recog 2.1.21 → 2.1.22

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/recog/version.rb +1 -1
  3. data/remap.json +4 -0
  4. data/xml/apache_modules.xml +1911 -0
  5. data/xml/ftp_banners.xml +6 -5
  6. data/xml/http_servers.xml +281 -33
  7. metadata +4 -3
data/xml/ftp_banners.xml CHANGED
@@ -435,9 +435,10 @@ more text</example>
435
435
  <param pos="0" name="service.family" value="Firewall-1"/>
436
436
  <param pos="0" name="service.cpe23" value="cpe:/a:checkpoint:firewall-1:-"/>
437
437
  <param pos="0" name="os.vendor" value="Check Point"/>
438
+ <param pos="0" name="os.cpe23" value="cpe:/o:checkpoint:gaia_os:-"/>
438
439
  <param pos="0" name="os.device" value="Firewall"/>
439
440
  <param pos="0" name="os.family" value="Firewall-1"/>
440
- <param pos="0" name="os.product" value="Firewall-1"/>
441
+ <param pos="0" name="os.product" value="GAiA OS"/>
441
442
  <param pos="0" name="hw.vendor" value="Check Point"/>
442
443
  <param pos="0" name="hw.device" value="Firewall"/>
443
444
  <param pos="0" name="hw.family" value="Firewall-1"/>
@@ -1292,10 +1293,10 @@ more text</example>
1292
1293
  </fingerprint>
1293
1294
  <fingerprint pattern="^Sofrel (S5[\w]+) SN ([\d-]+) ready. Time is (\d{2}:\d{2}:\d{2} \d{2}\/\d{2}\/\d{2})\.$">
1294
1295
  <description>Sofrel Remote Terminal Unit</description>
1295
- <example hw.device="S500" host.id="01-499-00427" system.time="00:11:39 01/11/16">Sofrel S500 SN 01-499-00427 ready. Time is 00:11:39 01/11/16.</example>
1296
+ <example hw.product="S500" host.id="01-499-00427" system.time="00:11:39 01/11/16">Sofrel S500 SN 01-499-00427 ready. Time is 00:11:39 01/11/16.</example>
1296
1297
  <param pos="0" name="hw.vendor" value="Sofrel"/>
1297
1298
  <param pos="0" name="hw.family" value="S500 Range"/>
1298
- <param pos="1" name="hw.device"/>
1299
+ <param pos="1" name="hw.product"/>
1299
1300
  <param pos="2" name="host.id"/>
1300
1301
  <param pos="0" name="system.time.format" value="HH:mm::ss dd/MM/yy"/>
1301
1302
  <param pos="3" name="system.time"/>
@@ -1303,12 +1304,12 @@ more text</example>
1303
1304
  <fingerprint pattern="^TiMOS-[CB]-([\S]+) cpm\/[\w]+ ALCATEL (SR [\S]+) Copyright .{1,4}$">
1304
1305
  <description>ALCATEL Service Router running TiMOS</description>
1305
1306
  <example os.version="13.0.R9">TiMOS-C-13.0.R9 cpm/hops64 ALCATEL SR 7750 Copyright (</example>
1306
- <example hw.device="SR 7750">TiMOS-C-9.0.R8 cpm/hops ALCATEL SR 7750 Copyright (c) </example>
1307
+ <example hw.product="SR 7750">TiMOS-C-9.0.R8 cpm/hops ALCATEL SR 7750 Copyright (c) </example>
1307
1308
  <param pos="0" name="os.vendor" value="ALCATEL"/>
1308
1309
  <param pos="1" name="os.version"/>
1309
1310
  <param pos="0" name="hw.vendor" value="ALCATEL"/>
1310
1311
  <param pos="0" name="hw.family" value="Service Router"/>
1311
- <param pos="2" name="hw.device"/>
1312
+ <param pos="2" name="hw.product"/>
1312
1313
  </fingerprint>
1313
1314
  <fingerprint pattern="^(\S+) FTP server ready\.?$" flags="REG_ICASE">
1314
1315
  <description>Generic FTP fingerprint with a hostname</description>
data/xml/http_servers.xml CHANGED
@@ -1475,9 +1475,14 @@
1475
1475
  <param pos="0" name="service.family" value="Firewall-1"/>
1476
1476
  <param pos="0" name="service.cpe23" value="cpe:/a:checkpoint:firewall-1:-"/>
1477
1477
  <param pos="0" name="os.vendor" value="Check Point"/>
1478
+ <param pos="0" name="os.cpe23" value="cpe:/o:checkpoint:gaia_os:-"/>
1478
1479
  <param pos="0" name="os.device" value="Firewall"/>
1479
1480
  <param pos="0" name="os.family" value="Firewall-1"/>
1480
- <param pos="0" name="os.product" value="Firewall-1"/>
1481
+ <param pos="0" name="os.product" value="GAiA OS"/>
1482
+ <param pos="0" name="hw.vendor" value="Check Point"/>
1483
+ <param pos="0" name="hw.device" value="Firewall"/>
1484
+ <param pos="0" name="hw.family" value="Firewall-1"/>
1485
+ <param pos="0" name="hw.product" value="Firewall-1"/>
1481
1486
  </fingerprint>
1482
1487
  <fingerprint pattern="^Microsoft-IIS/([1234]\.0)$">
1483
1488
  <description>Microsoft IIS 1.0 - 4.0 runs on Windows NT 4.0</description>
@@ -1993,6 +1998,100 @@
1993
1998
  <param pos="0" name="os.vendor" value="HP"/>
1994
1999
  <param pos="0" name="os.family" value="TippingPoint"/>
1995
2000
  <param pos="0" name="os.device" value="IPS"/>
2001
+ <param pos="0" name="hw.vendor" value="HP"/>
2002
+ <param pos="0" name="hw.family" value="TippingPoint"/>
2003
+ <param pos="0" name="hw.device" value="IPS"/>
2004
+ </fingerprint>
2005
+ <fingerprint pattern="^uc-httpd[ \/]([\d.]+)$">
2006
+ <description>Xiongmai Tech uc-httpd</description>
2007
+ <example service.version="1.0.0">uc-httpd 1.0.0</example>
2008
+ <example service.version="1.0.0">uc-httpd/1.0.0</example>
2009
+ <param pos="0" name="service.vendor" value="Xiongmai Tech"/>
2010
+ <param pos="0" name="service.product" value="uc-httpd"/>
2011
+ <param pos="1" name="service.version"/>
2012
+ </fingerprint>
2013
+ <fingerprint pattern="^micro_httpd$">
2014
+ <description>ACME micro_httpd</description>
2015
+ <example>micro_httpd</example>
2016
+ <param pos="0" name="service.vendor" value="ACME"/>
2017
+ <param pos="0" name="service.product" value="micro_httpd"/>
2018
+ <param pos="0" name="service.cpe23" value="cpe:/a:acme:micro_httpd:-"/>
2019
+ </fingerprint>
2020
+ <fingerprint pattern="^mini_httpd$">
2021
+ <description>ACME mini_httpd</description>
2022
+ <example>mini_httpd</example>
2023
+ <param pos="0" name="service.vendor" value="ACME"/>
2024
+ <param pos="0" name="service.product" value="mini_httpd"/>
2025
+ <param pos="0" name="service.cpe23" value="cpe:/a:acme:mini_httpd:-"/>
2026
+ </fingerprint>
2027
+ <fingerprint pattern="^LiteSpeed\/?(:?[\d.]+)?(?: \S+)?">
2028
+ <description>LiteSpeed</description>
2029
+ <example>LiteSpeed</example>
2030
+ <example>LiteSpeed/5.2.8 Enterprise</example>
2031
+ <param pos="0" name="service.vendor" value="LiteSpeed Technologies"/>
2032
+ <param pos="0" name="service.product" value="LiteSpeed Web Server"/>
2033
+ <param pos="1" name="service.version"/>
2034
+ </fingerprint>
2035
+ <fingerprint pattern="^IdeaWebServer\/v?([\d.]+)$">
2036
+ <description>Idea Web Server</description>
2037
+ <example service.version="0.83.74">IdeaWebServer/0.83.74</example>
2038
+ <example service.version="0.70">IdeaWebServer/v0.70</example>
2039
+ <param pos="0" name="service.vendor" value="home.pl"/>
2040
+ <param pos="0" name="service.product" value="Idea Web Server"/>
2041
+ <param pos="1" name="service.version"/>
2042
+ </fingerprint>
2043
+ <fingerprint pattern="^openresty\/?(:?[\d.]+)?$">
2044
+ <description>OpenResty OpenResty</description>
2045
+ <example>openresty</example>
2046
+ <example service.version="1.13.6.2">openresty/1.13.6.2</example>
2047
+ <param pos="0" name="service.vendor" value="OpenResty"/>
2048
+ <param pos="0" name="service.product" value="OpenResty"/>
2049
+ <param pos="1" name="service.version"/>
2050
+ </fingerprint>
2051
+ <fingerprint pattern="^gunicorn\/([\d.]+)+$">
2052
+ <description>Gunicorn Gunicorn</description>
2053
+ <example service.version="19.7.1">gunicorn/19.7.1</example>
2054
+ <param pos="0" name="service.vendor" value="Gunicorn"/>
2055
+ <param pos="0" name="service.product" value="Gunicorn"/>
2056
+ <param pos="1" name="service.version"/>
2057
+ </fingerprint>
2058
+ <fingerprint pattern="^Serv-U\/([\d.]+)$">
2059
+ <description>Serv-U HTTP interface</description>
2060
+ <example service.version="15.1.6.31">Serv-U/15.1.6.31</example>
2061
+ <param pos="0" name="service.vendor" value="SolarWinds"/>
2062
+ <param pos="0" name="service.family" value="Serv-U"/>
2063
+ <param pos="0" name="service.product" value="FTP Server"/>
2064
+ <param pos="1" name="service.version"/>
2065
+ </fingerprint>
2066
+ <fingerprint pattern="^Varnish(?:[- ]Cache)?$">
2067
+ <description>Varnish Cache</description>
2068
+ <example>Varnish</example>
2069
+ <example>Varnish-Cache</example>
2070
+ <param pos="0" name="service.vendor" value="Varnish-cache"/>
2071
+ <param pos="0" name="service.family" value="Varnish"/>
2072
+ <param pos="0" name="service.product" value="Varnish"/>
2073
+ <param pos="0" name="service.cpe23" value="cpe:/a:varnish-cache:varnish:-"/>
2074
+ </fingerprint>
2075
+ <fingerprint pattern="^Tengine\/?(:?[\d.]+)?$">
2076
+ <description>Tengine</description>
2077
+ <example>Tengine</example>
2078
+ <example service.version="2.0.0">Tengine/2.0.0</example>
2079
+ <param pos="0" name="service.vendor" value="Taobao"/>
2080
+ <param pos="0" name="service.family" value="Tengine"/>
2081
+ <param pos="0" name="service.product" value="Tengine"/>
2082
+ <param pos="1" name="service.version"/>
2083
+ </fingerprint>
2084
+ <fingerprint pattern="^Mikrotik HttpProxy$">
2085
+ <description>MikroTik RouterOS - Proxy service</description>
2086
+ <example>Mikrotik HttpProxy</example>
2087
+ <param pos="0" name="service.vendor" value="MikroTik"/>
2088
+ <param pos="0" name="service.product" value="HttpProxy"/>
2089
+ <param pos="0" name="os.vendor" value="MikroTik"/>
2090
+ <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:-"/>
2091
+ <param pos="0" name="os.device" value="Router"/>
2092
+ <param pos="0" name="os.product" value="RouterOS"/>
2093
+ <param pos="0" name="hw.vendor" value="MikroTik"/>
2094
+ <param pos="0" name="hw.device" value="Router"/>
1996
2095
  </fingerprint>
1997
2096
  <fingerprint pattern="^Helix Server Version ([0-9.]*) \(win32\) \(RealServer compatible\)$">
1998
2097
  <description>RealMedia Helix Server</description>
@@ -2073,16 +2172,20 @@
2073
2172
  <description>Bosch VCS VIDOS-NVR network video recorder</description>
2074
2173
  <example>VCS-VIDOS-NVR</example>
2075
2174
  <param pos="0" name="os.vendor" value="Bosch"/>
2076
- <param pos="0" name="os.device" value="Video"/>
2175
+ <param pos="0" name="os.device" value="DVR"/>
2077
2176
  <param pos="0" name="os.product" value="VIDOS-NVR"/>
2177
+ <param pos="0" name="hw.vendor" value="Bosch"/>
2178
+ <param pos="0" name="hw.device" value="DVR"/>
2078
2179
  </fingerprint>
2079
2180
  <fingerprint pattern="^HeiTel GmbH Web Server \[\S+\]$">
2080
2181
  <description>HeiTel Digital Video Recorder</description>
2081
2182
  <example>HeiTel GmbH Web Server [V1.15/V1.14/V1.3]</example>
2082
2183
  <example>HeiTel GmbH Web Server [V1.26/V1.15/V1.7]</example>
2083
2184
  <param pos="0" name="os.vendor" value="HeiTel"/>
2084
- <param pos="0" name="os.device" value="Video"/>
2185
+ <param pos="0" name="os.device" value="DVR"/>
2085
2186
  <param pos="0" name="os.product" value="Unknown"/>
2187
+ <param pos="0" name="hw.vendor" value="HeiTel"/>
2188
+ <param pos="0" name="hw.device" value="DVR"/>
2086
2189
  </fingerprint>
2087
2190
  <fingerprint pattern="^MiniServ/([0-9.]*)$">
2088
2191
  <description>mini_httpd</description>
@@ -2283,6 +2386,7 @@
2283
2386
  <param pos="0" name="service.family" value="iLO"/>
2284
2387
  <param pos="0" name="service.cpe23" value="cpe:/a:hp:integrated_lights_out:-"/>
2285
2388
  <param pos="0" name="hw.vendor" value="HP"/>
2389
+ <param pos="0" name="hw.device" value="Lights Out Management"/>
2286
2390
  <param pos="0" name="os.vendor" value="HP"/>
2287
2391
  <param pos="0" name="os.product" value="iLO"/>
2288
2392
  <param pos="0" name="os.family" value="iLO"/>
@@ -2362,16 +2466,6 @@
2362
2466
  <param pos="0" name="service.family" value="lighttpd"/>
2363
2467
  <param pos="1" name="service.version"/>
2364
2468
  </fingerprint>
2365
- <fingerprint pattern="^nginx/(\S+)">
2366
- <description>nginx with version info</description>
2367
- <example>nginx/0.8.53 + Phusion Passenger 3.0.0 (mod_rails/mod_rack)</example>
2368
- <example>nginx/0.8.53</example>
2369
- <param pos="0" name="service.product" value="nginx"/>
2370
- <param pos="0" name="service.family" value="nginx"/>
2371
- <param pos="0" name="service.vendor" value="nginx"/>
2372
- <param pos="1" name="service.version"/>
2373
- <param pos="0" name="service.cpe23" value="cpe:/a:nginx:nginx:{service.version}"/>
2374
- </fingerprint>
2375
2469
  <fingerprint pattern="^nginx$">
2376
2470
  <description>nginx without version info</description>
2377
2471
  <example>nginx</example>
@@ -2380,6 +2474,18 @@
2380
2474
  <param pos="0" name="service.vendor" value="nginx"/>
2381
2475
  <param pos="0" name="service.cpe23" value="cpe:/a:nginx:nginx:-"/>
2382
2476
  </fingerprint>
2477
+ <fingerprint pattern="^nginx\/?(:?[\d.]+)?">
2478
+ <description>nginx with version info and/or mods</description>
2479
+ <example service.version="0.8.53">nginx/0.8.53 + Phusion Passenger 3.0.0 (mod_rails/mod_rack)</example>
2480
+ <example>nginx/0.8.53</example>
2481
+ <example>nginx + Phusion Passenger 5.1.11</example>
2482
+ <example>nginx + Phusion Passenger</example>
2483
+ <param pos="0" name="service.product" value="nginx"/>
2484
+ <param pos="0" name="service.family" value="nginx"/>
2485
+ <param pos="0" name="service.vendor" value="nginx"/>
2486
+ <param pos="1" name="service.version"/>
2487
+ <param pos="0" name="service.cpe23" value="cpe:/a:nginx:nginx:{service.version}"/>
2488
+ </fingerprint>
2383
2489
  <fingerprint pattern="^Lotus(?:-Domino)?(?:/|/0|/Release)?$">
2384
2490
  <description>IBM Lotus Notes/Domino with no useful version info</description>
2385
2491
  <example>Lotus</example>
@@ -2579,6 +2685,8 @@
2579
2685
  <param pos="0" name="os.device" value="VPN"/>
2580
2686
  <param pos="0" name="os.family" value="SSL-VPN"/>
2581
2687
  <param pos="1" name="os.product"/>
2688
+ <param pos="0" name="hw.vendor" value="SonicWALL"/>
2689
+ <param pos="0" name="hw.device" value="VPN"/>
2582
2690
  </fingerprint>
2583
2691
  <fingerprint pattern="^SonicWALL$">
2584
2692
  <description>SonicWALL device</description>
@@ -2632,6 +2740,8 @@
2632
2740
  <param pos="0" name="service.product" value="BIG-IP LTM"/>
2633
2741
  <param pos="0" name="service.family" value="BIG-IP"/>
2634
2742
  <param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
2743
+ <param pos="0" name="os.family" value="Linux"/>
2744
+ <param pos="0" name="os.product" value="Linux"/>
2635
2745
  </fingerprint>
2636
2746
  <fingerprint pattern="^Foundry Networks(?:/(\d+\.\d+))?$">
2637
2747
  <description>Foundry Networks device (though not sure which)</description>
@@ -2653,6 +2763,10 @@
2653
2763
  <param pos="0" name="os.device" value="Printer"/>
2654
2764
  <param pos="0" name="os.family" value="JetDirect"/>
2655
2765
  <param pos="0" name="os.product" value="JetDirect"/>
2766
+ <param pos="0" name="hw.vendor" value="HP"/>
2767
+ <param pos="0" name="hw.family" value="JetDirect"/>
2768
+ <param pos="0" name="hw.product" value="JetDirect"/>
2769
+ <param pos="0" name="hw.device" value="Printer"/>
2656
2770
  </fingerprint>
2657
2771
  <fingerprint pattern="^HP HTTP Server; (?:Hewlett-Packard )?HP ((\S+) \S+)">
2658
2772
  <description>HP Printer</description>
@@ -2666,6 +2780,10 @@
2666
2780
  <param pos="0" name="os.device" value="Printer"/>
2667
2781
  <param pos="2" name="os.family"/>
2668
2782
  <param pos="1" name="os.product"/>
2783
+ <param pos="0" name="hw.vendor" value="HP"/>
2784
+ <param pos="0" name="hw.family" value="JetDirect"/>
2785
+ <param pos="0" name="hw.product" value="JetDirect"/>
2786
+ <param pos="0" name="hw.device" value="Printer"/>
2669
2787
  </fingerprint>
2670
2788
  <fingerprint pattern="^HTTP/1\.0$">
2671
2789
  <description>Old HP printers identify themselves as "HTTP/1.0"</description>
@@ -2676,6 +2794,10 @@
2676
2794
  <param pos="0" name="os.device" value="Printer"/>
2677
2795
  <param pos="0" name="os.family" value="JetDirect"/>
2678
2796
  <param pos="0" name="os.product" value="JetDirect"/>
2797
+ <param pos="0" name="hw.vendor" value="HP"/>
2798
+ <param pos="0" name="hw.family" value="JetDirect"/>
2799
+ <param pos="0" name="hw.product" value="JetDirect"/>
2800
+ <param pos="0" name="hw.device" value="Printer"/>
2679
2801
  </fingerprint>
2680
2802
  <fingerprint pattern="^(?:Allegro-Software-)?RomPager/\s*(\S+)">
2681
2803
  <description>Embedded HTTP server used by many vendors and device
@@ -2700,20 +2822,24 @@
2700
2822
  <param pos="0" name="os.device" value="Router"/>
2701
2823
  <param pos="0" name="os.family" value="RT"/>
2702
2824
  <param pos="0" name="os.product" value="RT"/>
2825
+ <param pos="0" name="hw.vendor" value="Yamaha"/>
2826
+ <param pos="0" name="hw.device" value="Router"/>
2703
2827
  </fingerprint>
2704
2828
  <fingerprint pattern="^(?:Canon Http|CANON HTTP) Server (?:Ver)?(?:\d+\.\d+)$">
2705
- <description>Canon device running embedded web server, though
2706
- not sure if this is a printer or network camera</description>
2829
+ <description>Canon Multifunction Printer/Copiers</description>
2707
2830
  <param pos="0" name="service.vendor" value="Canon"/>
2708
2831
  <param pos="0" name="service.product" value="HTTP"/>
2709
2832
  <param pos="0" name="os.vendor" value="Canon"/>
2710
- <param pos="0" name="os.product" value="Unknown"/>
2833
+ <param pos="0" name="hw.vendor" value="Canon"/>
2834
+ <param pos="0" name="hw.device" value="Multifunction Device"/>
2711
2835
  </fingerprint>
2712
2836
  <fingerprint pattern=".*Linksys.*">
2713
2837
  <description>Linksys Wireless Access Point</description>
2714
2838
  <param pos="0" name="os.vendor" value="Linksys"/>
2715
2839
  <param pos="0" name="os.product" value="Unknown"/>
2716
2840
  <param pos="0" name="os.device" value="WAP"/>
2841
+ <param pos="0" name="hw.vendor" value="Linksys"/>
2842
+ <param pos="0" name="hw.device" value="WAP"/>
2717
2843
  </fingerprint>
2718
2844
  <fingerprint pattern="^cisco-IOS$">
2719
2845
  <description>Cisco IOS</description>
@@ -2727,6 +2853,7 @@
2727
2853
  <param pos="0" name="os.product" value="IOS"/>
2728
2854
  <param pos="0" name="os.certainty" value="0.8"/>
2729
2855
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:-"/>
2856
+ <param pos="0" name="hw.vendor" value="Cisco"/>
2730
2857
  </fingerprint>
2731
2858
  <fingerprint pattern="^cisco-IOS/([^\s]+) HTTP-server/.*$">
2732
2859
  <description>Cisco IOS with version information</description>
@@ -2740,6 +2867,7 @@
2740
2867
  <param pos="0" name="os.product" value="IOS"/>
2741
2868
  <param pos="1" name="os.version"/>
2742
2869
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:{os.version}"/>
2870
+ <param pos="0" name="hw.vendor" value="Cisco"/>
2743
2871
  </fingerprint>
2744
2872
  <fingerprint pattern="^Cisco AWARE (.*)$">
2745
2873
  <description>Cisco ASA</description>
@@ -2750,6 +2878,11 @@
2750
2878
  <param pos="0" name="os.vendor" value="Cisco"/>
2751
2879
  <param pos="0" name="os.family" value="ASA"/>
2752
2880
  <param pos="0" name="os.product" value="VPN"/>
2881
+ <param pos="0" name="hw.vendor" value="Cisco"/>
2882
+ <param pos="0" name="hw.family" value="ASA"/>
2883
+ <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
2884
+ <param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
2885
+ <param pos="0" name="hw.device" value="Firewall"/>
2753
2886
  </fingerprint>
2754
2887
  <fingerprint pattern="^DesktopAuthority/(.*)$">
2755
2888
  <description>ScriptLogic DesktopAuthority</description>
@@ -2781,6 +2914,8 @@
2781
2914
  <param pos="0" name="os.vendor" value="Xerox"/>
2782
2915
  <param pos="0" name="os.product" value="Unknown"/>
2783
2916
  <param pos="0" name="os.device" value="Printer"/>
2917
+ <param pos="0" name="hw.vendor" value="Xerox"/>
2918
+ <param pos="0" name="hw.device" value="Printer"/>
2784
2919
  </fingerprint>
2785
2920
  <fingerprint pattern="^Adaptec ASM (\S+)$">
2786
2921
  <description>Adaptec - Adaptec Storage Manager (runs on Windows Only)</description>
@@ -2851,6 +2986,10 @@
2851
2986
  <param pos="0" name="os.family" value="Document Centre"/>
2852
2987
  <param pos="0" name="os.product" value="Document Centre"/>
2853
2988
  <param pos="0" name="os.device" value="Printer"/>
2989
+ <param pos="0" name="hw.vendor" value="Xerox"/>
2990
+ <param pos="0" name="hw.family" value="Document Centre"/>
2991
+ <param pos="0" name="hw.product" value="Document Centre"/>
2992
+ <param pos="0" name="hw.device" value="Printer"/>
2854
2993
  </fingerprint>
2855
2994
  <fingerprint pattern="^TSM_HTTP/\d\.\d$">
2856
2995
  <description>IBM Tivoli Storage Manager</description>
@@ -2887,6 +3026,7 @@
2887
3026
  <example>RealVNC/4.0</example>
2888
3027
  <param pos="0" name="service.vendor" value="RealVNC Ltd."/>
2889
3028
  <param pos="0" name="service.product" value="RealVNC"/>
3029
+ <param pos="0" name="service.cpe23" value="cpe:/a:realvnc:realvnc:-"/>
2890
3030
  </fingerprint>
2891
3031
  <fingerprint pattern="(Agranat|Conexant|(?:Globespan)?Virata)-EmWeb/(.*)$">
2892
3032
  <description>EmWeb variants</description>
@@ -2929,9 +3069,10 @@
2929
3069
  <description>Polycom Soundpoint IP Telephone</description>
2930
3070
  <example>Polycom SoundPoint IP Telephone HTTPd</example>
2931
3071
  <param pos="0" name="service.vendor" value="Polycom"/>
2932
- <param pos="0" name="service.product" value="SoundPoint"/>
2933
- <param pos="0" name="os.vendor" value="Polycom"/>
2934
- <param pos="0" name="os.product" value="SoundPoint"/>
3072
+ <param pos="0" name="service.family" value="SoundPoint"/>
3073
+ <param pos="0" name="hw.vendor" value="Polycom"/>
3074
+ <param pos="0" name="hw.family" value="SoundPoint"/>
3075
+ <param pos="0" name="hw.device" value="VoIP"/>
2935
3076
  </fingerprint>
2936
3077
  <!-- 4D WebSTAR was aquired by Kerio but it seems that both
2937
3078
  Kerio and 4D have branched the product. The 4D banners
@@ -3007,8 +3148,9 @@
3007
3148
  <fingerprint pattern="^TornadoServer/((?:\d+\.)*\d+)$" flags="REG_ICASE">
3008
3149
  <description>Tornado Python web framework and asynchronous networking library.</description>
3009
3150
  <example>TornadoServer/4.0.2</example>
3010
- <param pos="0" name="service.vendor" value="Tornado"/>
3151
+ <param pos="0" name="service.vendor" value="TornadoWeb"/>
3011
3152
  <param pos="0" name="service.product" value="Tornado"/>
3153
+ <param pos="0" name="service.cpe23" value="cpe:/a:tornadoweb:tornado:{service.version}"/>
3012
3154
  <param pos="0" name="service.family" value="Tornado"/>
3013
3155
  <param pos="1" name="service.version"/>
3014
3156
  </fingerprint>
@@ -3059,31 +3201,48 @@
3059
3201
  <param pos="0" name="service.family" value="Lotus Expeditor"/>
3060
3202
  <param pos="1" name="service.version"/>
3061
3203
  </fingerprint>
3062
- <fingerprint pattern="^GoAhead-Webs$">
3063
- <description>An embedded web server developed by GoAhead Software, which was later acquired by Oracle.</description>
3204
+ <!-- GoAhead software was acquired by Oracle in 2011. They later handed this
3205
+ off to (E)Mbedthis. Version 3.0 released in October 2012 appears to be
3206
+ the first version to fully be Mbedthis software.
3207
+ -->
3208
+ <fingerprint pattern="^GoAhead-(?:Webs|http)$">
3209
+ <description>GoAhead-Webs - no version</description>
3064
3210
  <example>GoAhead-Webs</example>
3065
3211
  <param pos="0" name="service.vendor" value="Oracle"/>
3066
3212
  <param pos="0" name="service.product" value="GoAhead Webserver"/>
3067
3213
  <param pos="0" name="service.family" value="GoAhead Webserver"/>
3068
3214
  </fingerprint>
3069
- <fingerprint pattern="^Mbedthis-Appweb/((?:\d+\.)*\d+)$">
3070
- <description>An embedded web server for hosting dynamic web applications.</description>
3071
- <example>Mbedthis-Appweb/2.4.0</example>
3215
+ <fingerprint pattern="^GoAhead-(?:Webs|http)\/([\d.]+)(?: PeerSec-MatrixSSL\/[\d.]+-OPEN)?$">
3216
+ <description>GoAhead-Webs - version</description>
3217
+ <example service.version="2.5.0">GoAhead-Webs/2.5.0 PeerSec-MatrixSSL/3.4.2-OPEN</example>
3218
+ <example>GoAhead-Webs/2.5.0</example>
3219
+ <param pos="0" name="service.vendor" value="Oracle"/>
3220
+ <param pos="0" name="service.product" value="GoAhead Webserver"/>
3221
+ <param pos="0" name="service.family" value="GoAhead Webserver"/>
3222
+ <param pos="1" name="service.version"/>
3223
+ </fingerprint>
3224
+ <!-- MBedthis changed its name/branding to Embedthis-->
3225
+ <fingerprint pattern="^Mbedthis-App[Ww]eb/([\d.]+)$">
3226
+ <description>Mbedthis Appweb</description>
3227
+ <example service.version="2.4.0">Mbedthis-Appweb/2.4.0</example>
3228
+ <example service.version="2.4.0">Mbedthis-AppWeb/2.4.0</example>
3072
3229
  <example>Mbedthis-Appweb/2.4.2</example>
3073
3230
  <example>Mbedthis-Appweb/2</example>
3074
- <param pos="0" name="service.vendor" value="Embedthis"/>
3231
+ <param pos="0" name="service.vendor" value="Mbedthis Software"/>
3075
3232
  <param pos="0" name="service.product" value="Appweb"/>
3076
3233
  <param pos="0" name="service.family" value="Appweb"/>
3077
3234
  <param pos="1" name="service.version"/>
3078
- <param pos="0" name="service.cpe23" value="cpe:/a:embedthis:appweb:{service.version}"/>
3079
3235
  </fingerprint>
3080
- <fingerprint pattern="^Embedthis-http$">
3081
- <description>An embedded web server for hosting dynamic web applications.</description>
3236
+ <fingerprint pattern="^Embedthis-(?:Appweb|http)\/?(:?[\d.]+)?$">
3237
+ <description>Embedthis AppWeb</description>
3238
+ <example service.version="3.2.3">Embedthis-Appweb/3.2.3</example>
3082
3239
  <example>Embedthis-http</example>
3240
+ <example service.version="4.0.0">Embedthis-http/4.0.0</example>
3083
3241
  <param pos="0" name="service.vendor" value="Embedthis"/>
3084
3242
  <param pos="0" name="service.product" value="Appweb"/>
3243
+ <param pos="0" name="service.cpe23" value="cpe:/a:embedthis:appweb:{service.version}"/>
3085
3244
  <param pos="0" name="service.family" value="Appweb"/>
3086
- <param pos="0" name="service.cpe23" value="cpe:/a:embedthis:appweb:-"/>
3245
+ <param pos="1" name="service.version"/>
3087
3246
  </fingerprint>
3088
3247
  <fingerprint pattern="^Avaya CMBE/((?:\d+\.)*\d+)$">
3089
3248
  <description>Web server for Avaya Aura Communication Manager Branch, a SIP-based communications platform.</description>
@@ -3126,10 +3285,12 @@
3126
3285
  <param pos="1" name="service.version"/>
3127
3286
  <param pos="0" name="service.cpe23" value="cpe:/a:apple:cups:{service.version}"/>
3128
3287
  </fingerprint>
3129
- <fingerprint pattern="^TwistedWeb/((?:\d\.)+\d+)$">
3130
- <description>An HTTP server, HTML templating engind, and HTTP client library from Twisted Labs.</description>
3288
+ <fingerprint pattern="^TwistedWeb/([\d.rc]+)$">
3289
+ <description>Twisted Matrix Labs - TwistedWeb</description>
3131
3290
  <example>TwistedWeb/2.5.0</example>
3132
- <param pos="0" name="service.vendor" value="Twisted Matrix Labs"/>
3291
+ <example service.version="16.4.0">TwistedWeb/16.4.0</example>
3292
+ <example service.version="16.5.0rc2">TwistedWeb/16.5.0rc2</example>
3293
+ <param pos="0" name="service.vendor" value="TwistedMatrix"/>
3133
3294
  <param pos="0" name="service.product" value="Twisted Web"/>
3134
3295
  <param pos="0" name="service.family" value="Twisted Web"/>
3135
3296
  <param pos="1" name="service.version"/>
@@ -3244,6 +3405,9 @@
3244
3405
  <param pos="0" name="service.family" value="Network Printer Manager"/>
3245
3406
  <param pos="1" name="service.version"/>
3246
3407
  </fingerprint>
3408
+ <!-- NOTE: '$ProjectRevision: {some version string} $' has been seen in a
3409
+ variety of products including printers, PDUs, etc.
3410
+ -->
3247
3411
  <fingerprint pattern="^\$ProjectRevision: 4.0.2.38 \$$">
3248
3412
  <description>This banner is seen on some HP LaserJet printers.</description>
3249
3413
  <example>$ProjectRevision: 4.0.2.38 $</example>
@@ -3282,6 +3446,7 @@
3282
3446
  <param pos="0" name="service.product" value="Cross Web Server"/>
3283
3447
  <param pos="0" name="os.vendor" value="HiSilicon"/>
3284
3448
  <param pos="0" name="os.device" value="DVR"/>
3449
+ <param pos="0" name="hw.device" value="DVR"/>
3285
3450
  </fingerprint>
3286
3451
  <!-- Hikvision is OEMd by a number of DVR manufacturers -->
3287
3452
  <fingerprint pattern="^(?:Hikvision|DVRDVS)-Webs$">
@@ -3292,6 +3457,16 @@
3292
3457
  <param pos="0" name="service.product" value="Hikvision Web Server"/>
3293
3458
  <param pos="0" name="os.vendor" value="Hikvision"/>
3294
3459
  <param pos="0" name="os.device" value="DVR"/>
3460
+ <param pos="0" name="hw.device" value="DVR"/>
3461
+ </fingerprint>
3462
+ <fingerprint pattern="^DNVRS-Webs$">
3463
+ <description>Hikvision httpd</description>
3464
+ <example>DNVRS-Webs</example>
3465
+ <param pos="0" name="service.vendor" value="Hikvision"/>
3466
+ <param pos="0" name="service.product" value="Hikvision Web Server"/>
3467
+ <param pos="0" name="os.vendor" value="Hikvision"/>
3468
+ <param pos="0" name="os.device" value="DVR"/>
3469
+ <param pos="0" name="hw.device" value="DVR"/>
3295
3470
  </fingerprint>
3296
3471
  <fingerprint pattern="^NET-DK[/ ](\d+\.\d+)$">
3297
3472
  <description>Web server found on ARRIS cable modems</description>
@@ -3302,6 +3477,8 @@
3302
3477
  <param pos="1" name="service.version"/>
3303
3478
  <param pos="0" name="os.vendor" value="ARRIS"/>
3304
3479
  <param pos="0" name="os.device" value="Cable Modem"/>
3480
+ <param pos="0" name="hw.vendor" value="ARRIS"/>
3481
+ <param pos="0" name="hw.device" value="Cable Modem"/>
3305
3482
  </fingerprint>
3306
3483
  <!-- junit says,
3307
3484
  "Example pattern '' from http_servers.xml didn't match pattern '^$'"
@@ -3320,6 +3497,10 @@
3320
3497
  <description>Obfuscated web server -- assert nothing.</description>
3321
3498
  <example>Web-Server/3.0</example>
3322
3499
  </fingerprint>
3500
+ <fingerprint pattern="^httpd$">
3501
+ <description>httpd - generic -- assert nothing.</description>
3502
+ <example>httpd</example>
3503
+ </fingerprint>
3323
3504
  <!-- Service provider equipment (CDNs, etc) -->
3324
3505
  <fingerprint pattern="^AkamaiGHost$">
3325
3506
  <description>Akamai Global Host</description>
@@ -3422,4 +3603,71 @@
3422
3603
  <param pos="0" name="service.family" value="Intel(R) Active Management Technology"/>
3423
3604
  <param pos="1" name="service.version"/>
3424
3605
  </fingerprint>
3606
+ <fingerprint pattern="^Sunny WebBox$">
3607
+ <description>Sunny WebBox</description>
3608
+ <example>Sunny WebBox</example>
3609
+ <param pos="0" name="service.vendor" value="SMA Solar Technology Ag"/>
3610
+ <param pos="0" name="service.family" value="Sunny"/>
3611
+ <param pos="0" name="service.product" value="WebBox"/>
3612
+ <param pos="0" name="hw.family" value="Sunny"/>
3613
+ <param pos="0" name="hw.product" value="WebBox"/>
3614
+ <param pos="0" name="hw.device" value="Power Management"/>
3615
+ <param pos="0" name="os.vendor" value="Microsoft"/>
3616
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:-"/>
3617
+ <param pos="0" name="os.family" value="Windows"/>
3618
+ <param pos="0" name="os.product" value="Windows CE"/>
3619
+ </fingerprint>
3620
+ <fingerprint pattern="^EnergyICT RTU \d+-\w+-\d+$">
3621
+ <description>EnergyICT RTU</description>
3622
+ <example>EnergyICT RTU 101-F25CE1-1524</example>
3623
+ <param pos="0" name="hw.family" value="Honeywell"/>
3624
+ <param pos="0" name="hw.product" value="RTU"/>
3625
+ <param pos="0" name="hw.device" value="Power Management"/>
3626
+ </fingerprint>
3627
+ <fingerprint pattern="^AV-TECH AV787 Video Web Server$">
3628
+ <description>AV-TECH AVC787 Video Web Server</description>
3629
+ <example>AV-TECH AV787 Video Web Server</example>
3630
+ <param pos="0" name="service.vendor" value="AVTECH"/>
3631
+ <param pos="0" name="service.family" value="MPEG4 DVR"/>
3632
+ <param pos="0" name="service.product" value="HTTPD"/>
3633
+ <param pos="0" name="hw.family" value="MPEG4 DVR"/>
3634
+ <param pos="0" name="hw.product" value="AVC787"/>
3635
+ <param pos="0" name="hw.device" value="DVR"/>
3636
+ </fingerprint>
3637
+ <fingerprint pattern="^tivo-httpd-\S+$">
3638
+ <description>Tivo DVR</description>
3639
+ <example>tivo-httpd-1:20.7.4.RC35-D18-6:D18</example>
3640
+ <param pos="0" name="hw.vendor" value="Tivo"/>
3641
+ <param pos="0" name="hw.family" value="DVR"/>
3642
+ <param pos="0" name="hw.device" value="DVR"/>
3643
+ </fingerprint>
3644
+ <!-- Tridium previously had a product with the 'Niagra' spelling -->
3645
+ <fingerprint pattern="^Niagara Web Server\/([\d.]+)$">
3646
+ <description>Tridium Niagara AX Framework</description>
3647
+ <example service.version="3.8.111">Niagara Web Server/3.8.111</example>
3648
+ <param pos="0" name="service.vendor" value="Tridium"/>
3649
+ <param pos="0" name="service.family" value="Niagara"/>
3650
+ <param pos="0" name="service.product" value="Niagara AX"/>
3651
+ <param pos="1" name="service.version"/>
3652
+ </fingerprint>
3653
+ <fingerprint pattern="^Microsoft WinCE Fidelix v([\d.]+)$">
3654
+ <description>Fidelix Industrial Control Web Server</description>
3655
+ <example service.version="11.50.29">Microsoft WinCE Fidelix v11.50.29</example>
3656
+ <param pos="0" name="os.certainty" value="0.9"/>
3657
+ <param pos="0" name="os.vendor" value="Microsoft"/>
3658
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:-"/>
3659
+ <param pos="0" name="os.family" value="Windows"/>
3660
+ <param pos="0" name="os.product" value="Windows CE"/>
3661
+ <param pos="0" name="service.vendor" value="Fidelix"/>
3662
+ <param pos="0" name="service.product" value="Web Server"/>
3663
+ <param pos="1" name="service.version"/>
3664
+ <param pos="0" name="hw.vendor" value="Fidelix"/>
3665
+ <param pos="0" name="hw.device" value="Industrial Control"/>
3666
+ </fingerprint>
3667
+ <fingerprint pattern="^chainpoint-node$">
3668
+ <description>Chainpoint Node</description>
3669
+ <example>chainpoint-node</example>
3670
+ <param pos="0" name="service.vendor" value="Chainpoint"/>
3671
+ <param pos="0" name="service.product" value="Node"/>
3672
+ </fingerprint>
3425
3673
  </fingerprints>