recog 2.1.20 → 2.1.21

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2bfeeb07ef75ede0bd291ce0c2d76edc5ffada87
-  data.tar.gz: 3f856046bab4d8ce4314ba06e2c466a106b9ccee
+  metadata.gz: 8a132548a0e8437e0013aec6a0ff43b35b3ff3c8
+  data.tar.gz: 589523b4c9e9c365805f60174ac374c0b58d0424
 SHA512:
-  metadata.gz: e7407705aba8d9bb0e4841ca60f764866d10502001462d22a9bcfed772b47b991937d2fb385633ed27833471d3378fe2e3e5b883ac80bde15d8e7676e2a54659
-  data.tar.gz: b3372d0bb14af987db7533d9093688a4cefca151acb726fa1dcbdef8c38c019a4787f8f76fed3a37405d9accd21f14722b95ca9247b5d7b028650a92f51bd977
+  metadata.gz: 7896a020384f6261c7fe99f1c896798784e58395c79a07bfc8c920d52117bbf627ba309c097054809025f1300664cec581de851a8bd0c8f4413d5039a6288cd4
+  data.tar.gz: e95bef58ff9749118e016f85da5967230d352ff62a950863571a96d9cd74cda212ba0da89489574dd9cd2af46d1e9495ac1862381d2cdd9e688a166e851f4eac

data/lib/recog/version.rb

@@ -1,3 +1,3 @@
 module Recog
-  VERSION = '2.1.20'
+  VERSION = '2.1.21'
 end

data/remap.json

@@ -0,0 +1,131 @@
+{"remappings": [
+    {"r7_vendor": "apache", "cpe_vendor": "apache", "products":
+      {
+        "httpd": "http_server"
+      }
+    },
+    {"r7_vendor": "alt-n", "cpe_vendor": "altn"},
+    {"r7_vendor": "bea", "cpe_vendor": "bea", "products":
+      {
+        "weblogic": "weblogic_server"
+      }
+    },
+    {"r7_vendor": "centos", "cpe_vendor": "centos", "products":
+      {
+        "linux": "centos"
+      }
+    },
+    {"r7_vendor": "check_point", "cpe_vendor": "checkpoint"},
+    {"r7_vendor": "cisco", "cpe_vendor": "cisco", "products":
+      {
+        "adaptive_security_appliance": "adaptive_security_appliance_software",
+        "pix": "pix_firewall_software",
+        "telepresence": "telepresence_video_communication_server_software"
+      }
+    },
+    {"r7_vendor": "debian", "cpe_vendor": "debian", "products":
+      {
+        "linux": "debian_linux"
+      }
+    },
+    {"r7_vendor": "f5", "cpe_vendor": "f5", "products":
+      {
+        "big-ip": "big-ip_local_traffic_manager",
+        "big-ip_ltm": "big-ip_local_traffic_manager"
+      }
+    },
+    {"r7_vendor": "hp", "cpe_vendor": "hp", "products":
+      {
+        "ilo": "integrated_lights_out",
+        "lotus_domino": "lotus_domino_server",
+        "tru64_unix": "tru64"
+      }
+    },
+    {"r7_vendor": "ibm", "cpe_vendor": "ibm", "products":
+      {
+        "lotus_domino": "lotus_domino_server"
+      }
+    },
+    {"r7_vendor": "juniper", "cpe_vendor": "juniper", "products":
+      {
+        "junos_os": "junos"
+      }
+    },
+    {"r7_vendor": "linux", "cpe_vendor": "linux", "products":
+      {
+        "linux": "linux_kernel"
+      }
+    },
+    {"r7_vendor": "microsoft", "cpe_vendor": "microsoft", "products":
+      {
+        "active_directory_controller": "active_directory",
+        "exchange_server_5.5": "exchange_server",
+        "exchange_2000_server": "exchange_server",
+        "exchange_2003_server": "exchange_server",
+        "exchange_2007_server": "exchange_server",
+        "lightweight_directory_server": "active_directory_lightweight_directory_service",
+        "windows_server_2003_datacenter_edition": "windows_server_2003",
+        "windows_server_2003_r2": "windows_server_2003",
+        "windows_2008_r2": "windows_server_2008",
+        "windows_server_2008_datacenter_edition": "windows_server_2008",
+        "windows_server_2008_r2": "windows_server_2008",
+        "windows_server_2008_r2_datacenter_edition": "windows_server_2008",
+        "windows_server_2012_r2": "windows_server_2012",
+        "nt": "windows_nt",
+        "windows_nt_desktop": "windows_nt",
+        "windows_nt_server": "windows_nt",
+        "windows_server_2000": "windows_2000",
+        "windows_2000_server": "windows_2000",
+        "windows_2000_datacenter_server": "windows_2000",
+        "pws": "personal_web_server"
+      }
+    },
+    {"r7_vendor": "mort_bay", "cpe_vendor": "mortbay"},
+    {"r7_vendor": "net-snmp", "cpe_vendor": "net-snmp", "products":
+      {
+        "snmp_agent": "net-snmp"
+      }
+    },
+    {"r7_vendor": "palo_alto_networks", "cpe_vendor": "paloaltonetworks", "products":
+      {
+        "pa_firewall": "pan-os"
+      }
+    },
+    {"r7_vendor": "proftpd_project", "cpe_vendor": "proftpd"},
+    {"r7_vendor": "red_hat", "cpe_vendor": "redhat", "products":
+      {
+        "cygwin_x_server_project": "cygwin",
+        "fedora_core_linux": "fedora_core",
+        "jboss_as": "jboss_wildfly_application_server",
+        "jboss_eap": "jboss_enterprise_application_platform",
+        "jbossweb": "jboss_web_framework_kit",
+        "red_hat_directory_server": "directory_server"
+      }
+    },
+    {"r7_vendor": "sun", "cpe_vendor": "sun", "products":
+      {
+        "solaris": "sunos"
+      }
+    },
+    {"r7_vendor": "ubuntu", "cpe_vendor": "canonical", "products":
+      {
+        "linux": "ubuntu_linux"
+      }
+    },
+    {"r7_vendor": "vandyke_software", "cpe_vendor": "vandyke"},
+    {"r7_vendor": "vmware", "cpe_vendor": "vmware", "products":
+      {
+        "photon_linux": "photon_os",
+        "zimbra": "zimbra_desktop",
+        "vmware_esx_server": "esx",
+        "vmware_esxi_server": "esxi"
+      }
+    },
+    {"r7_vendor": "wind_river", "cpe_vendor": "windriver"},
+    {"r7_vendor": "x.org", "cpe_vendor": "x.org", "products":
+      {
+        "x.org_x11": "x11"
+      }
+    }
+  ]
+}

data/spec/lib/fingerprint_self_test_spec.rb

@@ -32,8 +32,15 @@ describe Recog::DB do
         fp = db.fingerprints[i]
 
         context "#{fp.name}" do
+          param_names = []
           fp.params.each do |param_name, pos_value|
             pos, value = pos_value
+            it "has valid looking fingerprint parameter names" do
+              unless param_name =~ /^(?:cookie|[^\.]+\..*)$/
+                fail "'#{param_name}' is invalid"
+              end
+            end
+
             it "doesn't have param values for capture params" do
               if pos > 0 && !value.to_s.empty?
                 fail "'#{fp.name}'s #{param_name} is a non-zero pos but specifies a value of '#{value}'"
@@ -45,12 +52,20 @@ describe Recog::DB do
                 fail "'#{fp.name}'s #{param_name} is not a capture (pos=0) but doesn't specify a value"
               end
             end
+
+            it "doesn't have duplicate params" do
+              if param_names.include?(param_name)
+                fail "'#{fp.name}'s has duplicate #{param_name}"
+              else
+                param_names << param_name
+              end
+            end
           end
         end
 
         context "#{fp.regex}" do
 
-          it "has a name" do
+          it "has a valid looking name" do
             expect(fp.name).not_to be_nil
             expect(fp.name).not_to be_empty
           end

data/update_cpes.py

@@ -0,0 +1,202 @@
+#!/usr/bin/env python
+
+import json
+import logging
+import re
+import sys
+
+from lxml import etree
+
+def parse_r7_remapping(file):
+    remap = {} # r7_vendor => { 'cpe_vendor' => <cpe_vendor>, 'products': { r7_product1 => cpe_product1 }}
+    remappings = None
+    with open(file) as remap_file:
+        remappings = json.load(remap_file)["remappings"]
+
+    for remap_json in remappings:
+        r7_vendor = remap_json['r7_vendor']
+        cpe_vendor = remap_json['cpe_vendor']
+        if r7_vendor in remap:
+            raise ValueError("R7 vendor {} duplicated in {}".format(r7_vendor, file))
+
+        product_map = {}
+        if 'products' in remap_json:
+            product_map = remap_json['products']
+        remap[r7_vendor] = {'cpe_vendor': cpe_vendor, 'products': product_map}
+
+    return remap
+
+
+def parse_cpe_vp_map(file):
+    vp_map = {} # cpe_type -> vendor -> products
+    parser = etree.XMLParser(remove_comments=False)
+    doc = etree.parse(file, parser)
+    namespaces = {'ns': 'http://cpe.mitre.org/dictionary/2.0', 'meta': 'http://scap.nist.gov/schema/cpe-dictionary-metadata/0.2'}
+    for cpe_name in doc.xpath("//ns:cpe-list/ns:cpe-item/@name", namespaces=namespaces):
+        cpe_match = re.match('^cpe:/([aho]):([^:]+):([^:]+)', cpe_name)
+        if cpe_match:
+            cpe_type, vendor, product = cpe_match.group(1, 2, 3)
+            if not cpe_type in vp_map:
+                vp_map[cpe_type] = {}
+            if not vendor in vp_map[cpe_type]:
+                vp_map[cpe_type][vendor] = set()
+            vp_map[cpe_type][vendor].add(product)
+        else:
+            logging.error("Unexpected CPE %s", cpe_name)
+
+    return vp_map
+
+def main():
+    if len(sys.argv) != 4:
+        logging.critical("Expecting exactly 3 arguments; recog XML file, CPE 2.3 XML dictionary, JSON remapping, got %s", (len(sys.argv) - 1))
+        exit(1)
+
+    cpe_vp_map = parse_cpe_vp_map(sys.argv[2])
+    if not cpe_vp_map:
+        logging.critical("No CPE vendor => product mappings read from CPE 2.3 XML dictionary %s", sys.argv[2])
+        exit(1)
+
+    r7_vp_map = parse_r7_remapping(sys.argv[3])
+    if not r7_vp_map:
+        logging.warning("No Rapid7 vendor/product => CPE mapping read from %s", sys.argv[3])
+
+    update_cpes(sys.argv[1], cpe_vp_map, r7_vp_map)
+
+def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
+    parser = etree.XMLParser(remove_comments=False)
+    doc = etree.parse(xml_file, parser)
+
+    for fingerprint in doc.xpath('//fingerprint'):
+
+        # collect all the params, grouping by os and service params that could be used to compute a CPE
+        params = {}
+        for param in fingerprint.xpath('./param'):
+            name = param.attrib['name']
+            # remove any existing CPE params
+            if re.match(r'^.*\.cpe\d{0,2}$', name):
+                param.getparent().remove(param)
+                continue
+
+            match = re.search(r'^(?P<fp_type>hw|os|service(?:\.component)?)\.', name)
+            if match:
+                fp_type = match.group('fp_type')
+                if not fp_type in params:
+                    params[fp_type] = {}
+                if name in params[fp_type]:
+                    raise ValueError('Duplicated fingerprint named {} in {}'.format(name, fingerprint.attrib['pattern']))
+                params[fp_type][name] = param
+
+
+        # for each of the applicable os/service param groups, build a CPE
+        for fp_type in params:
+            if fp_type == 'os':
+                cpe_type = 'o'
+            elif fp_type.startswith('service'):
+                cpe_type = 'a'
+            elif fp_type == 'hw':
+                cpe_type = 'h'
+            else:
+                raise ValueError('Unhandled param type {}'.format(fp_type))
+
+            # extract the vendor/product/version values from each os/service group,
+            # using the static value ('Apache', for example) when pos is 0, and
+            # otherwise use a value that contains interpolation markers such that
+            # products/projects that use recog content can insert the value
+            # extracted from the banner/other data via regex capturing groups
+            fp_data = {
+                'vendor': None,
+                'product': None,
+                'version': '-',
+            }
+            for fp_datum in fp_data:
+                fp_datum_param_name = "{}.{}".format(fp_type, fp_datum)
+                if fp_datum_param_name in params[fp_type]:
+                    fp_datum_e = params[fp_type][fp_datum_param_name]
+                    if fp_datum_e.attrib['pos'] == '0':
+                        fp_data[fp_datum] = fp_datum_e.attrib['value']
+                    else:
+                        fp_data[fp_datum] = "{{{}}}".format(fp_datum_e.attrib['name'])
+
+            vendor = fp_data['vendor']
+            product = fp_data['product']
+            version = fp_data['version']
+
+            # build a reasonable looking CPE value from the vendor/product/version,
+            # lowercasing, replacing whitespace with _, and more
+            if vendor and product:
+                if not cpe_type in cpe_vp_map:
+                    logging.error("Didn't find CPE type '%s' for '%s' '%s'", cpe_type, vendor, product)
+                    continue
+
+                vendor = vendor.lower().replace(' ', '_').replace(',', '')
+                product = product.lower().replace(' ', '_').replace(',', '')
+                if 'unknown' in [vendor, product]:
+                    continue
+
+                if (vendor.startswith('{') and vendor.endswith('}')) or (product.startswith('{') and product.endswith('}')):
+                    continue
+
+                remapped_vendor = False
+                og_vendor = vendor
+                if not vendor in cpe_vp_map[cpe_type]:
+                    if vendor in r7_vp_map:
+                        vendor = r7_vp_map[vendor]['cpe_vendor']
+                        remapped_vendor = True
+                        if not vendor in cpe_vp_map[cpe_type]:
+                            logging.error("Remapped vendor %s (remapped from %s) invalid for CPE %s (product %s)", vendor, og_vendor, cpe_type, product)
+                            continue
+                    else:
+                        logging.error("Vendor %s invalid for CPE %s and no remapping (product %s)", vendor, cpe_type, product)
+                        continue
+
+
+                # if the product as specified is not found in the CPE dictionary for this vendor
+                if not product in cpe_vp_map[cpe_type][vendor]:
+                    # if this vendor has a remapping from R7
+                    if og_vendor in r7_vp_map:
+                        # if this product has a remapping for this vendor from R7
+                        if product in r7_vp_map[og_vendor]['products']:
+                            og_product = product
+                            product = r7_vp_map[og_vendor]['products'][product]
+                            # ensure that the remapped product is valid for the given vendor in CPE
+                            if not product in cpe_vp_map[cpe_type][vendor]:
+                                logging.error("Remapped product %s (remapped from %s) from vendor %s invalid for CPE %s", product, og_product, vendor, cpe_type)
+                                continue
+                        else:
+                            if remapped_vendor:
+                                logging.error("Product %s from vendor %s (remapped from %s) invalid for CPE %s and no mapping", product, vendor, og_vendor, cpe_type)
+                            else:
+                                logging.error("Product %s from vendor %s invalid for CPE %s and no mapping", product, vendor, cpe_type)
+                            continue
+                    else:
+                        if remapped_vendor:
+                            logging.error("Vendor %s (remapped from %s) is valid for CPE %s but product %s not valid and no mapping", vendor, og_vendor, cpe_type, product)
+                        else:
+                            logging.error("Vendor %s is valid for CPE %s but product %s not valid and no mapping", vendor, cpe_type, product)
+                        continue
+
+                # building the CPE string
+                cpe_value = 'cpe:/{}:{}:{}'.format(cpe_type, vendor, product)
+
+                if version:
+                    cpe_value += ":{}".format(version)
+
+                cpe_param = etree.Element('param')
+                cpe_param.attrib['pos'] = '0'
+                cpe_param.attrib['name'] = '{}.cpe23'.format(fp_type)
+                cpe_param.attrib['value'] = cpe_value
+
+                for param_name in params[fp_type]:
+                    param = params[fp_type][param_name]
+                    parent = param.getparent()
+                    index = parent.index(param) + 1
+                    parent.insert(index, cpe_param)
+
+    root = doc.getroot()
+
+    with open(xml_file, 'wb') as xml_out:
+        xml_out.write(etree.tostring(root, pretty_print=True, xml_declaration=True, encoding=doc.docinfo.encoding))
+
+if __name__ == '__main__':
+    try: exit(main())
+    except KeyboardInterrupt: pass

data/xml/apache_os.xml

@@ -1,10 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!--
-When an HTTP server is fingerprinted as Apache, a 2nd analysis pass is done
-on the server headers HTTPProtocolHelper.SERVER_HEADERS: they are matched
-against the following patterns to extract OS information.
--->
 <fingerprints matches="apache_os" database_type="util.os" preference="0.10">
+  <!--
+  When an HTTP server is fingerprinted as Apache, a 2nd analysis pass is done
+  on the server headers HTTPProtocolHelper.SERVER_HEADERS: they are matched
+  against the following patterns to extract OS information.
+  -->
   <fingerprint pattern=".*\(iSeries\).*">
     <description>IBM i5/OS iSeries (OS/400)</description>
     <param pos="0" name="os.vendor" value="IBM"/>
@@ -20,6 +20,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
     <param pos="0" name="os.version" value="9.2"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:mandriva:linux:9.2"/>
   </fingerprint>
   <fingerprint pattern=".*\(Mandrake Linux/\d+\.\d+\.100mdk\).*">
     <description>Mandriva (formerly Mandrake) Linux 10.0</description>
@@ -29,6 +30,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
     <param pos="0" name="os.version" value="10.0"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:mandriva:linux:10.0"/>
   </fingerprint>
   <fingerprint pattern=".*\((?:Mandrake|Mandriva) Linux/.*">
     <description>Mandriva (formerly Mandrake) Linux unknown version</description>
@@ -36,6 +38,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.device" value="General"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:mandriva:linux:-"/>
   </fingerprint>
   <fingerprint pattern=".*\(Mandrakelinux/.*">
     <description>Mandriva (formerly Mandrake) Linux unknown version</description>
@@ -43,6 +46,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.device" value="General"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:mandriva:linux:-"/>
   </fingerprint>
   <fingerprint pattern=".*\(PalmOS\).*">
     <description>PalmOS</description>
@@ -58,6 +62,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.device" value="General"/>
     <param pos="0" name="os.family" value="Windows"/>
     <param pos="0" name="os.product" value="Windows"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
   <fingerprint pattern=".*\(Darwin\).*">
     <description>Apple Mac OS X</description>
@@ -65,6 +70,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.device" value="General"/>
     <param pos="0" name="os.family" value="Mac OS X"/>
     <param pos="0" name="os.product" value="Mac OS X"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:-"/>
   </fingerprint>
   <fingerprint pattern=".*\(Ubuntu\).*">
     <description>Ubuntu</description>
@@ -72,6 +78,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.device" value="General"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
   </fingerprint>
   <fingerprint pattern=".*(?:Sun )?Cobalt \(Unix\)?.*">
     <description>Sun Cobalt RaQ (Red Hat based Linux)</description>
@@ -94,6 +101,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Fedora Core Linux"/>
     <param pos="0" name="os.version" value="11"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:11"/>
   </fingerprint>
   <fingerprint pattern="^Apache\/2\.2\.15.*\(Fedora\).*">
     <description>Red Hat Fedora 13</description>
@@ -102,6 +110,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Fedora Core Linux"/>
     <param pos="0" name="os.version" value="13"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:13"/>
   </fingerprint>
   <fingerprint pattern="^Apache\/2\.2\.16.*\(Fedora\).*">
     <description>Red Hat Fedora 14</description>
@@ -110,6 +119,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Fedora Core Linux"/>
     <param pos="0" name="os.version" value="14"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:14"/>
   </fingerprint>
   <fingerprint pattern="^Apache\/2\.2\.23.*\(Fedora\).*">
     <description>Red Hat Fedora 17</description>
@@ -118,6 +128,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Fedora Core Linux"/>
     <param pos="0" name="os.version" value="17"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:17"/>
   </fingerprint>
   <fingerprint pattern="^Apache\/2\.4\.3.*\(Fedora\).*">
     <description>Red Hat Fedora 18</description>
@@ -126,6 +137,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Fedora Core Linux"/>
     <param pos="0" name="os.version" value="18"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:18"/>
   </fingerprint>
   <fingerprint pattern=".*\(Fedora\).*">
     <description>Red Hat Fedora</description>
@@ -133,6 +145,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.device" value="General"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Fedora Core Linux"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:-"/>
   </fingerprint>
   <fingerprint pattern=".*\(RHEL\).*">
     <description>Red Hat Fedora</description>
@@ -140,6 +153,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.device" value="General"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Enterprise Linux"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:redhat:enterprise_linux:-"/>
   </fingerprint>
   <fingerprint pattern=".*\(Red[ -]Hat(?:[/ ]Linux)?\).*">
     <description>Red Hat Linux</description>
@@ -147,6 +161,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.device" value="General"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:redhat:linux:-"/>
   </fingerprint>
   <fingerprint pattern=".*Debian(?:[/ ]GNU)?(?:/Linux)?.*">
     <description>Debian Linux</description>
@@ -154,6 +169,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.device" value="General"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
   </fingerprint>
   <fingerprint pattern=".*\((?:Linux/)?S[uU]SE(?:/Linux)?\).*">
     <description>Novell SuSE Linux</description>
@@ -161,6 +177,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.device" value="General"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:suse:linux:-"/>
   </fingerprint>
   <fingerprint pattern=".*\(NETWARE\).*">
     <description>Novell NetWare</description>
@@ -168,6 +185,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.device" value="General"/>
     <param pos="0" name="os.family" value="NetWare"/>
     <param pos="0" name="os.product" value="NetWare"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:-"/>
   </fingerprint>
   <fingerprint pattern=".*HP-UX_Apache-based_Web_Server.*">
     <description>HP HP-UX</description>
@@ -175,6 +193,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.device" value="General"/>
     <param pos="0" name="os.family" value="HP-UX"/>
     <param pos="0" name="os.product" value="HP-UX"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
   </fingerprint>
   <fingerprint pattern=".*\(CentOS\).*">
     <description>CentOS Linux</description>
@@ -182,6 +201,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.device" value="General"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:-"/>
   </fingerprint>
   <fingerprint pattern=".*\(Turbolinux\).*">
     <description>Turbolinux</description>
@@ -196,6 +216,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.device" value="General"/>
     <param pos="0" name="os.family" value="FreeBSD"/>
     <param pos="0" name="os.product" value="FreeBSD"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:freebsd:freebsd:-"/>
   </fingerprint>
   <fingerprint pattern=".*\(Asianux\).*">
     <description>Asianux Linux</description>
@@ -210,6 +231,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.device" value="General"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:gentoo:linux:-"/>
   </fingerprint>
   <fingerprint pattern=".*\(Conectiva(?:/Linux)?\).*">
     <description>CentOS Linux</description>
@@ -217,6 +239,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.device" value="General"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:conectiva:linux:-"/>
   </fingerprint>
   <fingerprint pattern=".*\(Trustix Secure Linux(?:/Linux)?\).*">
     <description>CentOS Linux</description>
@@ -224,6 +247,7 @@ against the following patterns to extract OS information.
     <param pos="0" name="os.device" value="General"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Secure Linux"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:trustix:secure_linux:-"/>
   </fingerprint>
   <fingerprint pattern=".*\(White Box\).*">
     <description>White Box Enterprise Linux</description>