recog 2.0.13 → 2.0.14

Sign up to get free protection for your applications and to get access to all the features.
Files changed (52) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +19 -6
  3. data/features/{xml → data}/failing_banners_fingerprints.xml +0 -0
  4. data/features/{xml → data}/matching_banners_fingerprints.xml +0 -0
  5. data/features/{xml → data}/no_tests.xml +0 -0
  6. data/features/{xml/banners.xml → data/sample_banner.txt} +0 -0
  7. data/features/{xml → data}/successful_tests.xml +0 -0
  8. data/features/{xml → data}/tests_with_failures.xml +0 -0
  9. data/features/{xml → data}/tests_with_warnings.xml +0 -0
  10. data/features/match.feature +2 -2
  11. data/features/support/env.rb +1 -1
  12. data/lib/recog/version.rb +1 -1
  13. data/misc/order.xsl +17 -0
  14. data/spec/lib/fingerprint_self_test_spec.rb +8 -0
  15. data/xml/apache_os.xml +270 -334
  16. data/xml/architecture.xml +28 -41
  17. data/xml/fingerprints.xsd +37 -0
  18. data/xml/ftp_banners.xml +52 -58
  19. data/xml/h323_callresp.xml +597 -695
  20. data/xml/hp_pjl_id.xml +370 -409
  21. data/xml/http_cookies.xml +304 -348
  22. data/xml/http_servers.xml +3202 -3483
  23. data/xml/http_wwwauth.xml +342 -409
  24. data/xml/imap_banners.xml +149 -190
  25. data/xml/mdns_device-info_txt.xml +97 -111
  26. data/xml/mdns_workstation_txt.xml +6 -6
  27. data/xml/mysql_banners.xml +99 -198
  28. data/xml/mysql_error.xml +4 -11
  29. data/xml/nntp_banners.xml +42 -45
  30. data/xml/ntp_banners.xml +2 -3
  31. data/xml/pop_banners.xml +214 -247
  32. data/xml/rsh_resp.xml +68 -76
  33. data/xml/sip_banners.xml +19 -19
  34. data/xml/sip_user_agents.xml +63 -74
  35. data/xml/smb_native_os.xml +387 -433
  36. data/xml/smtp_banners.xml +1318 -1460
  37. data/xml/smtp_debug.xml +24 -27
  38. data/xml/smtp_ehlo.xml +19 -22
  39. data/xml/smtp_expn.xml +61 -70
  40. data/xml/smtp_help.xml +139 -160
  41. data/xml/smtp_mailfrom.xml +14 -16
  42. data/xml/smtp_noop.xml +28 -31
  43. data/xml/smtp_quit.xml +16 -18
  44. data/xml/smtp_rcptto.xml +8 -10
  45. data/xml/smtp_rset.xml +12 -13
  46. data/xml/smtp_turn.xml +12 -13
  47. data/xml/smtp_vrfy.xml +66 -76
  48. data/xml/snmp_sysdescr.xml +7257 -8016
  49. data/xml/snmp_sysobjid.xml +392 -434
  50. data/xml/ssh_banners.xml +783 -867
  51. data/xml/upnp_banners.xml +594 -628
  52. metadata +11 -9
data/xml/ssh_banners.xml CHANGED
@@ -1,508 +1,467 @@
1
- <?xml version="1.0"?>
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
2
  <!--
3
3
  SSH "software revision and comment" strings (official RFC nomenclature for the part of
4
4
  the identification string after "SSH-x.x-") are matched against these patterns to
5
5
  fingerprint SSH servers.
6
6
  -->
7
-
8
7
  <fingerprints matches="ssh.banner">
9
-
10
-
11
- <!-- Honeypot SSH server banners are useless for fingerprinting -->
12
- <fingerprint pattern="honeypot" flags="REG_ICASE">
13
- <description>Honeypot SSH</description>
14
- <!-- assert nothing -->
15
- </fingerprint>
16
-
17
- <fingerprint pattern="^RomSShell_([\d\.]+)$">
18
- <description>Allegro RomSShell SSH</description>
19
- <example service.version="4.62">RomSShell_4.62</example>
20
- <param pos="0" name="service.vendor" value="Allegro Software"/>
21
- <param pos="0" name="service.product" value="RomSShell"/>
22
- <param pos="1" name="service.version"/>
23
- </fingerprint>
24
-
25
- <fingerprint pattern="^mpSSH_([\d\.]+)$">
26
- <description>HP Integrated Lights Out (iLO) usually bundled with HP servers</description>
27
- <example>mpSSH_0.0.1</example>
28
- <param pos="0" name="service.vendor" value="HP"/>
29
- <param pos="0" name="service.product" value="iLO"/>
30
- <param pos="0" name="service.family" value="iLO"/>
31
- <param pos="1" name="service.version"/>
32
- <param pos="0" name="hw.vendor" value="HP"/>
33
- <param pos="0" name="os.vendor" value="HP"/>
34
- <param pos="0" name="os.product" value="iLO"/>
35
- <param pos="0" name="os.family" value="iLO"/>
36
- <param pos="0" name="os.device" value="Lights Out Management"/>
37
- </fingerprint>
38
-
39
- <fingerprint pattern="^Serv-U_([\d\.]+)$">
40
- <description>Serv-U SSH</description>
41
- <example>Serv-U_7.4.0.1</example>
42
- <param pos="0" name="service.vendor" value="Rhino Software"/>
43
- <param pos="0" name="service.product" value="Serv-U"/>
44
- <param pos="1" name="service.version"/>
45
- </fingerprint>
46
-
47
- <fingerprint pattern="WS_FTP-SSH_([\d\.]+)$">
48
- <description>WS_FTP Server with SSH</description>
49
- <example>WS_FTP-SSH_6.1.1</example>
50
- <example>WS_FTP-SSH_7.0</example>
51
- <param pos="0" name="service.vendor" value="Ipswitch"/>
52
- <param pos="0" name="service.product" value="WS_FTP"/>
53
- <param pos="1" name="service.version"/>
54
- </fingerprint>
55
-
56
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+(FreeBSD[ -].*)$">
57
- <description>OpenSSH running on FreeBSD</description>
58
- <param pos="1" name="service.version"/>
59
- <param pos="2" name="openssh.comment"/>
60
- <param pos="0" name="service.vendor" value="OpenBSD"/>
61
- <param pos="0" name="service.family" value="OpenSSH"/>
62
- <param pos="0" name="service.product" value="OpenSSH"/>
63
- <param pos="0" name="os.vendor" value="FreeBSD"/>
64
- <param pos="0" name="os.device" value="General"/>
65
- <param pos="0" name="os.family" value="FreeBSD"/>
66
- <param pos="0" name="os.product" value="FreeBSD"/>
67
- </fingerprint>
68
-
69
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+(NetBSD[ -].*)$">
70
- <description>OpenSSH running on NetBSD</description>
71
- <param pos="1" name="service.version"/>
72
- <param pos="2" name="openssh.comment"/>
73
- <param pos="0" name="service.vendor" value="OpenBSD"/>
74
- <param pos="0" name="service.family" value="OpenSSH"/>
75
- <param pos="0" name="service.product" value="OpenSSH"/>
76
- <param pos="0" name="os.vendor" value="NetBSD"/>
77
- <param pos="0" name="os.device" value="General"/>
78
- <param pos="0" name="os.family" value="NetBSD"/>
79
- <param pos="0" name="os.product" value="NetBSD"/>
80
- </fingerprint>
81
-
82
- <fingerprint pattern="^OpenSSH_(4\.1p1) (Debian-7ubuntu\d+(?:\.\d+)?)$">
83
- <description>OpenSSH running on Ubuntu 5.10</description>
84
- <example>OpenSSH_4.1p1 Debian-7ubuntu4</example>
85
- <param pos="1" name="service.version"/>
86
- <param pos="2" name="openssh.comment"/>
87
- <param pos="0" name="service.vendor" value="OpenBSD"/>
88
- <param pos="0" name="service.family" value="OpenSSH"/>
89
- <param pos="0" name="service.product" value="OpenSSH"/>
90
- <param pos="0" name="os.vendor" value="Ubuntu"/>
91
- <param pos="0" name="os.device" value="General"/>
92
- <param pos="0" name="os.family" value="Linux"/>
93
- <param pos="0" name="os.product" value="Linux"/>
94
- <param pos="0" name="os.version" value="5.10"/>
95
- </fingerprint>
96
-
97
- <fingerprint pattern="^OpenSSH_(4\.2p1) (Debian-7ubuntu\d+(?:\.\d+)?)$">
98
- <description>OpenSSH running on Ubuntu 6.04</description>
99
- <example>OpenSSH_4.2p1 Debian-7ubuntu3.1</example>
100
- <example>OpenSSH_4.2p1 Debian-7ubuntu3.2</example>
101
- <param pos="1" name="service.version"/>
102
- <param pos="2" name="openssh.comment"/>
103
- <param pos="0" name="service.vendor" value="OpenBSD"/>
104
- <param pos="0" name="service.family" value="OpenSSH"/>
105
- <param pos="0" name="service.product" value="OpenSSH"/>
106
- <param pos="0" name="os.vendor" value="Ubuntu"/>
107
- <param pos="0" name="os.device" value="General"/>
108
- <param pos="0" name="os.family" value="Linux"/>
109
- <param pos="0" name="os.product" value="Linux"/>
110
- <param pos="0" name="os.version" value="6.04"/>
111
- </fingerprint>
112
-
113
- <fingerprint pattern="^OpenSSH_(4\.3p2) (Debian-8ubuntu\d+(?:\.\d+)?)$">
114
- <description>OpenSSH running on Ubuntu 7.04</description>
115
- <example>OpenSSH_4.3p2 Debian-8ubuntu1.4</example>
116
- <param pos="1" name="service.version"/>
117
- <param pos="2" name="openssh.comment"/>
118
- <param pos="0" name="service.vendor" value="OpenBSD"/>
119
- <param pos="0" name="service.family" value="OpenSSH"/>
120
- <param pos="0" name="service.product" value="OpenSSH"/>
121
- <param pos="0" name="os.vendor" value="Ubuntu"/>
122
- <param pos="0" name="os.device" value="General"/>
123
- <param pos="0" name="os.family" value="Linux"/>
124
- <param pos="0" name="os.product" value="Linux"/>
125
- <param pos="0" name="os.version" value="7.04"/>
126
- </fingerprint>
127
-
128
- <fingerprint pattern="^OpenSSH_(4\.6p1) (Debian-5ubuntu\d+(?:\.\d+)?)$">
129
- <description>OpenSSH running on Ubuntu 7.10</description>
130
- <example>OpenSSH_4.6p1 Debian-5ubuntu0.2</example>
131
- <example>OpenSSH_4.6p1 Debian-5ubuntu0.5</example>
132
- <example>OpenSSH_4.6p1 Debian-5ubuntu0.6</example>
133
- <param pos="1" name="service.version"/>
134
- <param pos="2" name="openssh.comment"/>
135
- <param pos="0" name="service.vendor" value="OpenBSD"/>
136
- <param pos="0" name="service.family" value="OpenSSH"/>
137
- <param pos="0" name="service.product" value="OpenSSH"/>
138
- <param pos="0" name="os.vendor" value="Ubuntu"/>
139
- <param pos="0" name="os.device" value="General"/>
140
- <param pos="0" name="os.family" value="Linux"/>
141
- <param pos="0" name="os.product" value="Linux"/>
142
- <param pos="0" name="os.version" value="7.10"/>
143
- </fingerprint>
144
-
145
- <fingerprint pattern="^OpenSSH_(4\.6p1) (Debian-5build1)$">
146
- <description>OpenSSH running on very early versions of Ubuntu 7.10</description>
147
- <example service.version="4.6p1" openssh.comment="Debian-5build1">OpenSSH_4.6p1 Debian-5build1</example>
148
- <param pos="1" name="service.version"/>
149
- <param pos="2" name="openssh.comment"/>
150
- <param pos="0" name="service.vendor" value="OpenBSD"/>
151
- <param pos="0" name="service.family" value="OpenSSH"/>
152
- <param pos="0" name="service.product" value="OpenSSH"/>
153
- <param pos="0" name="os.vendor" value="Ubuntu"/>
154
- <param pos="0" name="os.device" value="General"/>
155
- <param pos="0" name="os.family" value="Linux"/>
156
- <param pos="0" name="os.product" value="Linux"/>
157
- <param pos="0" name="os.version" value="7.10"/>
158
- </fingerprint>
159
-
160
- <fingerprint pattern="^OpenSSH_(4\.7p1) (Debian-8ubuntu\d+(?:\.\d+)?)$">
161
- <description>OpenSSH running on Ubuntu 8.04</description>
162
- <example service.version="4.7p1" openssh.comment="Debian-8ubuntu1.2">OpenSSH_4.7p1 Debian-8ubuntu1.2</example>
163
- <example service.version="4.7p1" openssh.comment="Debian-8ubuntu3">OpenSSH_4.7p1 Debian-8ubuntu3</example>
164
- <param pos="1" name="service.version"/>
165
- <param pos="2" name="openssh.comment"/>
166
- <param pos="0" name="service.vendor" value="OpenBSD"/>
167
- <param pos="0" name="service.family" value="OpenSSH"/>
168
- <param pos="0" name="service.product" value="OpenSSH"/>
169
- <param pos="0" name="os.vendor" value="Ubuntu"/>
170
- <param pos="0" name="os.device" value="General"/>
171
- <param pos="0" name="os.family" value="Linux"/>
172
- <param pos="0" name="os.product" value="Linux"/>
173
- <param pos="0" name="os.version" value="8.04"/>
174
- </fingerprint>
175
-
176
- <fingerprint pattern="^OpenSSH_(5\.1p1) (Debian-3ubuntu\d+(?:\.\d+)?)$">
177
- <description>OpenSSH running on Ubuntu 8.10</description>
178
- <example>OpenSSH_5.1p1 Debian-3ubuntu1</example>
179
- <param pos="1" name="service.version"/>
180
- <param pos="2" name="openssh.comment"/>
181
- <param pos="0" name="service.vendor" value="OpenBSD"/>
182
- <param pos="0" name="service.family" value="OpenSSH"/>
183
- <param pos="0" name="service.product" value="OpenSSH"/>
184
- <param pos="0" name="os.vendor" value="Ubuntu"/>
185
- <param pos="0" name="os.device" value="General"/>
186
- <param pos="0" name="os.family" value="Linux"/>
187
- <param pos="0" name="os.product" value="Linux"/>
188
- <param pos="0" name="os.version" value="8.10"/>
189
- </fingerprint>
190
-
191
- <fingerprint pattern="^OpenSSH_(5\.1p1) (Debian-5ubuntu\d+(?:\.\d+)?)$">
192
- <description>OpenSSH running on Ubuntu 9.04</description>
193
- <example>OpenSSH_5.1p1 Debian-5ubuntu1</example>
194
- <param pos="1" name="service.version"/>
195
- <param pos="2" name="openssh.comment"/>
196
- <param pos="0" name="service.vendor" value="OpenBSD"/>
197
- <param pos="0" name="service.family" value="OpenSSH"/>
198
- <param pos="0" name="service.product" value="OpenSSH"/>
199
- <param pos="0" name="os.vendor" value="Ubuntu"/>
200
- <param pos="0" name="os.device" value="General"/>
201
- <param pos="0" name="os.family" value="Linux"/>
202
- <param pos="0" name="os.product" value="Linux"/>
203
- <param pos="0" name="os.version" value="9.04"/>
204
- </fingerprint>
205
-
206
- <fingerprint pattern="^OpenSSH_(5\.1p1) (Debian-6ubuntu\d+(?:\.\d+)?)$">
207
- <description>OpenSSH running on Ubuntu 9.10</description>
208
- <example>OpenSSH_5.1p1 Debian-6ubuntu2</example>
209
- <param pos="1" name="service.version"/>
210
- <param pos="2" name="openssh.comment"/>
211
- <param pos="0" name="service.vendor" value="OpenBSD"/>
212
- <param pos="0" name="service.family" value="OpenSSH"/>
213
- <param pos="0" name="service.product" value="OpenSSH"/>
214
- <param pos="0" name="os.vendor" value="Ubuntu"/>
215
- <param pos="0" name="os.device" value="General"/>
216
- <param pos="0" name="os.family" value="Linux"/>
217
- <param pos="0" name="os.product" value="Linux"/>
218
- <param pos="0" name="os.version" value="9.10"/>
219
- </fingerprint>
220
-
221
- <fingerprint pattern="^OpenSSH_(5\.3p1) (Debian-3ubuntu\d+(?:\.\d+)?)$">
222
- <description>OpenSSH running on Ubuntu 10.04 (lucid)</description>
223
- <example service.version="5.3p1" openssh.comment="Debian-3ubuntu3">OpenSSH_5.3p1 Debian-3ubuntu3</example>
224
- <example service.version="5.3p1" openssh.comment="Debian-3ubuntu4">OpenSSH_5.3p1 Debian-3ubuntu4</example>
225
- <example service.version="5.3p1" openssh.comment="Debian-3ubuntu5">OpenSSH_5.3p1 Debian-3ubuntu5</example>
226
- <example service.version="5.3p1" openssh.comment="Debian-3ubuntu6">OpenSSH_5.3p1 Debian-3ubuntu6</example>
227
- <example service.version="5.3p1" openssh.comment="Debian-3ubuntu7">OpenSSH_5.3p1 Debian-3ubuntu7</example>
228
- <example service.version="5.3p1" openssh.comment="Debian-3ubuntu7.1">OpenSSH_5.3p1 Debian-3ubuntu7.1</example>
229
- <param pos="1" name="service.version"/>
230
- <param pos="2" name="openssh.comment"/>
231
- <param pos="0" name="service.vendor" value="OpenBSD"/>
232
- <param pos="0" name="service.family" value="OpenSSH"/>
233
- <param pos="0" name="service.product" value="OpenSSH"/>
234
- <param pos="0" name="os.vendor" value="Ubuntu"/>
235
- <param pos="0" name="os.device" value="General"/>
236
- <param pos="0" name="os.family" value="Linux"/>
237
- <param pos="0" name="os.product" value="Linux"/>
238
- <param pos="0" name="os.version" value="10.04"/>
239
- </fingerprint>
240
-
241
- <fingerprint pattern="^OpenSSH_(5\.5p1) (Debian-4ubuntu\d+(?:\.\d+)?)$">
242
- <description>OpenSSH running on Ubuntu 10.10</description>
243
- <example service.version="5.5p1" openssh.comment="Debian-4ubuntu4">OpenSSH_5.5p1 Debian-4ubuntu4</example>
244
- <example service.version="5.5p1" openssh.comment="Debian-4ubuntu5">OpenSSH_5.5p1 Debian-4ubuntu5</example>
245
- <example service.version="5.5p1" openssh.comment="Debian-4ubuntu6">OpenSSH_5.5p1 Debian-4ubuntu6</example>
246
- <param pos="1" name="service.version"/>
247
- <param pos="2" name="openssh.comment"/>
248
- <param pos="0" name="service.vendor" value="OpenBSD"/>
249
- <param pos="0" name="service.family" value="OpenSSH"/>
250
- <param pos="0" name="service.product" value="OpenSSH"/>
251
- <param pos="0" name="os.vendor" value="Ubuntu"/>
252
- <param pos="0" name="os.device" value="General"/>
253
- <param pos="0" name="os.family" value="Linux"/>
254
- <param pos="0" name="os.product" value="Linux"/>
255
- <param pos="0" name="os.version" value="10.10"/>
256
- </fingerprint>
257
-
258
- <fingerprint pattern="^OpenSSH_(5\.8p1) (Debian-1ubuntu\d(?:\.\d)?)$">
259
- <description>OpenSSH running on Ubuntu 11.04</description>
260
- <example>OpenSSH_5.8p1 Debian-1ubuntu3</example>
261
- <param pos="1" name="service.version"/>
262
- <param pos="2" name="openssh.comment"/>
263
- <param pos="0" name="service.vendor" value="OpenBSD"/>
264
- <param pos="0" name="service.family" value="OpenSSH"/>
265
- <param pos="0" name="service.product" value="OpenSSH"/>
266
- <param pos="0" name="os.vendor" value="Ubuntu"/>
267
- <param pos="0" name="os.device" value="General"/>
268
- <param pos="0" name="os.family" value="Linux"/>
269
- <param pos="0" name="os.product" value="Linux"/>
270
- <param pos="0" name="os.version" value="11.04"/>
271
- </fingerprint>
272
-
273
- <fingerprint pattern="^OpenSSH_(5\.8p1) (Debian-7ubuntu\d(?:\.\d)?)$">
274
- <description>OpenSSH running on Ubuntu 11.10</description>
275
- <example>OpenSSH_5.8p1 Debian-7ubuntu1</example>
276
- <param pos="1" name="service.version"/>
277
- <param pos="2" name="openssh.comment"/>
278
- <param pos="0" name="service.vendor" value="OpenBSD"/>
279
- <param pos="0" name="service.family" value="OpenSSH"/>
280
- <param pos="0" name="service.product" value="OpenSSH"/>
281
- <param pos="0" name="os.vendor" value="Ubuntu"/>
282
- <param pos="0" name="os.device" value="General"/>
283
- <param pos="0" name="os.family" value="Linux"/>
284
- <param pos="0" name="os.product" value="Linux"/>
285
- <param pos="0" name="os.version" value="11.10"/>
286
- </fingerprint>
287
-
288
- <fingerprint pattern="^OpenSSH_(5\.9p1) (Debian-5ubuntu\d(?:\.\d)?)$">
289
- <description>OpenSSH running on Ubuntu 12.04</description>
290
- <example service.version="5.9p1" openssh.comment="Debian-5ubuntu1">OpenSSH_5.9p1 Debian-5ubuntu1</example>
291
- <example service.version="5.9p1" openssh.comment="Debian-5ubuntu1.4">OpenSSH_5.9p1 Debian-5ubuntu1.4</example>
292
- <param pos="1" name="service.version"/>
293
- <param pos="2" name="openssh.comment"/>
294
- <param pos="0" name="service.vendor" value="OpenBSD"/>
295
- <param pos="0" name="service.family" value="OpenSSH"/>
296
- <param pos="0" name="service.product" value="OpenSSH"/>
297
- <param pos="0" name="os.vendor" value="Ubuntu"/>
298
- <param pos="0" name="os.device" value="General"/>
299
- <param pos="0" name="os.family" value="Linux"/>
300
- <param pos="0" name="os.product" value="Linux"/>
301
- <param pos="0" name="os.version" value="12.04"/>
302
- </fingerprint>
303
-
304
- <fingerprint pattern="^OpenSSH_(6\.0p1) (Debian-3ubuntu\d(?:\.\d)?)$">
305
- <description>OpenSSH running on Ubuntu 12.10</description>
306
- <example>OpenSSH_6.0p1 Debian-3ubuntu1</example>
307
- <param pos="1" name="service.version"/>
308
- <param pos="2" name="openssh.comment"/>
309
- <param pos="0" name="service.vendor" value="OpenBSD"/>
310
- <param pos="0" name="service.family" value="OpenSSH"/>
311
- <param pos="0" name="service.product" value="OpenSSH"/>
312
- <param pos="0" name="os.vendor" value="Ubuntu"/>
313
- <param pos="0" name="os.device" value="General"/>
314
- <param pos="0" name="os.family" value="Linux"/>
315
- <param pos="0" name="os.product" value="Linux"/>
316
- <param pos="0" name="os.version" value="12.10"/>
317
- </fingerprint>
318
-
319
- <fingerprint pattern="^OpenSSH_(6\.1p1) (Debian-4)$">
320
- <description>OpenSSH running on Ubuntu 13.04</description>
321
- <example>OpenSSH_6.1p1 Debian-4</example>
322
- <param pos="1" name="service.version"/>
323
- <param pos="2" name="openssh.comment"/>
324
- <param pos="0" name="service.vendor" value="OpenBSD"/>
325
- <param pos="0" name="service.family" value="OpenSSH"/>
326
- <param pos="0" name="service.product" value="OpenSSH"/>
327
- <param pos="0" name="os.vendor" value="Ubuntu"/>
328
- <param pos="0" name="os.device" value="General"/>
329
- <param pos="0" name="os.family" value="Linux"/>
330
- <param pos="0" name="os.product" value="Linux"/>
331
- <param pos="0" name="os.version" value="13.04"/>
332
- </fingerprint>
333
-
334
- <fingerprint pattern="^OpenSSH_(6\.6(?:\.\d)?p1) (Ubuntu-2ubuntu\d+(?:\.\d+)?)$">
335
- <description>OpenSSH running on Ubuntu 14.04</description>
336
- <example service.version="6.6p1" openssh.comment="Ubuntu-2ubuntu1">OpenSSH_6.6p1 Ubuntu-2ubuntu1</example>
337
- <example service.version="6.6.1p1" openssh.comment="Ubuntu-2ubuntu2">OpenSSH_6.6.1p1 Ubuntu-2ubuntu2</example>
338
- <param pos="1" name="service.version"/>
339
- <param pos="2" name="openssh.comment"/>
340
- <param pos="0" name="service.vendor" value="OpenBSD"/>
341
- <param pos="0" name="service.family" value="OpenSSH"/>
342
- <param pos="0" name="service.product" value="OpenSSH"/>
343
- <param pos="0" name="os.vendor" value="Ubuntu"/>
344
- <param pos="0" name="os.device" value="General"/>
345
- <param pos="0" name="os.family" value="Linux"/>
346
- <param pos="0" name="os.product" value="Linux"/>
347
- <param pos="0" name="os.version" value="14.04"/>
348
- </fingerprint>
349
-
350
- <fingerprint pattern="^OpenSSH_(6\.7p1) (Ubuntu-5ubuntu\d(?:\.\d)?)$">
351
- <description>OpenSSH running on Ubuntu 15.04 (vivid)</description>
352
- <example service.version="6.7p1" openssh.comment="Ubuntu-5ubuntu1">OpenSSH_6.7p1 Ubuntu-5ubuntu1</example>
353
- <param pos="1" name="service.version"/>
354
- <param pos="2" name="openssh.comment"/>
355
- <param pos="0" name="service.vendor" value="OpenBSD"/>
356
- <param pos="0" name="service.family" value="OpenSSH"/>
357
- <param pos="0" name="service.product" value="OpenSSH"/>
358
- <param pos="0" name="os.vendor" value="Ubuntu"/>
359
- <param pos="0" name="os.device" value="General"/>
360
- <param pos="0" name="os.family" value="Linux"/>
361
- <param pos="0" name="os.product" value="Linux"/>
362
- <param pos="0" name="os.version" value="15.04"/>
363
- </fingerprint>
364
-
365
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian-4(?:\+deb7u\d+)?)$">
366
- <description>OpenSSH running on Debian 7.x (wheezy)</description>
367
- <example service.version="6.0p1" openssh.comment="Debian-4">OpenSSH_6.0p1 Debian-4</example>
368
- <example service.version="6.0p1" openssh.comment="Debian-4+deb7u1">OpenSSH_6.0p1 Debian-4+deb7u1</example>
369
- <example service.version="6.0p1" openssh.comment="Debian-4+deb7u2">OpenSSH_6.0p1 Debian-4+deb7u2</example>
370
- <param pos="1" name="service.version"/>
371
- <param pos="2" name="openssh.comment"/>
372
- <param pos="0" name="service.vendor" value="OpenBSD"/>
373
- <param pos="0" name="service.family" value="OpenSSH"/>
374
- <param pos="0" name="service.product" value="OpenSSH"/>
375
- <param pos="0" name="os.vendor" value="Debian"/>
376
- <param pos="0" name="os.device" value="General"/>
377
- <param pos="0" name="os.family" value="Linux"/>
378
- <param pos="0" name="os.product" value="Linux"/>
379
- <param pos="0" name="os.version" value="7.0"/>
380
- </fingerprint>
381
-
382
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+squeeze.*)$">
383
- <description>OpenSSH running on Debian 6.0 (squeeze)</description>
384
- <example service.version="5.5p1" openssh.comment="Debian-6+squeeze4">OpenSSH_5.5p1 Debian-6+squeeze4</example>
385
- <param pos="1" name="service.version"/>
386
- <param pos="2" name="openssh.comment"/>
387
- <param pos="0" name="service.vendor" value="OpenBSD"/>
388
- <param pos="0" name="service.family" value="OpenSSH"/>
389
- <param pos="0" name="service.product" value="OpenSSH"/>
390
- <param pos="0" name="os.vendor" value="Debian"/>
391
- <param pos="0" name="os.device" value="General"/>
392
- <param pos="0" name="os.family" value="Linux"/>
393
- <param pos="0" name="os.product" value="Linux"/>
394
- <param pos="0" name="os.version" value="6.0"/>
395
- </fingerprint>
396
-
397
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+((?:Debian|Ubuntu).+ubuntu.*)$">
398
- <description>OpenSSH running on Ubuntu</description>
399
- <param pos="1" name="service.version"/>
400
- <param pos="2" name="openssh.comment"/>
401
- <param pos="0" name="service.vendor" value="OpenBSD"/>
402
- <param pos="0" name="service.family" value="OpenSSH"/>
403
- <param pos="0" name="service.product" value="OpenSSH"/>
404
- <param pos="0" name="os.vendor" value="Ubuntu"/>
405
- <param pos="0" name="os.device" value="General"/>
406
- <param pos="0" name="os.family" value="Linux"/>
407
- <param pos="0" name="os.product" value="Linux"/>
408
- <param pos="0" name="os.certainty" value="0.75"/>
409
- </fingerprint>
410
-
411
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+etch.*)$">
412
- <description>OpenSSH running on Debian 4.0 (etch)</description>
413
- <param pos="1" name="service.version"/>
414
- <param pos="2" name="openssh.comment"/>
415
- <param pos="0" name="service.vendor" value="OpenBSD"/>
416
- <param pos="0" name="service.family" value="OpenSSH"/>
417
- <param pos="0" name="service.product" value="OpenSSH"/>
418
- <param pos="0" name="os.vendor" value="Debian"/>
419
- <param pos="0" name="os.device" value="General"/>
420
- <param pos="0" name="os.family" value="Linux"/>
421
- <param pos="0" name="os.product" value="Linux"/>
422
- <param pos="0" name="os.version" value="4.0"/>
423
- </fingerprint>
424
-
425
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+sarge.*)$">
426
- <description>OpenSSH running on Debian 3.1 (sarge)</description>
427
- <param pos="1" name="service.version"/>
428
- <param pos="2" name="openssh.comment"/>
429
- <param pos="0" name="service.vendor" value="OpenBSD"/>
430
- <param pos="0" name="service.family" value="OpenSSH"/>
431
- <param pos="0" name="service.product" value="OpenSSH"/>
432
- <param pos="0" name="os.vendor" value="Debian"/>
433
- <param pos="0" name="os.device" value="General"/>
434
- <param pos="0" name="os.family" value="Linux"/>
435
- <param pos="0" name="os.product" value="Linux"/>
436
- <param pos="0" name="os.version" value="3.1"/>
437
- </fingerprint>
438
-
439
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+woody.*)$">
440
- <description>OpenSSH running on Debian 3.0 (woody)</description>
441
- <param pos="1" name="service.version"/>
442
- <param pos="2" name="openssh.comment"/>
443
- <param pos="0" name="service.vendor" value="OpenBSD"/>
444
- <param pos="0" name="service.family" value="OpenSSH"/>
445
- <param pos="0" name="service.product" value="OpenSSH"/>
446
- <param pos="0" name="os.vendor" value="Debian"/>
447
- <param pos="0" name="os.device" value="General"/>
448
- <param pos="0" name="os.family" value="Linux"/>
449
- <param pos="0" name="os.product" value="Linux"/>
450
- <param pos="0" name="os.version" value="3.0"/>
451
- </fingerprint>
452
-
453
- <fingerprint pattern="^OpenSSH_(.*)\+(CAN-[0-9]{4}-[0-9]{4})$">
454
- <description>OpenSSH with CVE patch, as seen in Mac OS X</description>
455
- <param pos="1" name="service.version"/>
456
- <param pos="2" name="openssh.cvepatch"/>
457
- <param pos="0" name="service.vendor" value="OpenBSD"/>
458
- <param pos="0" name="service.family" value="OpenSSH"/>
459
- <param pos="0" name="service.product" value="OpenSSH"/>
460
- <param pos="0" name="os.vendor" value="Apple"/>
461
- <param pos="0" name="os.device" value="General"/>
462
- <param pos="0" name="os.family" value="Mac OS X"/>
463
- <param pos="0" name="os.product" value="Mac OS X"/>
464
- </fingerprint>
465
-
466
- <fingerprint pattern="^OpenSSH_(.*)_Mikrotik_v(.*)$">
467
- <description>OpenSSH on MikroTik</description>
468
- <param pos="1" name="service.version"/>
469
- <param pos="2" name="os.version"/>
470
- <param pos="0" name="service.vendor" value="OpenBSD"/>
471
- <param pos="0" name="service.family" value="OpenSSH"/>
472
- <param pos="0" name="service.product" value="OpenSSH"/>
473
- <param pos="0" name="os.vendor" value="MikroTik"/>
474
- <param pos="0" name="os.device" value="Router"/>
475
- <param pos="0" name="os.family" value="RouterOS"/>
476
- <param pos="0" name="os.product" value="RouterOS"/>
477
- </fingerprint>
478
-
479
- <fingerprint pattern="^OpenSSH_(.*) in DesktopAuthority (?:.*)$">
480
- <!-- OpenSSH_3.8 in DesktopAuthority 5.55.030 -->
481
- <description>DesktopAuthority SSH</description>
482
- <param pos="1" name="service.version"/>
483
- <param pos="0" name="service.vendor" value="OpenBSD"/>
484
- <param pos="0" name="service.family" value="OpenSSH"/>
485
- <param pos="0" name="service.product" value="OpenSSH"/>
486
- <param pos="0" name="os.vendor" value="Microsoft"/>
487
- <param pos="0" name="os.family" value="Windows"/>
488
- <param pos="0" name="os.product" value="Windows"/>
489
- </fingerprint>
490
-
491
- <fingerprint pattern="^OpenSSH_(\d+\.\d+(?:\.\d+)?(?:p\d+)?)$">
492
- <description>OpenSSH with just a version, no comment by vendor</description>
493
- <example service.version="5.9p1">OpenSSH_5.9p1</example>
494
- <example service.version="5.9">OpenSSH_5.9</example>
495
- <example service.version="3.8.1p1">OpenSSH_3.8.1p1</example>
496
- <example service.version="6.6.1">OpenSSH_6.6.1</example>
497
- <param pos="1" name="service.version"/>
498
- <param pos="0" name="service.vendor" value="OpenBSD"/>
499
- <param pos="0" name="service.family" value="OpenSSH"/>
500
- <param pos="0" name="service.product" value="OpenSSH"/>
501
- </fingerprint>
502
-
503
- <!-- SSH-1.99-OpenSSH_4.3p2-4.cern-hpn-CERN-4.3p2-4.cern -->
504
-
505
- <!--<fingerprint pattern="^OpenSSH_?([^\s]*)\s*(.*)$">
8
+ <!-- Honeypot SSH server banners are useless for fingerprinting -->
9
+ <fingerprint pattern="honeypot" flags="REG_ICASE">
10
+ <description>Honeypot SSH</description>
11
+ </fingerprint>
12
+ <fingerprint pattern="^RomSShell_([\d\.]+)$">
13
+ <description>Allegro RomSShell SSH</description>
14
+ <example service.version="4.62">RomSShell_4.62</example>
15
+ <param pos="0" name="service.vendor" value="Allegro Software"/>
16
+ <param pos="0" name="service.product" value="RomSShell"/>
17
+ <param pos="1" name="service.version"/>
18
+ </fingerprint>
19
+ <fingerprint pattern="^mpSSH_([\d\.]+)$">
20
+ <description>HP Integrated Lights Out (iLO) usually bundled with HP servers</description>
21
+ <example>mpSSH_0.0.1</example>
22
+ <param pos="0" name="service.vendor" value="HP"/>
23
+ <param pos="0" name="service.product" value="iLO"/>
24
+ <param pos="0" name="service.family" value="iLO"/>
25
+ <param pos="1" name="service.version"/>
26
+ <param pos="0" name="hw.vendor" value="HP"/>
27
+ <param pos="0" name="os.vendor" value="HP"/>
28
+ <param pos="0" name="os.product" value="iLO"/>
29
+ <param pos="0" name="os.family" value="iLO"/>
30
+ <param pos="0" name="os.device" value="Lights Out Management"/>
31
+ </fingerprint>
32
+ <fingerprint pattern="^Serv-U_([\d\.]+)$">
33
+ <description>Serv-U SSH</description>
34
+ <example>Serv-U_7.4.0.1</example>
35
+ <param pos="0" name="service.vendor" value="Rhino Software"/>
36
+ <param pos="0" name="service.product" value="Serv-U"/>
37
+ <param pos="1" name="service.version"/>
38
+ </fingerprint>
39
+ <fingerprint pattern="WS_FTP-SSH_([\d\.]+)$">
40
+ <description>WS_FTP Server with SSH</description>
41
+ <example>WS_FTP-SSH_6.1.1</example>
42
+ <example>WS_FTP-SSH_7.0</example>
43
+ <param pos="0" name="service.vendor" value="Ipswitch"/>
44
+ <param pos="0" name="service.product" value="WS_FTP"/>
45
+ <param pos="1" name="service.version"/>
46
+ </fingerprint>
47
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(FreeBSD[ -].*)$">
48
+ <description>OpenSSH running on FreeBSD</description>
49
+ <param pos="1" name="service.version"/>
50
+ <param pos="2" name="openssh.comment"/>
51
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
52
+ <param pos="0" name="service.family" value="OpenSSH"/>
53
+ <param pos="0" name="service.product" value="OpenSSH"/>
54
+ <param pos="0" name="os.vendor" value="FreeBSD"/>
55
+ <param pos="0" name="os.device" value="General"/>
56
+ <param pos="0" name="os.family" value="FreeBSD"/>
57
+ <param pos="0" name="os.product" value="FreeBSD"/>
58
+ </fingerprint>
59
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(NetBSD[ -].*)$">
60
+ <description>OpenSSH running on NetBSD</description>
61
+ <param pos="1" name="service.version"/>
62
+ <param pos="2" name="openssh.comment"/>
63
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
64
+ <param pos="0" name="service.family" value="OpenSSH"/>
65
+ <param pos="0" name="service.product" value="OpenSSH"/>
66
+ <param pos="0" name="os.vendor" value="NetBSD"/>
67
+ <param pos="0" name="os.device" value="General"/>
68
+ <param pos="0" name="os.family" value="NetBSD"/>
69
+ <param pos="0" name="os.product" value="NetBSD"/>
70
+ </fingerprint>
71
+ <fingerprint pattern="^OpenSSH_(4\.1p1) (Debian-7ubuntu\d+(?:\.\d+)?)$">
72
+ <description>OpenSSH running on Ubuntu 5.10</description>
73
+ <example>OpenSSH_4.1p1 Debian-7ubuntu4</example>
74
+ <param pos="1" name="service.version"/>
75
+ <param pos="2" name="openssh.comment"/>
76
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
77
+ <param pos="0" name="service.family" value="OpenSSH"/>
78
+ <param pos="0" name="service.product" value="OpenSSH"/>
79
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
80
+ <param pos="0" name="os.device" value="General"/>
81
+ <param pos="0" name="os.family" value="Linux"/>
82
+ <param pos="0" name="os.product" value="Linux"/>
83
+ <param pos="0" name="os.version" value="5.10"/>
84
+ </fingerprint>
85
+ <fingerprint pattern="^OpenSSH_(4\.2p1) (Debian-7ubuntu\d+(?:\.\d+)?)$">
86
+ <description>OpenSSH running on Ubuntu 6.04</description>
87
+ <example>OpenSSH_4.2p1 Debian-7ubuntu3.1</example>
88
+ <example>OpenSSH_4.2p1 Debian-7ubuntu3.2</example>
89
+ <param pos="1" name="service.version"/>
90
+ <param pos="2" name="openssh.comment"/>
91
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
92
+ <param pos="0" name="service.family" value="OpenSSH"/>
93
+ <param pos="0" name="service.product" value="OpenSSH"/>
94
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
95
+ <param pos="0" name="os.device" value="General"/>
96
+ <param pos="0" name="os.family" value="Linux"/>
97
+ <param pos="0" name="os.product" value="Linux"/>
98
+ <param pos="0" name="os.version" value="6.04"/>
99
+ </fingerprint>
100
+ <fingerprint pattern="^OpenSSH_(4\.3p2) (Debian-8ubuntu\d+(?:\.\d+)?)$">
101
+ <description>OpenSSH running on Ubuntu 7.04</description>
102
+ <example>OpenSSH_4.3p2 Debian-8ubuntu1.4</example>
103
+ <param pos="1" name="service.version"/>
104
+ <param pos="2" name="openssh.comment"/>
105
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
106
+ <param pos="0" name="service.family" value="OpenSSH"/>
107
+ <param pos="0" name="service.product" value="OpenSSH"/>
108
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
109
+ <param pos="0" name="os.device" value="General"/>
110
+ <param pos="0" name="os.family" value="Linux"/>
111
+ <param pos="0" name="os.product" value="Linux"/>
112
+ <param pos="0" name="os.version" value="7.04"/>
113
+ </fingerprint>
114
+ <fingerprint pattern="^OpenSSH_(4\.6p1) (Debian-5ubuntu\d+(?:\.\d+)?)$">
115
+ <description>OpenSSH running on Ubuntu 7.10</description>
116
+ <example>OpenSSH_4.6p1 Debian-5ubuntu0.2</example>
117
+ <example>OpenSSH_4.6p1 Debian-5ubuntu0.5</example>
118
+ <example>OpenSSH_4.6p1 Debian-5ubuntu0.6</example>
119
+ <param pos="1" name="service.version"/>
120
+ <param pos="2" name="openssh.comment"/>
121
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
122
+ <param pos="0" name="service.family" value="OpenSSH"/>
123
+ <param pos="0" name="service.product" value="OpenSSH"/>
124
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
125
+ <param pos="0" name="os.device" value="General"/>
126
+ <param pos="0" name="os.family" value="Linux"/>
127
+ <param pos="0" name="os.product" value="Linux"/>
128
+ <param pos="0" name="os.version" value="7.10"/>
129
+ </fingerprint>
130
+ <fingerprint pattern="^OpenSSH_(4\.6p1) (Debian-5build1)$">
131
+ <description>OpenSSH running on very early versions of Ubuntu 7.10</description>
132
+ <example service.version="4.6p1" openssh.comment="Debian-5build1">OpenSSH_4.6p1 Debian-5build1</example>
133
+ <param pos="1" name="service.version"/>
134
+ <param pos="2" name="openssh.comment"/>
135
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
136
+ <param pos="0" name="service.family" value="OpenSSH"/>
137
+ <param pos="0" name="service.product" value="OpenSSH"/>
138
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
139
+ <param pos="0" name="os.device" value="General"/>
140
+ <param pos="0" name="os.family" value="Linux"/>
141
+ <param pos="0" name="os.product" value="Linux"/>
142
+ <param pos="0" name="os.version" value="7.10"/>
143
+ </fingerprint>
144
+ <fingerprint pattern="^OpenSSH_(4\.7p1) (Debian-8ubuntu\d+(?:\.\d+)?)$">
145
+ <description>OpenSSH running on Ubuntu 8.04</description>
146
+ <example service.version="4.7p1" openssh.comment="Debian-8ubuntu1.2">OpenSSH_4.7p1 Debian-8ubuntu1.2</example>
147
+ <example service.version="4.7p1" openssh.comment="Debian-8ubuntu3">OpenSSH_4.7p1 Debian-8ubuntu3</example>
148
+ <param pos="1" name="service.version"/>
149
+ <param pos="2" name="openssh.comment"/>
150
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
151
+ <param pos="0" name="service.family" value="OpenSSH"/>
152
+ <param pos="0" name="service.product" value="OpenSSH"/>
153
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
154
+ <param pos="0" name="os.device" value="General"/>
155
+ <param pos="0" name="os.family" value="Linux"/>
156
+ <param pos="0" name="os.product" value="Linux"/>
157
+ <param pos="0" name="os.version" value="8.04"/>
158
+ </fingerprint>
159
+ <fingerprint pattern="^OpenSSH_(5\.1p1) (Debian-3ubuntu\d+(?:\.\d+)?)$">
160
+ <description>OpenSSH running on Ubuntu 8.10</description>
161
+ <example>OpenSSH_5.1p1 Debian-3ubuntu1</example>
162
+ <param pos="1" name="service.version"/>
163
+ <param pos="2" name="openssh.comment"/>
164
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
165
+ <param pos="0" name="service.family" value="OpenSSH"/>
166
+ <param pos="0" name="service.product" value="OpenSSH"/>
167
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
168
+ <param pos="0" name="os.device" value="General"/>
169
+ <param pos="0" name="os.family" value="Linux"/>
170
+ <param pos="0" name="os.product" value="Linux"/>
171
+ <param pos="0" name="os.version" value="8.10"/>
172
+ </fingerprint>
173
+ <fingerprint pattern="^OpenSSH_(5\.1p1) (Debian-5ubuntu\d+(?:\.\d+)?)$">
174
+ <description>OpenSSH running on Ubuntu 9.04</description>
175
+ <example>OpenSSH_5.1p1 Debian-5ubuntu1</example>
176
+ <param pos="1" name="service.version"/>
177
+ <param pos="2" name="openssh.comment"/>
178
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
179
+ <param pos="0" name="service.family" value="OpenSSH"/>
180
+ <param pos="0" name="service.product" value="OpenSSH"/>
181
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
182
+ <param pos="0" name="os.device" value="General"/>
183
+ <param pos="0" name="os.family" value="Linux"/>
184
+ <param pos="0" name="os.product" value="Linux"/>
185
+ <param pos="0" name="os.version" value="9.04"/>
186
+ </fingerprint>
187
+ <fingerprint pattern="^OpenSSH_(5\.1p1) (Debian-6ubuntu\d+(?:\.\d+)?)$">
188
+ <description>OpenSSH running on Ubuntu 9.10</description>
189
+ <example>OpenSSH_5.1p1 Debian-6ubuntu2</example>
190
+ <param pos="1" name="service.version"/>
191
+ <param pos="2" name="openssh.comment"/>
192
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
193
+ <param pos="0" name="service.family" value="OpenSSH"/>
194
+ <param pos="0" name="service.product" value="OpenSSH"/>
195
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
196
+ <param pos="0" name="os.device" value="General"/>
197
+ <param pos="0" name="os.family" value="Linux"/>
198
+ <param pos="0" name="os.product" value="Linux"/>
199
+ <param pos="0" name="os.version" value="9.10"/>
200
+ </fingerprint>
201
+ <fingerprint pattern="^OpenSSH_(5\.3p1) (Debian-3ubuntu\d+(?:\.\d+)?)$">
202
+ <description>OpenSSH running on Ubuntu 10.04 (lucid)</description>
203
+ <example service.version="5.3p1" openssh.comment="Debian-3ubuntu3">OpenSSH_5.3p1 Debian-3ubuntu3</example>
204
+ <example service.version="5.3p1" openssh.comment="Debian-3ubuntu4">OpenSSH_5.3p1 Debian-3ubuntu4</example>
205
+ <example service.version="5.3p1" openssh.comment="Debian-3ubuntu5">OpenSSH_5.3p1 Debian-3ubuntu5</example>
206
+ <example service.version="5.3p1" openssh.comment="Debian-3ubuntu6">OpenSSH_5.3p1 Debian-3ubuntu6</example>
207
+ <example service.version="5.3p1" openssh.comment="Debian-3ubuntu7">OpenSSH_5.3p1 Debian-3ubuntu7</example>
208
+ <example service.version="5.3p1" openssh.comment="Debian-3ubuntu7.1">OpenSSH_5.3p1 Debian-3ubuntu7.1</example>
209
+ <param pos="1" name="service.version"/>
210
+ <param pos="2" name="openssh.comment"/>
211
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
212
+ <param pos="0" name="service.family" value="OpenSSH"/>
213
+ <param pos="0" name="service.product" value="OpenSSH"/>
214
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
215
+ <param pos="0" name="os.device" value="General"/>
216
+ <param pos="0" name="os.family" value="Linux"/>
217
+ <param pos="0" name="os.product" value="Linux"/>
218
+ <param pos="0" name="os.version" value="10.04"/>
219
+ </fingerprint>
220
+ <fingerprint pattern="^OpenSSH_(5\.5p1) (Debian-4ubuntu\d+(?:\.\d+)?)$">
221
+ <description>OpenSSH running on Ubuntu 10.10</description>
222
+ <example service.version="5.5p1" openssh.comment="Debian-4ubuntu4">OpenSSH_5.5p1 Debian-4ubuntu4</example>
223
+ <example service.version="5.5p1" openssh.comment="Debian-4ubuntu5">OpenSSH_5.5p1 Debian-4ubuntu5</example>
224
+ <example service.version="5.5p1" openssh.comment="Debian-4ubuntu6">OpenSSH_5.5p1 Debian-4ubuntu6</example>
225
+ <param pos="1" name="service.version"/>
226
+ <param pos="2" name="openssh.comment"/>
227
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
228
+ <param pos="0" name="service.family" value="OpenSSH"/>
229
+ <param pos="0" name="service.product" value="OpenSSH"/>
230
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
231
+ <param pos="0" name="os.device" value="General"/>
232
+ <param pos="0" name="os.family" value="Linux"/>
233
+ <param pos="0" name="os.product" value="Linux"/>
234
+ <param pos="0" name="os.version" value="10.10"/>
235
+ </fingerprint>
236
+ <fingerprint pattern="^OpenSSH_(5\.8p1) (Debian-1ubuntu\d(?:\.\d)?)$">
237
+ <description>OpenSSH running on Ubuntu 11.04</description>
238
+ <example>OpenSSH_5.8p1 Debian-1ubuntu3</example>
239
+ <param pos="1" name="service.version"/>
240
+ <param pos="2" name="openssh.comment"/>
241
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
242
+ <param pos="0" name="service.family" value="OpenSSH"/>
243
+ <param pos="0" name="service.product" value="OpenSSH"/>
244
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
245
+ <param pos="0" name="os.device" value="General"/>
246
+ <param pos="0" name="os.family" value="Linux"/>
247
+ <param pos="0" name="os.product" value="Linux"/>
248
+ <param pos="0" name="os.version" value="11.04"/>
249
+ </fingerprint>
250
+ <fingerprint pattern="^OpenSSH_(5\.8p1) (Debian-7ubuntu\d(?:\.\d)?)$">
251
+ <description>OpenSSH running on Ubuntu 11.10</description>
252
+ <example>OpenSSH_5.8p1 Debian-7ubuntu1</example>
253
+ <param pos="1" name="service.version"/>
254
+ <param pos="2" name="openssh.comment"/>
255
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
256
+ <param pos="0" name="service.family" value="OpenSSH"/>
257
+ <param pos="0" name="service.product" value="OpenSSH"/>
258
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
259
+ <param pos="0" name="os.device" value="General"/>
260
+ <param pos="0" name="os.family" value="Linux"/>
261
+ <param pos="0" name="os.product" value="Linux"/>
262
+ <param pos="0" name="os.version" value="11.10"/>
263
+ </fingerprint>
264
+ <fingerprint pattern="^OpenSSH_(5\.9p1) (Debian-5ubuntu\d(?:\.\d)?)$">
265
+ <description>OpenSSH running on Ubuntu 12.04</description>
266
+ <example service.version="5.9p1" openssh.comment="Debian-5ubuntu1">OpenSSH_5.9p1 Debian-5ubuntu1</example>
267
+ <example service.version="5.9p1" openssh.comment="Debian-5ubuntu1.4">OpenSSH_5.9p1 Debian-5ubuntu1.4</example>
268
+ <param pos="1" name="service.version"/>
269
+ <param pos="2" name="openssh.comment"/>
270
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
271
+ <param pos="0" name="service.family" value="OpenSSH"/>
272
+ <param pos="0" name="service.product" value="OpenSSH"/>
273
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
274
+ <param pos="0" name="os.device" value="General"/>
275
+ <param pos="0" name="os.family" value="Linux"/>
276
+ <param pos="0" name="os.product" value="Linux"/>
277
+ <param pos="0" name="os.version" value="12.04"/>
278
+ </fingerprint>
279
+ <fingerprint pattern="^OpenSSH_(6\.0p1) (Debian-3ubuntu\d(?:\.\d)?)$">
280
+ <description>OpenSSH running on Ubuntu 12.10</description>
281
+ <example>OpenSSH_6.0p1 Debian-3ubuntu1</example>
282
+ <param pos="1" name="service.version"/>
283
+ <param pos="2" name="openssh.comment"/>
284
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
285
+ <param pos="0" name="service.family" value="OpenSSH"/>
286
+ <param pos="0" name="service.product" value="OpenSSH"/>
287
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
288
+ <param pos="0" name="os.device" value="General"/>
289
+ <param pos="0" name="os.family" value="Linux"/>
290
+ <param pos="0" name="os.product" value="Linux"/>
291
+ <param pos="0" name="os.version" value="12.10"/>
292
+ </fingerprint>
293
+ <fingerprint pattern="^OpenSSH_(6\.1p1) (Debian-4)$">
294
+ <description>OpenSSH running on Ubuntu 13.04</description>
295
+ <example>OpenSSH_6.1p1 Debian-4</example>
296
+ <param pos="1" name="service.version"/>
297
+ <param pos="2" name="openssh.comment"/>
298
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
299
+ <param pos="0" name="service.family" value="OpenSSH"/>
300
+ <param pos="0" name="service.product" value="OpenSSH"/>
301
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
302
+ <param pos="0" name="os.device" value="General"/>
303
+ <param pos="0" name="os.family" value="Linux"/>
304
+ <param pos="0" name="os.product" value="Linux"/>
305
+ <param pos="0" name="os.version" value="13.04"/>
306
+ </fingerprint>
307
+ <fingerprint pattern="^OpenSSH_(6\.6(?:\.\d)?p1) (Ubuntu-2ubuntu\d+(?:\.\d+)?)$">
308
+ <description>OpenSSH running on Ubuntu 14.04</description>
309
+ <example service.version="6.6p1" openssh.comment="Ubuntu-2ubuntu1">OpenSSH_6.6p1 Ubuntu-2ubuntu1</example>
310
+ <example service.version="6.6.1p1" openssh.comment="Ubuntu-2ubuntu2">OpenSSH_6.6.1p1 Ubuntu-2ubuntu2</example>
311
+ <param pos="1" name="service.version"/>
312
+ <param pos="2" name="openssh.comment"/>
313
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
314
+ <param pos="0" name="service.family" value="OpenSSH"/>
315
+ <param pos="0" name="service.product" value="OpenSSH"/>
316
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
317
+ <param pos="0" name="os.device" value="General"/>
318
+ <param pos="0" name="os.family" value="Linux"/>
319
+ <param pos="0" name="os.product" value="Linux"/>
320
+ <param pos="0" name="os.version" value="14.04"/>
321
+ </fingerprint>
322
+ <fingerprint pattern="^OpenSSH_(6\.7p1) (Ubuntu-5ubuntu\d(?:\.\d)?)$">
323
+ <description>OpenSSH running on Ubuntu 15.04 (vivid)</description>
324
+ <example service.version="6.7p1" openssh.comment="Ubuntu-5ubuntu1">OpenSSH_6.7p1 Ubuntu-5ubuntu1</example>
325
+ <param pos="1" name="service.version"/>
326
+ <param pos="2" name="openssh.comment"/>
327
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
328
+ <param pos="0" name="service.family" value="OpenSSH"/>
329
+ <param pos="0" name="service.product" value="OpenSSH"/>
330
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
331
+ <param pos="0" name="os.device" value="General"/>
332
+ <param pos="0" name="os.family" value="Linux"/>
333
+ <param pos="0" name="os.product" value="Linux"/>
334
+ <param pos="0" name="os.version" value="15.04"/>
335
+ </fingerprint>
336
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian-4(?:\+deb7u\d+)?)$">
337
+ <description>OpenSSH running on Debian 7.x (wheezy)</description>
338
+ <example service.version="6.0p1" openssh.comment="Debian-4">OpenSSH_6.0p1 Debian-4</example>
339
+ <example service.version="6.0p1" openssh.comment="Debian-4+deb7u1">OpenSSH_6.0p1 Debian-4+deb7u1</example>
340
+ <example service.version="6.0p1" openssh.comment="Debian-4+deb7u2">OpenSSH_6.0p1 Debian-4+deb7u2</example>
341
+ <param pos="1" name="service.version"/>
342
+ <param pos="2" name="openssh.comment"/>
343
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
344
+ <param pos="0" name="service.family" value="OpenSSH"/>
345
+ <param pos="0" name="service.product" value="OpenSSH"/>
346
+ <param pos="0" name="os.vendor" value="Debian"/>
347
+ <param pos="0" name="os.device" value="General"/>
348
+ <param pos="0" name="os.family" value="Linux"/>
349
+ <param pos="0" name="os.product" value="Linux"/>
350
+ <param pos="0" name="os.version" value="7.0"/>
351
+ </fingerprint>
352
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+squeeze.*)$">
353
+ <description>OpenSSH running on Debian 6.0 (squeeze)</description>
354
+ <example service.version="5.5p1" openssh.comment="Debian-6+squeeze4">OpenSSH_5.5p1 Debian-6+squeeze4</example>
355
+ <param pos="1" name="service.version"/>
356
+ <param pos="2" name="openssh.comment"/>
357
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
358
+ <param pos="0" name="service.family" value="OpenSSH"/>
359
+ <param pos="0" name="service.product" value="OpenSSH"/>
360
+ <param pos="0" name="os.vendor" value="Debian"/>
361
+ <param pos="0" name="os.device" value="General"/>
362
+ <param pos="0" name="os.family" value="Linux"/>
363
+ <param pos="0" name="os.product" value="Linux"/>
364
+ <param pos="0" name="os.version" value="6.0"/>
365
+ </fingerprint>
366
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+((?:Debian|Ubuntu).+ubuntu.*)$">
367
+ <description>OpenSSH running on Ubuntu</description>
368
+ <param pos="1" name="service.version"/>
369
+ <param pos="2" name="openssh.comment"/>
370
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
371
+ <param pos="0" name="service.family" value="OpenSSH"/>
372
+ <param pos="0" name="service.product" value="OpenSSH"/>
373
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
374
+ <param pos="0" name="os.device" value="General"/>
375
+ <param pos="0" name="os.family" value="Linux"/>
376
+ <param pos="0" name="os.product" value="Linux"/>
377
+ <param pos="0" name="os.certainty" value="0.75"/>
378
+ </fingerprint>
379
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+etch.*)$">
380
+ <description>OpenSSH running on Debian 4.0 (etch)</description>
381
+ <param pos="1" name="service.version"/>
382
+ <param pos="2" name="openssh.comment"/>
383
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
384
+ <param pos="0" name="service.family" value="OpenSSH"/>
385
+ <param pos="0" name="service.product" value="OpenSSH"/>
386
+ <param pos="0" name="os.vendor" value="Debian"/>
387
+ <param pos="0" name="os.device" value="General"/>
388
+ <param pos="0" name="os.family" value="Linux"/>
389
+ <param pos="0" name="os.product" value="Linux"/>
390
+ <param pos="0" name="os.version" value="4.0"/>
391
+ </fingerprint>
392
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+sarge.*)$">
393
+ <description>OpenSSH running on Debian 3.1 (sarge)</description>
394
+ <param pos="1" name="service.version"/>
395
+ <param pos="2" name="openssh.comment"/>
396
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
397
+ <param pos="0" name="service.family" value="OpenSSH"/>
398
+ <param pos="0" name="service.product" value="OpenSSH"/>
399
+ <param pos="0" name="os.vendor" value="Debian"/>
400
+ <param pos="0" name="os.device" value="General"/>
401
+ <param pos="0" name="os.family" value="Linux"/>
402
+ <param pos="0" name="os.product" value="Linux"/>
403
+ <param pos="0" name="os.version" value="3.1"/>
404
+ </fingerprint>
405
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+woody.*)$">
406
+ <description>OpenSSH running on Debian 3.0 (woody)</description>
407
+ <param pos="1" name="service.version"/>
408
+ <param pos="2" name="openssh.comment"/>
409
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
410
+ <param pos="0" name="service.family" value="OpenSSH"/>
411
+ <param pos="0" name="service.product" value="OpenSSH"/>
412
+ <param pos="0" name="os.vendor" value="Debian"/>
413
+ <param pos="0" name="os.device" value="General"/>
414
+ <param pos="0" name="os.family" value="Linux"/>
415
+ <param pos="0" name="os.product" value="Linux"/>
416
+ <param pos="0" name="os.version" value="3.0"/>
417
+ </fingerprint>
418
+ <fingerprint pattern="^OpenSSH_(.*)\+(CAN-[0-9]{4}-[0-9]{4})$">
419
+ <description>OpenSSH with CVE patch, as seen in Mac OS X</description>
420
+ <param pos="1" name="service.version"/>
421
+ <param pos="2" name="openssh.cvepatch"/>
422
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
423
+ <param pos="0" name="service.family" value="OpenSSH"/>
424
+ <param pos="0" name="service.product" value="OpenSSH"/>
425
+ <param pos="0" name="os.vendor" value="Apple"/>
426
+ <param pos="0" name="os.device" value="General"/>
427
+ <param pos="0" name="os.family" value="Mac OS X"/>
428
+ <param pos="0" name="os.product" value="Mac OS X"/>
429
+ </fingerprint>
430
+ <fingerprint pattern="^OpenSSH_(.*)_Mikrotik_v(.*)$">
431
+ <description>OpenSSH on MikroTik</description>
432
+ <param pos="1" name="service.version"/>
433
+ <param pos="2" name="os.version"/>
434
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
435
+ <param pos="0" name="service.family" value="OpenSSH"/>
436
+ <param pos="0" name="service.product" value="OpenSSH"/>
437
+ <param pos="0" name="os.vendor" value="MikroTik"/>
438
+ <param pos="0" name="os.device" value="Router"/>
439
+ <param pos="0" name="os.family" value="RouterOS"/>
440
+ <param pos="0" name="os.product" value="RouterOS"/>
441
+ </fingerprint>
442
+ <fingerprint pattern="^OpenSSH_(.*) in DesktopAuthority (?:.*)$">
443
+ <description>DesktopAuthority SSH</description>
444
+ <param pos="1" name="service.version"/>
445
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
446
+ <param pos="0" name="service.family" value="OpenSSH"/>
447
+ <param pos="0" name="service.product" value="OpenSSH"/>
448
+ <param pos="0" name="os.vendor" value="Microsoft"/>
449
+ <param pos="0" name="os.family" value="Windows"/>
450
+ <param pos="0" name="os.product" value="Windows"/>
451
+ </fingerprint>
452
+ <fingerprint pattern="^OpenSSH_(\d+\.\d+(?:\.\d+)?(?:p\d+)?)$">
453
+ <description>OpenSSH with just a version, no comment by vendor</description>
454
+ <example service.version="5.9p1">OpenSSH_5.9p1</example>
455
+ <example service.version="5.9">OpenSSH_5.9</example>
456
+ <example service.version="3.8.1p1">OpenSSH_3.8.1p1</example>
457
+ <example service.version="6.6.1">OpenSSH_6.6.1</example>
458
+ <param pos="1" name="service.version"/>
459
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
460
+ <param pos="0" name="service.family" value="OpenSSH"/>
461
+ <param pos="0" name="service.product" value="OpenSSH"/>
462
+ </fingerprint>
463
+ <!-- SSH-1.99-OpenSSH_4.3p2-4.cern-hpn-CERN-4.3p2-4.cern -->
464
+ <!--<fingerprint pattern="^OpenSSH_?([^\s]*)\s*(.*)$">
506
465
  <description>Catch all for OpenSSH based SSH servers
507
466
  ******************** NOTE ********************
508
467
  Be sure to put any specific OpenSSH derivative
@@ -515,375 +474,334 @@ fingerprint SSH servers.
515
474
  <param pos="0" name="service.family" value="OpenSSH"/>
516
475
  <param pos="0" name="service.product" value="OpenSSH"/>
517
476
  </fingerprint>-->
518
-
519
- <!-- TODO: Handle "vpn3" banners for Cisco 3000 VPN Concentrators (need example banners first) -->
520
-
521
- <fingerprint pattern="^Cisco-(.*)$">
522
- <description>Cisco SSH banner (could be IOS or PIX).
477
+ <!-- TODO: Handle "vpn3" banners for Cisco 3000 VPN Concentrators (need example banners first) -->
478
+ <fingerprint pattern="^Cisco-(.*)$">
479
+ <description>Cisco SSH banner (could be IOS or PIX).
523
480
  The version always seems to be 1.25</description>
524
- <param pos="1" name="service.version"/>
525
- <param pos="0" name="service.vendor" value="Cisco"/>
526
- <param pos="0" name="service.product" value="SSH"/>
527
- <param pos="0" name="os.vendor" value="Cisco"/>
528
- <!-- temporary workaround for NEX-2123: assume it is IOS -->
529
- <param pos="0" name="os.product" value="IOS"/>
530
- <param pos="0" name="os.certainty" value="0.8"/>
531
- </fingerprint>
532
-
533
- <fingerprint pattern="^CISCO_WLC$">
534
- <description>SSH banner from a Cisco Wireless LAN Controller (WLC)</description>
535
- <example>CISCO_WLC</example>
536
- <param pos="0" name="service.vendor" value="Cisco"/>
537
- <param pos="0" name="service.product" value="SSH"/>
538
- <param pos="0" name="os.vendor" value="Cisco"/>
539
- <param pos="0" name="os.product" value="Wireless LAN Controller"/>
540
- </fingerprint>
541
-
542
- <fingerprint pattern="^Sun_SSH_(.*)$">
543
- <description>Sun SSH banner</description>
544
- <param pos="1" name="service.version"/>
545
- <param pos="0" name="service.vendor" value="Sun"/>
546
- <param pos="0" name="service.product" value="SSH"/>
547
- <param pos="0" name="os.vendor" value="Sun"/>
548
- <param pos="0" name="os.family" value="Solaris"/>
549
- <param pos="0" name="os.product" value="Solaris"/>
550
- </fingerprint>
551
-
552
- <fingerprint pattern="^SSH Protocol Compatible Server SCS (.*)$">
553
- <description>Netscreen</description>
554
- <param pos="1" name="service.version"/>
555
- <param pos="0" name="service.vendor" value="Juniper"/>
556
- <param pos="0" name="service.family" value="NetScreen"/>
557
- <param pos="0" name="service.product" value="NetScreen"/>
558
- <param pos="0" name="os.vendor" value="Juniper"/>
559
- <param pos="0" name="os.device" value="Firewall"/>
560
- <param pos="0" name="os.family" value="ScreenOS"/>
561
- <param pos="0" name="os.product" value="ScreenOS"/>
562
- </fingerprint>
563
-
564
- <fingerprint pattern="^NetScreen$">
565
- <description>Netscreen</description>
566
- <param pos="0" name="service.vendor" value="Juniper"/>
567
- <param pos="0" name="service.family" value="NetScreen"/>
568
- <param pos="0" name="service.product" value="NetScreen"/>
569
- <param pos="0" name="os.vendor" value="Juniper"/>
570
- <param pos="0" name="os.device" value="Firewall"/>
571
- <param pos="0" name="os.family" value="ScreenOS"/>
572
- <param pos="0" name="os.product" value="ScreenOS"/>
573
- </fingerprint>
574
-
575
- <fingerprint pattern="^(?:HUAWEI-VRP-?|VRP-)(.*)$">
576
- <description>Huawei Versatile Routing Platform (VRP)</description>
577
- <example os.version="3.10" service.version="3.10">HUAWEI-VRP-3.10</example>
578
- <param pos="0" name="service.vendor" value="Huawei"/>
579
- <param pos="0" name="service.family" value="VRP"/>
580
- <param pos="0" name="service.product" value="VRP"/>
581
- <param pos="1" name="service.version"/>
582
- <param pos="0" name="os.vendor" value="Huawei"/>
583
- <param pos="0" name="os.device" value="Router"/>
584
- <param pos="0" name="os.family" value="VRP"/>
585
- <param pos="0" name="os.product" value="VRP"/>
586
- <param pos="1" name="os.version"/>
587
- </fingerprint>
588
-
589
- <fingerprint pattern="^([^\s]+) sshlib: GlobalScape$">
590
- <description>GlobalScape SSH (which uses Bitvise sshlib)</description>
591
- <param pos="1" name="service.component.version"/>
592
- <param pos="0" name="service.component.vendor" value="Bitvise"/>
593
- <param pos="0" name="service.component.family" value="sshlib"/>
594
- <param pos="0" name="service.component.product" value="sshlib"/>
595
- <param pos="0" name="service.vendor" value="GlobalScape"/>
596
- <param pos="0" name="service.family" value="Secure FTP Server"/>
597
- <param pos="0" name="service.product" value="Secure FTP Server"/>
598
- <param pos="0" name="os.vendor" value="Microsoft"/>
599
- <param pos="0" name="os.family" value="Windows"/>
600
- <param pos="0" name="os.product" value="Windows"/>
601
- </fingerprint>
602
-
603
- <fingerprint pattern="^([^\s]+) sshlib: WinSSHD (.*)$">
604
- <description>Bitvise WinSSHD (which uses Bitvise sshlib)</description>
605
- <param pos="1" name="service.component.version"/>
606
- <param pos="2" name="service.version"/>
607
- <param pos="0" name="service.component.vendor" value="Bitvise"/>
608
- <param pos="0" name="service.component.family" value="sshlib"/>
609
- <param pos="0" name="service.component.product" value="sshlib"/>
610
- <param pos="0" name="service.vendor" value="Bitvise"/>
611
- <param pos="0" name="service.family" value="WinSSHD"/>
612
- <param pos="0" name="service.product" value="WinSSHD"/>
613
- <param pos="0" name="os.vendor" value="Microsoft"/>
614
- <param pos="0" name="os.family" value="Windows"/>
615
- <param pos="0" name="os.product" value="Windows"/>
616
- </fingerprint>
617
-
618
- <fingerprint pattern="^([^\s]+) FlowSsh: (?:Bitvise SSH Server \(WinSSHD\)|WinSSHD) ([\d\.]+):?.*$">
619
- <description>Bitvise WinSSHD (which uses Bitvise flowssh)</description>
620
- <example service.version="5.09" service.component.version="1.03">1.03 FlowSsh: WinSSHD 5.09</example>
621
- <example service.version="5.20" service.component.version="1.07">1.07 FlowSsh: WinSSHD 5.20: free only for personal non-commercial use</example>
622
- <example service.version="6.03" service.component.version="5.21">5.21 FlowSsh: Bitvise SSH Server (WinSSHD) 6.03: free only for personal non-commercial use</example>
623
- <param pos="1" name="service.component.version"/>
624
- <param pos="2" name="service.version"/>
625
- <param pos="0" name="service.component.vendor" value="Bitvise"/>
626
- <param pos="0" name="service.component.family" value="flowssh"/>
627
- <param pos="0" name="service.component.product" value="flowssh"/>
628
- <param pos="0" name="service.vendor" value="Bitvise"/>
629
- <param pos="0" name="service.family" value="WinSSHD"/>
630
- <param pos="0" name="service.product" value="WinSSHD"/>
631
- <param pos="0" name="os.vendor" value="Microsoft"/>
632
- <param pos="0" name="os.family" value="Windows"/>
633
- <param pos="0" name="os.product" value="Windows"/>
634
- </fingerprint>
635
-
636
- <fingerprint pattern="^([^\s]+) sshlib: MOVEit DMZ SSH (.*)$">
637
- <description>MOVEit DMZ (which uses Bitvise sshlib)</description>
638
- <param pos="1" name="service.component.version"/>
639
- <param pos="2" name="service.version"/>
640
- <param pos="0" name="service.component.vendor" value="Bitvise"/>
641
- <param pos="0" name="service.component.family" value="sshlib"/>
642
- <param pos="0" name="service.component.product" value="sshlib"/>
643
- <param pos="0" name="service.vendor" value="Standard Networks"/>
644
- <param pos="0" name="service.family" value="MOVEit DMZ"/>
645
- <param pos="0" name="service.product" value="MOVEit DMZ"/>
646
- <param pos="0" name="os.vendor" value="Microsoft"/>
647
- <param pos="0" name="os.family" value="Windows"/>
648
- <param pos="0" name="os.product" value="Windows"/>
649
- </fingerprint>
650
-
651
- <fingerprint pattern="^Pragma SecureShell\s*(.*)$">
652
- <description>Pragma SecureShell</description>
653
- <param pos="1" name="service.version"/>
654
- <param pos="0" name="service.vendor" value="Pragma Systems"/>
655
- <param pos="0" name="service.family" value="FortressSSH Server"/>
656
- <param pos="0" name="service.product" value="FortressSSH Server"/>
657
- <param pos="0" name="os.vendor" value="Microsoft"/>
658
- <param pos="0" name="os.family" value="Windows"/>
659
- <param pos="0" name="os.product" value="Windows"/>
660
- </fingerprint>
661
-
662
- <fingerprint pattern="^VShell_(?:Special_Edition_)?(\d+)_(\d+)_(\d+)_(\d+) VShell$">
663
- <description>VanDyke VShell</description>
664
- <example service.version="3" service.version.version="6" service.version.version.version="2" service.version.version.version.version="446">VShell_3_6_2_446 VShell</example>
665
- <example service.version="2" service.version.version="5" service.version.version.version="0" service.version.version.version.version="204">VShell_Special_Edition_2_5_0_204 VShell</example>
666
- <param pos="1" name="service.version"/>
667
- <param pos="2" name="service.version.version"/>
668
- <param pos="3" name="service.version.version.version"/>
669
- <param pos="4" name="service.version.version.version.version"/>
670
- <param pos="0" name="service.vendor" value="VanDyke Software"/>
671
- <param pos="0" name="service.family" value="VShell"/>
672
- <param pos="0" name="service.product" value="VShell"/>
673
- </fingerprint>
674
-
675
- <fingerprint pattern="^([\s]*)\s*VShell$">
676
- <description>VanDyke VShell</description>
677
- <param pos="1" name="service.version"/>
678
- <param pos="0" name="service.vendor" value="VanDyke Software"/>
679
- <param pos="0" name="service.family" value="VShell"/>
680
- <param pos="0" name="service.product" value="VShell"/>
681
- </fingerprint>
682
-
683
- <fingerprint pattern="^WRQReflectionForSecureIT_(.*)$">
684
- <description>Attachmate Reflection (formerly WRQ Reflection for Secure IT)
481
+ <param pos="1" name="service.version"/>
482
+ <param pos="0" name="service.vendor" value="Cisco"/>
483
+ <param pos="0" name="service.product" value="SSH"/>
484
+ <param pos="0" name="os.vendor" value="Cisco"/>
485
+ <param pos="0" name="os.product" value="IOS"/>
486
+ <param pos="0" name="os.certainty" value="0.8"/>
487
+ </fingerprint>
488
+ <fingerprint pattern="^CISCO_WLC$">
489
+ <description>SSH banner from a Cisco Wireless LAN Controller (WLC)</description>
490
+ <example>CISCO_WLC</example>
491
+ <param pos="0" name="service.vendor" value="Cisco"/>
492
+ <param pos="0" name="service.product" value="SSH"/>
493
+ <param pos="0" name="os.vendor" value="Cisco"/>
494
+ <param pos="0" name="os.product" value="Wireless LAN Controller"/>
495
+ </fingerprint>
496
+ <fingerprint pattern="^Sun_SSH_(.*)$">
497
+ <description>Sun SSH banner</description>
498
+ <param pos="1" name="service.version"/>
499
+ <param pos="0" name="service.vendor" value="Sun"/>
500
+ <param pos="0" name="service.product" value="SSH"/>
501
+ <param pos="0" name="os.vendor" value="Sun"/>
502
+ <param pos="0" name="os.family" value="Solaris"/>
503
+ <param pos="0" name="os.product" value="Solaris"/>
504
+ </fingerprint>
505
+ <fingerprint pattern="^SSH Protocol Compatible Server SCS (.*)$">
506
+ <description>Netscreen</description>
507
+ <param pos="1" name="service.version"/>
508
+ <param pos="0" name="service.vendor" value="Juniper"/>
509
+ <param pos="0" name="service.family" value="NetScreen"/>
510
+ <param pos="0" name="service.product" value="NetScreen"/>
511
+ <param pos="0" name="os.vendor" value="Juniper"/>
512
+ <param pos="0" name="os.device" value="Firewall"/>
513
+ <param pos="0" name="os.family" value="ScreenOS"/>
514
+ <param pos="0" name="os.product" value="ScreenOS"/>
515
+ </fingerprint>
516
+ <fingerprint pattern="^NetScreen$">
517
+ <description>Netscreen</description>
518
+ <param pos="0" name="service.vendor" value="Juniper"/>
519
+ <param pos="0" name="service.family" value="NetScreen"/>
520
+ <param pos="0" name="service.product" value="NetScreen"/>
521
+ <param pos="0" name="os.vendor" value="Juniper"/>
522
+ <param pos="0" name="os.device" value="Firewall"/>
523
+ <param pos="0" name="os.family" value="ScreenOS"/>
524
+ <param pos="0" name="os.product" value="ScreenOS"/>
525
+ </fingerprint>
526
+ <fingerprint pattern="^(?:HUAWEI-VRP-?|VRP-)(.*)$">
527
+ <description>Huawei Versatile Routing Platform (VRP)</description>
528
+ <example os.version="3.10" service.version="3.10">HUAWEI-VRP-3.10</example>
529
+ <param pos="0" name="service.vendor" value="Huawei"/>
530
+ <param pos="0" name="service.family" value="VRP"/>
531
+ <param pos="0" name="service.product" value="VRP"/>
532
+ <param pos="1" name="service.version"/>
533
+ <param pos="0" name="os.vendor" value="Huawei"/>
534
+ <param pos="0" name="os.device" value="Router"/>
535
+ <param pos="0" name="os.family" value="VRP"/>
536
+ <param pos="0" name="os.product" value="VRP"/>
537
+ <param pos="1" name="os.version"/>
538
+ </fingerprint>
539
+ <fingerprint pattern="^([^\s]+) sshlib: GlobalScape$">
540
+ <description>GlobalScape SSH (which uses Bitvise sshlib)</description>
541
+ <param pos="1" name="service.component.version"/>
542
+ <param pos="0" name="service.component.vendor" value="Bitvise"/>
543
+ <param pos="0" name="service.component.family" value="sshlib"/>
544
+ <param pos="0" name="service.component.product" value="sshlib"/>
545
+ <param pos="0" name="service.vendor" value="GlobalScape"/>
546
+ <param pos="0" name="service.family" value="Secure FTP Server"/>
547
+ <param pos="0" name="service.product" value="Secure FTP Server"/>
548
+ <param pos="0" name="os.vendor" value="Microsoft"/>
549
+ <param pos="0" name="os.family" value="Windows"/>
550
+ <param pos="0" name="os.product" value="Windows"/>
551
+ </fingerprint>
552
+ <fingerprint pattern="^([^\s]+) sshlib: WinSSHD (.*)$">
553
+ <description>Bitvise WinSSHD (which uses Bitvise sshlib)</description>
554
+ <param pos="1" name="service.component.version"/>
555
+ <param pos="2" name="service.version"/>
556
+ <param pos="0" name="service.component.vendor" value="Bitvise"/>
557
+ <param pos="0" name="service.component.family" value="sshlib"/>
558
+ <param pos="0" name="service.component.product" value="sshlib"/>
559
+ <param pos="0" name="service.vendor" value="Bitvise"/>
560
+ <param pos="0" name="service.family" value="WinSSHD"/>
561
+ <param pos="0" name="service.product" value="WinSSHD"/>
562
+ <param pos="0" name="os.vendor" value="Microsoft"/>
563
+ <param pos="0" name="os.family" value="Windows"/>
564
+ <param pos="0" name="os.product" value="Windows"/>
565
+ </fingerprint>
566
+ <fingerprint pattern="^([^\s]+) FlowSsh: (?:Bitvise SSH Server \(WinSSHD\)|WinSSHD) ([\d\.]+):?.*$">
567
+ <description>Bitvise WinSSHD (which uses Bitvise flowssh)</description>
568
+ <example service.version="5.09" service.component.version="1.03">1.03 FlowSsh: WinSSHD 5.09</example>
569
+ <example service.version="5.20" service.component.version="1.07">1.07 FlowSsh: WinSSHD 5.20: free only for personal non-commercial use</example>
570
+ <example service.version="6.03" service.component.version="5.21">5.21 FlowSsh: Bitvise SSH Server (WinSSHD) 6.03: free only for personal non-commercial use</example>
571
+ <param pos="1" name="service.component.version"/>
572
+ <param pos="2" name="service.version"/>
573
+ <param pos="0" name="service.component.vendor" value="Bitvise"/>
574
+ <param pos="0" name="service.component.family" value="flowssh"/>
575
+ <param pos="0" name="service.component.product" value="flowssh"/>
576
+ <param pos="0" name="service.vendor" value="Bitvise"/>
577
+ <param pos="0" name="service.family" value="WinSSHD"/>
578
+ <param pos="0" name="service.product" value="WinSSHD"/>
579
+ <param pos="0" name="os.vendor" value="Microsoft"/>
580
+ <param pos="0" name="os.family" value="Windows"/>
581
+ <param pos="0" name="os.product" value="Windows"/>
582
+ </fingerprint>
583
+ <fingerprint pattern="^([^\s]+) sshlib: MOVEit DMZ SSH (.*)$">
584
+ <description>MOVEit DMZ (which uses Bitvise sshlib)</description>
585
+ <param pos="1" name="service.component.version"/>
586
+ <param pos="2" name="service.version"/>
587
+ <param pos="0" name="service.component.vendor" value="Bitvise"/>
588
+ <param pos="0" name="service.component.family" value="sshlib"/>
589
+ <param pos="0" name="service.component.product" value="sshlib"/>
590
+ <param pos="0" name="service.vendor" value="Standard Networks"/>
591
+ <param pos="0" name="service.family" value="MOVEit DMZ"/>
592
+ <param pos="0" name="service.product" value="MOVEit DMZ"/>
593
+ <param pos="0" name="os.vendor" value="Microsoft"/>
594
+ <param pos="0" name="os.family" value="Windows"/>
595
+ <param pos="0" name="os.product" value="Windows"/>
596
+ </fingerprint>
597
+ <fingerprint pattern="^Pragma SecureShell\s*(.*)$">
598
+ <description>Pragma SecureShell</description>
599
+ <param pos="1" name="service.version"/>
600
+ <param pos="0" name="service.vendor" value="Pragma Systems"/>
601
+ <param pos="0" name="service.family" value="FortressSSH Server"/>
602
+ <param pos="0" name="service.product" value="FortressSSH Server"/>
603
+ <param pos="0" name="os.vendor" value="Microsoft"/>
604
+ <param pos="0" name="os.family" value="Windows"/>
605
+ <param pos="0" name="os.product" value="Windows"/>
606
+ </fingerprint>
607
+ <fingerprint pattern="^VShell_(?:Special_Edition_)?(\d+)_(\d+)_(\d+)_(\d+) VShell$">
608
+ <description>VanDyke VShell</description>
609
+ <example service.version="3" service.version.version="6" service.version.version.version="2" service.version.version.version.version="446">VShell_3_6_2_446 VShell</example>
610
+ <example service.version="2" service.version.version="5" service.version.version.version="0" service.version.version.version.version="204">VShell_Special_Edition_2_5_0_204 VShell</example>
611
+ <param pos="1" name="service.version"/>
612
+ <param pos="2" name="service.version.version"/>
613
+ <param pos="3" name="service.version.version.version"/>
614
+ <param pos="4" name="service.version.version.version.version"/>
615
+ <param pos="0" name="service.vendor" value="VanDyke Software"/>
616
+ <param pos="0" name="service.family" value="VShell"/>
617
+ <param pos="0" name="service.product" value="VShell"/>
618
+ </fingerprint>
619
+ <fingerprint pattern="^([\s]*)\s*VShell$">
620
+ <description>VanDyke VShell</description>
621
+ <param pos="1" name="service.version"/>
622
+ <param pos="0" name="service.vendor" value="VanDyke Software"/>
623
+ <param pos="0" name="service.family" value="VShell"/>
624
+ <param pos="0" name="service.product" value="VShell"/>
625
+ </fingerprint>
626
+ <fingerprint pattern="^WRQReflectionForSecureIT_(.*)$">
627
+ <description>Attachmate Reflection (formerly WRQ Reflection for Secure IT)
685
628
  </description>
686
- <!-- versions are of the form: 6.0 Build 23 -->
687
- <param pos="1" name="service.version"/>
688
- <param pos="0" name="service.vendor" value="Attachmate"/>
689
- <param pos="0" name="service.family" value="Reflection"/>
690
- <param pos="0" name="service.product" value="Reflection"/>
691
- </fingerprint>
692
-
693
- <fingerprint pattern="^([^\s]*)\s*F-Secure SSH\s*(?:.*)$">
694
- <!-- 3.2.3 F-Secure SSH Windows NT Server -->
695
- <description>Attachmate Reflection (formerly F-Secure SSH)
629
+ <param pos="1" name="service.version"/>
630
+ <param pos="0" name="service.vendor" value="Attachmate"/>
631
+ <param pos="0" name="service.family" value="Reflection"/>
632
+ <param pos="0" name="service.product" value="Reflection"/>
633
+ </fingerprint>
634
+ <fingerprint pattern="^([^\s]*)\s*F-Secure SSH\s*(?:.*)$">
635
+ <description>Attachmate Reflection (formerly F-Secure SSH)
696
636
  </description>
697
- <param pos="1" name="service.version"/>
698
- <param pos="0" name="service.vendor" value="Attachmate"/>
699
- <param pos="0" name="service.family" value="Reflection"/>
700
- <param pos="0" name="service.product" value="Reflection"/>
701
- </fingerprint>
702
-
703
- <fingerprint pattern="^([^\s]*)\s*SSH Tectia Server$">
704
- <!-- 5.0.1.79 SSH Tectia Server -->
705
- <description>SSH Communications Security Tectia Server</description>
706
- <param pos="1" name="service.version"/>
707
- <param pos="0" name="service.vendor" value="SSH Communications Security"/>
708
- <param pos="0" name="service.family" value="SSH Tectia Server"/>
709
- <param pos="0" name="service.product" value="SSH Tectia Server"/>
710
- </fingerprint>
711
-
712
- <fingerprint pattern="^([0-9\.]+) SSH Secure Shell(?: \(non-commercial\))?$">
713
- <example>3.2.9.1 SSH Secure Shell (non-commercial)</example>
714
- <example>4.0.3 SSH Secure Shell</example>
715
- <example>4.4.2.3 SSH Secure Shell</example>
716
- <description>SSH Communications Security Tectia Server</description>
717
- <param pos="1" name="service.version"/>
718
- <param pos="0" name="service.vendor" value="SSH Communications Security"/>
719
- <param pos="0" name="service.family" value="SSH Tectia Server"/>
720
- <param pos="0" name="service.product" value="SSH Tectia Server"/>
721
- </fingerprint>
722
-
723
- <fingerprint pattern="^([0-9\.]+) SSH Secure Shell Windows NT Server$">
724
- <description>Unknown Windows SSH server</description>
725
- <example>4.0.3 SSH Secure Shell Windows NT Server</example>
726
- <param pos="0" name="os.vendor" value="Microsoft"/>
727
- <param pos="0" name="os.family" value="Windows"/>
728
- <param pos="0" name="os.product" value="Windows"/>
729
- <param pos="1" name="service.version"/>
730
- <param pos="0" name="service.vendor" value="SSH Communications Security"/>
731
- <param pos="0" name="service.family" value="SSH Tectia Server"/>
732
- <param pos="0" name="service.product" value="SSH Tectia Server"/>
733
- </fingerprint>
734
-
735
- <fingerprint pattern="^ARRIS_(.*)$">
736
- <description>ARRIS device (though not clear which) - www.arrisi.com</description>
737
- <param pos="1" name="service.version"/>
738
- <param pos="0" name="service.vendor" value="ARRIS"/>
739
- <param pos="0" name="service.product" value="ARRIS"/>
740
- <param pos="0" name="os.vendor" value="ARRIS"/>
741
- <param pos="0" name="os.product" value="Unknown"/>
742
- </fingerprint>
743
-
744
- <fingerprint pattern="^Mocana SSH.*$">
745
- <description>Mocana Embedded SSH (note, there seem to be spaces at the
637
+ <param pos="1" name="service.version"/>
638
+ <param pos="0" name="service.vendor" value="Attachmate"/>
639
+ <param pos="0" name="service.family" value="Reflection"/>
640
+ <param pos="0" name="service.product" value="Reflection"/>
641
+ </fingerprint>
642
+ <fingerprint pattern="^([^\s]*)\s*SSH Tectia Server$">
643
+ <description>SSH Communications Security Tectia Server</description>
644
+ <param pos="1" name="service.version"/>
645
+ <param pos="0" name="service.vendor" value="SSH Communications Security"/>
646
+ <param pos="0" name="service.family" value="SSH Tectia Server"/>
647
+ <param pos="0" name="service.product" value="SSH Tectia Server"/>
648
+ </fingerprint>
649
+ <fingerprint pattern="^([0-9\.]+) SSH Secure Shell(?: \(non-commercial\))?$">
650
+ <description>SSH Communications Security Tectia Server</description>
651
+ <example>3.2.9.1 SSH Secure Shell (non-commercial)</example>
652
+ <example>4.0.3 SSH Secure Shell</example>
653
+ <example>4.4.2.3 SSH Secure Shell</example>
654
+ <param pos="1" name="service.version"/>
655
+ <param pos="0" name="service.vendor" value="SSH Communications Security"/>
656
+ <param pos="0" name="service.family" value="SSH Tectia Server"/>
657
+ <param pos="0" name="service.product" value="SSH Tectia Server"/>
658
+ </fingerprint>
659
+ <fingerprint pattern="^([0-9\.]+) SSH Secure Shell Windows NT Server$">
660
+ <description>Unknown Windows SSH server</description>
661
+ <example>4.0.3 SSH Secure Shell Windows NT Server</example>
662
+ <param pos="0" name="os.vendor" value="Microsoft"/>
663
+ <param pos="0" name="os.family" value="Windows"/>
664
+ <param pos="0" name="os.product" value="Windows"/>
665
+ <param pos="1" name="service.version"/>
666
+ <param pos="0" name="service.vendor" value="SSH Communications Security"/>
667
+ <param pos="0" name="service.family" value="SSH Tectia Server"/>
668
+ <param pos="0" name="service.product" value="SSH Tectia Server"/>
669
+ </fingerprint>
670
+ <fingerprint pattern="^ARRIS_(.*)$">
671
+ <description>ARRIS device (though not clear which) - www.arrisi.com</description>
672
+ <param pos="1" name="service.version"/>
673
+ <param pos="0" name="service.vendor" value="ARRIS"/>
674
+ <param pos="0" name="service.product" value="ARRIS"/>
675
+ <param pos="0" name="os.vendor" value="ARRIS"/>
676
+ <param pos="0" name="os.product" value="Unknown"/>
677
+ </fingerprint>
678
+ <fingerprint pattern="^Mocana SSH.*$">
679
+ <description>Mocana Embedded SSH (note, there seem to be spaces at the
746
680
  end of the returned banner, thus the .*</description>
747
- <param pos="0" name="service.vendor" value="Mocana"/>
748
- <param pos="0" name="service.family" value="Embedded SSH Server"/>
749
- <param pos="0" name="service.product" value="Embedded SSH Server"/>
750
- </fingerprint>
751
-
752
- <fingerprint pattern="^FreSSH\.(.*)$">
753
- <description>FreSSH</description>
754
- <param pos="1" name="service.version"/>
755
- <param pos="0" name="service.family" value="FreSSH"/>
756
- <param pos="0" name="service.product" value="FreSSH"/>
757
- </fingerprint>
758
-
759
- <fingerprint pattern="^RomCliSecure_(.*)$">
760
- <description>RomCliSecure appears to be the Adtran NetVanta products</description>
761
- <param pos="1" name="service.version"/>
762
- <param pos="0" name="service.vendor" value="Adtran"/>
763
- <param pos="0" name="service.family" value="NetVanta"/>
764
- <param pos="0" name="service.product" value="NetVanta"/>
765
- <param pos="0" name="os.vendor" value="Adtran"/>
766
- <param pos="0" name="os.family" value="NetVanta"/>
767
- <param pos="0" name="os.product" value="NetVanta"/>
768
- </fingerprint>
769
-
770
- <fingerprint pattern="^.*MultiNet.*$">
771
- <description>Process Software MultiNet is a suite of network apps for OpenVMS</description>
772
- <param pos="0" name="service.vendor" value="Process Software"/>
773
- <param pos="0" name="service.family" value="MultiNet"/>
774
- <param pos="0" name="service.product" value="MultiNet"/>
775
- <param pos="0" name="os.vendor" value="HP"/>
776
- <param pos="0" name="os.family" value="OpenVMS"/>
777
- <param pos="0" name="os.product" value="OpenVMS"/>
778
- </fingerprint>
779
-
780
- <fingerprint pattern="^dropbear_(.*)$">
781
- <!-- dropbear_0.36 -->
782
- <!-- dropbear_0.44test4 -->
783
- <description>Dropbear - http://matt.ucc.asn.au/dropbear/dropbear.html</description>
784
- <param pos="1" name="service.version"/>
785
- <param pos="0" name="service.family" value="Dropbear"/>
786
- <param pos="0" name="service.product" value="Dropbear"/>
787
- </fingerprint>
788
-
789
- <fingerprint pattern="^lancom$">
790
- <description>LANCOM Systems - http://www.lancom-systems.de/</description>
791
- <param pos="0" name="service.vendor" value="LANCOM Systems"/>
792
- <param pos="0" name="service.family" value="SSH"/>
793
- <param pos="0" name="service.product" value="SSH"/>
794
- <param pos="0" name="os.vendor" value="LANCOM Systems"/>
795
- <param pos="0" name="os.product" value="Unknown"/>
796
- </fingerprint>
797
-
798
- <fingerprint pattern="^0$">
799
- <description>MOVEit DMZ</description>
800
- <param pos="0" name="service.vendor" value="Standard Networks"/>
801
- <param pos="0" name="service.family" value="MOVEit DMZ"/>
802
- <param pos="0" name="service.product" value="MOVEit DMZ"/>
803
- <param pos="0" name="os.vendor" value="Microsoft"/>
804
- <param pos="0" name="os.family" value="Windows"/>
805
- <param pos="0" name="os.product" value="Windows"/>
806
- </fingerprint>
807
-
808
- <fingerprint pattern="^Comware-(\d+\.?\d*\.?\d*)$">
809
- <description>SSH on H3C Comware</description>
810
- <example os.version="5.20.105">Comware-5.20.105</example>
811
- <example os.version="5.20">Comware-5.20</example>
812
- <param pos="0" name="service.vendor" value="H3C"/>
813
- <param pos="0" name="service.product" value="SSH"/>
814
- <param pos="0" name="os.vendor" value="H3C"/>
815
- <param pos="0" name="os.device" value="Network"/>
816
- <param pos="0" name="os.product" value="Comware"/>
817
- <param pos="0" name="os.family" value="Comware"/>
818
- <param pos="1" name="os.version"/>
819
- </fingerprint>
820
-
821
- <fingerprint pattern="^Data ONTAP SSH [\d\.]+$">
822
- <description>SSH NetApp appliances</description>
823
- <example>Data ONTAP SSH 1.0</example>
824
- <param pos="0" name="os.vendor" value="NetApp"/>
825
- <param pos="0" name="os.family" value="Data ONTAP"/>
826
- <param pos="0" name="os.product" value="Data ONTAP"/>
827
- </fingerprint>
828
-
829
- <fingerprint pattern="^(\d\.\d+\.\d+) SSH Secure Shell OpenVMS V\d+\.\d+$">
830
- <description>SSH for OpenVMS</description>
831
- <!-- The VX.Y at the end refers to TCP/IP Services for OpenVMS version -->
832
- <example service.component.version="3.2.0">3.2.0 SSH Secure Shell OpenVMS V5.5</example>
833
- <example service.component.version="2.4.1">2.4.1 SSH Secure Shell OpenVMS V1.0</example>
834
- <param pos="1" name="service.component.version"/>
835
- <param pos="0" name="service.component.vendor" value="SSH Communication Security"/>
836
- <param pos="0" name="service.component.family" value="SSH Secure Shell"/>
837
- <param pos="0" name="service.component.product" value="SSH Secure Shell"/>
838
- <param pos="0" name="service.vendor" value="HP"/>
839
- <param pos="0" name="service.family" value="OpenVMS"/>
840
- <param pos="0" name="service.product" value="SSH Server"/>
841
- <param pos="0" name="os.vendor" value="HP"/>
842
- <param pos="0" name="os.device" value="General"/>
843
- <param pos="0" name="os.family" value="OpenVMS"/>
844
- <param pos="0" name="os.product" value="OpenVMS"/>
845
- <param pos="0" name="os.certainty" value="0.75"/>
846
- </fingerprint>
847
-
848
- <fingerprint pattern="^(\d\.\d+\.\d+) SSH (?:Secure Shell )?OpenVMS V\d\.\d VMS_sftp_version (\d)$">
849
- <description>SSH for OpenVMS sftp</description>
850
- <example service.component.version="3.2.0" service.version="3">3.2.0 SSH Secure Shell OpenVMS V5.5 VMS_sftp_version 3</example>
851
- <example service.component.version="3.2.0" service.version="3">3.2.0 SSH OpenVMS V5.5 VMS_sftp_version 3</example>
852
- <!--V5.5 refers to TCP/IP Services for OpenVMS version -->
853
- <param pos="1" name="service.component.version"/>
854
- <param pos="0" name="service.component.vendor" value="SSH Communication Security"/>
855
- <param pos="0" name="service.component.family" value="SSH Secure Shell"/>
856
- <param pos="0" name="service.component.product" value="SSH Secure Shell"/>
857
- <param pos="0" name="service.vendor" value="HP"/>
858
- <param pos="0" name="service.family" value="OpenVMS"/>
859
- <param pos="0" name="service.product" value="VMS SFTP Server"/>
860
- <param pos="2" name="service.version"/>
861
- <param pos="0" name="os.vendor" value="HP"/>
862
- <param pos="0" name="os.device" value="General"/>
863
- <param pos="0" name="os.family" value="OpenVMS"/>
864
- <param pos="0" name="os.certainty" value="0.75"/>
865
- </fingerprint>
866
-
867
- <fingerprint pattern="^\S+ SSH Secure Shell Tru64 UNIX$">
868
- <description>Digital/Compaq/HP Tru64 Unix</description>
869
- <example>3.2.0 SSH Secure Shell Tru64 UNIX</example>
870
- <param pos="0" name="os.vendor" value="HP"/>
871
- <param pos="0" name="os.family" value="Unix"/>
872
- <param pos="0" name="os.product" value="Tru64 Unix"/>
873
- <param pos="0" name="os.device" value="General"/>
874
- </fingerprint>
875
-
876
- <fingerprint pattern="^(?:SSH-(\d\.\d)-)?ROSSSH$">
877
- <description>MikroTik RouterOS sshd</description>
878
- <example>ROSSSH</example>
879
- <example service.version="2.0">SSH-2.0-ROSSSH</example>
880
- <param pos="1" name="service.version"/>
881
- <param pos="0" name="os.vendor" value="MikroTik"/>
882
- <param pos="0" name="os.device" value="Router"/>
883
- <param pos="0" name="os.family" value="RouterOS"/>
884
- <param pos="0" name="os.product" value="RouterOS"/>
885
- </fingerprint>
886
- <!--
681
+ <param pos="0" name="service.vendor" value="Mocana"/>
682
+ <param pos="0" name="service.family" value="Embedded SSH Server"/>
683
+ <param pos="0" name="service.product" value="Embedded SSH Server"/>
684
+ </fingerprint>
685
+ <fingerprint pattern="^FreSSH\.(.*)$">
686
+ <description>FreSSH</description>
687
+ <param pos="1" name="service.version"/>
688
+ <param pos="0" name="service.family" value="FreSSH"/>
689
+ <param pos="0" name="service.product" value="FreSSH"/>
690
+ </fingerprint>
691
+ <fingerprint pattern="^RomCliSecure_(.*)$">
692
+ <description>RomCliSecure appears to be the Adtran NetVanta products</description>
693
+ <param pos="1" name="service.version"/>
694
+ <param pos="0" name="service.vendor" value="Adtran"/>
695
+ <param pos="0" name="service.family" value="NetVanta"/>
696
+ <param pos="0" name="service.product" value="NetVanta"/>
697
+ <param pos="0" name="os.vendor" value="Adtran"/>
698
+ <param pos="0" name="os.family" value="NetVanta"/>
699
+ <param pos="0" name="os.product" value="NetVanta"/>
700
+ </fingerprint>
701
+ <fingerprint pattern="^.*MultiNet.*$">
702
+ <description>Process Software MultiNet is a suite of network apps for OpenVMS</description>
703
+ <param pos="0" name="service.vendor" value="Process Software"/>
704
+ <param pos="0" name="service.family" value="MultiNet"/>
705
+ <param pos="0" name="service.product" value="MultiNet"/>
706
+ <param pos="0" name="os.vendor" value="HP"/>
707
+ <param pos="0" name="os.family" value="OpenVMS"/>
708
+ <param pos="0" name="os.product" value="OpenVMS"/>
709
+ </fingerprint>
710
+ <fingerprint pattern="^dropbear_(.*)$">
711
+ <description>Dropbear - http://matt.ucc.asn.au/dropbear/dropbear.html</description>
712
+ <param pos="1" name="service.version"/>
713
+ <param pos="0" name="service.family" value="Dropbear"/>
714
+ <param pos="0" name="service.product" value="Dropbear"/>
715
+ </fingerprint>
716
+ <fingerprint pattern="^lancom$">
717
+ <description>LANCOM Systems - http://www.lancom-systems.de/</description>
718
+ <param pos="0" name="service.vendor" value="LANCOM Systems"/>
719
+ <param pos="0" name="service.family" value="SSH"/>
720
+ <param pos="0" name="service.product" value="SSH"/>
721
+ <param pos="0" name="os.vendor" value="LANCOM Systems"/>
722
+ <param pos="0" name="os.product" value="Unknown"/>
723
+ </fingerprint>
724
+ <fingerprint pattern="^0$">
725
+ <description>MOVEit DMZ</description>
726
+ <param pos="0" name="service.vendor" value="Standard Networks"/>
727
+ <param pos="0" name="service.family" value="MOVEit DMZ"/>
728
+ <param pos="0" name="service.product" value="MOVEit DMZ"/>
729
+ <param pos="0" name="os.vendor" value="Microsoft"/>
730
+ <param pos="0" name="os.family" value="Windows"/>
731
+ <param pos="0" name="os.product" value="Windows"/>
732
+ </fingerprint>
733
+ <fingerprint pattern="^Comware-(\d+\.?\d*\.?\d*)$">
734
+ <description>SSH on H3C Comware</description>
735
+ <example os.version="5.20.105">Comware-5.20.105</example>
736
+ <example os.version="5.20">Comware-5.20</example>
737
+ <param pos="0" name="service.vendor" value="H3C"/>
738
+ <param pos="0" name="service.product" value="SSH"/>
739
+ <param pos="0" name="os.vendor" value="H3C"/>
740
+ <param pos="0" name="os.device" value="Network"/>
741
+ <param pos="0" name="os.product" value="Comware"/>
742
+ <param pos="0" name="os.family" value="Comware"/>
743
+ <param pos="1" name="os.version"/>
744
+ </fingerprint>
745
+ <fingerprint pattern="^Data ONTAP SSH [\d\.]+$">
746
+ <description>SSH NetApp appliances</description>
747
+ <example>Data ONTAP SSH 1.0</example>
748
+ <param pos="0" name="os.vendor" value="NetApp"/>
749
+ <param pos="0" name="os.family" value="Data ONTAP"/>
750
+ <param pos="0" name="os.product" value="Data ONTAP"/>
751
+ </fingerprint>
752
+ <fingerprint pattern="^(\d\.\d+\.\d+) SSH Secure Shell OpenVMS V\d+\.\d+$">
753
+ <description>SSH for OpenVMS</description>
754
+ <example service.component.version="3.2.0">3.2.0 SSH Secure Shell OpenVMS V5.5</example>
755
+ <example service.component.version="2.4.1">2.4.1 SSH Secure Shell OpenVMS V1.0</example>
756
+ <param pos="1" name="service.component.version"/>
757
+ <param pos="0" name="service.component.vendor" value="SSH Communication Security"/>
758
+ <param pos="0" name="service.component.family" value="SSH Secure Shell"/>
759
+ <param pos="0" name="service.component.product" value="SSH Secure Shell"/>
760
+ <param pos="0" name="service.vendor" value="HP"/>
761
+ <param pos="0" name="service.family" value="OpenVMS"/>
762
+ <param pos="0" name="service.product" value="SSH Server"/>
763
+ <param pos="0" name="os.vendor" value="HP"/>
764
+ <param pos="0" name="os.device" value="General"/>
765
+ <param pos="0" name="os.family" value="OpenVMS"/>
766
+ <param pos="0" name="os.product" value="OpenVMS"/>
767
+ <param pos="0" name="os.certainty" value="0.75"/>
768
+ </fingerprint>
769
+ <fingerprint pattern="^(\d\.\d+\.\d+) SSH (?:Secure Shell )?OpenVMS V\d\.\d VMS_sftp_version (\d)$">
770
+ <description>SSH for OpenVMS sftp</description>
771
+ <example service.component.version="3.2.0" service.version="3">3.2.0 SSH Secure Shell OpenVMS V5.5 VMS_sftp_version 3</example>
772
+ <example service.component.version="3.2.0" service.version="3">3.2.0 SSH OpenVMS V5.5 VMS_sftp_version 3</example>
773
+ <param pos="1" name="service.component.version"/>
774
+ <param pos="0" name="service.component.vendor" value="SSH Communication Security"/>
775
+ <param pos="0" name="service.component.family" value="SSH Secure Shell"/>
776
+ <param pos="0" name="service.component.product" value="SSH Secure Shell"/>
777
+ <param pos="0" name="service.vendor" value="HP"/>
778
+ <param pos="0" name="service.family" value="OpenVMS"/>
779
+ <param pos="0" name="service.product" value="VMS SFTP Server"/>
780
+ <param pos="2" name="service.version"/>
781
+ <param pos="0" name="os.vendor" value="HP"/>
782
+ <param pos="0" name="os.device" value="General"/>
783
+ <param pos="0" name="os.family" value="OpenVMS"/>
784
+ <param pos="0" name="os.certainty" value="0.75"/>
785
+ </fingerprint>
786
+ <fingerprint pattern="^\S+ SSH Secure Shell Tru64 UNIX$">
787
+ <description>Digital/Compaq/HP Tru64 Unix</description>
788
+ <example>3.2.0 SSH Secure Shell Tru64 UNIX</example>
789
+ <param pos="0" name="os.vendor" value="HP"/>
790
+ <param pos="0" name="os.family" value="Unix"/>
791
+ <param pos="0" name="os.product" value="Tru64 Unix"/>
792
+ <param pos="0" name="os.device" value="General"/>
793
+ </fingerprint>
794
+ <fingerprint pattern="^(?:SSH-(\d\.\d)-)?ROSSSH$">
795
+ <description>MikroTik RouterOS sshd</description>
796
+ <example>ROSSSH</example>
797
+ <example service.version="2.0">SSH-2.0-ROSSSH</example>
798
+ <param pos="1" name="service.version"/>
799
+ <param pos="0" name="os.vendor" value="MikroTik"/>
800
+ <param pos="0" name="os.device" value="Router"/>
801
+ <param pos="0" name="os.family" value="RouterOS"/>
802
+ <param pos="0" name="os.product" value="RouterOS"/>
803
+ </fingerprint>
804
+ <!--
887
805
  1.2.22j4rad
888
806
  2.40
889
807
  2.0.12
@@ -891,10 +809,8 @@ Server-VII
891
809
  9.9.1
892
810
  IPSSH-1.10.0
893
811
  -->
894
-
895
- <!--
812
+ <!--
896
813
  Possibly Nortel Passport
897
814
  SSH_2.1.1
898
815
  -->
899
-
900
816
  </fingerprints>