recog 2.0.13 → 2.0.14

Sign up to get free protection for your applications and to get access to all the features.
Files changed (52) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +19 -6
  3. data/features/{xml → data}/failing_banners_fingerprints.xml +0 -0
  4. data/features/{xml → data}/matching_banners_fingerprints.xml +0 -0
  5. data/features/{xml → data}/no_tests.xml +0 -0
  6. data/features/{xml/banners.xml → data/sample_banner.txt} +0 -0
  7. data/features/{xml → data}/successful_tests.xml +0 -0
  8. data/features/{xml → data}/tests_with_failures.xml +0 -0
  9. data/features/{xml → data}/tests_with_warnings.xml +0 -0
  10. data/features/match.feature +2 -2
  11. data/features/support/env.rb +1 -1
  12. data/lib/recog/version.rb +1 -1
  13. data/misc/order.xsl +17 -0
  14. data/spec/lib/fingerprint_self_test_spec.rb +8 -0
  15. data/xml/apache_os.xml +270 -334
  16. data/xml/architecture.xml +28 -41
  17. data/xml/fingerprints.xsd +37 -0
  18. data/xml/ftp_banners.xml +52 -58
  19. data/xml/h323_callresp.xml +597 -695
  20. data/xml/hp_pjl_id.xml +370 -409
  21. data/xml/http_cookies.xml +304 -348
  22. data/xml/http_servers.xml +3202 -3483
  23. data/xml/http_wwwauth.xml +342 -409
  24. data/xml/imap_banners.xml +149 -190
  25. data/xml/mdns_device-info_txt.xml +97 -111
  26. data/xml/mdns_workstation_txt.xml +6 -6
  27. data/xml/mysql_banners.xml +99 -198
  28. data/xml/mysql_error.xml +4 -11
  29. data/xml/nntp_banners.xml +42 -45
  30. data/xml/ntp_banners.xml +2 -3
  31. data/xml/pop_banners.xml +214 -247
  32. data/xml/rsh_resp.xml +68 -76
  33. data/xml/sip_banners.xml +19 -19
  34. data/xml/sip_user_agents.xml +63 -74
  35. data/xml/smb_native_os.xml +387 -433
  36. data/xml/smtp_banners.xml +1318 -1460
  37. data/xml/smtp_debug.xml +24 -27
  38. data/xml/smtp_ehlo.xml +19 -22
  39. data/xml/smtp_expn.xml +61 -70
  40. data/xml/smtp_help.xml +139 -160
  41. data/xml/smtp_mailfrom.xml +14 -16
  42. data/xml/smtp_noop.xml +28 -31
  43. data/xml/smtp_quit.xml +16 -18
  44. data/xml/smtp_rcptto.xml +8 -10
  45. data/xml/smtp_rset.xml +12 -13
  46. data/xml/smtp_turn.xml +12 -13
  47. data/xml/smtp_vrfy.xml +66 -76
  48. data/xml/snmp_sysdescr.xml +7257 -8016
  49. data/xml/snmp_sysobjid.xml +392 -434
  50. data/xml/ssh_banners.xml +783 -867
  51. data/xml/upnp_banners.xml +594 -628
  52. metadata +11 -9
data/xml/smtp_debug.xml CHANGED
@@ -1,45 +1,42 @@
1
- <?xml version="1.0"?>
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
2
  <!--
3
3
  SMTP response lines to the DEBUG command are matched against these patterns
4
4
  (1 line at a time) to fingerprint SMTP servers.
5
5
 
6
6
  See comment at the top of smtp_banners.xml for additional info.
7
7
  -->
8
-
9
8
  <fingerprints>
10
- <fingerprint pattern="^500 No way!$">
11
- <description>
9
+ <fingerprint pattern="^500 No way!$">
10
+ <description>
12
11
  Exim
13
12
  example: 500 No way!
14
13
  </description>
15
- <param pos="0" name="service.vendor" value="exim"/>
16
- <param pos="0" name="service.family" value="exim"/>
17
- <param pos="0" name="service.product" value="exim"/>
18
- </fingerprint>
19
-
20
- <fingerprint pattern="^250[ -] *Debug set -NOT!$">
21
- <description>
14
+ <param pos="0" name="service.vendor" value="exim"/>
15
+ <param pos="0" name="service.family" value="exim"/>
16
+ <param pos="0" name="service.product" value="exim"/>
17
+ </fingerprint>
18
+ <fingerprint pattern="^250[ -] *Debug set -NOT!$">
19
+ <description>
22
20
  TIS FWTK and derivatives
23
21
  http://www.tis.com/research/software/
24
22
  This fingerprint may be ambiguous because other firewalls (like
25
23
  Gauntlet) are derived from TIS
26
24
  </description>
27
- <param pos="0" name="service.vendor" value="TIS"/>
28
- <param pos="0" name="service.family" value="FWTK"/>
29
- <param pos="0" name="service.product" value="FWTK"/>
30
- </fingerprint>
31
-
32
- <fingerprint pattern="^500[ -]What\? I don't understand that\.$">
33
- <description>
25
+ <param pos="0" name="service.vendor" value="TIS"/>
26
+ <param pos="0" name="service.family" value="FWTK"/>
27
+ <param pos="0" name="service.product" value="FWTK"/>
28
+ </fingerprint>
29
+ <fingerprint pattern="^500[ -]What\? I don't understand that\.$">
30
+ <description>
34
31
  500 What? I don't understand that.
35
32
  </description>
36
- <param pos="0" name="service.vendor" value="Alt-N"/>
37
- <param pos="0" name="service.family" value="MDaemon"/>
38
- <param pos="0" name="service.product" value="MDaemon"/>
39
- <param pos="0" name="os.vendor" value="Microsoft"/>
40
- <param pos="0" name="os.family" value="Windows"/>
41
- <param pos="0" name="os.device" value="General"/>
42
- <param pos="0" name="os.product" value="Windows"/>
43
- <param pos="0" name="os.arch" value="x86"/>
44
- </fingerprint>
33
+ <param pos="0" name="service.vendor" value="Alt-N"/>
34
+ <param pos="0" name="service.family" value="MDaemon"/>
35
+ <param pos="0" name="service.product" value="MDaemon"/>
36
+ <param pos="0" name="os.vendor" value="Microsoft"/>
37
+ <param pos="0" name="os.family" value="Windows"/>
38
+ <param pos="0" name="os.device" value="General"/>
39
+ <param pos="0" name="os.product" value="Windows"/>
40
+ <param pos="0" name="os.arch" value="x86"/>
41
+ </fingerprint>
45
42
  </fingerprints>
data/xml/smtp_ehlo.xml CHANGED
@@ -1,23 +1,21 @@
1
- <?xml version="1.0"?>
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
2
  <!--
3
3
  SMTP response lines to the EHLO command are matched against these patterns
4
4
  (1 line at a time) to fingerprint SMTP servers.
5
5
 
6
6
  See comment at the top of smtp_banners.xml for additional info.
7
7
  -->
8
-
9
8
  <fingerprints>
10
- <fingerprint pattern="^500[ -]Syntax error, command &quot;XXXX&quot; unrecognized$">
11
- <description>
9
+ <fingerprint pattern="^500[ -]Syntax error, command &quot;XXXX&quot; unrecognized$">
10
+ <description>
12
11
  Cisco PIX changes the command letters to 'X' before passing
13
12
  them to the real SMTP server.
14
13
  </description>
15
- <param pos="0" name="service.vendor" value="Cisco"/>
16
- <param pos="0" name="service.family" value="PIX"/>
17
- <param pos="0" name="service.product" value="PIX"/>
18
- </fingerprint>
19
-
20
- <!--
14
+ <param pos="0" name="service.vendor" value="Cisco"/>
15
+ <param pos="0" name="service.family" value="PIX"/>
16
+ <param pos="0" name="service.product" value="PIX"/>
17
+ </fingerprint>
18
+ <!--
21
19
  Don't try to infer a fingerprint from XEXCH50, because if we do, it might overwrite
22
20
  a very precise MS IIS SMTP service or MS Exchange Server fingerprint found with the
23
21
  help of smtp_banners.xml. Instead, this case is handled specially by the Jess rule
@@ -36,18 +34,17 @@ See comment at the top of smtp_banners.xml for additional info.
36
34
  <param pos="0" name="os.product" value="Windows"/>
37
35
  </fingerprint>
38
36
  -->
39
-
40
- <fingerprint pattern="^221[ -]See ya in cyberspace$">
41
- <description>
37
+ <fingerprint pattern="^221[ -]See ya in cyberspace$">
38
+ <description>
42
39
  221 See ya in cyberspace
43
40
  </description>
44
- <param pos="0" name="service.vendor" value="Alt-N"/>
45
- <param pos="0" name="service.family" value="MDaemon"/>
46
- <param pos="0" name="service.product" value="MDaemon"/>
47
- <param pos="0" name="os.vendor" value="Microsoft"/>
48
- <param pos="0" name="os.family" value="Windows"/>
49
- <param pos="0" name="os.device" value="General"/>
50
- <param pos="0" name="os.product" value="Windows"/>
51
- <param pos="0" name="os.arch" value="x86"/>
52
- </fingerprint>
41
+ <param pos="0" name="service.vendor" value="Alt-N"/>
42
+ <param pos="0" name="service.family" value="MDaemon"/>
43
+ <param pos="0" name="service.product" value="MDaemon"/>
44
+ <param pos="0" name="os.vendor" value="Microsoft"/>
45
+ <param pos="0" name="os.family" value="Windows"/>
46
+ <param pos="0" name="os.device" value="General"/>
47
+ <param pos="0" name="os.product" value="Windows"/>
48
+ <param pos="0" name="os.arch" value="x86"/>
49
+ </fingerprint>
53
50
  </fingerprints>
data/xml/smtp_expn.xml CHANGED
@@ -1,95 +1,86 @@
1
- <?xml version="1.0"?>
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
2
  <!--
3
3
  SMTP response lines to the EXPN command are matched against these patterns
4
4
  (1 line at a time) to fingerprint SMTP servers.
5
5
 
6
6
  See comment at the top of smtp_banners.xml for additional info.
7
7
  -->
8
-
9
8
  <fingerprints>
10
- <fingerprint pattern="^500[ -]Syntax error, command &quot;XXXX.*&quot; unrecognized$">
11
- <description>
9
+ <fingerprint pattern="^500[ -]Syntax error, command &quot;XXXX.*&quot; unrecognized$">
10
+ <description>
12
11
  Cisco PIX changes the command letters to 'X' before passing
13
12
  them to the real SMTP server.
14
13
  </description>
15
- <param pos="0" name="service.vendor" value="Cisco"/>
16
- <param pos="0" name="service.family" value="PIX"/>
17
- <param pos="0" name="service.product" value="PIX"/>
18
- </fingerprint>
19
-
20
- <fingerprint pattern="^550[ -]EXPN not available to \(.+\) \[.+\] *$">
21
- <description>
14
+ <param pos="0" name="service.vendor" value="Cisco"/>
15
+ <param pos="0" name="service.family" value="PIX"/>
16
+ <param pos="0" name="service.product" value="PIX"/>
17
+ </fingerprint>
18
+ <fingerprint pattern="^550[ -]EXPN not available to \(.+\) \[.+\] *$">
19
+ <description>
22
20
  Exim
23
21
  example: 550 EXPN not available to (foo.bar.com) [192.168.0.1]
24
22
  </description>
25
- <param pos="0" name="service.vendor" value="exim"/>
26
- <param pos="0" name="service.family" value="exim"/>
27
- <param pos="0" name="service.product" value="exim"/>
28
- </fingerprint>
29
-
30
- <fingerprint pattern="^550[ -]EXPN not available to [^ ]+ \(.+\) \[.+\] *$">
31
- <description>
23
+ <param pos="0" name="service.vendor" value="exim"/>
24
+ <param pos="0" name="service.family" value="exim"/>
25
+ <param pos="0" name="service.product" value="exim"/>
26
+ </fingerprint>
27
+ <fingerprint pattern="^550[ -]EXPN not available to [^ ]+ \(.+\) \[.+\] *$">
28
+ <description>
32
29
  Exim
33
30
  example: 550 EXPN not available to evil.com (foo.bar.com) [192.168.0.1]
34
31
  </description>
35
- <param pos="0" name="service.vendor" value="exim"/>
36
- <param pos="0" name="service.family" value="exim"/>
37
- <param pos="0" name="service.product" value="exim"/>
38
- </fingerprint>
39
-
40
- <fingerprint pattern="^500[ -]Don't you wish! *$">
41
- <description>GNAT box SMTP</description>
42
- <param pos="0" name="service.vendor" value="Global Technology Associates"/>
43
- <param pos="0" name="service.family" value="GNAT Box"/>
44
- <param pos="0" name="service.product" value="GNAT Box"/>
45
- </fingerprint>
46
-
47
- <!-- VM SMTP server doesn't like brackets in EXPN commands... -->
48
- <fingerprint pattern="^501[ -]Syntax Error\. Only ListId or Userid allowed as argument to this command *$">
49
- <description>IBM VM SMTP</description>
50
- <param pos="0" name="service.vendor" value="IBM"/>
51
- <param pos="0" name="service.family" value="VM"/>
52
- <param pos="0" name="service.product" value="VM"/>
53
- </fingerprint>
54
-
55
- <fingerprint pattern="^550[ -]lists are confidential *$">
56
- <description>
32
+ <param pos="0" name="service.vendor" value="exim"/>
33
+ <param pos="0" name="service.family" value="exim"/>
34
+ <param pos="0" name="service.product" value="exim"/>
35
+ </fingerprint>
36
+ <fingerprint pattern="^500[ -]Don't you wish! *$">
37
+ <description>GNAT box SMTP</description>
38
+ <param pos="0" name="service.vendor" value="Global Technology Associates"/>
39
+ <param pos="0" name="service.family" value="GNAT Box"/>
40
+ <param pos="0" name="service.product" value="GNAT Box"/>
41
+ </fingerprint>
42
+ <!-- VM SMTP server doesn't like brackets in EXPN commands... -->
43
+ <fingerprint pattern="^501[ -]Syntax Error\. Only ListId or Userid allowed as argument to this command *$">
44
+ <description>IBM VM SMTP</description>
45
+ <param pos="0" name="service.vendor" value="IBM"/>
46
+ <param pos="0" name="service.family" value="VM"/>
47
+ <param pos="0" name="service.product" value="VM"/>
48
+ </fingerprint>
49
+ <fingerprint pattern="^550[ -]lists are confidential *$">
50
+ <description>
57
51
  example: 550 lists are confidential
58
52
  </description>
59
- <param pos="0" name="service.vendor" value="Ipswitch"/>
60
- <param pos="0" name="service.family" value="IMail Server"/>
61
- <param pos="0" name="service.product" value="IMail Server"/>
62
- </fingerprint>
63
-
64
- <fingerprint pattern="^502[ -]command is not active$">
65
- <description>
53
+ <param pos="0" name="service.vendor" value="Ipswitch"/>
54
+ <param pos="0" name="service.family" value="IMail Server"/>
55
+ <param pos="0" name="service.product" value="IMail Server"/>
56
+ </fingerprint>
57
+ <fingerprint pattern="^502[ -]command is not active$">
58
+ <description>
66
59
  502 command is not active
67
60
  </description>
68
- <param pos="0" name="service.vendor" value="Alt-N"/>
69
- <param pos="0" name="service.family" value="MDaemon"/>
70
- <param pos="0" name="service.product" value="MDaemon"/>
71
- <param pos="0" name="os.vendor" value="Microsoft"/>
72
- <param pos="0" name="os.family" value="Windows"/>
73
- <param pos="0" name="os.device" value="General"/>
74
- <param pos="0" name="os.product" value="Windows"/>
75
- <param pos="0" name="os.arch" value="x86"/>
76
- </fingerprint>
77
-
78
- <fingerprint pattern="^252 Unable to EXPN &quot;.*&quot;, but will accept message and attempt delivery *$">
79
- <description>
61
+ <param pos="0" name="service.vendor" value="Alt-N"/>
62
+ <param pos="0" name="service.family" value="MDaemon"/>
63
+ <param pos="0" name="service.product" value="MDaemon"/>
64
+ <param pos="0" name="os.vendor" value="Microsoft"/>
65
+ <param pos="0" name="os.family" value="Windows"/>
66
+ <param pos="0" name="os.device" value="General"/>
67
+ <param pos="0" name="os.product" value="Windows"/>
68
+ <param pos="0" name="os.arch" value="x86"/>
69
+ </fingerprint>
70
+ <fingerprint pattern="^252 Unable to EXPN &quot;.*&quot;, but will accept message and attempt delivery *$">
71
+ <description>
80
72
  Lotus Domino
81
73
  </description>
82
- <param pos="0" name="service.vendor" value="Lotus"/>
83
- <param pos="0" name="service.family" value="Lotus Domino"/>
84
- <param pos="0" name="service.product" value="Lotus Domino"/>
85
- </fingerprint>
86
-
87
- <fingerprint pattern="^550[ -]Unable to find list '.*'\.$">
88
- <description>
74
+ <param pos="0" name="service.vendor" value="Lotus"/>
75
+ <param pos="0" name="service.family" value="Lotus Domino"/>
76
+ <param pos="0" name="service.product" value="Lotus Domino"/>
77
+ </fingerprint>
78
+ <fingerprint pattern="^550[ -]Unable to find list '.*'\.$">
79
+ <description>
89
80
  example: 550 Unable to find list 'list'.
90
81
  </description>
91
- <param pos="0" name="service.vendor" value="Seattle Labs"/>
92
- <param pos="0" name="service.family" value="SLMail"/>
93
- <param pos="0" name="service.product" value="SLMail"/>
94
- </fingerprint>
82
+ <param pos="0" name="service.vendor" value="Seattle Labs"/>
83
+ <param pos="0" name="service.family" value="SLMail"/>
84
+ <param pos="0" name="service.product" value="SLMail"/>
85
+ </fingerprint>
95
86
  </fingerprints>
data/xml/smtp_help.xml CHANGED
@@ -1,213 +1,192 @@
1
- <?xml version="1.0"?>
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
2
  <!--
3
3
  SMTP response lines to the HELP command are matched against these patterns
4
4
  (1 line at a time) to fingerprint SMTP servers.
5
5
 
6
6
  See comment at the top of smtp_banners.xml for additional info.
7
7
  -->
8
-
9
8
  <fingerprints>
10
- <fingerprint pattern="^214[ -]This is ArGoSoft Mail Server, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
11
- <description>
9
+ <fingerprint pattern="^214[ -]This is ArGoSoft Mail Server, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
10
+ <description>
12
11
  ArgoSoft mail server HELP response
13
12
  Example: 214-This is ArGoSoft Mail Server, Version 1.4 (1.4.0.3)
14
13
  </description>
15
- <param pos="0" name="service.vendor" value="ArGoSoft"/>
16
- <param pos="0" name="service.family" value="Mail Server"/>
17
- <param pos="0" name="service.product" value="Mail Server"/>
18
- <param pos="1" name="service.version"/>
19
- </fingerprint>
20
-
21
- <fingerprint pattern="^214[ -].*support@argosoft\.com *$">
22
- <description>
14
+ <param pos="0" name="service.vendor" value="ArGoSoft"/>
15
+ <param pos="0" name="service.family" value="Mail Server"/>
16
+ <param pos="0" name="service.product" value="Mail Server"/>
17
+ <param pos="1" name="service.version"/>
18
+ </fingerprint>
19
+ <fingerprint pattern="^214[ -].*support@argosoft\.com *$">
20
+ <description>
23
21
  ArgoSoft mail server HELP response
24
22
  Example: 214-To report bug, send mail to support@argosoft.com
25
23
  </description>
26
- <param pos="0" name="service.vendor" value="ArGoSoft"/>
27
- <param pos="0" name="service.family" value="Mail Server"/>
28
- <param pos="0" name="service.product" value="Mail Server"/>
29
- </fingerprint>
30
-
31
- <fingerprint pattern="^500[ -]Syntax error, command &quot;XXXX&quot; unrecognized$">
32
- <description>
24
+ <param pos="0" name="service.vendor" value="ArGoSoft"/>
25
+ <param pos="0" name="service.family" value="Mail Server"/>
26
+ <param pos="0" name="service.product" value="Mail Server"/>
27
+ </fingerprint>
28
+ <fingerprint pattern="^500[ -]Syntax error, command &quot;XXXX&quot; unrecognized$">
29
+ <description>
33
30
  Cisco PIX changes the command letters to 'X' before passing
34
31
  them to the real SMTP server.
35
32
  </description>
36
- <param pos="0" name="service.vendor" value="Cisco"/>
37
- <param pos="0" name="service.family" value="PIX"/>
38
- <param pos="0" name="service.product" value="PIX"/>
39
- </fingerprint>
40
-
41
- <fingerprint pattern="^500[ -]5.5.1 unrecognised command HELP$">
42
- <description>
43
- Eudora IMS uses the British spelling &quot;unrecognised&quot;
44
- </description>
45
- <param pos="0" name="service.vendor" value="Eudora"/>
46
- <param pos="0" name="service.family" value="Internet Mail Server"/>
47
- <param pos="0" name="service.product" value="Internet Mail Server"/>
48
- <param pos="0" name="os.vendor" value="Apple"/>
49
- <param pos="0" name="os.family" value="Mac OS"/>
50
- <param pos="0" name="os.device" value="General"/>
51
- <param pos="0" name="os.product" value="Mac OS"/>
52
- </fingerprint>
53
-
54
- <fingerprint pattern="^214[ -]([^ ]+) is running the IBM VM operating system$">
55
- <description>IBM VM</description>
56
- <param pos="0" name="service.vendor" value="IBM"/>
57
- <param pos="0" name="service.family" value="VM"/>
58
- <param pos="0" name="service.product" value="VM"/>
59
- <param pos="1" name="host.name"/>
60
- </fingerprint>
61
-
62
- <!--
33
+ <param pos="0" name="service.vendor" value="Cisco"/>
34
+ <param pos="0" name="service.family" value="PIX"/>
35
+ <param pos="0" name="service.product" value="PIX"/>
36
+ </fingerprint>
37
+ <fingerprint pattern="^500[ -]5.5.1 unrecognised command HELP$">
38
+ <description>
39
+ Eudora IMS uses the British spelling "unrecognised"
40
+ </description>
41
+ <param pos="0" name="service.vendor" value="Eudora"/>
42
+ <param pos="0" name="service.family" value="Internet Mail Server"/>
43
+ <param pos="0" name="service.product" value="Internet Mail Server"/>
44
+ <param pos="0" name="os.vendor" value="Apple"/>
45
+ <param pos="0" name="os.family" value="Mac OS"/>
46
+ <param pos="0" name="os.device" value="General"/>
47
+ <param pos="0" name="os.product" value="Mac OS"/>
48
+ </fingerprint>
49
+ <fingerprint pattern="^214[ -]([^ ]+) is running the IBM VM operating system$">
50
+ <description>IBM VM</description>
51
+ <param pos="0" name="service.vendor" value="IBM"/>
52
+ <param pos="0" name="service.family" value="VM"/>
53
+ <param pos="0" name="service.product" value="VM"/>
54
+ <param pos="1" name="host.name"/>
55
+ </fingerprint>
56
+ <!--
63
57
  Shouldn't we ignore XEXCH50 for the same reasons than described in the XEXCH50 regex
64
58
  in smtp_ehlo.xml ? -mrb
65
59
  -->
66
- <fingerprint pattern="^214[ -].* XEXCH50 *.*$">
67
- <description>
60
+ <fingerprint pattern="^214[ -].* XEXCH50 *.*$">
61
+ <description>
68
62
  Microsoft Exchange/IIS server
69
63
  </description>
70
- <param pos="0" name="service.vendor" value="Microsoft"/>
71
- <param pos="0" name="service.family" value="Exchange Server"/>
72
- <param pos="0" name="service.product" value="Exchange Server"/>
73
- <param pos="0" name="os.vendor" value="Microsoft"/>
74
- <param pos="0" name="os.family" value="Windows"/>
75
- <param pos="0" name="os.device" value="General"/>
76
- <param pos="0" name="os.product" value="Windows"/>
77
- </fingerprint>
78
-
79
- <fingerprint pattern="^214[ -]Help system currently inactive\.$">
80
- <description>
64
+ <param pos="0" name="service.vendor" value="Microsoft"/>
65
+ <param pos="0" name="service.family" value="Exchange Server"/>
66
+ <param pos="0" name="service.product" value="Exchange Server"/>
67
+ <param pos="0" name="os.vendor" value="Microsoft"/>
68
+ <param pos="0" name="os.family" value="Windows"/>
69
+ <param pos="0" name="os.device" value="General"/>
70
+ <param pos="0" name="os.product" value="Windows"/>
71
+ </fingerprint>
72
+ <fingerprint pattern="^214[ -]Help system currently inactive\.$">
73
+ <description>
81
74
  214 Help system currently inactive.
82
75
  </description>
83
- <param pos="0" name="service.vendor" value="Alt-N"/>
84
- <param pos="0" name="service.family" value="MDaemon"/>
85
- <param pos="0" name="service.product" value="MDaemon"/>
86
- <param pos="0" name="os.vendor" value="Microsoft"/>
87
- <param pos="0" name="os.family" value="Windows"/>
88
- <param pos="0" name="os.device" value="General"/>
89
- <param pos="0" name="os.product" value="Windows"/>
90
- <param pos="0" name="os.arch" value="x86"/>
91
- </fingerprint>
92
-
93
- <fingerprint pattern="^214[ -].*This is MERAK ([^ ]+\.[^ ]+\.[^ ]+).*$">
94
- <description>
76
+ <param pos="0" name="service.vendor" value="Alt-N"/>
77
+ <param pos="0" name="service.family" value="MDaemon"/>
78
+ <param pos="0" name="service.product" value="MDaemon"/>
79
+ <param pos="0" name="os.vendor" value="Microsoft"/>
80
+ <param pos="0" name="os.family" value="Windows"/>
81
+ <param pos="0" name="os.device" value="General"/>
82
+ <param pos="0" name="os.product" value="Windows"/>
83
+ <param pos="0" name="os.arch" value="x86"/>
84
+ </fingerprint>
85
+ <fingerprint pattern="^214[ -].*This is MERAK ([^ ]+\.[^ ]+\.[^ ]+).*$">
86
+ <description>
95
87
  Merak mail server http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)
96
88
  </description>
97
- <param pos="0" name="service.vendor" value="Merak"/>
98
- <param pos="0" name="service.family" value="Mail Server"/>
99
- <param pos="0" name="service.product" value="Mail Server"/>
100
- <param pos="1" name="service.version"/>
101
- </fingerprint>
102
-
103
- <fingerprint pattern="^214[ -].*This is Merak ([^ ]+\.[^ ]+\.[^ ]+).*$">
104
- <description>
89
+ <param pos="0" name="service.vendor" value="Merak"/>
90
+ <param pos="0" name="service.family" value="Mail Server"/>
91
+ <param pos="0" name="service.product" value="Mail Server"/>
92
+ <param pos="1" name="service.version"/>
93
+ </fingerprint>
94
+ <fingerprint pattern="^214[ -].*This is Merak ([^ ]+\.[^ ]+\.[^ ]+).*$">
95
+ <description>
105
96
  Merak mail server http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)
106
97
  </description>
107
- <param pos="0" name="service.vendor" value="Merak"/>
108
- <param pos="0" name="service.family" value="Mail Server"/>
109
- <param pos="0" name="service.product" value="Mail Server"/>
110
- <param pos="1" name="service.version"/>
111
- </fingerprint>
112
-
113
- <fingerprint pattern="^214[ -].*bugs@merakmail\.com.*$">
114
- <description>
98
+ <param pos="0" name="service.vendor" value="Merak"/>
99
+ <param pos="0" name="service.family" value="Mail Server"/>
100
+ <param pos="0" name="service.product" value="Mail Server"/>
101
+ <param pos="1" name="service.version"/>
102
+ </fingerprint>
103
+ <fingerprint pattern="^214[ -].*bugs@merakmail\.com.*$">
104
+ <description>
115
105
  Merak mail server http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)
116
106
  </description>
117
- <param pos="0" name="service.vendor" value="Merak"/>
118
- <param pos="0" name="service.family" value="Mail Server"/>
119
- <param pos="0" name="service.product" value="Mail Server"/>
120
- </fingerprint>
121
-
122
- <fingerprint pattern="^214[ -].*bugs@icewarp\.com.*$">
123
- <description>
107
+ <param pos="0" name="service.vendor" value="Merak"/>
108
+ <param pos="0" name="service.family" value="Mail Server"/>
109
+ <param pos="0" name="service.product" value="Mail Server"/>
110
+ </fingerprint>
111
+ <fingerprint pattern="^214[ -].*bugs@icewarp\.com.*$">
112
+ <description>
124
113
  Merak mail server http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)
125
114
  </description>
126
- <param pos="0" name="service.vendor" value="Merak"/>
127
- <param pos="0" name="service.family" value="Mail Server"/>
128
- <param pos="0" name="service.product" value="Mail Server"/>
129
- </fingerprint>
130
-
131
- <fingerprint pattern="^214[ -]qmail home page: http://pobox.com/~djb/qmail.html *$">
132
- <description>
115
+ <param pos="0" name="service.vendor" value="Merak"/>
116
+ <param pos="0" name="service.family" value="Mail Server"/>
117
+ <param pos="0" name="service.product" value="Mail Server"/>
118
+ </fingerprint>
119
+ <fingerprint pattern="^214[ -]qmail home page: http://pobox.com/~djb/qmail.html *$">
120
+ <description>
133
121
  example: 214 qmail home page: http://pobox.com/~djb/qmail.html
134
122
  </description>
135
- <param pos="0" name="service.vendor" value="qmail"/>
136
- <param pos="0" name="service.family" value="qmail"/>
137
- <param pos="0" name="service.product" value="qmail"/>
138
- </fingerprint>
139
-
140
- <fingerprint pattern="^214[ -].*contact the Digital Customer Support Center at 1-800-354-9000.*$">
141
- <description>
123
+ <param pos="0" name="service.vendor" value="qmail"/>
124
+ <param pos="0" name="service.family" value="qmail"/>
125
+ <param pos="0" name="service.product" value="qmail"/>
126
+ </fingerprint>
127
+ <fingerprint pattern="^214[ -].*contact the Digital Customer Support Center at 1-800-354-9000.*$">
128
+ <description>
142
129
  sendmail on Digital OSF UNIX
143
130
  </description>
144
- <param pos="0" name="service.family" value="Sendmail"/>
145
- <param pos="0" name="service.product" value="Sendmail"/>
146
- <param pos="0" name="service.certainty" value="0.85"/> <!-- no version, hence less precise than the banner -->
147
- <param pos="0" name="os.vendor" value="DEC"/>
148
- <param pos="0" name="os.family" value="Digital UNIX"/>
149
- <param pos="0" name="os.device" value="General"/>
150
- <param pos="0" name="os.product" value="OSF/1"/>
151
- </fingerprint>
152
-
153
- <fingerprint pattern="^214[ -]2.0.0 This is [s|S]endmail version ([^ ]+)$">
154
- <description>
131
+ <param pos="0" name="service.family" value="Sendmail"/>
132
+ <param pos="0" name="service.product" value="Sendmail"/>
133
+ <param pos="0" name="service.certainty" value="0.85"/>
134
+ <param pos="0" name="os.vendor" value="DEC"/>
135
+ <param pos="0" name="os.family" value="Digital UNIX"/>
136
+ <param pos="0" name="os.device" value="General"/>
137
+ <param pos="0" name="os.product" value="OSF/1"/>
138
+ </fingerprint>
139
+ <fingerprint pattern="^214[ -]2.0.0 This is [s|S]endmail version ([^ ]+)$">
140
+ <description>
155
141
  sendmail often returns version information for HELP, even when the
156
142
  greeting is obscured
157
143
  </description>
158
- <param pos="0" name="service.family" value="Sendmail"/>
159
- <param pos="0" name="service.product" value="Sendmail"/>
160
- <param pos="1" name="service.version"/>
161
- </fingerprint>
162
-
163
- <fingerprint pattern="^214[ -]This is [s|S]endmail version ([^ ]+)$">
164
- <description>
144
+ <param pos="0" name="service.family" value="Sendmail"/>
145
+ <param pos="0" name="service.product" value="Sendmail"/>
146
+ <param pos="1" name="service.version"/>
147
+ </fingerprint>
148
+ <fingerprint pattern="^214[ -]This is [s|S]endmail version ([^ ]+)$">
149
+ <description>
165
150
  sendmail often returns version information for HELP, even when the
166
151
  greeting is obscured
167
152
  </description>
168
- <param pos="0" name="service.family" value="Sendmail"/>
169
- <param pos="0" name="service.product" value="Sendmail"/>
170
- <param pos="1" name="service.version"/>
171
- </fingerprint>
172
-
173
- <fingerprint pattern="^502[ -]5\.3\.0 Sendmail ([^ ]+) -- HELP not implemented$">
174
- <description>
153
+ <param pos="0" name="service.family" value="Sendmail"/>
154
+ <param pos="0" name="service.product" value="Sendmail"/>
155
+ <param pos="1" name="service.version"/>
156
+ </fingerprint>
157
+ <fingerprint pattern="^502[ -]5\.3\.0 Sendmail ([^ ]+) -- HELP not implemented$">
158
+ <description>
175
159
  502 5.3.0 Sendmail 8.11.2 -- HELP not implemented
176
160
  </description>
177
- <param pos="0" name="service.family" value="Sendmail"/>
178
- <param pos="0" name="service.product" value="Sendmail"/>
179
- <param pos="1" name="service.version"/>
180
- </fingerprint>
181
-
182
- <fingerprint pattern="^214[ -].*sendmail-bugs@sendmail\.org.*$">
183
- <description>
161
+ <param pos="0" name="service.family" value="Sendmail"/>
162
+ <param pos="0" name="service.product" value="Sendmail"/>
163
+ <param pos="1" name="service.version"/>
164
+ </fingerprint>
165
+ <fingerprint pattern="^214[ -].*sendmail-bugs@sendmail\.org.*$">
166
+ <description>
184
167
  sendmail often returns version information for HELP, even when the
185
168
  greeting is obscured
186
169
  </description>
187
- <param pos="0" name="service.family" value="Sendmail"/>
188
- <param pos="0" name="service.product" value="Sendmail"/>
189
- <param pos="0" name="service.certainty" value="0.85"/> <!-- no version, hence less precise than the banner -->
190
- </fingerprint>
191
-
192
- <fingerprint pattern="^241[ -].*$">
193
- <description>
170
+ <param pos="0" name="service.family" value="Sendmail"/>
171
+ <param pos="0" name="service.product" value="Sendmail"/>
172
+ <param pos="0" name="service.certainty" value="0.85"/>
173
+ </fingerprint>
174
+ <fingerprint pattern="^241[ -].*$">
175
+ <description>
194
176
  ZMailer versions earlier than 2.99.21 mistakenly return the status
195
177
  code 241 on some HELP response lines (instead of 214).
196
178
  </description>
197
- <param pos="0" name="service.vendor" value="ZMailer"/>
198
- <param pos="0" name="service.family" value="ZMailer"/>
199
- <param pos="0" name="service.product" value="ZMailer"/>
200
- <!-- todo: it would be nice to say that this is version 2.99.21 or earlier -->
201
- </fingerprint>
202
-
203
- <fingerprint pattern="^214[ -].*Yoyodyne Propulsion.*$">
204
- <description>
179
+ <param pos="0" name="service.vendor" value="ZMailer"/>
180
+ <param pos="0" name="service.family" value="ZMailer"/>
181
+ <param pos="0" name="service.product" value="ZMailer"/>
182
+ </fingerprint>
183
+ <fingerprint pattern="^214[ -].*Yoyodyne Propulsion.*$">
184
+ <description>
205
185
  ZMailer has distinctive default HELP text in smtpserver.conf.
206
186
  See http://www.zmailer.org/zman/zadm-smtpserver.html#ZADM-SMTPSERVER-CONF
207
187
  </description>
208
- <param pos="0" name="service.vendor" value="ZMailer"/>
209
- <param pos="0" name="service.family" value="ZMailer"/>
210
- <param pos="0" name="service.product" value="ZMailer"/>
211
- <!-- todo: it would be nice to say that this is version 2.99.21 or earlier -->
212
- </fingerprint>
188
+ <param pos="0" name="service.vendor" value="ZMailer"/>
189
+ <param pos="0" name="service.family" value="ZMailer"/>
190
+ <param pos="0" name="service.product" value="ZMailer"/>
191
+ </fingerprint>
213
192
  </fingerprints>