recog 2.0.13 → 2.0.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +19 -6
  3. data/features/{xml → data}/failing_banners_fingerprints.xml +0 -0
  4. data/features/{xml → data}/matching_banners_fingerprints.xml +0 -0
  5. data/features/{xml → data}/no_tests.xml +0 -0
  6. data/features/{xml/banners.xml → data/sample_banner.txt} +0 -0
  7. data/features/{xml → data}/successful_tests.xml +0 -0
  8. data/features/{xml → data}/tests_with_failures.xml +0 -0
  9. data/features/{xml → data}/tests_with_warnings.xml +0 -0
  10. data/features/match.feature +2 -2
  11. data/features/support/env.rb +1 -1
  12. data/lib/recog/version.rb +1 -1
  13. data/misc/order.xsl +17 -0
  14. data/spec/lib/fingerprint_self_test_spec.rb +8 -0
  15. data/xml/apache_os.xml +270 -334
  16. data/xml/architecture.xml +28 -41
  17. data/xml/fingerprints.xsd +37 -0
  18. data/xml/ftp_banners.xml +52 -58
  19. data/xml/h323_callresp.xml +597 -695
  20. data/xml/hp_pjl_id.xml +370 -409
  21. data/xml/http_cookies.xml +304 -348
  22. data/xml/http_servers.xml +3202 -3483
  23. data/xml/http_wwwauth.xml +342 -409
  24. data/xml/imap_banners.xml +149 -190
  25. data/xml/mdns_device-info_txt.xml +97 -111
  26. data/xml/mdns_workstation_txt.xml +6 -6
  27. data/xml/mysql_banners.xml +99 -198
  28. data/xml/mysql_error.xml +4 -11
  29. data/xml/nntp_banners.xml +42 -45
  30. data/xml/ntp_banners.xml +2 -3
  31. data/xml/pop_banners.xml +214 -247
  32. data/xml/rsh_resp.xml +68 -76
  33. data/xml/sip_banners.xml +19 -19
  34. data/xml/sip_user_agents.xml +63 -74
  35. data/xml/smb_native_os.xml +387 -433
  36. data/xml/smtp_banners.xml +1318 -1460
  37. data/xml/smtp_debug.xml +24 -27
  38. data/xml/smtp_ehlo.xml +19 -22
  39. data/xml/smtp_expn.xml +61 -70
  40. data/xml/smtp_help.xml +139 -160
  41. data/xml/smtp_mailfrom.xml +14 -16
  42. data/xml/smtp_noop.xml +28 -31
  43. data/xml/smtp_quit.xml +16 -18
  44. data/xml/smtp_rcptto.xml +8 -10
  45. data/xml/smtp_rset.xml +12 -13
  46. data/xml/smtp_turn.xml +12 -13
  47. data/xml/smtp_vrfy.xml +66 -76
  48. data/xml/snmp_sysdescr.xml +7257 -8016
  49. data/xml/snmp_sysobjid.xml +392 -434
  50. data/xml/ssh_banners.xml +783 -867
  51. data/xml/upnp_banners.xml +594 -628
  52. metadata +11 -9
data/xml/http_cookies.xml CHANGED
@@ -1,285 +1,256 @@
1
- <?xml version="1.0"?>
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
2
  <!--
3
3
  Set-Cookie HTTP header values are matched against these patterns to fingerprint HTTP
4
4
  servers.
5
5
  -->
6
-
7
6
  <fingerprints matches="http_header.cookie">
8
- <fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)=.*">
9
- <description>
7
+ <fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)=.*">
8
+ <description>
10
9
  Adobe (Macromedia) ColdFusion uses various cookies.
11
10
  See http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_17915&amp;sliceId=1
12
11
  and http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_17919&amp;sliceId=2
13
12
  </description>
14
- <param pos="1" name="cookie"/>
15
- <param pos="0" name="service.vendor" value="Adobe"/>
16
- <param pos="0" name="service.family" value="ColdFusion"/>
17
- <param pos="0" name="service.product" value="ColdFusion"/>
18
- </fingerprint>
19
-
20
- <fingerprint pattern="^(Apache)=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.([0-9]+);.*">
21
- <description>Apache</description>
22
- <param pos="1" name="cookie"/>
23
- <param pos="2" name="system.time.micros"/>
24
- <param pos="0" name="service.vendor" value="Apache"/>
25
- <param pos="0" name="service.family" value="Apache"/>
26
- <param pos="0" name="service.product" value="HTTPD"/>
27
- </fingerprint>
28
-
29
- <fingerprint pattern="^(JServSessionIdroot)=.*">
30
- <description>Apache JServ</description>
31
- <param pos="1" name="cookie"/>
32
- <param pos="0" name="service.vendor" value="Apache"/>
33
- <param pos="0" name="service.family" value="JServ"/>
34
- <param pos="0" name="service.product" value="JServ"/>
35
- </fingerprint>
36
-
37
- <fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)=.*">
38
- <description>ATG Dynamo</description>
39
- <param pos="1" name="cookie"/>
40
- <param pos="0" name="service.vendor" value="ATG"/>
41
- <param pos="0" name="service.family" value="Dynamo"/>
42
- <param pos="0" name="service.product" value="Dynamo"/>
43
- </fingerprint>
44
-
45
- <fingerprint pattern="^(WebLogicSession)=[^!]+![^!]+!([0-9]+);.*">
46
- <description>BEA WebLogic (with timestamp)</description>
47
- <param pos="1" name="cookie"/>
48
- <param pos="2" name="system.time.millis"/>
49
- <param pos="0" name="service.vendor" value="BEA"/>
50
- <param pos="0" name="service.family" value="WebLogic"/>
51
- <param pos="0" name="service.product" value="WebLogic"/>
52
- </fingerprint>
53
-
54
- <fingerprint pattern="^(WebLogicSession)=.*">
55
- <description>BEA WebLogic (no timestamp)</description>
56
- <param pos="1" name="cookie"/>
57
- <param pos="0" name="service.vendor" value="BEA"/>
58
- <param pos="0" name="service.family" value="WebLogic"/>
59
- <param pos="0" name="service.product" value="WebLogic"/>
60
- </fingerprint>
61
-
62
- <fingerprint pattern="^(BCSI-CSC[0-9A-Za-z]+)=.*">
63
- <description>BlueCoat Proxy</description>
64
- <param pos="1" name="cookie"/>
65
- <param pos="0" name="service.vendor" value="Blue Coat"/>
66
- <param pos="0" name="service.family" value="Proxy"/>
67
- <param pos="0" name="service.product" value="Proxy"/>
68
- </fingerprint>
69
-
70
- <fingerprint pattern="^(CAKEPHP)=.*">
71
- <description>CakePHP http://www.cakephp.org/</description>
72
- <param pos="1" name="cookie"/>
73
- <param pos="0" name="service.family" value="PHP"/>
74
- <param pos="0" name="service.product" value="CakePHP"/>
75
- </fingerprint>
76
-
77
- <fingerprint pattern="^(ARPT)=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})([A-Z]+).*">
78
- <description>Cisco 11000 Series Content Service Switch (CSS)
13
+ <param pos="1" name="cookie"/>
14
+ <param pos="0" name="service.vendor" value="Adobe"/>
15
+ <param pos="0" name="service.family" value="ColdFusion"/>
16
+ <param pos="0" name="service.product" value="ColdFusion"/>
17
+ </fingerprint>
18
+ <fingerprint pattern="^(Apache)=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.([0-9]+);.*">
19
+ <description>Apache</description>
20
+ <param pos="1" name="cookie"/>
21
+ <param pos="2" name="system.time.micros"/>
22
+ <param pos="0" name="service.vendor" value="Apache"/>
23
+ <param pos="0" name="service.family" value="Apache"/>
24
+ <param pos="0" name="service.product" value="HTTPD"/>
25
+ </fingerprint>
26
+ <fingerprint pattern="^(JServSessionIdroot)=.*">
27
+ <description>Apache JServ</description>
28
+ <param pos="1" name="cookie"/>
29
+ <param pos="0" name="service.vendor" value="Apache"/>
30
+ <param pos="0" name="service.family" value="JServ"/>
31
+ <param pos="0" name="service.product" value="JServ"/>
32
+ </fingerprint>
33
+ <fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)=.*">
34
+ <description>ATG Dynamo</description>
35
+ <param pos="1" name="cookie"/>
36
+ <param pos="0" name="service.vendor" value="ATG"/>
37
+ <param pos="0" name="service.family" value="Dynamo"/>
38
+ <param pos="0" name="service.product" value="Dynamo"/>
39
+ </fingerprint>
40
+ <fingerprint pattern="^(WebLogicSession)=[^!]+![^!]+!([0-9]+);.*">
41
+ <description>BEA WebLogic (with timestamp)</description>
42
+ <param pos="1" name="cookie"/>
43
+ <param pos="2" name="system.time.millis"/>
44
+ <param pos="0" name="service.vendor" value="BEA"/>
45
+ <param pos="0" name="service.family" value="WebLogic"/>
46
+ <param pos="0" name="service.product" value="WebLogic"/>
47
+ </fingerprint>
48
+ <fingerprint pattern="^(WebLogicSession)=.*">
49
+ <description>BEA WebLogic (no timestamp)</description>
50
+ <param pos="1" name="cookie"/>
51
+ <param pos="0" name="service.vendor" value="BEA"/>
52
+ <param pos="0" name="service.family" value="WebLogic"/>
53
+ <param pos="0" name="service.product" value="WebLogic"/>
54
+ </fingerprint>
55
+ <fingerprint pattern="^(BCSI-CSC[0-9A-Za-z]+)=.*">
56
+ <description>BlueCoat Proxy</description>
57
+ <param pos="1" name="cookie"/>
58
+ <param pos="0" name="service.vendor" value="Blue Coat"/>
59
+ <param pos="0" name="service.family" value="Proxy"/>
60
+ <param pos="0" name="service.product" value="Proxy"/>
61
+ </fingerprint>
62
+ <fingerprint pattern="^(CAKEPHP)=.*">
63
+ <description>CakePHP http://www.cakephp.org/</description>
64
+ <param pos="1" name="cookie"/>
65
+ <param pos="0" name="service.family" value="PHP"/>
66
+ <param pos="0" name="service.product" value="CakePHP"/>
67
+ </fingerprint>
68
+ <fingerprint pattern="^(ARPT)=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})([A-Z]+).*">
69
+ <description>Cisco 11000 Series Content Service Switch (CSS)
79
70
  http://www.cisco.com/warp/public/117/AP_cookies.html
80
71
 
81
72
  The cookie value breaks down to [box-id][service-id][timeout-value]
82
73
  unfortunately, there's no separator so it's hard to tell what the
83
74
  actual break is between the pieces of data.
84
75
  </description>
85
- <param pos="1" name="cookie"/>
86
- <param pos="2" name="host.id"/>
87
- <param pos="3" name="host.ip"/>
88
- <param pos="4" name="timeout"/>
89
- <param pos="0" name="service.vendor" value="Cisco"/>
90
- <param pos="0" name="service.family" value="Content Service Switch"/>
91
- <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
92
- </fingerprint>
93
-
94
- <fingerprint pattern="^(ARPT)=.*">
95
- <description>Cisco 11000 Series Content Service Switch (CSS)
76
+ <param pos="1" name="cookie"/>
77
+ <param pos="2" name="host.id"/>
78
+ <param pos="3" name="host.ip"/>
79
+ <param pos="4" name="timeout"/>
80
+ <param pos="0" name="service.vendor" value="Cisco"/>
81
+ <param pos="0" name="service.family" value="Content Service Switch"/>
82
+ <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
83
+ </fingerprint>
84
+ <fingerprint pattern="^(ARPT)=.*">
85
+ <description>Cisco 11000 Series Content Service Switch (CSS)
96
86
  http://www.cisco.com/warp/public/117/AP_cookies.html
97
87
 
98
88
  The cookie value breaks down to [box-id][service-id][timeout-value]
99
89
  unfortunately, there's no separator so it's hard to tell what the
100
90
  actual break is between the pieces of data.
101
91
  </description>
102
- <param pos="1" name="cookie"/>
103
- <param pos="0" name="service.vendor" value="Cisco"/>
104
- <param pos="0" name="service.family" value="Content Service Switch"/>
105
- <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
106
- </fingerprint>
107
-
108
- <fingerprint pattern="^(st8id)=.*">
109
- <description>Citrix Application Protection System, Enterprise
92
+ <param pos="1" name="cookie"/>
93
+ <param pos="0" name="service.vendor" value="Cisco"/>
94
+ <param pos="0" name="service.family" value="Content Service Switch"/>
95
+ <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
96
+ </fingerprint>
97
+ <fingerprint pattern="^(st8id)=.*">
98
+ <description>Citrix Application Protection System, Enterprise
110
99
  http://support.citrix.com/article/CTX109330
111
100
  </description>
112
- <param pos="1" name="cookie"/>
113
- <param pos="0" name="service.vendor" value="Citrix"/>
114
- <param pos="0" name="service.family" value="Application Protection System"/>
115
- <param pos="0" name="service.product" value="Application Protection System, Enterprise"/>
116
- </fingerprint>
117
-
118
- <fingerprint pattern="^(EktGUID|ecm)=.*">
119
- <description>Ektron CMS400.net
101
+ <param pos="1" name="cookie"/>
102
+ <param pos="0" name="service.vendor" value="Citrix"/>
103
+ <param pos="0" name="service.family" value="Application Protection System"/>
104
+ <param pos="0" name="service.product" value="Application Protection System, Enterprise"/>
105
+ </fingerprint>
106
+ <fingerprint pattern="^(EktGUID|ecm)=.*">
107
+ <description>Ektron CMS400.net
120
108
  http://www.ektron.com/developers/cms400kb.cfm?id=2174
121
109
  </description>
122
- <param pos="1" name="cookie"/>
123
- <param pos="0" name="service.vendor" value="Ektron"/>
124
- <param pos="0" name="service.family" value="CMS400.NET"/>
125
- <param pos="0" name="service.product" value="CMS400.NET"/>
126
- </fingerprint>
127
-
128
- <fingerprint pattern="^(BIGipServer([^=]+))=.*">
129
- <description>F5 BIG-IP LTM
110
+ <param pos="1" name="cookie"/>
111
+ <param pos="0" name="service.vendor" value="Ektron"/>
112
+ <param pos="0" name="service.family" value="CMS400.NET"/>
113
+ <param pos="0" name="service.product" value="CMS400.NET"/>
114
+ </fingerprint>
115
+ <fingerprint pattern="^(BIGipServer([^=]+))=.*">
116
+ <description>F5 BIG-IP LTM
130
117
  http://www.f5.com/solutions/deployment/pdfs/peoplesoft-ltm-dg.pdf
131
118
  http://www.f5.com/solutions/deployment/pdfs/SAP_v94_dg.pdf
132
119
  </description>
133
- <param pos="1" name="cookie"/>
134
- <param pos="2" name="loadbalancer.poolname"/>
135
- <param pos="0" name="service.vendor" value="F5 Labs"/>
136
- <param pos="0" name="service.family" value="BIG-IP"/>
137
- <param pos="0" name="service.product" value="BIG-IP LTM"/>
138
- </fingerprint>
139
-
140
- <fingerprint pattern="^(BigIPCookie)=.*">
141
- <description>F5 BIG-IP LTM
120
+ <param pos="1" name="cookie"/>
121
+ <param pos="2" name="loadbalancer.poolname"/>
122
+ <param pos="0" name="service.vendor" value="F5 Labs"/>
123
+ <param pos="0" name="service.family" value="BIG-IP"/>
124
+ <param pos="0" name="service.product" value="BIG-IP LTM"/>
125
+ </fingerprint>
126
+ <fingerprint pattern="^(BigIPCookie)=.*">
127
+ <description>F5 BIG-IP LTM
142
128
  http://www.f5.com/solutions/deployment/pdfs/peoplesoft-ltm-dg.pdf
143
129
  http://www.f5.com/solutions/deployment/pdfs/SAP_v94_dg.pdf
144
130
  </description>
145
- <param pos="1" name="cookie"/>
146
- <param pos="0" name="service.vendor" value="F5 Labs"/>
147
- <param pos="0" name="service.family" value="BIG-IP"/>
148
- <param pos="0" name="service.product" value="BIG-IP LTM"/>
149
- </fingerprint>
150
-
151
- <fingerprint pattern="^(SERVERID)=([A-Za-z0-9\-_]+)">
152
- <description>HAProxy
131
+ <param pos="1" name="cookie"/>
132
+ <param pos="0" name="service.vendor" value="F5 Labs"/>
133
+ <param pos="0" name="service.family" value="BIG-IP"/>
134
+ <param pos="0" name="service.product" value="BIG-IP LTM"/>
135
+ </fingerprint>
136
+ <fingerprint pattern="^(SERVERID)=([A-Za-z0-9\-_]+)">
137
+ <description>HAProxy
153
138
  http://haproxy.1wt.eu/download/1.2/doc/architecture.txt
154
139
  </description>
155
- <param pos="1" name="cookie"/>
156
- <param pos="2" name="host.name"/>
157
- <param pos="0" name="service.family" value="HAProxy"/>
158
- <param pos="0" name="service.product" value="HAProxy"/>
159
- </fingerprint>
160
-
161
- <fingerprint pattern="^(AMWEBJCT!([^!]+)!([^=]+))=.*">
162
- <description>IBM Tivoli Access Manager for e-business WebSEAL
140
+ <param pos="1" name="cookie"/>
141
+ <param pos="2" name="host.name"/>
142
+ <param pos="0" name="service.family" value="HAProxy"/>
143
+ <param pos="0" name="service.product" value="HAProxy"/>
144
+ </fingerprint>
145
+ <fingerprint pattern="^(AMWEBJCT!([^!]+)!([^=]+))=.*">
146
+ <description>IBM Tivoli Access Manager for e-business WebSEAL
163
147
  http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin180.htm
164
148
  </description>
165
- <param pos="1" name="cookie"/>
166
- <param pos="2" name="junction.name"/>
167
- <param pos="3" name="junction.cookie"/>
168
- <param pos="0" name="service.vendor" value="IBM"/>
169
- <param pos="0" name="service.family" value="Tivoli"/>
170
- <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
171
- </fingerprint>
172
-
173
- <fingerprint pattern="^(PD-S-SESSION-ID|PD-H-SESSION-ID|PD_STATEFUL_[^=]+)=.*">
174
- <description>IBM Tivoli Access Manager for e-business WebSeal
149
+ <param pos="1" name="cookie"/>
150
+ <param pos="2" name="junction.name"/>
151
+ <param pos="3" name="junction.cookie"/>
152
+ <param pos="0" name="service.vendor" value="IBM"/>
153
+ <param pos="0" name="service.family" value="Tivoli"/>
154
+ <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
155
+ </fingerprint>
156
+ <fingerprint pattern="^(PD-S-SESSION-ID|PD-H-SESSION-ID|PD_STATEFUL_[^=]+)=.*">
157
+ <description>IBM Tivoli Access Manager for e-business WebSeal
175
158
  http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin117.htm
176
159
  </description>
177
- <param pos="1" name="cookie"/>
178
- <param pos="0" name="service.vendor" value="IBM"/>
179
- <param pos="0" name="service.family" value="Tivoli"/>
180
- <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
181
- </fingerprint>
182
-
183
- <fingerprint pattern="^(IBMCBR)=.*">
184
- <description>IBM WebSphere Load Balancer
160
+ <param pos="1" name="cookie"/>
161
+ <param pos="0" name="service.vendor" value="IBM"/>
162
+ <param pos="0" name="service.family" value="Tivoli"/>
163
+ <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
164
+ </fingerprint>
165
+ <fingerprint pattern="^(IBMCBR)=.*">
166
+ <description>IBM WebSphere Load Balancer
185
167
  http://www-306.ibm.com/software/webservers/appserv/doc/v51/ec/infocenter/edge/LBguide.htm
186
168
  </description>
187
- <param pos="1" name="cookie"/>
188
- <param pos="0" name="service.vendor" value="IBM"/>
189
- <param pos="0" name="service.family" value="WebSphere"/>
190
- <param pos="0" name="service.product" value="WebSphere Load Balancer"/>
191
- </fingerprint>
192
-
193
- <fingerprint pattern="^(mbfcookie(?:\[lang\])?)=.*">
194
- <description>Joom!Fish http://www.joomfish.net/
169
+ <param pos="1" name="cookie"/>
170
+ <param pos="0" name="service.vendor" value="IBM"/>
171
+ <param pos="0" name="service.family" value="WebSphere"/>
172
+ <param pos="0" name="service.product" value="WebSphere Load Balancer"/>
173
+ </fingerprint>
174
+ <fingerprint pattern="^(mbfcookie(?:\[lang\])?)=.*">
175
+ <description>Joom!Fish http://www.joomfish.net/
195
176
  </description>
196
- <param pos="1" name="cookie"/>
197
- <param pos="0" name="service.family" value="Joom!Fish"/>
198
- <param pos="0" name="service.product" value="Joom!Fish"/>
199
- </fingerprint>
200
-
201
- <fingerprint pattern="^(MSCSAuth|MSCSProfile)=.*">
202
- <description>Microsoft Commerce Server
177
+ <param pos="1" name="cookie"/>
178
+ <param pos="0" name="service.family" value="Joom!Fish"/>
179
+ <param pos="0" name="service.product" value="Joom!Fish"/>
180
+ </fingerprint>
181
+ <fingerprint pattern="^(MSCSAuth|MSCSProfile)=.*">
182
+ <description>Microsoft Commerce Server
203
183
  http://msdn2.microsoft.com/en-us/library/ms953828.aspx
204
184
  </description>
205
- <param pos="1" name="cookie"/>
206
- <param pos="0" name="service.vendor" value="Microsoft"/>
207
- <param pos="0" name="service.family" value="Commerce Server"/>
208
- <param pos="0" name="service.product" value="Commerce Server"/>
209
- </fingerprint>
210
-
211
- <fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=.*">
212
- <description>Microsoft IIS (ASP.NET)
185
+ <param pos="1" name="cookie"/>
186
+ <param pos="0" name="service.vendor" value="Microsoft"/>
187
+ <param pos="0" name="service.family" value="Commerce Server"/>
188
+ <param pos="0" name="service.product" value="Commerce Server"/>
189
+ </fingerprint>
190
+ <fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=.*">
191
+ <description>Microsoft IIS (ASP.NET)
213
192
  http://msdn2.microsoft.com/en-us/library/ms953828.aspx
214
193
  http://support.microsoft.com/kb/899918
215
194
  http://msdn2.microsoft.com/en-us/library/91ka2e6a.aspx
216
195
  </description>
217
- <param pos="1" name="cookie"/>
218
- <param pos="0" name="service.vendor" value="Microsoft"/>
219
- <param pos="0" name="service.family" value="IIS"/>
220
- <param pos="0" name="service.product" value="IIS"/>
221
- <param pos="0" name="service.component.vendor" value="Microsoft"/>
222
- <param pos="0" name="service.component.family" value="ASP.NET"/>
223
- <param pos="0" name="service.component.product" value="ASP.NET"/>
224
- </fingerprint>
225
-
226
- <fingerprint pattern="^(AlteonP)=.*">
227
- <description>Nortel Alteon Web Switch</description>
228
- <param pos="1" name="cookie"/>
229
- <param pos="0" name="service.vendor" value="Nortel"/>
230
- <param pos="0" name="service.family" value="Alteon"/>
231
- <param pos="0" name="service.product" value="Alteon Web Switch"/>
232
- </fingerprint>
233
-
234
- <fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=.*">
235
- <description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
236
- <param pos="1" name="cookie"/>
237
- <param pos="0" name="service.vendor" value="FatWire"/>
238
- <param pos="0" name="service.family" value="Content Server"/>
239
- <param pos="0" name="service.product" value="Content Server"/>
240
- </fingerprint>
241
-
242
- <fingerprint pattern="^(parkinglot)=.*">
243
- <description>Oversee Webserver</description>
244
- <param pos="1" name="cookie"/>
245
- <param pos="0" name="service.vendor" value="Oversee"/>
246
- <param pos="0" name="service.family" value="Webserver"/>
247
- <param pos="0" name="service.product" value="Webserver"/>
248
- </fingerprint>
249
-
250
- <fingerprint pattern="^(PHPSESSID|PHPSESSION)=.*">
251
- <description>PHP http://www.php.net/ref.session</description>
252
- <param pos="1" name="cookie"/>
253
- <param pos="0" name="service.vendor" value="PHP"/>
254
- <param pos="0" name="service.family" value="PHP"/>
255
- <param pos="0" name="service.product" value="PHP"/>
256
- </fingerprint>
257
-
258
- <fingerprint pattern="^(RMID)=.*">
259
- <description>RealMedia OpenAdStream</description>
260
- <param pos="1" name="cookie"/>
261
- <param pos="0" name="service.vendor" value="RealMedia"/>
262
- <param pos="0" name="service.family" value="OpenAdStream"/>
263
- <param pos="0" name="service.product" value="OpenAdStream"/>
264
- </fingerprint>
265
-
266
- <fingerprint pattern="^(RoxenUserID)=.*">
267
- <description>Roxen WebServer</description>
268
- <param pos="1" name="cookie"/>
269
- <param pos="0" name="service.vendor" value="Roxen"/>
270
- <param pos="0" name="service.family" value="WebServer"/>
271
- <param pos="0" name="service.product" value="WebServer"/>
272
- </fingerprint>
273
-
274
- <fingerprint pattern="^(_sn)=.*">
275
- <description>Siebel CRM</description>
276
- <param pos="1" name="cookie"/>
277
- <param pos="0" name="service.vendor" value="Siebel"/>
278
- <param pos="0" name="service.family" value="CRM"/>
279
- <param pos="0" name="service.product" value="CRM"/>
280
- </fingerprint>
281
-
282
- <!-- This fingerprint is not specific enough. Multiple products are sold under
196
+ <param pos="1" name="cookie"/>
197
+ <param pos="0" name="service.vendor" value="Microsoft"/>
198
+ <param pos="0" name="service.family" value="IIS"/>
199
+ <param pos="0" name="service.product" value="IIS"/>
200
+ <param pos="0" name="service.component.vendor" value="Microsoft"/>
201
+ <param pos="0" name="service.component.family" value="ASP.NET"/>
202
+ <param pos="0" name="service.component.product" value="ASP.NET"/>
203
+ </fingerprint>
204
+ <fingerprint pattern="^(AlteonP)=.*">
205
+ <description>Nortel Alteon Web Switch</description>
206
+ <param pos="1" name="cookie"/>
207
+ <param pos="0" name="service.vendor" value="Nortel"/>
208
+ <param pos="0" name="service.family" value="Alteon"/>
209
+ <param pos="0" name="service.product" value="Alteon Web Switch"/>
210
+ </fingerprint>
211
+ <fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=.*">
212
+ <description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
213
+ <param pos="1" name="cookie"/>
214
+ <param pos="0" name="service.vendor" value="FatWire"/>
215
+ <param pos="0" name="service.family" value="Content Server"/>
216
+ <param pos="0" name="service.product" value="Content Server"/>
217
+ </fingerprint>
218
+ <fingerprint pattern="^(parkinglot)=.*">
219
+ <description>Oversee Webserver</description>
220
+ <param pos="1" name="cookie"/>
221
+ <param pos="0" name="service.vendor" value="Oversee"/>
222
+ <param pos="0" name="service.family" value="Webserver"/>
223
+ <param pos="0" name="service.product" value="Webserver"/>
224
+ </fingerprint>
225
+ <fingerprint pattern="^(PHPSESSID|PHPSESSION)=.*">
226
+ <description>PHP http://www.php.net/ref.session</description>
227
+ <param pos="1" name="cookie"/>
228
+ <param pos="0" name="service.vendor" value="PHP"/>
229
+ <param pos="0" name="service.family" value="PHP"/>
230
+ <param pos="0" name="service.product" value="PHP"/>
231
+ </fingerprint>
232
+ <fingerprint pattern="^(RMID)=.*">
233
+ <description>RealMedia OpenAdStream</description>
234
+ <param pos="1" name="cookie"/>
235
+ <param pos="0" name="service.vendor" value="RealMedia"/>
236
+ <param pos="0" name="service.family" value="OpenAdStream"/>
237
+ <param pos="0" name="service.product" value="OpenAdStream"/>
238
+ </fingerprint>
239
+ <fingerprint pattern="^(RoxenUserID)=.*">
240
+ <description>Roxen WebServer</description>
241
+ <param pos="1" name="cookie"/>
242
+ <param pos="0" name="service.vendor" value="Roxen"/>
243
+ <param pos="0" name="service.family" value="WebServer"/>
244
+ <param pos="0" name="service.product" value="WebServer"/>
245
+ </fingerprint>
246
+ <fingerprint pattern="^(_sn)=.*">
247
+ <description>Siebel CRM</description>
248
+ <param pos="1" name="cookie"/>
249
+ <param pos="0" name="service.vendor" value="Siebel"/>
250
+ <param pos="0" name="service.family" value="CRM"/>
251
+ <param pos="0" name="service.product" value="CRM"/>
252
+ </fingerprint>
253
+ <!-- This fingerprint is not specific enough. Multiple products are sold under
283
254
  the brand iPlanet/Sun ONE/Sun Java.
284
255
  <fingerprint pattern="^(iPlanetUserId)=.*">
285
256
  <description>Sun iPlanet</description>
@@ -289,128 +260,113 @@ servers.
289
260
  <param pos="0" name="service.product" value="???"/>
290
261
  </fingerprint>
291
262
  -->
292
-
293
- <fingerprint pattern="^(NSES40Session)=.*">
294
- <description>Netscape Enterprise Server (subsequently iPlanet Web Server,
263
+ <fingerprint pattern="^(NSES40Session)=.*">
264
+ <description>Netscape Enterprise Server (subsequently iPlanet Web Server,
295
265
  Sun ONE Web Server, presently Sun Java System Web Server)</description>
296
- <param pos="1" name="cookie"/>
297
- <param pos="0" name="service.vendor" value="Sun"/>
298
- <param pos="0" name="service.family" value="Java System Web Server"/>
299
- <param pos="0" name="service.product" value="Java System Web Server"/>
300
- <param pos="0" name="service.version" value="4.0"/>
301
- </fingerprint>
302
-
303
- <fingerprint pattern="^(gx_session_id|JROUTE)=.*">
304
- <description>Sun Java System Application Server (formerly iPlanet Application Server,
266
+ <param pos="1" name="cookie"/>
267
+ <param pos="0" name="service.vendor" value="Sun"/>
268
+ <param pos="0" name="service.family" value="Java System Web Server"/>
269
+ <param pos="0" name="service.product" value="Java System Web Server"/>
270
+ <param pos="0" name="service.version" value="4.0"/>
271
+ </fingerprint>
272
+ <fingerprint pattern="^(gx_session_id|JROUTE)=.*">
273
+ <description>Sun Java System Application Server (formerly iPlanet Application Server,
305
274
  Sun ONE Application Server)</description>
306
- <param pos="1" name="cookie"/>
307
- <param pos="0" name="service.vendor" value="Sun"/>
308
- <param pos="0" name="service.family" value="Java System Application Server"/>
309
- <param pos="0" name="service.product" value="Java System Application Server"/>
310
- </fingerprint>
311
-
312
- <fingerprint pattern="^(fe_typo_user)=.*">
313
- <description>TYPO3 CMS - http://typo3.com/</description>
314
- <param pos="1" name="cookie"/>
315
- <param pos="0" name="service.vendor" value="TYPO3"/>
316
- <param pos="0" name="service.family" value="CMS"/>
317
- <param pos="0" name="service.product" value="CMS"/>
318
- </fingerprint>
319
-
320
- <fingerprint pattern="^(SaneID)=.*">
321
- <description>Unica NetTracker - http://netinsight.unica.com/Products/NetTracker.cfm</description>
322
- <param pos="1" name="cookie"/>
323
- <param pos="0" name="service.vendor" value="Unica"/>
324
- <param pos="0" name="service.family" value="NetTracker"/>
325
- <param pos="0" name="service.product" value="NetTracker"/>
326
- </fingerprint>
327
-
328
- <fingerprint pattern="^(__utm[a-z])=.*">
329
- <description>Urchin Tracking Module
275
+ <param pos="1" name="cookie"/>
276
+ <param pos="0" name="service.vendor" value="Sun"/>
277
+ <param pos="0" name="service.family" value="Java System Application Server"/>
278
+ <param pos="0" name="service.product" value="Java System Application Server"/>
279
+ </fingerprint>
280
+ <fingerprint pattern="^(fe_typo_user)=.*">
281
+ <description>TYPO3 CMS - http://typo3.com/</description>
282
+ <param pos="1" name="cookie"/>
283
+ <param pos="0" name="service.vendor" value="TYPO3"/>
284
+ <param pos="0" name="service.family" value="CMS"/>
285
+ <param pos="0" name="service.product" value="CMS"/>
286
+ </fingerprint>
287
+ <fingerprint pattern="^(SaneID)=.*">
288
+ <description>Unica NetTracker - http://netinsight.unica.com/Products/NetTracker.cfm</description>
289
+ <param pos="1" name="cookie"/>
290
+ <param pos="0" name="service.vendor" value="Unica"/>
291
+ <param pos="0" name="service.family" value="NetTracker"/>
292
+ <param pos="0" name="service.product" value="NetTracker"/>
293
+ </fingerprint>
294
+ <fingerprint pattern="^(__utm[a-z])=.*">
295
+ <description>Urchin Tracking Module
330
296
  http://www.google.com/support/urchin45/bin/answer.py?answer=28307&amp;topic=7425
331
297
  </description>
332
- <param pos="1" name="cookie"/>
333
- <param pos="0" name="service.vendor" value="Google"/>
334
- <param pos="0" name="service.family" value="Urchin"/>
335
- <param pos="0" name="service.product" value="Urchin Tracking Module"/>
336
- </fingerprint>
337
-
338
- <fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=.*">
339
- <description>Vignette</description>
340
- <param pos="1" name="cookie"/>
341
- <param pos="0" name="service.vendor" value="Vignette"/>
342
- <param pos="0" name="service.family" value="Vignette"/>
343
- <param pos="0" name="service.product" value="Vignette"/>
344
- </fingerprint>
345
-
346
- <fingerprint pattern="^(wgSession)=.*">
347
- <description>Plain Black WebGUI - http://www.plainblack.com/webgui</description>
348
- <param pos="1" name="cookie"/>
349
- <param pos="0" name="service.vendor" value="Plain Black"/>
350
- <param pos="0" name="service.family" value="WebGUI"/>
351
- <param pos="0" name="service.product" value="WebGUI"/>
352
- </fingerprint>
353
-
354
- <fingerprint pattern="^(WEBTRENDSID|WEBTRENDS_ID)=.*">
355
- <description>WebTrends</description>
356
- <param pos="1" name="cookie"/>
357
- <param pos="0" name="service.vendor" value="WebTrends"/>
358
- <param pos="0" name="service.family" value="WebTrends"/>
359
- <param pos="0" name="service.product" value="WebTrends"/>
360
- </fingerprint>
361
-
362
- <fingerprint pattern="^(_ZopeId)=.*">
363
- <description>Zope</description>
364
- <param pos="1" name="cookie"/>
365
- <param pos="0" name="service.family" value="Zope"/>
366
- <param pos="0" name="service.product" value="Zope"/>
367
- </fingerprint>
368
-
369
- <fingerprint pattern="^(portal)=([0-9]+\.[0-9]+\.[0-9]+).*">
370
- <description>This is the default OracleAS Portal cookie name
298
+ <param pos="1" name="cookie"/>
299
+ <param pos="0" name="service.vendor" value="Google"/>
300
+ <param pos="0" name="service.family" value="Urchin"/>
301
+ <param pos="0" name="service.product" value="Urchin Tracking Module"/>
302
+ </fingerprint>
303
+ <fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=.*">
304
+ <description>Vignette</description>
305
+ <param pos="1" name="cookie"/>
306
+ <param pos="0" name="service.vendor" value="Vignette"/>
307
+ <param pos="0" name="service.family" value="Vignette"/>
308
+ <param pos="0" name="service.product" value="Vignette"/>
309
+ </fingerprint>
310
+ <fingerprint pattern="^(wgSession)=.*">
311
+ <description>Plain Black WebGUI - http://www.plainblack.com/webgui</description>
312
+ <param pos="1" name="cookie"/>
313
+ <param pos="0" name="service.vendor" value="Plain Black"/>
314
+ <param pos="0" name="service.family" value="WebGUI"/>
315
+ <param pos="0" name="service.product" value="WebGUI"/>
316
+ </fingerprint>
317
+ <fingerprint pattern="^(WEBTRENDSID|WEBTRENDS_ID)=.*">
318
+ <description>WebTrends</description>
319
+ <param pos="1" name="cookie"/>
320
+ <param pos="0" name="service.vendor" value="WebTrends"/>
321
+ <param pos="0" name="service.family" value="WebTrends"/>
322
+ <param pos="0" name="service.product" value="WebTrends"/>
323
+ </fingerprint>
324
+ <fingerprint pattern="^(_ZopeId)=.*">
325
+ <description>Zope</description>
326
+ <param pos="1" name="cookie"/>
327
+ <param pos="0" name="service.family" value="Zope"/>
328
+ <param pos="0" name="service.product" value="Zope"/>
329
+ </fingerprint>
330
+ <fingerprint pattern="^(portal)=([0-9]+\.[0-9]+\.[0-9]+).*">
331
+ <description>This is the default OracleAS Portal cookie name
371
332
  http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_f.htm
372
333
  </description>
373
- <param pos="1" name="cookie"/>
374
- <param pos="2" name="service.version"/>
375
- <param pos="0" name="service.vendor" value="Oracle"/>
376
- <param pos="0" name="service.family" value="OracleAS"/>
377
- <param pos="0" name="service.product" value="OracleAS Portal"/>
378
- </fingerprint>
379
-
380
- <fingerprint pattern="^Compaq-HMMD=[^;]+;.*$">
381
- <description>HP System Management Homepage (SMH)</description>
382
- <example>Compaq-HMMD=0001-c01fffff-487a-394a-aab0-ffffffffffff-ffffffffffffffff; path=/</example>
383
- <example>Compaq-HMMD=0001-c01fffff-487a-394a-aab0-ffffffffffff-ffffffffffffffff; path=/; Secure</example>
384
- <param pos="0" name="service.vendor" value="HP"/>
385
- <param pos="0" name="service.family" value="SMH"/>
386
- <param pos="0" name="service.product" value="SMH"/>
387
- </fingerprint>
388
-
389
- <!--
334
+ <param pos="1" name="cookie"/>
335
+ <param pos="2" name="service.version"/>
336
+ <param pos="0" name="service.vendor" value="Oracle"/>
337
+ <param pos="0" name="service.family" value="OracleAS"/>
338
+ <param pos="0" name="service.product" value="OracleAS Portal"/>
339
+ </fingerprint>
340
+ <fingerprint pattern="^Compaq-HMMD=[^;]+;.*$">
341
+ <description>HP System Management Homepage (SMH)</description>
342
+ <example>Compaq-HMMD=0001-c01fffff-487a-394a-aab0-ffffffffffff-ffffffffffffffff; path=/</example>
343
+ <example>Compaq-HMMD=0001-c01fffff-487a-394a-aab0-ffffffffffff-ffffffffffffffff; path=/; Secure</example>
344
+ <param pos="0" name="service.vendor" value="HP"/>
345
+ <param pos="0" name="service.family" value="SMH"/>
346
+ <param pos="0" name="service.product" value="SMH"/>
347
+ </fingerprint>
348
+ <!--
390
349
  Ignore various cookies that are very generic cookies for session IDs
391
350
  that are not necessarily indicative of any particular
392
351
  product/device/etc. If a future fingerprint comes along that utilizes
393
352
  a similar cookie name, you must ensure that it is located prior to
394
353
  these and this is enforced by rspec.
395
354
  -->
396
-
397
- <fingerprint pattern="^JSESSIONID(?:\.[^=]+)?=[^;]+;.*$" flags="REG_ICASE">
398
- <description>Ignore simple JSESSIONID and related cookies</description>
399
- <example>JSESSIONID=6ooov35i4l3n36qtaf8csvg0;Path=/</example>
400
- <example>jsessionid=6nkp66iogcdc92720%2Dc6e4%2D4989%2Db7b2%2D5021624cfdff;Path=/;secure</example>
401
- <example>JSESSIONID.c00a9623=v216643eijh19p9duve5srgf;Path=/;HttpOnly</example>
402
- </fingerprint>
403
-
404
- <fingerprint pattern="^_?SESSION_?ID\s*=\s*[^;]+;.*$" flags="REG_ICASE">
405
- <description>Ignore simple SESSIONID and related cookies</description>
406
- <example>sessionId=7dba3249cfcd4b59854055311099a294; path=/;</example>
407
- <example>_session_id=7fe933db0fea13e9c872103ba2d142db; path=/; HttpOnly</example>
408
- <example>sessionId =0VrS6Ro6uC5QPXKgNdqGvyUgUFtUOVwv6OWAEWcWQ3jLRtAk2TVAgAApN9yTWVz;postId=; path=/;</example>
409
- <example>_session_id=18b3e173aa11db0533fd01752e81f583; path=/; HttpOnly</example>
410
- </fingerprint>
411
-
412
- <fingerprint pattern="^sid=[^;]+;.*$" flags="REG_ICASE">
413
- <description>Ignore simple SID and related cookies</description>
414
- <example>sid=sfd10bf73-654458f687aa3c68b3874915f651e0ca;path=/;"</example>
415
- </fingerprint>
355
+ <fingerprint pattern="^JSESSIONID(?:\.[^=]+)?=[^;]+;.*$" flags="REG_ICASE">
356
+ <description>Ignore simple JSESSIONID and related cookies</description>
357
+ <example>JSESSIONID=6ooov35i4l3n36qtaf8csvg0;Path=/</example>
358
+ <example>jsessionid=6nkp66iogcdc92720%2Dc6e4%2D4989%2Db7b2%2D5021624cfdff;Path=/;secure</example>
359
+ <example>JSESSIONID.c00a9623=v216643eijh19p9duve5srgf;Path=/;HttpOnly</example>
360
+ </fingerprint>
361
+ <fingerprint pattern="^_?SESSION_?ID\s*=\s*[^;]+;.*$" flags="REG_ICASE">
362
+ <description>Ignore simple SESSIONID and related cookies</description>
363
+ <example>sessionId=7dba3249cfcd4b59854055311099a294; path=/;</example>
364
+ <example>_session_id=7fe933db0fea13e9c872103ba2d142db; path=/; HttpOnly</example>
365
+ <example>sessionId =0VrS6Ro6uC5QPXKgNdqGvyUgUFtUOVwv6OWAEWcWQ3jLRtAk2TVAgAApN9yTWVz;postId=; path=/;</example>
366
+ <example>_session_id=18b3e173aa11db0533fd01752e81f583; path=/; HttpOnly</example>
367
+ </fingerprint>
368
+ <fingerprint pattern="^sid=[^;]+;.*$" flags="REG_ICASE">
369
+ <description>Ignore simple SID and related cookies</description>
370
+ <example>sid=sfd10bf73-654458f687aa3c68b3874915f651e0ca;path=/;"</example>
371
+ </fingerprint>
416
372
  </fingerprints>