recog 2.0.13 → 2.0.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +19 -6
  3. data/features/{xml → data}/failing_banners_fingerprints.xml +0 -0
  4. data/features/{xml → data}/matching_banners_fingerprints.xml +0 -0
  5. data/features/{xml → data}/no_tests.xml +0 -0
  6. data/features/{xml/banners.xml → data/sample_banner.txt} +0 -0
  7. data/features/{xml → data}/successful_tests.xml +0 -0
  8. data/features/{xml → data}/tests_with_failures.xml +0 -0
  9. data/features/{xml → data}/tests_with_warnings.xml +0 -0
  10. data/features/match.feature +2 -2
  11. data/features/support/env.rb +1 -1
  12. data/lib/recog/version.rb +1 -1
  13. data/misc/order.xsl +17 -0
  14. data/spec/lib/fingerprint_self_test_spec.rb +8 -0
  15. data/xml/apache_os.xml +270 -334
  16. data/xml/architecture.xml +28 -41
  17. data/xml/fingerprints.xsd +37 -0
  18. data/xml/ftp_banners.xml +52 -58
  19. data/xml/h323_callresp.xml +597 -695
  20. data/xml/hp_pjl_id.xml +370 -409
  21. data/xml/http_cookies.xml +304 -348
  22. data/xml/http_servers.xml +3202 -3483
  23. data/xml/http_wwwauth.xml +342 -409
  24. data/xml/imap_banners.xml +149 -190
  25. data/xml/mdns_device-info_txt.xml +97 -111
  26. data/xml/mdns_workstation_txt.xml +6 -6
  27. data/xml/mysql_banners.xml +99 -198
  28. data/xml/mysql_error.xml +4 -11
  29. data/xml/nntp_banners.xml +42 -45
  30. data/xml/ntp_banners.xml +2 -3
  31. data/xml/pop_banners.xml +214 -247
  32. data/xml/rsh_resp.xml +68 -76
  33. data/xml/sip_banners.xml +19 -19
  34. data/xml/sip_user_agents.xml +63 -74
  35. data/xml/smb_native_os.xml +387 -433
  36. data/xml/smtp_banners.xml +1318 -1460
  37. data/xml/smtp_debug.xml +24 -27
  38. data/xml/smtp_ehlo.xml +19 -22
  39. data/xml/smtp_expn.xml +61 -70
  40. data/xml/smtp_help.xml +139 -160
  41. data/xml/smtp_mailfrom.xml +14 -16
  42. data/xml/smtp_noop.xml +28 -31
  43. data/xml/smtp_quit.xml +16 -18
  44. data/xml/smtp_rcptto.xml +8 -10
  45. data/xml/smtp_rset.xml +12 -13
  46. data/xml/smtp_turn.xml +12 -13
  47. data/xml/smtp_vrfy.xml +66 -76
  48. data/xml/snmp_sysdescr.xml +7257 -8016
  49. data/xml/snmp_sysobjid.xml +392 -434
  50. data/xml/ssh_banners.xml +783 -867
  51. data/xml/upnp_banners.xml +594 -628
  52. metadata +11 -9
@@ -1,45 +1,42 @@
1
- <?xml version="1.0"?>
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
2
  <!--
3
3
  SMTP response lines to the DEBUG command are matched against these patterns
4
4
  (1 line at a time) to fingerprint SMTP servers.
5
5
 
6
6
  See comment at the top of smtp_banners.xml for additional info.
7
7
  -->
8
-
9
8
  <fingerprints>
10
- <fingerprint pattern="^500 No way!$">
11
- <description>
9
+ <fingerprint pattern="^500 No way!$">
10
+ <description>
12
11
  Exim
13
12
  example: 500 No way!
14
13
  </description>
15
- <param pos="0" name="service.vendor" value="exim"/>
16
- <param pos="0" name="service.family" value="exim"/>
17
- <param pos="0" name="service.product" value="exim"/>
18
- </fingerprint>
19
-
20
- <fingerprint pattern="^250[ -] *Debug set -NOT!$">
21
- <description>
14
+ <param pos="0" name="service.vendor" value="exim"/>
15
+ <param pos="0" name="service.family" value="exim"/>
16
+ <param pos="0" name="service.product" value="exim"/>
17
+ </fingerprint>
18
+ <fingerprint pattern="^250[ -] *Debug set -NOT!$">
19
+ <description>
22
20
  TIS FWTK and derivatives
23
21
  http://www.tis.com/research/software/
24
22
  This fingerprint may be ambiguous because other firewalls (like
25
23
  Gauntlet) are derived from TIS
26
24
  </description>
27
- <param pos="0" name="service.vendor" value="TIS"/>
28
- <param pos="0" name="service.family" value="FWTK"/>
29
- <param pos="0" name="service.product" value="FWTK"/>
30
- </fingerprint>
31
-
32
- <fingerprint pattern="^500[ -]What\? I don't understand that\.$">
33
- <description>
25
+ <param pos="0" name="service.vendor" value="TIS"/>
26
+ <param pos="0" name="service.family" value="FWTK"/>
27
+ <param pos="0" name="service.product" value="FWTK"/>
28
+ </fingerprint>
29
+ <fingerprint pattern="^500[ -]What\? I don't understand that\.$">
30
+ <description>
34
31
  500 What? I don't understand that.
35
32
  </description>
36
- <param pos="0" name="service.vendor" value="Alt-N"/>
37
- <param pos="0" name="service.family" value="MDaemon"/>
38
- <param pos="0" name="service.product" value="MDaemon"/>
39
- <param pos="0" name="os.vendor" value="Microsoft"/>
40
- <param pos="0" name="os.family" value="Windows"/>
41
- <param pos="0" name="os.device" value="General"/>
42
- <param pos="0" name="os.product" value="Windows"/>
43
- <param pos="0" name="os.arch" value="x86"/>
44
- </fingerprint>
33
+ <param pos="0" name="service.vendor" value="Alt-N"/>
34
+ <param pos="0" name="service.family" value="MDaemon"/>
35
+ <param pos="0" name="service.product" value="MDaemon"/>
36
+ <param pos="0" name="os.vendor" value="Microsoft"/>
37
+ <param pos="0" name="os.family" value="Windows"/>
38
+ <param pos="0" name="os.device" value="General"/>
39
+ <param pos="0" name="os.product" value="Windows"/>
40
+ <param pos="0" name="os.arch" value="x86"/>
41
+ </fingerprint>
45
42
  </fingerprints>
@@ -1,23 +1,21 @@
1
- <?xml version="1.0"?>
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
2
  <!--
3
3
  SMTP response lines to the EHLO command are matched against these patterns
4
4
  (1 line at a time) to fingerprint SMTP servers.
5
5
 
6
6
  See comment at the top of smtp_banners.xml for additional info.
7
7
  -->
8
-
9
8
  <fingerprints>
10
- <fingerprint pattern="^500[ -]Syntax error, command &quot;XXXX&quot; unrecognized$">
11
- <description>
9
+ <fingerprint pattern="^500[ -]Syntax error, command &quot;XXXX&quot; unrecognized$">
10
+ <description>
12
11
  Cisco PIX changes the command letters to 'X' before passing
13
12
  them to the real SMTP server.
14
13
  </description>
15
- <param pos="0" name="service.vendor" value="Cisco"/>
16
- <param pos="0" name="service.family" value="PIX"/>
17
- <param pos="0" name="service.product" value="PIX"/>
18
- </fingerprint>
19
-
20
- <!--
14
+ <param pos="0" name="service.vendor" value="Cisco"/>
15
+ <param pos="0" name="service.family" value="PIX"/>
16
+ <param pos="0" name="service.product" value="PIX"/>
17
+ </fingerprint>
18
+ <!--
21
19
  Don't try to infer a fingerprint from XEXCH50, because if we do, it might overwrite
22
20
  a very precise MS IIS SMTP service or MS Exchange Server fingerprint found with the
23
21
  help of smtp_banners.xml. Instead, this case is handled specially by the Jess rule
@@ -36,18 +34,17 @@ See comment at the top of smtp_banners.xml for additional info.
36
34
  <param pos="0" name="os.product" value="Windows"/>
37
35
  </fingerprint>
38
36
  -->
39
-
40
- <fingerprint pattern="^221[ -]See ya in cyberspace$">
41
- <description>
37
+ <fingerprint pattern="^221[ -]See ya in cyberspace$">
38
+ <description>
42
39
  221 See ya in cyberspace
43
40
  </description>
44
- <param pos="0" name="service.vendor" value="Alt-N"/>
45
- <param pos="0" name="service.family" value="MDaemon"/>
46
- <param pos="0" name="service.product" value="MDaemon"/>
47
- <param pos="0" name="os.vendor" value="Microsoft"/>
48
- <param pos="0" name="os.family" value="Windows"/>
49
- <param pos="0" name="os.device" value="General"/>
50
- <param pos="0" name="os.product" value="Windows"/>
51
- <param pos="0" name="os.arch" value="x86"/>
52
- </fingerprint>
41
+ <param pos="0" name="service.vendor" value="Alt-N"/>
42
+ <param pos="0" name="service.family" value="MDaemon"/>
43
+ <param pos="0" name="service.product" value="MDaemon"/>
44
+ <param pos="0" name="os.vendor" value="Microsoft"/>
45
+ <param pos="0" name="os.family" value="Windows"/>
46
+ <param pos="0" name="os.device" value="General"/>
47
+ <param pos="0" name="os.product" value="Windows"/>
48
+ <param pos="0" name="os.arch" value="x86"/>
49
+ </fingerprint>
53
50
  </fingerprints>
@@ -1,95 +1,86 @@
1
- <?xml version="1.0"?>
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
2
  <!--
3
3
  SMTP response lines to the EXPN command are matched against these patterns
4
4
  (1 line at a time) to fingerprint SMTP servers.
5
5
 
6
6
  See comment at the top of smtp_banners.xml for additional info.
7
7
  -->
8
-
9
8
  <fingerprints>
10
- <fingerprint pattern="^500[ -]Syntax error, command &quot;XXXX.*&quot; unrecognized$">
11
- <description>
9
+ <fingerprint pattern="^500[ -]Syntax error, command &quot;XXXX.*&quot; unrecognized$">
10
+ <description>
12
11
  Cisco PIX changes the command letters to 'X' before passing
13
12
  them to the real SMTP server.
14
13
  </description>
15
- <param pos="0" name="service.vendor" value="Cisco"/>
16
- <param pos="0" name="service.family" value="PIX"/>
17
- <param pos="0" name="service.product" value="PIX"/>
18
- </fingerprint>
19
-
20
- <fingerprint pattern="^550[ -]EXPN not available to \(.+\) \[.+\] *$">
21
- <description>
14
+ <param pos="0" name="service.vendor" value="Cisco"/>
15
+ <param pos="0" name="service.family" value="PIX"/>
16
+ <param pos="0" name="service.product" value="PIX"/>
17
+ </fingerprint>
18
+ <fingerprint pattern="^550[ -]EXPN not available to \(.+\) \[.+\] *$">
19
+ <description>
22
20
  Exim
23
21
  example: 550 EXPN not available to (foo.bar.com) [192.168.0.1]
24
22
  </description>
25
- <param pos="0" name="service.vendor" value="exim"/>
26
- <param pos="0" name="service.family" value="exim"/>
27
- <param pos="0" name="service.product" value="exim"/>
28
- </fingerprint>
29
-
30
- <fingerprint pattern="^550[ -]EXPN not available to [^ ]+ \(.+\) \[.+\] *$">
31
- <description>
23
+ <param pos="0" name="service.vendor" value="exim"/>
24
+ <param pos="0" name="service.family" value="exim"/>
25
+ <param pos="0" name="service.product" value="exim"/>
26
+ </fingerprint>
27
+ <fingerprint pattern="^550[ -]EXPN not available to [^ ]+ \(.+\) \[.+\] *$">
28
+ <description>
32
29
  Exim
33
30
  example: 550 EXPN not available to evil.com (foo.bar.com) [192.168.0.1]
34
31
  </description>
35
- <param pos="0" name="service.vendor" value="exim"/>
36
- <param pos="0" name="service.family" value="exim"/>
37
- <param pos="0" name="service.product" value="exim"/>
38
- </fingerprint>
39
-
40
- <fingerprint pattern="^500[ -]Don't you wish! *$">
41
- <description>GNAT box SMTP</description>
42
- <param pos="0" name="service.vendor" value="Global Technology Associates"/>
43
- <param pos="0" name="service.family" value="GNAT Box"/>
44
- <param pos="0" name="service.product" value="GNAT Box"/>
45
- </fingerprint>
46
-
47
- <!-- VM SMTP server doesn't like brackets in EXPN commands... -->
48
- <fingerprint pattern="^501[ -]Syntax Error\. Only ListId or Userid allowed as argument to this command *$">
49
- <description>IBM VM SMTP</description>
50
- <param pos="0" name="service.vendor" value="IBM"/>
51
- <param pos="0" name="service.family" value="VM"/>
52
- <param pos="0" name="service.product" value="VM"/>
53
- </fingerprint>
54
-
55
- <fingerprint pattern="^550[ -]lists are confidential *$">
56
- <description>
32
+ <param pos="0" name="service.vendor" value="exim"/>
33
+ <param pos="0" name="service.family" value="exim"/>
34
+ <param pos="0" name="service.product" value="exim"/>
35
+ </fingerprint>
36
+ <fingerprint pattern="^500[ -]Don't you wish! *$">
37
+ <description>GNAT box SMTP</description>
38
+ <param pos="0" name="service.vendor" value="Global Technology Associates"/>
39
+ <param pos="0" name="service.family" value="GNAT Box"/>
40
+ <param pos="0" name="service.product" value="GNAT Box"/>
41
+ </fingerprint>
42
+ <!-- VM SMTP server doesn't like brackets in EXPN commands... -->
43
+ <fingerprint pattern="^501[ -]Syntax Error\. Only ListId or Userid allowed as argument to this command *$">
44
+ <description>IBM VM SMTP</description>
45
+ <param pos="0" name="service.vendor" value="IBM"/>
46
+ <param pos="0" name="service.family" value="VM"/>
47
+ <param pos="0" name="service.product" value="VM"/>
48
+ </fingerprint>
49
+ <fingerprint pattern="^550[ -]lists are confidential *$">
50
+ <description>
57
51
  example: 550 lists are confidential
58
52
  </description>
59
- <param pos="0" name="service.vendor" value="Ipswitch"/>
60
- <param pos="0" name="service.family" value="IMail Server"/>
61
- <param pos="0" name="service.product" value="IMail Server"/>
62
- </fingerprint>
63
-
64
- <fingerprint pattern="^502[ -]command is not active$">
65
- <description>
53
+ <param pos="0" name="service.vendor" value="Ipswitch"/>
54
+ <param pos="0" name="service.family" value="IMail Server"/>
55
+ <param pos="0" name="service.product" value="IMail Server"/>
56
+ </fingerprint>
57
+ <fingerprint pattern="^502[ -]command is not active$">
58
+ <description>
66
59
  502 command is not active
67
60
  </description>
68
- <param pos="0" name="service.vendor" value="Alt-N"/>
69
- <param pos="0" name="service.family" value="MDaemon"/>
70
- <param pos="0" name="service.product" value="MDaemon"/>
71
- <param pos="0" name="os.vendor" value="Microsoft"/>
72
- <param pos="0" name="os.family" value="Windows"/>
73
- <param pos="0" name="os.device" value="General"/>
74
- <param pos="0" name="os.product" value="Windows"/>
75
- <param pos="0" name="os.arch" value="x86"/>
76
- </fingerprint>
77
-
78
- <fingerprint pattern="^252 Unable to EXPN &quot;.*&quot;, but will accept message and attempt delivery *$">
79
- <description>
61
+ <param pos="0" name="service.vendor" value="Alt-N"/>
62
+ <param pos="0" name="service.family" value="MDaemon"/>
63
+ <param pos="0" name="service.product" value="MDaemon"/>
64
+ <param pos="0" name="os.vendor" value="Microsoft"/>
65
+ <param pos="0" name="os.family" value="Windows"/>
66
+ <param pos="0" name="os.device" value="General"/>
67
+ <param pos="0" name="os.product" value="Windows"/>
68
+ <param pos="0" name="os.arch" value="x86"/>
69
+ </fingerprint>
70
+ <fingerprint pattern="^252 Unable to EXPN &quot;.*&quot;, but will accept message and attempt delivery *$">
71
+ <description>
80
72
  Lotus Domino
81
73
  </description>
82
- <param pos="0" name="service.vendor" value="Lotus"/>
83
- <param pos="0" name="service.family" value="Lotus Domino"/>
84
- <param pos="0" name="service.product" value="Lotus Domino"/>
85
- </fingerprint>
86
-
87
- <fingerprint pattern="^550[ -]Unable to find list '.*'\.$">
88
- <description>
74
+ <param pos="0" name="service.vendor" value="Lotus"/>
75
+ <param pos="0" name="service.family" value="Lotus Domino"/>
76
+ <param pos="0" name="service.product" value="Lotus Domino"/>
77
+ </fingerprint>
78
+ <fingerprint pattern="^550[ -]Unable to find list '.*'\.$">
79
+ <description>
89
80
  example: 550 Unable to find list 'list'.
90
81
  </description>
91
- <param pos="0" name="service.vendor" value="Seattle Labs"/>
92
- <param pos="0" name="service.family" value="SLMail"/>
93
- <param pos="0" name="service.product" value="SLMail"/>
94
- </fingerprint>
82
+ <param pos="0" name="service.vendor" value="Seattle Labs"/>
83
+ <param pos="0" name="service.family" value="SLMail"/>
84
+ <param pos="0" name="service.product" value="SLMail"/>
85
+ </fingerprint>
95
86
  </fingerprints>
@@ -1,213 +1,192 @@
1
- <?xml version="1.0"?>
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
2
  <!--
3
3
  SMTP response lines to the HELP command are matched against these patterns
4
4
  (1 line at a time) to fingerprint SMTP servers.
5
5
 
6
6
  See comment at the top of smtp_banners.xml for additional info.
7
7
  -->
8
-
9
8
  <fingerprints>
10
- <fingerprint pattern="^214[ -]This is ArGoSoft Mail Server, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
11
- <description>
9
+ <fingerprint pattern="^214[ -]This is ArGoSoft Mail Server, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
10
+ <description>
12
11
  ArgoSoft mail server HELP response
13
12
  Example: 214-This is ArGoSoft Mail Server, Version 1.4 (1.4.0.3)
14
13
  </description>
15
- <param pos="0" name="service.vendor" value="ArGoSoft"/>
16
- <param pos="0" name="service.family" value="Mail Server"/>
17
- <param pos="0" name="service.product" value="Mail Server"/>
18
- <param pos="1" name="service.version"/>
19
- </fingerprint>
20
-
21
- <fingerprint pattern="^214[ -].*support@argosoft\.com *$">
22
- <description>
14
+ <param pos="0" name="service.vendor" value="ArGoSoft"/>
15
+ <param pos="0" name="service.family" value="Mail Server"/>
16
+ <param pos="0" name="service.product" value="Mail Server"/>
17
+ <param pos="1" name="service.version"/>
18
+ </fingerprint>
19
+ <fingerprint pattern="^214[ -].*support@argosoft\.com *$">
20
+ <description>
23
21
  ArgoSoft mail server HELP response
24
22
  Example: 214-To report bug, send mail to support@argosoft.com
25
23
  </description>
26
- <param pos="0" name="service.vendor" value="ArGoSoft"/>
27
- <param pos="0" name="service.family" value="Mail Server"/>
28
- <param pos="0" name="service.product" value="Mail Server"/>
29
- </fingerprint>
30
-
31
- <fingerprint pattern="^500[ -]Syntax error, command &quot;XXXX&quot; unrecognized$">
32
- <description>
24
+ <param pos="0" name="service.vendor" value="ArGoSoft"/>
25
+ <param pos="0" name="service.family" value="Mail Server"/>
26
+ <param pos="0" name="service.product" value="Mail Server"/>
27
+ </fingerprint>
28
+ <fingerprint pattern="^500[ -]Syntax error, command &quot;XXXX&quot; unrecognized$">
29
+ <description>
33
30
  Cisco PIX changes the command letters to 'X' before passing
34
31
  them to the real SMTP server.
35
32
  </description>
36
- <param pos="0" name="service.vendor" value="Cisco"/>
37
- <param pos="0" name="service.family" value="PIX"/>
38
- <param pos="0" name="service.product" value="PIX"/>
39
- </fingerprint>
40
-
41
- <fingerprint pattern="^500[ -]5.5.1 unrecognised command HELP$">
42
- <description>
43
- Eudora IMS uses the British spelling &quot;unrecognised&quot;
44
- </description>
45
- <param pos="0" name="service.vendor" value="Eudora"/>
46
- <param pos="0" name="service.family" value="Internet Mail Server"/>
47
- <param pos="0" name="service.product" value="Internet Mail Server"/>
48
- <param pos="0" name="os.vendor" value="Apple"/>
49
- <param pos="0" name="os.family" value="Mac OS"/>
50
- <param pos="0" name="os.device" value="General"/>
51
- <param pos="0" name="os.product" value="Mac OS"/>
52
- </fingerprint>
53
-
54
- <fingerprint pattern="^214[ -]([^ ]+) is running the IBM VM operating system$">
55
- <description>IBM VM</description>
56
- <param pos="0" name="service.vendor" value="IBM"/>
57
- <param pos="0" name="service.family" value="VM"/>
58
- <param pos="0" name="service.product" value="VM"/>
59
- <param pos="1" name="host.name"/>
60
- </fingerprint>
61
-
62
- <!--
33
+ <param pos="0" name="service.vendor" value="Cisco"/>
34
+ <param pos="0" name="service.family" value="PIX"/>
35
+ <param pos="0" name="service.product" value="PIX"/>
36
+ </fingerprint>
37
+ <fingerprint pattern="^500[ -]5.5.1 unrecognised command HELP$">
38
+ <description>
39
+ Eudora IMS uses the British spelling "unrecognised"
40
+ </description>
41
+ <param pos="0" name="service.vendor" value="Eudora"/>
42
+ <param pos="0" name="service.family" value="Internet Mail Server"/>
43
+ <param pos="0" name="service.product" value="Internet Mail Server"/>
44
+ <param pos="0" name="os.vendor" value="Apple"/>
45
+ <param pos="0" name="os.family" value="Mac OS"/>
46
+ <param pos="0" name="os.device" value="General"/>
47
+ <param pos="0" name="os.product" value="Mac OS"/>
48
+ </fingerprint>
49
+ <fingerprint pattern="^214[ -]([^ ]+) is running the IBM VM operating system$">
50
+ <description>IBM VM</description>
51
+ <param pos="0" name="service.vendor" value="IBM"/>
52
+ <param pos="0" name="service.family" value="VM"/>
53
+ <param pos="0" name="service.product" value="VM"/>
54
+ <param pos="1" name="host.name"/>
55
+ </fingerprint>
56
+ <!--
63
57
  Shouldn't we ignore XEXCH50 for the same reasons than described in the XEXCH50 regex
64
58
  in smtp_ehlo.xml ? -mrb
65
59
  -->
66
- <fingerprint pattern="^214[ -].* XEXCH50 *.*$">
67
- <description>
60
+ <fingerprint pattern="^214[ -].* XEXCH50 *.*$">
61
+ <description>
68
62
  Microsoft Exchange/IIS server
69
63
  </description>
70
- <param pos="0" name="service.vendor" value="Microsoft"/>
71
- <param pos="0" name="service.family" value="Exchange Server"/>
72
- <param pos="0" name="service.product" value="Exchange Server"/>
73
- <param pos="0" name="os.vendor" value="Microsoft"/>
74
- <param pos="0" name="os.family" value="Windows"/>
75
- <param pos="0" name="os.device" value="General"/>
76
- <param pos="0" name="os.product" value="Windows"/>
77
- </fingerprint>
78
-
79
- <fingerprint pattern="^214[ -]Help system currently inactive\.$">
80
- <description>
64
+ <param pos="0" name="service.vendor" value="Microsoft"/>
65
+ <param pos="0" name="service.family" value="Exchange Server"/>
66
+ <param pos="0" name="service.product" value="Exchange Server"/>
67
+ <param pos="0" name="os.vendor" value="Microsoft"/>
68
+ <param pos="0" name="os.family" value="Windows"/>
69
+ <param pos="0" name="os.device" value="General"/>
70
+ <param pos="0" name="os.product" value="Windows"/>
71
+ </fingerprint>
72
+ <fingerprint pattern="^214[ -]Help system currently inactive\.$">
73
+ <description>
81
74
  214 Help system currently inactive.
82
75
  </description>
83
- <param pos="0" name="service.vendor" value="Alt-N"/>
84
- <param pos="0" name="service.family" value="MDaemon"/>
85
- <param pos="0" name="service.product" value="MDaemon"/>
86
- <param pos="0" name="os.vendor" value="Microsoft"/>
87
- <param pos="0" name="os.family" value="Windows"/>
88
- <param pos="0" name="os.device" value="General"/>
89
- <param pos="0" name="os.product" value="Windows"/>
90
- <param pos="0" name="os.arch" value="x86"/>
91
- </fingerprint>
92
-
93
- <fingerprint pattern="^214[ -].*This is MERAK ([^ ]+\.[^ ]+\.[^ ]+).*$">
94
- <description>
76
+ <param pos="0" name="service.vendor" value="Alt-N"/>
77
+ <param pos="0" name="service.family" value="MDaemon"/>
78
+ <param pos="0" name="service.product" value="MDaemon"/>
79
+ <param pos="0" name="os.vendor" value="Microsoft"/>
80
+ <param pos="0" name="os.family" value="Windows"/>
81
+ <param pos="0" name="os.device" value="General"/>
82
+ <param pos="0" name="os.product" value="Windows"/>
83
+ <param pos="0" name="os.arch" value="x86"/>
84
+ </fingerprint>
85
+ <fingerprint pattern="^214[ -].*This is MERAK ([^ ]+\.[^ ]+\.[^ ]+).*$">
86
+ <description>
95
87
  Merak mail server http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)
96
88
  </description>
97
- <param pos="0" name="service.vendor" value="Merak"/>
98
- <param pos="0" name="service.family" value="Mail Server"/>
99
- <param pos="0" name="service.product" value="Mail Server"/>
100
- <param pos="1" name="service.version"/>
101
- </fingerprint>
102
-
103
- <fingerprint pattern="^214[ -].*This is Merak ([^ ]+\.[^ ]+\.[^ ]+).*$">
104
- <description>
89
+ <param pos="0" name="service.vendor" value="Merak"/>
90
+ <param pos="0" name="service.family" value="Mail Server"/>
91
+ <param pos="0" name="service.product" value="Mail Server"/>
92
+ <param pos="1" name="service.version"/>
93
+ </fingerprint>
94
+ <fingerprint pattern="^214[ -].*This is Merak ([^ ]+\.[^ ]+\.[^ ]+).*$">
95
+ <description>
105
96
  Merak mail server http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)
106
97
  </description>
107
- <param pos="0" name="service.vendor" value="Merak"/>
108
- <param pos="0" name="service.family" value="Mail Server"/>
109
- <param pos="0" name="service.product" value="Mail Server"/>
110
- <param pos="1" name="service.version"/>
111
- </fingerprint>
112
-
113
- <fingerprint pattern="^214[ -].*bugs@merakmail\.com.*$">
114
- <description>
98
+ <param pos="0" name="service.vendor" value="Merak"/>
99
+ <param pos="0" name="service.family" value="Mail Server"/>
100
+ <param pos="0" name="service.product" value="Mail Server"/>
101
+ <param pos="1" name="service.version"/>
102
+ </fingerprint>
103
+ <fingerprint pattern="^214[ -].*bugs@merakmail\.com.*$">
104
+ <description>
115
105
  Merak mail server http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)
116
106
  </description>
117
- <param pos="0" name="service.vendor" value="Merak"/>
118
- <param pos="0" name="service.family" value="Mail Server"/>
119
- <param pos="0" name="service.product" value="Mail Server"/>
120
- </fingerprint>
121
-
122
- <fingerprint pattern="^214[ -].*bugs@icewarp\.com.*$">
123
- <description>
107
+ <param pos="0" name="service.vendor" value="Merak"/>
108
+ <param pos="0" name="service.family" value="Mail Server"/>
109
+ <param pos="0" name="service.product" value="Mail Server"/>
110
+ </fingerprint>
111
+ <fingerprint pattern="^214[ -].*bugs@icewarp\.com.*$">
112
+ <description>
124
113
  Merak mail server http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)
125
114
  </description>
126
- <param pos="0" name="service.vendor" value="Merak"/>
127
- <param pos="0" name="service.family" value="Mail Server"/>
128
- <param pos="0" name="service.product" value="Mail Server"/>
129
- </fingerprint>
130
-
131
- <fingerprint pattern="^214[ -]qmail home page: http://pobox.com/~djb/qmail.html *$">
132
- <description>
115
+ <param pos="0" name="service.vendor" value="Merak"/>
116
+ <param pos="0" name="service.family" value="Mail Server"/>
117
+ <param pos="0" name="service.product" value="Mail Server"/>
118
+ </fingerprint>
119
+ <fingerprint pattern="^214[ -]qmail home page: http://pobox.com/~djb/qmail.html *$">
120
+ <description>
133
121
  example: 214 qmail home page: http://pobox.com/~djb/qmail.html
134
122
  </description>
135
- <param pos="0" name="service.vendor" value="qmail"/>
136
- <param pos="0" name="service.family" value="qmail"/>
137
- <param pos="0" name="service.product" value="qmail"/>
138
- </fingerprint>
139
-
140
- <fingerprint pattern="^214[ -].*contact the Digital Customer Support Center at 1-800-354-9000.*$">
141
- <description>
123
+ <param pos="0" name="service.vendor" value="qmail"/>
124
+ <param pos="0" name="service.family" value="qmail"/>
125
+ <param pos="0" name="service.product" value="qmail"/>
126
+ </fingerprint>
127
+ <fingerprint pattern="^214[ -].*contact the Digital Customer Support Center at 1-800-354-9000.*$">
128
+ <description>
142
129
  sendmail on Digital OSF UNIX
143
130
  </description>
144
- <param pos="0" name="service.family" value="Sendmail"/>
145
- <param pos="0" name="service.product" value="Sendmail"/>
146
- <param pos="0" name="service.certainty" value="0.85"/> <!-- no version, hence less precise than the banner -->
147
- <param pos="0" name="os.vendor" value="DEC"/>
148
- <param pos="0" name="os.family" value="Digital UNIX"/>
149
- <param pos="0" name="os.device" value="General"/>
150
- <param pos="0" name="os.product" value="OSF/1"/>
151
- </fingerprint>
152
-
153
- <fingerprint pattern="^214[ -]2.0.0 This is [s|S]endmail version ([^ ]+)$">
154
- <description>
131
+ <param pos="0" name="service.family" value="Sendmail"/>
132
+ <param pos="0" name="service.product" value="Sendmail"/>
133
+ <param pos="0" name="service.certainty" value="0.85"/>
134
+ <param pos="0" name="os.vendor" value="DEC"/>
135
+ <param pos="0" name="os.family" value="Digital UNIX"/>
136
+ <param pos="0" name="os.device" value="General"/>
137
+ <param pos="0" name="os.product" value="OSF/1"/>
138
+ </fingerprint>
139
+ <fingerprint pattern="^214[ -]2.0.0 This is [s|S]endmail version ([^ ]+)$">
140
+ <description>
155
141
  sendmail often returns version information for HELP, even when the
156
142
  greeting is obscured
157
143
  </description>
158
- <param pos="0" name="service.family" value="Sendmail"/>
159
- <param pos="0" name="service.product" value="Sendmail"/>
160
- <param pos="1" name="service.version"/>
161
- </fingerprint>
162
-
163
- <fingerprint pattern="^214[ -]This is [s|S]endmail version ([^ ]+)$">
164
- <description>
144
+ <param pos="0" name="service.family" value="Sendmail"/>
145
+ <param pos="0" name="service.product" value="Sendmail"/>
146
+ <param pos="1" name="service.version"/>
147
+ </fingerprint>
148
+ <fingerprint pattern="^214[ -]This is [s|S]endmail version ([^ ]+)$">
149
+ <description>
165
150
  sendmail often returns version information for HELP, even when the
166
151
  greeting is obscured
167
152
  </description>
168
- <param pos="0" name="service.family" value="Sendmail"/>
169
- <param pos="0" name="service.product" value="Sendmail"/>
170
- <param pos="1" name="service.version"/>
171
- </fingerprint>
172
-
173
- <fingerprint pattern="^502[ -]5\.3\.0 Sendmail ([^ ]+) -- HELP not implemented$">
174
- <description>
153
+ <param pos="0" name="service.family" value="Sendmail"/>
154
+ <param pos="0" name="service.product" value="Sendmail"/>
155
+ <param pos="1" name="service.version"/>
156
+ </fingerprint>
157
+ <fingerprint pattern="^502[ -]5\.3\.0 Sendmail ([^ ]+) -- HELP not implemented$">
158
+ <description>
175
159
  502 5.3.0 Sendmail 8.11.2 -- HELP not implemented
176
160
  </description>
177
- <param pos="0" name="service.family" value="Sendmail"/>
178
- <param pos="0" name="service.product" value="Sendmail"/>
179
- <param pos="1" name="service.version"/>
180
- </fingerprint>
181
-
182
- <fingerprint pattern="^214[ -].*sendmail-bugs@sendmail\.org.*$">
183
- <description>
161
+ <param pos="0" name="service.family" value="Sendmail"/>
162
+ <param pos="0" name="service.product" value="Sendmail"/>
163
+ <param pos="1" name="service.version"/>
164
+ </fingerprint>
165
+ <fingerprint pattern="^214[ -].*sendmail-bugs@sendmail\.org.*$">
166
+ <description>
184
167
  sendmail often returns version information for HELP, even when the
185
168
  greeting is obscured
186
169
  </description>
187
- <param pos="0" name="service.family" value="Sendmail"/>
188
- <param pos="0" name="service.product" value="Sendmail"/>
189
- <param pos="0" name="service.certainty" value="0.85"/> <!-- no version, hence less precise than the banner -->
190
- </fingerprint>
191
-
192
- <fingerprint pattern="^241[ -].*$">
193
- <description>
170
+ <param pos="0" name="service.family" value="Sendmail"/>
171
+ <param pos="0" name="service.product" value="Sendmail"/>
172
+ <param pos="0" name="service.certainty" value="0.85"/>
173
+ </fingerprint>
174
+ <fingerprint pattern="^241[ -].*$">
175
+ <description>
194
176
  ZMailer versions earlier than 2.99.21 mistakenly return the status
195
177
  code 241 on some HELP response lines (instead of 214).
196
178
  </description>
197
- <param pos="0" name="service.vendor" value="ZMailer"/>
198
- <param pos="0" name="service.family" value="ZMailer"/>
199
- <param pos="0" name="service.product" value="ZMailer"/>
200
- <!-- todo: it would be nice to say that this is version 2.99.21 or earlier -->
201
- </fingerprint>
202
-
203
- <fingerprint pattern="^214[ -].*Yoyodyne Propulsion.*$">
204
- <description>
179
+ <param pos="0" name="service.vendor" value="ZMailer"/>
180
+ <param pos="0" name="service.family" value="ZMailer"/>
181
+ <param pos="0" name="service.product" value="ZMailer"/>
182
+ </fingerprint>
183
+ <fingerprint pattern="^214[ -].*Yoyodyne Propulsion.*$">
184
+ <description>
205
185
  ZMailer has distinctive default HELP text in smtpserver.conf.
206
186
  See http://www.zmailer.org/zman/zadm-smtpserver.html#ZADM-SMTPSERVER-CONF
207
187
  </description>
208
- <param pos="0" name="service.vendor" value="ZMailer"/>
209
- <param pos="0" name="service.family" value="ZMailer"/>
210
- <param pos="0" name="service.product" value="ZMailer"/>
211
- <!-- todo: it would be nice to say that this is version 2.99.21 or earlier -->
212
- </fingerprint>
188
+ <param pos="0" name="service.vendor" value="ZMailer"/>
189
+ <param pos="0" name="service.family" value="ZMailer"/>
190
+ <param pos="0" name="service.product" value="ZMailer"/>
191
+ </fingerprint>
213
192
  </fingerprints>