recog 2.0.13 → 2.0.14

data/xml/architecture.xml

@@ -1,45 +1,32 @@
-<?xml version="1.0"?>
-
+<?xml version="1.0" encoding="UTF-8"?>
 <!--
   Generic rules for matching a machine architecture, platform, or chipset
 -->
-
 <fingerprints matches="architecture">
-
-   <fingerprint pattern="x64|amd64|x86_64" flags="REG_ICASE">
-      <description>x64 (x86_x64)</description>
-      <example>Linux claw 3.11.0-15-generic #23-Ubuntu SMP Mon Dec 9 18:17:04 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux</example>
-      <param pos="0" name="os.arch" value="x64"/>
-   </fingerprint>
-
-   <fingerprint pattern="x86|i[3456]86" flags="REG_ICASE">
-      <description>x86</description>
-      <example>Linux bob 3.2.0-1-generic #3-Ubuntu SMP Wed Dec 11 19:12:55 UTC 2013 i686 i686 i686 GNU/Linux</example>
-      <param pos="0" name="os.arch" value="x86"/>
-   </fingerprint>
-
-   <fingerprint pattern="PowerPC|PPC|POWER|ppc">
-      <description>PowerPC</description>
-      <!-- XXX: Need an example -->
-      <param pos="0" name="os.arch" value="ppc"/>
-   </fingerprint>
-
-   <fingerprint pattern="SPARC" flags="REG_ICASE">
-      <description>SPARC</description>
-      <!-- XXX: Need an example -->
-      <param pos="0" name="os.arch" value="sparc"/>
-   </fingerprint>
-
-   <fingerprint pattern="mips" flags="REG_ICASE">
-      <description>MIPS</description>
-      <!-- XXX: Need an example -->
-      <param pos="0" name="os.arch" value="mips"/>
-   </fingerprint>
-
-   <fingerprint pattern="arm" flags="REG_ICASE">
-      <description>ARM</description>
-      <!-- XXX: Need an example -->
-      <param pos="0" name="os.arch" value="arm"/>
-   </fingerprint>
-
-</fingerprints>
+  <fingerprint pattern="x64|amd64|x86_64" flags="REG_ICASE">
+    <description>x64 (x86_x64)</description>
+    <example>Linux claw 3.11.0-15-generic #23-Ubuntu SMP Mon Dec 9 18:17:04 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux</example>
+    <param pos="0" name="os.arch" value="x64"/>
+  </fingerprint>
+  <fingerprint pattern="x86|i[3456]86" flags="REG_ICASE">
+    <description>x86</description>
+    <example>Linux bob 3.2.0-1-generic #3-Ubuntu SMP Wed Dec 11 19:12:55 UTC 2013 i686 i686 i686 GNU/Linux</example>
+    <param pos="0" name="os.arch" value="x86"/>
+  </fingerprint>
+  <fingerprint pattern="PowerPC|PPC|POWER|ppc">
+    <description>PowerPC</description>
+    <param pos="0" name="os.arch" value="ppc"/>
+  </fingerprint>
+  <fingerprint pattern="SPARC" flags="REG_ICASE">
+    <description>SPARC</description>
+    <param pos="0" name="os.arch" value="sparc"/>
+  </fingerprint>
+  <fingerprint pattern="mips" flags="REG_ICASE">
+    <description>MIPS</description>
+    <param pos="0" name="os.arch" value="mips"/>
+  </fingerprint>
+  <fingerprint pattern="arm" flags="REG_ICASE">
+    <description>ARM</description>
+    <param pos="0" name="os.arch" value="arm"/>
+  </fingerprint>
+</fingerprints>

data/xml/fingerprints.xsd

@@ -0,0 +1,37 @@
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+
+  <xsd:element name="fingerprints" type="fingerprints_element"/>
+
+  <xsd:complexType name="fingerprints_element">
+    <xsd:sequence>
+      <xsd:element name="fingerprint" type="fingerprint_element" minOccurs="1" maxOccurs="unbounded"/>
+    </xsd:sequence>
+    <xsd:attribute name="matches" type="xsd:string" use="optional"/>
+  </xsd:complexType>
+
+  <xsd:complexType name="fingerprint_element" mixed="true">
+    <xsd:sequence>
+      <xsd:element name="description" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+      <xsd:element name="example" type="example_element" minOccurs="0" maxOccurs="unbounded"/>
+      <xsd:element name="param" type="param_element" minOccurs="0" maxOccurs="unbounded"/>
+    </xsd:sequence>
+    <xsd:attribute name="certainty" type="xsd:string" use="optional"/>
+    <xsd:attribute name="pattern" type="xsd:string" use="required"/>
+    <xsd:attribute name="flags" type="xsd:string" use="optional"/>
+  </xsd:complexType>
+
+  <xsd:complexType name="example_element">
+    <xsd:simpleContent>
+      <xsd:extension base="xsd:string">
+        <xsd:anyAttribute processContents="skip"/>
+      </xsd:extension>
+    </xsd:simpleContent>
+  </xsd:complexType>
+
+  <xsd:complexType name="param_element">
+    <xsd:attribute name="name" type="xsd:string" use="required"/>
+    <xsd:attribute name="pos" type="xsd:integer" use="required"/>
+    <xsd:attribute name="value" type="xsd:string" use="optional"/>
+  </xsd:complexType>
+
+</xsd:schema>

data/xml/ftp_banners.xml

@@ -1,12 +1,12 @@
-<?xml version="1.0"?>
+<?xml version="1.0" encoding="UTF-8"?>
 <!--
 FTP greeting messages (part of the banner after the response code) are matched
 against these patterns to fingerprint FTP servers.
 -->
 <fingerprints matches="ftp.banner">
   <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version ([1234]\.\d+)\)\.$">
-    <example>xx Microsoft FTP Service (Version 3.0).</example>
     <description>Microsoft FTP Server on Windows NT</description>
+    <example>xx Microsoft FTP Service (Version 3.0).</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.product" value="IIS"/>
     <param pos="0" name="service.family" value="IIS"/>
@@ -18,8 +18,8 @@ against these patterns to fingerprint FTP servers.
     <param pos="1" name="host.name"/>
   </fingerprint>
   <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.0\)\.$">
-    <example>xxx Microsoft FTP Service (Version 5.0).</example>
     <description>Microsoft FTP Server on Windows 2000</description>
+    <example>xxx Microsoft FTP Service (Version 5.0).</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.product" value="IIS"/>
     <param pos="0" name="service.family" value="IIS"/>
@@ -31,8 +31,8 @@ against these patterns to fingerprint FTP servers.
     <param pos="1" name="host.name"/>
   </fingerprint>
   <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.1\)\.$">
-    <example>xxx Microsoft FTP Service (Version 5.1).</example>
     <description>Microsoft FTP Server on Windows XP, 2003 or later versions of 2000</description>
+    <example>xxx Microsoft FTP Service (Version 5.1).</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.product" value="IIS"/>
     <param pos="0" name="service.family" value="IIS"/>
@@ -43,8 +43,8 @@ against these patterns to fingerprint FTP servers.
     <param pos="1" name="host.name"/>
   </fingerprint>
   <fingerprint pattern="^([^ ]+) Microsoft FTP Service$">
-    <example>hostname Microsoft FTP Service</example>
     <description>Microsoft FTP Server on Windows XP, 2003 or later without version</description>
+    <example>hostname Microsoft FTP Service</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.product" value="IIS"/>
     <param pos="0" name="service.family" value="IIS"/>
@@ -55,8 +55,8 @@ against these patterns to fingerprint FTP servers.
     <param pos="1" name="host.name"/>
   </fingerprint>
   <fingerprint pattern="^Microsoft FTP Service$">
-    <example>Microsoft FTP Service</example>
     <description>Microsoft FTP Server on Windows XP, 2003 or later without version or hostname</description>
+    <example>Microsoft FTP Service</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.product" value="IIS"/>
     <param pos="0" name="service.family" value="IIS"/>
@@ -107,7 +107,8 @@ against these patterns to fingerprint FTP servers.
   <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\s+([\d\.]+).*\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
     <description>FTPD on Mac OS X Server with a version</description>
     <example host.name="example.com" os.version="10.3">example.com FTP server (Version:  Mac OS X Server 10.3 - +GSSAPI) ready.</example>
-    <example host.name="example.com" os.version="10.3">this is a banner.  change it.&#13;&#10;example.com FTP server (Version:  Mac OS X Server 10.3 - +GSSAPI) ready.</example>
+    <example host.name="example.com" os.version="10.3">this is a banner.  change it.&#13;
+example.com FTP server (Version:  Mac OS X Server 10.3 - +GSSAPI) ready.</example>
     <param pos="0" name="service.vendor" value="Apple"/>
     <param pos="0" name="service.product" value="FTP"/>
     <param pos="0" name="os.vendor" value="Apple"/>
@@ -120,7 +121,8 @@ against these patterns to fingerprint FTP servers.
   <fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
     <description>FTPD on Mac OS X Server without a version</description>
     <example host.name="example.com">example.com FTP server (Version:  Mac OS X Server) ready.</example>
-    <example host.name="example.com">this is a banner.  change it.&#13;&#10;example.com FTP server (Version:  Mac OS X Server) ready.</example>
+    <example host.name="example.com">this is a banner.  change it.&#13;
+example.com FTP server (Version:  Mac OS X Server) ready.</example>
     <param pos="0" name="service.vendor" value="Apple"/>
     <param pos="0" name="service.product" value="FTP"/>
     <param pos="0" name="os.vendor" value="Apple"/>
@@ -147,8 +149,8 @@ against these patterns to fingerprint FTP servers.
     <param pos="2" name="os.version"/>
   </fingerprint>
   <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Debian\) \[(.+)\]$">
-    <example>ProFTPD 1.3.0rc2 Server (Debian) [host]</example>
     <description>ProFTPD on Debian Linux</description>
+    <example>ProFTPD 1.3.0rc2 Server (Debian) [host]</example>
     <param pos="0" name="service.family" value="ProFTPD"/>
     <param pos="0" name="service.product" value="ProFTPD"/>
     <param pos="1" name="service.version"/>
@@ -159,8 +161,8 @@ against these patterns to fingerprint FTP servers.
     <param pos="2" name="host.name"/>
   </fingerprint>
   <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(W.+)\) \[(.+)\]$">
-    <example>ProFTPD 1.3.0rc2 Server (LinksysWRT350N) [host]</example>
     <description>ProFTPD on a Linksys Wireless Access Point/Router</description>
+    <example>ProFTPD 1.3.0rc2 Server (LinksysWRT350N) [host]</example>
     <param pos="0" name="service.family" value="ProFTPD"/>
     <param pos="0" name="service.product" value="ProFTPD"/>
     <param pos="1" name="service.version"/>
@@ -170,7 +172,6 @@ against these patterns to fingerprint FTP servers.
     <param pos="3" name="host.name"/>
   </fingerprint>
   <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(.*)\) \[(.+)\]$">
-    <!-- TODO: find a greeting message example -->
     <description>ProFTPD on a wired Linksys device</description>
     <param pos="0" name="service.family" value="ProFTPD"/>
     <param pos="0" name="service.product" value="ProFTPD"/>
@@ -181,10 +182,10 @@ against these patterns to fingerprint FTP servers.
     <param pos="3" name="host.name"/>
   </fingerprint>
   <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[(.+)\]$">
+    <description>ProFTPD with version info but no obvious OS info</description>
     <example>ProFTPD 1.2.10 Server (Main FTP Server) [host]</example>
     <example>ProFTPD 1.2.10 Server (ProFTPD) [host]</example>
     <example>ProFTPD 1.2.10rc3 Server (ProFTPD Default Installation) [host]</example>
-    <description>ProFTPD with version info but no obvious OS info</description>
     <param pos="0" name="service.family" value="ProFTPD"/>
     <param pos="0" name="service.product" value="ProFTPD"/>
     <param pos="1" name="service.version"/>
@@ -192,52 +193,53 @@ against these patterns to fingerprint FTP servers.
     <param pos="3" name="host.name"/>
   </fingerprint>
   <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server ready\.$">
-    <example>ProFTPD 1.3.0rc2 Server ready.</example>
     <description>ProFTPD with only version info</description>
+    <example>ProFTPD 1.3.0rc2 Server ready.</example>
     <param pos="0" name="service.family" value="ProFTPD"/>
     <param pos="0" name="service.product" value="ProFTPD"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
   <fingerprint pattern="^ProFTPD FTP Server ready\.$">
-    <example>ProFTPD FTP Server ready.</example>
     <description>ProFTPD with no version info</description>
+    <example>ProFTPD FTP Server ready.</example>
     <param pos="0" name="service.family" value="ProFTPD"/>
     <param pos="0" name="service.product" value="ProFTPD"/>
   </fingerprint>
   <fingerprint pattern="^=\(&lt;\*&gt;\)=-\.:\. \(\( Welcome to Pure-FTPd ([\d.]+) \)\) \.:\.-=\(&lt;\*&gt;\)=-" flags="REG_MULTILINE">
-    <!-- yes, the leading and trailing text is not balanced.
-         the leading text is missing the - at the beginning -->
-    <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-</example>
-    <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-&#13;&#10;more stuff</example>
     <description>Pure-FTPd versions &lt;= 1.0.13 (at least as far back as 1.0.11)</description>
+    <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-</example>
+    <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-&#13;
+more stuff</example>
     <param pos="0" name="service.family" value="Pure-FTPd"/>
     <param pos="0" name="service.product" value="Pure-FTPd"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
   <fingerprint pattern="^-{9,10} Welcome to Pure-FTPd (.*)-{9,10}" flags="REG_MULTILINE">
-    <example>---------- Welcome to Pure-FTPd ----------</example>
-    <example>--------- Welcome to Pure-FTPd [privsep] [TLS] ----------</example>
-    <example>--------- Welcome to Pure-FTPd [privsep] [TLS] ----------&#13;&#10;more text</example>
-    <description>Pure-FTPd versions >= 1.0.14
+    <description>Pure-FTPd versions &gt;= 1.0.14
       Config data can be zero or more of: [privsep] [TLS]
     </description>
+    <example>---------- Welcome to Pure-FTPd ----------</example>
+    <example>--------- Welcome to Pure-FTPd [privsep] [TLS] ----------</example>
+    <example>--------- Welcome to Pure-FTPd [privsep] [TLS] ----------&#13;
+more text</example>
     <param pos="1" name="pureftpd.config"/>
     <param pos="0" name="service.family" value="Pure-FTPd"/>
     <param pos="0" name="service.product" value="Pure-FTPd"/>
   </fingerprint>
   <fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-" flags="REG_MULTILINE">
-    <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-</example>
-    <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-&#13;&#10;more text</example>
     <description>Older Pure-FTPd versions</description>
+    <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-</example>
+    <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-&#13;
+more text</example>
     <param pos="0" name="service.family" value="Pure-FTPd"/>
     <param pos="0" name="service.product" value="Pure-FTPd"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
   <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\..+)(?: for WinSock)? ready\.*$">
+    <description>Serv-U (only runs on Windows)</description>
     <example>Serv-U FTP-Server v2.5n for WinSock ready...</example>
     <example>Serv-U FTP Server v6.0 for WinSock ready</example>
     <example>Serv-U FTP Server v7.2 ready...</example>
-    <description>Serv-U (only runs on Windows)</description>
     <param pos="0" name="service.vendor" value="Rhino Software"/>
     <param pos="0" name="service.product" value="Serv-U"/>
     <param pos="0" name="service.family" value="Serv-U"/>
@@ -248,8 +250,8 @@ against these patterns to fingerprint FTP servers.
     <param pos="0" name="os.product" value="Windows"/>
   </fingerprint>
   <fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
-    <example>zFTPServer v4.0, build 2008-12-24 01:41 ready.</example>
     <description>zftpserver (only runs on Windows)</description>
+    <example>zFTPServer v4.0, build 2008-12-24 01:41 ready.</example>
     <param pos="0" name="service.product" value="zFTPServer"/>
     <param pos="1" name="service.version"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -258,41 +260,41 @@ against these patterns to fingerprint FTP servers.
     <param pos="0" name="os.product" value="Windows"/>
   </fingerprint>
   <fingerprint pattern="^\(vsFTPd (\d+\..+)\)(?: (.+))?$">
+    <description>vsFTPd (Very Secure FTP Daemon)</description>
     <example>(vsFTPd 1.1.3) host</example>
     <example>(vsFTPd 2.0.5)</example>
-    <description>vsFTPd (Very Secure FTP Daemon)</description>
     <param pos="0" name="service.family" value="vsFTPd"/>
     <param pos="0" name="service.product" value="vsFTPd"/>
     <param pos="1" name="service.version"/>
     <param pos="2" name="host.name"/>
   </fingerprint>
   <fingerprint pattern="^ready, dude \(vsFTPd (\d+\..+): beat me, break me\)$">
-    <example>ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
     <description>vsFTPd (Very Secure FTP Daemon)</description>
+    <example>ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
     <param pos="0" name="service.family" value="vsFTPd"/>
     <param pos="0" name="service.product" value="vsFTPd"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
   <fingerprint pattern="^FileZilla Server version (\d\..+)$">
-    <example>FileZilla Server version 0.9.2 beta</example>
     <description>FileZilla FTP Server</description>
+    <example>FileZilla Server version 0.9.2 beta</example>
     <param pos="0" name="service.family" value="FileZilla FTP Server"/>
     <param pos="0" name="service.product" value="FileZilla FTP Server"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
   <fingerprint pattern="^\s*APC FTP server ready\.$">
-    <example>APC FTP server ready.</example>
     <description>APC device</description>
+    <example>APC FTP server ready.</example>
     <param pos="0" name="service.vendor" value="APC"/>
     <param pos="0" name="service.product" value="FTP"/>
     <param pos="0" name="os.vendor" value="APC"/>
     <param pos="0" name="os.device" value="Power device"/>
   </fingerprint>
   <fingerprint pattern="^(\S+) Network Management Card AOS v(\d+\..+) FTP server ready\.$">
+    <description>APC power/cooling device</description>
     <example>AP7932 Network Management Card AOS v3.3.4 FTP server ready.</example>
     <example>ACRC103 Network Management Card AOS v3.6.1 FTP server ready.</example>
     <example>0G-9354-01 Network Management Card AOS v3.6.1 FTP server ready.</example>
-    <description>APC power/cooling device</description>
     <param pos="0" name="service.vendor" value="APC"/>
     <param pos="0" name="service.product" value="AOS"/>
     <param pos="0" name="service.family" value="AOS"/>
@@ -303,10 +305,10 @@ against these patterns to fingerprint FTP servers.
     <param pos="2" name="os.version"/>
   </fingerprint>
   <fingerprint pattern="^(\S+) FTP server \(EMC-SNAS: ([^\)]+)\)(?: \S+)?$">
+    <description>EMC Celerra</description>
     <example>foo2 FTP server (EMC-SNAS: 5.6.47.11)</example>
     <example>foo2 FTP server (EMC-SNAS: 5.6.50.203) ready.</example>
     <example>foo4 FTP server (EMC-SNAS: 5.5.31.6) r</example>
-    <description>EMC Celerra</description>
     <param pos="0" name="service.vendor" value="EMC"/>
     <param pos="0" name="service.product" value="Celerra"/>
     <param pos="2" name="service.version"/>
@@ -317,9 +319,9 @@ against these patterns to fingerprint FTP servers.
     <param pos="1" name="host.name"/>
   </fingerprint>
   <fingerprint pattern="^JD FTP Server Ready.*$">
+    <description>HP JetDirect printer</description>
     <example>JD FTP Server Ready</example>
     <example>JD FTP Server Ready.</example>
-    <description>HP JetDirect printer</description>
     <param pos="0" name="service.vendor" value="HP"/>
     <param pos="0" name="service.product" value="JetDirect"/>
     <param pos="0" name="service.family" value="JetDirect"/>
@@ -329,8 +331,8 @@ against these patterns to fingerprint FTP servers.
     <param pos="0" name="os.product" value="JetDirect"/>
   </fingerprint>
   <fingerprint pattern="^Check Point FireWall-1 Secure FTP server running on (.+)$">
-    <example>Check Point FireWall-1 Secure FTP server running on host</example>
     <description>Check Point FireWall-1</description>
+    <example>Check Point FireWall-1 Secure FTP server running on host</example>
     <param pos="0" name="service.vendor" value="Check Point"/>
     <param pos="0" name="service.product" value="Firewall-1"/>
     <param pos="0" name="service.family" value="Firewall-1"/>
@@ -341,8 +343,8 @@ against these patterns to fingerprint FTP servers.
     <param pos="1" name="host.name"/>
   </fingerprint>
   <fingerprint pattern="^Blue Coat FTP Service$">
-    <example>Blue Coat FTP Service</example>
     <description>Blue Coat security appliances</description>
+    <example>Blue Coat FTP Service</example>
     <param pos="0" name="service.vendor" value="Blue Coat"/>
     <param pos="0" name="service.product" value="Proxy"/>
     <param pos="0" name="os.vendor" value="Blue Coat"/>
@@ -355,8 +357,8 @@ against these patterns to fingerprint FTP servers.
     <param pos="0" name="service.product" value="Nepenthes"/>
   </fingerprint>
   <fingerprint pattern="^[^ ]+ IBM FTP CS (V1R\d+) at ([^,]*),.*">
-    <example>SFTPD1 IBM FTP CS V1R4 at x.y.z, 21:02:19 on 2007-12-15.</example>
     <description>IBM z/OS FTP Service</description>
+    <example>SFTPD1 IBM FTP CS V1R4 at x.y.z, 21:02:19 on 2007-12-15.</example>
     <param pos="0" name="service.vendor" value="IBM"/>
     <param pos="0" name="service.product" value="z/OS FTP Server"/>
     <param pos="0" name="os.vendor" value="IBM"/>
@@ -367,8 +369,8 @@ against these patterns to fingerprint FTP servers.
     <param pos="2" name="host.name"/>
   </fingerprint>
   <fingerprint pattern="^FTP server \(IBM 4690 TCP/IP FTP Version 1\.0\) ready\.">
-    <example>FTP server (IBM 4690 TCP/IP FTP Version 1.0) ready.</example>
     <description>IBM 4690 FTP Service</description>
+    <example>FTP server (IBM 4690 TCP/IP FTP Version 1.0) ready.</example>
     <param pos="0" name="service.vendor" value="IBM"/>
     <param pos="0" name="service.product" value="4690 FTP Server"/>
     <param pos="0" name="os.vendor" value="IBM"/>
@@ -377,24 +379,24 @@ against these patterns to fingerprint FTP servers.
     <param pos="0" name="os.device" value="Point of sale"/>
   </fingerprint>
   <fingerprint pattern="^([^ ]+) NcFTPd Server \(licensed copy\) ready\.$">
-    <example>ftp.example.com NcFTPd Server (licensed copy) ready.</example>
     <description>NcFTPd Server
       http://www.ncftp.com/ncftpd/</description>
+    <example>ftp.example.com NcFTPd Server (licensed copy) ready.</example>
     <param pos="0" name="service.vendor" value="NcFTP Software"/>
     <param pos="0" name="service.product" value="NcFTPd Server"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
   <fingerprint pattern="^(\S+) DCS-2100 FTP server ready\.$">
-    <example>hostname DCS-2100 FTP server ready.</example>
     <description>D-Link DCS-2100 wireless internet camera</description>
+    <example>hostname DCS-2100 FTP server ready.</example>
     <param pos="0" name="os.vendor" value="D-Link"/>
     <param pos="0" name="os.product" value="DCS-2100"/>
     <param pos="0" name="os.device" value="Web cam"/>
     <param pos="1" name="host.name"/>
   </fingerprint>
   <fingerprint pattern="^Secure Gateway FTP server ready\.$">
-    <example>Secure Gateway FTP server ready.</example>
     <description>Raptor firewall</description>
+    <example>Secure Gateway FTP server ready.</example>
     <param pos="0" name="os.vendor" value="Symantec"/>
     <param pos="0" name="os.family" value="Raptor"/>
     <param pos="0" name="os.product" value="Raptor"/>
@@ -409,30 +411,30 @@ against these patterns to fingerprint FTP servers.
     <param pos="0" name="os.device" value="Storage"/>
   </fingerprint>
   <fingerprint pattern="^AXIS (\S+) (?:(?:Fixed Dome )?Network(?: Fixed Dome)? Camera) ([\d\.]+) .* ready\.?$" flags="REG_ICASE">
+    <description>Axis Network Camera</description>
     <example os.product="2100" os.version="2.43">Axis 2100 Network Camera 2.43 Nov 04 2008 ready.</example>
     <example os.product="207" os.version="4.40.1">AXIS 207 Network Camera 4.40.1 (Apr 16 2007) ready.</example>
     <example os.product="216FD" os.version="4.47">AXIS 216FD Network Fixed Dome Camera 4.47 (Mar 13 2008) ready.</example>
     <example os.product="M3203" os.version="5.12.1">AXIS M3203 Fixed Dome Network Camera 5.12.1 (Feb 07 2011) ready.</example>
-    <description>Axis Network Camera</description>
     <param pos="0" name="os.vendor" value="Axis"/>
     <param pos="0" name="os.device" value="Web cam"/>
     <param pos="1" name="os.product"/>
     <param pos="2" name="os.version"/>
   </fingerprint>
   <fingerprint pattern="^AXIS (\S+) Video (?:Encoder Blade|Server|Decoder) ([\d\.]+) .* ready\.?$" flags="REG_ICASE">
+    <description>Axis Video encoders/servers</description>
     <example>AXIS Q7406 Video Encoder Blade 5.01 (Aug 01 2008) ready.</example>
     <example>AXIS 241Q Video Server 4.47.2 (Dec 11 2008) ready.</example>
     <example>AXIS P7701 Video Decoder 5.07.2 (Apr 20 2010) ready.</example>
-    <description>Axis Video encoders/servers</description>
     <param pos="0" name="os.vendor" value="Axis"/>
     <param pos="1" name="os.product"/>
     <param pos="2" name="os.version"/>
   </fingerprint>
   <fingerprint pattern="^AXIS (\S+) .*FTP Network Print Server V?([\d\.]+\S+) .* ready\.?$" flags="REG_ICASE">
+    <description>Axis print servers</description>
     <example>AXIS 5600+ (rev 3) FTP Network Print Server V7.00 Sep 10 2004 ready.</example>
     <example>AXIS 560 FTP Network Print Server V6.00 Jul 7 1999 ready.</example>
     <example>AXIS 5470e FTP Network Print Server V6.30.beta2 Sep 25 2002 ready.</example>
-    <description>Axis print servers</description>
     <param pos="0" name="os.vendor" value="Axis"/>
     <param pos="0" name="os.device" value="Print server"/>
     <param pos="1" name="os.product"/>
@@ -484,7 +486,7 @@ against these patterns to fingerprint FTP servers.
     <param pos="0" name="os.device" value="Printer"/>
     <param pos="1" name="os.product"/>
   </fingerprint>
-  <fingerprint pattern="^FUJI XEROX DocuPrint (.*)$" certainity="1.0">
+  <fingerprint pattern="^FUJI XEROX DocuPrint (.*)$" certainty="1.0">
     <description>FUJI XEROX DocuPrint Series of Printers</description>
     <example>FUJI XEROX DocuPrint 3055</example>
     <example>FUJI XEROX DocuPrint C1190 FS</example>
@@ -519,17 +521,17 @@ against these patterns to fingerprint FTP servers.
     <param pos="1" name="os.product"/>
   </fingerprint>
   <fingerprint pattern="^(?:Tornado-)?VxWorks \((?:VxWorks)?([^\)]+)\) FTP server(?: ready)?$" flags="REG_ICASE">
+    <description>VxWorks with version information</description>
     <example>VxWorks (5.3.1) FTP server ready</example>
     <example>VxWorks (VxWorks5.5.1) FTP server ready</example>
     <example>Tornado-vxWorks (VxWorks5.5.1) FTP server</example>
-    <description>VxWorks with version information</description>
     <param pos="0" name="os.vendor" value="Wind River"/>
     <param pos="0" name="os.product" value="VxWorks"/>
     <param pos="1" name="os.version"/>
   </fingerprint>
   <fingerprint pattern="^Tornado-vxWorks FTP server ready$" flags="REG_ICASE">
-    <example>Tornado-vxWorks FTP server ready</example>
     <description>VxWorks without version information</description>
+    <example>Tornado-vxWorks FTP server ready</example>
     <param pos="0" name="os.vendor" value="Wind River"/>
     <param pos="0" name="os.product" value="VxWorks"/>
   </fingerprint>
@@ -851,7 +853,6 @@ against these patterns to fingerprint FTP servers.
     <param pos="2" name="hw.series"/>
     <param pos="3" name="os.version"/>
   </fingerprint>
-
   <fingerprint pattern="^(\S+) FTP server \((?:HP|Compaq) Tru64 UNIX Version (\S+)\) ready\.?$">
     <description>Digital/Compaq/HP Tru64 Unix</description>
     <example host.name="example.com" os.version="5.60">example.com FTP server (Compaq Tru64 UNIX Version 5.60) ready.</example>
@@ -862,7 +863,6 @@ against these patterns to fingerprint FTP servers.
     <param pos="1" name="host.name"/>
     <param pos="2" name="os.version"/>
   </fingerprint>
-
   <fingerprint pattern="^(\S+) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
     <description>Digital/Compaq/HP Tru64 Unix</description>
     <example host.name="example.com" os.version="5.60">example.com FTP server (Digital UNIX Version 5.60) ready.</example>
@@ -873,7 +873,6 @@ against these patterns to fingerprint FTP servers.
     <param pos="1" name="host.name"/>
     <param pos="2" name="os.version"/>
   </fingerprint>
-
   <fingerprint pattern="^(\S+) FTP server \(MikroTik ([\d\.]+)\) ready\.?$">
     <description>MikroTik</description>
     <example host.name="example.com" os.version="6.18">example.com FTP server (MikroTik 6.18) ready</example>
@@ -882,13 +881,11 @@ against these patterns to fingerprint FTP servers.
     <param pos="1" name="host.name"/>
     <param pos="2" name="os.version"/>
   </fingerprint>
-
   <fingerprint pattern="^(\S+) FTP server ready\.?$" flags="REG_ICASE">
     <description>Generic FTP fingerprint with a hostname</description>
     <example host.name="example.com">example.com FTP server ready.</example>
     <param pos="1" name="host.name"/>
   </fingerprint>
-
   <fingerprint pattern="^(\S+) FTP server \(Version (\d.*)\) ready\.?$" flags="REG_ICASE">
     <description>Generic FTP fingerprint with a hostname and a version for a generic FTP implementation</description>
     <example host.name="example.com" service.version="6.00LS">example.com FTP server (Version 6.00LS) ready.</example>
@@ -896,7 +893,6 @@ against these patterns to fingerprint FTP servers.
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
   </fingerprint>
-
   <fingerprint pattern="^FTP (?:server|service)?(?: is)? ready\.?$" flags="REG_ICASE">
     <description>Generic FTP fingerprint without a hostname</description>
     <example>FTP server is ready.</example>
@@ -904,12 +900,10 @@ against these patterns to fingerprint FTP servers.
     <example>FTP Server Ready</example>
     <example>FTP service ready.</example>
   </fingerprint>
-
   <fingerprint pattern="^Welcom to ProRat Ftp Server$">
-     <description>The FTP server of the ProRat malware</description>
-     <example>Welcom to ProRat Ftp Server</example>
-     <param pos="0" name="service.vendor" value="Pro Group"/>
-     <param pos="0" name="service.product" value="ProRat"/>
+    <description>The FTP server of the ProRat malware</description>
+    <example>Welcom to ProRat Ftp Server</example>
+    <param pos="0" name="service.vendor" value="Pro Group"/>
+    <param pos="0" name="service.product" value="ProRat"/>
   </fingerprint>
-
 </fingerprints>