recog 2.0.13 → 2.0.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +19 -6
  3. data/features/{xml → data}/failing_banners_fingerprints.xml +0 -0
  4. data/features/{xml → data}/matching_banners_fingerprints.xml +0 -0
  5. data/features/{xml → data}/no_tests.xml +0 -0
  6. data/features/{xml/banners.xml → data/sample_banner.txt} +0 -0
  7. data/features/{xml → data}/successful_tests.xml +0 -0
  8. data/features/{xml → data}/tests_with_failures.xml +0 -0
  9. data/features/{xml → data}/tests_with_warnings.xml +0 -0
  10. data/features/match.feature +2 -2
  11. data/features/support/env.rb +1 -1
  12. data/lib/recog/version.rb +1 -1
  13. data/misc/order.xsl +17 -0
  14. data/spec/lib/fingerprint_self_test_spec.rb +8 -0
  15. data/xml/apache_os.xml +270 -334
  16. data/xml/architecture.xml +28 -41
  17. data/xml/fingerprints.xsd +37 -0
  18. data/xml/ftp_banners.xml +52 -58
  19. data/xml/h323_callresp.xml +597 -695
  20. data/xml/hp_pjl_id.xml +370 -409
  21. data/xml/http_cookies.xml +304 -348
  22. data/xml/http_servers.xml +3202 -3483
  23. data/xml/http_wwwauth.xml +342 -409
  24. data/xml/imap_banners.xml +149 -190
  25. data/xml/mdns_device-info_txt.xml +97 -111
  26. data/xml/mdns_workstation_txt.xml +6 -6
  27. data/xml/mysql_banners.xml +99 -198
  28. data/xml/mysql_error.xml +4 -11
  29. data/xml/nntp_banners.xml +42 -45
  30. data/xml/ntp_banners.xml +2 -3
  31. data/xml/pop_banners.xml +214 -247
  32. data/xml/rsh_resp.xml +68 -76
  33. data/xml/sip_banners.xml +19 -19
  34. data/xml/sip_user_agents.xml +63 -74
  35. data/xml/smb_native_os.xml +387 -433
  36. data/xml/smtp_banners.xml +1318 -1460
  37. data/xml/smtp_debug.xml +24 -27
  38. data/xml/smtp_ehlo.xml +19 -22
  39. data/xml/smtp_expn.xml +61 -70
  40. data/xml/smtp_help.xml +139 -160
  41. data/xml/smtp_mailfrom.xml +14 -16
  42. data/xml/smtp_noop.xml +28 -31
  43. data/xml/smtp_quit.xml +16 -18
  44. data/xml/smtp_rcptto.xml +8 -10
  45. data/xml/smtp_rset.xml +12 -13
  46. data/xml/smtp_turn.xml +12 -13
  47. data/xml/smtp_vrfy.xml +66 -76
  48. data/xml/snmp_sysdescr.xml +7257 -8016
  49. data/xml/snmp_sysobjid.xml +392 -434
  50. data/xml/ssh_banners.xml +783 -867
  51. data/xml/upnp_banners.xml +594 -628
  52. metadata +11 -9
data/xml/ssh_banners.xml CHANGED
@@ -1,508 +1,467 @@
1
- <?xml version="1.0"?>
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
2
  <!--
3
3
  SSH "software revision and comment" strings (official RFC nomenclature for the part of
4
4
  the identification string after "SSH-x.x-") are matched against these patterns to
5
5
  fingerprint SSH servers.
6
6
  -->
7
-
8
7
  <fingerprints matches="ssh.banner">
9
-
10
-
11
- <!-- Honeypot SSH server banners are useless for fingerprinting -->
12
- <fingerprint pattern="honeypot" flags="REG_ICASE">
13
- <description>Honeypot SSH</description>
14
- <!-- assert nothing -->
15
- </fingerprint>
16
-
17
- <fingerprint pattern="^RomSShell_([\d\.]+)$">
18
- <description>Allegro RomSShell SSH</description>
19
- <example service.version="4.62">RomSShell_4.62</example>
20
- <param pos="0" name="service.vendor" value="Allegro Software"/>
21
- <param pos="0" name="service.product" value="RomSShell"/>
22
- <param pos="1" name="service.version"/>
23
- </fingerprint>
24
-
25
- <fingerprint pattern="^mpSSH_([\d\.]+)$">
26
- <description>HP Integrated Lights Out (iLO) usually bundled with HP servers</description>
27
- <example>mpSSH_0.0.1</example>
28
- <param pos="0" name="service.vendor" value="HP"/>
29
- <param pos="0" name="service.product" value="iLO"/>
30
- <param pos="0" name="service.family" value="iLO"/>
31
- <param pos="1" name="service.version"/>
32
- <param pos="0" name="hw.vendor" value="HP"/>
33
- <param pos="0" name="os.vendor" value="HP"/>
34
- <param pos="0" name="os.product" value="iLO"/>
35
- <param pos="0" name="os.family" value="iLO"/>
36
- <param pos="0" name="os.device" value="Lights Out Management"/>
37
- </fingerprint>
38
-
39
- <fingerprint pattern="^Serv-U_([\d\.]+)$">
40
- <description>Serv-U SSH</description>
41
- <example>Serv-U_7.4.0.1</example>
42
- <param pos="0" name="service.vendor" value="Rhino Software"/>
43
- <param pos="0" name="service.product" value="Serv-U"/>
44
- <param pos="1" name="service.version"/>
45
- </fingerprint>
46
-
47
- <fingerprint pattern="WS_FTP-SSH_([\d\.]+)$">
48
- <description>WS_FTP Server with SSH</description>
49
- <example>WS_FTP-SSH_6.1.1</example>
50
- <example>WS_FTP-SSH_7.0</example>
51
- <param pos="0" name="service.vendor" value="Ipswitch"/>
52
- <param pos="0" name="service.product" value="WS_FTP"/>
53
- <param pos="1" name="service.version"/>
54
- </fingerprint>
55
-
56
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+(FreeBSD[ -].*)$">
57
- <description>OpenSSH running on FreeBSD</description>
58
- <param pos="1" name="service.version"/>
59
- <param pos="2" name="openssh.comment"/>
60
- <param pos="0" name="service.vendor" value="OpenBSD"/>
61
- <param pos="0" name="service.family" value="OpenSSH"/>
62
- <param pos="0" name="service.product" value="OpenSSH"/>
63
- <param pos="0" name="os.vendor" value="FreeBSD"/>
64
- <param pos="0" name="os.device" value="General"/>
65
- <param pos="0" name="os.family" value="FreeBSD"/>
66
- <param pos="0" name="os.product" value="FreeBSD"/>
67
- </fingerprint>
68
-
69
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+(NetBSD[ -].*)$">
70
- <description>OpenSSH running on NetBSD</description>
71
- <param pos="1" name="service.version"/>
72
- <param pos="2" name="openssh.comment"/>
73
- <param pos="0" name="service.vendor" value="OpenBSD"/>
74
- <param pos="0" name="service.family" value="OpenSSH"/>
75
- <param pos="0" name="service.product" value="OpenSSH"/>
76
- <param pos="0" name="os.vendor" value="NetBSD"/>
77
- <param pos="0" name="os.device" value="General"/>
78
- <param pos="0" name="os.family" value="NetBSD"/>
79
- <param pos="0" name="os.product" value="NetBSD"/>
80
- </fingerprint>
81
-
82
- <fingerprint pattern="^OpenSSH_(4\.1p1) (Debian-7ubuntu\d+(?:\.\d+)?)$">
83
- <description>OpenSSH running on Ubuntu 5.10</description>
84
- <example>OpenSSH_4.1p1 Debian-7ubuntu4</example>
85
- <param pos="1" name="service.version"/>
86
- <param pos="2" name="openssh.comment"/>
87
- <param pos="0" name="service.vendor" value="OpenBSD"/>
88
- <param pos="0" name="service.family" value="OpenSSH"/>
89
- <param pos="0" name="service.product" value="OpenSSH"/>
90
- <param pos="0" name="os.vendor" value="Ubuntu"/>
91
- <param pos="0" name="os.device" value="General"/>
92
- <param pos="0" name="os.family" value="Linux"/>
93
- <param pos="0" name="os.product" value="Linux"/>
94
- <param pos="0" name="os.version" value="5.10"/>
95
- </fingerprint>
96
-
97
- <fingerprint pattern="^OpenSSH_(4\.2p1) (Debian-7ubuntu\d+(?:\.\d+)?)$">
98
- <description>OpenSSH running on Ubuntu 6.04</description>
99
- <example>OpenSSH_4.2p1 Debian-7ubuntu3.1</example>
100
- <example>OpenSSH_4.2p1 Debian-7ubuntu3.2</example>
101
- <param pos="1" name="service.version"/>
102
- <param pos="2" name="openssh.comment"/>
103
- <param pos="0" name="service.vendor" value="OpenBSD"/>
104
- <param pos="0" name="service.family" value="OpenSSH"/>
105
- <param pos="0" name="service.product" value="OpenSSH"/>
106
- <param pos="0" name="os.vendor" value="Ubuntu"/>
107
- <param pos="0" name="os.device" value="General"/>
108
- <param pos="0" name="os.family" value="Linux"/>
109
- <param pos="0" name="os.product" value="Linux"/>
110
- <param pos="0" name="os.version" value="6.04"/>
111
- </fingerprint>
112
-
113
- <fingerprint pattern="^OpenSSH_(4\.3p2) (Debian-8ubuntu\d+(?:\.\d+)?)$">
114
- <description>OpenSSH running on Ubuntu 7.04</description>
115
- <example>OpenSSH_4.3p2 Debian-8ubuntu1.4</example>
116
- <param pos="1" name="service.version"/>
117
- <param pos="2" name="openssh.comment"/>
118
- <param pos="0" name="service.vendor" value="OpenBSD"/>
119
- <param pos="0" name="service.family" value="OpenSSH"/>
120
- <param pos="0" name="service.product" value="OpenSSH"/>
121
- <param pos="0" name="os.vendor" value="Ubuntu"/>
122
- <param pos="0" name="os.device" value="General"/>
123
- <param pos="0" name="os.family" value="Linux"/>
124
- <param pos="0" name="os.product" value="Linux"/>
125
- <param pos="0" name="os.version" value="7.04"/>
126
- </fingerprint>
127
-
128
- <fingerprint pattern="^OpenSSH_(4\.6p1) (Debian-5ubuntu\d+(?:\.\d+)?)$">
129
- <description>OpenSSH running on Ubuntu 7.10</description>
130
- <example>OpenSSH_4.6p1 Debian-5ubuntu0.2</example>
131
- <example>OpenSSH_4.6p1 Debian-5ubuntu0.5</example>
132
- <example>OpenSSH_4.6p1 Debian-5ubuntu0.6</example>
133
- <param pos="1" name="service.version"/>
134
- <param pos="2" name="openssh.comment"/>
135
- <param pos="0" name="service.vendor" value="OpenBSD"/>
136
- <param pos="0" name="service.family" value="OpenSSH"/>
137
- <param pos="0" name="service.product" value="OpenSSH"/>
138
- <param pos="0" name="os.vendor" value="Ubuntu"/>
139
- <param pos="0" name="os.device" value="General"/>
140
- <param pos="0" name="os.family" value="Linux"/>
141
- <param pos="0" name="os.product" value="Linux"/>
142
- <param pos="0" name="os.version" value="7.10"/>
143
- </fingerprint>
144
-
145
- <fingerprint pattern="^OpenSSH_(4\.6p1) (Debian-5build1)$">
146
- <description>OpenSSH running on very early versions of Ubuntu 7.10</description>
147
- <example service.version="4.6p1" openssh.comment="Debian-5build1">OpenSSH_4.6p1 Debian-5build1</example>
148
- <param pos="1" name="service.version"/>
149
- <param pos="2" name="openssh.comment"/>
150
- <param pos="0" name="service.vendor" value="OpenBSD"/>
151
- <param pos="0" name="service.family" value="OpenSSH"/>
152
- <param pos="0" name="service.product" value="OpenSSH"/>
153
- <param pos="0" name="os.vendor" value="Ubuntu"/>
154
- <param pos="0" name="os.device" value="General"/>
155
- <param pos="0" name="os.family" value="Linux"/>
156
- <param pos="0" name="os.product" value="Linux"/>
157
- <param pos="0" name="os.version" value="7.10"/>
158
- </fingerprint>
159
-
160
- <fingerprint pattern="^OpenSSH_(4\.7p1) (Debian-8ubuntu\d+(?:\.\d+)?)$">
161
- <description>OpenSSH running on Ubuntu 8.04</description>
162
- <example service.version="4.7p1" openssh.comment="Debian-8ubuntu1.2">OpenSSH_4.7p1 Debian-8ubuntu1.2</example>
163
- <example service.version="4.7p1" openssh.comment="Debian-8ubuntu3">OpenSSH_4.7p1 Debian-8ubuntu3</example>
164
- <param pos="1" name="service.version"/>
165
- <param pos="2" name="openssh.comment"/>
166
- <param pos="0" name="service.vendor" value="OpenBSD"/>
167
- <param pos="0" name="service.family" value="OpenSSH"/>
168
- <param pos="0" name="service.product" value="OpenSSH"/>
169
- <param pos="0" name="os.vendor" value="Ubuntu"/>
170
- <param pos="0" name="os.device" value="General"/>
171
- <param pos="0" name="os.family" value="Linux"/>
172
- <param pos="0" name="os.product" value="Linux"/>
173
- <param pos="0" name="os.version" value="8.04"/>
174
- </fingerprint>
175
-
176
- <fingerprint pattern="^OpenSSH_(5\.1p1) (Debian-3ubuntu\d+(?:\.\d+)?)$">
177
- <description>OpenSSH running on Ubuntu 8.10</description>
178
- <example>OpenSSH_5.1p1 Debian-3ubuntu1</example>
179
- <param pos="1" name="service.version"/>
180
- <param pos="2" name="openssh.comment"/>
181
- <param pos="0" name="service.vendor" value="OpenBSD"/>
182
- <param pos="0" name="service.family" value="OpenSSH"/>
183
- <param pos="0" name="service.product" value="OpenSSH"/>
184
- <param pos="0" name="os.vendor" value="Ubuntu"/>
185
- <param pos="0" name="os.device" value="General"/>
186
- <param pos="0" name="os.family" value="Linux"/>
187
- <param pos="0" name="os.product" value="Linux"/>
188
- <param pos="0" name="os.version" value="8.10"/>
189
- </fingerprint>
190
-
191
- <fingerprint pattern="^OpenSSH_(5\.1p1) (Debian-5ubuntu\d+(?:\.\d+)?)$">
192
- <description>OpenSSH running on Ubuntu 9.04</description>
193
- <example>OpenSSH_5.1p1 Debian-5ubuntu1</example>
194
- <param pos="1" name="service.version"/>
195
- <param pos="2" name="openssh.comment"/>
196
- <param pos="0" name="service.vendor" value="OpenBSD"/>
197
- <param pos="0" name="service.family" value="OpenSSH"/>
198
- <param pos="0" name="service.product" value="OpenSSH"/>
199
- <param pos="0" name="os.vendor" value="Ubuntu"/>
200
- <param pos="0" name="os.device" value="General"/>
201
- <param pos="0" name="os.family" value="Linux"/>
202
- <param pos="0" name="os.product" value="Linux"/>
203
- <param pos="0" name="os.version" value="9.04"/>
204
- </fingerprint>
205
-
206
- <fingerprint pattern="^OpenSSH_(5\.1p1) (Debian-6ubuntu\d+(?:\.\d+)?)$">
207
- <description>OpenSSH running on Ubuntu 9.10</description>
208
- <example>OpenSSH_5.1p1 Debian-6ubuntu2</example>
209
- <param pos="1" name="service.version"/>
210
- <param pos="2" name="openssh.comment"/>
211
- <param pos="0" name="service.vendor" value="OpenBSD"/>
212
- <param pos="0" name="service.family" value="OpenSSH"/>
213
- <param pos="0" name="service.product" value="OpenSSH"/>
214
- <param pos="0" name="os.vendor" value="Ubuntu"/>
215
- <param pos="0" name="os.device" value="General"/>
216
- <param pos="0" name="os.family" value="Linux"/>
217
- <param pos="0" name="os.product" value="Linux"/>
218
- <param pos="0" name="os.version" value="9.10"/>
219
- </fingerprint>
220
-
221
- <fingerprint pattern="^OpenSSH_(5\.3p1) (Debian-3ubuntu\d+(?:\.\d+)?)$">
222
- <description>OpenSSH running on Ubuntu 10.04 (lucid)</description>
223
- <example service.version="5.3p1" openssh.comment="Debian-3ubuntu3">OpenSSH_5.3p1 Debian-3ubuntu3</example>
224
- <example service.version="5.3p1" openssh.comment="Debian-3ubuntu4">OpenSSH_5.3p1 Debian-3ubuntu4</example>
225
- <example service.version="5.3p1" openssh.comment="Debian-3ubuntu5">OpenSSH_5.3p1 Debian-3ubuntu5</example>
226
- <example service.version="5.3p1" openssh.comment="Debian-3ubuntu6">OpenSSH_5.3p1 Debian-3ubuntu6</example>
227
- <example service.version="5.3p1" openssh.comment="Debian-3ubuntu7">OpenSSH_5.3p1 Debian-3ubuntu7</example>
228
- <example service.version="5.3p1" openssh.comment="Debian-3ubuntu7.1">OpenSSH_5.3p1 Debian-3ubuntu7.1</example>
229
- <param pos="1" name="service.version"/>
230
- <param pos="2" name="openssh.comment"/>
231
- <param pos="0" name="service.vendor" value="OpenBSD"/>
232
- <param pos="0" name="service.family" value="OpenSSH"/>
233
- <param pos="0" name="service.product" value="OpenSSH"/>
234
- <param pos="0" name="os.vendor" value="Ubuntu"/>
235
- <param pos="0" name="os.device" value="General"/>
236
- <param pos="0" name="os.family" value="Linux"/>
237
- <param pos="0" name="os.product" value="Linux"/>
238
- <param pos="0" name="os.version" value="10.04"/>
239
- </fingerprint>
240
-
241
- <fingerprint pattern="^OpenSSH_(5\.5p1) (Debian-4ubuntu\d+(?:\.\d+)?)$">
242
- <description>OpenSSH running on Ubuntu 10.10</description>
243
- <example service.version="5.5p1" openssh.comment="Debian-4ubuntu4">OpenSSH_5.5p1 Debian-4ubuntu4</example>
244
- <example service.version="5.5p1" openssh.comment="Debian-4ubuntu5">OpenSSH_5.5p1 Debian-4ubuntu5</example>
245
- <example service.version="5.5p1" openssh.comment="Debian-4ubuntu6">OpenSSH_5.5p1 Debian-4ubuntu6</example>
246
- <param pos="1" name="service.version"/>
247
- <param pos="2" name="openssh.comment"/>
248
- <param pos="0" name="service.vendor" value="OpenBSD"/>
249
- <param pos="0" name="service.family" value="OpenSSH"/>
250
- <param pos="0" name="service.product" value="OpenSSH"/>
251
- <param pos="0" name="os.vendor" value="Ubuntu"/>
252
- <param pos="0" name="os.device" value="General"/>
253
- <param pos="0" name="os.family" value="Linux"/>
254
- <param pos="0" name="os.product" value="Linux"/>
255
- <param pos="0" name="os.version" value="10.10"/>
256
- </fingerprint>
257
-
258
- <fingerprint pattern="^OpenSSH_(5\.8p1) (Debian-1ubuntu\d(?:\.\d)?)$">
259
- <description>OpenSSH running on Ubuntu 11.04</description>
260
- <example>OpenSSH_5.8p1 Debian-1ubuntu3</example>
261
- <param pos="1" name="service.version"/>
262
- <param pos="2" name="openssh.comment"/>
263
- <param pos="0" name="service.vendor" value="OpenBSD"/>
264
- <param pos="0" name="service.family" value="OpenSSH"/>
265
- <param pos="0" name="service.product" value="OpenSSH"/>
266
- <param pos="0" name="os.vendor" value="Ubuntu"/>
267
- <param pos="0" name="os.device" value="General"/>
268
- <param pos="0" name="os.family" value="Linux"/>
269
- <param pos="0" name="os.product" value="Linux"/>
270
- <param pos="0" name="os.version" value="11.04"/>
271
- </fingerprint>
272
-
273
- <fingerprint pattern="^OpenSSH_(5\.8p1) (Debian-7ubuntu\d(?:\.\d)?)$">
274
- <description>OpenSSH running on Ubuntu 11.10</description>
275
- <example>OpenSSH_5.8p1 Debian-7ubuntu1</example>
276
- <param pos="1" name="service.version"/>
277
- <param pos="2" name="openssh.comment"/>
278
- <param pos="0" name="service.vendor" value="OpenBSD"/>
279
- <param pos="0" name="service.family" value="OpenSSH"/>
280
- <param pos="0" name="service.product" value="OpenSSH"/>
281
- <param pos="0" name="os.vendor" value="Ubuntu"/>
282
- <param pos="0" name="os.device" value="General"/>
283
- <param pos="0" name="os.family" value="Linux"/>
284
- <param pos="0" name="os.product" value="Linux"/>
285
- <param pos="0" name="os.version" value="11.10"/>
286
- </fingerprint>
287
-
288
- <fingerprint pattern="^OpenSSH_(5\.9p1) (Debian-5ubuntu\d(?:\.\d)?)$">
289
- <description>OpenSSH running on Ubuntu 12.04</description>
290
- <example service.version="5.9p1" openssh.comment="Debian-5ubuntu1">OpenSSH_5.9p1 Debian-5ubuntu1</example>
291
- <example service.version="5.9p1" openssh.comment="Debian-5ubuntu1.4">OpenSSH_5.9p1 Debian-5ubuntu1.4</example>
292
- <param pos="1" name="service.version"/>
293
- <param pos="2" name="openssh.comment"/>
294
- <param pos="0" name="service.vendor" value="OpenBSD"/>
295
- <param pos="0" name="service.family" value="OpenSSH"/>
296
- <param pos="0" name="service.product" value="OpenSSH"/>
297
- <param pos="0" name="os.vendor" value="Ubuntu"/>
298
- <param pos="0" name="os.device" value="General"/>
299
- <param pos="0" name="os.family" value="Linux"/>
300
- <param pos="0" name="os.product" value="Linux"/>
301
- <param pos="0" name="os.version" value="12.04"/>
302
- </fingerprint>
303
-
304
- <fingerprint pattern="^OpenSSH_(6\.0p1) (Debian-3ubuntu\d(?:\.\d)?)$">
305
- <description>OpenSSH running on Ubuntu 12.10</description>
306
- <example>OpenSSH_6.0p1 Debian-3ubuntu1</example>
307
- <param pos="1" name="service.version"/>
308
- <param pos="2" name="openssh.comment"/>
309
- <param pos="0" name="service.vendor" value="OpenBSD"/>
310
- <param pos="0" name="service.family" value="OpenSSH"/>
311
- <param pos="0" name="service.product" value="OpenSSH"/>
312
- <param pos="0" name="os.vendor" value="Ubuntu"/>
313
- <param pos="0" name="os.device" value="General"/>
314
- <param pos="0" name="os.family" value="Linux"/>
315
- <param pos="0" name="os.product" value="Linux"/>
316
- <param pos="0" name="os.version" value="12.10"/>
317
- </fingerprint>
318
-
319
- <fingerprint pattern="^OpenSSH_(6\.1p1) (Debian-4)$">
320
- <description>OpenSSH running on Ubuntu 13.04</description>
321
- <example>OpenSSH_6.1p1 Debian-4</example>
322
- <param pos="1" name="service.version"/>
323
- <param pos="2" name="openssh.comment"/>
324
- <param pos="0" name="service.vendor" value="OpenBSD"/>
325
- <param pos="0" name="service.family" value="OpenSSH"/>
326
- <param pos="0" name="service.product" value="OpenSSH"/>
327
- <param pos="0" name="os.vendor" value="Ubuntu"/>
328
- <param pos="0" name="os.device" value="General"/>
329
- <param pos="0" name="os.family" value="Linux"/>
330
- <param pos="0" name="os.product" value="Linux"/>
331
- <param pos="0" name="os.version" value="13.04"/>
332
- </fingerprint>
333
-
334
- <fingerprint pattern="^OpenSSH_(6\.6(?:\.\d)?p1) (Ubuntu-2ubuntu\d+(?:\.\d+)?)$">
335
- <description>OpenSSH running on Ubuntu 14.04</description>
336
- <example service.version="6.6p1" openssh.comment="Ubuntu-2ubuntu1">OpenSSH_6.6p1 Ubuntu-2ubuntu1</example>
337
- <example service.version="6.6.1p1" openssh.comment="Ubuntu-2ubuntu2">OpenSSH_6.6.1p1 Ubuntu-2ubuntu2</example>
338
- <param pos="1" name="service.version"/>
339
- <param pos="2" name="openssh.comment"/>
340
- <param pos="0" name="service.vendor" value="OpenBSD"/>
341
- <param pos="0" name="service.family" value="OpenSSH"/>
342
- <param pos="0" name="service.product" value="OpenSSH"/>
343
- <param pos="0" name="os.vendor" value="Ubuntu"/>
344
- <param pos="0" name="os.device" value="General"/>
345
- <param pos="0" name="os.family" value="Linux"/>
346
- <param pos="0" name="os.product" value="Linux"/>
347
- <param pos="0" name="os.version" value="14.04"/>
348
- </fingerprint>
349
-
350
- <fingerprint pattern="^OpenSSH_(6\.7p1) (Ubuntu-5ubuntu\d(?:\.\d)?)$">
351
- <description>OpenSSH running on Ubuntu 15.04 (vivid)</description>
352
- <example service.version="6.7p1" openssh.comment="Ubuntu-5ubuntu1">OpenSSH_6.7p1 Ubuntu-5ubuntu1</example>
353
- <param pos="1" name="service.version"/>
354
- <param pos="2" name="openssh.comment"/>
355
- <param pos="0" name="service.vendor" value="OpenBSD"/>
356
- <param pos="0" name="service.family" value="OpenSSH"/>
357
- <param pos="0" name="service.product" value="OpenSSH"/>
358
- <param pos="0" name="os.vendor" value="Ubuntu"/>
359
- <param pos="0" name="os.device" value="General"/>
360
- <param pos="0" name="os.family" value="Linux"/>
361
- <param pos="0" name="os.product" value="Linux"/>
362
- <param pos="0" name="os.version" value="15.04"/>
363
- </fingerprint>
364
-
365
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian-4(?:\+deb7u\d+)?)$">
366
- <description>OpenSSH running on Debian 7.x (wheezy)</description>
367
- <example service.version="6.0p1" openssh.comment="Debian-4">OpenSSH_6.0p1 Debian-4</example>
368
- <example service.version="6.0p1" openssh.comment="Debian-4+deb7u1">OpenSSH_6.0p1 Debian-4+deb7u1</example>
369
- <example service.version="6.0p1" openssh.comment="Debian-4+deb7u2">OpenSSH_6.0p1 Debian-4+deb7u2</example>
370
- <param pos="1" name="service.version"/>
371
- <param pos="2" name="openssh.comment"/>
372
- <param pos="0" name="service.vendor" value="OpenBSD"/>
373
- <param pos="0" name="service.family" value="OpenSSH"/>
374
- <param pos="0" name="service.product" value="OpenSSH"/>
375
- <param pos="0" name="os.vendor" value="Debian"/>
376
- <param pos="0" name="os.device" value="General"/>
377
- <param pos="0" name="os.family" value="Linux"/>
378
- <param pos="0" name="os.product" value="Linux"/>
379
- <param pos="0" name="os.version" value="7.0"/>
380
- </fingerprint>
381
-
382
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+squeeze.*)$">
383
- <description>OpenSSH running on Debian 6.0 (squeeze)</description>
384
- <example service.version="5.5p1" openssh.comment="Debian-6+squeeze4">OpenSSH_5.5p1 Debian-6+squeeze4</example>
385
- <param pos="1" name="service.version"/>
386
- <param pos="2" name="openssh.comment"/>
387
- <param pos="0" name="service.vendor" value="OpenBSD"/>
388
- <param pos="0" name="service.family" value="OpenSSH"/>
389
- <param pos="0" name="service.product" value="OpenSSH"/>
390
- <param pos="0" name="os.vendor" value="Debian"/>
391
- <param pos="0" name="os.device" value="General"/>
392
- <param pos="0" name="os.family" value="Linux"/>
393
- <param pos="0" name="os.product" value="Linux"/>
394
- <param pos="0" name="os.version" value="6.0"/>
395
- </fingerprint>
396
-
397
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+((?:Debian|Ubuntu).+ubuntu.*)$">
398
- <description>OpenSSH running on Ubuntu</description>
399
- <param pos="1" name="service.version"/>
400
- <param pos="2" name="openssh.comment"/>
401
- <param pos="0" name="service.vendor" value="OpenBSD"/>
402
- <param pos="0" name="service.family" value="OpenSSH"/>
403
- <param pos="0" name="service.product" value="OpenSSH"/>
404
- <param pos="0" name="os.vendor" value="Ubuntu"/>
405
- <param pos="0" name="os.device" value="General"/>
406
- <param pos="0" name="os.family" value="Linux"/>
407
- <param pos="0" name="os.product" value="Linux"/>
408
- <param pos="0" name="os.certainty" value="0.75"/>
409
- </fingerprint>
410
-
411
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+etch.*)$">
412
- <description>OpenSSH running on Debian 4.0 (etch)</description>
413
- <param pos="1" name="service.version"/>
414
- <param pos="2" name="openssh.comment"/>
415
- <param pos="0" name="service.vendor" value="OpenBSD"/>
416
- <param pos="0" name="service.family" value="OpenSSH"/>
417
- <param pos="0" name="service.product" value="OpenSSH"/>
418
- <param pos="0" name="os.vendor" value="Debian"/>
419
- <param pos="0" name="os.device" value="General"/>
420
- <param pos="0" name="os.family" value="Linux"/>
421
- <param pos="0" name="os.product" value="Linux"/>
422
- <param pos="0" name="os.version" value="4.0"/>
423
- </fingerprint>
424
-
425
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+sarge.*)$">
426
- <description>OpenSSH running on Debian 3.1 (sarge)</description>
427
- <param pos="1" name="service.version"/>
428
- <param pos="2" name="openssh.comment"/>
429
- <param pos="0" name="service.vendor" value="OpenBSD"/>
430
- <param pos="0" name="service.family" value="OpenSSH"/>
431
- <param pos="0" name="service.product" value="OpenSSH"/>
432
- <param pos="0" name="os.vendor" value="Debian"/>
433
- <param pos="0" name="os.device" value="General"/>
434
- <param pos="0" name="os.family" value="Linux"/>
435
- <param pos="0" name="os.product" value="Linux"/>
436
- <param pos="0" name="os.version" value="3.1"/>
437
- </fingerprint>
438
-
439
- <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+woody.*)$">
440
- <description>OpenSSH running on Debian 3.0 (woody)</description>
441
- <param pos="1" name="service.version"/>
442
- <param pos="2" name="openssh.comment"/>
443
- <param pos="0" name="service.vendor" value="OpenBSD"/>
444
- <param pos="0" name="service.family" value="OpenSSH"/>
445
- <param pos="0" name="service.product" value="OpenSSH"/>
446
- <param pos="0" name="os.vendor" value="Debian"/>
447
- <param pos="0" name="os.device" value="General"/>
448
- <param pos="0" name="os.family" value="Linux"/>
449
- <param pos="0" name="os.product" value="Linux"/>
450
- <param pos="0" name="os.version" value="3.0"/>
451
- </fingerprint>
452
-
453
- <fingerprint pattern="^OpenSSH_(.*)\+(CAN-[0-9]{4}-[0-9]{4})$">
454
- <description>OpenSSH with CVE patch, as seen in Mac OS X</description>
455
- <param pos="1" name="service.version"/>
456
- <param pos="2" name="openssh.cvepatch"/>
457
- <param pos="0" name="service.vendor" value="OpenBSD"/>
458
- <param pos="0" name="service.family" value="OpenSSH"/>
459
- <param pos="0" name="service.product" value="OpenSSH"/>
460
- <param pos="0" name="os.vendor" value="Apple"/>
461
- <param pos="0" name="os.device" value="General"/>
462
- <param pos="0" name="os.family" value="Mac OS X"/>
463
- <param pos="0" name="os.product" value="Mac OS X"/>
464
- </fingerprint>
465
-
466
- <fingerprint pattern="^OpenSSH_(.*)_Mikrotik_v(.*)$">
467
- <description>OpenSSH on MikroTik</description>
468
- <param pos="1" name="service.version"/>
469
- <param pos="2" name="os.version"/>
470
- <param pos="0" name="service.vendor" value="OpenBSD"/>
471
- <param pos="0" name="service.family" value="OpenSSH"/>
472
- <param pos="0" name="service.product" value="OpenSSH"/>
473
- <param pos="0" name="os.vendor" value="MikroTik"/>
474
- <param pos="0" name="os.device" value="Router"/>
475
- <param pos="0" name="os.family" value="RouterOS"/>
476
- <param pos="0" name="os.product" value="RouterOS"/>
477
- </fingerprint>
478
-
479
- <fingerprint pattern="^OpenSSH_(.*) in DesktopAuthority (?:.*)$">
480
- <!-- OpenSSH_3.8 in DesktopAuthority 5.55.030 -->
481
- <description>DesktopAuthority SSH</description>
482
- <param pos="1" name="service.version"/>
483
- <param pos="0" name="service.vendor" value="OpenBSD"/>
484
- <param pos="0" name="service.family" value="OpenSSH"/>
485
- <param pos="0" name="service.product" value="OpenSSH"/>
486
- <param pos="0" name="os.vendor" value="Microsoft"/>
487
- <param pos="0" name="os.family" value="Windows"/>
488
- <param pos="0" name="os.product" value="Windows"/>
489
- </fingerprint>
490
-
491
- <fingerprint pattern="^OpenSSH_(\d+\.\d+(?:\.\d+)?(?:p\d+)?)$">
492
- <description>OpenSSH with just a version, no comment by vendor</description>
493
- <example service.version="5.9p1">OpenSSH_5.9p1</example>
494
- <example service.version="5.9">OpenSSH_5.9</example>
495
- <example service.version="3.8.1p1">OpenSSH_3.8.1p1</example>
496
- <example service.version="6.6.1">OpenSSH_6.6.1</example>
497
- <param pos="1" name="service.version"/>
498
- <param pos="0" name="service.vendor" value="OpenBSD"/>
499
- <param pos="0" name="service.family" value="OpenSSH"/>
500
- <param pos="0" name="service.product" value="OpenSSH"/>
501
- </fingerprint>
502
-
503
- <!-- SSH-1.99-OpenSSH_4.3p2-4.cern-hpn-CERN-4.3p2-4.cern -->
504
-
505
- <!--<fingerprint pattern="^OpenSSH_?([^\s]*)\s*(.*)$">
8
+ <!-- Honeypot SSH server banners are useless for fingerprinting -->
9
+ <fingerprint pattern="honeypot" flags="REG_ICASE">
10
+ <description>Honeypot SSH</description>
11
+ </fingerprint>
12
+ <fingerprint pattern="^RomSShell_([\d\.]+)$">
13
+ <description>Allegro RomSShell SSH</description>
14
+ <example service.version="4.62">RomSShell_4.62</example>
15
+ <param pos="0" name="service.vendor" value="Allegro Software"/>
16
+ <param pos="0" name="service.product" value="RomSShell"/>
17
+ <param pos="1" name="service.version"/>
18
+ </fingerprint>
19
+ <fingerprint pattern="^mpSSH_([\d\.]+)$">
20
+ <description>HP Integrated Lights Out (iLO) usually bundled with HP servers</description>
21
+ <example>mpSSH_0.0.1</example>
22
+ <param pos="0" name="service.vendor" value="HP"/>
23
+ <param pos="0" name="service.product" value="iLO"/>
24
+ <param pos="0" name="service.family" value="iLO"/>
25
+ <param pos="1" name="service.version"/>
26
+ <param pos="0" name="hw.vendor" value="HP"/>
27
+ <param pos="0" name="os.vendor" value="HP"/>
28
+ <param pos="0" name="os.product" value="iLO"/>
29
+ <param pos="0" name="os.family" value="iLO"/>
30
+ <param pos="0" name="os.device" value="Lights Out Management"/>
31
+ </fingerprint>
32
+ <fingerprint pattern="^Serv-U_([\d\.]+)$">
33
+ <description>Serv-U SSH</description>
34
+ <example>Serv-U_7.4.0.1</example>
35
+ <param pos="0" name="service.vendor" value="Rhino Software"/>
36
+ <param pos="0" name="service.product" value="Serv-U"/>
37
+ <param pos="1" name="service.version"/>
38
+ </fingerprint>
39
+ <fingerprint pattern="WS_FTP-SSH_([\d\.]+)$">
40
+ <description>WS_FTP Server with SSH</description>
41
+ <example>WS_FTP-SSH_6.1.1</example>
42
+ <example>WS_FTP-SSH_7.0</example>
43
+ <param pos="0" name="service.vendor" value="Ipswitch"/>
44
+ <param pos="0" name="service.product" value="WS_FTP"/>
45
+ <param pos="1" name="service.version"/>
46
+ </fingerprint>
47
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(FreeBSD[ -].*)$">
48
+ <description>OpenSSH running on FreeBSD</description>
49
+ <param pos="1" name="service.version"/>
50
+ <param pos="2" name="openssh.comment"/>
51
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
52
+ <param pos="0" name="service.family" value="OpenSSH"/>
53
+ <param pos="0" name="service.product" value="OpenSSH"/>
54
+ <param pos="0" name="os.vendor" value="FreeBSD"/>
55
+ <param pos="0" name="os.device" value="General"/>
56
+ <param pos="0" name="os.family" value="FreeBSD"/>
57
+ <param pos="0" name="os.product" value="FreeBSD"/>
58
+ </fingerprint>
59
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(NetBSD[ -].*)$">
60
+ <description>OpenSSH running on NetBSD</description>
61
+ <param pos="1" name="service.version"/>
62
+ <param pos="2" name="openssh.comment"/>
63
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
64
+ <param pos="0" name="service.family" value="OpenSSH"/>
65
+ <param pos="0" name="service.product" value="OpenSSH"/>
66
+ <param pos="0" name="os.vendor" value="NetBSD"/>
67
+ <param pos="0" name="os.device" value="General"/>
68
+ <param pos="0" name="os.family" value="NetBSD"/>
69
+ <param pos="0" name="os.product" value="NetBSD"/>
70
+ </fingerprint>
71
+ <fingerprint pattern="^OpenSSH_(4\.1p1) (Debian-7ubuntu\d+(?:\.\d+)?)$">
72
+ <description>OpenSSH running on Ubuntu 5.10</description>
73
+ <example>OpenSSH_4.1p1 Debian-7ubuntu4</example>
74
+ <param pos="1" name="service.version"/>
75
+ <param pos="2" name="openssh.comment"/>
76
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
77
+ <param pos="0" name="service.family" value="OpenSSH"/>
78
+ <param pos="0" name="service.product" value="OpenSSH"/>
79
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
80
+ <param pos="0" name="os.device" value="General"/>
81
+ <param pos="0" name="os.family" value="Linux"/>
82
+ <param pos="0" name="os.product" value="Linux"/>
83
+ <param pos="0" name="os.version" value="5.10"/>
84
+ </fingerprint>
85
+ <fingerprint pattern="^OpenSSH_(4\.2p1) (Debian-7ubuntu\d+(?:\.\d+)?)$">
86
+ <description>OpenSSH running on Ubuntu 6.04</description>
87
+ <example>OpenSSH_4.2p1 Debian-7ubuntu3.1</example>
88
+ <example>OpenSSH_4.2p1 Debian-7ubuntu3.2</example>
89
+ <param pos="1" name="service.version"/>
90
+ <param pos="2" name="openssh.comment"/>
91
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
92
+ <param pos="0" name="service.family" value="OpenSSH"/>
93
+ <param pos="0" name="service.product" value="OpenSSH"/>
94
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
95
+ <param pos="0" name="os.device" value="General"/>
96
+ <param pos="0" name="os.family" value="Linux"/>
97
+ <param pos="0" name="os.product" value="Linux"/>
98
+ <param pos="0" name="os.version" value="6.04"/>
99
+ </fingerprint>
100
+ <fingerprint pattern="^OpenSSH_(4\.3p2) (Debian-8ubuntu\d+(?:\.\d+)?)$">
101
+ <description>OpenSSH running on Ubuntu 7.04</description>
102
+ <example>OpenSSH_4.3p2 Debian-8ubuntu1.4</example>
103
+ <param pos="1" name="service.version"/>
104
+ <param pos="2" name="openssh.comment"/>
105
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
106
+ <param pos="0" name="service.family" value="OpenSSH"/>
107
+ <param pos="0" name="service.product" value="OpenSSH"/>
108
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
109
+ <param pos="0" name="os.device" value="General"/>
110
+ <param pos="0" name="os.family" value="Linux"/>
111
+ <param pos="0" name="os.product" value="Linux"/>
112
+ <param pos="0" name="os.version" value="7.04"/>
113
+ </fingerprint>
114
+ <fingerprint pattern="^OpenSSH_(4\.6p1) (Debian-5ubuntu\d+(?:\.\d+)?)$">
115
+ <description>OpenSSH running on Ubuntu 7.10</description>
116
+ <example>OpenSSH_4.6p1 Debian-5ubuntu0.2</example>
117
+ <example>OpenSSH_4.6p1 Debian-5ubuntu0.5</example>
118
+ <example>OpenSSH_4.6p1 Debian-5ubuntu0.6</example>
119
+ <param pos="1" name="service.version"/>
120
+ <param pos="2" name="openssh.comment"/>
121
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
122
+ <param pos="0" name="service.family" value="OpenSSH"/>
123
+ <param pos="0" name="service.product" value="OpenSSH"/>
124
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
125
+ <param pos="0" name="os.device" value="General"/>
126
+ <param pos="0" name="os.family" value="Linux"/>
127
+ <param pos="0" name="os.product" value="Linux"/>
128
+ <param pos="0" name="os.version" value="7.10"/>
129
+ </fingerprint>
130
+ <fingerprint pattern="^OpenSSH_(4\.6p1) (Debian-5build1)$">
131
+ <description>OpenSSH running on very early versions of Ubuntu 7.10</description>
132
+ <example service.version="4.6p1" openssh.comment="Debian-5build1">OpenSSH_4.6p1 Debian-5build1</example>
133
+ <param pos="1" name="service.version"/>
134
+ <param pos="2" name="openssh.comment"/>
135
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
136
+ <param pos="0" name="service.family" value="OpenSSH"/>
137
+ <param pos="0" name="service.product" value="OpenSSH"/>
138
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
139
+ <param pos="0" name="os.device" value="General"/>
140
+ <param pos="0" name="os.family" value="Linux"/>
141
+ <param pos="0" name="os.product" value="Linux"/>
142
+ <param pos="0" name="os.version" value="7.10"/>
143
+ </fingerprint>
144
+ <fingerprint pattern="^OpenSSH_(4\.7p1) (Debian-8ubuntu\d+(?:\.\d+)?)$">
145
+ <description>OpenSSH running on Ubuntu 8.04</description>
146
+ <example service.version="4.7p1" openssh.comment="Debian-8ubuntu1.2">OpenSSH_4.7p1 Debian-8ubuntu1.2</example>
147
+ <example service.version="4.7p1" openssh.comment="Debian-8ubuntu3">OpenSSH_4.7p1 Debian-8ubuntu3</example>
148
+ <param pos="1" name="service.version"/>
149
+ <param pos="2" name="openssh.comment"/>
150
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
151
+ <param pos="0" name="service.family" value="OpenSSH"/>
152
+ <param pos="0" name="service.product" value="OpenSSH"/>
153
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
154
+ <param pos="0" name="os.device" value="General"/>
155
+ <param pos="0" name="os.family" value="Linux"/>
156
+ <param pos="0" name="os.product" value="Linux"/>
157
+ <param pos="0" name="os.version" value="8.04"/>
158
+ </fingerprint>
159
+ <fingerprint pattern="^OpenSSH_(5\.1p1) (Debian-3ubuntu\d+(?:\.\d+)?)$">
160
+ <description>OpenSSH running on Ubuntu 8.10</description>
161
+ <example>OpenSSH_5.1p1 Debian-3ubuntu1</example>
162
+ <param pos="1" name="service.version"/>
163
+ <param pos="2" name="openssh.comment"/>
164
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
165
+ <param pos="0" name="service.family" value="OpenSSH"/>
166
+ <param pos="0" name="service.product" value="OpenSSH"/>
167
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
168
+ <param pos="0" name="os.device" value="General"/>
169
+ <param pos="0" name="os.family" value="Linux"/>
170
+ <param pos="0" name="os.product" value="Linux"/>
171
+ <param pos="0" name="os.version" value="8.10"/>
172
+ </fingerprint>
173
+ <fingerprint pattern="^OpenSSH_(5\.1p1) (Debian-5ubuntu\d+(?:\.\d+)?)$">
174
+ <description>OpenSSH running on Ubuntu 9.04</description>
175
+ <example>OpenSSH_5.1p1 Debian-5ubuntu1</example>
176
+ <param pos="1" name="service.version"/>
177
+ <param pos="2" name="openssh.comment"/>
178
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
179
+ <param pos="0" name="service.family" value="OpenSSH"/>
180
+ <param pos="0" name="service.product" value="OpenSSH"/>
181
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
182
+ <param pos="0" name="os.device" value="General"/>
183
+ <param pos="0" name="os.family" value="Linux"/>
184
+ <param pos="0" name="os.product" value="Linux"/>
185
+ <param pos="0" name="os.version" value="9.04"/>
186
+ </fingerprint>
187
+ <fingerprint pattern="^OpenSSH_(5\.1p1) (Debian-6ubuntu\d+(?:\.\d+)?)$">
188
+ <description>OpenSSH running on Ubuntu 9.10</description>
189
+ <example>OpenSSH_5.1p1 Debian-6ubuntu2</example>
190
+ <param pos="1" name="service.version"/>
191
+ <param pos="2" name="openssh.comment"/>
192
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
193
+ <param pos="0" name="service.family" value="OpenSSH"/>
194
+ <param pos="0" name="service.product" value="OpenSSH"/>
195
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
196
+ <param pos="0" name="os.device" value="General"/>
197
+ <param pos="0" name="os.family" value="Linux"/>
198
+ <param pos="0" name="os.product" value="Linux"/>
199
+ <param pos="0" name="os.version" value="9.10"/>
200
+ </fingerprint>
201
+ <fingerprint pattern="^OpenSSH_(5\.3p1) (Debian-3ubuntu\d+(?:\.\d+)?)$">
202
+ <description>OpenSSH running on Ubuntu 10.04 (lucid)</description>
203
+ <example service.version="5.3p1" openssh.comment="Debian-3ubuntu3">OpenSSH_5.3p1 Debian-3ubuntu3</example>
204
+ <example service.version="5.3p1" openssh.comment="Debian-3ubuntu4">OpenSSH_5.3p1 Debian-3ubuntu4</example>
205
+ <example service.version="5.3p1" openssh.comment="Debian-3ubuntu5">OpenSSH_5.3p1 Debian-3ubuntu5</example>
206
+ <example service.version="5.3p1" openssh.comment="Debian-3ubuntu6">OpenSSH_5.3p1 Debian-3ubuntu6</example>
207
+ <example service.version="5.3p1" openssh.comment="Debian-3ubuntu7">OpenSSH_5.3p1 Debian-3ubuntu7</example>
208
+ <example service.version="5.3p1" openssh.comment="Debian-3ubuntu7.1">OpenSSH_5.3p1 Debian-3ubuntu7.1</example>
209
+ <param pos="1" name="service.version"/>
210
+ <param pos="2" name="openssh.comment"/>
211
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
212
+ <param pos="0" name="service.family" value="OpenSSH"/>
213
+ <param pos="0" name="service.product" value="OpenSSH"/>
214
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
215
+ <param pos="0" name="os.device" value="General"/>
216
+ <param pos="0" name="os.family" value="Linux"/>
217
+ <param pos="0" name="os.product" value="Linux"/>
218
+ <param pos="0" name="os.version" value="10.04"/>
219
+ </fingerprint>
220
+ <fingerprint pattern="^OpenSSH_(5\.5p1) (Debian-4ubuntu\d+(?:\.\d+)?)$">
221
+ <description>OpenSSH running on Ubuntu 10.10</description>
222
+ <example service.version="5.5p1" openssh.comment="Debian-4ubuntu4">OpenSSH_5.5p1 Debian-4ubuntu4</example>
223
+ <example service.version="5.5p1" openssh.comment="Debian-4ubuntu5">OpenSSH_5.5p1 Debian-4ubuntu5</example>
224
+ <example service.version="5.5p1" openssh.comment="Debian-4ubuntu6">OpenSSH_5.5p1 Debian-4ubuntu6</example>
225
+ <param pos="1" name="service.version"/>
226
+ <param pos="2" name="openssh.comment"/>
227
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
228
+ <param pos="0" name="service.family" value="OpenSSH"/>
229
+ <param pos="0" name="service.product" value="OpenSSH"/>
230
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
231
+ <param pos="0" name="os.device" value="General"/>
232
+ <param pos="0" name="os.family" value="Linux"/>
233
+ <param pos="0" name="os.product" value="Linux"/>
234
+ <param pos="0" name="os.version" value="10.10"/>
235
+ </fingerprint>
236
+ <fingerprint pattern="^OpenSSH_(5\.8p1) (Debian-1ubuntu\d(?:\.\d)?)$">
237
+ <description>OpenSSH running on Ubuntu 11.04</description>
238
+ <example>OpenSSH_5.8p1 Debian-1ubuntu3</example>
239
+ <param pos="1" name="service.version"/>
240
+ <param pos="2" name="openssh.comment"/>
241
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
242
+ <param pos="0" name="service.family" value="OpenSSH"/>
243
+ <param pos="0" name="service.product" value="OpenSSH"/>
244
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
245
+ <param pos="0" name="os.device" value="General"/>
246
+ <param pos="0" name="os.family" value="Linux"/>
247
+ <param pos="0" name="os.product" value="Linux"/>
248
+ <param pos="0" name="os.version" value="11.04"/>
249
+ </fingerprint>
250
+ <fingerprint pattern="^OpenSSH_(5\.8p1) (Debian-7ubuntu\d(?:\.\d)?)$">
251
+ <description>OpenSSH running on Ubuntu 11.10</description>
252
+ <example>OpenSSH_5.8p1 Debian-7ubuntu1</example>
253
+ <param pos="1" name="service.version"/>
254
+ <param pos="2" name="openssh.comment"/>
255
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
256
+ <param pos="0" name="service.family" value="OpenSSH"/>
257
+ <param pos="0" name="service.product" value="OpenSSH"/>
258
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
259
+ <param pos="0" name="os.device" value="General"/>
260
+ <param pos="0" name="os.family" value="Linux"/>
261
+ <param pos="0" name="os.product" value="Linux"/>
262
+ <param pos="0" name="os.version" value="11.10"/>
263
+ </fingerprint>
264
+ <fingerprint pattern="^OpenSSH_(5\.9p1) (Debian-5ubuntu\d(?:\.\d)?)$">
265
+ <description>OpenSSH running on Ubuntu 12.04</description>
266
+ <example service.version="5.9p1" openssh.comment="Debian-5ubuntu1">OpenSSH_5.9p1 Debian-5ubuntu1</example>
267
+ <example service.version="5.9p1" openssh.comment="Debian-5ubuntu1.4">OpenSSH_5.9p1 Debian-5ubuntu1.4</example>
268
+ <param pos="1" name="service.version"/>
269
+ <param pos="2" name="openssh.comment"/>
270
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
271
+ <param pos="0" name="service.family" value="OpenSSH"/>
272
+ <param pos="0" name="service.product" value="OpenSSH"/>
273
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
274
+ <param pos="0" name="os.device" value="General"/>
275
+ <param pos="0" name="os.family" value="Linux"/>
276
+ <param pos="0" name="os.product" value="Linux"/>
277
+ <param pos="0" name="os.version" value="12.04"/>
278
+ </fingerprint>
279
+ <fingerprint pattern="^OpenSSH_(6\.0p1) (Debian-3ubuntu\d(?:\.\d)?)$">
280
+ <description>OpenSSH running on Ubuntu 12.10</description>
281
+ <example>OpenSSH_6.0p1 Debian-3ubuntu1</example>
282
+ <param pos="1" name="service.version"/>
283
+ <param pos="2" name="openssh.comment"/>
284
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
285
+ <param pos="0" name="service.family" value="OpenSSH"/>
286
+ <param pos="0" name="service.product" value="OpenSSH"/>
287
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
288
+ <param pos="0" name="os.device" value="General"/>
289
+ <param pos="0" name="os.family" value="Linux"/>
290
+ <param pos="0" name="os.product" value="Linux"/>
291
+ <param pos="0" name="os.version" value="12.10"/>
292
+ </fingerprint>
293
+ <fingerprint pattern="^OpenSSH_(6\.1p1) (Debian-4)$">
294
+ <description>OpenSSH running on Ubuntu 13.04</description>
295
+ <example>OpenSSH_6.1p1 Debian-4</example>
296
+ <param pos="1" name="service.version"/>
297
+ <param pos="2" name="openssh.comment"/>
298
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
299
+ <param pos="0" name="service.family" value="OpenSSH"/>
300
+ <param pos="0" name="service.product" value="OpenSSH"/>
301
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
302
+ <param pos="0" name="os.device" value="General"/>
303
+ <param pos="0" name="os.family" value="Linux"/>
304
+ <param pos="0" name="os.product" value="Linux"/>
305
+ <param pos="0" name="os.version" value="13.04"/>
306
+ </fingerprint>
307
+ <fingerprint pattern="^OpenSSH_(6\.6(?:\.\d)?p1) (Ubuntu-2ubuntu\d+(?:\.\d+)?)$">
308
+ <description>OpenSSH running on Ubuntu 14.04</description>
309
+ <example service.version="6.6p1" openssh.comment="Ubuntu-2ubuntu1">OpenSSH_6.6p1 Ubuntu-2ubuntu1</example>
310
+ <example service.version="6.6.1p1" openssh.comment="Ubuntu-2ubuntu2">OpenSSH_6.6.1p1 Ubuntu-2ubuntu2</example>
311
+ <param pos="1" name="service.version"/>
312
+ <param pos="2" name="openssh.comment"/>
313
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
314
+ <param pos="0" name="service.family" value="OpenSSH"/>
315
+ <param pos="0" name="service.product" value="OpenSSH"/>
316
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
317
+ <param pos="0" name="os.device" value="General"/>
318
+ <param pos="0" name="os.family" value="Linux"/>
319
+ <param pos="0" name="os.product" value="Linux"/>
320
+ <param pos="0" name="os.version" value="14.04"/>
321
+ </fingerprint>
322
+ <fingerprint pattern="^OpenSSH_(6\.7p1) (Ubuntu-5ubuntu\d(?:\.\d)?)$">
323
+ <description>OpenSSH running on Ubuntu 15.04 (vivid)</description>
324
+ <example service.version="6.7p1" openssh.comment="Ubuntu-5ubuntu1">OpenSSH_6.7p1 Ubuntu-5ubuntu1</example>
325
+ <param pos="1" name="service.version"/>
326
+ <param pos="2" name="openssh.comment"/>
327
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
328
+ <param pos="0" name="service.family" value="OpenSSH"/>
329
+ <param pos="0" name="service.product" value="OpenSSH"/>
330
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
331
+ <param pos="0" name="os.device" value="General"/>
332
+ <param pos="0" name="os.family" value="Linux"/>
333
+ <param pos="0" name="os.product" value="Linux"/>
334
+ <param pos="0" name="os.version" value="15.04"/>
335
+ </fingerprint>
336
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian-4(?:\+deb7u\d+)?)$">
337
+ <description>OpenSSH running on Debian 7.x (wheezy)</description>
338
+ <example service.version="6.0p1" openssh.comment="Debian-4">OpenSSH_6.0p1 Debian-4</example>
339
+ <example service.version="6.0p1" openssh.comment="Debian-4+deb7u1">OpenSSH_6.0p1 Debian-4+deb7u1</example>
340
+ <example service.version="6.0p1" openssh.comment="Debian-4+deb7u2">OpenSSH_6.0p1 Debian-4+deb7u2</example>
341
+ <param pos="1" name="service.version"/>
342
+ <param pos="2" name="openssh.comment"/>
343
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
344
+ <param pos="0" name="service.family" value="OpenSSH"/>
345
+ <param pos="0" name="service.product" value="OpenSSH"/>
346
+ <param pos="0" name="os.vendor" value="Debian"/>
347
+ <param pos="0" name="os.device" value="General"/>
348
+ <param pos="0" name="os.family" value="Linux"/>
349
+ <param pos="0" name="os.product" value="Linux"/>
350
+ <param pos="0" name="os.version" value="7.0"/>
351
+ </fingerprint>
352
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+squeeze.*)$">
353
+ <description>OpenSSH running on Debian 6.0 (squeeze)</description>
354
+ <example service.version="5.5p1" openssh.comment="Debian-6+squeeze4">OpenSSH_5.5p1 Debian-6+squeeze4</example>
355
+ <param pos="1" name="service.version"/>
356
+ <param pos="2" name="openssh.comment"/>
357
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
358
+ <param pos="0" name="service.family" value="OpenSSH"/>
359
+ <param pos="0" name="service.product" value="OpenSSH"/>
360
+ <param pos="0" name="os.vendor" value="Debian"/>
361
+ <param pos="0" name="os.device" value="General"/>
362
+ <param pos="0" name="os.family" value="Linux"/>
363
+ <param pos="0" name="os.product" value="Linux"/>
364
+ <param pos="0" name="os.version" value="6.0"/>
365
+ </fingerprint>
366
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+((?:Debian|Ubuntu).+ubuntu.*)$">
367
+ <description>OpenSSH running on Ubuntu</description>
368
+ <param pos="1" name="service.version"/>
369
+ <param pos="2" name="openssh.comment"/>
370
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
371
+ <param pos="0" name="service.family" value="OpenSSH"/>
372
+ <param pos="0" name="service.product" value="OpenSSH"/>
373
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
374
+ <param pos="0" name="os.device" value="General"/>
375
+ <param pos="0" name="os.family" value="Linux"/>
376
+ <param pos="0" name="os.product" value="Linux"/>
377
+ <param pos="0" name="os.certainty" value="0.75"/>
378
+ </fingerprint>
379
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+etch.*)$">
380
+ <description>OpenSSH running on Debian 4.0 (etch)</description>
381
+ <param pos="1" name="service.version"/>
382
+ <param pos="2" name="openssh.comment"/>
383
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
384
+ <param pos="0" name="service.family" value="OpenSSH"/>
385
+ <param pos="0" name="service.product" value="OpenSSH"/>
386
+ <param pos="0" name="os.vendor" value="Debian"/>
387
+ <param pos="0" name="os.device" value="General"/>
388
+ <param pos="0" name="os.family" value="Linux"/>
389
+ <param pos="0" name="os.product" value="Linux"/>
390
+ <param pos="0" name="os.version" value="4.0"/>
391
+ </fingerprint>
392
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+sarge.*)$">
393
+ <description>OpenSSH running on Debian 3.1 (sarge)</description>
394
+ <param pos="1" name="service.version"/>
395
+ <param pos="2" name="openssh.comment"/>
396
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
397
+ <param pos="0" name="service.family" value="OpenSSH"/>
398
+ <param pos="0" name="service.product" value="OpenSSH"/>
399
+ <param pos="0" name="os.vendor" value="Debian"/>
400
+ <param pos="0" name="os.device" value="General"/>
401
+ <param pos="0" name="os.family" value="Linux"/>
402
+ <param pos="0" name="os.product" value="Linux"/>
403
+ <param pos="0" name="os.version" value="3.1"/>
404
+ </fingerprint>
405
+ <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Debian.+woody.*)$">
406
+ <description>OpenSSH running on Debian 3.0 (woody)</description>
407
+ <param pos="1" name="service.version"/>
408
+ <param pos="2" name="openssh.comment"/>
409
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
410
+ <param pos="0" name="service.family" value="OpenSSH"/>
411
+ <param pos="0" name="service.product" value="OpenSSH"/>
412
+ <param pos="0" name="os.vendor" value="Debian"/>
413
+ <param pos="0" name="os.device" value="General"/>
414
+ <param pos="0" name="os.family" value="Linux"/>
415
+ <param pos="0" name="os.product" value="Linux"/>
416
+ <param pos="0" name="os.version" value="3.0"/>
417
+ </fingerprint>
418
+ <fingerprint pattern="^OpenSSH_(.*)\+(CAN-[0-9]{4}-[0-9]{4})$">
419
+ <description>OpenSSH with CVE patch, as seen in Mac OS X</description>
420
+ <param pos="1" name="service.version"/>
421
+ <param pos="2" name="openssh.cvepatch"/>
422
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
423
+ <param pos="0" name="service.family" value="OpenSSH"/>
424
+ <param pos="0" name="service.product" value="OpenSSH"/>
425
+ <param pos="0" name="os.vendor" value="Apple"/>
426
+ <param pos="0" name="os.device" value="General"/>
427
+ <param pos="0" name="os.family" value="Mac OS X"/>
428
+ <param pos="0" name="os.product" value="Mac OS X"/>
429
+ </fingerprint>
430
+ <fingerprint pattern="^OpenSSH_(.*)_Mikrotik_v(.*)$">
431
+ <description>OpenSSH on MikroTik</description>
432
+ <param pos="1" name="service.version"/>
433
+ <param pos="2" name="os.version"/>
434
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
435
+ <param pos="0" name="service.family" value="OpenSSH"/>
436
+ <param pos="0" name="service.product" value="OpenSSH"/>
437
+ <param pos="0" name="os.vendor" value="MikroTik"/>
438
+ <param pos="0" name="os.device" value="Router"/>
439
+ <param pos="0" name="os.family" value="RouterOS"/>
440
+ <param pos="0" name="os.product" value="RouterOS"/>
441
+ </fingerprint>
442
+ <fingerprint pattern="^OpenSSH_(.*) in DesktopAuthority (?:.*)$">
443
+ <description>DesktopAuthority SSH</description>
444
+ <param pos="1" name="service.version"/>
445
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
446
+ <param pos="0" name="service.family" value="OpenSSH"/>
447
+ <param pos="0" name="service.product" value="OpenSSH"/>
448
+ <param pos="0" name="os.vendor" value="Microsoft"/>
449
+ <param pos="0" name="os.family" value="Windows"/>
450
+ <param pos="0" name="os.product" value="Windows"/>
451
+ </fingerprint>
452
+ <fingerprint pattern="^OpenSSH_(\d+\.\d+(?:\.\d+)?(?:p\d+)?)$">
453
+ <description>OpenSSH with just a version, no comment by vendor</description>
454
+ <example service.version="5.9p1">OpenSSH_5.9p1</example>
455
+ <example service.version="5.9">OpenSSH_5.9</example>
456
+ <example service.version="3.8.1p1">OpenSSH_3.8.1p1</example>
457
+ <example service.version="6.6.1">OpenSSH_6.6.1</example>
458
+ <param pos="1" name="service.version"/>
459
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
460
+ <param pos="0" name="service.family" value="OpenSSH"/>
461
+ <param pos="0" name="service.product" value="OpenSSH"/>
462
+ </fingerprint>
463
+ <!-- SSH-1.99-OpenSSH_4.3p2-4.cern-hpn-CERN-4.3p2-4.cern -->
464
+ <!--<fingerprint pattern="^OpenSSH_?([^\s]*)\s*(.*)$">
506
465
  <description>Catch all for OpenSSH based SSH servers
507
466
  ******************** NOTE ********************
508
467
  Be sure to put any specific OpenSSH derivative
@@ -515,375 +474,334 @@ fingerprint SSH servers.
515
474
  <param pos="0" name="service.family" value="OpenSSH"/>
516
475
  <param pos="0" name="service.product" value="OpenSSH"/>
517
476
  </fingerprint>-->
518
-
519
- <!-- TODO: Handle "vpn3" banners for Cisco 3000 VPN Concentrators (need example banners first) -->
520
-
521
- <fingerprint pattern="^Cisco-(.*)$">
522
- <description>Cisco SSH banner (could be IOS or PIX).
477
+ <!-- TODO: Handle "vpn3" banners for Cisco 3000 VPN Concentrators (need example banners first) -->
478
+ <fingerprint pattern="^Cisco-(.*)$">
479
+ <description>Cisco SSH banner (could be IOS or PIX).
523
480
  The version always seems to be 1.25</description>
524
- <param pos="1" name="service.version"/>
525
- <param pos="0" name="service.vendor" value="Cisco"/>
526
- <param pos="0" name="service.product" value="SSH"/>
527
- <param pos="0" name="os.vendor" value="Cisco"/>
528
- <!-- temporary workaround for NEX-2123: assume it is IOS -->
529
- <param pos="0" name="os.product" value="IOS"/>
530
- <param pos="0" name="os.certainty" value="0.8"/>
531
- </fingerprint>
532
-
533
- <fingerprint pattern="^CISCO_WLC$">
534
- <description>SSH banner from a Cisco Wireless LAN Controller (WLC)</description>
535
- <example>CISCO_WLC</example>
536
- <param pos="0" name="service.vendor" value="Cisco"/>
537
- <param pos="0" name="service.product" value="SSH"/>
538
- <param pos="0" name="os.vendor" value="Cisco"/>
539
- <param pos="0" name="os.product" value="Wireless LAN Controller"/>
540
- </fingerprint>
541
-
542
- <fingerprint pattern="^Sun_SSH_(.*)$">
543
- <description>Sun SSH banner</description>
544
- <param pos="1" name="service.version"/>
545
- <param pos="0" name="service.vendor" value="Sun"/>
546
- <param pos="0" name="service.product" value="SSH"/>
547
- <param pos="0" name="os.vendor" value="Sun"/>
548
- <param pos="0" name="os.family" value="Solaris"/>
549
- <param pos="0" name="os.product" value="Solaris"/>
550
- </fingerprint>
551
-
552
- <fingerprint pattern="^SSH Protocol Compatible Server SCS (.*)$">
553
- <description>Netscreen</description>
554
- <param pos="1" name="service.version"/>
555
- <param pos="0" name="service.vendor" value="Juniper"/>
556
- <param pos="0" name="service.family" value="NetScreen"/>
557
- <param pos="0" name="service.product" value="NetScreen"/>
558
- <param pos="0" name="os.vendor" value="Juniper"/>
559
- <param pos="0" name="os.device" value="Firewall"/>
560
- <param pos="0" name="os.family" value="ScreenOS"/>
561
- <param pos="0" name="os.product" value="ScreenOS"/>
562
- </fingerprint>
563
-
564
- <fingerprint pattern="^NetScreen$">
565
- <description>Netscreen</description>
566
- <param pos="0" name="service.vendor" value="Juniper"/>
567
- <param pos="0" name="service.family" value="NetScreen"/>
568
- <param pos="0" name="service.product" value="NetScreen"/>
569
- <param pos="0" name="os.vendor" value="Juniper"/>
570
- <param pos="0" name="os.device" value="Firewall"/>
571
- <param pos="0" name="os.family" value="ScreenOS"/>
572
- <param pos="0" name="os.product" value="ScreenOS"/>
573
- </fingerprint>
574
-
575
- <fingerprint pattern="^(?:HUAWEI-VRP-?|VRP-)(.*)$">
576
- <description>Huawei Versatile Routing Platform (VRP)</description>
577
- <example os.version="3.10" service.version="3.10">HUAWEI-VRP-3.10</example>
578
- <param pos="0" name="service.vendor" value="Huawei"/>
579
- <param pos="0" name="service.family" value="VRP"/>
580
- <param pos="0" name="service.product" value="VRP"/>
581
- <param pos="1" name="service.version"/>
582
- <param pos="0" name="os.vendor" value="Huawei"/>
583
- <param pos="0" name="os.device" value="Router"/>
584
- <param pos="0" name="os.family" value="VRP"/>
585
- <param pos="0" name="os.product" value="VRP"/>
586
- <param pos="1" name="os.version"/>
587
- </fingerprint>
588
-
589
- <fingerprint pattern="^([^\s]+) sshlib: GlobalScape$">
590
- <description>GlobalScape SSH (which uses Bitvise sshlib)</description>
591
- <param pos="1" name="service.component.version"/>
592
- <param pos="0" name="service.component.vendor" value="Bitvise"/>
593
- <param pos="0" name="service.component.family" value="sshlib"/>
594
- <param pos="0" name="service.component.product" value="sshlib"/>
595
- <param pos="0" name="service.vendor" value="GlobalScape"/>
596
- <param pos="0" name="service.family" value="Secure FTP Server"/>
597
- <param pos="0" name="service.product" value="Secure FTP Server"/>
598
- <param pos="0" name="os.vendor" value="Microsoft"/>
599
- <param pos="0" name="os.family" value="Windows"/>
600
- <param pos="0" name="os.product" value="Windows"/>
601
- </fingerprint>
602
-
603
- <fingerprint pattern="^([^\s]+) sshlib: WinSSHD (.*)$">
604
- <description>Bitvise WinSSHD (which uses Bitvise sshlib)</description>
605
- <param pos="1" name="service.component.version"/>
606
- <param pos="2" name="service.version"/>
607
- <param pos="0" name="service.component.vendor" value="Bitvise"/>
608
- <param pos="0" name="service.component.family" value="sshlib"/>
609
- <param pos="0" name="service.component.product" value="sshlib"/>
610
- <param pos="0" name="service.vendor" value="Bitvise"/>
611
- <param pos="0" name="service.family" value="WinSSHD"/>
612
- <param pos="0" name="service.product" value="WinSSHD"/>
613
- <param pos="0" name="os.vendor" value="Microsoft"/>
614
- <param pos="0" name="os.family" value="Windows"/>
615
- <param pos="0" name="os.product" value="Windows"/>
616
- </fingerprint>
617
-
618
- <fingerprint pattern="^([^\s]+) FlowSsh: (?:Bitvise SSH Server \(WinSSHD\)|WinSSHD) ([\d\.]+):?.*$">
619
- <description>Bitvise WinSSHD (which uses Bitvise flowssh)</description>
620
- <example service.version="5.09" service.component.version="1.03">1.03 FlowSsh: WinSSHD 5.09</example>
621
- <example service.version="5.20" service.component.version="1.07">1.07 FlowSsh: WinSSHD 5.20: free only for personal non-commercial use</example>
622
- <example service.version="6.03" service.component.version="5.21">5.21 FlowSsh: Bitvise SSH Server (WinSSHD) 6.03: free only for personal non-commercial use</example>
623
- <param pos="1" name="service.component.version"/>
624
- <param pos="2" name="service.version"/>
625
- <param pos="0" name="service.component.vendor" value="Bitvise"/>
626
- <param pos="0" name="service.component.family" value="flowssh"/>
627
- <param pos="0" name="service.component.product" value="flowssh"/>
628
- <param pos="0" name="service.vendor" value="Bitvise"/>
629
- <param pos="0" name="service.family" value="WinSSHD"/>
630
- <param pos="0" name="service.product" value="WinSSHD"/>
631
- <param pos="0" name="os.vendor" value="Microsoft"/>
632
- <param pos="0" name="os.family" value="Windows"/>
633
- <param pos="0" name="os.product" value="Windows"/>
634
- </fingerprint>
635
-
636
- <fingerprint pattern="^([^\s]+) sshlib: MOVEit DMZ SSH (.*)$">
637
- <description>MOVEit DMZ (which uses Bitvise sshlib)</description>
638
- <param pos="1" name="service.component.version"/>
639
- <param pos="2" name="service.version"/>
640
- <param pos="0" name="service.component.vendor" value="Bitvise"/>
641
- <param pos="0" name="service.component.family" value="sshlib"/>
642
- <param pos="0" name="service.component.product" value="sshlib"/>
643
- <param pos="0" name="service.vendor" value="Standard Networks"/>
644
- <param pos="0" name="service.family" value="MOVEit DMZ"/>
645
- <param pos="0" name="service.product" value="MOVEit DMZ"/>
646
- <param pos="0" name="os.vendor" value="Microsoft"/>
647
- <param pos="0" name="os.family" value="Windows"/>
648
- <param pos="0" name="os.product" value="Windows"/>
649
- </fingerprint>
650
-
651
- <fingerprint pattern="^Pragma SecureShell\s*(.*)$">
652
- <description>Pragma SecureShell</description>
653
- <param pos="1" name="service.version"/>
654
- <param pos="0" name="service.vendor" value="Pragma Systems"/>
655
- <param pos="0" name="service.family" value="FortressSSH Server"/>
656
- <param pos="0" name="service.product" value="FortressSSH Server"/>
657
- <param pos="0" name="os.vendor" value="Microsoft"/>
658
- <param pos="0" name="os.family" value="Windows"/>
659
- <param pos="0" name="os.product" value="Windows"/>
660
- </fingerprint>
661
-
662
- <fingerprint pattern="^VShell_(?:Special_Edition_)?(\d+)_(\d+)_(\d+)_(\d+) VShell$">
663
- <description>VanDyke VShell</description>
664
- <example service.version="3" service.version.version="6" service.version.version.version="2" service.version.version.version.version="446">VShell_3_6_2_446 VShell</example>
665
- <example service.version="2" service.version.version="5" service.version.version.version="0" service.version.version.version.version="204">VShell_Special_Edition_2_5_0_204 VShell</example>
666
- <param pos="1" name="service.version"/>
667
- <param pos="2" name="service.version.version"/>
668
- <param pos="3" name="service.version.version.version"/>
669
- <param pos="4" name="service.version.version.version.version"/>
670
- <param pos="0" name="service.vendor" value="VanDyke Software"/>
671
- <param pos="0" name="service.family" value="VShell"/>
672
- <param pos="0" name="service.product" value="VShell"/>
673
- </fingerprint>
674
-
675
- <fingerprint pattern="^([\s]*)\s*VShell$">
676
- <description>VanDyke VShell</description>
677
- <param pos="1" name="service.version"/>
678
- <param pos="0" name="service.vendor" value="VanDyke Software"/>
679
- <param pos="0" name="service.family" value="VShell"/>
680
- <param pos="0" name="service.product" value="VShell"/>
681
- </fingerprint>
682
-
683
- <fingerprint pattern="^WRQReflectionForSecureIT_(.*)$">
684
- <description>Attachmate Reflection (formerly WRQ Reflection for Secure IT)
481
+ <param pos="1" name="service.version"/>
482
+ <param pos="0" name="service.vendor" value="Cisco"/>
483
+ <param pos="0" name="service.product" value="SSH"/>
484
+ <param pos="0" name="os.vendor" value="Cisco"/>
485
+ <param pos="0" name="os.product" value="IOS"/>
486
+ <param pos="0" name="os.certainty" value="0.8"/>
487
+ </fingerprint>
488
+ <fingerprint pattern="^CISCO_WLC$">
489
+ <description>SSH banner from a Cisco Wireless LAN Controller (WLC)</description>
490
+ <example>CISCO_WLC</example>
491
+ <param pos="0" name="service.vendor" value="Cisco"/>
492
+ <param pos="0" name="service.product" value="SSH"/>
493
+ <param pos="0" name="os.vendor" value="Cisco"/>
494
+ <param pos="0" name="os.product" value="Wireless LAN Controller"/>
495
+ </fingerprint>
496
+ <fingerprint pattern="^Sun_SSH_(.*)$">
497
+ <description>Sun SSH banner</description>
498
+ <param pos="1" name="service.version"/>
499
+ <param pos="0" name="service.vendor" value="Sun"/>
500
+ <param pos="0" name="service.product" value="SSH"/>
501
+ <param pos="0" name="os.vendor" value="Sun"/>
502
+ <param pos="0" name="os.family" value="Solaris"/>
503
+ <param pos="0" name="os.product" value="Solaris"/>
504
+ </fingerprint>
505
+ <fingerprint pattern="^SSH Protocol Compatible Server SCS (.*)$">
506
+ <description>Netscreen</description>
507
+ <param pos="1" name="service.version"/>
508
+ <param pos="0" name="service.vendor" value="Juniper"/>
509
+ <param pos="0" name="service.family" value="NetScreen"/>
510
+ <param pos="0" name="service.product" value="NetScreen"/>
511
+ <param pos="0" name="os.vendor" value="Juniper"/>
512
+ <param pos="0" name="os.device" value="Firewall"/>
513
+ <param pos="0" name="os.family" value="ScreenOS"/>
514
+ <param pos="0" name="os.product" value="ScreenOS"/>
515
+ </fingerprint>
516
+ <fingerprint pattern="^NetScreen$">
517
+ <description>Netscreen</description>
518
+ <param pos="0" name="service.vendor" value="Juniper"/>
519
+ <param pos="0" name="service.family" value="NetScreen"/>
520
+ <param pos="0" name="service.product" value="NetScreen"/>
521
+ <param pos="0" name="os.vendor" value="Juniper"/>
522
+ <param pos="0" name="os.device" value="Firewall"/>
523
+ <param pos="0" name="os.family" value="ScreenOS"/>
524
+ <param pos="0" name="os.product" value="ScreenOS"/>
525
+ </fingerprint>
526
+ <fingerprint pattern="^(?:HUAWEI-VRP-?|VRP-)(.*)$">
527
+ <description>Huawei Versatile Routing Platform (VRP)</description>
528
+ <example os.version="3.10" service.version="3.10">HUAWEI-VRP-3.10</example>
529
+ <param pos="0" name="service.vendor" value="Huawei"/>
530
+ <param pos="0" name="service.family" value="VRP"/>
531
+ <param pos="0" name="service.product" value="VRP"/>
532
+ <param pos="1" name="service.version"/>
533
+ <param pos="0" name="os.vendor" value="Huawei"/>
534
+ <param pos="0" name="os.device" value="Router"/>
535
+ <param pos="0" name="os.family" value="VRP"/>
536
+ <param pos="0" name="os.product" value="VRP"/>
537
+ <param pos="1" name="os.version"/>
538
+ </fingerprint>
539
+ <fingerprint pattern="^([^\s]+) sshlib: GlobalScape$">
540
+ <description>GlobalScape SSH (which uses Bitvise sshlib)</description>
541
+ <param pos="1" name="service.component.version"/>
542
+ <param pos="0" name="service.component.vendor" value="Bitvise"/>
543
+ <param pos="0" name="service.component.family" value="sshlib"/>
544
+ <param pos="0" name="service.component.product" value="sshlib"/>
545
+ <param pos="0" name="service.vendor" value="GlobalScape"/>
546
+ <param pos="0" name="service.family" value="Secure FTP Server"/>
547
+ <param pos="0" name="service.product" value="Secure FTP Server"/>
548
+ <param pos="0" name="os.vendor" value="Microsoft"/>
549
+ <param pos="0" name="os.family" value="Windows"/>
550
+ <param pos="0" name="os.product" value="Windows"/>
551
+ </fingerprint>
552
+ <fingerprint pattern="^([^\s]+) sshlib: WinSSHD (.*)$">
553
+ <description>Bitvise WinSSHD (which uses Bitvise sshlib)</description>
554
+ <param pos="1" name="service.component.version"/>
555
+ <param pos="2" name="service.version"/>
556
+ <param pos="0" name="service.component.vendor" value="Bitvise"/>
557
+ <param pos="0" name="service.component.family" value="sshlib"/>
558
+ <param pos="0" name="service.component.product" value="sshlib"/>
559
+ <param pos="0" name="service.vendor" value="Bitvise"/>
560
+ <param pos="0" name="service.family" value="WinSSHD"/>
561
+ <param pos="0" name="service.product" value="WinSSHD"/>
562
+ <param pos="0" name="os.vendor" value="Microsoft"/>
563
+ <param pos="0" name="os.family" value="Windows"/>
564
+ <param pos="0" name="os.product" value="Windows"/>
565
+ </fingerprint>
566
+ <fingerprint pattern="^([^\s]+) FlowSsh: (?:Bitvise SSH Server \(WinSSHD\)|WinSSHD) ([\d\.]+):?.*$">
567
+ <description>Bitvise WinSSHD (which uses Bitvise flowssh)</description>
568
+ <example service.version="5.09" service.component.version="1.03">1.03 FlowSsh: WinSSHD 5.09</example>
569
+ <example service.version="5.20" service.component.version="1.07">1.07 FlowSsh: WinSSHD 5.20: free only for personal non-commercial use</example>
570
+ <example service.version="6.03" service.component.version="5.21">5.21 FlowSsh: Bitvise SSH Server (WinSSHD) 6.03: free only for personal non-commercial use</example>
571
+ <param pos="1" name="service.component.version"/>
572
+ <param pos="2" name="service.version"/>
573
+ <param pos="0" name="service.component.vendor" value="Bitvise"/>
574
+ <param pos="0" name="service.component.family" value="flowssh"/>
575
+ <param pos="0" name="service.component.product" value="flowssh"/>
576
+ <param pos="0" name="service.vendor" value="Bitvise"/>
577
+ <param pos="0" name="service.family" value="WinSSHD"/>
578
+ <param pos="0" name="service.product" value="WinSSHD"/>
579
+ <param pos="0" name="os.vendor" value="Microsoft"/>
580
+ <param pos="0" name="os.family" value="Windows"/>
581
+ <param pos="0" name="os.product" value="Windows"/>
582
+ </fingerprint>
583
+ <fingerprint pattern="^([^\s]+) sshlib: MOVEit DMZ SSH (.*)$">
584
+ <description>MOVEit DMZ (which uses Bitvise sshlib)</description>
585
+ <param pos="1" name="service.component.version"/>
586
+ <param pos="2" name="service.version"/>
587
+ <param pos="0" name="service.component.vendor" value="Bitvise"/>
588
+ <param pos="0" name="service.component.family" value="sshlib"/>
589
+ <param pos="0" name="service.component.product" value="sshlib"/>
590
+ <param pos="0" name="service.vendor" value="Standard Networks"/>
591
+ <param pos="0" name="service.family" value="MOVEit DMZ"/>
592
+ <param pos="0" name="service.product" value="MOVEit DMZ"/>
593
+ <param pos="0" name="os.vendor" value="Microsoft"/>
594
+ <param pos="0" name="os.family" value="Windows"/>
595
+ <param pos="0" name="os.product" value="Windows"/>
596
+ </fingerprint>
597
+ <fingerprint pattern="^Pragma SecureShell\s*(.*)$">
598
+ <description>Pragma SecureShell</description>
599
+ <param pos="1" name="service.version"/>
600
+ <param pos="0" name="service.vendor" value="Pragma Systems"/>
601
+ <param pos="0" name="service.family" value="FortressSSH Server"/>
602
+ <param pos="0" name="service.product" value="FortressSSH Server"/>
603
+ <param pos="0" name="os.vendor" value="Microsoft"/>
604
+ <param pos="0" name="os.family" value="Windows"/>
605
+ <param pos="0" name="os.product" value="Windows"/>
606
+ </fingerprint>
607
+ <fingerprint pattern="^VShell_(?:Special_Edition_)?(\d+)_(\d+)_(\d+)_(\d+) VShell$">
608
+ <description>VanDyke VShell</description>
609
+ <example service.version="3" service.version.version="6" service.version.version.version="2" service.version.version.version.version="446">VShell_3_6_2_446 VShell</example>
610
+ <example service.version="2" service.version.version="5" service.version.version.version="0" service.version.version.version.version="204">VShell_Special_Edition_2_5_0_204 VShell</example>
611
+ <param pos="1" name="service.version"/>
612
+ <param pos="2" name="service.version.version"/>
613
+ <param pos="3" name="service.version.version.version"/>
614
+ <param pos="4" name="service.version.version.version.version"/>
615
+ <param pos="0" name="service.vendor" value="VanDyke Software"/>
616
+ <param pos="0" name="service.family" value="VShell"/>
617
+ <param pos="0" name="service.product" value="VShell"/>
618
+ </fingerprint>
619
+ <fingerprint pattern="^([\s]*)\s*VShell$">
620
+ <description>VanDyke VShell</description>
621
+ <param pos="1" name="service.version"/>
622
+ <param pos="0" name="service.vendor" value="VanDyke Software"/>
623
+ <param pos="0" name="service.family" value="VShell"/>
624
+ <param pos="0" name="service.product" value="VShell"/>
625
+ </fingerprint>
626
+ <fingerprint pattern="^WRQReflectionForSecureIT_(.*)$">
627
+ <description>Attachmate Reflection (formerly WRQ Reflection for Secure IT)
685
628
  </description>
686
- <!-- versions are of the form: 6.0 Build 23 -->
687
- <param pos="1" name="service.version"/>
688
- <param pos="0" name="service.vendor" value="Attachmate"/>
689
- <param pos="0" name="service.family" value="Reflection"/>
690
- <param pos="0" name="service.product" value="Reflection"/>
691
- </fingerprint>
692
-
693
- <fingerprint pattern="^([^\s]*)\s*F-Secure SSH\s*(?:.*)$">
694
- <!-- 3.2.3 F-Secure SSH Windows NT Server -->
695
- <description>Attachmate Reflection (formerly F-Secure SSH)
629
+ <param pos="1" name="service.version"/>
630
+ <param pos="0" name="service.vendor" value="Attachmate"/>
631
+ <param pos="0" name="service.family" value="Reflection"/>
632
+ <param pos="0" name="service.product" value="Reflection"/>
633
+ </fingerprint>
634
+ <fingerprint pattern="^([^\s]*)\s*F-Secure SSH\s*(?:.*)$">
635
+ <description>Attachmate Reflection (formerly F-Secure SSH)
696
636
  </description>
697
- <param pos="1" name="service.version"/>
698
- <param pos="0" name="service.vendor" value="Attachmate"/>
699
- <param pos="0" name="service.family" value="Reflection"/>
700
- <param pos="0" name="service.product" value="Reflection"/>
701
- </fingerprint>
702
-
703
- <fingerprint pattern="^([^\s]*)\s*SSH Tectia Server$">
704
- <!-- 5.0.1.79 SSH Tectia Server -->
705
- <description>SSH Communications Security Tectia Server</description>
706
- <param pos="1" name="service.version"/>
707
- <param pos="0" name="service.vendor" value="SSH Communications Security"/>
708
- <param pos="0" name="service.family" value="SSH Tectia Server"/>
709
- <param pos="0" name="service.product" value="SSH Tectia Server"/>
710
- </fingerprint>
711
-
712
- <fingerprint pattern="^([0-9\.]+) SSH Secure Shell(?: \(non-commercial\))?$">
713
- <example>3.2.9.1 SSH Secure Shell (non-commercial)</example>
714
- <example>4.0.3 SSH Secure Shell</example>
715
- <example>4.4.2.3 SSH Secure Shell</example>
716
- <description>SSH Communications Security Tectia Server</description>
717
- <param pos="1" name="service.version"/>
718
- <param pos="0" name="service.vendor" value="SSH Communications Security"/>
719
- <param pos="0" name="service.family" value="SSH Tectia Server"/>
720
- <param pos="0" name="service.product" value="SSH Tectia Server"/>
721
- </fingerprint>
722
-
723
- <fingerprint pattern="^([0-9\.]+) SSH Secure Shell Windows NT Server$">
724
- <description>Unknown Windows SSH server</description>
725
- <example>4.0.3 SSH Secure Shell Windows NT Server</example>
726
- <param pos="0" name="os.vendor" value="Microsoft"/>
727
- <param pos="0" name="os.family" value="Windows"/>
728
- <param pos="0" name="os.product" value="Windows"/>
729
- <param pos="1" name="service.version"/>
730
- <param pos="0" name="service.vendor" value="SSH Communications Security"/>
731
- <param pos="0" name="service.family" value="SSH Tectia Server"/>
732
- <param pos="0" name="service.product" value="SSH Tectia Server"/>
733
- </fingerprint>
734
-
735
- <fingerprint pattern="^ARRIS_(.*)$">
736
- <description>ARRIS device (though not clear which) - www.arrisi.com</description>
737
- <param pos="1" name="service.version"/>
738
- <param pos="0" name="service.vendor" value="ARRIS"/>
739
- <param pos="0" name="service.product" value="ARRIS"/>
740
- <param pos="0" name="os.vendor" value="ARRIS"/>
741
- <param pos="0" name="os.product" value="Unknown"/>
742
- </fingerprint>
743
-
744
- <fingerprint pattern="^Mocana SSH.*$">
745
- <description>Mocana Embedded SSH (note, there seem to be spaces at the
637
+ <param pos="1" name="service.version"/>
638
+ <param pos="0" name="service.vendor" value="Attachmate"/>
639
+ <param pos="0" name="service.family" value="Reflection"/>
640
+ <param pos="0" name="service.product" value="Reflection"/>
641
+ </fingerprint>
642
+ <fingerprint pattern="^([^\s]*)\s*SSH Tectia Server$">
643
+ <description>SSH Communications Security Tectia Server</description>
644
+ <param pos="1" name="service.version"/>
645
+ <param pos="0" name="service.vendor" value="SSH Communications Security"/>
646
+ <param pos="0" name="service.family" value="SSH Tectia Server"/>
647
+ <param pos="0" name="service.product" value="SSH Tectia Server"/>
648
+ </fingerprint>
649
+ <fingerprint pattern="^([0-9\.]+) SSH Secure Shell(?: \(non-commercial\))?$">
650
+ <description>SSH Communications Security Tectia Server</description>
651
+ <example>3.2.9.1 SSH Secure Shell (non-commercial)</example>
652
+ <example>4.0.3 SSH Secure Shell</example>
653
+ <example>4.4.2.3 SSH Secure Shell</example>
654
+ <param pos="1" name="service.version"/>
655
+ <param pos="0" name="service.vendor" value="SSH Communications Security"/>
656
+ <param pos="0" name="service.family" value="SSH Tectia Server"/>
657
+ <param pos="0" name="service.product" value="SSH Tectia Server"/>
658
+ </fingerprint>
659
+ <fingerprint pattern="^([0-9\.]+) SSH Secure Shell Windows NT Server$">
660
+ <description>Unknown Windows SSH server</description>
661
+ <example>4.0.3 SSH Secure Shell Windows NT Server</example>
662
+ <param pos="0" name="os.vendor" value="Microsoft"/>
663
+ <param pos="0" name="os.family" value="Windows"/>
664
+ <param pos="0" name="os.product" value="Windows"/>
665
+ <param pos="1" name="service.version"/>
666
+ <param pos="0" name="service.vendor" value="SSH Communications Security"/>
667
+ <param pos="0" name="service.family" value="SSH Tectia Server"/>
668
+ <param pos="0" name="service.product" value="SSH Tectia Server"/>
669
+ </fingerprint>
670
+ <fingerprint pattern="^ARRIS_(.*)$">
671
+ <description>ARRIS device (though not clear which) - www.arrisi.com</description>
672
+ <param pos="1" name="service.version"/>
673
+ <param pos="0" name="service.vendor" value="ARRIS"/>
674
+ <param pos="0" name="service.product" value="ARRIS"/>
675
+ <param pos="0" name="os.vendor" value="ARRIS"/>
676
+ <param pos="0" name="os.product" value="Unknown"/>
677
+ </fingerprint>
678
+ <fingerprint pattern="^Mocana SSH.*$">
679
+ <description>Mocana Embedded SSH (note, there seem to be spaces at the
746
680
  end of the returned banner, thus the .*</description>
747
- <param pos="0" name="service.vendor" value="Mocana"/>
748
- <param pos="0" name="service.family" value="Embedded SSH Server"/>
749
- <param pos="0" name="service.product" value="Embedded SSH Server"/>
750
- </fingerprint>
751
-
752
- <fingerprint pattern="^FreSSH\.(.*)$">
753
- <description>FreSSH</description>
754
- <param pos="1" name="service.version"/>
755
- <param pos="0" name="service.family" value="FreSSH"/>
756
- <param pos="0" name="service.product" value="FreSSH"/>
757
- </fingerprint>
758
-
759
- <fingerprint pattern="^RomCliSecure_(.*)$">
760
- <description>RomCliSecure appears to be the Adtran NetVanta products</description>
761
- <param pos="1" name="service.version"/>
762
- <param pos="0" name="service.vendor" value="Adtran"/>
763
- <param pos="0" name="service.family" value="NetVanta"/>
764
- <param pos="0" name="service.product" value="NetVanta"/>
765
- <param pos="0" name="os.vendor" value="Adtran"/>
766
- <param pos="0" name="os.family" value="NetVanta"/>
767
- <param pos="0" name="os.product" value="NetVanta"/>
768
- </fingerprint>
769
-
770
- <fingerprint pattern="^.*MultiNet.*$">
771
- <description>Process Software MultiNet is a suite of network apps for OpenVMS</description>
772
- <param pos="0" name="service.vendor" value="Process Software"/>
773
- <param pos="0" name="service.family" value="MultiNet"/>
774
- <param pos="0" name="service.product" value="MultiNet"/>
775
- <param pos="0" name="os.vendor" value="HP"/>
776
- <param pos="0" name="os.family" value="OpenVMS"/>
777
- <param pos="0" name="os.product" value="OpenVMS"/>
778
- </fingerprint>
779
-
780
- <fingerprint pattern="^dropbear_(.*)$">
781
- <!-- dropbear_0.36 -->
782
- <!-- dropbear_0.44test4 -->
783
- <description>Dropbear - http://matt.ucc.asn.au/dropbear/dropbear.html</description>
784
- <param pos="1" name="service.version"/>
785
- <param pos="0" name="service.family" value="Dropbear"/>
786
- <param pos="0" name="service.product" value="Dropbear"/>
787
- </fingerprint>
788
-
789
- <fingerprint pattern="^lancom$">
790
- <description>LANCOM Systems - http://www.lancom-systems.de/</description>
791
- <param pos="0" name="service.vendor" value="LANCOM Systems"/>
792
- <param pos="0" name="service.family" value="SSH"/>
793
- <param pos="0" name="service.product" value="SSH"/>
794
- <param pos="0" name="os.vendor" value="LANCOM Systems"/>
795
- <param pos="0" name="os.product" value="Unknown"/>
796
- </fingerprint>
797
-
798
- <fingerprint pattern="^0$">
799
- <description>MOVEit DMZ</description>
800
- <param pos="0" name="service.vendor" value="Standard Networks"/>
801
- <param pos="0" name="service.family" value="MOVEit DMZ"/>
802
- <param pos="0" name="service.product" value="MOVEit DMZ"/>
803
- <param pos="0" name="os.vendor" value="Microsoft"/>
804
- <param pos="0" name="os.family" value="Windows"/>
805
- <param pos="0" name="os.product" value="Windows"/>
806
- </fingerprint>
807
-
808
- <fingerprint pattern="^Comware-(\d+\.?\d*\.?\d*)$">
809
- <description>SSH on H3C Comware</description>
810
- <example os.version="5.20.105">Comware-5.20.105</example>
811
- <example os.version="5.20">Comware-5.20</example>
812
- <param pos="0" name="service.vendor" value="H3C"/>
813
- <param pos="0" name="service.product" value="SSH"/>
814
- <param pos="0" name="os.vendor" value="H3C"/>
815
- <param pos="0" name="os.device" value="Network"/>
816
- <param pos="0" name="os.product" value="Comware"/>
817
- <param pos="0" name="os.family" value="Comware"/>
818
- <param pos="1" name="os.version"/>
819
- </fingerprint>
820
-
821
- <fingerprint pattern="^Data ONTAP SSH [\d\.]+$">
822
- <description>SSH NetApp appliances</description>
823
- <example>Data ONTAP SSH 1.0</example>
824
- <param pos="0" name="os.vendor" value="NetApp"/>
825
- <param pos="0" name="os.family" value="Data ONTAP"/>
826
- <param pos="0" name="os.product" value="Data ONTAP"/>
827
- </fingerprint>
828
-
829
- <fingerprint pattern="^(\d\.\d+\.\d+) SSH Secure Shell OpenVMS V\d+\.\d+$">
830
- <description>SSH for OpenVMS</description>
831
- <!-- The VX.Y at the end refers to TCP/IP Services for OpenVMS version -->
832
- <example service.component.version="3.2.0">3.2.0 SSH Secure Shell OpenVMS V5.5</example>
833
- <example service.component.version="2.4.1">2.4.1 SSH Secure Shell OpenVMS V1.0</example>
834
- <param pos="1" name="service.component.version"/>
835
- <param pos="0" name="service.component.vendor" value="SSH Communication Security"/>
836
- <param pos="0" name="service.component.family" value="SSH Secure Shell"/>
837
- <param pos="0" name="service.component.product" value="SSH Secure Shell"/>
838
- <param pos="0" name="service.vendor" value="HP"/>
839
- <param pos="0" name="service.family" value="OpenVMS"/>
840
- <param pos="0" name="service.product" value="SSH Server"/>
841
- <param pos="0" name="os.vendor" value="HP"/>
842
- <param pos="0" name="os.device" value="General"/>
843
- <param pos="0" name="os.family" value="OpenVMS"/>
844
- <param pos="0" name="os.product" value="OpenVMS"/>
845
- <param pos="0" name="os.certainty" value="0.75"/>
846
- </fingerprint>
847
-
848
- <fingerprint pattern="^(\d\.\d+\.\d+) SSH (?:Secure Shell )?OpenVMS V\d\.\d VMS_sftp_version (\d)$">
849
- <description>SSH for OpenVMS sftp</description>
850
- <example service.component.version="3.2.0" service.version="3">3.2.0 SSH Secure Shell OpenVMS V5.5 VMS_sftp_version 3</example>
851
- <example service.component.version="3.2.0" service.version="3">3.2.0 SSH OpenVMS V5.5 VMS_sftp_version 3</example>
852
- <!--V5.5 refers to TCP/IP Services for OpenVMS version -->
853
- <param pos="1" name="service.component.version"/>
854
- <param pos="0" name="service.component.vendor" value="SSH Communication Security"/>
855
- <param pos="0" name="service.component.family" value="SSH Secure Shell"/>
856
- <param pos="0" name="service.component.product" value="SSH Secure Shell"/>
857
- <param pos="0" name="service.vendor" value="HP"/>
858
- <param pos="0" name="service.family" value="OpenVMS"/>
859
- <param pos="0" name="service.product" value="VMS SFTP Server"/>
860
- <param pos="2" name="service.version"/>
861
- <param pos="0" name="os.vendor" value="HP"/>
862
- <param pos="0" name="os.device" value="General"/>
863
- <param pos="0" name="os.family" value="OpenVMS"/>
864
- <param pos="0" name="os.certainty" value="0.75"/>
865
- </fingerprint>
866
-
867
- <fingerprint pattern="^\S+ SSH Secure Shell Tru64 UNIX$">
868
- <description>Digital/Compaq/HP Tru64 Unix</description>
869
- <example>3.2.0 SSH Secure Shell Tru64 UNIX</example>
870
- <param pos="0" name="os.vendor" value="HP"/>
871
- <param pos="0" name="os.family" value="Unix"/>
872
- <param pos="0" name="os.product" value="Tru64 Unix"/>
873
- <param pos="0" name="os.device" value="General"/>
874
- </fingerprint>
875
-
876
- <fingerprint pattern="^(?:SSH-(\d\.\d)-)?ROSSSH$">
877
- <description>MikroTik RouterOS sshd</description>
878
- <example>ROSSSH</example>
879
- <example service.version="2.0">SSH-2.0-ROSSSH</example>
880
- <param pos="1" name="service.version"/>
881
- <param pos="0" name="os.vendor" value="MikroTik"/>
882
- <param pos="0" name="os.device" value="Router"/>
883
- <param pos="0" name="os.family" value="RouterOS"/>
884
- <param pos="0" name="os.product" value="RouterOS"/>
885
- </fingerprint>
886
- <!--
681
+ <param pos="0" name="service.vendor" value="Mocana"/>
682
+ <param pos="0" name="service.family" value="Embedded SSH Server"/>
683
+ <param pos="0" name="service.product" value="Embedded SSH Server"/>
684
+ </fingerprint>
685
+ <fingerprint pattern="^FreSSH\.(.*)$">
686
+ <description>FreSSH</description>
687
+ <param pos="1" name="service.version"/>
688
+ <param pos="0" name="service.family" value="FreSSH"/>
689
+ <param pos="0" name="service.product" value="FreSSH"/>
690
+ </fingerprint>
691
+ <fingerprint pattern="^RomCliSecure_(.*)$">
692
+ <description>RomCliSecure appears to be the Adtran NetVanta products</description>
693
+ <param pos="1" name="service.version"/>
694
+ <param pos="0" name="service.vendor" value="Adtran"/>
695
+ <param pos="0" name="service.family" value="NetVanta"/>
696
+ <param pos="0" name="service.product" value="NetVanta"/>
697
+ <param pos="0" name="os.vendor" value="Adtran"/>
698
+ <param pos="0" name="os.family" value="NetVanta"/>
699
+ <param pos="0" name="os.product" value="NetVanta"/>
700
+ </fingerprint>
701
+ <fingerprint pattern="^.*MultiNet.*$">
702
+ <description>Process Software MultiNet is a suite of network apps for OpenVMS</description>
703
+ <param pos="0" name="service.vendor" value="Process Software"/>
704
+ <param pos="0" name="service.family" value="MultiNet"/>
705
+ <param pos="0" name="service.product" value="MultiNet"/>
706
+ <param pos="0" name="os.vendor" value="HP"/>
707
+ <param pos="0" name="os.family" value="OpenVMS"/>
708
+ <param pos="0" name="os.product" value="OpenVMS"/>
709
+ </fingerprint>
710
+ <fingerprint pattern="^dropbear_(.*)$">
711
+ <description>Dropbear - http://matt.ucc.asn.au/dropbear/dropbear.html</description>
712
+ <param pos="1" name="service.version"/>
713
+ <param pos="0" name="service.family" value="Dropbear"/>
714
+ <param pos="0" name="service.product" value="Dropbear"/>
715
+ </fingerprint>
716
+ <fingerprint pattern="^lancom$">
717
+ <description>LANCOM Systems - http://www.lancom-systems.de/</description>
718
+ <param pos="0" name="service.vendor" value="LANCOM Systems"/>
719
+ <param pos="0" name="service.family" value="SSH"/>
720
+ <param pos="0" name="service.product" value="SSH"/>
721
+ <param pos="0" name="os.vendor" value="LANCOM Systems"/>
722
+ <param pos="0" name="os.product" value="Unknown"/>
723
+ </fingerprint>
724
+ <fingerprint pattern="^0$">
725
+ <description>MOVEit DMZ</description>
726
+ <param pos="0" name="service.vendor" value="Standard Networks"/>
727
+ <param pos="0" name="service.family" value="MOVEit DMZ"/>
728
+ <param pos="0" name="service.product" value="MOVEit DMZ"/>
729
+ <param pos="0" name="os.vendor" value="Microsoft"/>
730
+ <param pos="0" name="os.family" value="Windows"/>
731
+ <param pos="0" name="os.product" value="Windows"/>
732
+ </fingerprint>
733
+ <fingerprint pattern="^Comware-(\d+\.?\d*\.?\d*)$">
734
+ <description>SSH on H3C Comware</description>
735
+ <example os.version="5.20.105">Comware-5.20.105</example>
736
+ <example os.version="5.20">Comware-5.20</example>
737
+ <param pos="0" name="service.vendor" value="H3C"/>
738
+ <param pos="0" name="service.product" value="SSH"/>
739
+ <param pos="0" name="os.vendor" value="H3C"/>
740
+ <param pos="0" name="os.device" value="Network"/>
741
+ <param pos="0" name="os.product" value="Comware"/>
742
+ <param pos="0" name="os.family" value="Comware"/>
743
+ <param pos="1" name="os.version"/>
744
+ </fingerprint>
745
+ <fingerprint pattern="^Data ONTAP SSH [\d\.]+$">
746
+ <description>SSH NetApp appliances</description>
747
+ <example>Data ONTAP SSH 1.0</example>
748
+ <param pos="0" name="os.vendor" value="NetApp"/>
749
+ <param pos="0" name="os.family" value="Data ONTAP"/>
750
+ <param pos="0" name="os.product" value="Data ONTAP"/>
751
+ </fingerprint>
752
+ <fingerprint pattern="^(\d\.\d+\.\d+) SSH Secure Shell OpenVMS V\d+\.\d+$">
753
+ <description>SSH for OpenVMS</description>
754
+ <example service.component.version="3.2.0">3.2.0 SSH Secure Shell OpenVMS V5.5</example>
755
+ <example service.component.version="2.4.1">2.4.1 SSH Secure Shell OpenVMS V1.0</example>
756
+ <param pos="1" name="service.component.version"/>
757
+ <param pos="0" name="service.component.vendor" value="SSH Communication Security"/>
758
+ <param pos="0" name="service.component.family" value="SSH Secure Shell"/>
759
+ <param pos="0" name="service.component.product" value="SSH Secure Shell"/>
760
+ <param pos="0" name="service.vendor" value="HP"/>
761
+ <param pos="0" name="service.family" value="OpenVMS"/>
762
+ <param pos="0" name="service.product" value="SSH Server"/>
763
+ <param pos="0" name="os.vendor" value="HP"/>
764
+ <param pos="0" name="os.device" value="General"/>
765
+ <param pos="0" name="os.family" value="OpenVMS"/>
766
+ <param pos="0" name="os.product" value="OpenVMS"/>
767
+ <param pos="0" name="os.certainty" value="0.75"/>
768
+ </fingerprint>
769
+ <fingerprint pattern="^(\d\.\d+\.\d+) SSH (?:Secure Shell )?OpenVMS V\d\.\d VMS_sftp_version (\d)$">
770
+ <description>SSH for OpenVMS sftp</description>
771
+ <example service.component.version="3.2.0" service.version="3">3.2.0 SSH Secure Shell OpenVMS V5.5 VMS_sftp_version 3</example>
772
+ <example service.component.version="3.2.0" service.version="3">3.2.0 SSH OpenVMS V5.5 VMS_sftp_version 3</example>
773
+ <param pos="1" name="service.component.version"/>
774
+ <param pos="0" name="service.component.vendor" value="SSH Communication Security"/>
775
+ <param pos="0" name="service.component.family" value="SSH Secure Shell"/>
776
+ <param pos="0" name="service.component.product" value="SSH Secure Shell"/>
777
+ <param pos="0" name="service.vendor" value="HP"/>
778
+ <param pos="0" name="service.family" value="OpenVMS"/>
779
+ <param pos="0" name="service.product" value="VMS SFTP Server"/>
780
+ <param pos="2" name="service.version"/>
781
+ <param pos="0" name="os.vendor" value="HP"/>
782
+ <param pos="0" name="os.device" value="General"/>
783
+ <param pos="0" name="os.family" value="OpenVMS"/>
784
+ <param pos="0" name="os.certainty" value="0.75"/>
785
+ </fingerprint>
786
+ <fingerprint pattern="^\S+ SSH Secure Shell Tru64 UNIX$">
787
+ <description>Digital/Compaq/HP Tru64 Unix</description>
788
+ <example>3.2.0 SSH Secure Shell Tru64 UNIX</example>
789
+ <param pos="0" name="os.vendor" value="HP"/>
790
+ <param pos="0" name="os.family" value="Unix"/>
791
+ <param pos="0" name="os.product" value="Tru64 Unix"/>
792
+ <param pos="0" name="os.device" value="General"/>
793
+ </fingerprint>
794
+ <fingerprint pattern="^(?:SSH-(\d\.\d)-)?ROSSSH$">
795
+ <description>MikroTik RouterOS sshd</description>
796
+ <example>ROSSSH</example>
797
+ <example service.version="2.0">SSH-2.0-ROSSSH</example>
798
+ <param pos="1" name="service.version"/>
799
+ <param pos="0" name="os.vendor" value="MikroTik"/>
800
+ <param pos="0" name="os.device" value="Router"/>
801
+ <param pos="0" name="os.family" value="RouterOS"/>
802
+ <param pos="0" name="os.product" value="RouterOS"/>
803
+ </fingerprint>
804
+ <!--
887
805
  1.2.22j4rad
888
806
  2.40
889
807
  2.0.12
@@ -891,10 +809,8 @@ Server-VII
891
809
  9.9.1
892
810
  IPSSH-1.10.0
893
811
  -->
894
-
895
- <!--
812
+ <!--
896
813
  Possibly Nortel Passport
897
814
  SSH_2.1.1
898
815
  -->
899
-
900
816
  </fingerprints>