recog 2.0.13 → 2.0.14

Sign up to get free protection for your applications and to get access to all the features.
Files changed (52) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +19 -6
  3. data/features/{xml → data}/failing_banners_fingerprints.xml +0 -0
  4. data/features/{xml → data}/matching_banners_fingerprints.xml +0 -0
  5. data/features/{xml → data}/no_tests.xml +0 -0
  6. data/features/{xml/banners.xml → data/sample_banner.txt} +0 -0
  7. data/features/{xml → data}/successful_tests.xml +0 -0
  8. data/features/{xml → data}/tests_with_failures.xml +0 -0
  9. data/features/{xml → data}/tests_with_warnings.xml +0 -0
  10. data/features/match.feature +2 -2
  11. data/features/support/env.rb +1 -1
  12. data/lib/recog/version.rb +1 -1
  13. data/misc/order.xsl +17 -0
  14. data/spec/lib/fingerprint_self_test_spec.rb +8 -0
  15. data/xml/apache_os.xml +270 -334
  16. data/xml/architecture.xml +28 -41
  17. data/xml/fingerprints.xsd +37 -0
  18. data/xml/ftp_banners.xml +52 -58
  19. data/xml/h323_callresp.xml +597 -695
  20. data/xml/hp_pjl_id.xml +370 -409
  21. data/xml/http_cookies.xml +304 -348
  22. data/xml/http_servers.xml +3202 -3483
  23. data/xml/http_wwwauth.xml +342 -409
  24. data/xml/imap_banners.xml +149 -190
  25. data/xml/mdns_device-info_txt.xml +97 -111
  26. data/xml/mdns_workstation_txt.xml +6 -6
  27. data/xml/mysql_banners.xml +99 -198
  28. data/xml/mysql_error.xml +4 -11
  29. data/xml/nntp_banners.xml +42 -45
  30. data/xml/ntp_banners.xml +2 -3
  31. data/xml/pop_banners.xml +214 -247
  32. data/xml/rsh_resp.xml +68 -76
  33. data/xml/sip_banners.xml +19 -19
  34. data/xml/sip_user_agents.xml +63 -74
  35. data/xml/smb_native_os.xml +387 -433
  36. data/xml/smtp_banners.xml +1318 -1460
  37. data/xml/smtp_debug.xml +24 -27
  38. data/xml/smtp_ehlo.xml +19 -22
  39. data/xml/smtp_expn.xml +61 -70
  40. data/xml/smtp_help.xml +139 -160
  41. data/xml/smtp_mailfrom.xml +14 -16
  42. data/xml/smtp_noop.xml +28 -31
  43. data/xml/smtp_quit.xml +16 -18
  44. data/xml/smtp_rcptto.xml +8 -10
  45. data/xml/smtp_rset.xml +12 -13
  46. data/xml/smtp_turn.xml +12 -13
  47. data/xml/smtp_vrfy.xml +66 -76
  48. data/xml/snmp_sysdescr.xml +7257 -8016
  49. data/xml/snmp_sysobjid.xml +392 -434
  50. data/xml/ssh_banners.xml +783 -867
  51. data/xml/upnp_banners.xml +594 -628
  52. metadata +11 -9
data/xml/http_cookies.xml CHANGED
@@ -1,285 +1,256 @@
1
- <?xml version="1.0"?>
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
2
  <!--
3
3
  Set-Cookie HTTP header values are matched against these patterns to fingerprint HTTP
4
4
  servers.
5
5
  -->
6
-
7
6
  <fingerprints matches="http_header.cookie">
8
- <fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)=.*">
9
- <description>
7
+ <fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)=.*">
8
+ <description>
10
9
  Adobe (Macromedia) ColdFusion uses various cookies.
11
10
  See http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_17915&amp;sliceId=1
12
11
  and http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_17919&amp;sliceId=2
13
12
  </description>
14
- <param pos="1" name="cookie"/>
15
- <param pos="0" name="service.vendor" value="Adobe"/>
16
- <param pos="0" name="service.family" value="ColdFusion"/>
17
- <param pos="0" name="service.product" value="ColdFusion"/>
18
- </fingerprint>
19
-
20
- <fingerprint pattern="^(Apache)=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.([0-9]+);.*">
21
- <description>Apache</description>
22
- <param pos="1" name="cookie"/>
23
- <param pos="2" name="system.time.micros"/>
24
- <param pos="0" name="service.vendor" value="Apache"/>
25
- <param pos="0" name="service.family" value="Apache"/>
26
- <param pos="0" name="service.product" value="HTTPD"/>
27
- </fingerprint>
28
-
29
- <fingerprint pattern="^(JServSessionIdroot)=.*">
30
- <description>Apache JServ</description>
31
- <param pos="1" name="cookie"/>
32
- <param pos="0" name="service.vendor" value="Apache"/>
33
- <param pos="0" name="service.family" value="JServ"/>
34
- <param pos="0" name="service.product" value="JServ"/>
35
- </fingerprint>
36
-
37
- <fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)=.*">
38
- <description>ATG Dynamo</description>
39
- <param pos="1" name="cookie"/>
40
- <param pos="0" name="service.vendor" value="ATG"/>
41
- <param pos="0" name="service.family" value="Dynamo"/>
42
- <param pos="0" name="service.product" value="Dynamo"/>
43
- </fingerprint>
44
-
45
- <fingerprint pattern="^(WebLogicSession)=[^!]+![^!]+!([0-9]+);.*">
46
- <description>BEA WebLogic (with timestamp)</description>
47
- <param pos="1" name="cookie"/>
48
- <param pos="2" name="system.time.millis"/>
49
- <param pos="0" name="service.vendor" value="BEA"/>
50
- <param pos="0" name="service.family" value="WebLogic"/>
51
- <param pos="0" name="service.product" value="WebLogic"/>
52
- </fingerprint>
53
-
54
- <fingerprint pattern="^(WebLogicSession)=.*">
55
- <description>BEA WebLogic (no timestamp)</description>
56
- <param pos="1" name="cookie"/>
57
- <param pos="0" name="service.vendor" value="BEA"/>
58
- <param pos="0" name="service.family" value="WebLogic"/>
59
- <param pos="0" name="service.product" value="WebLogic"/>
60
- </fingerprint>
61
-
62
- <fingerprint pattern="^(BCSI-CSC[0-9A-Za-z]+)=.*">
63
- <description>BlueCoat Proxy</description>
64
- <param pos="1" name="cookie"/>
65
- <param pos="0" name="service.vendor" value="Blue Coat"/>
66
- <param pos="0" name="service.family" value="Proxy"/>
67
- <param pos="0" name="service.product" value="Proxy"/>
68
- </fingerprint>
69
-
70
- <fingerprint pattern="^(CAKEPHP)=.*">
71
- <description>CakePHP http://www.cakephp.org/</description>
72
- <param pos="1" name="cookie"/>
73
- <param pos="0" name="service.family" value="PHP"/>
74
- <param pos="0" name="service.product" value="CakePHP"/>
75
- </fingerprint>
76
-
77
- <fingerprint pattern="^(ARPT)=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})([A-Z]+).*">
78
- <description>Cisco 11000 Series Content Service Switch (CSS)
13
+ <param pos="1" name="cookie"/>
14
+ <param pos="0" name="service.vendor" value="Adobe"/>
15
+ <param pos="0" name="service.family" value="ColdFusion"/>
16
+ <param pos="0" name="service.product" value="ColdFusion"/>
17
+ </fingerprint>
18
+ <fingerprint pattern="^(Apache)=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.([0-9]+);.*">
19
+ <description>Apache</description>
20
+ <param pos="1" name="cookie"/>
21
+ <param pos="2" name="system.time.micros"/>
22
+ <param pos="0" name="service.vendor" value="Apache"/>
23
+ <param pos="0" name="service.family" value="Apache"/>
24
+ <param pos="0" name="service.product" value="HTTPD"/>
25
+ </fingerprint>
26
+ <fingerprint pattern="^(JServSessionIdroot)=.*">
27
+ <description>Apache JServ</description>
28
+ <param pos="1" name="cookie"/>
29
+ <param pos="0" name="service.vendor" value="Apache"/>
30
+ <param pos="0" name="service.family" value="JServ"/>
31
+ <param pos="0" name="service.product" value="JServ"/>
32
+ </fingerprint>
33
+ <fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)=.*">
34
+ <description>ATG Dynamo</description>
35
+ <param pos="1" name="cookie"/>
36
+ <param pos="0" name="service.vendor" value="ATG"/>
37
+ <param pos="0" name="service.family" value="Dynamo"/>
38
+ <param pos="0" name="service.product" value="Dynamo"/>
39
+ </fingerprint>
40
+ <fingerprint pattern="^(WebLogicSession)=[^!]+![^!]+!([0-9]+);.*">
41
+ <description>BEA WebLogic (with timestamp)</description>
42
+ <param pos="1" name="cookie"/>
43
+ <param pos="2" name="system.time.millis"/>
44
+ <param pos="0" name="service.vendor" value="BEA"/>
45
+ <param pos="0" name="service.family" value="WebLogic"/>
46
+ <param pos="0" name="service.product" value="WebLogic"/>
47
+ </fingerprint>
48
+ <fingerprint pattern="^(WebLogicSession)=.*">
49
+ <description>BEA WebLogic (no timestamp)</description>
50
+ <param pos="1" name="cookie"/>
51
+ <param pos="0" name="service.vendor" value="BEA"/>
52
+ <param pos="0" name="service.family" value="WebLogic"/>
53
+ <param pos="0" name="service.product" value="WebLogic"/>
54
+ </fingerprint>
55
+ <fingerprint pattern="^(BCSI-CSC[0-9A-Za-z]+)=.*">
56
+ <description>BlueCoat Proxy</description>
57
+ <param pos="1" name="cookie"/>
58
+ <param pos="0" name="service.vendor" value="Blue Coat"/>
59
+ <param pos="0" name="service.family" value="Proxy"/>
60
+ <param pos="0" name="service.product" value="Proxy"/>
61
+ </fingerprint>
62
+ <fingerprint pattern="^(CAKEPHP)=.*">
63
+ <description>CakePHP http://www.cakephp.org/</description>
64
+ <param pos="1" name="cookie"/>
65
+ <param pos="0" name="service.family" value="PHP"/>
66
+ <param pos="0" name="service.product" value="CakePHP"/>
67
+ </fingerprint>
68
+ <fingerprint pattern="^(ARPT)=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})([A-Z]+).*">
69
+ <description>Cisco 11000 Series Content Service Switch (CSS)
79
70
  http://www.cisco.com/warp/public/117/AP_cookies.html
80
71
 
81
72
  The cookie value breaks down to [box-id][service-id][timeout-value]
82
73
  unfortunately, there's no separator so it's hard to tell what the
83
74
  actual break is between the pieces of data.
84
75
  </description>
85
- <param pos="1" name="cookie"/>
86
- <param pos="2" name="host.id"/>
87
- <param pos="3" name="host.ip"/>
88
- <param pos="4" name="timeout"/>
89
- <param pos="0" name="service.vendor" value="Cisco"/>
90
- <param pos="0" name="service.family" value="Content Service Switch"/>
91
- <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
92
- </fingerprint>
93
-
94
- <fingerprint pattern="^(ARPT)=.*">
95
- <description>Cisco 11000 Series Content Service Switch (CSS)
76
+ <param pos="1" name="cookie"/>
77
+ <param pos="2" name="host.id"/>
78
+ <param pos="3" name="host.ip"/>
79
+ <param pos="4" name="timeout"/>
80
+ <param pos="0" name="service.vendor" value="Cisco"/>
81
+ <param pos="0" name="service.family" value="Content Service Switch"/>
82
+ <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
83
+ </fingerprint>
84
+ <fingerprint pattern="^(ARPT)=.*">
85
+ <description>Cisco 11000 Series Content Service Switch (CSS)
96
86
  http://www.cisco.com/warp/public/117/AP_cookies.html
97
87
 
98
88
  The cookie value breaks down to [box-id][service-id][timeout-value]
99
89
  unfortunately, there's no separator so it's hard to tell what the
100
90
  actual break is between the pieces of data.
101
91
  </description>
102
- <param pos="1" name="cookie"/>
103
- <param pos="0" name="service.vendor" value="Cisco"/>
104
- <param pos="0" name="service.family" value="Content Service Switch"/>
105
- <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
106
- </fingerprint>
107
-
108
- <fingerprint pattern="^(st8id)=.*">
109
- <description>Citrix Application Protection System, Enterprise
92
+ <param pos="1" name="cookie"/>
93
+ <param pos="0" name="service.vendor" value="Cisco"/>
94
+ <param pos="0" name="service.family" value="Content Service Switch"/>
95
+ <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
96
+ </fingerprint>
97
+ <fingerprint pattern="^(st8id)=.*">
98
+ <description>Citrix Application Protection System, Enterprise
110
99
  http://support.citrix.com/article/CTX109330
111
100
  </description>
112
- <param pos="1" name="cookie"/>
113
- <param pos="0" name="service.vendor" value="Citrix"/>
114
- <param pos="0" name="service.family" value="Application Protection System"/>
115
- <param pos="0" name="service.product" value="Application Protection System, Enterprise"/>
116
- </fingerprint>
117
-
118
- <fingerprint pattern="^(EktGUID|ecm)=.*">
119
- <description>Ektron CMS400.net
101
+ <param pos="1" name="cookie"/>
102
+ <param pos="0" name="service.vendor" value="Citrix"/>
103
+ <param pos="0" name="service.family" value="Application Protection System"/>
104
+ <param pos="0" name="service.product" value="Application Protection System, Enterprise"/>
105
+ </fingerprint>
106
+ <fingerprint pattern="^(EktGUID|ecm)=.*">
107
+ <description>Ektron CMS400.net
120
108
  http://www.ektron.com/developers/cms400kb.cfm?id=2174
121
109
  </description>
122
- <param pos="1" name="cookie"/>
123
- <param pos="0" name="service.vendor" value="Ektron"/>
124
- <param pos="0" name="service.family" value="CMS400.NET"/>
125
- <param pos="0" name="service.product" value="CMS400.NET"/>
126
- </fingerprint>
127
-
128
- <fingerprint pattern="^(BIGipServer([^=]+))=.*">
129
- <description>F5 BIG-IP LTM
110
+ <param pos="1" name="cookie"/>
111
+ <param pos="0" name="service.vendor" value="Ektron"/>
112
+ <param pos="0" name="service.family" value="CMS400.NET"/>
113
+ <param pos="0" name="service.product" value="CMS400.NET"/>
114
+ </fingerprint>
115
+ <fingerprint pattern="^(BIGipServer([^=]+))=.*">
116
+ <description>F5 BIG-IP LTM
130
117
  http://www.f5.com/solutions/deployment/pdfs/peoplesoft-ltm-dg.pdf
131
118
  http://www.f5.com/solutions/deployment/pdfs/SAP_v94_dg.pdf
132
119
  </description>
133
- <param pos="1" name="cookie"/>
134
- <param pos="2" name="loadbalancer.poolname"/>
135
- <param pos="0" name="service.vendor" value="F5 Labs"/>
136
- <param pos="0" name="service.family" value="BIG-IP"/>
137
- <param pos="0" name="service.product" value="BIG-IP LTM"/>
138
- </fingerprint>
139
-
140
- <fingerprint pattern="^(BigIPCookie)=.*">
141
- <description>F5 BIG-IP LTM
120
+ <param pos="1" name="cookie"/>
121
+ <param pos="2" name="loadbalancer.poolname"/>
122
+ <param pos="0" name="service.vendor" value="F5 Labs"/>
123
+ <param pos="0" name="service.family" value="BIG-IP"/>
124
+ <param pos="0" name="service.product" value="BIG-IP LTM"/>
125
+ </fingerprint>
126
+ <fingerprint pattern="^(BigIPCookie)=.*">
127
+ <description>F5 BIG-IP LTM
142
128
  http://www.f5.com/solutions/deployment/pdfs/peoplesoft-ltm-dg.pdf
143
129
  http://www.f5.com/solutions/deployment/pdfs/SAP_v94_dg.pdf
144
130
  </description>
145
- <param pos="1" name="cookie"/>
146
- <param pos="0" name="service.vendor" value="F5 Labs"/>
147
- <param pos="0" name="service.family" value="BIG-IP"/>
148
- <param pos="0" name="service.product" value="BIG-IP LTM"/>
149
- </fingerprint>
150
-
151
- <fingerprint pattern="^(SERVERID)=([A-Za-z0-9\-_]+)">
152
- <description>HAProxy
131
+ <param pos="1" name="cookie"/>
132
+ <param pos="0" name="service.vendor" value="F5 Labs"/>
133
+ <param pos="0" name="service.family" value="BIG-IP"/>
134
+ <param pos="0" name="service.product" value="BIG-IP LTM"/>
135
+ </fingerprint>
136
+ <fingerprint pattern="^(SERVERID)=([A-Za-z0-9\-_]+)">
137
+ <description>HAProxy
153
138
  http://haproxy.1wt.eu/download/1.2/doc/architecture.txt
154
139
  </description>
155
- <param pos="1" name="cookie"/>
156
- <param pos="2" name="host.name"/>
157
- <param pos="0" name="service.family" value="HAProxy"/>
158
- <param pos="0" name="service.product" value="HAProxy"/>
159
- </fingerprint>
160
-
161
- <fingerprint pattern="^(AMWEBJCT!([^!]+)!([^=]+))=.*">
162
- <description>IBM Tivoli Access Manager for e-business WebSEAL
140
+ <param pos="1" name="cookie"/>
141
+ <param pos="2" name="host.name"/>
142
+ <param pos="0" name="service.family" value="HAProxy"/>
143
+ <param pos="0" name="service.product" value="HAProxy"/>
144
+ </fingerprint>
145
+ <fingerprint pattern="^(AMWEBJCT!([^!]+)!([^=]+))=.*">
146
+ <description>IBM Tivoli Access Manager for e-business WebSEAL
163
147
  http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin180.htm
164
148
  </description>
165
- <param pos="1" name="cookie"/>
166
- <param pos="2" name="junction.name"/>
167
- <param pos="3" name="junction.cookie"/>
168
- <param pos="0" name="service.vendor" value="IBM"/>
169
- <param pos="0" name="service.family" value="Tivoli"/>
170
- <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
171
- </fingerprint>
172
-
173
- <fingerprint pattern="^(PD-S-SESSION-ID|PD-H-SESSION-ID|PD_STATEFUL_[^=]+)=.*">
174
- <description>IBM Tivoli Access Manager for e-business WebSeal
149
+ <param pos="1" name="cookie"/>
150
+ <param pos="2" name="junction.name"/>
151
+ <param pos="3" name="junction.cookie"/>
152
+ <param pos="0" name="service.vendor" value="IBM"/>
153
+ <param pos="0" name="service.family" value="Tivoli"/>
154
+ <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
155
+ </fingerprint>
156
+ <fingerprint pattern="^(PD-S-SESSION-ID|PD-H-SESSION-ID|PD_STATEFUL_[^=]+)=.*">
157
+ <description>IBM Tivoli Access Manager for e-business WebSeal
175
158
  http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin117.htm
176
159
  </description>
177
- <param pos="1" name="cookie"/>
178
- <param pos="0" name="service.vendor" value="IBM"/>
179
- <param pos="0" name="service.family" value="Tivoli"/>
180
- <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
181
- </fingerprint>
182
-
183
- <fingerprint pattern="^(IBMCBR)=.*">
184
- <description>IBM WebSphere Load Balancer
160
+ <param pos="1" name="cookie"/>
161
+ <param pos="0" name="service.vendor" value="IBM"/>
162
+ <param pos="0" name="service.family" value="Tivoli"/>
163
+ <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
164
+ </fingerprint>
165
+ <fingerprint pattern="^(IBMCBR)=.*">
166
+ <description>IBM WebSphere Load Balancer
185
167
  http://www-306.ibm.com/software/webservers/appserv/doc/v51/ec/infocenter/edge/LBguide.htm
186
168
  </description>
187
- <param pos="1" name="cookie"/>
188
- <param pos="0" name="service.vendor" value="IBM"/>
189
- <param pos="0" name="service.family" value="WebSphere"/>
190
- <param pos="0" name="service.product" value="WebSphere Load Balancer"/>
191
- </fingerprint>
192
-
193
- <fingerprint pattern="^(mbfcookie(?:\[lang\])?)=.*">
194
- <description>Joom!Fish http://www.joomfish.net/
169
+ <param pos="1" name="cookie"/>
170
+ <param pos="0" name="service.vendor" value="IBM"/>
171
+ <param pos="0" name="service.family" value="WebSphere"/>
172
+ <param pos="0" name="service.product" value="WebSphere Load Balancer"/>
173
+ </fingerprint>
174
+ <fingerprint pattern="^(mbfcookie(?:\[lang\])?)=.*">
175
+ <description>Joom!Fish http://www.joomfish.net/
195
176
  </description>
196
- <param pos="1" name="cookie"/>
197
- <param pos="0" name="service.family" value="Joom!Fish"/>
198
- <param pos="0" name="service.product" value="Joom!Fish"/>
199
- </fingerprint>
200
-
201
- <fingerprint pattern="^(MSCSAuth|MSCSProfile)=.*">
202
- <description>Microsoft Commerce Server
177
+ <param pos="1" name="cookie"/>
178
+ <param pos="0" name="service.family" value="Joom!Fish"/>
179
+ <param pos="0" name="service.product" value="Joom!Fish"/>
180
+ </fingerprint>
181
+ <fingerprint pattern="^(MSCSAuth|MSCSProfile)=.*">
182
+ <description>Microsoft Commerce Server
203
183
  http://msdn2.microsoft.com/en-us/library/ms953828.aspx
204
184
  </description>
205
- <param pos="1" name="cookie"/>
206
- <param pos="0" name="service.vendor" value="Microsoft"/>
207
- <param pos="0" name="service.family" value="Commerce Server"/>
208
- <param pos="0" name="service.product" value="Commerce Server"/>
209
- </fingerprint>
210
-
211
- <fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=.*">
212
- <description>Microsoft IIS (ASP.NET)
185
+ <param pos="1" name="cookie"/>
186
+ <param pos="0" name="service.vendor" value="Microsoft"/>
187
+ <param pos="0" name="service.family" value="Commerce Server"/>
188
+ <param pos="0" name="service.product" value="Commerce Server"/>
189
+ </fingerprint>
190
+ <fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=.*">
191
+ <description>Microsoft IIS (ASP.NET)
213
192
  http://msdn2.microsoft.com/en-us/library/ms953828.aspx
214
193
  http://support.microsoft.com/kb/899918
215
194
  http://msdn2.microsoft.com/en-us/library/91ka2e6a.aspx
216
195
  </description>
217
- <param pos="1" name="cookie"/>
218
- <param pos="0" name="service.vendor" value="Microsoft"/>
219
- <param pos="0" name="service.family" value="IIS"/>
220
- <param pos="0" name="service.product" value="IIS"/>
221
- <param pos="0" name="service.component.vendor" value="Microsoft"/>
222
- <param pos="0" name="service.component.family" value="ASP.NET"/>
223
- <param pos="0" name="service.component.product" value="ASP.NET"/>
224
- </fingerprint>
225
-
226
- <fingerprint pattern="^(AlteonP)=.*">
227
- <description>Nortel Alteon Web Switch</description>
228
- <param pos="1" name="cookie"/>
229
- <param pos="0" name="service.vendor" value="Nortel"/>
230
- <param pos="0" name="service.family" value="Alteon"/>
231
- <param pos="0" name="service.product" value="Alteon Web Switch"/>
232
- </fingerprint>
233
-
234
- <fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=.*">
235
- <description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
236
- <param pos="1" name="cookie"/>
237
- <param pos="0" name="service.vendor" value="FatWire"/>
238
- <param pos="0" name="service.family" value="Content Server"/>
239
- <param pos="0" name="service.product" value="Content Server"/>
240
- </fingerprint>
241
-
242
- <fingerprint pattern="^(parkinglot)=.*">
243
- <description>Oversee Webserver</description>
244
- <param pos="1" name="cookie"/>
245
- <param pos="0" name="service.vendor" value="Oversee"/>
246
- <param pos="0" name="service.family" value="Webserver"/>
247
- <param pos="0" name="service.product" value="Webserver"/>
248
- </fingerprint>
249
-
250
- <fingerprint pattern="^(PHPSESSID|PHPSESSION)=.*">
251
- <description>PHP http://www.php.net/ref.session</description>
252
- <param pos="1" name="cookie"/>
253
- <param pos="0" name="service.vendor" value="PHP"/>
254
- <param pos="0" name="service.family" value="PHP"/>
255
- <param pos="0" name="service.product" value="PHP"/>
256
- </fingerprint>
257
-
258
- <fingerprint pattern="^(RMID)=.*">
259
- <description>RealMedia OpenAdStream</description>
260
- <param pos="1" name="cookie"/>
261
- <param pos="0" name="service.vendor" value="RealMedia"/>
262
- <param pos="0" name="service.family" value="OpenAdStream"/>
263
- <param pos="0" name="service.product" value="OpenAdStream"/>
264
- </fingerprint>
265
-
266
- <fingerprint pattern="^(RoxenUserID)=.*">
267
- <description>Roxen WebServer</description>
268
- <param pos="1" name="cookie"/>
269
- <param pos="0" name="service.vendor" value="Roxen"/>
270
- <param pos="0" name="service.family" value="WebServer"/>
271
- <param pos="0" name="service.product" value="WebServer"/>
272
- </fingerprint>
273
-
274
- <fingerprint pattern="^(_sn)=.*">
275
- <description>Siebel CRM</description>
276
- <param pos="1" name="cookie"/>
277
- <param pos="0" name="service.vendor" value="Siebel"/>
278
- <param pos="0" name="service.family" value="CRM"/>
279
- <param pos="0" name="service.product" value="CRM"/>
280
- </fingerprint>
281
-
282
- <!-- This fingerprint is not specific enough. Multiple products are sold under
196
+ <param pos="1" name="cookie"/>
197
+ <param pos="0" name="service.vendor" value="Microsoft"/>
198
+ <param pos="0" name="service.family" value="IIS"/>
199
+ <param pos="0" name="service.product" value="IIS"/>
200
+ <param pos="0" name="service.component.vendor" value="Microsoft"/>
201
+ <param pos="0" name="service.component.family" value="ASP.NET"/>
202
+ <param pos="0" name="service.component.product" value="ASP.NET"/>
203
+ </fingerprint>
204
+ <fingerprint pattern="^(AlteonP)=.*">
205
+ <description>Nortel Alteon Web Switch</description>
206
+ <param pos="1" name="cookie"/>
207
+ <param pos="0" name="service.vendor" value="Nortel"/>
208
+ <param pos="0" name="service.family" value="Alteon"/>
209
+ <param pos="0" name="service.product" value="Alteon Web Switch"/>
210
+ </fingerprint>
211
+ <fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=.*">
212
+ <description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
213
+ <param pos="1" name="cookie"/>
214
+ <param pos="0" name="service.vendor" value="FatWire"/>
215
+ <param pos="0" name="service.family" value="Content Server"/>
216
+ <param pos="0" name="service.product" value="Content Server"/>
217
+ </fingerprint>
218
+ <fingerprint pattern="^(parkinglot)=.*">
219
+ <description>Oversee Webserver</description>
220
+ <param pos="1" name="cookie"/>
221
+ <param pos="0" name="service.vendor" value="Oversee"/>
222
+ <param pos="0" name="service.family" value="Webserver"/>
223
+ <param pos="0" name="service.product" value="Webserver"/>
224
+ </fingerprint>
225
+ <fingerprint pattern="^(PHPSESSID|PHPSESSION)=.*">
226
+ <description>PHP http://www.php.net/ref.session</description>
227
+ <param pos="1" name="cookie"/>
228
+ <param pos="0" name="service.vendor" value="PHP"/>
229
+ <param pos="0" name="service.family" value="PHP"/>
230
+ <param pos="0" name="service.product" value="PHP"/>
231
+ </fingerprint>
232
+ <fingerprint pattern="^(RMID)=.*">
233
+ <description>RealMedia OpenAdStream</description>
234
+ <param pos="1" name="cookie"/>
235
+ <param pos="0" name="service.vendor" value="RealMedia"/>
236
+ <param pos="0" name="service.family" value="OpenAdStream"/>
237
+ <param pos="0" name="service.product" value="OpenAdStream"/>
238
+ </fingerprint>
239
+ <fingerprint pattern="^(RoxenUserID)=.*">
240
+ <description>Roxen WebServer</description>
241
+ <param pos="1" name="cookie"/>
242
+ <param pos="0" name="service.vendor" value="Roxen"/>
243
+ <param pos="0" name="service.family" value="WebServer"/>
244
+ <param pos="0" name="service.product" value="WebServer"/>
245
+ </fingerprint>
246
+ <fingerprint pattern="^(_sn)=.*">
247
+ <description>Siebel CRM</description>
248
+ <param pos="1" name="cookie"/>
249
+ <param pos="0" name="service.vendor" value="Siebel"/>
250
+ <param pos="0" name="service.family" value="CRM"/>
251
+ <param pos="0" name="service.product" value="CRM"/>
252
+ </fingerprint>
253
+ <!-- This fingerprint is not specific enough. Multiple products are sold under
283
254
  the brand iPlanet/Sun ONE/Sun Java.
284
255
  <fingerprint pattern="^(iPlanetUserId)=.*">
285
256
  <description>Sun iPlanet</description>
@@ -289,128 +260,113 @@ servers.
289
260
  <param pos="0" name="service.product" value="???"/>
290
261
  </fingerprint>
291
262
  -->
292
-
293
- <fingerprint pattern="^(NSES40Session)=.*">
294
- <description>Netscape Enterprise Server (subsequently iPlanet Web Server,
263
+ <fingerprint pattern="^(NSES40Session)=.*">
264
+ <description>Netscape Enterprise Server (subsequently iPlanet Web Server,
295
265
  Sun ONE Web Server, presently Sun Java System Web Server)</description>
296
- <param pos="1" name="cookie"/>
297
- <param pos="0" name="service.vendor" value="Sun"/>
298
- <param pos="0" name="service.family" value="Java System Web Server"/>
299
- <param pos="0" name="service.product" value="Java System Web Server"/>
300
- <param pos="0" name="service.version" value="4.0"/>
301
- </fingerprint>
302
-
303
- <fingerprint pattern="^(gx_session_id|JROUTE)=.*">
304
- <description>Sun Java System Application Server (formerly iPlanet Application Server,
266
+ <param pos="1" name="cookie"/>
267
+ <param pos="0" name="service.vendor" value="Sun"/>
268
+ <param pos="0" name="service.family" value="Java System Web Server"/>
269
+ <param pos="0" name="service.product" value="Java System Web Server"/>
270
+ <param pos="0" name="service.version" value="4.0"/>
271
+ </fingerprint>
272
+ <fingerprint pattern="^(gx_session_id|JROUTE)=.*">
273
+ <description>Sun Java System Application Server (formerly iPlanet Application Server,
305
274
  Sun ONE Application Server)</description>
306
- <param pos="1" name="cookie"/>
307
- <param pos="0" name="service.vendor" value="Sun"/>
308
- <param pos="0" name="service.family" value="Java System Application Server"/>
309
- <param pos="0" name="service.product" value="Java System Application Server"/>
310
- </fingerprint>
311
-
312
- <fingerprint pattern="^(fe_typo_user)=.*">
313
- <description>TYPO3 CMS - http://typo3.com/</description>
314
- <param pos="1" name="cookie"/>
315
- <param pos="0" name="service.vendor" value="TYPO3"/>
316
- <param pos="0" name="service.family" value="CMS"/>
317
- <param pos="0" name="service.product" value="CMS"/>
318
- </fingerprint>
319
-
320
- <fingerprint pattern="^(SaneID)=.*">
321
- <description>Unica NetTracker - http://netinsight.unica.com/Products/NetTracker.cfm</description>
322
- <param pos="1" name="cookie"/>
323
- <param pos="0" name="service.vendor" value="Unica"/>
324
- <param pos="0" name="service.family" value="NetTracker"/>
325
- <param pos="0" name="service.product" value="NetTracker"/>
326
- </fingerprint>
327
-
328
- <fingerprint pattern="^(__utm[a-z])=.*">
329
- <description>Urchin Tracking Module
275
+ <param pos="1" name="cookie"/>
276
+ <param pos="0" name="service.vendor" value="Sun"/>
277
+ <param pos="0" name="service.family" value="Java System Application Server"/>
278
+ <param pos="0" name="service.product" value="Java System Application Server"/>
279
+ </fingerprint>
280
+ <fingerprint pattern="^(fe_typo_user)=.*">
281
+ <description>TYPO3 CMS - http://typo3.com/</description>
282
+ <param pos="1" name="cookie"/>
283
+ <param pos="0" name="service.vendor" value="TYPO3"/>
284
+ <param pos="0" name="service.family" value="CMS"/>
285
+ <param pos="0" name="service.product" value="CMS"/>
286
+ </fingerprint>
287
+ <fingerprint pattern="^(SaneID)=.*">
288
+ <description>Unica NetTracker - http://netinsight.unica.com/Products/NetTracker.cfm</description>
289
+ <param pos="1" name="cookie"/>
290
+ <param pos="0" name="service.vendor" value="Unica"/>
291
+ <param pos="0" name="service.family" value="NetTracker"/>
292
+ <param pos="0" name="service.product" value="NetTracker"/>
293
+ </fingerprint>
294
+ <fingerprint pattern="^(__utm[a-z])=.*">
295
+ <description>Urchin Tracking Module
330
296
  http://www.google.com/support/urchin45/bin/answer.py?answer=28307&amp;topic=7425
331
297
  </description>
332
- <param pos="1" name="cookie"/>
333
- <param pos="0" name="service.vendor" value="Google"/>
334
- <param pos="0" name="service.family" value="Urchin"/>
335
- <param pos="0" name="service.product" value="Urchin Tracking Module"/>
336
- </fingerprint>
337
-
338
- <fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=.*">
339
- <description>Vignette</description>
340
- <param pos="1" name="cookie"/>
341
- <param pos="0" name="service.vendor" value="Vignette"/>
342
- <param pos="0" name="service.family" value="Vignette"/>
343
- <param pos="0" name="service.product" value="Vignette"/>
344
- </fingerprint>
345
-
346
- <fingerprint pattern="^(wgSession)=.*">
347
- <description>Plain Black WebGUI - http://www.plainblack.com/webgui</description>
348
- <param pos="1" name="cookie"/>
349
- <param pos="0" name="service.vendor" value="Plain Black"/>
350
- <param pos="0" name="service.family" value="WebGUI"/>
351
- <param pos="0" name="service.product" value="WebGUI"/>
352
- </fingerprint>
353
-
354
- <fingerprint pattern="^(WEBTRENDSID|WEBTRENDS_ID)=.*">
355
- <description>WebTrends</description>
356
- <param pos="1" name="cookie"/>
357
- <param pos="0" name="service.vendor" value="WebTrends"/>
358
- <param pos="0" name="service.family" value="WebTrends"/>
359
- <param pos="0" name="service.product" value="WebTrends"/>
360
- </fingerprint>
361
-
362
- <fingerprint pattern="^(_ZopeId)=.*">
363
- <description>Zope</description>
364
- <param pos="1" name="cookie"/>
365
- <param pos="0" name="service.family" value="Zope"/>
366
- <param pos="0" name="service.product" value="Zope"/>
367
- </fingerprint>
368
-
369
- <fingerprint pattern="^(portal)=([0-9]+\.[0-9]+\.[0-9]+).*">
370
- <description>This is the default OracleAS Portal cookie name
298
+ <param pos="1" name="cookie"/>
299
+ <param pos="0" name="service.vendor" value="Google"/>
300
+ <param pos="0" name="service.family" value="Urchin"/>
301
+ <param pos="0" name="service.product" value="Urchin Tracking Module"/>
302
+ </fingerprint>
303
+ <fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=.*">
304
+ <description>Vignette</description>
305
+ <param pos="1" name="cookie"/>
306
+ <param pos="0" name="service.vendor" value="Vignette"/>
307
+ <param pos="0" name="service.family" value="Vignette"/>
308
+ <param pos="0" name="service.product" value="Vignette"/>
309
+ </fingerprint>
310
+ <fingerprint pattern="^(wgSession)=.*">
311
+ <description>Plain Black WebGUI - http://www.plainblack.com/webgui</description>
312
+ <param pos="1" name="cookie"/>
313
+ <param pos="0" name="service.vendor" value="Plain Black"/>
314
+ <param pos="0" name="service.family" value="WebGUI"/>
315
+ <param pos="0" name="service.product" value="WebGUI"/>
316
+ </fingerprint>
317
+ <fingerprint pattern="^(WEBTRENDSID|WEBTRENDS_ID)=.*">
318
+ <description>WebTrends</description>
319
+ <param pos="1" name="cookie"/>
320
+ <param pos="0" name="service.vendor" value="WebTrends"/>
321
+ <param pos="0" name="service.family" value="WebTrends"/>
322
+ <param pos="0" name="service.product" value="WebTrends"/>
323
+ </fingerprint>
324
+ <fingerprint pattern="^(_ZopeId)=.*">
325
+ <description>Zope</description>
326
+ <param pos="1" name="cookie"/>
327
+ <param pos="0" name="service.family" value="Zope"/>
328
+ <param pos="0" name="service.product" value="Zope"/>
329
+ </fingerprint>
330
+ <fingerprint pattern="^(portal)=([0-9]+\.[0-9]+\.[0-9]+).*">
331
+ <description>This is the default OracleAS Portal cookie name
371
332
  http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_f.htm
372
333
  </description>
373
- <param pos="1" name="cookie"/>
374
- <param pos="2" name="service.version"/>
375
- <param pos="0" name="service.vendor" value="Oracle"/>
376
- <param pos="0" name="service.family" value="OracleAS"/>
377
- <param pos="0" name="service.product" value="OracleAS Portal"/>
378
- </fingerprint>
379
-
380
- <fingerprint pattern="^Compaq-HMMD=[^;]+;.*$">
381
- <description>HP System Management Homepage (SMH)</description>
382
- <example>Compaq-HMMD=0001-c01fffff-487a-394a-aab0-ffffffffffff-ffffffffffffffff; path=/</example>
383
- <example>Compaq-HMMD=0001-c01fffff-487a-394a-aab0-ffffffffffff-ffffffffffffffff; path=/; Secure</example>
384
- <param pos="0" name="service.vendor" value="HP"/>
385
- <param pos="0" name="service.family" value="SMH"/>
386
- <param pos="0" name="service.product" value="SMH"/>
387
- </fingerprint>
388
-
389
- <!--
334
+ <param pos="1" name="cookie"/>
335
+ <param pos="2" name="service.version"/>
336
+ <param pos="0" name="service.vendor" value="Oracle"/>
337
+ <param pos="0" name="service.family" value="OracleAS"/>
338
+ <param pos="0" name="service.product" value="OracleAS Portal"/>
339
+ </fingerprint>
340
+ <fingerprint pattern="^Compaq-HMMD=[^;]+;.*$">
341
+ <description>HP System Management Homepage (SMH)</description>
342
+ <example>Compaq-HMMD=0001-c01fffff-487a-394a-aab0-ffffffffffff-ffffffffffffffff; path=/</example>
343
+ <example>Compaq-HMMD=0001-c01fffff-487a-394a-aab0-ffffffffffff-ffffffffffffffff; path=/; Secure</example>
344
+ <param pos="0" name="service.vendor" value="HP"/>
345
+ <param pos="0" name="service.family" value="SMH"/>
346
+ <param pos="0" name="service.product" value="SMH"/>
347
+ </fingerprint>
348
+ <!--
390
349
  Ignore various cookies that are very generic cookies for session IDs
391
350
  that are not necessarily indicative of any particular
392
351
  product/device/etc. If a future fingerprint comes along that utilizes
393
352
  a similar cookie name, you must ensure that it is located prior to
394
353
  these and this is enforced by rspec.
395
354
  -->
396
-
397
- <fingerprint pattern="^JSESSIONID(?:\.[^=]+)?=[^;]+;.*$" flags="REG_ICASE">
398
- <description>Ignore simple JSESSIONID and related cookies</description>
399
- <example>JSESSIONID=6ooov35i4l3n36qtaf8csvg0;Path=/</example>
400
- <example>jsessionid=6nkp66iogcdc92720%2Dc6e4%2D4989%2Db7b2%2D5021624cfdff;Path=/;secure</example>
401
- <example>JSESSIONID.c00a9623=v216643eijh19p9duve5srgf;Path=/;HttpOnly</example>
402
- </fingerprint>
403
-
404
- <fingerprint pattern="^_?SESSION_?ID\s*=\s*[^;]+;.*$" flags="REG_ICASE">
405
- <description>Ignore simple SESSIONID and related cookies</description>
406
- <example>sessionId=7dba3249cfcd4b59854055311099a294; path=/;</example>
407
- <example>_session_id=7fe933db0fea13e9c872103ba2d142db; path=/; HttpOnly</example>
408
- <example>sessionId =0VrS6Ro6uC5QPXKgNdqGvyUgUFtUOVwv6OWAEWcWQ3jLRtAk2TVAgAApN9yTWVz;postId=; path=/;</example>
409
- <example>_session_id=18b3e173aa11db0533fd01752e81f583; path=/; HttpOnly</example>
410
- </fingerprint>
411
-
412
- <fingerprint pattern="^sid=[^;]+;.*$" flags="REG_ICASE">
413
- <description>Ignore simple SID and related cookies</description>
414
- <example>sid=sfd10bf73-654458f687aa3c68b3874915f651e0ca;path=/;"</example>
415
- </fingerprint>
355
+ <fingerprint pattern="^JSESSIONID(?:\.[^=]+)?=[^;]+;.*$" flags="REG_ICASE">
356
+ <description>Ignore simple JSESSIONID and related cookies</description>
357
+ <example>JSESSIONID=6ooov35i4l3n36qtaf8csvg0;Path=/</example>
358
+ <example>jsessionid=6nkp66iogcdc92720%2Dc6e4%2D4989%2Db7b2%2D5021624cfdff;Path=/;secure</example>
359
+ <example>JSESSIONID.c00a9623=v216643eijh19p9duve5srgf;Path=/;HttpOnly</example>
360
+ </fingerprint>
361
+ <fingerprint pattern="^_?SESSION_?ID\s*=\s*[^;]+;.*$" flags="REG_ICASE">
362
+ <description>Ignore simple SESSIONID and related cookies</description>
363
+ <example>sessionId=7dba3249cfcd4b59854055311099a294; path=/;</example>
364
+ <example>_session_id=7fe933db0fea13e9c872103ba2d142db; path=/; HttpOnly</example>
365
+ <example>sessionId =0VrS6Ro6uC5QPXKgNdqGvyUgUFtUOVwv6OWAEWcWQ3jLRtAk2TVAgAApN9yTWVz;postId=; path=/;</example>
366
+ <example>_session_id=18b3e173aa11db0533fd01752e81f583; path=/; HttpOnly</example>
367
+ </fingerprint>
368
+ <fingerprint pattern="^sid=[^;]+;.*$" flags="REG_ICASE">
369
+ <description>Ignore simple SID and related cookies</description>
370
+ <example>sid=sfd10bf73-654458f687aa3c68b3874915f651e0ca;path=/;"</example>
371
+ </fingerprint>
416
372
  </fingerprints>