recog 2.0.2 → 2.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4d0880aa5a5cd1e10fa8183009a690fc68714576
-  data.tar.gz: 55226bd9acf2c7c225a3124d668cf3e2e45e5a98
+  metadata.gz: 6658b1a0db868ef63c21649455ae64a7278dfe98
+  data.tar.gz: aa65f71001901ef71867cdef929463436d0f2876
 SHA512:
-  metadata.gz: fc0bdb44da83731fd6f89d980e190452ec608214d3bbfa01215019a410596e9f8f8c781c5fe5ed5bf525651dea476839ddce98ba7f1ead3c09b29d14b6d1d11c
-  data.tar.gz: 60f9022a1720e422a5d4558e98960c4c9efe4fe5ee4cee04064eb05b4b757a5b0d75fa40c5e80cd2cbe1a1a6b4da0a1950ba36ff27196da1727699a5f37b3b72
+  metadata.gz: c76a54a3b53c0ad113e47ed41e0890bf2a93a9f496b644d7f42a70ce414b4add1eb9a0f50f519fa8c18bc592fdcfd93f9ad362633872e22514b208d9a7eb4ece
+  data.tar.gz: 0ce9bb4c5333affcfc63cc9cf1f03f770b5caa122799d16b4e60da653a1cd92b2a054cb2fffa4496d75f9ccc01b1d581c3b01456314ea723cc861ac27e1f8761

data/lib/recog/fingerprint.rb

@@ -42,6 +42,7 @@ class Fingerprint
   # @param match_string [String]
   # @return [Hash,nil] Keys will be host, service, and os attributes
   def match(match_string)
+    # match_string.force_encoding('BINARY') if match_string
     match_data = @regex.match(match_string)
     return if match_data.nil?
 

data/lib/recog/version.rb

@@ -1,3 +1,3 @@
 module Recog
-  VERSION = '2.0.2'
+  VERSION = '2.0.4'
 end

data/xml/ftp_banners.xml

@@ -93,11 +93,12 @@ against these patterns to fingerprint FTP servers.
     <param pos="1" name="host.name"/>
     <param pos="2" name="service.version"/>
   </fingerprint>
-  <fingerprint pattern="^(\S+)(?: \S+)? FTP Server \(Version wu(?:ftpd)?-([\d\.]+).*\) ready.?$" flags="REG_ICASE">
+  <fingerprint pattern="^(\S+)(?: \S+)? FTP Server \((?:Revision [\d\.]+ )?Version wu(?:ftpd)?-([\d\.]+).*\) ready.?$" flags="REG_ICASE">
     <description>WU-FTPD on various OS</description>
-    <example>example.com FTP server (Version wu-2.6.2(1) Sat Jul 19 16:21:30 UTC 2008) ready.</example>
-    <example>example.com 192.168.0.1 FTP server (Version wu-2.6.2(1) Wed Sep 21 11:16:21 MEST 2005) ready.</example>
-    <example>example.com FTP server (Version wu-2.6.2-11.73.1) ready.</example>
+    <example host.name="example.com" service.version="2.6.2">example.com FTP server (Version wu-2.6.2(1) Sat Jul 19 16:21:30 UTC 2008) ready.</example>
+    <example host.name="example.com" service.version="2.6.2">example.com 192.168.0.1 FTP server (Version wu-2.6.2(1) Wed Sep 21 11:16:21 MEST 2005) ready.</example>
+    <example host.name="example.com" service.version="2.6.2">example.com FTP server (Version wu-2.6.2-11.73.1) ready.</example>
+    <example host.name="example.com" service.version="2.6.1">example.com FTP server (Revision 5.0 Version wuftpd-2.6.1 Thu Apr 29 06:48:40 GMT 2010) ready.</example>
     <param pos="0" name="service.vendor" value="Washington University"/>
     <param pos="0" name="service.product" value="WU-FTPD"/>
     <param pos="1" name="host.name"/>
@@ -817,4 +818,40 @@ against these patterns to fingerprint FTP servers.
     <param pos="2" name="hw.series"/>
     <param pos="3" name="os.version"/>
   </fingerprint>
+
+  <fingerprint pattern="^(\S+) FTP server \((?:HP|Compaq) Tru64 UNIX Version (\S+)\) ready\.?$">
+    <description>Digital/Compaq/HP Tru64 Unix</description>
+    <example host.name="example.com" os.version="5.60">example.com FTP server (Compaq Tru64 UNIX Version 5.60) ready.</example>
+    <param pos="0" name="os.vendor" value="HP"/>
+    <param pos="0" name="os.family" value="Unix"/>
+    <param pos="0" name="os.product" value="Tru64 Unix"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="1" name="host.name"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+
+  <fingerprint pattern="^(\S+) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
+    <description>Digital/Compaq/HP Tru64 Unix</description>
+    <example host.name="example.com" os.version="5.60">example.com FTP server (Digital UNIX Version 5.60) ready.</example>
+    <param pos="0" name="os.vendor" value="HP"/>
+    <param pos="0" name="os.family" value="Unix"/>
+    <param pos="0" name="os.product" value="Digital Unix"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="1" name="host.name"/>
+    <param pos="2" name="os.version"/>
+  </fingerprint>
+
+  <fingerprint pattern="^(\S+) FTP server ready.?$" flags="REG_ICASE">
+    <description>Generic FTP fingerprint with a hostname</description>
+    <example host.name="example.com">example.com FTP server ready.</example>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
+
+  <fingerprint pattern="^FTP (?:server|service)?(?: is)? ready\.?$" flags="REG_ICASE">
+    <description>Generic FTP fingerprint without a hostname</description>
+    <example>FTP server is ready.</example>
+    <example>FTP Server ready.</example>
+    <example>FTP Server Ready</example>
+    <example>FTP service ready.</example>
+  </fingerprint>
 </fingerprints>

data/xml/http_servers.xml

@@ -1874,7 +1874,15 @@
       <param pos="0" name="service.product" value="HTTP"/>
       <param pos="0" name="service.family" value="Compaq HTTP Server"/>
       <param pos="1" name="service.version"/>
-   </fingerprint>
+    </fingerprint>
+
+    <fingerprint pattern="^HPSMH$">
+      <description>HP System Management Homepage (SMH)</description>
+      <example>HPSMH</example>
+      <param pos="0" name="service.vendor" value="HP"/>
+      <param pos="0" name="service.family" value="SMH"/>
+      <param pos="0" name="service.product" value="SMH"/>
+    </fingerprint>
 
    <fingerprint pattern="^eHTTP[/ ]v?(\d+\.\d+)" flags="REG_ICASE">
       <example service.version="1.1">EHTTP/1.1</example>
@@ -1896,6 +1904,7 @@
       <example service.component.version="0.0.1">BBC 2.6.0.7; com.hp.openview.Coda 0.0.1</example>
       <param pos="0" name="service.vendor" value="HP"/>
       <param pos="0" name="service.family" value="OpenView"/>
+      <param pos="0" name="service.product" value="OpenView"/>
       <param pos="0" name="service.component.vendor" value="HP"/>
       <param pos="0" name="service.component.family" value="OpenView"/>
       <param pos="0" name="service.component.product" value="CODA"/>
@@ -1907,6 +1916,7 @@
       <example service.component.version="11.00.044">BBC 11.00.044; ovbbcrcp 11.00.044</example>
       <param pos="0" name="service.vendor" value="HP"/>
       <param pos="0" name="service.family" value="OpenView"/>
+      <param pos="0" name="service.product" value="OpenView"/>
       <param pos="0" name="service.component.vendor" value="HP"/>
       <param pos="0" name="service.component.family" value="OpenView"/>
       <param pos="0" name="service.component.product" value="Reverse Channel Proxy"/>
@@ -1919,6 +1929,7 @@
       <example service.component.version="2.6.0.7">BBC 2.6.0.7; com.hp.openview.bbc.LLBServer 2.6.0.7</example>
       <param pos="0" name="service.vendor" value="HP"/>
       <param pos="0" name="service.family" value="OpenView"/>
+      <param pos="0" name="service.product" value="OpenView"/>
       <param pos="0" name="service.component.vendor" value="HP"/>
       <param pos="0" name="service.component.family" value="OpenView"/>
       <param pos="0" name="service.component.product" value="LLBServer"/>
@@ -1931,6 +1942,7 @@
       <example service.component.version="11.10.035">BBC 11.10.035; ovbbccb 11.10.035</example>
       <param pos="0" name="service.vendor" value="HP"/>
       <param pos="0" name="service.family" value="OpenView"/>
+      <param pos="0" name="service.product" value="OpenView"/>
       <param pos="0" name="service.component.vendor" value="HP"/>
       <param pos="0" name="service.component.family" value="OpenView"/>
       <param pos="0" name="service.component.product" value="Communication Broker"/>
@@ -1942,6 +1954,7 @@
       <example>BBC 11.13.007; ovbbccb unknown version</example>
       <param pos="0" name="service.vendor" value="HP"/>
       <param pos="0" name="service.family" value="OpenView"/>
+      <param pos="0" name="service.product" value="OpenView"/>
       <param pos="0" name="service.component.vendor" value="HP"/>
       <param pos="0" name="service.component.family" value="OpenView"/>
       <param pos="0" name="service.component.product" value="Communication Broker"/>
@@ -2680,10 +2693,11 @@
       <param pos="0" name="os.product" value="JetDirect"/>
     </fingerprint>
 
-    <fingerprint pattern="^HP HTTP Server; HP ((\S+) \S+)">
+    <fingerprint pattern="^HP HTTP Server; (?:Hewlett-Packard )?HP ((\S+) \S+)">
       <description>HP Printer</description>
-      <example>HP HTTP Server; HP Photosmart C309a series - CC335A; Serial Number: abc123; Vader Built:Wed Apr 15, 2009 11:40:58AM {abc123, ASIC id 0x00280004}</example>
-      <example>HP HTTP Server; HP Officejet 6500 E709n - CB057A; Serial Number: abc123; Rainbow Built:Sat Dec 13, 2008 10:58:21AM {abc123, ASIC id 0x00ffc2105}</example>
+      <example os.product="Photosmart C309a" os.family="Photosmart">HP HTTP Server; HP Photosmart C309a series - CC335A; Serial Number: abc123; Vader Built:Wed Apr 15, 2009 11:40:58AM {abc123, ASIC id 0x00280004}</example>
+      <example os.product="Officejet 6500" os.family="Officejet">HP HTTP Server; HP Officejet 6500 E709n - CB057A; Serial Number: abc123; Rainbow Built:Sat Dec 13, 2008 10:58:21AM {abc123, ASIC id 0x00ffc2105}</example>
+      <example os.product="Designjet T520" os.family="Designjet">HP HTTP Server; Hewlett-Packard HP Designjet T520 36in - ABC123; Serial Number: 0123456789; Built:Tue Sep 09, 2014 08:32:54AM {012345678901}</example>
       <param pos="0" name="service.vendor" value="HP"/>
       <param pos="0" name="service.product" value="JetDirect"/>
       <param pos="0" name="service.family" value="JetDirect"/>
@@ -2708,13 +2722,7 @@
       <param pos="0" name="os.product" value="JetDirect"/>
    </fingerprint>
 
-   <!-- This is not the normal form (with a space before version).
-        Since this version is vulnerable to a DoS attack, I suspect
-        it is actually a bogus banner generated by a honeypot.
-
-          Allegro-Software-RomPager/ 2.10
-   -->
-   <fingerprint pattern="^(?:Allegro-Software-)?RomPager/(\S+)">
+   <fingerprint pattern="^(?:Allegro-Software-)?RomPager/\s*(\S+)">
       <description>Embedded HTTP server used by many vendors and device
       types, including APC, 3Com, Andover Controls, Cisco VoIP, D-Link,
       Extreme Networks, Foundry Networks, Konica Minolta, Kronos
@@ -2723,6 +2731,7 @@
       <example service.version="4.01">Allegro-Software-RomPager/4.01</example>
       <example service.version="4.07">RomPager/4.07 UPnP/1.0</example>
       <example service.version="4.30b3">Allegro-Software-RomPager/4.30b3</example>
+      <example service.version="2.10">Allegro-Software-RomPager/ 2.10</example>
       <param pos="0" name="service.vendor" value="Allegro Software"/>
       <param pos="0" name="service.product" value="RomPager"/>
       <param pos="1" name="service.version"/>
@@ -3093,6 +3102,15 @@
       <param pos="0" name="apache.variant" value="HP Web Jetadmin"/>
       <param pos="1" name="service.version"/>
       <param pos="2" name="apache.info"/>
+    </fingerprint>
+
+   <fingerprint pattern="^HP Web Jetadmin ([\d\.]+)(?: \([^\)]+\))?$">
+      <description>HP printers, perhaps Apache, but we can't say for sure</description>
+      <example service.version="10.3.85669">HP Web Jetadmin 10.3.85669</example>
+      <example service.version="10.3.91358">HP Web Jetadmin 10.3.91358 (10.3 SR5)</example>
+      <param pos="0" name="service.vendor" value="HP"/>
+      <param pos="0" name="service.product" value="Web Jetadmin"/>
+      <param pos="1" name="service.version"/>
    </fingerprint>
 
    <fingerprint pattern="^Citrix Web PN Server$">
@@ -3134,6 +3152,14 @@
       <param pos="1" name="service.version"/>
    </fingerprint>
 
+   <fingerprint pattern="^Embedthis-http$">
+      <example>Embedthis-http</example>
+      <description>An embedded web server for hosting dynamic web applications.</description>
+      <param pos="0" name="service.vendor" value="Embedthis"/>
+      <param pos="0" name="service.product" value="Appweb"/>
+      <param pos="0" name="service.family" value="Appweb"/>
+   </fingerprint>
+
    <fingerprint pattern="^Avaya CMBE/((?:\d+\.)*\d+)$">
       <example>Avaya CMBE/2.0.0</example>
       <example>Avaya CMBE/2</example>
@@ -3146,16 +3172,23 @@
 
 
    <fingerprint pattern="^Rapid Logic/((?:\d+\.)*\d+)$">
-      <example>Rapid Logic/1.1</example>
-      <example>Rapid Logic/1</example>
+      <example service.version="1.1">Rapid Logic/1.1</example>
+      <example service.version="1">Rapid Logic/1</example>
       <description>Embedded web server by Rapid Logic, which was acquired by Wind River.</description>
       <!-- From Googling, it sounds like this is just referred to as the
            Rapid Logic web server. -->
       <param pos="0" name="service.vendor" value="Wind River"/>
       <param pos="0" name="service.product" value="Rapid Logic"/>
       <param pos="1" name="service.version"/>
-   </fingerprint>
+    </fingerprint>
 
+   <fingerprint pattern="^WindRiver-WebServer/((?:\d+\.)*\d+)$">
+      <example service.version="4.4">WindRiver-WebServer/4.4</example>
+      <description>Wind River HTTP server</description>
+      <param pos="0" name="service.vendor" value="Wind River"/>
+      <param pos="0" name="service.product" value="WebServer"/>
+      <param pos="1" name="service.version"/>
+   </fingerprint>
 
    <fingerprint pattern="^Sophos Email Appliance$">
       <example>Sophos Email Appliance</example>
@@ -3453,7 +3486,12 @@
       <param pos="0" name="service.vendor" value="CloudFlare"/>
       <param pos="0" name="service.product" value="CloudFlare Load Balancer"/>
       <param pos="0" name="service.family" value="CloudFlare"/>
-   </fingerprint>
+    </fingerprint>
 
+    <fingerprint pattern="^gSOAP/([\d\.]+)$">
+      <example service.version="2.7">gSOAP/2.7</example>
+      <description>gSOAP</description>
+      <param pos="0" name="service.product" value="gSOAP"/>
+      <param pos="1" name="service.version"/>
+    </fingerprint>
 </fingerprints>
-

data/xml/ntp_banners.xml

@@ -258,6 +258,60 @@ NTP "banners", taken from a readvar response
     <param pos="3" name="os.version.version"/>
     <param pos="0" name="os.certainty" value="0.9"/>
   </fingerprint>
+  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^&quot;]+)&quot;,.*system=&quot;Darwin/?12\.([^&quot;]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>ntpd running on Mac OSX 10.8/Mountain Lion</description>
+    <example service.version="4.2.6@1.2089-o" os.arch="x86_64" os.version.version="1.0">
+      version="ntpd 4.2.6@1.2089-o Fri May 28 01:20:53 UTC 2010 (1)",
+      processor="x86_64", system="Darwin/12.1.0", leap=3, stratum=16,
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="os.family" value="Mac OS X"/>
+    <param pos="0" name="os.product" value="Mac OS X"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="0" name="os.version" value="10.8"/>
+    <param pos="3" name="os.version.version"/>
+    <param pos="0" name="os.certainty" value="0.9"/>
+  </fingerprint>
+  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^&quot;]+)&quot;,.*system=&quot;Darwin/?13\.([^&quot;]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>ntpd running on Mac OSX 10.9/Mavericks</description>
+    <example service.version="4.2.6@1.2089-o" os.arch="x86_64" os.version.version="4.0">
+      version="ntpd 4.2.6@1.2089-o Fri May 28 01:20:53 UTC 2010 (1)",
+      processor="x86_64", system="Darwin/13.4.0", leap=3, stratum=16,
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="os.family" value="Mac OS X"/>
+    <param pos="0" name="os.product" value="Mac OS X"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="0" name="os.version" value="10.9"/>
+    <param pos="3" name="os.version.version"/>
+    <param pos="0" name="os.certainty" value="0.9"/>
+  </fingerprint>
+  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^&quot;]+)&quot;,.*system=&quot;Darwin/?14\.([^&quot;]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+    <description>ntpd running on Mac OSX 10.10/Yosemite</description>
+    <example service.version="4.2.6@1.2089-o" os.arch="x86_64" os.version.version="3.0">
+      version="ntpd 4.2.6@1.2089-o Fri May 28 01:20:53 UTC 2010 (1)",
+      processor="x86_64", system="Darwin/14.3.0", leap=00, stratum=2,
+    </example>
+    <param pos="0" name="service.family" value="NTP"/>
+    <param pos="0" name="service.product" value="NTP"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="os.family" value="Mac OS X"/>
+    <param pos="0" name="os.product" value="Mac OS X"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="2" name="os.arch"/>
+    <param pos="0" name="os.version" value="10.10"/>
+    <param pos="3" name="os.version.version"/>
+    <param pos="0" name="os.certainty" value="0.9"/>
+  </fingerprint>
   <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;FreeBSD/?(?:[^ ]+-NETSCALER-([^ ]+))&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
     <description>ntpd running on Citrix Netscaler, which is based on FreeBSD</description>
     <example>

data/xml/smtp_banners.xml

@@ -73,6 +73,16 @@ The system or service fingerprint with the highest certainty overwrites the othe
       <param pos="0" name="service.family" value="Mail Server"/>
       <param pos="0" name="service.product" value="Mail Server"/>
       <param pos="1" name="service.version"/>
+    </fingerprint>
+
+   <fingerprint pattern="^(\S+) ArGoSoft Mail Server Freeware, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
+     <description>ArGoSoft Mail, freeware version</description>
+      <example host.name="example.com" service.version="1.8.8.8">example.com ArGoSoft Mail Server Freeware, Version 1.8 (1.8.8.8)</example>
+      <param pos="0" name="service.vendor" value="ArGoSoft"/>
+      <param pos="0" name="service.family" value="Mail Server"/>
+      <param pos="0" name="service.product" value="Mail Server"/>
+      <param pos="2" name="service.version"/>
+      <param pos="1" name="host.name"/>
    </fingerprint>
 
    <fingerprint pattern="^ArGoSoft Mail Server Pro for WinNT/2000, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
@@ -124,7 +134,16 @@ The system or service fingerprint with the highest certainty overwrites the othe
       <param pos="0" name="service.family" value="PIX"/>
       <param pos="0" name="service.product" value="PIX"/>
       <param pos="0" name="service.version" value="4"/>
-   </fingerprint>
+    </fingerprint>
+
+    <fingerprint pattern="CCProxy (\S+) SMTP Service Ready(?:\(Unregistered\))?$">
+      <description>Youngzsoft CCProxy SMTP</description>
+      <example service.version="7.3">CCProxy 7.3 SMTP Service Ready(Unregistered)</example>
+      <param pos="0" name="service.vendor" value="Youngzsoft"/>
+      <param pos="0" name="service.family" value="CCProxy"/>
+      <param pos="0" name="service.product" value="CCProxy"/>
+      <param pos="1" name="service.version"/>
+    </fingerprint>
 
    <fingerprint pattern="^[\*20 ]+$">
       <description>
@@ -426,6 +445,17 @@ The system or service fingerprint with the highest certainty overwrites the othe
       <param pos="0" name="service.family" value="IntraStore"/>
       <param pos="0" name="service.product" value="IntraStore"/>
       <param pos="1" name="host.name"/>
+    </fingerprint>
+
+    <fingerprint pattern="^(\S+) E?SMTP Server \(JAMES E?SMTP Server ([\d\.]+)\) ready (\S{3}, \d{2} \S{3} \d{4} \d{2}:\d{2}:\d{2} \S+) \(\S+\)$">
+      <description>JAMES SMTP Server</description>
+      <example host.name="example.com" service.version="2.3.2">example.com SMTP Server (JAMES SMTP Server 2.3.2) ready Tue, 19 May 2015 00:36:13 +0200 (CEST)</example>
+      <param pos="0" name="service.vendor" value="Apache"/>
+      <param pos="0" name="service.product" value="James"/>
+      <param pos="2" name="service.version"/>
+      <param pos="1" name="host.name"/>
+      <param pos="3" name="system.time"/>
+      <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
    </fingerprint>
 
    <fingerprint pattern="^([^ ]+) \(Mail-Max Version (\d+\.\d+\.\d+\.\d+), (.+, .+)\) ESMTP Mail Server Ready. *$">
@@ -440,6 +470,18 @@ The system or service fingerprint with the highest certainty overwrites the othe
       <param pos="1" name="host.name"/>
       <param pos="2" name="service.version"/>
       <param pos="3" name="system.time"/>
+    </fingerprint>
+
+    <fingerprint pattern="^(\S+) E?SMTP MailEnable Service, Version: ([\d\.]+)-- ready at (\d{2}/\d{2}/\d{2} \d{2}:\d{2}:\d{2})$">
+      <description>Simple MailEnable</description>
+      <example host.name="example.com">example.com ESMTP MailEnable Service, Version: 1.8-- ready at 05/20/15 08:50:22</example>
+      <param pos="0" name="service.vendor" value="MailEnable"/>
+      <param pos="0" name="service.family" value="MailEnable"/>
+      <param pos="0" name="service.product" value="MailEnable"/>
+      <param pos="0" name="system.time.format" value="MM/dd/yy HH:mm:ss"/>
+      <param pos="1" name="host.name"/>
+      <param pos="2" name="service.version"/>
+      <param pos="3" name="system.time"/>
    </fingerprint>
 
    <fingerprint pattern="^([^ ]+) \(Mail-Max Version (\d+\.\d+), (.+, .+)\) ESMTP Mail Server Ready. *$">
@@ -913,6 +955,32 @@ The system or service fingerprint with the highest certainty overwrites the othe
       <param pos="4" name="system.time"/>
    </fingerprint>
 
+   <fingerprint pattern="^(\S+)(?: UCX)? V\S+, OpenVMS V(\S+) (\S+) ready at .*$">
+      <description>Some unknown mail server on OpenVMS</description>
+      <example host.name="example.com" os.arch="IA64" os.version="8.4">example.com V5.7-ECO4, OpenVMS V8.4 IA64 ready at Wed, 20 May 2015 01:22:32 +0100 (BST)</example>
+      <example host.name="example.com" os.arch="Alpha" os.version="7.3-2">example.com V5.4-15E, OpenVMS V7.3-2 Alpha ready at Wed, 20 May 2015 01:22:18 +0100 (BST)</example>
+      <example host.name="example.com" os.arch="VAX" os.version="6.2">example.com UCX V4.2-21I, OpenVMS V6.2 VAX ready at Wed, 20 May 2015 01:15:16 GMT</example>
+      <example host.name="example.com" os.arch="Alpha" os.version="6.2-1H3">example.com UCX V4.2-21I, OpenVMS V6.2-1H3 Alpha ready at Wed, 20 May 2015 00:55:37 GMT</example>
+      <param pos="1" name="host.name"/>
+      <param pos="0" name="os.vendor" value="HP"/>
+      <param pos="0" name="os.family" value="OpenVMS"/>
+      <param pos="0" name="os.product" value="OpenVMS"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="2" name="os.version"/>
+      <param pos="3" name="os.arch"/>
+    </fingerprint>
+
+    <fingerprint pattern="^(\S+) E?SMTP PMailServer(?: \[Free Edition\]) ([\d\.]+); (\S{3}, \d{2} \S{3} \d{4} \d{2}:\d{2}:\d{2})$">
+      <description>A.K.I PMail</description>
+      <example host.name="example.com" service.version="1.91">example.com ESMTP PMailServer [Free Edition] 1.91; Fri, 22 May 2015 02:04:56</example>
+      <param pos="0" name="service.vendor" value="A.K.I Software"/>
+      <param pos="0" name="service.product" value="PMail Server"/>
+      <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss"/>
+      <param pos="1" name="host.name"/>
+      <param pos="2" name="service.version"/>
+      <param pos="3" name="system.time"/>
+    </fingerprint>
+
    <fingerprint pattern="^([^ ]+) Postfix \(Postfix-([^ ]+)-([^ ]+)\) \(([^ ]+)\) *$">
       <!--
       220 foo.bar.com ESMTP Postfix (Postfix-19991231-pl08) (Linux-Mandrake)
@@ -1051,6 +1119,15 @@ The system or service fingerprint with the highest certainty overwrites the othe
       </description>
       <param pos="0" name="service.product" value="raptor"/>
       <param pos="1" name="host.name"/>
+    </fingerprint>
+
+   <fingerprint pattern="^(\S+) SAP (\S+) E?SMTP service ready$">
+      <description>SAP SMTP Server</description>
+      <example host.name="example.com" service.version="8.04(53)">example.com SAP 8.04(53) ESMTP service ready</example>
+      <param pos="0" name="service.vendor" value="SAP"/>
+      <param pos="0" name="service.product" value="SMTP"/>
+      <param pos="2" name="service.version"/>
+      <param pos="1" name="host.name"/>
    </fingerprint>
 
    <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +([^ ]+) \(PHNE_([^ ]+)\) */ *(.+); *(.+) \(.+\)$">
@@ -1070,6 +1147,24 @@ The system or service fingerprint with the highest certainty overwrites the othe
       <param pos="3" name="sendmail.hpux.phne.version"/>
       <param pos="4" name="sendmail.config.version"/>
       <param pos="5" name="system.time"/>
+    </fingerprint>
+
+   <fingerprint pattern="^(\S+) ESMTP Sendmail \S+ version ([\d\.]+) - Revision \S+ HP-UX([\d\.]+).*(\S{3}, \d{2} \S{3} \d{4} \d{2}:\d{2}:\d{2} \S{3})$">
+      <description>
+         sendmail on HPUX
+       </description>
+      <example host.name="example.com" os.version="11.31" service.version="8.13.3">example.com ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 1.004:: HP-UX11.31 - 03rd February,2010/8.11.1; Wed, 20 May 2015 23:35:38 GMT</example>
+      <param pos="0" name="service.family" value="Sendmail"/>
+      <param pos="0" name="service.product" value="Sendmail"/>
+      <param pos="0" name="os.vendor" value="HP"/>
+      <param pos="0" name="os.family" value="HP-UX"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.product" value="HP-UX"/>
+      <param pos="3" name="os.version"/>
+      <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
+      <param pos="1" name="host.name"/>
+      <param pos="2" name="service.version"/>
+      <param pos="4" name="system.time"/>
    </fingerprint>
 
    <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +([^ ]+)/UW([^ ]+) ready at *(.+) \(.+\) *$">
@@ -1493,6 +1588,18 @@ The system or service fingerprint with the highest certainty overwrites the othe
       <param pos="1" name="host.name"/>
    </fingerprint>
 
+   <fingerprint pattern="^(\S+) ESMTP Sendmail (\S{3}, \d{2} \S{3} \d{4} \d{2}:\d{2}:\d{2} \S+)$">
+      <description>
+         catch all for other versions of sendmail, with a date/time
+      </description>
+      <example host.name="example.com">example.com ESMTP Sendmail Wed, 20 May 2015 17:17:56 -0600</example>
+      <param pos="0" name="service.family" value="Sendmail"/>
+      <param pos="0" name="service.product" value="Sendmail"/>
+      <param pos="1" name="host.name"/>
+      <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
+      <param pos="2" name="system.time"/>
+   </fingerprint>
+
    <!-- Sun Internet Mail Server -->
    <!-- Sun Internet Mail Server sims\.([^\.]+)([^\.]+)([^\.]+)([^\.]+)([^\.]+)([^\.]+)([^\.]+)([^\.]+) -->
 
@@ -1713,13 +1820,21 @@ The system or service fingerprint with the highest certainty overwrites the othe
       <param pos="4" name="system.time"/>
     </fingerprint>
 
-   <fingerprint pattern="^([^ ]+) E?SMTP(?: Ready\.?)?$">
-     <description>
-       catch all for daemons that have no distinguishing fingerprint whatsoever
-     </description>
-      <example>foo.example.com ESMTP</example>
-      <example>foo.example.com ESMTP Ready</example>
-      <example>foo.example.com SMTP</example>
+    <fingerprint pattern="^(\S+) E?SMTP Perl" flags="REG_ICASE">
+      <description>Some simple PERL SMTP server</description>
+      <example host.name="example.com">example.com ESMTP Perl</example>
+      <param pos="0" name="service.product" value="Perl"/>
+      <param pos="1" name="host.name"/>
+    </fingerprint>
+
+    <fingerprint pattern="^([^ ]+) E?SMTP(?: (?:Service )?Ready\.?)?$" flags="REG_ICASE">
+      <description>
+        catch all for daemons that have no distinguishing fingerprint whatsoever
+      </description>
+      <example host.name="example.com">example.com ESMTP</example>
+      <example host.name="example.com">example.com ESMTP Ready</example>
+      <example host.name="example.com">example.com SMTP</example>
+      <example host.name="example.com">example.com ESMTP Service ready</example>
       <param pos="0" name="service.product" value="Unknown"/>
       <param pos="1" name="host.name"/>
    </fingerprint>

data/xml/snmp_sysdescr.xml

@@ -1031,9 +1031,10 @@
                               BROCADE
    =======================================================================-->
 
-   <fingerprint pattern="^Fibre Channel Switch\.$">
+   <fingerprint pattern="^Fibre Channel Switch\.?$">
       <description>Brocade FabricOS switch</description>
       <example>Fibre Channel Switch.</example>
+      <example>Fibre Channel Switch</example>
       <param pos="0" name="os.vendor" value="Brocade"/>
       <param pos="0" name="os.product" value="Fabric OS"/>
       <param pos="0" name="os.device" value="Switch"/>
@@ -2631,22 +2632,10 @@ Copyright (c) 1995-2005 by Cisco Systems
       <param pos="4" name="os.version.version"/>
    </fingerprint>
 
-   <fingerprint pattern="^(\S+) (.*?) Digital UNIX V(\S+) \(Rev\. ([^\)]+)\).*TCP/IP$">
+   <fingerprint pattern="^(\S+) (.*?) Digital UNIX V(\S+)\s+\(Rev\. ([^\)]+)\).*TCP/IP$">
       <description>Digital/Compaq/HP Tru64 Unix</description>
-      <example>clima.igpsdfpe COMPAQ AlphaServer DS20E 500 MHz Digital UNIX V4.0F (Rev. 1229); Mon Apr 12 13:30:41 EDT 1999 TCP/IP</example>
-      <example>dino.snusdfr COMPAQ Professional Workstation XP1000 Digital UNIX V4.0F (Rev. 1229); Thu Oct 21 13:13:28 KST 1999 TCP/IP</example>
-      <example>george1.sdftw COMPAQ Professional Workstation XP1000 Digital UNIX V4.0F (Rev. 1229); Fri Apr 21 14:49:53 CST 2000 TCP/IP</example>
-      <example>hsdfdf.it COMPAQ AlphaServer DS20E 666 MHz Digital UNIX V4.0F (Rev. 1229); Fri Apr 27 12:22:53 MET DST 2001 TCP/IP</example>
-      <example>hisdfcfdcnr.it COMPAQ Professional Workstation XP1000 Digital UNIX V4.0F (Rev. 1229); Thu Jan 20 21:51:21 GMT 2000 TCP/IP</example>
-      <example>ingriv.na.infn.it COMPAQ Professional Workstation XP1000 Digital UNIX V4.0F (Rev. 1229); Mon Feb 5 12:09:16 MET 2001 TCP/IP</example>
-      <example>lib.nthsdfv.tw COMPAQ AlphaServer DS20E 833 MHz Digital UNIX V4.0F (Rev. 1229); Sat Oct 31 14:16:13 CST 2009 TCP/IP</example>
-      <example>main.chemisdfna.it COMPAQ AlphaServer DS10 466 MHz Digital UNIX V4.0F (Rev. 1229); Sat Nov 27 14:08:50 GMT+0100 2004 TCP/IP</example>
-      <example>moldyn.cscp.sdfr.it COMPAQ Professional Workstation XP1000 Digital UNIX V5.0 (Rev. 910); Fri Nov 17 15:54:45 MET 2000 TCP/IP</example>
-      <example>nambukdb COMPAQ AlphaServer DS20E 666 MHz Digital UNIX V4.0F (Rev. 1229); Mon Aug 13 22:11:20 KST 2007 TCP/IP</example>
-      <example>nctsphys1.phsdfthu.edu.tw COMPAQ Professional Workstation XP1000 Digital UNIX V4.0E (Rev. 1091); Wed Jul 14 15:57:17 CST 1999 TCP/IP</example>
-      <example>oya.gesdfcsb.edu COMPAQ Professional Workstation XP1000 Digital UNIX V4.0F (Rev. 1229); Fri Sep 13 13:44:20 PDT 2002 TCP/IP</example>
-      <example>quarsdfctecsdfr.th COMPAQ AlphaServer DS10 466 MHz Digital UNIX V4.0G (Rev. 1530); Fri Jun 20 14:03:00 GMT+0700 2003 TCP/IP</example>
-      <example>tunisdf.nhisdfdu.tw COMPAQ AlphaServer DS10 617 MHz Digital UNIX V4.0F (Rev. 1229); Wed May 22 13:55:58 CST 2002 TCP/IP</example>
+      <example host.name="example.com" hw.product="COMPAQ AlphaServer DS10 617 MHz" os.version="4.0F" os.version.version="1229">example.com COMPAQ AlphaServer DS10 617 MHz Digital UNIX V4.0F (Rev. 1229); Wed May 22 13:55:58 CST 2002 TCP/IP</example>
+      <example host.name="example.com" hw.product="COMPAQ Professional Workstation XP1000" os.version="4.0F" os.version.version="1229">example.com COMPAQ Professional Workstation XP1000 Digital UNIX V4.0F  (Rev. 1229); Wed Jun 30 14:32:53 MET DST 2004 . TCP/IP</example>
       <param pos="0" name="os.vendor" value="HP"/>
       <param pos="0" name="os.family" value="Unix"/>
       <param pos="0" name="os.product" value="Digital Unix"/>
@@ -3363,13 +3352,22 @@ Copyright (c) 1995-2005 by Cisco Systems
    </fingerprint>
 
    <fingerprint pattern="^Integrated Lights-Out (\d) \d+\.\d+ [A-Za-z]{3} \d{1,2} \d{4}$">
-      <description>HP Integrated Lights-Out (iLO)</description>
+      <description>HP Integrated Lights-Out (iLO) with firmware version</description>
       <example os.version="4">Integrated Lights-Out 4 2.02 Aug 18 2014</example>
       <!--2.02 is firmware version-->
       <param pos="0" name="os.vendor" value="HP"/>
       <param pos="0" name="os.family" value="iLO"/>
       <param pos="0" name="os.device" value="iLO"/>
       <param pos="1" name="os.version"/>
+    </fingerprint>
+
+   <fingerprint pattern="^Integrated Lights-Out (\d) \(iLO \d\) for Integrity$">
+      <description>HP Integrated Lights-Out (iLO) without firmware version</description>
+      <example os.version="2">Integrated Lights-Out 2 (iLO 2) for Integrity</example>
+      <param pos="0" name="os.vendor" value="HP"/>
+      <param pos="0" name="os.family" value="iLO"/>
+      <param pos="0" name="os.device" value="iLO"/>
+      <param pos="1" name="os.version"/>
    </fingerprint>
 
    <!--======================================================================
@@ -4803,6 +4801,23 @@ Copyright (c) 1995-2005 by Cisco Systems
       <param pos="0" name="os.device" value="Printer"/>
    </fingerprint>
 
+   <!--======================================================================
+                              Lenel
+   =======================================================================-->
+
+   <fingerprint pattern="^(LNL-\d+) (.*) Firmware Version ([\d\.]+) Build \d+$">
+      <description>Various Lenel hardware, typically door controllers, etc</description>
+      <example hw.product="LNL-2210" os.device="Intelligent Single Door Controller" os.version="1.17.6">LNL-2210 Intelligent Single Door Controller Firmware Version 1.17.6 Build 359</example>
+      <example hw.product="LNL-2220" os.device="Intelligent Dual Reader Controller" os.version="1.17.3">LNL-2220 Intelligent Dual Reader Controller Firmware Version 1.17.3 Build 351</example>
+      <example hw.product="LNL-3300" os.device="Intelligent System Controller" os.version="1.17.6">LNL-3300 Intelligent System Controller Firmware Version 1.17.6 Build 359</example>
+      <param pos="0" name="os.vendor" value="Lenel"/>
+      <!-- it isn't clear what the OS is... -->
+      <param pos="1" name="hw.product"/>
+      <param pos="2" name="os.device"/>
+      <param pos="3" name="os.version"/>
+   </fingerprint>
+
+
    <!--======================================================================
                               LINUX
 
@@ -5197,6 +5212,28 @@ Copyright (c) 1995-2005 by Cisco Systems
       <param pos="0" name="os.product" value="Windows Server 2003"/>
       <param pos="0" name="os.device" value="General"/>
       <param pos="0" name="os.arch" value="x86_64"/>
+    </fingerprint>
+
+   <fingerprint pattern="^Windows_NT Microsoft Windows Server 2003 5.2 3790 Service Pack 2, GenuineIntel \S+64.*$">
+      <description>Rare Windows 2003 SP2 sysDescr, x64</description>
+      <example>Windows_NT Microsoft Windows Server 2003 5.2 3790 Service Pack 2, GenuineIntel EM64T Family 6 Model 23 Stepping 6</example>
+      <param pos="0" name="os.vendor" value="Microsoft"/>
+      <param pos="0" name="os.family" value="Windows"/>
+      <param pos="0" name="os.product" value="Windows Server 2003"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.arch" value="x86_64"/>
+      <param pos="0" name="os.version" value="SP1"/>
+    </fingerprint>
+
+   <fingerprint pattern="^Windows_NT Microsoft Windows Server 2003 5.2 3790 Service Pack 2, GenuineIntel x86.*$">
+      <description>Rare Windows 2003 SP2 sysDescr, x86</description>
+      <example>Windows_NT Microsoft Windows Server 2003 5.2 3790 Service Pack 2, GenuineIntel x86 Family 6 Model 23 Stepping 6</example>
+      <param pos="0" name="os.vendor" value="Microsoft"/>
+      <param pos="0" name="os.family" value="Windows"/>
+      <param pos="0" name="os.product" value="Windows Server 2003"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.arch" value="x86"/>
+      <param pos="0" name="os.version" value="SP1"/>
    </fingerprint>
 
    <fingerprint pattern="^Microsoft Windows CE Version ([\d.]+).*$">
@@ -5338,6 +5375,26 @@ Copyright (c) 1995-2005 by Cisco Systems
       <param pos="0" name="os.product" value="Windows 8"/>
       <param pos="0" name="os.device" value="General"/>
       <param pos="0" name="os.arch" value="x86"/>
+    </fingerprint>
+
+    <fingerprint pattern="^Hardware: \S+64.*Software: Windows Version 6.3 \(Build 9600">
+      <description>Windows 8 on x86_64</description>
+      <example>Hardware: AMD64 Family 21 Model 0 Stepping 2 AT/AT COMPATIBLE - Software: Windows Version 6.3 (Build 9600 Multiprocessor Free)</example>
+      <param pos="0" name="os.vendor" value="Microsoft"/>
+      <param pos="0" name="os.family" value="Windows"/>
+      <param pos="0" name="os.product" value="Windows 8.1"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.arch" value="x86_64"/>
+    </fingerprint>
+
+    <fingerprint pattern="^Hardware: x86.*Software: Windows Version 6.3 \(Build 9600">
+      <description>Windows 8 on x86</description>
+      <example>Hardware: x86 Family 21 Model 0 Stepping 2 AT/AT COMPATIBLE - Software: Windows Version 6.3 (Build 9600 Multiprocessor Free)</example>
+      <param pos="0" name="os.vendor" value="Microsoft"/>
+      <param pos="0" name="os.family" value="Windows"/>
+      <param pos="0" name="os.product" value="Windows 8.1"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.arch" value="x86"/>
    </fingerprint>
 
    <fingerprint pattern="Windows\s\S+\s(6\.2\.\d+)\s+Server\s[\d\.]+\s(\w+).*">
@@ -7943,6 +8000,29 @@ Copyright (c) 1995-2005 by Cisco Systems
       <param pos="0" name="os.product" value="VxWorks"/>
    </fingerprint>
 
+   <!--======================================================================
+                             VMware
+   =======================================================================-->
+
+   <fingerprint pattern="^(VMware ESXi?) (\d\.\d+\.\d+) build-\d+ VMware, Inc\. (\S+)$">
+      <description>VMware ESX/ESXi</description>
+      <example os.product="VMware ESXi" os.version="5.1.0" os.arch="x86_64">VMware ESXi 5.1.0 build-1157734 VMware, Inc. x86_64</example>
+      <example os.product="VMware ESX" os.version="5.0.0" os.arch="x86_64">VMware ESX 5.0.0 build-623860 VMware, Inc. x86_64</example>
+      <param pos="0" name="os.vendor" value="VMware"/>
+      <param pos="0" name="os.family" value="VMware ESX/ESXi"/>
+      <param pos="1" name="os.product"/>
+      <param pos="2" name="os.version"/>
+      <param pos="3" name="os.arch"/>
+    </fingerprint>
+
+   <fingerprint pattern="^&quot;vSphere Management Assistant ([\d\.]+)&quot;$">
+      <description>VMware vSphere Management assistant, which is a virtual machine (https://www.vmware.com/support/developer/vima/)</description>
+      <example os.version="4.1.0">"vSphere Management Assistant 4.1.0"</example>
+      <param pos="0" name="os.vendor" value="VMware"/>
+      <param pos="0" name="os.product" value="vSphere Management Assistant"/>
+      <param pos="1" name="os.version"/>
+   </fingerprint>
+
 
    <!--======================================================================
                               XEROX
@@ -8198,23 +8278,4 @@ Copyright (c) 1995-2005 by Cisco Systems
       <param pos="0" name="os.product" value="Prestige 650R-T3"/>
       <param pos="0" name="os.device" value="Broadband Router"/>
    </fingerprint>
-
-   <fingerprint pattern="^(VMware ESXi?) (\d\.\d+\.\d+) build-\d+ VMware, Inc\. (\S+)$">
-      <description>VMware ESX/ESXi</description>
-      <example os.product="VMware ESXi" os.version="5.1.0" os.arch="x86_64">VMware ESXi 5.1.0 build-1157734 VMware, Inc. x86_64</example>
-      <example os.product="VMware ESX" os.version="5.0.0" os.arch="x86_64">VMware ESX 5.0.0 build-623860 VMware, Inc. x86_64</example>
-      <param pos="0" name="os.vendor" value="VMware"/>
-      <param pos="0" name="os.family" value="VMware ESX/ESXi"/>
-      <param pos="1" name="os.product"/>
-      <param pos="2" name="os.version"/>
-      <param pos="3" name="os.arch"/>
-    </fingerprint>
-
-   <fingerprint pattern="^&quot;vSphere Management Assistant ([\d\.]+)&quot;$">
-      <description>VMware vSphere Management assistant, which is a virtual machine (https://www.vmware.com/support/developer/vima/)</description>
-      <example os.version="4.1.0">"vSphere Management Assistant 4.1.0"</example>
-      <param pos="0" name="os.vendor" value="VMware"/>
-      <param pos="0" name="os.product" value="vSphere Management Assistant"/>
-      <param pos="1" name="os.version"/>
-   </fingerprint>
 </fingerprints>

data/xml/ssh_banners.xml

@@ -590,10 +590,11 @@ fingerprint SSH servers.
       <param pos="0" name="os.product" value="Windows"/>
     </fingerprint>
 
-   <fingerprint pattern="^([^\s]+) FlowSsh: WinSSHD ([^ ]+):?.*$">
+   <fingerprint pattern="^([^\s]+) FlowSsh: (?:Bitvise SSH Server \(WinSSHD\)|WinSSHD) ([\d\.]+):?.*$">
      <description>Bitvise WinSSHD (which uses Bitvise flowssh)</description>
-      <example>1.03 FlowSsh: WinSSHD 5.09</example>
-      <example>1.07 FlowSsh: WinSSHD 5.20: free only for personal non-commercial use</example>
+      <example service.version="5.09" service.component.version="1.03">1.03 FlowSsh: WinSSHD 5.09</example>
+      <example service.version="5.20" service.component.version="1.07">1.07 FlowSsh: WinSSHD 5.20: free only for personal non-commercial use</example>
+      <example service.version="6.03" service.component.version="5.21">5.21 FlowSsh: Bitvise SSH Server (WinSSHD) 6.03: free only for personal non-commercial use</example>
       <param pos="1" name="service.component.version"/>
       <param pos="2" name="service.version"/>
       <param pos="0" name="service.component.vendor" value="Bitvise"/>
@@ -633,9 +634,10 @@ fingerprint SSH servers.
       <param pos="0" name="os.product" value="Windows"/>
    </fingerprint>
 
-   <fingerprint pattern="^VShell_(\d+)_(\d+)_(\d+)_(\d+) VShell$">
+   <fingerprint pattern="^VShell_(?:Special_Edition_)?(\d+)_(\d+)_(\d+)_(\d+) VShell$">
       <description>VanDyke VShell</description>
-      <example>VShell_3_6_2_446 VShell</example>
+      <example service.version="3" service.version.version="6" service.version.version.version="2" service.version.version.version.version="446">VShell_3_6_2_446 VShell</example>
+      <example service.version="2" service.version.version="5" service.version.version.version="0" service.version.version.version.version="204">VShell_Special_Edition_2_5_0_204 VShell</example>
       <param pos="1" name="service.version"/>
       <param pos="2" name="service.version.version"/>
       <param pos="3" name="service.version.version.version"/>
@@ -788,6 +790,14 @@ fingerprint SSH servers.
       <param pos="0" name="os.device" value="Network"/>
       <param pos="0" name="os.family" value="Comware"/>
       <param pos="1" name="os.version"/>
+    </fingerprint>
+
+   <fingerprint pattern="^Data ONTAP SSH [\d\.]+$">
+      <description>SSH NetApp appliances</description>
+      <example>Data ONTAP SSH 1.0</example>
+      <param pos="0" name="os.vendor" value="NetApp"/>
+      <param pos="0" name="os.family" value="Data ONTAP"/>
+      <param pos="0" name="os.product" value="Data ONTAP"/>
    </fingerprint>
 
    <fingerprint pattern="^(\d\.\d+\.\d+) SSH Secure Shell OpenVMS V\d\.\d$">
@@ -826,6 +836,14 @@ fingerprint SSH servers.
       <param pos="0" name="os.certainty" value="0.75"/>
    </fingerprint>
 
+   <fingerprint pattern="^\S+ SSH Secure Shell Tru64 UNIX$">
+      <description>Digital/Compaq/HP Tru64 Unix</description>
+      <example>3.2.0 SSH Secure Shell Tru64 UNIX</example>
+      <param pos="0" name="os.vendor" value="HP"/>
+      <param pos="0" name="os.family" value="Unix"/>
+      <param pos="0" name="os.product" value="Tru64 Unix"/>
+      <param pos="0" name="os.device" value="General"/>
+   </fingerprint>
 <!--
 1.2.22j4rad
 2.40

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: recog
 version: !ruby/object:Gem::Version
-  version: 2.0.2
+  version: 2.0.4
 platform: ruby
 authors:
 - Rapid7 Research
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-05-20 00:00:00.000000000 Z
+date: 2015-05-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec