recog 2.0.13 → 2.0.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +19 -6
- data/features/{xml → data}/failing_banners_fingerprints.xml +0 -0
- data/features/{xml → data}/matching_banners_fingerprints.xml +0 -0
- data/features/{xml → data}/no_tests.xml +0 -0
- data/features/{xml/banners.xml → data/sample_banner.txt} +0 -0
- data/features/{xml → data}/successful_tests.xml +0 -0
- data/features/{xml → data}/tests_with_failures.xml +0 -0
- data/features/{xml → data}/tests_with_warnings.xml +0 -0
- data/features/match.feature +2 -2
- data/features/support/env.rb +1 -1
- data/lib/recog/version.rb +1 -1
- data/misc/order.xsl +17 -0
- data/spec/lib/fingerprint_self_test_spec.rb +8 -0
- data/xml/apache_os.xml +270 -334
- data/xml/architecture.xml +28 -41
- data/xml/fingerprints.xsd +37 -0
- data/xml/ftp_banners.xml +52 -58
- data/xml/h323_callresp.xml +597 -695
- data/xml/hp_pjl_id.xml +370 -409
- data/xml/http_cookies.xml +304 -348
- data/xml/http_servers.xml +3202 -3483
- data/xml/http_wwwauth.xml +342 -409
- data/xml/imap_banners.xml +149 -190
- data/xml/mdns_device-info_txt.xml +97 -111
- data/xml/mdns_workstation_txt.xml +6 -6
- data/xml/mysql_banners.xml +99 -198
- data/xml/mysql_error.xml +4 -11
- data/xml/nntp_banners.xml +42 -45
- data/xml/ntp_banners.xml +2 -3
- data/xml/pop_banners.xml +214 -247
- data/xml/rsh_resp.xml +68 -76
- data/xml/sip_banners.xml +19 -19
- data/xml/sip_user_agents.xml +63 -74
- data/xml/smb_native_os.xml +387 -433
- data/xml/smtp_banners.xml +1318 -1460
- data/xml/smtp_debug.xml +24 -27
- data/xml/smtp_ehlo.xml +19 -22
- data/xml/smtp_expn.xml +61 -70
- data/xml/smtp_help.xml +139 -160
- data/xml/smtp_mailfrom.xml +14 -16
- data/xml/smtp_noop.xml +28 -31
- data/xml/smtp_quit.xml +16 -18
- data/xml/smtp_rcptto.xml +8 -10
- data/xml/smtp_rset.xml +12 -13
- data/xml/smtp_turn.xml +12 -13
- data/xml/smtp_vrfy.xml +66 -76
- data/xml/snmp_sysdescr.xml +7257 -8016
- data/xml/snmp_sysobjid.xml +392 -434
- data/xml/ssh_banners.xml +783 -867
- data/xml/upnp_banners.xml +594 -628
- metadata +11 -9
data/xml/smtp_debug.xml
CHANGED
@@ -1,45 +1,42 @@
|
|
1
|
-
<?xml version="1.0"?>
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
2
2
|
<!--
|
3
3
|
SMTP response lines to the DEBUG command are matched against these patterns
|
4
4
|
(1 line at a time) to fingerprint SMTP servers.
|
5
5
|
|
6
6
|
See comment at the top of smtp_banners.xml for additional info.
|
7
7
|
-->
|
8
|
-
|
9
8
|
<fingerprints>
|
10
|
-
|
11
|
-
|
9
|
+
<fingerprint pattern="^500 No way!$">
|
10
|
+
<description>
|
12
11
|
Exim
|
13
12
|
example: 500 No way!
|
14
13
|
</description>
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
<description>
|
14
|
+
<param pos="0" name="service.vendor" value="exim"/>
|
15
|
+
<param pos="0" name="service.family" value="exim"/>
|
16
|
+
<param pos="0" name="service.product" value="exim"/>
|
17
|
+
</fingerprint>
|
18
|
+
<fingerprint pattern="^250[ -] *Debug set -NOT!$">
|
19
|
+
<description>
|
22
20
|
TIS FWTK and derivatives
|
23
21
|
http://www.tis.com/research/software/
|
24
22
|
This fingerprint may be ambiguous because other firewalls (like
|
25
23
|
Gauntlet) are derived from TIS
|
26
24
|
</description>
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
<description>
|
25
|
+
<param pos="0" name="service.vendor" value="TIS"/>
|
26
|
+
<param pos="0" name="service.family" value="FWTK"/>
|
27
|
+
<param pos="0" name="service.product" value="FWTK"/>
|
28
|
+
</fingerprint>
|
29
|
+
<fingerprint pattern="^500[ -]What\? I don't understand that\.$">
|
30
|
+
<description>
|
34
31
|
500 What? I don't understand that.
|
35
32
|
</description>
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
33
|
+
<param pos="0" name="service.vendor" value="Alt-N"/>
|
34
|
+
<param pos="0" name="service.family" value="MDaemon"/>
|
35
|
+
<param pos="0" name="service.product" value="MDaemon"/>
|
36
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
37
|
+
<param pos="0" name="os.family" value="Windows"/>
|
38
|
+
<param pos="0" name="os.device" value="General"/>
|
39
|
+
<param pos="0" name="os.product" value="Windows"/>
|
40
|
+
<param pos="0" name="os.arch" value="x86"/>
|
41
|
+
</fingerprint>
|
45
42
|
</fingerprints>
|
data/xml/smtp_ehlo.xml
CHANGED
@@ -1,23 +1,21 @@
|
|
1
|
-
<?xml version="1.0"?>
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
2
2
|
<!--
|
3
3
|
SMTP response lines to the EHLO command are matched against these patterns
|
4
4
|
(1 line at a time) to fingerprint SMTP servers.
|
5
5
|
|
6
6
|
See comment at the top of smtp_banners.xml for additional info.
|
7
7
|
-->
|
8
|
-
|
9
8
|
<fingerprints>
|
10
|
-
|
11
|
-
|
9
|
+
<fingerprint pattern="^500[ -]Syntax error, command "XXXX" unrecognized$">
|
10
|
+
<description>
|
12
11
|
Cisco PIX changes the command letters to 'X' before passing
|
13
12
|
them to the real SMTP server.
|
14
13
|
</description>
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
<!--
|
14
|
+
<param pos="0" name="service.vendor" value="Cisco"/>
|
15
|
+
<param pos="0" name="service.family" value="PIX"/>
|
16
|
+
<param pos="0" name="service.product" value="PIX"/>
|
17
|
+
</fingerprint>
|
18
|
+
<!--
|
21
19
|
Don't try to infer a fingerprint from XEXCH50, because if we do, it might overwrite
|
22
20
|
a very precise MS IIS SMTP service or MS Exchange Server fingerprint found with the
|
23
21
|
help of smtp_banners.xml. Instead, this case is handled specially by the Jess rule
|
@@ -36,18 +34,17 @@ See comment at the top of smtp_banners.xml for additional info.
|
|
36
34
|
<param pos="0" name="os.product" value="Windows"/>
|
37
35
|
</fingerprint>
|
38
36
|
-->
|
39
|
-
|
40
|
-
|
41
|
-
<description>
|
37
|
+
<fingerprint pattern="^221[ -]See ya in cyberspace$">
|
38
|
+
<description>
|
42
39
|
221 See ya in cyberspace
|
43
40
|
</description>
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
41
|
+
<param pos="0" name="service.vendor" value="Alt-N"/>
|
42
|
+
<param pos="0" name="service.family" value="MDaemon"/>
|
43
|
+
<param pos="0" name="service.product" value="MDaemon"/>
|
44
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
45
|
+
<param pos="0" name="os.family" value="Windows"/>
|
46
|
+
<param pos="0" name="os.device" value="General"/>
|
47
|
+
<param pos="0" name="os.product" value="Windows"/>
|
48
|
+
<param pos="0" name="os.arch" value="x86"/>
|
49
|
+
</fingerprint>
|
53
50
|
</fingerprints>
|
data/xml/smtp_expn.xml
CHANGED
@@ -1,95 +1,86 @@
|
|
1
|
-
<?xml version="1.0"?>
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
2
2
|
<!--
|
3
3
|
SMTP response lines to the EXPN command are matched against these patterns
|
4
4
|
(1 line at a time) to fingerprint SMTP servers.
|
5
5
|
|
6
6
|
See comment at the top of smtp_banners.xml for additional info.
|
7
7
|
-->
|
8
|
-
|
9
8
|
<fingerprints>
|
10
|
-
|
11
|
-
|
9
|
+
<fingerprint pattern="^500[ -]Syntax error, command "XXXX.*" unrecognized$">
|
10
|
+
<description>
|
12
11
|
Cisco PIX changes the command letters to 'X' before passing
|
13
12
|
them to the real SMTP server.
|
14
13
|
</description>
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
<description>
|
14
|
+
<param pos="0" name="service.vendor" value="Cisco"/>
|
15
|
+
<param pos="0" name="service.family" value="PIX"/>
|
16
|
+
<param pos="0" name="service.product" value="PIX"/>
|
17
|
+
</fingerprint>
|
18
|
+
<fingerprint pattern="^550[ -]EXPN not available to \(.+\) \[.+\] *$">
|
19
|
+
<description>
|
22
20
|
Exim
|
23
21
|
example: 550 EXPN not available to (foo.bar.com) [192.168.0.1]
|
24
22
|
</description>
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
<description>
|
23
|
+
<param pos="0" name="service.vendor" value="exim"/>
|
24
|
+
<param pos="0" name="service.family" value="exim"/>
|
25
|
+
<param pos="0" name="service.product" value="exim"/>
|
26
|
+
</fingerprint>
|
27
|
+
<fingerprint pattern="^550[ -]EXPN not available to [^ ]+ \(.+\) \[.+\] *$">
|
28
|
+
<description>
|
32
29
|
Exim
|
33
30
|
example: 550 EXPN not available to evil.com (foo.bar.com) [192.168.0.1]
|
34
31
|
</description>
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
<fingerprint pattern="^550[ -]lists are confidential *$">
|
56
|
-
<description>
|
32
|
+
<param pos="0" name="service.vendor" value="exim"/>
|
33
|
+
<param pos="0" name="service.family" value="exim"/>
|
34
|
+
<param pos="0" name="service.product" value="exim"/>
|
35
|
+
</fingerprint>
|
36
|
+
<fingerprint pattern="^500[ -]Don't you wish! *$">
|
37
|
+
<description>GNAT box SMTP</description>
|
38
|
+
<param pos="0" name="service.vendor" value="Global Technology Associates"/>
|
39
|
+
<param pos="0" name="service.family" value="GNAT Box"/>
|
40
|
+
<param pos="0" name="service.product" value="GNAT Box"/>
|
41
|
+
</fingerprint>
|
42
|
+
<!-- VM SMTP server doesn't like brackets in EXPN commands... -->
|
43
|
+
<fingerprint pattern="^501[ -]Syntax Error\. Only ListId or Userid allowed as argument to this command *$">
|
44
|
+
<description>IBM VM SMTP</description>
|
45
|
+
<param pos="0" name="service.vendor" value="IBM"/>
|
46
|
+
<param pos="0" name="service.family" value="VM"/>
|
47
|
+
<param pos="0" name="service.product" value="VM"/>
|
48
|
+
</fingerprint>
|
49
|
+
<fingerprint pattern="^550[ -]lists are confidential *$">
|
50
|
+
<description>
|
57
51
|
example: 550 lists are confidential
|
58
52
|
</description>
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
<description>
|
53
|
+
<param pos="0" name="service.vendor" value="Ipswitch"/>
|
54
|
+
<param pos="0" name="service.family" value="IMail Server"/>
|
55
|
+
<param pos="0" name="service.product" value="IMail Server"/>
|
56
|
+
</fingerprint>
|
57
|
+
<fingerprint pattern="^502[ -]command is not active$">
|
58
|
+
<description>
|
66
59
|
502 command is not active
|
67
60
|
</description>
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
<description>
|
61
|
+
<param pos="0" name="service.vendor" value="Alt-N"/>
|
62
|
+
<param pos="0" name="service.family" value="MDaemon"/>
|
63
|
+
<param pos="0" name="service.product" value="MDaemon"/>
|
64
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
65
|
+
<param pos="0" name="os.family" value="Windows"/>
|
66
|
+
<param pos="0" name="os.device" value="General"/>
|
67
|
+
<param pos="0" name="os.product" value="Windows"/>
|
68
|
+
<param pos="0" name="os.arch" value="x86"/>
|
69
|
+
</fingerprint>
|
70
|
+
<fingerprint pattern="^252 Unable to EXPN ".*", but will accept message and attempt delivery *$">
|
71
|
+
<description>
|
80
72
|
Lotus Domino
|
81
73
|
</description>
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
<description>
|
74
|
+
<param pos="0" name="service.vendor" value="Lotus"/>
|
75
|
+
<param pos="0" name="service.family" value="Lotus Domino"/>
|
76
|
+
<param pos="0" name="service.product" value="Lotus Domino"/>
|
77
|
+
</fingerprint>
|
78
|
+
<fingerprint pattern="^550[ -]Unable to find list '.*'\.$">
|
79
|
+
<description>
|
89
80
|
example: 550 Unable to find list 'list'.
|
90
81
|
</description>
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
82
|
+
<param pos="0" name="service.vendor" value="Seattle Labs"/>
|
83
|
+
<param pos="0" name="service.family" value="SLMail"/>
|
84
|
+
<param pos="0" name="service.product" value="SLMail"/>
|
85
|
+
</fingerprint>
|
95
86
|
</fingerprints>
|
data/xml/smtp_help.xml
CHANGED
@@ -1,213 +1,192 @@
|
|
1
|
-
<?xml version="1.0"?>
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
2
2
|
<!--
|
3
3
|
SMTP response lines to the HELP command are matched against these patterns
|
4
4
|
(1 line at a time) to fingerprint SMTP servers.
|
5
5
|
|
6
6
|
See comment at the top of smtp_banners.xml for additional info.
|
7
7
|
-->
|
8
|
-
|
9
8
|
<fingerprints>
|
10
|
-
|
11
|
-
|
9
|
+
<fingerprint pattern="^214[ -]This is ArGoSoft Mail Server, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
|
10
|
+
<description>
|
12
11
|
ArgoSoft mail server HELP response
|
13
12
|
Example: 214-This is ArGoSoft Mail Server, Version 1.4 (1.4.0.3)
|
14
13
|
</description>
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
<description>
|
14
|
+
<param pos="0" name="service.vendor" value="ArGoSoft"/>
|
15
|
+
<param pos="0" name="service.family" value="Mail Server"/>
|
16
|
+
<param pos="0" name="service.product" value="Mail Server"/>
|
17
|
+
<param pos="1" name="service.version"/>
|
18
|
+
</fingerprint>
|
19
|
+
<fingerprint pattern="^214[ -].*support@argosoft\.com *$">
|
20
|
+
<description>
|
23
21
|
ArgoSoft mail server HELP response
|
24
22
|
Example: 214-To report bug, send mail to support@argosoft.com
|
25
23
|
</description>
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
<description>
|
24
|
+
<param pos="0" name="service.vendor" value="ArGoSoft"/>
|
25
|
+
<param pos="0" name="service.family" value="Mail Server"/>
|
26
|
+
<param pos="0" name="service.product" value="Mail Server"/>
|
27
|
+
</fingerprint>
|
28
|
+
<fingerprint pattern="^500[ -]Syntax error, command "XXXX" unrecognized$">
|
29
|
+
<description>
|
33
30
|
Cisco PIX changes the command letters to 'X' before passing
|
34
31
|
them to the real SMTP server.
|
35
32
|
</description>
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
</fingerprint>
|
61
|
-
|
62
|
-
<!--
|
33
|
+
<param pos="0" name="service.vendor" value="Cisco"/>
|
34
|
+
<param pos="0" name="service.family" value="PIX"/>
|
35
|
+
<param pos="0" name="service.product" value="PIX"/>
|
36
|
+
</fingerprint>
|
37
|
+
<fingerprint pattern="^500[ -]5.5.1 unrecognised command HELP$">
|
38
|
+
<description>
|
39
|
+
Eudora IMS uses the British spelling "unrecognised"
|
40
|
+
</description>
|
41
|
+
<param pos="0" name="service.vendor" value="Eudora"/>
|
42
|
+
<param pos="0" name="service.family" value="Internet Mail Server"/>
|
43
|
+
<param pos="0" name="service.product" value="Internet Mail Server"/>
|
44
|
+
<param pos="0" name="os.vendor" value="Apple"/>
|
45
|
+
<param pos="0" name="os.family" value="Mac OS"/>
|
46
|
+
<param pos="0" name="os.device" value="General"/>
|
47
|
+
<param pos="0" name="os.product" value="Mac OS"/>
|
48
|
+
</fingerprint>
|
49
|
+
<fingerprint pattern="^214[ -]([^ ]+) is running the IBM VM operating system$">
|
50
|
+
<description>IBM VM</description>
|
51
|
+
<param pos="0" name="service.vendor" value="IBM"/>
|
52
|
+
<param pos="0" name="service.family" value="VM"/>
|
53
|
+
<param pos="0" name="service.product" value="VM"/>
|
54
|
+
<param pos="1" name="host.name"/>
|
55
|
+
</fingerprint>
|
56
|
+
<!--
|
63
57
|
Shouldn't we ignore XEXCH50 for the same reasons than described in the XEXCH50 regex
|
64
58
|
in smtp_ehlo.xml ? -mrb
|
65
59
|
-->
|
66
|
-
|
67
|
-
|
60
|
+
<fingerprint pattern="^214[ -].* XEXCH50 *.*$">
|
61
|
+
<description>
|
68
62
|
Microsoft Exchange/IIS server
|
69
63
|
</description>
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
<description>
|
64
|
+
<param pos="0" name="service.vendor" value="Microsoft"/>
|
65
|
+
<param pos="0" name="service.family" value="Exchange Server"/>
|
66
|
+
<param pos="0" name="service.product" value="Exchange Server"/>
|
67
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
68
|
+
<param pos="0" name="os.family" value="Windows"/>
|
69
|
+
<param pos="0" name="os.device" value="General"/>
|
70
|
+
<param pos="0" name="os.product" value="Windows"/>
|
71
|
+
</fingerprint>
|
72
|
+
<fingerprint pattern="^214[ -]Help system currently inactive\.$">
|
73
|
+
<description>
|
81
74
|
214 Help system currently inactive.
|
82
75
|
</description>
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
<description>
|
76
|
+
<param pos="0" name="service.vendor" value="Alt-N"/>
|
77
|
+
<param pos="0" name="service.family" value="MDaemon"/>
|
78
|
+
<param pos="0" name="service.product" value="MDaemon"/>
|
79
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
80
|
+
<param pos="0" name="os.family" value="Windows"/>
|
81
|
+
<param pos="0" name="os.device" value="General"/>
|
82
|
+
<param pos="0" name="os.product" value="Windows"/>
|
83
|
+
<param pos="0" name="os.arch" value="x86"/>
|
84
|
+
</fingerprint>
|
85
|
+
<fingerprint pattern="^214[ -].*This is MERAK ([^ ]+\.[^ ]+\.[^ ]+).*$">
|
86
|
+
<description>
|
95
87
|
Merak mail server http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)
|
96
88
|
</description>
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
<description>
|
89
|
+
<param pos="0" name="service.vendor" value="Merak"/>
|
90
|
+
<param pos="0" name="service.family" value="Mail Server"/>
|
91
|
+
<param pos="0" name="service.product" value="Mail Server"/>
|
92
|
+
<param pos="1" name="service.version"/>
|
93
|
+
</fingerprint>
|
94
|
+
<fingerprint pattern="^214[ -].*This is Merak ([^ ]+\.[^ ]+\.[^ ]+).*$">
|
95
|
+
<description>
|
105
96
|
Merak mail server http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)
|
106
97
|
</description>
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
<description>
|
98
|
+
<param pos="0" name="service.vendor" value="Merak"/>
|
99
|
+
<param pos="0" name="service.family" value="Mail Server"/>
|
100
|
+
<param pos="0" name="service.product" value="Mail Server"/>
|
101
|
+
<param pos="1" name="service.version"/>
|
102
|
+
</fingerprint>
|
103
|
+
<fingerprint pattern="^214[ -].*bugs@merakmail\.com.*$">
|
104
|
+
<description>
|
115
105
|
Merak mail server http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)
|
116
106
|
</description>
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
<description>
|
107
|
+
<param pos="0" name="service.vendor" value="Merak"/>
|
108
|
+
<param pos="0" name="service.family" value="Mail Server"/>
|
109
|
+
<param pos="0" name="service.product" value="Mail Server"/>
|
110
|
+
</fingerprint>
|
111
|
+
<fingerprint pattern="^214[ -].*bugs@icewarp\.com.*$">
|
112
|
+
<description>
|
124
113
|
Merak mail server http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)
|
125
114
|
</description>
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
<description>
|
115
|
+
<param pos="0" name="service.vendor" value="Merak"/>
|
116
|
+
<param pos="0" name="service.family" value="Mail Server"/>
|
117
|
+
<param pos="0" name="service.product" value="Mail Server"/>
|
118
|
+
</fingerprint>
|
119
|
+
<fingerprint pattern="^214[ -]qmail home page: http://pobox.com/~djb/qmail.html *$">
|
120
|
+
<description>
|
133
121
|
example: 214 qmail home page: http://pobox.com/~djb/qmail.html
|
134
122
|
</description>
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
<description>
|
123
|
+
<param pos="0" name="service.vendor" value="qmail"/>
|
124
|
+
<param pos="0" name="service.family" value="qmail"/>
|
125
|
+
<param pos="0" name="service.product" value="qmail"/>
|
126
|
+
</fingerprint>
|
127
|
+
<fingerprint pattern="^214[ -].*contact the Digital Customer Support Center at 1-800-354-9000.*$">
|
128
|
+
<description>
|
142
129
|
sendmail on Digital OSF UNIX
|
143
130
|
</description>
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
<description>
|
131
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
132
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
133
|
+
<param pos="0" name="service.certainty" value="0.85"/>
|
134
|
+
<param pos="0" name="os.vendor" value="DEC"/>
|
135
|
+
<param pos="0" name="os.family" value="Digital UNIX"/>
|
136
|
+
<param pos="0" name="os.device" value="General"/>
|
137
|
+
<param pos="0" name="os.product" value="OSF/1"/>
|
138
|
+
</fingerprint>
|
139
|
+
<fingerprint pattern="^214[ -]2.0.0 This is [s|S]endmail version ([^ ]+)$">
|
140
|
+
<description>
|
155
141
|
sendmail often returns version information for HELP, even when the
|
156
142
|
greeting is obscured
|
157
143
|
</description>
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
<description>
|
144
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
145
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
146
|
+
<param pos="1" name="service.version"/>
|
147
|
+
</fingerprint>
|
148
|
+
<fingerprint pattern="^214[ -]This is [s|S]endmail version ([^ ]+)$">
|
149
|
+
<description>
|
165
150
|
sendmail often returns version information for HELP, even when the
|
166
151
|
greeting is obscured
|
167
152
|
</description>
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
<description>
|
153
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
154
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
155
|
+
<param pos="1" name="service.version"/>
|
156
|
+
</fingerprint>
|
157
|
+
<fingerprint pattern="^502[ -]5\.3\.0 Sendmail ([^ ]+) -- HELP not implemented$">
|
158
|
+
<description>
|
175
159
|
502 5.3.0 Sendmail 8.11.2 -- HELP not implemented
|
176
160
|
</description>
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
<description>
|
161
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
162
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
163
|
+
<param pos="1" name="service.version"/>
|
164
|
+
</fingerprint>
|
165
|
+
<fingerprint pattern="^214[ -].*sendmail-bugs@sendmail\.org.*$">
|
166
|
+
<description>
|
184
167
|
sendmail often returns version information for HELP, even when the
|
185
168
|
greeting is obscured
|
186
169
|
</description>
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
<description>
|
170
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
171
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
172
|
+
<param pos="0" name="service.certainty" value="0.85"/>
|
173
|
+
</fingerprint>
|
174
|
+
<fingerprint pattern="^241[ -].*$">
|
175
|
+
<description>
|
194
176
|
ZMailer versions earlier than 2.99.21 mistakenly return the status
|
195
177
|
code 241 on some HELP response lines (instead of 214).
|
196
178
|
</description>
|
197
|
-
|
198
|
-
|
199
|
-
|
200
|
-
|
201
|
-
|
202
|
-
|
203
|
-
<fingerprint pattern="^214[ -].*Yoyodyne Propulsion.*$">
|
204
|
-
<description>
|
179
|
+
<param pos="0" name="service.vendor" value="ZMailer"/>
|
180
|
+
<param pos="0" name="service.family" value="ZMailer"/>
|
181
|
+
<param pos="0" name="service.product" value="ZMailer"/>
|
182
|
+
</fingerprint>
|
183
|
+
<fingerprint pattern="^214[ -].*Yoyodyne Propulsion.*$">
|
184
|
+
<description>
|
205
185
|
ZMailer has distinctive default HELP text in smtpserver.conf.
|
206
186
|
See http://www.zmailer.org/zman/zadm-smtpserver.html#ZADM-SMTPSERVER-CONF
|
207
187
|
</description>
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
|
212
|
-
</fingerprint>
|
188
|
+
<param pos="0" name="service.vendor" value="ZMailer"/>
|
189
|
+
<param pos="0" name="service.family" value="ZMailer"/>
|
190
|
+
<param pos="0" name="service.product" value="ZMailer"/>
|
191
|
+
</fingerprint>
|
213
192
|
</fingerprints>
|