recog 2.0.24 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +1 -1
  3. data/features/data/matching_banners_fingerprints.xml +2 -1
  4. data/features/data/multiple_banners_fingerprints.xml +2 -0
  5. data/features/match.feature +6 -6
  6. data/lib/recog/db.rb +33 -11
  7. data/lib/recog/db_manager.rb +6 -2
  8. data/lib/recog/fingerprint.rb +39 -2
  9. data/lib/recog/nizer.rb +93 -20
  10. data/lib/recog/version.rb +1 -1
  11. data/spec/lib/fingerprint_self_test_spec.rb +7 -0
  12. data/spec/lib/recog/nizer_spec.rb +165 -3
  13. data/xml/apache_os.xml +1 -1
  14. data/xml/architecture.xml +1 -1
  15. data/xml/fingerprints.xsd +91 -0
  16. data/xml/ftp_banners.xml +456 -74
  17. data/xml/h323_callresp.xml +1 -1
  18. data/xml/hp_pjl_id.xml +4 -1
  19. data/xml/http_cookies.xml +1 -1
  20. data/xml/http_servers.xml +1 -1
  21. data/xml/http_wwwauth.xml +1 -1
  22. data/xml/imap_banners.xml +1 -1
  23. data/xml/ldap_searchresult.xml +1 -1
  24. data/xml/mdns_device-info_txt.xml +1 -1
  25. data/xml/mdns_workstation_txt.xml +1 -1
  26. data/xml/mysql_banners.xml +1 -1
  27. data/xml/mysql_error.xml +1 -1
  28. data/xml/nntp_banners.xml +1 -1
  29. data/xml/ntp_banners.xml +1 -1
  30. data/xml/operating_system.xml +1 -1
  31. data/xml/pop_banners.xml +1 -1
  32. data/xml/rsh_resp.xml +1 -1
  33. data/xml/sip_banners.xml +1 -1
  34. data/xml/sip_user_agents.xml +1 -1
  35. data/xml/smb_native_lm.xml +1 -1
  36. data/xml/smb_native_os.xml +1 -1
  37. data/xml/smtp_banners.xml +5 -1
  38. data/xml/smtp_debug.xml +4 -1
  39. data/xml/smtp_ehlo.xml +4 -1
  40. data/xml/smtp_expn.xml +4 -1
  41. data/xml/smtp_help.xml +4 -1
  42. data/xml/smtp_mailfrom.xml +1 -1
  43. data/xml/smtp_noop.xml +4 -1
  44. data/xml/smtp_quit.xml +4 -1
  45. data/xml/smtp_rcptto.xml +1 -1
  46. data/xml/smtp_rset.xml +4 -1
  47. data/xml/smtp_turn.xml +4 -1
  48. data/xml/smtp_vrfy.xml +4 -1
  49. data/xml/snmp_sysdescr.xml +1 -1
  50. data/xml/snmp_sysobjid.xml +1 -1
  51. data/xml/ssh_banners.xml +1 -1
  52. data/xml/upnp_banners.xml +1 -1
  53. metadata +4 -3
@@ -4,7 +4,7 @@ When an HTTP server is fingerprinted as Apache, a 2nd analysis pass is done
4
4
  on the server headers HTTPProtocolHelper.SERVER_HEADERS: they are matched
5
5
  against the following patterns to extract OS information.
6
6
  -->
7
- <fingerprints matches="apache_os">
7
+ <fingerprints matches="apache_os" database_type="util.os" preference="0.10">
8
8
  <fingerprint pattern=".*\(iSeries\).*">
9
9
  <description>IBM i5/OS iSeries (OS/400)</description>
10
10
  <param pos="0" name="os.vendor" value="IBM"/>
@@ -2,7 +2,7 @@
2
2
  <!--
3
3
  Generic rules for matching a machine architecture, platform, or chipset
4
4
  -->
5
- <fingerprints matches="architecture">
5
+ <fingerprints matches="architecture" database_type="util.os">
6
6
  <fingerprint pattern="x64|amd64|x86_64" flags="REG_ICASE">
7
7
  <description>x64 (x86_x64)</description>
8
8
  <example>Linux claw 3.11.0-15-generic #23-Ubuntu SMP Mon Dec 9 18:17:04 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux</example>
@@ -3,10 +3,101 @@
3
3
  <xsd:element name="fingerprints" type="fingerprints_element"/>
4
4
 
5
5
  <xsd:complexType name="fingerprints_element">
6
+ <xsd:annotation>
7
+ <xsd:documentation xml:lang="en">
8
+ The attributes that follow this documentation help categorize the
9
+ fingerprint databases and contents as well as enable optimization of
10
+ their processing.
11
+
12
+ - matches: provides a XML fingerprint database identifier. It is
13
+ intended to be descriptive in nature and often indicates a protocol
14
+ and function or sub-protocol type. Examples of this would be
15
+ 'mysql.banners' vs 'mysql.errors'. If this attribute is not present
16
+ in the XML then its value is the base filename without the file
17
+ extension. See Recog::DB#parse_fingerprints
18
+ This value is returned as part of any successful match.
19
+
20
+ - protocol: indicates the name of the service or protocol
21
+ found within the XML fingerprint database. Examples of this would
22
+ be 'ftp', 'smtp', 'ssh', etc. Within Recog this value will be
23
+ superseded by a 'service.protocol' attribute on a specific
24
+ fingerprint match. See Recog::DB#parse_fingerprints
25
+ This value has two purposes. It can be used for filtering
26
+ ( See Recog::Nizer#match_all_db ) and is returned as part of any
27
+ successful match.
28
+
29
+ - database_type: indicates the type of fingerprints matches expected
30
+ to be found within the database. These values are used by
31
+ Recog::Nizer#match_all_db to filter matches to just the type of
32
+ database that is relevant to the match string.
33
+ This value is *NOT* returned as part of successful matches.
34
+
35
+ Current values are:
36
+
37
+ - service: These fingerprints are intended to match banners or
38
+ other responses from services. Fingerprint matches in 'service'
39
+ database do not necessarily have to return 'service.' attributes
40
+ in the match data.
41
+
42
+ - util.os: These fingerprints are intended to be used to identify
43
+ or extract OS related information from strings that are not
44
+ responses to service probes. This may be used in a utility
45
+ capacity and may provide for data enrichment via an independent
46
+ call after a service banner match has already be made.
47
+
48
+ - preference: indicates the relative priority/ordering that will be used
49
+ when Recog::Nizer performs matches against multiple databases.
50
+ 'preference' is a float value that currently ranges from 0.0 to 1.0
51
+ Higher numbers are given greater priority and will be processed
52
+ first. If this attribute is not present in the fingerprint database
53
+ it will be assigned the value of 'DEFAULT_FP_PREFERENCE' within
54
+ Recog::DB which is currently 0.10
55
+
56
+ This value is *NOT* returned as part of successful matches.
57
+
58
+ When determining the priority of a fingerprint database the
59
+ following criterial and rules should be used:
60
+
61
+ - Values above 0.90 should be reserved for end user use with the
62
+ goal of enabling them to create fingerprint databases that will
63
+ always take priority over those included in the Recog project.
64
+
65
+ - Values below 0.10 should be reserved for end user use with the
66
+ goal of enabling them to create fingerprint databases that will
67
+ always be processed after those included with the Recog project.
68
+
69
+ - The highest level of preference should be given to those
70
+ fingerprint databases that have very high quality matches
71
+ (very strict regex, accurate).
72
+
73
+ - Priority should be given to those fingerprint databases that
74
+ are for very common services.
75
+
76
+ - Consideration should be given to preferring databases that will
77
+ provide the most valuable data. For example, 'http_header.server'
78
+ and 'http_header.cookie' may both provide matches to the same
79
+ HTTP server response, but 'http_header.server' is more likely
80
+ to provide the best data.
81
+
82
+ - Values of 0.90 - 0.80 should be used for those very high quality,
83
+ highly common services.
84
+ </xsd:documentation>
85
+ </xsd:annotation>
6
86
  <xsd:sequence>
7
87
  <xsd:element name="fingerprint" type="fingerprint_element" minOccurs="1" maxOccurs="unbounded"/>
8
88
  </xsd:sequence>
89
+
9
90
  <xsd:attribute name="matches" type="xsd:string" use="optional"/>
91
+ <xsd:attribute name="protocol" type="xsd:string" use="optional"/>
92
+ <xsd:attribute name="database_type" type="xsd:string" use="optional"/>
93
+ <xsd:attribute name="preference" use="optional">
94
+ <xsd:simpleType>
95
+ <xsd:restriction base="xsd:float">
96
+ <xsd:minInclusive value="0" />
97
+ <xsd:maxInclusive value="1.0" />
98
+ </xsd:restriction>
99
+ </xsd:simpleType>
100
+ </xsd:attribute>
10
101
  </xsd:complexType>
11
102
 
12
103
  <xsd:complexType name="fingerprint_element" mixed="true">
@@ -3,7 +3,7 @@
3
3
  FTP greeting messages (part of the banner after the response code) are matched
4
4
  against these patterns to fingerprint FTP servers.
5
5
  -->
6
- <fingerprints matches="ftp.banner">
6
+ <fingerprints matches="ftp.banner" protocol="ftp" database_type="service" preference="0.90">
7
7
  <fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version ([1234]\.\d+)\)\.$">
8
8
  <description>Microsoft FTP Server on Windows NT</description>
9
9
  <example>xx Microsoft FTP Service (Version 3.0).</example>
@@ -12,7 +12,6 @@ against these patterns to fingerprint FTP servers.
12
12
  <param pos="0" name="service.family" value="IIS"/>
13
13
  <param pos="2" name="service.version"/>
14
14
  <param pos="0" name="os.vendor" value="Microsoft"/>
15
- <param pos="0" name="os.device" value="General"/>
16
15
  <param pos="0" name="os.family" value="Windows"/>
17
16
  <param pos="0" name="os.product" value="Windows NT"/>
18
17
  <param pos="1" name="host.name"/>
@@ -25,7 +24,6 @@ against these patterns to fingerprint FTP servers.
25
24
  <param pos="0" name="service.family" value="IIS"/>
26
25
  <param pos="0" name="service.version" value="5.0"/>
27
26
  <param pos="0" name="os.vendor" value="Microsoft"/>
28
- <param pos="0" name="os.device" value="General"/>
29
27
  <param pos="0" name="os.family" value="Windows"/>
30
28
  <param pos="0" name="os.product" value="Windows 2000"/>
31
29
  <param pos="1" name="host.name"/>
@@ -37,7 +35,6 @@ against these patterns to fingerprint FTP servers.
37
35
  <param pos="0" name="service.product" value="IIS"/>
38
36
  <param pos="0" name="service.family" value="IIS"/>
39
37
  <param pos="0" name="os.vendor" value="Microsoft"/>
40
- <param pos="0" name="os.device" value="General"/>
41
38
  <param pos="0" name="os.family" value="Windows"/>
42
39
  <param pos="0" name="os.product" value="Windows"/>
43
40
  <param pos="1" name="host.name"/>
@@ -49,7 +46,6 @@ against these patterns to fingerprint FTP servers.
49
46
  <param pos="0" name="service.product" value="IIS"/>
50
47
  <param pos="0" name="service.family" value="IIS"/>
51
48
  <param pos="0" name="os.vendor" value="Microsoft"/>
52
- <param pos="0" name="os.device" value="General"/>
53
49
  <param pos="0" name="os.family" value="Windows"/>
54
50
  <param pos="0" name="os.product" value="Windows"/>
55
51
  <param pos="1" name="host.name"/>
@@ -61,7 +57,6 @@ against these patterns to fingerprint FTP servers.
61
57
  <param pos="0" name="service.product" value="IIS"/>
62
58
  <param pos="0" name="service.family" value="IIS"/>
63
59
  <param pos="0" name="os.vendor" value="Microsoft"/>
64
- <param pos="0" name="os.device" value="General"/>
65
60
  <param pos="0" name="os.family" value="Windows"/>
66
61
  <param pos="0" name="os.product" value="Windows"/>
67
62
  </fingerprint>
@@ -74,7 +69,6 @@ against these patterns to fingerprint FTP servers.
74
69
  <param pos="0" name="service.product" value="FTPD"/>
75
70
  <param pos="0" name="os.vendor" value="HP"/>
76
71
  <param pos="0" name="os.family" value="HP-UX"/>
77
- <param pos="0" name="os.device" value="General"/>
78
72
  <param pos="0" name="os.product" value="HP-UX"/>
79
73
  <param pos="1" name="host.name"/>
80
74
  <param pos="2" name="service.version"/>
@@ -88,7 +82,6 @@ against these patterns to fingerprint FTP servers.
88
82
  <param pos="0" name="service.product" value="WU-FTPD"/>
89
83
  <param pos="0" name="os.vendor" value="HP"/>
90
84
  <param pos="0" name="os.family" value="HP-UX"/>
91
- <param pos="0" name="os.device" value="General"/>
92
85
  <param pos="0" name="os.product" value="HP-UX"/>
93
86
  <param pos="1" name="host.name"/>
94
87
  <param pos="2" name="service.version"/>
@@ -113,7 +106,6 @@ example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.</exampl
113
106
  <param pos="0" name="service.product" value="FTP"/>
114
107
  <param pos="0" name="os.vendor" value="Apple"/>
115
108
  <param pos="0" name="os.family" value="Mac OS X"/>
116
- <param pos="0" name="os.device" value="General"/>
117
109
  <param pos="0" name="os.product" value="Mac OS X Server"/>
118
110
  <param pos="1" name="host.name"/>
119
111
  <param pos="2" name="os.version"/>
@@ -127,7 +119,6 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
127
119
  <param pos="0" name="service.product" value="FTP"/>
128
120
  <param pos="0" name="os.vendor" value="Apple"/>
129
121
  <param pos="0" name="os.family" value="Mac OS X"/>
130
- <param pos="0" name="os.device" value="General"/>
131
122
  <param pos="0" name="os.product" value="Mac OS X Server"/>
132
123
  <param pos="1" name="host.name"/>
133
124
  </fingerprint>
@@ -144,7 +135,6 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
144
135
  <param pos="0" name="os.vendor" value="Sun"/>
145
136
  <param pos="0" name="os.family" value="Solaris"/>
146
137
  <param pos="0" name="os.product" value="Solaris"/>
147
- <param pos="0" name="os.device" value="General"/>
148
138
  <param pos="1" name="host.name"/>
149
139
  <param pos="2" name="os.version"/>
150
140
  </fingerprint>
@@ -152,10 +142,10 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
152
142
  <description>ProFTPD on Debian Linux</description>
153
143
  <example>ProFTPD 1.3.0rc2 Server (Debian) [host]</example>
154
144
  <param pos="0" name="service.family" value="ProFTPD"/>
145
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
155
146
  <param pos="0" name="service.product" value="ProFTPD"/>
156
147
  <param pos="1" name="service.version"/>
157
148
  <param pos="0" name="os.vendor" value="Debian"/>
158
- <param pos="0" name="os.device" value="General"/>
159
149
  <param pos="0" name="os.family" value="Linux"/>
160
150
  <param pos="0" name="os.product" value="Linux"/>
161
151
  <param pos="2" name="host.name"/>
@@ -164,6 +154,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
164
154
  <description>ProFTPD on a Linksys Wireless Access Point/Router</description>
165
155
  <example>ProFTPD 1.3.0rc2 Server (LinksysWRT350N) [host]</example>
166
156
  <param pos="0" name="service.family" value="ProFTPD"/>
157
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
167
158
  <param pos="0" name="service.product" value="ProFTPD"/>
168
159
  <param pos="1" name="service.version"/>
169
160
  <param pos="0" name="os.vendor" value="Linksys"/>
@@ -174,6 +165,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
174
165
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(.*)\) \[(.+)\]$">
175
166
  <description>ProFTPD on a wired Linksys device</description>
176
167
  <param pos="0" name="service.family" value="ProFTPD"/>
168
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
177
169
  <param pos="0" name="service.product" value="ProFTPD"/>
178
170
  <param pos="1" name="service.version"/>
179
171
  <param pos="0" name="os.vendor" value="Linksys"/>
@@ -183,10 +175,11 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
183
175
  </fingerprint>
184
176
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[(.+)\]$">
185
177
  <description>ProFTPD with version info but no obvious OS info</description>
186
- <example>ProFTPD 1.2.10 Server (Main FTP Server) [host]</example>
187
- <example>ProFTPD 1.2.10 Server (ProFTPD) [host]</example>
188
- <example>ProFTPD 1.2.10rc3 Server (ProFTPD Default Installation) [host]</example>
178
+ <example service.version="1.2.10">ProFTPD 1.2.10 Server (Main FTP Server) [host]</example>
179
+ <example proftpd.server.name="ProFTPD">ProFTPD 1.2.10 Server (ProFTPD) [host]</example>
180
+ <example host.name="host">ProFTPD 1.2.10rc3 Server (ProFTPD Default Installation) [host]</example>
189
181
  <param pos="0" name="service.family" value="ProFTPD"/>
182
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
190
183
  <param pos="0" name="service.product" value="ProFTPD"/>
191
184
  <param pos="1" name="service.version"/>
192
185
  <param pos="2" name="proftpd.server.name"/>
@@ -194,8 +187,9 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
194
187
  </fingerprint>
195
188
  <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server ready\.$">
196
189
  <description>ProFTPD with only version info</description>
197
- <example>ProFTPD 1.3.0rc2 Server ready.</example>
190
+ <example service.version="1.3.0rc2">ProFTPD 1.3.0rc2 Server ready.</example>
198
191
  <param pos="0" name="service.family" value="ProFTPD"/>
192
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
199
193
  <param pos="0" name="service.product" value="ProFTPD"/>
200
194
  <param pos="1" name="service.version"/>
201
195
  </fingerprint>
@@ -203,8 +197,36 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
203
197
  <description>ProFTPD with no version info</description>
204
198
  <example>ProFTPD FTP Server ready.</example>
205
199
  <param pos="0" name="service.family" value="ProFTPD"/>
200
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
206
201
  <param pos="0" name="service.product" value="ProFTPD"/>
207
202
  </fingerprint>
203
+ <fingerprint pattern="^ProFTPD Server$">
204
+ <description>ProFTPD with no version info, short form</description>
205
+ <example>ProFTPD Server</example>
206
+ <param pos="0" name="service.family" value="ProFTPD"/>
207
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
208
+ <param pos="0" name="service.product" value="ProFTPD"/>
209
+ </fingerprint>
210
+ <fingerprint pattern="^(?:\d{4}\-\d\d\-\d\d \d\d:\d\d:\d\d,\d\d\d )?(\S+) proftpd\[\d+\]: error: no valid servers configured">
211
+ <description>ProFTPD no valid servers configured</description>
212
+ <example host.name="ftp.host.com">ftp.host.com proftpd[40312]: error: no valid servers configured\n</example>
213
+ <example host.name="hostname.com">2016-10-31 12:14:35,524 hostname.com proftpd[26992]: error: no valid servers configured\n</example>
214
+ <param pos="0" name="service.family" value="ProFTPD"/>
215
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
216
+ <param pos="0" name="service.product" value="ProFTPD"/>
217
+ <param pos="1" name="host.name"/>
218
+ </fingerprint>
219
+ <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[[\h.:\]]*$">
220
+ <description>ProFTPD with version info - truncated</description>
221
+ <example service.version="1.3.2c">ProFTPD 1.3.2c Server (ProFTPD Default Installation) [</example>
222
+ <example proftpd.server.name="svrname.hosting.com">ProFTPD 1.3.0 Server (svrname.hosting.com) [10.10.10.</example>
223
+ <example>ProFTPD 1.3.3a Server (randomstring) [::ff</example>
224
+ <param pos="0" name="service.family" value="ProFTPD"/>
225
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
226
+ <param pos="0" name="service.product" value="ProFTPD"/>
227
+ <param pos="1" name="service.version"/>
228
+ <param pos="2" name="proftpd.server.name"/>
229
+ </fingerprint>
208
230
  <fingerprint pattern="^=\(&lt;\*&gt;\)=-\.:\. \(\( Welcome to Pure-FTPd ([\d.]+) \)\) \.:\.-=\(&lt;\*&gt;\)=-" flags="REG_MULTILINE">
209
231
  <description>Pure-FTPd versions &lt;= 1.0.13 (at least as far back as 1.0.11)</description>
210
232
  <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-</example>
@@ -235,34 +257,33 @@ more text</example>
235
257
  <param pos="0" name="service.product" value="Pure-FTPd"/>
236
258
  <param pos="1" name="service.version"/>
237
259
  </fingerprint>
238
- <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\..+)(?: for WinSock)? ready\.*$">
260
+ <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+)(?: for WinSock)? ready\.*$">
239
261
  <description>Serv-U (only runs on Windows)</description>
240
- <example>Serv-U FTP-Server v2.5n for WinSock ready...</example>
241
- <example>Serv-U FTP Server v6.0 for WinSock ready</example>
242
- <example>Serv-U FTP Server v7.2 ready...</example>
262
+ <example service.version="2.5n">Serv-U FTP-Server v2.5n for WinSock ready...</example>
263
+ <example service.version="6.0">Serv-U FTP Server v6.0 for WinSock ready</example>
264
+ <example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
243
265
  <param pos="0" name="service.vendor" value="Rhino Software"/>
244
266
  <param pos="0" name="service.product" value="Serv-U"/>
245
267
  <param pos="0" name="service.family" value="Serv-U"/>
246
268
  <param pos="1" name="service.version"/>
247
269
  <param pos="0" name="os.vendor" value="Microsoft"/>
248
- <param pos="0" name="os.device" value="General"/>
249
270
  <param pos="0" name="os.family" value="Windows"/>
250
271
  <param pos="0" name="os.product" value="Windows"/>
251
272
  </fingerprint>
252
273
  <fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
253
274
  <description>zftpserver (only runs on Windows)</description>
254
- <example>zFTPServer v4.0, build 2008-12-24 01:41 ready.</example>
275
+ <example service.version="4.0">zFTPServer v4.0, build 2008-12-24 01:41 ready.</example>
276
+ <param pos="0" name="service.vendor" value="Västgöta-Data AB" />
255
277
  <param pos="0" name="service.product" value="zFTPServer"/>
256
278
  <param pos="1" name="service.version"/>
257
279
  <param pos="0" name="os.vendor" value="Microsoft"/>
258
- <param pos="0" name="os.device" value="General"/>
259
280
  <param pos="0" name="os.family" value="Windows"/>
260
281
  <param pos="0" name="os.product" value="Windows"/>
261
282
  </fingerprint>
262
283
  <fingerprint pattern="^\(vsFTPd (\d+\..+)\)(?: (.+))?$">
263
284
  <description>vsFTPd (Very Secure FTP Daemon)</description>
264
- <example>(vsFTPd 1.1.3) host</example>
265
- <example>(vsFTPd 2.0.5)</example>
285
+ <example service.version="1.1.3">(vsFTPd 1.1.3) host</example>
286
+ <example service.version="2.0.5">(vsFTPd 2.0.5)</example>
266
287
  <param pos="0" name="service.family" value="vsFTPd"/>
267
288
  <param pos="0" name="service.product" value="vsFTPd"/>
268
289
  <param pos="1" name="service.version"/>
@@ -270,14 +291,32 @@ more text</example>
270
291
  </fingerprint>
271
292
  <fingerprint pattern="^ready, dude \(vsFTPd (\d+\..+): beat me, break me\)$">
272
293
  <description>vsFTPd (Very Secure FTP Daemon)</description>
273
- <example>ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
294
+ <example service.version="1.1.0">ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
274
295
  <param pos="0" name="service.family" value="vsFTPd"/>
275
296
  <param pos="0" name="service.product" value="vsFTPd"/>
276
297
  <param pos="1" name="service.version"/>
277
298
  </fingerprint>
278
- <fingerprint pattern="^FileZilla Server version (\d\..+)$">
299
+ <fingerprint pattern="^vsFTPd ([\d.]+\+ \(ext\.3\)) ready\.\.\.$">
300
+ <description>vsFTPd (Very Secure FTP Daemon) extended build (vsftpd.devnet.ru)</description>
301
+ <example service.version="2.0.4+ (ext.3)">vsFTPd 2.0.4+ (ext.3) ready...</example>
302
+ <param pos="0" name="service.family" value="vsFTPd"/>
303
+ <param pos="0" name="service.product" value="vsFTPd Extended"/>
304
+ <param pos="1" name="service.version"/>
305
+ </fingerprint>
306
+ <fingerprint pattern="^OOPS: .*vsftp.*$">
307
+ <description>vsFTPd (Very Secure FTP Daemon) error message</description>
308
+ <example>OOPS: vsftpd: root is not mounted.</example>
309
+ <example>OOPS: cannot read user list file:/etc/vsftpd.user_list</example>
310
+ <param pos="0" name="service.family" value="vsFTPd"/>
311
+ <param pos="0" name="service.product" value="vsFTPd Extended"/>
312
+ <param pos="0" name="service.version"/>
313
+ </fingerprint>
314
+ <fingerprint pattern="^FileZilla Server(?: version)? (?:v)?(\d\.[\w.]+(?: beta)?).*$">
279
315
  <description>FileZilla FTP Server</description>
280
- <example>FileZilla Server version 0.9.2 beta</example>
316
+ <example service.version="0.9.2 beta">FileZilla Server version 0.9.2 beta</example>
317
+ <example service.version="0.9.13a beta">FileZilla Server version 0.9.13a beta</example>
318
+ <example service.version="0.9.54 beta">FileZilla Server 0.9.54 beta</example>
319
+ <example service.version="0.9.33 beta">FileZilla Server v0.9.33 beta</example>
281
320
  <param pos="0" name="service.family" value="FileZilla FTP Server"/>
282
321
  <param pos="0" name="service.product" value="FileZilla FTP Server"/>
283
322
  <param pos="1" name="service.version"/>
@@ -289,12 +328,14 @@ more text</example>
289
328
  <param pos="0" name="service.product" value="FTP"/>
290
329
  <param pos="0" name="os.vendor" value="APC"/>
291
330
  <param pos="0" name="os.device" value="Power device"/>
331
+ <param pos="0" name="hw.vendor" value="APC"/>
332
+ <param pos="0" name="hw.device" value="Power device"/>
292
333
  </fingerprint>
293
334
  <fingerprint pattern="^(\S+) Network Management Card AOS v(\d+\..+) FTP server ready\.$">
294
335
  <description>APC power/cooling device</description>
295
- <example>AP7932 Network Management Card AOS v3.3.4 FTP server ready.</example>
296
- <example>ACRC103 Network Management Card AOS v3.6.1 FTP server ready.</example>
297
- <example>0G-9354-01 Network Management Card AOS v3.6.1 FTP server ready.</example>
336
+ <example service.version="3.3.4">AP7932 Network Management Card AOS v3.3.4 FTP server ready.</example>
337
+ <example os.version="3.6.1">ACRC103 Network Management Card AOS v3.6.1 FTP server ready.</example>
338
+ <example os.product="0G-9354-01">0G-9354-01 Network Management Card AOS v3.6.1 FTP server ready.</example>
298
339
  <param pos="0" name="service.vendor" value="APC"/>
299
340
  <param pos="0" name="service.product" value="AOS"/>
300
341
  <param pos="0" name="service.family" value="AOS"/>
@@ -303,20 +344,25 @@ more text</example>
303
344
  <param pos="0" name="os.device" value="Power device"/>
304
345
  <param pos="1" name="os.product"/>
305
346
  <param pos="2" name="os.version"/>
347
+ <param pos="0" name="hw.vendor" value="APC"/>
348
+ <param pos="0" name="hw.device" value="Power device"/>
306
349
  </fingerprint>
307
350
  <fingerprint pattern="^(\S+) FTP server \(EMC-SNAS: ([^\)]+)\)(?: \S+)?$">
308
351
  <description>EMC Celerra</description>
309
- <example>foo2 FTP server (EMC-SNAS: 5.6.47.11)</example>
310
- <example>foo2 FTP server (EMC-SNAS: 5.6.50.203) ready.</example>
311
- <example>foo4 FTP server (EMC-SNAS: 5.5.31.6) r</example>
352
+ <example service.version="5.6.47.11">foo2 FTP server (EMC-SNAS: 5.6.47.11)</example>
353
+ <example service.version="5.6.50.203">foo2 FTP server (EMC-SNAS: 5.6.50.203) ready.</example>
354
+ <example service.version="5.5.31.6">foo4 FTP server (EMC-SNAS: 5.5.31.6) r</example>
312
355
  <param pos="0" name="service.vendor" value="EMC"/>
313
356
  <param pos="0" name="service.product" value="Celerra"/>
314
357
  <param pos="2" name="service.version"/>
315
- <param pos="0" name="os.vendor" value="Celerra"/>
358
+ <param pos="0" name="os.vendor" value="EMC"/>
316
359
  <param pos="0" name="os.device" value="Storage"/>
317
360
  <param pos="0" name="os.product" value="Celerra"/>
318
361
  <param pos="2" name="os.version"/>
319
362
  <param pos="1" name="host.name"/>
363
+ <param pos="0" name="hw.vendor" value="EMC"/>
364
+ <param pos="0" name="hw.device" value="Storage"/>
365
+ <param pos="0" name="hw.product" value="Celerra"/>
320
366
  </fingerprint>
321
367
  <fingerprint pattern="^JD FTP Server Ready.*$">
322
368
  <description>HP JetDirect printer</description>
@@ -329,10 +375,14 @@ more text</example>
329
375
  <param pos="0" name="os.device" value="Printer"/>
330
376
  <param pos="0" name="os.family" value="JetDirect"/>
331
377
  <param pos="0" name="os.product" value="JetDirect"/>
378
+ <param pos="0" name="hw.vendor" value="HP"/>
379
+ <param pos="0" name="hw.device" value="Printer"/>
380
+ <param pos="0" name="hw.family" value="JetDirect"/>
381
+ <param pos="0" name="hw.product" value="JetDirect"/>
332
382
  </fingerprint>
333
383
  <fingerprint pattern="^Check Point FireWall-1 Secure FTP server running on (.+)$">
334
384
  <description>Check Point FireWall-1</description>
335
- <example>Check Point FireWall-1 Secure FTP server running on host</example>
385
+ <example host.name="host">Check Point FireWall-1 Secure FTP server running on host</example>
336
386
  <param pos="0" name="service.vendor" value="Check Point"/>
337
387
  <param pos="0" name="service.product" value="Firewall-1"/>
338
388
  <param pos="0" name="service.family" value="Firewall-1"/>
@@ -340,6 +390,9 @@ more text</example>
340
390
  <param pos="0" name="os.device" value="Firewall"/>
341
391
  <param pos="0" name="os.family" value="Firewall-1"/>
342
392
  <param pos="0" name="os.product" value="Firewall-1"/>
393
+ <param pos="0" name="hw.vendor" value="Check Point"/>
394
+ <param pos="0" name="hw.device" value="Firewall"/>
395
+ <param pos="0" name="hw.family" value="Firewall-1"/>
343
396
  <param pos="1" name="host.name"/>
344
397
  </fingerprint>
345
398
  <fingerprint pattern="^Blue Coat FTP Service$">
@@ -423,18 +476,23 @@ more text</example>
423
476
  </fingerprint>
424
477
  <fingerprint pattern="^AXIS (\S+) Video (?:Encoder Blade|Server|Decoder) ([\d\.]+) .* ready\.?$" flags="REG_ICASE">
425
478
  <description>Axis Video encoders/servers</description>
426
- <example>AXIS Q7406 Video Encoder Blade 5.01 (Aug 01 2008) ready.</example>
427
- <example>AXIS 241Q Video Server 4.47.2 (Dec 11 2008) ready.</example>
428
- <example>AXIS P7701 Video Decoder 5.07.2 (Apr 20 2010) ready.</example>
479
+ <example hw.product="Q7406">AXIS Q7406 Video Encoder Blade 5.01 (Aug 01 2008) ready.</example>
480
+ <example os.product="241Q">AXIS 241Q Video Server 4.47.2 (Dec 11 2008) ready.</example>
481
+ <example os.version="5.07.2">AXIS P7701 Video Decoder 5.07.2 (Apr 20 2010) ready.</example>
482
+ <param pos="0" name="hw.vendor" value="Axis"/>
483
+ <param pos="1" name="hw.product"/>
429
484
  <param pos="0" name="os.vendor" value="Axis"/>
430
485
  <param pos="1" name="os.product"/>
431
486
  <param pos="2" name="os.version"/>
432
487
  </fingerprint>
433
488
  <fingerprint pattern="^AXIS (\S+) .*FTP Network Print Server V?([\d\.]+\S+) .* ready\.?$" flags="REG_ICASE">
434
489
  <description>Axis print servers</description>
435
- <example>AXIS 5600+ (rev 3) FTP Network Print Server V7.00 Sep 10 2004 ready.</example>
436
- <example>AXIS 560 FTP Network Print Server V6.00 Jul 7 1999 ready.</example>
437
- <example>AXIS 5470e FTP Network Print Server V6.30.beta2 Sep 25 2002 ready.</example>
490
+ <example hw.product="5600+">AXIS 5600+ (rev 3) FTP Network Print Server V7.00 Sep 10 2004 ready.</example>
491
+ <example os.product="560">AXIS 560 FTP Network Print Server V6.00 Jul 7 1999 ready.</example>
492
+ <example os.version="6.30.beta2">AXIS 5470e FTP Network Print Server V6.30.beta2 Sep 25 2002 ready.</example>
493
+ <param pos="0" name="hw.vendor" value="Axis"/>
494
+ <param pos="0" name="hw.device" value="Print server"/>
495
+ <param pos="1" name="hw.product"/>
438
496
  <param pos="0" name="os.vendor" value="Axis"/>
439
497
  <param pos="0" name="os.device" value="Print server"/>
440
498
  <param pos="1" name="os.product"/>
@@ -442,9 +500,13 @@ more text</example>
442
500
  </fingerprint>
443
501
  <fingerprint pattern="^RICOH Aficio ((?:[MS]P )?\S+) FTP server \(([0-9\.a-zA-Z]+)\) ready.?$" flags="REG_ICASE">
444
502
  <description>Ricoh Aficio multifunction device</description>
445
- <example>RICOH Aficio 2045e FTP server (4.12) ready.</example>
446
- <example>RICOH Aficio SP 4210N FTP server (8.63) ready.</example>
447
- <example>RICOH Aficio MP C3000 FTP server (5.11) ready.</example>
503
+ <example os.product="2045e">RICOH Aficio 2045e FTP server (4.12) ready.</example>
504
+ <example os.version="8.63">RICOH Aficio SP 4210N FTP server (8.63) ready.</example>
505
+ <example hw.product="MP C3000">RICOH Aficio MP C3000 FTP server (5.11) ready.</example>
506
+ <param pos="0" name="hw.vendor" value="Ricoh"/>
507
+ <param pos="0" name="hw.family" value="Aficio"/>
508
+ <param pos="0" name="hw.device" value="Multifunction Device"/>
509
+ <param pos="1" name="hw.product"/>
448
510
  <param pos="0" name="os.vendor" value="Ricoh"/>
449
511
  <param pos="0" name="os.family" value="Aficio"/>
450
512
  <param pos="0" name="os.device" value="Multifunction Device"/>
@@ -468,6 +530,9 @@ more text</example>
468
530
  <param pos="0" name="os.device" value="Multifunction Device"/>
469
531
  <param pos="1" name="os.product"/>
470
532
  <param pos="2" name="os.version"/>
533
+ <param pos="0" name="hw.vendor" value="Ricoh"/>
534
+ <param pos="0" name="hw.device" value="Multifunction Device"/>
535
+ <param pos="1" name="hw.product"/>
471
536
  </fingerprint>
472
537
  <fingerprint pattern="^Xerox Phaser (\S+)$" certainty="1.0">
473
538
  <description>Xerox Phaser Laser Printer</description>
@@ -477,6 +542,10 @@ more text</example>
477
542
  <param pos="0" name="os.family" value="Phaser"/>
478
543
  <param pos="0" name="os.device" value="Printer"/>
479
544
  <param pos="1" name="os.product"/>
545
+ <param pos="0" name="hw.vendor" value="Xerox"/>
546
+ <param pos="0" name="hw.family" value="Phaser"/>
547
+ <param pos="0" name="hw.device" value="Printer"/>
548
+ <param pos="1" name="hw.product"/>
480
549
  </fingerprint>
481
550
  <fingerprint pattern="^XEROX (\d+) Wide Format .*$" certainty="1.0">
482
551
  <description>Xerox Wide Format Series of Printers</description>
@@ -485,6 +554,10 @@ more text</example>
485
554
  <param pos="0" name="os.family" value="Wide Format"/>
486
555
  <param pos="0" name="os.device" value="Printer"/>
487
556
  <param pos="1" name="os.product"/>
557
+ <param pos="0" name="hw.vendor" value="Xerox"/>
558
+ <param pos="0" name="hw.family" value="Wide Format"/>
559
+ <param pos="0" name="hw.device" value="Printer"/>
560
+ <param pos="1" name="hw.product"/>
488
561
  </fingerprint>
489
562
  <fingerprint pattern="^FUJI XEROX DocuPrint (.*)$" certainty="1.0">
490
563
  <description>FUJI XEROX DocuPrint Series of Printers</description>
@@ -504,27 +577,36 @@ more text</example>
504
577
  <param pos="1" name="host.mac"/>
505
578
  <param pos="2" name="os.product"/>
506
579
  <param pos="3" name="os.version"/>
580
+ <param pos="0" name="hw.vendor" value="Lexmark"/>
581
+ <param pos="0" name="hw.device" value="Printer"/>
582
+ <param pos="2" name="hw.product"/>
507
583
  </fingerprint>
508
584
  <fingerprint pattern="^.*Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
509
585
  <description>Lexmark printers</description>
510
- <example>ET0021718 Lexmark T654 FTP Server NR.APS.F368 ready.</example>
586
+ <example os.product="T654" os.version="NR.APS.F368">ET0021718 Lexmark T654 FTP Server NR.APS.F368 ready.</example>
511
587
  <param pos="0" name="os.vendor" value="Lexmark"/>
512
588
  <param pos="0" name="os.device" value="Printer"/>
513
589
  <param pos="1" name="os.product"/>
514
590
  <param pos="2" name="os.version"/>
591
+ <param pos="0" name="hw.vendor" value="Lexmark"/>
592
+ <param pos="0" name="hw.device" value="Printer"/>
593
+ <param pos="1" name="hw.product"/>
515
594
  </fingerprint>
516
595
  <fingerprint pattern="^.*Lexmark (\S+) FTP Server ready\.?$" certainty="1.0" flags="REG_ICASE">
517
596
  <description>Lexmark printers</description>
518
- <example>Lexmark X500 FTP server ready</example>
597
+ <example os.product="X500">Lexmark X500 FTP server ready</example>
519
598
  <param pos="0" name="os.vendor" value="Lexmark"/>
520
599
  <param pos="0" name="os.device" value="Printer"/>
521
600
  <param pos="1" name="os.product"/>
601
+ <param pos="0" name="hw.vendor" value="Lexmark"/>
602
+ <param pos="0" name="hw.device" value="Printer"/>
603
+ <param pos="1" name="hw.product"/>
522
604
  </fingerprint>
523
605
  <fingerprint pattern="^(?:Tornado-)?VxWorks \((?:VxWorks)?([^\)]+)\) FTP server(?: ready)?$" flags="REG_ICASE">
524
606
  <description>VxWorks with version information</description>
525
- <example>VxWorks (5.3.1) FTP server ready</example>
526
- <example>VxWorks (VxWorks5.5.1) FTP server ready</example>
527
- <example>Tornado-vxWorks (VxWorks5.5.1) FTP server</example>
607
+ <example os.version="5.3.1">VxWorks (5.3.1) FTP server ready</example>
608
+ <example os.version="5.5.1">VxWorks (VxWorks5.5.1) FTP server ready</example>
609
+ <example os.version="5.5.1">Tornado-vxWorks (VxWorks5.5.1) FTP server</example>
528
610
  <param pos="0" name="os.vendor" value="Wind River"/>
529
611
  <param pos="0" name="os.product" value="VxWorks"/>
530
612
  <param pos="1" name="os.version"/>
@@ -551,13 +633,17 @@ more text</example>
551
633
  <param pos="0" name="os.family" value="TASKalfa"/>
552
634
  <param pos="0" name="os.device" value="Multifunction Device"/>
553
635
  <param pos="1" name="os.product"/>
636
+ <param pos="0" name="hw.vendor" value="Kyocera"/>
637
+ <param pos="0" name="hw.family" value="TASKalfa"/>
638
+ <param pos="0" name="hw.device" value="Multifunction Device"/>
639
+ <param pos="1" name="hw.product"/>
554
640
  </fingerprint>
555
641
  <fingerprint pattern="^SAVIN (\S+) FTP server \((.*)\) ready.$" certainty="1.0">
556
642
  <description>SAVIN Printer FTP Server</description>
557
- <example>SAVIN 4075 FTP server (4.08) ready.</example>
558
- <example>SAVIN 9025 FTP server (7.23) ready.</example>
559
- <example>SAVIN 9050 FTP server (7.30) ready.</example>
560
- <example>SAVIN 917 FTP server (9.03) ready.</example>
643
+ <example os.product="4075">SAVIN 4075 FTP server (4.08) ready.</example>
644
+ <example hw.product="9025">SAVIN 9025 FTP server (7.23) ready.</example>
645
+ <example os.version="7.30">SAVIN 9050 FTP server (7.30) ready.</example>
646
+ <example os.version="9.03">SAVIN 917 FTP server (9.03) ready.</example>
561
647
  <example>SAVIN 917 FTP server (9.05.2) ready.</example>
562
648
  <example>SAVIN C2525 FTP server (5.14) ready.</example>
563
649
  <example>SAVIN C3528 FTP server (4.08.3) ready.</example>
@@ -568,6 +654,9 @@ more text</example>
568
654
  <param pos="0" name="os.device" value="Printer"/>
569
655
  <param pos="1" name="os.product"/>
570
656
  <param pos="2" name="os.version"/>
657
+ <param pos="0" name="hw.vendor" value="Savin"/>
658
+ <param pos="0" name="hw.device" value="Printer"/>
659
+ <param pos="1" name="hw.product"/>
571
660
  </fingerprint>
572
661
  <fingerprint pattern="^Oce (im\d+) Ver (\S+) FTP server\.$" certainty="1.0">
573
662
  <description>OCE IM series Printer</description>
@@ -668,41 +757,55 @@ more text</example>
668
757
  </fingerprint>
669
758
  <fingerprint pattern="^ET(\S+) Lexmark Forms Printer (\d+) Ethernet FTP Server (\S+) ready\.$" certainty="1.0">
670
759
  <description>Lexmark Forms Printer</description>
671
- <example>ET0020004F54EE Lexmark Forms Printer 2590 Ethernet FTP Server LCL.CU.P012c ready.</example>
760
+ <example os.product="2590">ET0020004F54EE Lexmark Forms Printer 2590 Ethernet FTP Server LCL.CU.P012c ready.</example>
672
761
  <param pos="0" name="os.vendor" value="Lexmark"/>
673
762
  <param pos="0" name="os.family" value="Forms Printer"/>
674
763
  <param pos="0" name="os.device" value="Printer"/>
675
764
  <param pos="1" name="host.mac"/>
676
765
  <param pos="2" name="os.product"/>
677
766
  <param pos="3" name="os.version"/>
767
+ <param pos="0" name="hw.vendor" value="Lexmark"/>
768
+ <param pos="0" name="hw.family" value="Forms Printer"/>
769
+ <param pos="0" name="hw.device" value="Printer"/>
770
+ <param pos="2" name="hw.product"/>
678
771
  </fingerprint>
679
772
  <fingerprint pattern="^ET(\S+) TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
680
773
  <description>Toshiba Printer</description>
681
- <example>ET0004001E9C00 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N221 ready.</example>
774
+ <example os.version="NC2.NPS.N221">ET0004001E9C00 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N221 ready.</example>
682
775
  <example>ET00040089BE42 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
683
776
  <param pos="0" name="os.vendor" value="Toshiba"/>
684
777
  <param pos="0" name="os.device" value="Multifunction Device"/>
685
778
  <param pos="0" name="os.product" value="e-STUDIO"/>
686
779
  <param pos="1" name="host.mac"/>
687
780
  <param pos="2" name="os.version"/>
781
+ <param pos="0" name="hw.vendor" value="Toshiba"/>
782
+ <param pos="0" name="hw.device" value="Multifunction Device"/>
783
+ <param pos="0" name="hw.product" value="e-STUDIO"/>
688
784
  </fingerprint>
689
785
  <fingerprint pattern="^\S+ TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
690
786
  <description>Toshiba Printer</description>
691
- <example>JHBPRN13 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
787
+ <example os.version="NC2.NPS.N211">JHBPRN13 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
692
788
  <param pos="0" name="os.vendor" value="Toshiba"/>
693
789
  <param pos="0" name="os.device" value="Multifunction Device"/>
694
790
  <param pos="0" name="os.product" value="e-STUDIO"/>
695
791
  <param pos="1" name="os.version"/>
792
+ <param pos="0" name="hw.vendor" value="Toshiba"/>
793
+ <param pos="0" name="hw.device" value="Multifunction Device"/>
794
+ <param pos="0" name="hw.product" value="e-STUDIO"/>
696
795
  </fingerprint>
697
796
  <fingerprint pattern="^.*Lexmark Optra (\S+) FTP Server (\S+) ready\.$" certainty="1.0">
698
797
  <description>Lexmark Optra Printer</description>
699
- <example>lex142785470853 Lexmark Optra T612 FTP Server 3.20.30 ready.</example>
700
- <example>oppr1.s02504.us Lexmark Optra T610 FTP Server 3.20.20 ready.</example>
798
+ <example os.product="T612">lex142785470853 Lexmark Optra T612 FTP Server 3.20.30 ready.</example>
799
+ <example os.version="3.20.20">oppr1.s02504.us Lexmark Optra T610 FTP Server 3.20.20 ready.</example>
701
800
  <param pos="0" name="os.vendor" value="Lexmark"/>
702
801
  <param pos="0" name="os.family" value="Optra"/>
703
802
  <param pos="0" name="os.device" value="Printer"/>
704
803
  <param pos="1" name="os.product"/>
705
804
  <param pos="2" name="os.version"/>
805
+ <param pos="0" name="hw.vendor" value="Lexmark"/>
806
+ <param pos="0" name="hw.family" value="Optra"/>
807
+ <param pos="0" name="hw.device" value="Printer"/>
808
+ <param pos="1" name="hw.product"/>
706
809
  </fingerprint>
707
810
  <fingerprint pattern="^SHARP (MX-\S+) Ver (\S+) FTP server\.$" certainty="1.0">
708
811
  <description>Sharp Printer/Copier/Scanne</description>
@@ -720,15 +823,22 @@ more text</example>
720
823
  <param pos="0" name="os.family" value="MX Series"/>
721
824
  <param pos="1" name="os.product"/>
722
825
  <param pos="2" name="os.version"/>
826
+ <param pos="0" name="hw.vendor" value="Sharp"/>
827
+ <param pos="0" name="hw.device" value="Printer"/>
828
+ <param pos="0" name="hw.family" value="MX Series"/>
829
+ <param pos="1" name="hw.product"/>
723
830
  </fingerprint>
724
831
  <fingerprint pattern="^(FS-\S+MFP\S*?) FTP server\.?$" certainty="1.0">
725
832
  <description>Kyocera Printers</description>
726
- <example>FS-C2126MFP FTP server</example>
727
- <example>FS-C2026MFP+ FTP server</example>
728
- <example>FS-1128MFP FTP server</example>
833
+ <example os.product="FS-C2126MFP">FS-C2126MFP FTP server</example>
834
+ <example hw.product="FS-C2026MFP+">FS-C2026MFP+ FTP server</example>
835
+ <example hw.product="FS-1128MFP">FS-1128MFP FTP server</example>
729
836
  <param pos="0" name="os.vendor" value="Kyocera"/>
730
837
  <param pos="0" name="os.device" value="Multifunction Device"/>
731
838
  <param pos="1" name="os.product"/>
839
+ <param pos="0" name="hw.vendor" value="Kyocera"/>
840
+ <param pos="0" name="hw.device" value="Multifunction Device"/>
841
+ <param pos="1" name="hw.product"/>
732
842
  </fingerprint>
733
843
  <fingerprint pattern="^(FS-\S+(?:DN|D|N)) FTP server\.?$" certainty="1.0">
734
844
  <description>Kyocera Printers</description>
@@ -738,12 +848,16 @@ more text</example>
738
848
  <param pos="0" name="os.device" value="Printer"/>
739
849
  <param pos="0" name="os.family" value="FS"/>
740
850
  <param pos="1" name="os.product"/>
851
+ <param pos="0" name="hw.vendor" value="Kyocera"/>
852
+ <param pos="0" name="hw.device" value="Printer"/>
853
+ <param pos="0" name="hw.family" value="FS"/>
854
+ <param pos="1" name="hw.product"/>
741
855
  </fingerprint>
742
856
  <fingerprint pattern="^(ESI-\S+) Version (\S+) ready\.$" certainty="1.0">
743
857
  <description>Extended Systems ExtendNet Print Server</description>
744
- <example>ESI-2941B Version 6.34 ready.</example>
745
- <example>ESI-2941A Version 6.03 ready.</example>
746
- <example>ESI-2933A Version 6.40 ready.</example>
858
+ <example os.product="ESI-2941B">ESI-2941B Version 6.34 ready.</example>
859
+ <example os.version="6.03">ESI-2941A Version 6.03 ready.</example>
860
+ <example hw.product="ESI-2933A">ESI-2933A Version 6.40 ready.</example>
747
861
  <example>ESI-2831 Version 2.1 ready.</example>
748
862
  <example>ESI-2833A Version 6.3 ready.</example>
749
863
  <example>ESI-2900A Version 6.31 ready.</example>
@@ -756,19 +870,24 @@ more text</example>
756
870
  <param pos="0" name="os.device" value="Print server"/>
757
871
  <param pos="1" name="os.product"/>
758
872
  <param pos="2" name="os.version"/>
873
+ <param pos="0" name="hw.family" value="Extended Systems ExtendNet"/>
874
+ <param pos="0" name="hw.device" value="Print server"/>
875
+ <param pos="1" name="hw.product"/>
759
876
  </fingerprint>
760
877
  <fingerprint pattern="^SATO SATO PRINTER Ver (\S+) FTP server\.$" certainty="1.0">
761
878
  <description>SATO Printer</description>
762
- <example>SATO SATO PRINTER Ver A1.2.3 FTP server.</example>
879
+ <example os.version="A1.2.3">SATO SATO PRINTER Ver A1.2.3 FTP server.</example>
763
880
  <example>SATO SATO PRINTER Ver A2.3.0 FTP server.</example>
764
881
  <param pos="0" name="os.vendor" value="SATO"/>
765
882
  <param pos="0" name="os.device" value="Printer"/>
766
883
  <param pos="1" name="os.version"/>
884
+ <param pos="0" name="hw.vendor" value="SATO"/>
885
+ <param pos="0" name="hw.device" value="Printer"/>
767
886
  </fingerprint>
768
887
  <fingerprint pattern="^Printer FTP (\d+\.\d+\.\d+) ready at (\w{3} \d{2} \d{2}:\d{2}:\d{2})$" certainty="1.0">
769
888
  <description>AMTDatasouth Fastmark M5</description>
770
- <example>Printer FTP 4.8.7 ready at Apr 30 20:13:23</example>
771
- <example>Printer FTP 4.8.7 ready at Aug 31 16:43:22</example>
889
+ <example os.version="4.8.7">Printer FTP 4.8.7 ready at Apr 30 20:13:23</example>
890
+ <example system.time="Aug 31 16:43:22">Printer FTP 4.8.7 ready at Aug 31 16:43:22</example>
772
891
  <example>Printer FTP 4.8.7 ready at Feb 28 11:27:46</example>
773
892
  <example>Printer FTP 4.8.7 ready at Jan 31 00:40:04</example>
774
893
  <example>Printer FTP 4.8.7 ready at Mar 31 06:28:25</example>
@@ -778,6 +897,9 @@ more text</example>
778
897
  <param pos="1" name="os.version"/>
779
898
  <param pos="0" name="system.time.format" value="MMM dd HH:mm::ss"/>
780
899
  <param pos="2" name="system.time"/>
900
+ <param pos="0" name="hw.vendor" value="AMTDatasouth"/>
901
+ <param pos="0" name="hw.product" value="Fastmark M5"/>
902
+ <param pos="0" name="hw.device" value="Printer"/>
781
903
  </fingerprint>
782
904
  <fingerprint pattern="^EFI FTP Print server ready\.$" certainty="0.8">
783
905
  <description>EFI FTP Print Server</description>
@@ -791,12 +913,16 @@ more text</example>
791
913
  <!-- Conjectured based on known MX FTP fingerprints -->
792
914
  <fingerprint pattern="^SHARP (AR-\S+) Ver (\S+) FTP server">
793
915
  <description>Sharp AR Series multifunction device</description>
794
- <example>SHARP AR-M450 Ver 01.05.00.0k FTP server.</example>
916
+ <example os.product="AR-M450">SHARP AR-M450 Ver 01.05.00.0k FTP server.</example>
795
917
  <param pos="0" name="os.vendor" value="Sharp"/>
796
918
  <param pos="0" name="os.device" value="Multifunction Device"/>
797
919
  <param pos="0" name="os.family" value="AR Series"/>
798
920
  <param pos="1" name="os.product"/>
799
921
  <param pos="2" name="os.version"/>
922
+ <param pos="0" name="hw.vendor" value="Sharp"/>
923
+ <param pos="0" name="hw.device" value="Multifunction Device"/>
924
+ <param pos="0" name="hw.family" value="AR Series"/>
925
+ <param pos="1" name="hw.product"/>
800
926
  </fingerprint>
801
927
  <fingerprint pattern="^KONICA MINOLTA FTP server ready\.?$">
802
928
  <description>Konica Minolta FTP Server</description>
@@ -806,6 +932,9 @@ more text</example>
806
932
  <param pos="0" name="os.product" value="Printer"/>
807
933
  <param pos="0" name="service.vendor" value="Konica Minolta"/>
808
934
  <param pos="0" name="service.product" value="KM FTPD"/>
935
+ <param pos="0" name="hw.device" value="Printer"/>
936
+ <param pos="0" name="hw.vendor" value="Konica Minolta"/>
937
+ <param pos="0" name="hw.product" value="Printer"/>
809
938
  </fingerprint>
810
939
  <fingerprint pattern="^(KM\S+) FTP server \(KM FTPD version (\d*(?:\.\d*))\) ready\.?$">
811
940
  <description>Konica Minolta FTP Server</description>
@@ -826,13 +955,16 @@ more text</example>
826
955
  </fingerprint>
827
956
  <fingerprint pattern="^(ZBR-\d+) Version (\S+) ready\.?$">
828
957
  <description>ZebraNet Print Server FTP</description>
829
- <example>ZBR-46686 Version 7.02 ready.</example>
830
- <example>ZBR-79071 Version V56.17.5Z ready.</example>
831
- <example>ZBR-46687 Version 7.02 ready.</example>
958
+ <example os.product="ZBR-46686">ZBR-46686 Version 7.02 ready.</example>
959
+ <example os.version="V56.17.5Z">ZBR-79071 Version V56.17.5Z ready.</example>
960
+ <example os.version="7.02">ZBR-46687 Version 7.02 ready.</example>
832
961
  <param pos="0" name="os.vendor" value="ZebraNet"/>
833
962
  <param pos="0" name="os.device" value="Print server"/>
834
963
  <param pos="1" name="os.product"/>
835
964
  <param pos="2" name="os.version"/>
965
+ <param pos="0" name="hw.vendor" value="ZebraNet"/>
966
+ <param pos="0" name="hw.device" value="Print server"/>
967
+ <param pos="1" name="hw.product"/>
836
968
  </fingerprint>
837
969
  <fingerprint pattern="^(\S+) FTP server \(Version \S+ \w+ \w+ \d{1,2} \d{1,2}:\d{1,2}:\d{1,2} [A-Z]+ (?:1|2)\d{3}\) ready\.?$">
838
970
  <description>Generic/unknown FTP Server found on HP-UX and AIX systems</description>
@@ -850,6 +982,7 @@ more text</example>
850
982
  <param pos="0" name="os.vendor" value="Cisco"/>
851
983
  <param pos="0" name="os.product" value="TelePresence"/>
852
984
  <param pos="1" name="os.device"/>
985
+ <param pos="0" name="hw.vendor" value="Cisco"/>
853
986
  <param pos="2" name="hw.series"/>
854
987
  <param pos="3" name="os.version"/>
855
988
  </fingerprint>
@@ -859,7 +992,6 @@ more text</example>
859
992
  <param pos="0" name="os.vendor" value="HP"/>
860
993
  <param pos="0" name="os.family" value="Unix"/>
861
994
  <param pos="0" name="os.product" value="Tru64 Unix"/>
862
- <param pos="0" name="os.device" value="General"/>
863
995
  <param pos="1" name="host.name"/>
864
996
  <param pos="2" name="os.version"/>
865
997
  </fingerprint>
@@ -869,7 +1001,6 @@ more text</example>
869
1001
  <param pos="0" name="os.vendor" value="HP"/>
870
1002
  <param pos="0" name="os.family" value="Unix"/>
871
1003
  <param pos="0" name="os.product" value="Digital Unix"/>
872
- <param pos="0" name="os.device" value="General"/>
873
1004
  <param pos="1" name="host.name"/>
874
1005
  <param pos="2" name="os.version"/>
875
1006
  </fingerprint>
@@ -880,6 +1011,244 @@ more text</example>
880
1011
  <param pos="0" name="os.product" value="RouterOS"/>
881
1012
  <param pos="1" name="host.name"/>
882
1013
  <param pos="2" name="os.version"/>
1014
+ </fingerprint>
1015
+ <fingerprint pattern="^MikroTik FTP server \(MikroTik ([\w.]+)\) ready\.?$">
1016
+ <description>MikroTik w/o hostname</description>
1017
+ <example os.version="6.0rc14">MikroTik FTP server (MikroTik 6.0rc14) ready</example>
1018
+ <param pos="0" name="os.vendor" value="MikroTik"/>
1019
+ <param pos="0" name="os.product" value="RouterOS"/>
1020
+ <param pos="1" name="os.version"/>
1021
+ </fingerprint>
1022
+ <fingerprint pattern="^Welcome to ASUS (B?RT-[\w.-]+) FTP service\.$">
1023
+ <description>FTPD on an Asus Wireless Access Point/Router</description>
1024
+ <example hw.product="RT-AC68U">Welcome to ASUS RT-AC68U FTP service.</example>
1025
+ <example hw.product="RT-N13U.B1">Welcome to ASUS RT-N13U.B1 FTP service.</example>
1026
+ <example hw.product="BRT-AC828">Welcome to ASUS BRT-AC828 FTP service.</example>
1027
+ <param pos="0" name="os.family" value="Linux"/>
1028
+ <param pos="0" name="os.product" value="Linux"/>
1029
+ <param pos="0" name="hw.vendor" value="Asus"/>
1030
+ <param pos="0" name="hw.device" value="WAP"/>
1031
+ <param pos="1" name="hw.product"/>
1032
+ </fingerprint>
1033
+ <fingerprint pattern="^Welcome to ASUS (DSL-[\w.-]+) FTP service\.$">
1034
+ <description>FTPD on a ADSL/VDSL Modem/Wireless Access Point/Router</description>
1035
+ <example hw.product="DSL-AC68U">Welcome to ASUS DSL-AC68U FTP service.</example>
1036
+ <example hw.product="DSL-N55U-D1">Welcome to ASUS DSL-N55U-D1 FTP service.</example>
1037
+ <param pos="0" name="os.family" value="Linux"/>
1038
+ <param pos="0" name="os.product" value="Linux"/>
1039
+ <param pos="0" name="hw.vendor" value="Asus"/>
1040
+ <param pos="0" name="hw.device" value="DSL Modem"/>
1041
+ <param pos="1" name="hw.product"/>
1042
+ </fingerprint>
1043
+ <fingerprint pattern="^Welcome to ASUS (TM-\w+) FTP service\.$">
1044
+ <description>FTPD on a T-Mobile branded Asus Wireless Access Point/Router</description>
1045
+ <example hw.product="TM-AC1900">Welcome to ASUS TM-AC1900 FTP service.</example>
1046
+ <param pos="0" name="os.family" value="Linux"/>
1047
+ <param pos="0" name="os.product" value="Linux"/>
1048
+ <param pos="0" name="hw.vendor" value="Asus"/>
1049
+ <param pos="0" name="hw.device" value="WAP"/>
1050
+ <param pos="1" name="hw.product"/>
1051
+ </fingerprint>
1052
+ <fingerprint pattern="^(FRITZ!Box[\w()]+) FTP server ready\.$">
1053
+ <description>FTPD on an AWM multifunction Modem/Wireless Access Point/Router/VoIP device</description>
1054
+ <example hw.product="FRITZ!Box7490">FRITZ!Box7490 FTP server ready.</example>
1055
+ <example hw.product="FRITZ!BoxFonWLAN7390">FRITZ!BoxFonWLAN7390 FTP server ready.</example>
1056
+ <example hw.product="FRITZ!Box7490(UI)">FRITZ!Box7490(UI) FTP server ready.</example>
1057
+ <example hw.product="FRITZ!Box7362SL(UI)">FRITZ!Box7362SL(UI) FTP server ready.</example>
1058
+ <example hw.product="FRITZ!BoxFonWLAN7270v3">FRITZ!BoxFonWLAN7270v3 FTP server ready.</example>
1059
+ <example hw.product="FRITZ!Box6490Cable(kdg)">FRITZ!Box6490Cable(kdg) FTP server ready.</example>
1060
+ <param pos="0" name="hw.vendor" value="AVM"/>
1061
+ <param pos="0" name="hw.device" value="WAP"/>
1062
+ <param pos="0" name="hw.family" value="FRITZ!Box"/>
1063
+ <param pos="1" name="hw.product"/>
1064
+ </fingerprint>
1065
+ <fingerprint pattern="^HES_CPE FTP server \(GNU inetutils ([\w.]+)\) ready\.$">
1066
+ <description>FTPD on a ZyXEL (Huawei rebrand) WiMax WAP</description>
1067
+ <example service.version="1.4.1">HES_CPE FTP server (GNU inetutils 1.4.1) ready.</example>
1068
+ <param pos="0" name="service.family" value="inetutils"/>
1069
+ <param pos="0" name="service.product" value="inetutils ftpd"/>
1070
+ <param pos="0" name="service.vendor" value="GNU"/>
1071
+ <param pos="1" name="service.version"/>
1072
+ <param pos="0" name="hw.vendor" value="ZyXEL"/>
1073
+ <param pos="1" name="hw.family" value="WiMax"/>
1074
+ <param pos="0" name="hw.device" value="WAP"/>
1075
+ </fingerprint>
1076
+ <fingerprint pattern="^Speedport W ?(\S+) (?:Typ [A|B] )?FTP Server v([\d.]+) ready$$">
1077
+ <description>FTPD on Speedport WLAN/ADSL routers (Deutsche Telekom mfg by misc)</description>
1078
+ <example hw.product="723V" os.version="1.40.000">Speedport W 723V Typ B FTP Server v1.40.000 ready</example>
1079
+ <example hw.product="921V" os.version="1.39.000">Speedport W 921V FTP Server v1.39.000 ready</example>
1080
+ <example hw.product="722V" os.version="1.18.000">Speedport W722V FTP Server v1.18.000 ready</example>
1081
+ <param pos="0" name="hw.vendor" value="Deutsche Telekom"/>
1082
+ <param pos="0" name="hw.device" value="WAP"/>
1083
+ <param pos="1" name="hw.family" value="Speedport"/>
1084
+ <param pos="1" name="hw.product"/>
1085
+ <param pos="2" name="os.version"/>
1086
+ </fingerprint>
1087
+ <fingerprint pattern="^DiskStation FTP server ready\.$">
1088
+ <description>FTPD on a Synology DiskStation NAS</description>
1089
+ <example>DiskStation FTP server ready.</example>
1090
+ <param pos="0" name="service.family" value="SmbFTPD"/>
1091
+ <param pos="0" name="service.product" value="SmbFTPD"/>
1092
+ <param pos="0" name="service.vendor" value="GNU"/>
1093
+ <param pos="0" name="os.family" value="Linux"/>
1094
+ <param pos="0" name="os.product" value="Linux"/>
1095
+ <param pos="0" name="hw.vendor" value="Synology"/>
1096
+ <param pos="0" name="hw.family" value="DiskStation"/>
1097
+ <param pos="0" name="hw.device" value="NAS"/>
1098
+ </fingerprint>
1099
+ <fingerprint pattern="^Synology FTP server ready\.$" flags="REG_ICASE">
1100
+ <description>FTPD on a Synology device</description>
1101
+ <example>Synology FTP server ready.</example>
1102
+ <example>SYNOLOGY FTP server ready.</example>
1103
+ <param pos="0" name="service.family" value="SmbFTPD"/>
1104
+ <param pos="0" name="service.product" value="SmbFTPD"/>
1105
+ <param pos="0" name="service.vendor" value="GNU"/>
1106
+ <param pos="0" name="os.family" value="Linux"/>
1107
+ <param pos="0" name="os.product" value="Linux"/>
1108
+ <param pos="0" name="hw.vendor" value="Synology"/>
1109
+ </fingerprint>
1110
+ <fingerprint pattern="^.Welcome to MyBookLive.$">
1111
+ <description>FTPD on Western Digital My Book Live NAS</description>
1112
+ <example>"Welcome to MyBookLive"</example>
1113
+ <param pos="0" name="hw.vendor" value="Western Digital"/>
1114
+ <param pos="0" name="hw.family" value="My Book"/>
1115
+ <param pos="0" name="hw.product" value="My Book Live"/>
1116
+ <param pos="0" name="hw.device" value="NAS"/>
1117
+ </fingerprint>
1118
+ <fingerprint pattern="^Multicraft ([\w.-]+) FTP server$">
1119
+ <description>Multicraft FTPD Server</description>
1120
+ <example service.version="2.0.2">Multicraft 2.0.2 FTP server</example>
1121
+ <example service.version="2.0.0-pre19">Multicraft 2.0.0-pre19 FTP server</example>
1122
+ <param pos="0" name="service.family" value="Multicraft"/>
1123
+ <param pos="0" name="service.product" value="Multicraft"/>
1124
+ <param pos="0" name="service.vendor" value="Multicraft"/>
1125
+ <param pos="1" name="service.version"/>
1126
+ </fingerprint>
1127
+ <fingerprint pattern="^bftpd ([\d.]+) at ([\h.:]+) ready\.$">
1128
+ <description>Bftpd FTPD Server</description>
1129
+ <example service.version="2.2.1" host.ip="192.168.0.1">bftpd 2.2.1 at 192.168.0.1 ready.</example>
1130
+ <example service.version="2.2" host.ip="::ffff:192.168.1.1">bftpd 2.2 at ::ffff:192.168.1.1 ready.</example>
1131
+ <param pos="0" name="service.family" value="Bftpd"/>
1132
+ <param pos="0" name="service.product" value="Bftpd"/>
1133
+ <param pos="0" name="service.vendor" value="Bftpd Project"/>
1134
+ <param pos="1" name="service.version"/>
1135
+ <param pos="2" name="host.ip"/>
1136
+ </fingerprint>
1137
+ <fingerprint pattern="^NASFTPD Turbo station (?:2.x )?([\w.]+) Server \(ProFTPD\) \[([\h.:]+)\]$">
1138
+ <description>ProFTPD on QNAP Turbo Station NAS</description>
1139
+ <example service.version="1.3.5a" host.ip="192.168.1.100">NASFTPD Turbo station 1.3.5a Server (ProFTPD) [192.168.1.100]</example>
1140
+ <example service.version="1.3.1rc2" host.ip="192.168.1.100">NASFTPD Turbo station 2.x 1.3.1rc2 Server (ProFTPD) [192.168.1.100]</example>
1141
+ <param pos="0" name="service.family" value="ProFTPD"/>
1142
+ <param pos="0" name="service.vendor" value="ProFTPD Project"/>
1143
+ <param pos="0" name="service.product" value="ProFTPD"/>
1144
+ <param pos="1" name="service.version"/>
1145
+ <param pos="0" name="hw.vendor" value="QNAP"/>
1146
+ <param pos="0" name="hw.family" value="Turbo Station"/>
1147
+ <param pos="0" name="hw.device" value="NAS"/>
1148
+ <param pos="2" name="host.ip"/>
1149
+ </fingerprint>
1150
+ <fingerprint pattern="^Twisted ([\w.]+) FTP Server$">
1151
+ <description>Twisted (Python) FTP Server</description>
1152
+ <example service.version="14.0.0" >Twisted 14.0.0 FTP Server</example>
1153
+ <example service.version="16.5.0rc2">Twisted 16.5.0rc2 FTP Server</example>
1154
+ <param pos="0" name="service.family" value="Twisted"/>
1155
+ <param pos="0" name="service.product" value="Twisted FTPD"/>
1156
+ <param pos="0" name="service.vendor" value="Twisted Matrix Labs"/>
1157
+ <param pos="1" name="service.version"/>
1158
+ </fingerprint>
1159
+ <fingerprint pattern="^Gene6 FTP Server v(\d{1,2}\.\d{1,2}\.\d{1,2}\s{1,2}\(Build \d{1,2}\)) ready\.\.\.$">
1160
+ <description>Gene6 FTP Server on Windows</description>
1161
+ <example service.version="3.10.0 (Build 2)">Gene6 FTP Server v3.10.0 (Build 2) ready...</example>
1162
+ <example service.version="3.7.0 (Build 24)">Gene6 FTP Server v3.7.0 (Build 24) ready...</example>
1163
+ <param pos="0" name="service.family" value="Gene6"/>
1164
+ <param pos="0" name="service.product" value="FTP Server"/>
1165
+ <param pos="0" name="service.vendor" value="Gene6"/>
1166
+ <param pos="1" name="service.version"/>
1167
+ <param pos="0" name="os.vendor" value="Microsoft"/>
1168
+ <param pos="0" name="os.family" value="Windows"/>
1169
+ <param pos="0" name="os.product" value="Windows"/>
1170
+ </fingerprint>
1171
+ <fingerprint pattern="^([\w.-]+) X2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
1172
+ <description>WS_FTP FTP Server on Windows - X2 variant</description>
1173
+ <example service.version="7.7(50012467)" host.name="a.host.name.tld">a.host.name.tld X2 WS_FTP Server 7.7(50012467)</example>
1174
+ <example service.version="5.0.5 (1989540204)" host.name="a.host.name.tld">a.host.name.tld X2 WS_FTP Server 5.0.5 (1989540204)</example>
1175
+ <param pos="0" name="service.family" value="WS_FTP"/>
1176
+ <param pos="0" name="service.product" value="WS_FTP"/>
1177
+ <param pos="0" name="service.vendor" value="Ipswitch"/>
1178
+ <param pos="2" name="service.version"/>
1179
+ <param pos="0" name="os.vendor" value="Microsoft"/>
1180
+ <param pos="0" name="os.family" value="Windows"/>
1181
+ <param pos="0" name="os.product" value="Windows"/>
1182
+ <param pos="1" name="host.name"/>
1183
+ </fingerprint>
1184
+ <fingerprint pattern="^V2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
1185
+ <description>WS_FTP FTP Server on Windows - V2 variant</description>
1186
+ <example service.version="6.1(05544322)">V2 WS_FTP Server 6.1(05544322)</example>
1187
+ <param pos="0" name="service.family" value="WS_FTP"/>
1188
+ <param pos="0" name="service.product" value="WS_FTP"/>
1189
+ <param pos="0" name="service.vendor" value="Ipswitch"/>
1190
+ <param pos="1" name="service.version"/>
1191
+ <param pos="0" name="os.vendor" value="Microsoft"/>
1192
+ <param pos="0" name="os.family" value="Windows"/>
1193
+ <param pos="0" name="os.product" value="Windows"/>
1194
+ </fingerprint>
1195
+ <fingerprint pattern="^FTP Server \(ZyWALL (USG\s?[\w-]+)\) \[([\h:.]+)\]$">
1196
+ <description>ZyXEL Unified Security Gateway</description>
1197
+ <example hw.product="USG 20" host.ip="::ffff:192.168.0.2">FTP Server (ZyWALL USG 20) [::ffff:192.168.0.2]</example>
1198
+ <example hw.product="USG100-PLUS" host.ip="::ffff:192.168.5.101">FTP Server (ZyWALL USG100-PLUS) [::ffff:192.168.5.101]</example>
1199
+ <example hw.product="USG 20" host.ip="10.0.0.2">FTP Server (ZyWALL USG 20) [10.0.0.2]</example>
1200
+ <param pos="0" name="service.vendor" value="ZyXEL"/>
1201
+ <param pos="0" name="service.family" value="Unified Security Gateway"/>
1202
+ <param pos="0" name="service.product" value="FTPD"/>
1203
+ <param pos="2" name="host.ip"/>
1204
+ <param pos="0" name="hw.vendor" value="ZyXEL"/>
1205
+ <param pos="0" name="hw.family" value="Unified Security Gateway"/>
1206
+ <param pos="1" name="hw.product"/>
1207
+ </fingerprint>
1208
+ <fingerprint pattern="^Welcome to TP-LINK FTP server$">
1209
+ <description>FTPD on a TP-LINK device (no version/host info)</description>
1210
+ <example>Welcome to TP-LINK FTP server</example>
1211
+ <param pos="0" name="hw.vendor" value="TP-LINK"/>
1212
+ </fingerprint>
1213
+ <fingerprint pattern="^ucftpd\((\w{3}\s+\d{1,2} \d{4}-\d\d:\d\d:\d\d)\) FTP server ready\.$">
1214
+ <description>ucftpd with version</description>
1215
+ <example service.version="Jul 2 2012-22:13:49">ucftpd(Jul 2 2012-22:13:49) FTP server ready.</example>
1216
+ <example service.version="Sep 10 2010-17:23:34">ucftpd(Sep 10 2010-17:23:34) FTP server ready.</example>
1217
+ <param pos="0" name="service.family" value="ucftpd"/>
1218
+ <param pos="0" name="service.product" value="ucftpd"/>
1219
+ <param pos="1" name="service.version"/>
1220
+ </fingerprint>
1221
+ <fingerprint pattern="^ucftpd FTP server ready\.$">
1222
+ <description>ucftpd without version</description>
1223
+ <example>ucftpd FTP server ready.</example>
1224
+ <param pos="0" name="service.family" value="ucftpd"/>
1225
+ <param pos="0" name="service.product" value="ucftpd"/>
1226
+ </fingerprint>
1227
+ <fingerprint pattern="^Welcome to TBS FTP Server\.$">
1228
+ <description>TBS FTP Server</description>
1229
+ <example>Welcome to TBS FTP Server.</example>
1230
+ <param pos="0" name="service.family" value="TBS FTP Server"/>
1231
+ <param pos="0" name="service.product" value="TBS FTP Server"/>
1232
+ </fingerprint>
1233
+ <fingerprint pattern="^Sofrel (S5[\w]+) SN ([\d-]+) ready. Time is (\d{2}:\d{2}:\d{2} \d{2}\/\d{2}\/\d{2})\.$">
1234
+ <description>Sofrel Remote Terminal Unit</description>
1235
+ <example hw.device="S500" host.id="01-499-00427" system.time="00:11:39 01/11/16">Sofrel S500 SN 01-499-00427 ready. Time is 00:11:39 01/11/16.</example>
1236
+ <param pos="0" name="hw.vendor" value="Sofrel"/>
1237
+ <param pos="0" name="hw.family" value="S500 Range"/>
1238
+ <param pos="1" name="hw.device"/>
1239
+ <param pos="2" name="host.id"/>
1240
+ <param pos="0" name="system.time.format" value="HH:mm::ss dd/MM/yy"/>
1241
+ <param pos="3" name="system.time"/>
1242
+ </fingerprint>
1243
+ <fingerprint pattern="^TiMOS-[CB]-([\S]+) cpm\/[\w]+ ALCATEL (SR [\S]+) Copyright .{1,4}$">
1244
+ <description>ALCATEL Service Router running TiMOS</description>
1245
+ <example os.version="13.0.R9">TiMOS-C-13.0.R9 cpm/hops64 ALCATEL SR 7750 Copyright (</example>
1246
+ <example hw.device="SR 7750">TiMOS-C-9.0.R8 cpm/hops ALCATEL SR 7750 Copyright (c) </example>
1247
+ <param pos="0" name="os.vendor" value="ALCATEL"/>
1248
+ <param pos="1" name="os.version"/>
1249
+ <param pos="0" name="hw.vendor" value="ALCATEL"/>
1250
+ <param pos="0" name="hw.family" value="Service Router"/>
1251
+ <param pos="2" name="hw.device"/>
883
1252
  </fingerprint>
884
1253
  <fingerprint pattern="^(\S+) FTP server ready\.?$" flags="REG_ICASE">
885
1254
  <description>Generic FTP fingerprint with a hostname</description>
@@ -906,4 +1275,17 @@ more text</example>
906
1275
  <param pos="0" name="service.vendor" value="Pro Group"/>
907
1276
  <param pos="0" name="service.product" value="ProRat"/>
908
1277
  </fingerprint>
1278
+ <fingerprint pattern="^(?:(\S+) )?FTP Server \(vftpd ([\d.]+)\) ready\.?$">
1279
+ <description>Vermillion FTP Daemon</description>
1280
+ <example host.name="srv.name" service.version="1.23">srv.name FTP Server (vftpd 1.23) ready.</example>
1281
+ <example service.version="1.31">FTP Server (vftpd 1.31) ready.</example>
1282
+ <param pos="0" name="os.vendor" value="Microsoft"/>
1283
+ <param pos="0" name="os.device" value="General"/>
1284
+ <param pos="0" name="os.family" value="Windows"/>
1285
+ <param pos="0" name="os.product" value="Windows"/>
1286
+ <param pos="0" name="service.vendor" value="Vermillion"/>
1287
+ <param pos="0" name="service.product" value="FTP Daemon"/>
1288
+ <param pos="2" name="service.version"/>
1289
+ <param pos="1" name="host.name"/>
1290
+ </fingerprint>
909
1291
  </fingerprints>