recog 2.1.20 → 2.1.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/recog/version.rb +1 -1
- data/remap.json +131 -0
- data/spec/lib/fingerprint_self_test_spec.rb +16 -1
- data/update_cpes.py +202 -0
- data/xml/apache_os.xml +29 -5
- data/xml/architecture.xml +3 -3
- data/xml/dns_versionbind.xml +56 -10
- data/xml/ftp_banners.xml +56 -12
- data/xml/h323_callresp.xml +4 -4
- data/xml/hp_pjl_id.xml +8 -8
- data/xml/http_cookies.xml +20 -8
- data/xml/http_servers.xml +122 -8
- data/xml/http_wwwauth.xml +13 -3
- data/xml/imap_banners.xml +19 -1
- data/xml/ldap_searchresult.xml +44 -68
- data/xml/mdns_device-info_txt.xml +18 -7
- data/xml/mdns_workstation_txt.xml +7 -7
- data/xml/mysql_banners.xml +159 -13
- data/xml/mysql_error.xml +124 -21
- data/xml/nntp_banners.xml +10 -4
- data/xml/ntp_banners.xml +144 -84
- data/xml/operating_system.xml +39 -10
- data/xml/pop_banners.xml +32 -12
- data/xml/rsh_resp.xml +8 -3
- data/xml/sip_banners.xml +4 -3
- data/xml/sip_user_agents.xml +4 -3
- data/xml/smb_native_lm.xml +9 -4
- data/xml/smb_native_os.xml +50 -25
- data/xml/smtp_banners.xml +108 -33
- data/xml/smtp_debug.xml +11 -8
- data/xml/smtp_ehlo.xml +14 -11
- data/xml/smtp_expn.xml +17 -11
- data/xml/smtp_help.xml +17 -11
- data/xml/smtp_mailfrom.xml +4 -3
- data/xml/smtp_noop.xml +13 -8
- data/xml/smtp_quit.xml +10 -8
- data/xml/smtp_rcptto.xml +1 -3
- data/xml/smtp_rset.xml +10 -8
- data/xml/smtp_turn.xml +10 -8
- data/xml/smtp_vrfy.xml +18 -11
- data/xml/snmp_sysdescr.xml +157 -451
- data/xml/snmp_sysobjid.xml +57 -4
- data/xml/ssh_banners.xml +104 -5
- data/xml/upnp_banners.xml +16 -1
- data/xml/x11_banners.xml +34 -9
- metadata +4 -2
data/xml/architecture.xml
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
<?xml version="1.0" encoding="UTF-8"?>
|
2
|
-
<!--
|
3
|
-
Generic rules for matching a machine architecture, platform, or chipset
|
4
|
-
-->
|
5
2
|
<fingerprints matches="architecture" database_type="util.os">
|
3
|
+
<!--
|
4
|
+
Generic rules for matching a machine architecture, platform, or chipset
|
5
|
+
-->
|
6
6
|
<fingerprint pattern="x64|amd64|x86_64" flags="REG_ICASE">
|
7
7
|
<description>x64 (x86_x64)</description>
|
8
8
|
<example>Linux claw 3.11.0-15-generic #23-Ubuntu SMP Mon Dec 9 18:17:04 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux</example>
|
data/xml/dns_versionbind.xml
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
<?xml version="1.0" encoding="UTF-8"?>
|
2
|
-
|
3
|
-
|
4
|
-
|
2
|
+
<fingerprints matches="dns.versionbind" protocol="dns" database_type="service" preference="0.750">
|
3
|
+
<!--
|
4
|
+
This fingerprint file matches the text string response from a DNS
|
5
|
+
version.bind request.
|
5
6
|
|
6
|
-
|
7
|
+
For example, the string 'dnsmasq-2.76-1-ubnt2' emitted by the command below:
|
7
8
|
|
8
|
-
|
9
|
-
|
9
|
+
$ nslookup -type=txt -class=chaos VERSION.BIND <dns_server> | grep VERSION.BIND | cut -d\" -f2
|
10
|
+
dnsmasq-2.76-1-ubnt2
|
10
11
|
|
11
|
-
-->
|
12
|
-
<fingerprints matches="dns.versionbind" protocol="dns" database_type="service" preference="0.750">
|
12
|
+
-->
|
13
13
|
<!-- Red Hat package naming:
|
14
14
|
https://fedoraproject.org/wiki/Packaging:DistTag
|
15
15
|
https://fedoraproject.org/wiki/Packaging:Versioning
|
@@ -30,11 +30,13 @@
|
|
30
30
|
<param pos="0" name="service.family" value="BIND"/>
|
31
31
|
<param pos="0" name="service.product" value="BIND"/>
|
32
32
|
<param pos="1" name="service.version"/>
|
33
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
|
33
34
|
<param pos="0" name="os.vendor" value="Red Hat"/>
|
34
35
|
<param pos="0" name="os.family" value="Linux"/>
|
35
36
|
<param pos="0" name="os.product" value="Enterprise Linux"/>
|
36
37
|
<param pos="2" name="os.version"/>
|
37
38
|
<param pos="3" name="os.version.version"/>
|
39
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:enterprise_linux:{os.version}"/>
|
38
40
|
</fingerprint>
|
39
41
|
<fingerprint pattern="^(9.[^-]+(?:-rl[.\d]+)?(?:-[SP]\d)?)-RedHat-[\d.]+-[\w.]+fc([\d]+)$">
|
40
42
|
<description>ISC BIND: Fedora</description>
|
@@ -46,10 +48,12 @@
|
|
46
48
|
<param pos="0" name="service.family" value="BIND"/>
|
47
49
|
<param pos="0" name="service.product" value="BIND"/>
|
48
50
|
<param pos="1" name="service.version"/>
|
49
|
-
<param pos="0" name="
|
51
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
|
52
|
+
<param pos="0" name="os.vendor" value="Red Hat"/>
|
50
53
|
<param pos="0" name="os.family" value="Linux"/>
|
51
|
-
<param pos="0" name="os.product" value="Fedora"/>
|
54
|
+
<param pos="0" name="os.product" value="Fedora Core Linux"/>
|
52
55
|
<param pos="2" name="os.version"/>
|
56
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:{os.version}"/>
|
53
57
|
</fingerprint>
|
54
58
|
<fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)-RedHat-[\w.-]+amzn1$">
|
55
59
|
<description>ISC BIND: Red Hat - Amazon hosted</description>
|
@@ -59,6 +63,7 @@
|
|
59
63
|
<param pos="0" name="service.family" value="BIND"/>
|
60
64
|
<param pos="0" name="service.product" value="BIND"/>
|
61
65
|
<param pos="1" name="service.version"/>
|
66
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
|
62
67
|
<param pos="0" name="os.vendor" value="Red Hat"/>
|
63
68
|
<param pos="0" name="os.device" value="General"/>
|
64
69
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -71,11 +76,13 @@
|
|
71
76
|
<param pos="0" name="service.family" value="BIND"/>
|
72
77
|
<param pos="0" name="service.product" value="BIND"/>
|
73
78
|
<param pos="1" name="service.version"/>
|
79
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
|
74
80
|
<param pos="0" name="os.vendor" value="Red Hat"/>
|
75
81
|
<param pos="0" name="os.device" value="General"/>
|
76
82
|
<param pos="0" name="os.family" value="Linux"/>
|
77
83
|
<param pos="0" name="os.product" value="Enterprise Linux"/>
|
78
84
|
<param pos="2" name="os.version"/>
|
85
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:enterprise_linux:{os.version}"/>
|
79
86
|
</fingerprint>
|
80
87
|
<fingerprint pattern="^(9.[^-]+(?:rc\d)?(?:-[SP]\d)?)-RedHat-[\d.-]+(?:[-\.][SP]\d)?(?:rc[\d\.]+)?$">
|
81
88
|
<description>ISC BIND: Red Hat nonspecific platform</description>
|
@@ -86,9 +93,11 @@
|
|
86
93
|
<param pos="0" name="service.family" value="BIND"/>
|
87
94
|
<param pos="0" name="service.product" value="BIND"/>
|
88
95
|
<param pos="1" name="service.version"/>
|
96
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
|
89
97
|
<param pos="0" name="os.vendor" value="Red Hat"/>
|
90
98
|
<param pos="0" name="os.family" value="Linux"/>
|
91
99
|
<param pos="0" name="os.product" value="Linux"/>
|
100
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:linux:-"/>
|
92
101
|
</fingerprint>
|
93
102
|
<fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)-[\d.]+ubuntu[\d.]+-Ubuntu$">
|
94
103
|
<description>ISC BIND: Ubuntu</description>
|
@@ -98,9 +107,11 @@
|
|
98
107
|
<param pos="0" name="service.family" value="BIND"/>
|
99
108
|
<param pos="0" name="service.product" value="BIND"/>
|
100
109
|
<param pos="1" name="service.version"/>
|
110
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
|
101
111
|
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
102
112
|
<param pos="0" name="os.family" value="Linux"/>
|
103
113
|
<param pos="0" name="os.product" value="Linux"/>
|
114
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
|
104
115
|
</fingerprint>
|
105
116
|
<fingerprint pattern="^(9.[^-]+-rpz\d?[+.]rl[\d.]+(?:-[SP]\d)?)-Ubuntu-[\d\.:]+[\w\.]+(?:-[SP]\d)?-\d?ubuntu[\d\.]+$">
|
106
117
|
<description>ISC BIND: Ubuntu with Response Policy Zone and Request Limiting patches</description>
|
@@ -109,9 +120,11 @@
|
|
109
120
|
<param pos="0" name="service.family" value="BIND"/>
|
110
121
|
<param pos="0" name="service.product" value="BIND"/>
|
111
122
|
<param pos="1" name="service.version"/>
|
123
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
|
112
124
|
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
113
125
|
<param pos="0" name="os.family" value="Linux"/>
|
114
126
|
<param pos="0" name="os.product" value="Linux"/>
|
127
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
|
115
128
|
</fingerprint>
|
116
129
|
<fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)(?:-[\d\.]+)?-Ubuntu$">
|
117
130
|
<description>ISC BIND: Ubuntu short</description>
|
@@ -122,9 +135,11 @@
|
|
122
135
|
<param pos="0" name="service.family" value="BIND"/>
|
123
136
|
<param pos="0" name="service.product" value="BIND"/>
|
124
137
|
<param pos="1" name="service.version"/>
|
138
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
|
125
139
|
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
126
140
|
<param pos="0" name="os.family" value="Linux"/>
|
127
141
|
<param pos="0" name="os.product" value="Linux"/>
|
142
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
|
128
143
|
</fingerprint>
|
129
144
|
<fingerprint pattern="^(9.[\d\.]+(?:[+-]rpz\d?[+.]rl[\d.]+)?(?:-[SP]\d)?).*[+-]zentyal\d*">
|
130
145
|
<description>ISC BIND: Ubuntu Zentyal custom distribution</description>
|
@@ -135,6 +150,7 @@
|
|
135
150
|
<param pos="0" name="service.family" value="BIND"/>
|
136
151
|
<param pos="0" name="service.product" value="BIND"/>
|
137
152
|
<param pos="1" name="service.version"/>
|
153
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
|
138
154
|
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
139
155
|
<param pos="0" name="os.family" value="Linux"/>
|
140
156
|
<param pos="0" name="os.product" value="Zentyal"/>
|
@@ -147,10 +163,12 @@
|
|
147
163
|
<param pos="0" name="service.family" value="BIND"/>
|
148
164
|
<param pos="0" name="service.product" value="BIND"/>
|
149
165
|
<param pos="1" name="service.version"/>
|
166
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
|
150
167
|
<param pos="0" name="os.vendor" value="Debian"/>
|
151
168
|
<param pos="0" name="os.family" value="Linux"/>
|
152
169
|
<param pos="0" name="os.product" value="Linux"/>
|
153
170
|
<param pos="0" name="os.version" value="8.0"/>
|
171
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:8.0"/>
|
154
172
|
</fingerprint>
|
155
173
|
<fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)-9wheezy\w+-Debian$">
|
156
174
|
<description>ISC BIND: Debian Wheezy</description>
|
@@ -159,10 +177,12 @@
|
|
159
177
|
<param pos="0" name="service.family" value="BIND"/>
|
160
178
|
<param pos="0" name="service.product" value="BIND"/>
|
161
179
|
<param pos="1" name="service.version"/>
|
180
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
|
162
181
|
<param pos="0" name="os.vendor" value="Debian"/>
|
163
182
|
<param pos="0" name="os.family" value="Linux"/>
|
164
183
|
<param pos="0" name="os.product" value="Linux"/>
|
165
184
|
<param pos="0" name="os.version" value="7.0"/>
|
185
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:7.0"/>
|
166
186
|
</fingerprint>
|
167
187
|
<fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)-(?:[\d\.]+-)?Debian$">
|
168
188
|
<description>ISC BIND: Debian no version simple</description>
|
@@ -173,9 +193,11 @@
|
|
173
193
|
<param pos="0" name="service.family" value="BIND"/>
|
174
194
|
<param pos="0" name="service.product" value="BIND"/>
|
175
195
|
<param pos="1" name="service.version"/>
|
196
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
|
176
197
|
<param pos="0" name="os.vendor" value="Debian"/>
|
177
198
|
<param pos="0" name="os.family" value="Linux"/>
|
178
199
|
<param pos="0" name="os.product" value="Linux"/>
|
200
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
|
179
201
|
</fingerprint>
|
180
202
|
<fingerprint pattern="^(9\.\d{1,2}\.\d{1,2}-rpz\d?[+.]rl[\d.]+(?:-[SPW]\d+)?)$">
|
181
203
|
<description>ISC BIND: Response Policy Zone and Request Limiting patches</description>
|
@@ -185,6 +207,7 @@
|
|
185
207
|
<param pos="0" name="service.family" value="BIND"/>
|
186
208
|
<param pos="0" name="service.product" value="BIND"/>
|
187
209
|
<param pos="1" name="service.version"/>
|
210
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
|
188
211
|
</fingerprint>
|
189
212
|
<fingerprint pattern="^DNS Server BIND (9\.\d{1,2}-ESV(?:-R\d+)?(?:-[SPW]\d+)?)$">
|
190
213
|
<description>ISC BIND: ESV</description>
|
@@ -193,6 +216,7 @@
|
|
193
216
|
<param pos="0" name="service.family" value="BIND"/>
|
194
217
|
<param pos="0" name="service.product" value="BIND"/>
|
195
218
|
<param pos="1" name="service.version"/>
|
219
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
|
196
220
|
</fingerprint>
|
197
221
|
<!--
|
198
222
|
FP below might be overly specific, trying to avoid false positive when
|
@@ -218,6 +242,7 @@
|
|
218
242
|
<param pos="0" name="service.family" value="BIND"/>
|
219
243
|
<param pos="0" name="service.product" value="BIND"/>
|
220
244
|
<param pos="1" name="service.version"/>
|
245
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
|
221
246
|
</fingerprint>
|
222
247
|
<fingerprint pattern="^dnsmasq-(\d.[\w\.]+)$">
|
223
248
|
<description>dnsmasq: simple</description>
|
@@ -229,6 +254,7 @@
|
|
229
254
|
<param pos="0" name="service.family" value="Dnsmasq"/>
|
230
255
|
<param pos="0" name="service.product" value="Dnsmasq"/>
|
231
256
|
<param pos="1" name="service.version"/>
|
257
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:thekelleys:dnsmasq:{service.version}"/>
|
232
258
|
</fingerprint>
|
233
259
|
<fingerprint pattern="^dnsmasq-(\d.[\w]+-\d)-ubnt\d$">
|
234
260
|
<description>dnsmasq: Ubiquiti</description>
|
@@ -237,6 +263,7 @@
|
|
237
263
|
<param pos="0" name="service.family" value="Dnsmasq"/>
|
238
264
|
<param pos="0" name="service.product" value="Dnsmasq"/>
|
239
265
|
<param pos="1" name="service.version"/>
|
266
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:thekelleys:dnsmasq:{service.version}"/>
|
240
267
|
<param pos="0" name="hw.vendor" value="Ubiquiti"/>
|
241
268
|
<!-- Not including more info at this time as I'm not sure this doesn't
|
242
269
|
run on products other than EdgeRouter.
|
@@ -249,6 +276,7 @@
|
|
249
276
|
<param pos="0" name="service.family" value="Dnsmasq"/>
|
250
277
|
<param pos="0" name="service.product" value="Dnsmasq"/>
|
251
278
|
<param pos="1" name="service.version"/>
|
279
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:thekelleys:dnsmasq:{service.version}"/>
|
252
280
|
<!-- Seems to correlate with OpenWRT and Netgear but I haven't been able
|
253
281
|
to verify that it isn't used elsewhere.
|
254
282
|
-->
|
@@ -261,6 +289,7 @@
|
|
261
289
|
<param pos="0" name="service.vendor" value="Thekelleys"/>
|
262
290
|
<param pos="0" name="service.family" value="Dnsmasq"/>
|
263
291
|
<param pos="0" name="service.product" value="Dnsmasq"/>
|
292
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:thekelleys:dnsmasq:-"/>
|
264
293
|
</fingerprint>
|
265
294
|
<fingerprint pattern="^PowerDNS Recursor (\d\.[\d.]+(?:-\w+)?) \(\w+@[\w.]+ built \d+ \w+@[\w.-]*\)$">
|
266
295
|
<description>PowerDNS Recursor</description>
|
@@ -270,6 +299,7 @@
|
|
270
299
|
<param pos="0" name="service.family" value="PowerDNS"/>
|
271
300
|
<param pos="0" name="service.product" value="Recursor"/>
|
272
301
|
<param pos="1" name="service.version"/>
|
302
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:powerdns:recursor:{service.version}"/>
|
273
303
|
</fingerprint>
|
274
304
|
<fingerprint pattern="^PowerDNS Recursor (\d\.[\d.]+) \(built [\w\s:]+ by [\w]+\@[\w.-]*\)$">
|
275
305
|
<description>PowerDNS Recursor: format 2</description>
|
@@ -278,6 +308,7 @@
|
|
278
308
|
<param pos="0" name="service.family" value="PowerDNS"/>
|
279
309
|
<param pos="0" name="service.product" value="Recursor"/>
|
280
310
|
<param pos="1" name="service.version"/>
|
311
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:powerdns:recursor:{service.version}"/>
|
281
312
|
</fingerprint>
|
282
313
|
<fingerprint pattern="^PowerDNS Recursor (\d\.[\d.]+(?:-\w+)?)$">
|
283
314
|
<description>PowerDNS Recursor: version only</description>
|
@@ -287,6 +318,7 @@
|
|
287
318
|
<param pos="0" name="service.family" value="PowerDNS"/>
|
288
319
|
<param pos="0" name="service.product" value="Recursor"/>
|
289
320
|
<param pos="1" name="service.version"/>
|
321
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:powerdns:recursor:{service.version}"/>
|
290
322
|
</fingerprint>
|
291
323
|
<fingerprint pattern="^PowerDNS Recursor (\d\.[\d.]+) \$Id[^$]*\$$">
|
292
324
|
<description>PowerDNS Recursor: ID format</description>
|
@@ -296,6 +328,7 @@
|
|
296
328
|
<param pos="0" name="service.family" value="PowerDNS"/>
|
297
329
|
<param pos="0" name="service.product" value="Recursor"/>
|
298
330
|
<param pos="1" name="service.version"/>
|
331
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:powerdns:recursor:{service.version}"/>
|
299
332
|
</fingerprint>
|
300
333
|
<fingerprint pattern="^PowerDNS Recursor$">
|
301
334
|
<description>PowerDNS Recursor: no version</description>
|
@@ -303,6 +336,7 @@
|
|
303
336
|
<param pos="0" name="service.vendor" value="PowerDNS"/>
|
304
337
|
<param pos="0" name="service.family" value="PowerDNS"/>
|
305
338
|
<param pos="0" name="service.product" value="Recursor"/>
|
339
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:powerdns:recursor:-"/>
|
306
340
|
</fingerprint>
|
307
341
|
<fingerprint pattern="^PowerDNS Authoritative Server (\d\.[\d.]+(?:-rc\d)?) \(\w+@[\w.]+ built [\d\s]+\w*@[\w.-]*\)$">
|
308
342
|
<description>PowerDNS Authoritative Server</description>
|
@@ -315,6 +349,7 @@
|
|
315
349
|
<param pos="0" name="service.family" value="PowerDNS"/>
|
316
350
|
<param pos="0" name="service.product" value="Authoritative Server"/>
|
317
351
|
<param pos="1" name="service.version"/>
|
352
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:powerdns:authoritative_server:{service.version}"/>
|
318
353
|
</fingerprint>
|
319
354
|
<fingerprint pattern="^PowerDNS Authoritative Server (\d\.[\w.]+(?:-rc\d)?(?:-alpha\d)?(?:-beta\d)?) \(built [\w\s:]+ by [\w]+\@[\w.-:-]*\)$">
|
320
355
|
<description>PowerDNS Authoritative Server: format 2</description>
|
@@ -327,6 +362,7 @@
|
|
327
362
|
<param pos="0" name="service.family" value="PowerDNS"/>
|
328
363
|
<param pos="0" name="service.product" value="Authoritative Server"/>
|
329
364
|
<param pos="1" name="service.version"/>
|
365
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:powerdns:authoritative_server:{service.version}"/>
|
330
366
|
</fingerprint>
|
331
367
|
<fingerprint pattern="^PowerDNS Authoritative Server (\d\.[\d.]+(?:-\w+)?)$">
|
332
368
|
<description>PowerDNS Authoritative Server: version only</description>
|
@@ -336,6 +372,7 @@
|
|
336
372
|
<param pos="0" name="service.family" value="PowerDNS"/>
|
337
373
|
<param pos="0" name="service.product" value="Authoritative Server"/>
|
338
374
|
<param pos="1" name="service.version"/>
|
375
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:powerdns:authoritative_server:{service.version}"/>
|
339
376
|
</fingerprint>
|
340
377
|
<!-- PowerDNS returns 'Served by ...' when the 'version-string' configuration
|
341
378
|
value / arguement is set to 'powerdns'. If this value is set to
|
@@ -418,6 +455,7 @@
|
|
418
455
|
<param pos="0" name="service.family" value="BIND"/>
|
419
456
|
<param pos="0" name="service.product" value="BIND"/>
|
420
457
|
<param pos="1" name="service.version"/>
|
458
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
|
421
459
|
<param pos="0" name="os.vendor" value="Raspbian"/>
|
422
460
|
<param pos="0" name="os.family" value="Linux"/>
|
423
461
|
<param pos="0" name="os.product" value="Linux"/>
|
@@ -430,6 +468,7 @@
|
|
430
468
|
<param pos="0" name="service.family" value="BIND"/>
|
431
469
|
<param pos="0" name="service.product" value="BIND"/>
|
432
470
|
<param pos="1" name="service.version"/>
|
471
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
|
433
472
|
<param pos="0" name="os.vendor" value="Raspbian"/>
|
434
473
|
<param pos="0" name="os.family" value="Linux"/>
|
435
474
|
<param pos="0" name="os.product" value="Linux"/>
|
@@ -485,6 +524,7 @@
|
|
485
524
|
<param pos="0" name="os.family" value="Windows"/>
|
486
525
|
<param pos="0" name="os.product" value="Windows Server 2016"/>
|
487
526
|
<param pos="1" name="os.build"/>
|
527
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
|
488
528
|
</fingerprint>
|
489
529
|
<fingerprint pattern="^Microsoft DNS 6.3.9600(?: \(\w+\))?$">
|
490
530
|
<description>Microsoft DNS on Windows 2012 R2</description>
|
@@ -498,6 +538,7 @@
|
|
498
538
|
<param pos="0" name="os.family" value="Windows"/>
|
499
539
|
<param pos="0" name="os.product" value="Windows Server 2012 R2"/>
|
500
540
|
<param pos="0" name="os.build" value="6.3.9600"/>
|
541
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
|
501
542
|
</fingerprint>
|
502
543
|
<fingerprint pattern="^Microsoft DNS 6.2.9200(?: \(\w+\))?$">
|
503
544
|
<description>Microsoft DNS on Windows 2012</description>
|
@@ -511,6 +552,7 @@
|
|
511
552
|
<param pos="0" name="os.family" value="Windows"/>
|
512
553
|
<param pos="0" name="os.product" value="Windows Server 2012"/>
|
513
554
|
<param pos="0" name="os.build" value="6.2.9200"/>
|
555
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
|
514
556
|
</fingerprint>
|
515
557
|
<fingerprint pattern="^Microsoft DNS 6.1.7601(?: \(\w+\))?$">
|
516
558
|
<description>Microsoft DNS on Windows 2008 R2 Service Pack 1</description>
|
@@ -526,6 +568,7 @@
|
|
526
568
|
<param pos="0" name="os.product" value="Windows Server 2008 R2"/>
|
527
569
|
<param pos="0" name="os.version" value="Service Pack 1"/>
|
528
570
|
<param pos="0" name="os.build" value="6.1.7601"/>
|
571
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:Service Pack 1"/>
|
529
572
|
</fingerprint>
|
530
573
|
<fingerprint pattern="^Microsoft DNS 6.1.7600(?: \(\w+\))?$">
|
531
574
|
<description>Microsoft DNS on Windows 2008 R2</description>
|
@@ -539,6 +582,7 @@
|
|
539
582
|
<param pos="0" name="os.family" value="Windows"/>
|
540
583
|
<param pos="0" name="os.product" value="Windows Server 2008 R2"/>
|
541
584
|
<param pos="0" name="os.build" value="6.1.7600"/>
|
585
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
|
542
586
|
</fingerprint>
|
543
587
|
<fingerprint pattern="^Microsoft DNS 6.0.6002(?: \(\w+\))?$">
|
544
588
|
<description>Microsoft DNS on Windows 2008 Service Pack 2</description>
|
@@ -553,6 +597,7 @@
|
|
553
597
|
<param pos="0" name="os.product" value="Windows Server 2008"/>
|
554
598
|
<param pos="0" name="os.version" value="Service Pack 2"/>
|
555
599
|
<param pos="0" name="os.build" value="6.0.6002"/>
|
600
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:Service Pack 2"/>
|
556
601
|
</fingerprint>
|
557
602
|
<fingerprint pattern="^Microsoft DNS 6.0.6001(?: \(\w+\))?$">
|
558
603
|
<description>Microsoft DNS on Windows 2008 Service Pack 1</description>
|
@@ -567,6 +612,7 @@
|
|
567
612
|
<param pos="0" name="os.product" value="Windows Server 2008"/>
|
568
613
|
<param pos="0" name="os.version" value="Service Pack 1"/>
|
569
614
|
<param pos="0" name="os.build" value="6.0.6001"/>
|
615
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:Service Pack 1"/>
|
570
616
|
</fingerprint>
|
571
617
|
<fingerprint pattern="^DNSServer$">
|
572
618
|
<description>Synology DNS service</description>
|
data/xml/ftp_banners.xml
CHANGED
@@ -1,9 +1,9 @@
|
|
1
1
|
<?xml version="1.0" encoding="UTF-8"?>
|
2
|
-
<!--
|
3
|
-
FTP greeting messages (part of the banner after the response code) are matched
|
4
|
-
against these patterns to fingerprint FTP servers.
|
5
|
-
-->
|
6
2
|
<fingerprints matches="ftp.banner" protocol="ftp" database_type="service" preference="0.90">
|
3
|
+
<!--
|
4
|
+
FTP greeting messages (part of the banner after the response code) are matched
|
5
|
+
against these patterns to fingerprint FTP servers.
|
6
|
+
-->
|
7
7
|
<fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version ([1234]\.\d+)\)\.$">
|
8
8
|
<description>Microsoft FTP Server on Windows NT</description>
|
9
9
|
<example>xx Microsoft FTP Service (Version 3.0).</example>
|
@@ -11,9 +11,11 @@ against these patterns to fingerprint FTP servers.
|
|
11
11
|
<param pos="0" name="service.product" value="IIS"/>
|
12
12
|
<param pos="0" name="service.family" value="IIS"/>
|
13
13
|
<param pos="2" name="service.version"/>
|
14
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:{service.version}"/>
|
14
15
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
15
16
|
<param pos="0" name="os.family" value="Windows"/>
|
16
17
|
<param pos="0" name="os.product" value="Windows NT"/>
|
18
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_nt:-"/>
|
17
19
|
<param pos="1" name="host.name"/>
|
18
20
|
</fingerprint>
|
19
21
|
<fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.0\)\.$">
|
@@ -23,9 +25,11 @@ against these patterns to fingerprint FTP servers.
|
|
23
25
|
<param pos="0" name="service.product" value="IIS"/>
|
24
26
|
<param pos="0" name="service.family" value="IIS"/>
|
25
27
|
<param pos="0" name="service.version" value="5.0"/>
|
28
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:5.0"/>
|
26
29
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
27
30
|
<param pos="0" name="os.family" value="Windows"/>
|
28
31
|
<param pos="0" name="os.product" value="Windows 2000"/>
|
32
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:-"/>
|
29
33
|
<param pos="1" name="host.name"/>
|
30
34
|
</fingerprint>
|
31
35
|
<fingerprint pattern="^([^ ]+) Microsoft FTP Service \(Version 5.1\)\.$">
|
@@ -34,9 +38,11 @@ against these patterns to fingerprint FTP servers.
|
|
34
38
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
35
39
|
<param pos="0" name="service.product" value="IIS"/>
|
36
40
|
<param pos="0" name="service.family" value="IIS"/>
|
41
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:-"/>
|
37
42
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
38
43
|
<param pos="0" name="os.family" value="Windows"/>
|
39
44
|
<param pos="0" name="os.product" value="Windows"/>
|
45
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
40
46
|
<param pos="1" name="host.name"/>
|
41
47
|
</fingerprint>
|
42
48
|
<fingerprint pattern="^([^ ]+) Microsoft FTP Service$">
|
@@ -45,9 +51,11 @@ against these patterns to fingerprint FTP servers.
|
|
45
51
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
46
52
|
<param pos="0" name="service.product" value="IIS"/>
|
47
53
|
<param pos="0" name="service.family" value="IIS"/>
|
54
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:-"/>
|
48
55
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
49
56
|
<param pos="0" name="os.family" value="Windows"/>
|
50
57
|
<param pos="0" name="os.product" value="Windows"/>
|
58
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
51
59
|
<param pos="1" name="host.name"/>
|
52
60
|
</fingerprint>
|
53
61
|
<fingerprint pattern="^Microsoft FTP Service$">
|
@@ -56,9 +64,11 @@ against these patterns to fingerprint FTP servers.
|
|
56
64
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
57
65
|
<param pos="0" name="service.product" value="IIS"/>
|
58
66
|
<param pos="0" name="service.family" value="IIS"/>
|
67
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:-"/>
|
59
68
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
60
69
|
<param pos="0" name="os.family" value="Windows"/>
|
61
70
|
<param pos="0" name="os.product" value="Windows"/>
|
71
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
62
72
|
</fingerprint>
|
63
73
|
<fingerprint pattern="^([^ ]+) +FTP +Server \(Version ([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
|
64
74
|
<description>
|
@@ -70,6 +80,7 @@ against these patterns to fingerprint FTP servers.
|
|
70
80
|
<param pos="0" name="os.vendor" value="HP"/>
|
71
81
|
<param pos="0" name="os.family" value="HP-UX"/>
|
72
82
|
<param pos="0" name="os.product" value="HP-UX"/>
|
83
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
|
73
84
|
<param pos="1" name="host.name"/>
|
74
85
|
<param pos="2" name="service.version"/>
|
75
86
|
</fingerprint>
|
@@ -83,6 +94,7 @@ against these patterns to fingerprint FTP servers.
|
|
83
94
|
<param pos="0" name="os.vendor" value="HP"/>
|
84
95
|
<param pos="0" name="os.family" value="HP-UX"/>
|
85
96
|
<param pos="0" name="os.product" value="HP-UX"/>
|
97
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
|
86
98
|
<param pos="1" name="host.name"/>
|
87
99
|
<param pos="2" name="service.version"/>
|
88
100
|
</fingerprint>
|
@@ -109,6 +121,7 @@ example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.</exampl
|
|
109
121
|
<param pos="0" name="os.product" value="Mac OS X Server"/>
|
110
122
|
<param pos="1" name="host.name"/>
|
111
123
|
<param pos="2" name="os.version"/>
|
124
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:{os.version}"/>
|
112
125
|
</fingerprint>
|
113
126
|
<fingerprint pattern="^(\S+)\s+FTP Server \(Version:\s+Mac OS X Server\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
|
114
127
|
<description>FTPD on Mac OS X Server without a version</description>
|
@@ -120,6 +133,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
120
133
|
<param pos="0" name="os.vendor" value="Apple"/>
|
121
134
|
<param pos="0" name="os.family" value="Mac OS X"/>
|
122
135
|
<param pos="0" name="os.product" value="Mac OS X Server"/>
|
136
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:-"/>
|
123
137
|
<param pos="1" name="host.name"/>
|
124
138
|
</fingerprint>
|
125
139
|
<fingerprint pattern="^(\S+)\s+FTP Server \(tnftpd (.*)\) ready\.?$" flags="REG_ICASE">
|
@@ -137,6 +151,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
137
151
|
<param pos="0" name="os.product" value="Solaris"/>
|
138
152
|
<param pos="1" name="host.name"/>
|
139
153
|
<param pos="2" name="os.version"/>
|
154
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
|
140
155
|
</fingerprint>
|
141
156
|
<fingerprint pattern="^(\S+) FTP Server \(SunOS 5.([789]|10)\) ready\.?$" flags="REG_ICASE">
|
142
157
|
<description>SunOS/Solaris 5.7-5.10</description>
|
@@ -147,7 +162,8 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
147
162
|
<param pos="0" name="os.product" value="Solaris"/>
|
148
163
|
<param pos="1" name="host.name"/>
|
149
164
|
<param pos="2" name="os.version"/>
|
150
|
-
|
165
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
|
166
|
+
</fingerprint>
|
151
167
|
<fingerprint pattern="^(\S+) FTP Server \(SunOS 5.6\) ready\." flags="REG_ICASE">
|
152
168
|
<description>SunOS 5.6 (Solaris 2.6)</description>
|
153
169
|
<example host.name="example.com">example.com FTP Server (SunOS 5.6) ready.</example>
|
@@ -155,8 +171,9 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
155
171
|
<param pos="0" name="os.family" value="Solaris"/>
|
156
172
|
<param pos="0" name="os.product" value="Solaris"/>
|
157
173
|
<param pos="0" name="os.version" value="2.6"/>
|
174
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:2.6"/>
|
158
175
|
<param pos="1" name="host.name"/>
|
159
|
-
</fingerprint>
|
176
|
+
</fingerprint>
|
160
177
|
<fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Debian\) \[(.+)\]$">
|
161
178
|
<description>ProFTPD on Debian Linux</description>
|
162
179
|
<example>ProFTPD 1.3.0rc2 Server (Debian) [host]</example>
|
@@ -164,9 +181,11 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
164
181
|
<param pos="0" name="service.vendor" value="ProFTPD Project"/>
|
165
182
|
<param pos="0" name="service.product" value="ProFTPD"/>
|
166
183
|
<param pos="1" name="service.version"/>
|
184
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
|
167
185
|
<param pos="0" name="os.vendor" value="Debian"/>
|
168
186
|
<param pos="0" name="os.family" value="Linux"/>
|
169
187
|
<param pos="0" name="os.product" value="Linux"/>
|
188
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
|
170
189
|
<param pos="2" name="host.name"/>
|
171
190
|
</fingerprint>
|
172
191
|
<fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(W.+)\) \[(.+)\]$">
|
@@ -176,6 +195,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
176
195
|
<param pos="0" name="service.vendor" value="ProFTPD Project"/>
|
177
196
|
<param pos="0" name="service.product" value="ProFTPD"/>
|
178
197
|
<param pos="1" name="service.version"/>
|
198
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
|
179
199
|
<param pos="0" name="os.vendor" value="Linksys"/>
|
180
200
|
<param pos="0" name="os.device" value="WAP"/>
|
181
201
|
<param pos="2" name="os.product"/>
|
@@ -187,6 +207,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
187
207
|
<param pos="0" name="service.vendor" value="ProFTPD Project"/>
|
188
208
|
<param pos="0" name="service.product" value="ProFTPD"/>
|
189
209
|
<param pos="1" name="service.version"/>
|
210
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
|
190
211
|
<param pos="0" name="os.vendor" value="Linksys"/>
|
191
212
|
<param pos="0" name="os.device" value="Router"/>
|
192
213
|
<param pos="2" name="os.product"/>
|
@@ -201,6 +222,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
201
222
|
<param pos="0" name="service.vendor" value="ProFTPD Project"/>
|
202
223
|
<param pos="0" name="service.product" value="ProFTPD"/>
|
203
224
|
<param pos="1" name="service.version"/>
|
225
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
|
204
226
|
<param pos="2" name="proftpd.server.name"/>
|
205
227
|
<param pos="3" name="host.name"/>
|
206
228
|
</fingerprint>
|
@@ -211,6 +233,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
211
233
|
<param pos="0" name="service.vendor" value="ProFTPD Project"/>
|
212
234
|
<param pos="0" name="service.product" value="ProFTPD"/>
|
213
235
|
<param pos="1" name="service.version"/>
|
236
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
|
214
237
|
</fingerprint>
|
215
238
|
<fingerprint pattern="^ProFTPD FTP Server ready\.$">
|
216
239
|
<description>ProFTPD with no version info</description>
|
@@ -218,6 +241,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
218
241
|
<param pos="0" name="service.family" value="ProFTPD"/>
|
219
242
|
<param pos="0" name="service.vendor" value="ProFTPD Project"/>
|
220
243
|
<param pos="0" name="service.product" value="ProFTPD"/>
|
244
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
|
221
245
|
</fingerprint>
|
222
246
|
<fingerprint pattern="^ProFTPD Server$">
|
223
247
|
<description>ProFTPD with no version info, short form</description>
|
@@ -225,6 +249,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
225
249
|
<param pos="0" name="service.family" value="ProFTPD"/>
|
226
250
|
<param pos="0" name="service.vendor" value="ProFTPD Project"/>
|
227
251
|
<param pos="0" name="service.product" value="ProFTPD"/>
|
252
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
|
228
253
|
</fingerprint>
|
229
254
|
<fingerprint pattern="^(?:\d{4}\-\d\d\-\d\d \d\d:\d\d:\d\d,\d\d\d )?(\S+) proftpd\[\d+\]: error: no valid servers configured">
|
230
255
|
<description>ProFTPD no valid servers configured</description>
|
@@ -233,6 +258,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
233
258
|
<param pos="0" name="service.family" value="ProFTPD"/>
|
234
259
|
<param pos="0" name="service.vendor" value="ProFTPD Project"/>
|
235
260
|
<param pos="0" name="service.product" value="ProFTPD"/>
|
261
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
|
236
262
|
<param pos="1" name="host.name"/>
|
237
263
|
</fingerprint>
|
238
264
|
<fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \((.*)\) \[[[a-f\d].:\]]*$">
|
@@ -244,6 +270,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
244
270
|
<param pos="0" name="service.vendor" value="ProFTPD Project"/>
|
245
271
|
<param pos="0" name="service.product" value="ProFTPD"/>
|
246
272
|
<param pos="1" name="service.version"/>
|
273
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
|
247
274
|
<param pos="2" name="proftpd.server.name"/>
|
248
275
|
</fingerprint>
|
249
276
|
<fingerprint pattern="^=\(<\*>\)=-\.:\. \(\( Welcome to Pure-FTPd ([\d.]+) \)\) \.:\.-=\(<\*>\)=-" flags="REG_MULTILINE">
|
@@ -288,16 +315,18 @@ more text</example>
|
|
288
315
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
289
316
|
<param pos="0" name="os.family" value="Windows"/>
|
290
317
|
<param pos="0" name="os.product" value="Windows"/>
|
318
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
291
319
|
</fingerprint>
|
292
320
|
<fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
|
293
321
|
<description>zftpserver (only runs on Windows)</description>
|
294
322
|
<example service.version="4.0">zFTPServer v4.0, build 2008-12-24 01:41 ready.</example>
|
295
|
-
<param pos="0" name="service.vendor" value="Västgöta-Data AB"
|
323
|
+
<param pos="0" name="service.vendor" value="Västgöta-Data AB"/>
|
296
324
|
<param pos="0" name="service.product" value="zFTPServer"/>
|
297
325
|
<param pos="1" name="service.version"/>
|
298
326
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
299
327
|
<param pos="0" name="os.family" value="Windows"/>
|
300
328
|
<param pos="0" name="os.product" value="Windows"/>
|
329
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
301
330
|
</fingerprint>
|
302
331
|
<fingerprint pattern="^\(vsFTPd (\d+\..+)\)(?: (.+))?$">
|
303
332
|
<description>vsFTPd (Very Secure FTP Daemon)</description>
|
@@ -322,7 +351,7 @@ more text</example>
|
|
322
351
|
<param pos="0" name="service.product" value="vsFTPd Extended"/>
|
323
352
|
<param pos="1" name="service.version"/>
|
324
353
|
</fingerprint>
|
325
|
-
|
354
|
+
<fingerprint pattern="^OOPS: .*vsftp.*$">
|
326
355
|
<description>vsFTPd (Very Secure FTP Daemon) error message</description>
|
327
356
|
<example>OOPS: vsftpd: root is not mounted.</example>
|
328
357
|
<example>OOPS: cannot read user list file:/etc/vsftpd.user_list</example>
|
@@ -404,6 +433,7 @@ more text</example>
|
|
404
433
|
<param pos="0" name="service.vendor" value="Check Point"/>
|
405
434
|
<param pos="0" name="service.product" value="Firewall-1"/>
|
406
435
|
<param pos="0" name="service.family" value="Firewall-1"/>
|
436
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:checkpoint:firewall-1:-"/>
|
407
437
|
<param pos="0" name="os.vendor" value="Check Point"/>
|
408
438
|
<param pos="0" name="os.device" value="Firewall"/>
|
409
439
|
<param pos="0" name="os.family" value="Firewall-1"/>
|
@@ -628,12 +658,14 @@ more text</example>
|
|
628
658
|
<param pos="0" name="os.vendor" value="Wind River"/>
|
629
659
|
<param pos="0" name="os.product" value="VxWorks"/>
|
630
660
|
<param pos="1" name="os.version"/>
|
661
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
|
631
662
|
</fingerprint>
|
632
663
|
<fingerprint pattern="^Tornado-vxWorks FTP server ready$" flags="REG_ICASE">
|
633
664
|
<description>VxWorks without version information</description>
|
634
665
|
<example>Tornado-vxWorks FTP server ready</example>
|
635
666
|
<param pos="0" name="os.vendor" value="Wind River"/>
|
636
667
|
<param pos="0" name="os.product" value="VxWorks"/>
|
668
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-"/>
|
637
669
|
</fingerprint>
|
638
670
|
<fingerprint pattern="^ADC iScale$">
|
639
671
|
<description>ADC iScale</description>
|
@@ -1012,6 +1044,7 @@ more text</example>
|
|
1012
1044
|
<param pos="0" name="os.product" value="Tru64 Unix"/>
|
1013
1045
|
<param pos="1" name="host.name"/>
|
1014
1046
|
<param pos="2" name="os.version"/>
|
1047
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
|
1015
1048
|
</fingerprint>
|
1016
1049
|
<fingerprint pattern="^(\S+) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
|
1017
1050
|
<description>Digital/Compaq/HP Tru64 Unix</description>
|
@@ -1029,13 +1062,15 @@ more text</example>
|
|
1029
1062
|
<param pos="0" name="os.product" value="RouterOS"/>
|
1030
1063
|
<param pos="1" name="host.name"/>
|
1031
1064
|
<param pos="2" name="os.version"/>
|
1065
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
|
1032
1066
|
</fingerprint>
|
1033
|
-
|
1067
|
+
<fingerprint pattern="^MikroTik FTP server \(MikroTik ([\w.]+)\) ready\.?$">
|
1034
1068
|
<description>MikroTik w/o hostname</description>
|
1035
1069
|
<example os.version="6.0rc14">MikroTik FTP server (MikroTik 6.0rc14) ready</example>
|
1036
1070
|
<param pos="0" name="os.vendor" value="MikroTik"/>
|
1037
1071
|
<param pos="0" name="os.product" value="RouterOS"/>
|
1038
1072
|
<param pos="1" name="os.version"/>
|
1073
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
|
1039
1074
|
</fingerprint>
|
1040
1075
|
<fingerprint pattern="^Welcome to ASUS (B?RT-[\w.-]+) FTP service\.$">
|
1041
1076
|
<description>FTPD on an Asus Wireless Access Point/Router</description>
|
@@ -1150,6 +1185,7 @@ more text</example>
|
|
1150
1185
|
<param pos="0" name="service.product" value="Bftpd"/>
|
1151
1186
|
<param pos="0" name="service.vendor" value="Bftpd Project"/>
|
1152
1187
|
<param pos="1" name="service.version"/>
|
1188
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:bftpd_project:bftpd:{service.version}"/>
|
1153
1189
|
<param pos="2" name="host.ip"/>
|
1154
1190
|
</fingerprint>
|
1155
1191
|
<fingerprint pattern="^NASFTPD Turbo station (?:2.x )?([\w.]+) Server \(ProFTPD\) \[([[a-f\d].:]+)\]$">
|
@@ -1160,6 +1196,7 @@ more text</example>
|
|
1160
1196
|
<param pos="0" name="service.vendor" value="ProFTPD Project"/>
|
1161
1197
|
<param pos="0" name="service.product" value="ProFTPD"/>
|
1162
1198
|
<param pos="1" name="service.version"/>
|
1199
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:{service.version}"/>
|
1163
1200
|
<param pos="0" name="hw.vendor" value="QNAP"/>
|
1164
1201
|
<param pos="0" name="hw.family" value="Turbo Station"/>
|
1165
1202
|
<param pos="0" name="hw.device" value="NAS"/>
|
@@ -1167,7 +1204,7 @@ more text</example>
|
|
1167
1204
|
</fingerprint>
|
1168
1205
|
<fingerprint pattern="^Twisted ([\w.]+) FTP Server$">
|
1169
1206
|
<description>Twisted (Python) FTP Server</description>
|
1170
|
-
<example service.version="14.0.0"
|
1207
|
+
<example service.version="14.0.0">Twisted 14.0.0 FTP Server</example>
|
1171
1208
|
<example service.version="16.5.0rc2">Twisted 16.5.0rc2 FTP Server</example>
|
1172
1209
|
<param pos="0" name="service.family" value="Twisted"/>
|
1173
1210
|
<param pos="0" name="service.product" value="Twisted FTPD"/>
|
@@ -1185,6 +1222,7 @@ more text</example>
|
|
1185
1222
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
1186
1223
|
<param pos="0" name="os.family" value="Windows"/>
|
1187
1224
|
<param pos="0" name="os.product" value="Windows"/>
|
1225
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
1188
1226
|
</fingerprint>
|
1189
1227
|
<fingerprint pattern="^([\w.-]+) X2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
|
1190
1228
|
<description>WS_FTP FTP Server on Windows - X2 variant</description>
|
@@ -1194,9 +1232,11 @@ more text</example>
|
|
1194
1232
|
<param pos="0" name="service.product" value="WS_FTP"/>
|
1195
1233
|
<param pos="0" name="service.vendor" value="Ipswitch"/>
|
1196
1234
|
<param pos="2" name="service.version"/>
|
1235
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:ipswitch:ws_ftp:{service.version}"/>
|
1197
1236
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
1198
1237
|
<param pos="0" name="os.family" value="Windows"/>
|
1199
1238
|
<param pos="0" name="os.product" value="Windows"/>
|
1239
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
1200
1240
|
<param pos="1" name="host.name"/>
|
1201
1241
|
</fingerprint>
|
1202
1242
|
<fingerprint pattern="^V2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
|
@@ -1206,9 +1246,11 @@ more text</example>
|
|
1206
1246
|
<param pos="0" name="service.product" value="WS_FTP"/>
|
1207
1247
|
<param pos="0" name="service.vendor" value="Ipswitch"/>
|
1208
1248
|
<param pos="1" name="service.version"/>
|
1249
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:ipswitch:ws_ftp:{service.version}"/>
|
1209
1250
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
1210
1251
|
<param pos="0" name="os.family" value="Windows"/>
|
1211
1252
|
<param pos="0" name="os.product" value="Windows"/>
|
1253
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
1212
1254
|
</fingerprint>
|
1213
1255
|
<fingerprint pattern="^FTP Server \(ZyWALL (USG\s?[\w-]+)\) \[([[a-f\d]:.]+)\]$">
|
1214
1256
|
<description>ZyXEL Unified Security Gateway</description>
|
@@ -1228,7 +1270,7 @@ more text</example>
|
|
1228
1270
|
<example>Welcome to TP-LINK FTP server</example>
|
1229
1271
|
<param pos="0" name="hw.vendor" value="TP-LINK"/>
|
1230
1272
|
</fingerprint>
|
1231
|
-
|
1273
|
+
<fingerprint pattern="^ucftpd\((\w{3}\s+\d{1,2} \d{4}-\d\d:\d\d:\d\d)\) FTP server ready\.$">
|
1232
1274
|
<description>ucftpd with version</description>
|
1233
1275
|
<example service.version="Jul 2 2012-22:13:49">ucftpd(Jul 2 2012-22:13:49) FTP server ready.</example>
|
1234
1276
|
<example service.version="Sep 10 2010-17:23:34">ucftpd(Sep 10 2010-17:23:34) FTP server ready.</example>
|
@@ -1300,6 +1342,7 @@ more text</example>
|
|
1300
1342
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
1301
1343
|
<param pos="0" name="os.family" value="Windows"/>
|
1302
1344
|
<param pos="0" name="os.product" value="Windows"/>
|
1345
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
1303
1346
|
<param pos="0" name="service.vendor" value="Vermillion"/>
|
1304
1347
|
<param pos="0" name="service.product" value="FTP Daemon"/>
|
1305
1348
|
<param pos="2" name="service.version"/>
|
@@ -1312,6 +1355,7 @@ more text</example>
|
|
1312
1355
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
1313
1356
|
<param pos="0" name="os.family" value="Windows"/>
|
1314
1357
|
<param pos="0" name="os.product" value="Windows"/>
|
1358
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
1315
1359
|
<param pos="0" name="service.vendor" value="QPC Software"/>
|
1316
1360
|
<param pos="0" name="service.product" value="QVT/Net"/>
|
1317
1361
|
<param pos="2" name="service.version"/>
|
@@ -1323,6 +1367,6 @@ more text</example>
|
|
1323
1367
|
<param pos="0" name="os.vendor" value="Amazon"/>
|
1324
1368
|
<param pos="0" name="os.family" value="Linux"/>
|
1325
1369
|
<param pos="0" name="os.product" value="Linux AMI"/>
|
1326
|
-
<param pos="1" name="os.version"/>
|
1370
|
+
<param pos="1" name="os.version"/>
|
1327
1371
|
</fingerprint>
|
1328
1372
|
</fingerprints>
|