="Lotus Domino"/>
|
|
845
848
|
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
|
846
|
-
<param pos="0" name="notes.intl" value="yes"/>
|
|
849
|
+
<param pos="0" name="notes.intl" value="yes"/>
|
|
847
850
|
<param pos="1" name="host.name"/>
|
|
848
851
|
<param pos="2" name="service.version"/>
|
|
849
|
-
<param pos="3" name="system.time"/>
|
|
852
|
+
<param pos="3" name="system.time"/>
|
|
850
853
|
</fingerprint>
|
|
851
854
|
|
|
852
855
|
<fingerprint pattern="^([^ ]+) ESMTP Service \(Lotus Domino Build (\d+\.\d+)\) ready at (.+) *$">
|
|
@@ -894,10 +897,10 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
894
897
|
versions 3.x and earlier of NTMail http://www.gordano.com (it was called Internet Shopper's something or other)
|
|
895
898
|
example: 220 mail.Networkengineering WindowsNT SMTP Server v3.03.0018/1.aio1/SP ESMTP ready at Wed, 25 Jul 2001 23:03:11 -0400
|
|
896
899
|
example: 220 mars.wvwc.edu WindowsNT SMTP Server v3.03.0018/1.ajhf/SP ESMTP ready at Thu, 29 Oct 1998 18:01:30 -0500
|
|
897
|
-
example: 220 mail.someisp.net WindowsNT SMTP Server v3.03.0017/1.aihl/SP ESMTP ready at Sun, 6 Jun 1999 10:39:30 -0400
|
|
900
|
+
example: 220 mail.someisp.net WindowsNT SMTP Server v3.03.0017/1.aihl/SP ESMTP ready at Sun, 6 Jun 1999 10:39:30 -0400
|
|
898
901
|
example: 220 nt03s02.switchlink.be WindowsNT SMTP Server v3.03.0014/1.aiss/SP ESMTP ready at Fri, 17 Apr 1998 16:59:04 +0100
|
|
899
902
|
example: 220 www.afsc.org WindowsNT SMTP Server v3.03.0017/1.abkz/SP ESMTP ready at Mon, 2 Oct 2000 11:50:29 -0400
|
|
900
|
-
example: 220 wwmerchant.osopinion.com WindowsNT SMTP Server v3.03.0017/4c.adur/SP ESMTP ready at Fri, 26 Mar 1999 13:20:30 -0700
|
|
903
|
+
example: 220 wwmerchant.osopinion.com WindowsNT SMTP Server v3.03.0017/4c.adur/SP ESMTP ready at Fri, 26 Mar 1999 13:20:30 -0700
|
|
901
904
|
example: 220 digital-hoon.tecdm.dmi.co.kr WindowsNT SMTP Server v3.02.07/2c.aaaj ready at Thu, 5 Dec 1996 22:46:12 +0000
|
|
902
905
|
</description>
|
|
903
906
|
<param pos="0" name="service.vendor" value="Gordano"/>
|
|
@@ -1012,31 +1015,16 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
1012
1015
|
<param pos="1" name="host.name"/>
|
|
1013
1016
|
</fingerprint>
|
|
1014
1017
|
|
|
1015
|
-
<fingerprint pattern="^([^ ]+) ESMTP server \(Post\.Office v([^ ]
|
|
1018
|
+
<fingerprint pattern="^([^ ]+) ESMTP server \(Post\.Office v([^ ]+) release (.+) ID# ([^ ]+)\) ready (.+) *$">
|
|
1016
1019
|
<description>
|
|
1017
1020
|
Post.Office (3 version numbers)
|
|
1018
|
-
example: 220 birg.connect.co.at ESMTP server (Post.Office v3.1 release PO205e ID# 0-42000U100L2S100) ready Tue, 6 Feb 2001 19:38:32 +0100
|
|
1019
1021
|
</description>
|
|
1022
|
+
<example host.name="192.168.1.1" service.version="3.1" postoffice.build="PO205e" postoffice.id="0-42000U100L2S100" system.time="Tue, 6 Feb 2001 19:38:32 +0100">192.168.1.1 ESMTP server (Post.Office v3.1 release PO205e ID# 0-42000U100L2S100) ready Tue, 6 Feb 2001 19:38:32 +0100</example>
|
|
1020
1023
|
<param pos="0" name="service.family" value="Post.Office"/>
|
|
1021
1024
|
<param pos="0" name="service.product" value="Post.Office"/>
|
|
1022
|
-
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
|
1023
|
-
<param pos="1" name="host.name"/>
|
|
1024
1025
|
<param pos="2" name="service.version"/>
|
|
1025
|
-
<param pos="3" name="postoffice.build"/>
|
|
1026
|
-
<param pos="3" name="postoffice.id"/>
|
|
1027
|
-
<param pos="4" name="system.time"/>
|
|
1028
|
-
</fingerprint>
|
|
1029
|
-
|
|
1030
|
-
<fingerprint pattern="^([^ ]+) ESMTP server \(P|post\.O|office v([^ ]+\.[^ ]+) release (.+) ID# ([^ ]+)\) ready (.+) *$">
|
|
1031
|
-
<description>
|
|
1032
|
-
Post.Office (2 version numbers)
|
|
1033
|
-
example: 220 birg.connect.co.at ESMTP server (Post.Office v3.1 release PO205e ID# 0-42000U100L2S100) ready Tue, 6 Feb 2001 19:38:32 +0100
|
|
1034
|
-
</description>
|
|
1035
|
-
<param pos="0" name="service.family" value="Post.Office"/>
|
|
1036
|
-
<param pos="0" name="service.product" value="Post.Office"/>
|
|
1037
1026
|
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
|
1038
1027
|
<param pos="1" name="host.name"/>
|
|
1039
|
-
<param pos="2" name="service.version"/>
|
|
1040
1028
|
<param pos="3" name="postoffice.build"/>
|
|
1041
1029
|
<param pos="4" name="postoffice.id"/>
|
|
1042
1030
|
<param pos="5" name="system.time"/>
|
|
@@ -1079,7 +1067,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
1079
1067
|
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
|
1080
1068
|
<param pos="1" name="host.name"/>
|
|
1081
1069
|
<param pos="2" name="service.version"/>
|
|
1082
|
-
<param pos="3" name="sendmail.hpux.phne.version"/>
|
|
1070
|
+
<param pos="3" name="sendmail.hpux.phne.version"/>
|
|
1083
1071
|
<param pos="4" name="sendmail.config.version"/>
|
|
1084
1072
|
<param pos="5" name="system.time"/>
|
|
1085
1073
|
</fingerprint>
|
|
@@ -1527,7 +1515,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
1527
1515
|
<!-- these suckers can have LOTS of version numbers -->
|
|
1528
1516
|
<fingerprint pattern="^([^ ]+) -- Server ESMTP \(Sun Internet Mail Server sims\.([^\.]+\.[^\.]+\.[^\.]+\.[^\.]+\.[^\.]+\.[^\.]+\.[^\.]+)\)$">
|
|
1529
1517
|
<description>
|
|
1530
|
-
220 mercury.doc.ntu.ac.uk -- Server ESMTP (Sun Internet Mail Server sims.4.0.1999.06.13.00.20)
|
|
1518
|
+
220 mercury.doc.ntu.ac.uk -- Server ESMTP (Sun Internet Mail Server sims.4.0.1999.06.13.00.20)
|
|
1531
1519
|
</description>
|
|
1532
1520
|
<param pos="0" name="service.vendor" value="Sun"/>
|
|
1533
1521
|
<param pos="0" name="service.family" value="Internet Mail Server"/>
|
|
@@ -1604,7 +1592,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
1604
1592
|
<param pos="0" name="service.product" value="VOPMail"/>
|
|
1605
1593
|
<param pos="1" name="host.name"/>
|
|
1606
1594
|
<param pos="2" name="service.version"/>
|
|
1607
|
-
</fingerprint>
|
|
1595
|
+
</fingerprint>
|
|
1608
1596
|
|
|
1609
1597
|
<fingerprint pattern="^([^ ]+) VPOP3 SMTP Server Ready *$">
|
|
1610
1598
|
<description>
|
|
@@ -1718,12 +1706,12 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
1718
1706
|
<param pos="0" name="service.family" value="ZMailer"/>
|
|
1719
1707
|
<param pos="0" name="service.product" value="ZMailer"/>
|
|
1720
1708
|
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
|
1721
|
-
<param pos="0" name="zmailer.ident" value="yes"/>
|
|
1709
|
+
<param pos="0" name="zmailer.ident" value="yes"/>
|
|
1722
1710
|
<param pos="1" name="host.name"/>
|
|
1723
1711
|
<param pos="2" name="service.version"/>
|
|
1724
1712
|
<param pos="3" name="service.version.version"/>
|
|
1725
1713
|
<param pos="4" name="system.time"/>
|
|
1726
|
-
</fingerprint>
|
|
1714
|
+
</fingerprint>
|
|
1727
1715
|
|
|
1728
1716
|
<fingerprint pattern="^([^ ]+) E?SMTP(?: Ready\.?)?$">
|
|
1729
1717
|
<description>
|