recog 2.1.20 → 2.1.21
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/recog/version.rb +1 -1
- data/remap.json +131 -0
- data/spec/lib/fingerprint_self_test_spec.rb +16 -1
- data/update_cpes.py +202 -0
- data/xml/apache_os.xml +29 -5
- data/xml/architecture.xml +3 -3
- data/xml/dns_versionbind.xml +56 -10
- data/xml/ftp_banners.xml +56 -12
- data/xml/h323_callresp.xml +4 -4
- data/xml/hp_pjl_id.xml +8 -8
- data/xml/http_cookies.xml +20 -8
- data/xml/http_servers.xml +122 -8
- data/xml/http_wwwauth.xml +13 -3
- data/xml/imap_banners.xml +19 -1
- data/xml/ldap_searchresult.xml +44 -68
- data/xml/mdns_device-info_txt.xml +18 -7
- data/xml/mdns_workstation_txt.xml +7 -7
- data/xml/mysql_banners.xml +159 -13
- data/xml/mysql_error.xml +124 -21
- data/xml/nntp_banners.xml +10 -4
- data/xml/ntp_banners.xml +144 -84
- data/xml/operating_system.xml +39 -10
- data/xml/pop_banners.xml +32 -12
- data/xml/rsh_resp.xml +8 -3
- data/xml/sip_banners.xml +4 -3
- data/xml/sip_user_agents.xml +4 -3
- data/xml/smb_native_lm.xml +9 -4
- data/xml/smb_native_os.xml +50 -25
- data/xml/smtp_banners.xml +108 -33
- data/xml/smtp_debug.xml +11 -8
- data/xml/smtp_ehlo.xml +14 -11
- data/xml/smtp_expn.xml +17 -11
- data/xml/smtp_help.xml +17 -11
- data/xml/smtp_mailfrom.xml +4 -3
- data/xml/smtp_noop.xml +13 -8
- data/xml/smtp_quit.xml +10 -8
- data/xml/smtp_rcptto.xml +1 -3
- data/xml/smtp_rset.xml +10 -8
- data/xml/smtp_turn.xml +10 -8
- data/xml/smtp_vrfy.xml +18 -11
- data/xml/snmp_sysdescr.xml +157 -451
- data/xml/snmp_sysobjid.xml +57 -4
- data/xml/ssh_banners.xml +104 -5
- data/xml/upnp_banners.xml +16 -1
- data/xml/x11_banners.xml +34 -9
- metadata +4 -2
data/xml/operating_system.xml
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
2
|
-
<!--
|
|
3
|
-
Patterns for common names of various operating systems.
|
|
4
|
-
-->
|
|
5
2
|
<fingerprints matches="operating_system.name" database_type="util.os" preference="0.80">
|
|
3
|
+
<!--
|
|
4
|
+
Patterns for common names of various operating systems.
|
|
5
|
+
-->
|
|
6
6
|
<!-- Windows begin -->
|
|
7
7
|
<fingerprint pattern="^(?i:(?:Microsoft )?(Windows (?:[a-z]+\s[a-z]+\s|[a-z]+\s)?Server (?:\d{4} R2|\d{4}))(?:,\s|\s)?([a-z]+)?(?: Evaluation)?(?: Edition)?(?:\s|\swith(?:out)? Hyper-V\s)?(SP\d|SP \d|Service Pack \d)?)$">
|
|
8
8
|
<description>Windows Server 2003 and later</description>
|
|
@@ -60,6 +60,7 @@
|
|
|
60
60
|
<param pos="0" name="os.product" value="Windows 2000"/>
|
|
61
61
|
<param pos="1" name="os.edition"/>
|
|
62
62
|
<param pos="2" name="os.version"/>
|
|
63
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_2000:{os.version}"/>
|
|
63
64
|
</fingerprint>
|
|
64
65
|
<fingerprint pattern="^(?i:(?:Microsoft )?Windows NT (\d.\d{1,2})?(?:\s)?([a-z]+|[a-z]+\s[a-z]+)?)$">
|
|
65
66
|
<description>Windows NT</description>
|
|
@@ -72,6 +73,7 @@
|
|
|
72
73
|
<param pos="0" name="os.product" value="NT"/>
|
|
73
74
|
<param pos="1" name="os.version"/>
|
|
74
75
|
<param pos="2" name="os.edition"/>
|
|
76
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_nt:{os.version}"/>
|
|
75
77
|
</fingerprint>
|
|
76
78
|
<fingerprint pattern="^(?i:(?:Microsoft )?Windows Phone (\d|\d\.\d)?)$">
|
|
77
79
|
<description>Windows Phone 7 and later</description>
|
|
@@ -104,7 +106,7 @@
|
|
|
104
106
|
<param pos="0" name="os.family" value="Windows"/>
|
|
105
107
|
<param pos="0" name="os.product" value="Windows 8 or Windows Server 2012"/>
|
|
106
108
|
</fingerprint>
|
|
107
|
-
|
|
109
|
+
<fingerprint pattern="^(?i:(?:Microsoft )?Windows(?:\sNT)? 6.3)$">
|
|
108
110
|
<description>Windows version 6.3 (Windows 8.1 or Windows Server 2012 R2)</description>
|
|
109
111
|
<example>Windows 6.3</example>
|
|
110
112
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
@@ -126,9 +128,9 @@
|
|
|
126
128
|
<param pos="0" name="os.family" value="Windows"/>
|
|
127
129
|
<param pos="0" name="os.product" value="Windows"/>
|
|
128
130
|
<param pos="0" name="os.certainty" value="0.5"/>
|
|
131
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
|
129
132
|
</fingerprint>
|
|
130
133
|
<!-- Windows end -->
|
|
131
|
-
|
|
132
134
|
<!-- Liunx begin -->
|
|
133
135
|
<fingerprint pattern="^(?i:Alpine Linux\s?(?:v)?(\d+?(?:\.\d+?)*?(?:\src\d+?)?)?)$">
|
|
134
136
|
<description>Alpine Linux</description>
|
|
@@ -170,6 +172,7 @@
|
|
|
170
172
|
<param pos="0" name="os.family" value="Linux"/>
|
|
171
173
|
<param pos="0" name="os.product" value="Linux"/>
|
|
172
174
|
<param pos="1" name="os.version"/>
|
|
175
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:{os.version}"/>
|
|
173
176
|
</fingerprint>
|
|
174
177
|
<fingerprint pattern="^(?i:Debian(?: (?:GNU\/)?Linux)?\s?((?:\d+?(?:\.\d+?)*?)|(?:\w+?\/sid\s?))?(?:\s[a-z\(\)]+)?)$">
|
|
175
178
|
<description>Debian Linux</description>
|
|
@@ -181,16 +184,18 @@
|
|
|
181
184
|
<param pos="0" name="os.family" value="Linux"/>
|
|
182
185
|
<param pos="0" name="os.product" value="Linux"/>
|
|
183
186
|
<param pos="1" name="os.version"/>
|
|
187
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:{os.version}"/>
|
|
184
188
|
</fingerprint>
|
|
185
189
|
<fingerprint pattern="^(?i:Fedora(?: Core)?(?: Linux)?(?: release)?\s?(\d+?)?(?:\s.*)?)$">
|
|
186
190
|
<description>Fedora Linux</description>
|
|
187
191
|
<example os.version="6">Fedora Core 6</example>
|
|
188
192
|
<example os.version="25">Fedora 25</example>
|
|
189
193
|
<example os.version="26">Fedora release 26 (Twenty Six)</example>
|
|
190
|
-
<param pos="0" name="os.vendor" value="
|
|
194
|
+
<param pos="0" name="os.vendor" value="Red Hat"/>
|
|
191
195
|
<param pos="0" name="os.family" value="Linux"/>
|
|
192
196
|
<param pos="0" name="os.product" value="Linux"/>
|
|
193
197
|
<param pos="1" name="os.version"/>
|
|
198
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:linux:{os.version}"/>
|
|
194
199
|
</fingerprint>
|
|
195
200
|
<!-- Gentoo currently uses rolling releases with no version, but older versions were typically based on the year of release. -->
|
|
196
201
|
<fingerprint pattern="^(?i:Gentoo(?: Linux)\s?(\d+?(?:\.\d+?)*?)?)$">
|
|
@@ -200,6 +205,7 @@
|
|
|
200
205
|
<param pos="0" name="os.family" value="Linux"/>
|
|
201
206
|
<param pos="0" name="os.product" value="Linux"/>
|
|
202
207
|
<param pos="1" name="os.version"/>
|
|
208
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:gentoo:linux:{os.version}"/>
|
|
203
209
|
</fingerprint>
|
|
204
210
|
<!-- Kali switched to rolling release in January 2016. -->
|
|
205
211
|
<fingerprint pattern="^(?i:Kali(?: Linux)?\s?(\d+?(?:\.\d+?)+?(?:[a-z])?|\d+?)?)$">
|
|
@@ -234,6 +240,7 @@
|
|
|
234
240
|
<param pos="0" name="os.family" value="Enterprise Linux"/>
|
|
235
241
|
<param pos="0" name="os.product" value="Linux"/>
|
|
236
242
|
<param pos="1" name="os.version"/>
|
|
243
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:oracle:linux:{os.version}"/>
|
|
237
244
|
</fingerprint>
|
|
238
245
|
<fingerprint pattern="^(?i:OpenSUSE(?: Linux)?(?: [a-z]+?)??\s?(\d+?(?:\.\d+?)*?)?(?:\s\(.*)?)$">
|
|
239
246
|
<description>OpenSUSE Linux</description>
|
|
@@ -256,6 +263,7 @@
|
|
|
256
263
|
<param pos="0" name="os.family" value="Linux"/>
|
|
257
264
|
<param pos="0" name="os.product" value="Enterprise Linux"/>
|
|
258
265
|
<param pos="1" name="os.version"/>
|
|
266
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:enterprise_linux:{os.version}"/>
|
|
259
267
|
</fingerprint>
|
|
260
268
|
<!-- Red Hat Enterprise Linux derivative -->
|
|
261
269
|
<fingerprint pattern="^(?i:Scientific(?: Linux)?\s?(\d+?(?:\.\d+?)*?)?)$">
|
|
@@ -284,6 +292,7 @@
|
|
|
284
292
|
<param pos="0" name="os.family" value="Linux"/>
|
|
285
293
|
<param pos="0" name="os.product" value="Linux Enterprise Desktop"/>
|
|
286
294
|
<param pos="1" name="os.version"/>
|
|
295
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:suse:linux_enterprise_desktop:{os.version}"/>
|
|
287
296
|
</fingerprint>
|
|
288
297
|
<fingerprint pattern="^(?i:SUSE(?: SLES)?(?: Linux Enterprise Server)?\s?(\d+?(?:\.\d+?)*?)?)$">
|
|
289
298
|
<description>SUSE Linux Enterprise Server</description>
|
|
@@ -293,6 +302,7 @@
|
|
|
293
302
|
<param pos="0" name="os.family" value="Linux"/>
|
|
294
303
|
<param pos="0" name="os.product" value="Linux Enterprise Server"/>
|
|
295
304
|
<param pos="1" name="os.version"/>
|
|
305
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:suse:linux_enterprise_server:{os.version}"/>
|
|
296
306
|
</fingerprint>
|
|
297
307
|
<fingerprint pattern="^(?i:SLES(?: Linux Enterprise Server)?\s?(\d+?(?:\.\d+?)*?)?)$">
|
|
298
308
|
<description>SLES Linux Enterprise Server</description>
|
|
@@ -302,6 +312,7 @@
|
|
|
302
312
|
<param pos="0" name="os.family" value="Linux"/>
|
|
303
313
|
<param pos="0" name="os.product" value="Linux Enterprise Server"/>
|
|
304
314
|
<param pos="1" name="os.version"/>
|
|
315
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:suse:linux_enterprise_server:{os.version}"/>
|
|
305
316
|
</fingerprint>
|
|
306
317
|
<fingerprint pattern="^(?i:Ubuntu(?: Linux)?(?:\s|-)(\d+?(?:\.\d+?)*?)?\s?(LTS)?)$">
|
|
307
318
|
<description>Ubuntu Linux</description>
|
|
@@ -314,6 +325,7 @@
|
|
|
314
325
|
<param pos="0" name="os.product" value="Linux"/>
|
|
315
326
|
<param pos="1" name="os.version"/>
|
|
316
327
|
<param pos="2" name="os.edition"/>
|
|
328
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:{os.version}"/>
|
|
317
329
|
</fingerprint>
|
|
318
330
|
<!-- Ubuntu derivative -->
|
|
319
331
|
<fingerprint pattern="^(?i:Xubuntu(?: Linux)?\s(\d+?(?:\.\d+?)*?)?\s?(LTS)?)$">
|
|
@@ -335,6 +347,7 @@
|
|
|
335
347
|
<param pos="0" name="os.family" value="Linux"/>
|
|
336
348
|
<param pos="0" name="os.product" value="Photon Linux"/>
|
|
337
349
|
<param pos="1" name="os.version"/>
|
|
350
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:vmware:photon_os:{os.version}"/>
|
|
338
351
|
</fingerprint>
|
|
339
352
|
<!-- Vendor-based distribution catch-call -->
|
|
340
353
|
<fingerprint pattern="^(?i:(.*)\sLinux?\s(.*))$">
|
|
@@ -355,9 +368,9 @@
|
|
|
355
368
|
<param pos="0" name="os.product" value="Linux"/>
|
|
356
369
|
<param pos="0" name="os.certainty" value="0.5"/>
|
|
357
370
|
<param pos="1" name="os.version"/>
|
|
371
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:linux:linux_kernel:{os.version}"/>
|
|
358
372
|
</fingerprint>
|
|
359
373
|
<!-- Linux end -->
|
|
360
|
-
|
|
361
374
|
<!-- Mac begin -->
|
|
362
375
|
<!-- Match Mac OS Classic first due to weak matching on Mac OS X -->
|
|
363
376
|
<fingerprint pattern="^(?i:(?:Apple )?Mac OS ([7-9](?:\.\d+?)*?))$">
|
|
@@ -368,6 +381,7 @@
|
|
|
368
381
|
<param pos="0" name="os.family" value="Mac OS"/>
|
|
369
382
|
<param pos="0" name="os.product" value="Mac OS"/>
|
|
370
383
|
<param pos="1" name="os.version"/>
|
|
384
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os:{os.version}"/>
|
|
371
385
|
</fingerprint>
|
|
372
386
|
<fingerprint pattern="^(?i:(?:Apple OS X|Apple Mac OS X|Mac OS X|OS X|Mac OS)\s?(\d+?(?:\.\d+?)*?)?)$">
|
|
373
387
|
<description>Mac OS X with version number</description>
|
|
@@ -378,6 +392,7 @@
|
|
|
378
392
|
<param pos="0" name="os.family" value="Mac OS X"/>
|
|
379
393
|
<param pos="0" name="os.product" value="Mac OS X"/>
|
|
380
394
|
<param pos="1" name="os.version"/>
|
|
395
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
|
|
381
396
|
</fingerprint>
|
|
382
397
|
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X Cheetah)$">
|
|
383
398
|
<description>Mac OS X Cheetah</description>
|
|
@@ -386,6 +401,7 @@
|
|
|
386
401
|
<param pos="0" name="os.family" value="Mac OS X"/>
|
|
387
402
|
<param pos="0" name="os.product" value="Mac OS X"/>
|
|
388
403
|
<param pos="0" name="os.version" value="10.0"/>
|
|
404
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.0"/>
|
|
389
405
|
</fingerprint>
|
|
390
406
|
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X Puma)$">
|
|
391
407
|
<description>Mac OS X Puma</description>
|
|
@@ -394,6 +410,7 @@
|
|
|
394
410
|
<param pos="0" name="os.family" value="Mac OS X"/>
|
|
395
411
|
<param pos="0" name="os.product" value="Mac OS X"/>
|
|
396
412
|
<param pos="0" name="os.version" value="10.1"/>
|
|
413
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.1"/>
|
|
397
414
|
</fingerprint>
|
|
398
415
|
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X Jaguar)$">
|
|
399
416
|
<description>Mac OS X Jaguar</description>
|
|
@@ -402,6 +419,7 @@
|
|
|
402
419
|
<param pos="0" name="os.family" value="Mac OS X"/>
|
|
403
420
|
<param pos="0" name="os.product" value="Mac OS X"/>
|
|
404
421
|
<param pos="0" name="os.version" value="10.2"/>
|
|
422
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.2"/>
|
|
405
423
|
</fingerprint>
|
|
406
424
|
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X Panther)$">
|
|
407
425
|
<description>Mac OS X Panther</description>
|
|
@@ -410,6 +428,7 @@
|
|
|
410
428
|
<param pos="0" name="os.family" value="Mac OS X"/>
|
|
411
429
|
<param pos="0" name="os.product" value="Mac OS X"/>
|
|
412
430
|
<param pos="0" name="os.version" value="10.3"/>
|
|
431
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.3"/>
|
|
413
432
|
</fingerprint>
|
|
414
433
|
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X Tiger)$">
|
|
415
434
|
<description>Mac OS X Tiger</description>
|
|
@@ -418,6 +437,7 @@
|
|
|
418
437
|
<param pos="0" name="os.family" value="Mac OS X"/>
|
|
419
438
|
<param pos="0" name="os.product" value="Mac OS X"/>
|
|
420
439
|
<param pos="0" name="os.version" value="10.4"/>
|
|
440
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.4"/>
|
|
421
441
|
</fingerprint>
|
|
422
442
|
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X Leopard)$">
|
|
423
443
|
<description>Mac OS X Leopard</description>
|
|
@@ -426,6 +446,7 @@
|
|
|
426
446
|
<param pos="0" name="os.family" value="Mac OS X"/>
|
|
427
447
|
<param pos="0" name="os.product" value="Mac OS X"/>
|
|
428
448
|
<param pos="0" name="os.version" value="10.5"/>
|
|
449
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.5"/>
|
|
429
450
|
</fingerprint>
|
|
430
451
|
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X Snow Leopard)$">
|
|
431
452
|
<description>Mac OS X Snow Leopard</description>
|
|
@@ -434,6 +455,7 @@
|
|
|
434
455
|
<param pos="0" name="os.family" value="Mac OS X"/>
|
|
435
456
|
<param pos="0" name="os.product" value="Mac OS X"/>
|
|
436
457
|
<param pos="0" name="os.version" value="10.6"/>
|
|
458
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.6"/>
|
|
437
459
|
</fingerprint>
|
|
438
460
|
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X Lion)$">
|
|
439
461
|
<description>Mac OS X Lion</description>
|
|
@@ -442,6 +464,7 @@
|
|
|
442
464
|
<param pos="0" name="os.family" value="Mac OS X"/>
|
|
443
465
|
<param pos="0" name="os.product" value="Mac OS X"/>
|
|
444
466
|
<param pos="0" name="os.version" value="10.7"/>
|
|
467
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.7"/>
|
|
445
468
|
</fingerprint>
|
|
446
469
|
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X Mountain Lion)$">
|
|
447
470
|
<description>Mac OS X Mountain Lion</description>
|
|
@@ -450,6 +473,7 @@
|
|
|
450
473
|
<param pos="0" name="os.family" value="Mac OS X"/>
|
|
451
474
|
<param pos="0" name="os.product" value="Mac OS X"/>
|
|
452
475
|
<param pos="0" name="os.version" value="10.8"/>
|
|
476
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.8"/>
|
|
453
477
|
</fingerprint>
|
|
454
478
|
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X Mavericks)$">
|
|
455
479
|
<description>Mac OS X Mavericks</description>
|
|
@@ -458,6 +482,7 @@
|
|
|
458
482
|
<param pos="0" name="os.family" value="Mac OS X"/>
|
|
459
483
|
<param pos="0" name="os.product" value="Mac OS X"/>
|
|
460
484
|
<param pos="0" name="os.version" value="10.9"/>
|
|
485
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.9"/>
|
|
461
486
|
</fingerprint>
|
|
462
487
|
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X Yosemite)$">
|
|
463
488
|
<description>Mac OS X Yosemite</description>
|
|
@@ -466,6 +491,7 @@
|
|
|
466
491
|
<param pos="0" name="os.family" value="Mac OS X"/>
|
|
467
492
|
<param pos="0" name="os.product" value="Mac OS X"/>
|
|
468
493
|
<param pos="0" name="os.version" value="10.10"/>
|
|
494
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.10"/>
|
|
469
495
|
</fingerprint>
|
|
470
496
|
<fingerprint pattern="^(?i:(?:Apple )?Mac OS X El Capitan)$">
|
|
471
497
|
<description>Mac OS X El Capitan</description>
|
|
@@ -474,6 +500,7 @@
|
|
|
474
500
|
<param pos="0" name="os.family" value="Mac OS X"/>
|
|
475
501
|
<param pos="0" name="os.product" value="Mac OS X"/>
|
|
476
502
|
<param pos="0" name="os.version" value="10.11"/>
|
|
503
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.11"/>
|
|
477
504
|
</fingerprint>
|
|
478
505
|
<!-- This can also match Cisco IOS if the vendor name is not present. -->
|
|
479
506
|
<fingerprint pattern="^(?i:(?:Apple )?iOS\s?(\d+?(?:\.\d+?)*?)?)$">
|
|
@@ -488,7 +515,6 @@
|
|
|
488
515
|
<param pos="0" name="os.device" value="Mobile"/>
|
|
489
516
|
</fingerprint>
|
|
490
517
|
<!-- Mac end -->
|
|
491
|
-
|
|
492
518
|
<!-- BSD begin -->
|
|
493
519
|
<fingerprint pattern="^(?i:(.*?BSD)\s?(\d+?(?:\.\d+?)*?(?:[\-\/_ ]?\w+?)?(?:-[a-z]\d+?)?)?)$">
|
|
494
520
|
<description>Many BSD family OSes</description>
|
|
@@ -503,7 +529,6 @@
|
|
|
503
529
|
<param pos="2" name="os.version"/>
|
|
504
530
|
</fingerprint>
|
|
505
531
|
<!-- BSD end -->
|
|
506
|
-
|
|
507
532
|
<!-- Other Unix-likes begin -->
|
|
508
533
|
<fingerprint pattern="^(?i:(?:Oracle|Sun)?\s?OpenSolaris\s?(\d+?(?:\.\d+?)*?)?)$">
|
|
509
534
|
<description>OpenSolaris</description>
|
|
@@ -512,6 +537,7 @@
|
|
|
512
537
|
<param pos="0" name="os.family" value="Solaris"/>
|
|
513
538
|
<param pos="0" name="os.product" value="Solaris"/>
|
|
514
539
|
<param pos="1" name="os.version"/>
|
|
540
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
|
|
515
541
|
</fingerprint>
|
|
516
542
|
<fingerprint pattern="^(?i:(?:Oracle|Sun)?\s?Solaris\s?(1[1-9]?(?:\.\d+?)*?)?)$">
|
|
517
543
|
<description>Solaris 11 and up</description>
|
|
@@ -521,6 +547,7 @@
|
|
|
521
547
|
<param pos="0" name="os.family" value="Solaris"/>
|
|
522
548
|
<param pos="0" name="os.product" value="Solaris"/>
|
|
523
549
|
<param pos="1" name="os.version"/>
|
|
550
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
|
|
524
551
|
</fingerprint>
|
|
525
552
|
<fingerprint pattern="^(?i:(?:Oracle|Sun)?\s?Solaris\s?((?:[789]|10)+?(?:\.\d+?)*?)?)$">
|
|
526
553
|
<description>Solaris 7-10</description>
|
|
@@ -532,6 +559,7 @@
|
|
|
532
559
|
<param pos="0" name="os.family" value="Solaris"/>
|
|
533
560
|
<param pos="0" name="os.product" value="Solaris"/>
|
|
534
561
|
<param pos="1" name="os.version"/>
|
|
562
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
|
|
535
563
|
</fingerprint>
|
|
536
564
|
<fingerprint pattern="^(?i:(?:Oracle|Sun)?\s?SunOS\s?5.([789]|10)?)$">
|
|
537
565
|
<description>SunOS/Solaris 5.7-5.10</description>
|
|
@@ -541,6 +569,7 @@
|
|
|
541
569
|
<param pos="0" name="os.family" value="Solaris"/>
|
|
542
570
|
<param pos="0" name="os.product" value="Solaris"/>
|
|
543
571
|
<param pos="1" name="os.version"/>
|
|
572
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
|
|
544
573
|
</fingerprint>
|
|
545
574
|
<fingerprint pattern="^(?i:(?:Oracle|Sun)?\s?SunOS\s?5.(1[1-9])?)$">
|
|
546
575
|
<description>Oracle/Solaris 5.11 and upwards</description>
|
|
@@ -549,6 +578,7 @@
|
|
|
549
578
|
<param pos="0" name="os.family" value="Solaris"/>
|
|
550
579
|
<param pos="0" name="os.product" value="Solaris"/>
|
|
551
580
|
<param pos="1" name="os.version"/>
|
|
581
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
|
|
552
582
|
</fingerprint>
|
|
553
583
|
<fingerprint pattern="^(?i:(?:IBM\s?)?(AIX|MVS|OS/(?:\d{1,3})|VM/CMS|VM/ESA|z/OS)\s?(\d+?(?:\.\d+?)*?)?)$">
|
|
554
584
|
<description>IBM OSes</description>
|
|
@@ -575,7 +605,6 @@
|
|
|
575
605
|
<param pos="2" name="os.version"/>
|
|
576
606
|
</fingerprint>
|
|
577
607
|
<!-- Other Unix-likes end -->
|
|
578
|
-
|
|
579
608
|
<!-- Network equipment begin -->
|
|
580
609
|
<fingerprint pattern="^(?i:(?:Juniper\s?)?(Junos|Junos OS|ScreenOS)\s?(\d+?(?:\.\d+?)*?)?)$">
|
|
581
610
|
<description>Juniper</description>
|
data/xml/pop_banners.xml
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
2
|
-
<!--
|
|
3
|
-
POP3 greeting messages (part of the banner after the status indicator +OK or -ERR) are
|
|
4
|
-
matched against these patterns to fingerprint POP3 servers.
|
|
5
|
-
-->
|
|
6
2
|
<fingerprints matches="pop3.banner" protocol="pop3" database_type="service" preference="0.90">
|
|
3
|
+
<!--
|
|
4
|
+
POP3 greeting messages (part of the banner after the status indicator +OK or -ERR) are
|
|
5
|
+
matched against these patterns to fingerprint POP3 servers.
|
|
6
|
+
-->
|
|
7
7
|
<fingerprint pattern="^([^ ]+) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
|
|
8
8
|
<description>OSX Cyrus POP</description>
|
|
9
9
|
<example host.domain="8.8.8.8" service.version="2.3.8" os.version="10.5">8.8.8.8 Cyrus POP3 v2.3.8-OS X Server 10.5: 9A562 server ready <1999107648.1324502155@8.8.8.8></example>
|
|
@@ -16,6 +16,7 @@ matched against these patterns to fingerprint POP3 servers.
|
|
|
16
16
|
<param pos="0" name="os.product" value="Mac OS X"/>
|
|
17
17
|
<param pos="0" name="os.device" value="General"/>
|
|
18
18
|
<param pos="3" name="os.version"/>
|
|
19
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
|
|
19
20
|
<param pos="1" name="host.domain"/>
|
|
20
21
|
</fingerprint>
|
|
21
22
|
<fingerprint pattern="^([^ ]+) +Cyrus POP3 v([\d\.]+)">
|
|
@@ -34,6 +35,7 @@ matched against these patterns to fingerprint POP3 servers.
|
|
|
34
35
|
<param pos="0" name="service.vendor" value="IBM"/>
|
|
35
36
|
<param pos="0" name="service.family" value="Lotus Domino"/>
|
|
36
37
|
<param pos="0" name="service.product" value="Lotus Domino"/>
|
|
38
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:-"/>
|
|
37
39
|
</fingerprint>
|
|
38
40
|
<fingerprint pattern="^Lotus Notes POP3 server version Release ([^ ]+) ready on .*$">
|
|
39
41
|
<description>IBM Lotus Notes/Domino</description>
|
|
@@ -42,6 +44,7 @@ matched against these patterns to fingerprint POP3 servers.
|
|
|
42
44
|
<param pos="0" name="service.family" value="Lotus Domino"/>
|
|
43
45
|
<param pos="0" name="service.product" value="Lotus Domino"/>
|
|
44
46
|
<param pos="1" name="service.version"/>
|
|
47
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:{service.version}"/>
|
|
45
48
|
</fingerprint>
|
|
46
49
|
<fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+), modified by Sphera Technologies\) at (.+) starting\..*$">
|
|
47
50
|
<description>Qpopper with Sphera mods</description>
|
|
@@ -91,11 +94,13 @@ matched against these patterns to fingerprint POP3 servers.
|
|
|
91
94
|
<param pos="0" name="service.family" value="Exchange Server"/>
|
|
92
95
|
<param pos="0" name="service.product" value="Exchange 2003 Server"/>
|
|
93
96
|
<param pos="1" name="service.version"/>
|
|
97
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:microsoft:exchange_server:{service.version}"/>
|
|
94
98
|
<param pos="2" name="host.name"/>
|
|
95
99
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
96
100
|
<param pos="0" name="os.device" value="General"/>
|
|
97
101
|
<param pos="0" name="os.family" value="Windows"/>
|
|
98
102
|
<param pos="0" name="os.product" value="Windows"/>
|
|
103
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
|
99
104
|
</fingerprint>
|
|
100
105
|
<fingerprint pattern="^Microsoft Exchange 2000 POP3 server version (\d+\.\d+\.\d+\.\d+) (.+) ready.$">
|
|
101
106
|
<description>Microsoft Exchange Server 2000</description>
|
|
@@ -104,11 +109,13 @@ matched against these patterns to fingerprint POP3 servers.
|
|
|
104
109
|
<param pos="0" name="service.family" value="Exchange Server"/>
|
|
105
110
|
<param pos="0" name="service.product" value="Exchange 2000 Server"/>
|
|
106
111
|
<param pos="1" name="service.version"/>
|
|
112
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:microsoft:exchange_server:{service.version}"/>
|
|
107
113
|
<param pos="2" name="host.name"/>
|
|
108
114
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
109
115
|
<param pos="0" name="os.device" value="General"/>
|
|
110
116
|
<param pos="0" name="os.family" value="Windows"/>
|
|
111
117
|
<param pos="0" name="os.product" value="Windows"/>
|
|
118
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
|
112
119
|
</fingerprint>
|
|
113
120
|
<fingerprint pattern="^Microsoft Exchange POP3 server version (\d+\.\d+\.\d+\.\d+) ready$">
|
|
114
121
|
<description>Microsoft Exchange Server</description>
|
|
@@ -117,10 +124,12 @@ matched against these patterns to fingerprint POP3 servers.
|
|
|
117
124
|
<param pos="0" name="service.family" value="Exchange Server"/>
|
|
118
125
|
<param pos="0" name="service.product" value="Exchange Server"/>
|
|
119
126
|
<param pos="1" name="service.version"/>
|
|
127
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:microsoft:exchange_server:{service.version}"/>
|
|
120
128
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
121
129
|
<param pos="0" name="os.device" value="General"/>
|
|
122
130
|
<param pos="0" name="os.family" value="Windows"/>
|
|
123
131
|
<param pos="0" name="os.product" value="Windows"/>
|
|
132
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
|
124
133
|
</fingerprint>
|
|
125
134
|
<fingerprint pattern="^Microsoft Windows POP3 Service Version 1.0 <.+@(.+)> ready.$">
|
|
126
135
|
<description>Microsoft POP3 Services on Windows 2003</description>
|
|
@@ -133,6 +142,7 @@ matched against these patterns to fingerprint POP3 servers.
|
|
|
133
142
|
<param pos="0" name="os.device" value="General"/>
|
|
134
143
|
<param pos="0" name="os.family" value="Windows"/>
|
|
135
144
|
<param pos="0" name="os.product" value="Windows Server 2003"/>
|
|
145
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
|
|
136
146
|
</fingerprint>
|
|
137
147
|
<fingerprint pattern="^Microsoft Exchange Server 2007 POP3 service ready\.?$">
|
|
138
148
|
<description>Microsoft Exchange Server 2007</description>
|
|
@@ -140,10 +150,12 @@ matched against these patterns to fingerprint POP3 servers.
|
|
|
140
150
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
|
141
151
|
<param pos="0" name="service.family" value="Exchange Server"/>
|
|
142
152
|
<param pos="0" name="service.product" value="Exchange 2007 Server"/>
|
|
153
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:microsoft:exchange_server:-"/>
|
|
143
154
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
144
155
|
<param pos="0" name="os.device" value="General"/>
|
|
145
156
|
<param pos="0" name="os.family" value="Windows"/>
|
|
146
157
|
<param pos="0" name="os.product" value="Windows"/>
|
|
158
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
|
147
159
|
</fingerprint>
|
|
148
160
|
<fingerprint pattern="^The? Microsoft Exchange POP3 service is ready\.?$">
|
|
149
161
|
<description>Microsoft Exchange Server, generic</description>
|
|
@@ -151,10 +163,12 @@ matched against these patterns to fingerprint POP3 servers.
|
|
|
151
163
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
|
152
164
|
<param pos="0" name="service.family" value="Exchange Server"/>
|
|
153
165
|
<param pos="0" name="service.product" value="Exchange Server"/>
|
|
166
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:microsoft:exchange_server:-"/>
|
|
154
167
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
155
168
|
<param pos="0" name="os.device" value="General"/>
|
|
156
169
|
<param pos="0" name="os.family" value="Windows"/>
|
|
157
170
|
<param pos="0" name="os.product" value="Windows"/>
|
|
171
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
|
158
172
|
</fingerprint>
|
|
159
173
|
<fingerprint pattern="^[dD]ovecot (?:DA )?ready\.(?: <.+@(.+)>)?$">
|
|
160
174
|
<description>Dovecot Secure POP Server</description>
|
|
@@ -168,6 +182,7 @@ matched against these patterns to fingerprint POP3 servers.
|
|
|
168
182
|
<example>dogfood.example.com Zimbra POP3 server ready</example>
|
|
169
183
|
<param pos="0" name="service.vendor" value="VMware"/>
|
|
170
184
|
<param pos="0" name="service.product" value="Zimbra"/>
|
|
185
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:-"/>
|
|
171
186
|
<param pos="1" name="host.name"/>
|
|
172
187
|
</fingerprint>
|
|
173
188
|
<fingerprint pattern="^(\S+) Zimbra (\S+) POP3 server ready\.?$">
|
|
@@ -176,6 +191,7 @@ matched against these patterns to fingerprint POP3 servers.
|
|
|
176
191
|
<param pos="0" name="service.vendor" value="VMware"/>
|
|
177
192
|
<param pos="0" name="service.product" value="Zimbra"/>
|
|
178
193
|
<param pos="2" name="service.version"/>
|
|
194
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:{service.version}"/>
|
|
179
195
|
<param pos="1" name="host.name"/>
|
|
180
196
|
</fingerprint>
|
|
181
197
|
<fingerprint pattern="^(?:S?POP3? server ready |Hello there.? )?<.*@([^>]+)>$">
|
|
@@ -195,6 +211,7 @@ matched against these patterns to fingerprint POP3 servers.
|
|
|
195
211
|
<param pos="0" name="os.product" value="Mac OS X"/>
|
|
196
212
|
<param pos="1" name="os.version"/>
|
|
197
213
|
<param pos="0" name="os.certainty" value="0.5"/>
|
|
214
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
|
|
198
215
|
</fingerprint>
|
|
199
216
|
<fingerprint pattern="^TCPIP POP server V\d\.\d\S-\S{3}, OpenVMS V(\d\.\d-\d)(?:\s+\S+)?\s+at\s+(\S+), .*$">
|
|
200
217
|
<description>TCP/IP Services for OpenVMS POP server</description>
|
|
@@ -207,6 +224,7 @@ matched against these patterns to fingerprint POP3 servers.
|
|
|
207
224
|
<param pos="0" name="os.product" value="OpenVMS"/>
|
|
208
225
|
<param pos="0" name="os.device" value="General"/>
|
|
209
226
|
<param pos="1" name="os.version"/>
|
|
227
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:openvms:{os.version}"/>
|
|
210
228
|
<param pos="2" name="host.name"/>
|
|
211
229
|
</fingerprint>
|
|
212
230
|
<fingerprint pattern="^Hello there\.$">
|
|
@@ -216,16 +234,16 @@ matched against these patterns to fingerprint POP3 servers.
|
|
|
216
234
|
<param pos="0" name="service.family" value="Courier MTA"/>
|
|
217
235
|
<param pos="0" name="service.product" value="Courier POP"/>
|
|
218
236
|
</fingerprint>
|
|
219
|
-
<fingerprint pattern=
|
|
237
|
+
<fingerprint pattern="^CMailServer ([\d\.]+) POP3 Service Ready$">
|
|
220
238
|
<description>CMailServer</description>
|
|
221
239
|
<example service.version="5.0.0">CMailServer 5.0.0 POP3 Service Ready</example>
|
|
222
240
|
<param pos="0" name="service.product" value="CMailServer"/>
|
|
223
241
|
<param pos="0" name="service.vendor" value="Youngzsoft"/>
|
|
224
|
-
<param pos="0" name="os.family" value="Windows"
|
|
242
|
+
<param pos="0" name="os.family" value="Windows"/>
|
|
225
243
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
226
|
-
<param pos=
|
|
244
|
+
<param pos="1" name="service.version"/>
|
|
227
245
|
</fingerprint>
|
|
228
|
-
<fingerprint pattern=
|
|
246
|
+
<fingerprint pattern="^POP3 Bigfoot v(\d\.\d) server ready$">
|
|
229
247
|
<description>POP3 Bigfoot server</description>
|
|
230
248
|
<example service.version="1.0">POP3 Bigfoot v1.0 server ready</example>
|
|
231
249
|
<param pos="0" name="service.vendor" value="Bigfoot"/>
|
|
@@ -243,7 +261,7 @@ matched against these patterns to fingerprint POP3 servers.
|
|
|
243
261
|
<param pos="0" name="service.product" value="CCProxy"/>
|
|
244
262
|
<param pos="1" name="service.version"/>
|
|
245
263
|
</fingerprint>
|
|
246
|
-
<fingerprint pattern=
|
|
264
|
+
<fingerprint pattern="^POP3 on WinWebMail \[([\d.]+)\] ready\.$">
|
|
247
265
|
<description>WinWebmail POP3</description>
|
|
248
266
|
<example service.version="1.1.1.1">POP3 on WinWebMail [1.1.1.1] ready.</example>
|
|
249
267
|
<param pos="0" name="service.product" value="WinWebMail"/>
|
|
@@ -251,19 +269,21 @@ matched against these patterns to fingerprint POP3 servers.
|
|
|
251
269
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
252
270
|
<param pos="0" name="os.family" value="Windows"/>
|
|
253
271
|
<param pos="0" name="os.product" value="Windows"/>
|
|
272
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
|
254
273
|
<param pos="1" name="service.version"/>
|
|
255
274
|
</fingerprint>
|
|
256
|
-
<fingerprint pattern=
|
|
275
|
+
<fingerprint pattern="^BlackJumboDog \(Version ([\d\.]+)\) ready$">
|
|
257
276
|
<description>BlackJumboDog</description>
|
|
258
277
|
<example service.version="5.7.5.0">BlackJumboDog (Version 5.7.5.0) ready</example>
|
|
259
|
-
<param pos="0" name="service.vendor" value=
|
|
278
|
+
<param pos="0" name="service.vendor" value="SapporoWorks"/>
|
|
260
279
|
<param pos="0" name="service.product" value="BlackJumboDog"/>
|
|
261
280
|
<param pos="0" name="os.family" value="Windows"/>
|
|
262
281
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
263
282
|
<param pos="0" name="os.product" value="Windows"/>
|
|
283
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
|
264
284
|
<param pos="1" name="service.version"/>
|
|
265
285
|
</fingerprint>
|
|
266
|
-
<!--
|
|
286
|
+
<!--
|
|
267
287
|
; Mandrake 8.1 - uses UW IMAP
|
|
268
288
|
; +OK POP3 mandrake81-f540k v2000.70mdk server ready
|
|
269
289
|
// wu-imap?
|