recog 2.1.22 → 2.1.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/cpe-remap.yaml +125 -0
- data/lib/recog/version.rb +1 -1
- data/spec/lib/fingerprint_self_test_spec.rb +4 -0
- data/update_cpes.py +5 -21
- data/xml/dns_versionbind.xml +1 -1
- data/xml/hp_pjl_id.xml +0 -41
- data/xml/http_cookies.xml +8 -0
- data/xml/http_servers.xml +5 -1399
- data/xml/http_wwwauth.xml +0 -94
- data/xml/sip_user_agents.xml +0 -11
- data/xml/snmp_sysdescr.xml +0 -896
- data/xml/ssh_banners.xml +5 -0
- data/xml/telnet_banners.xml +819 -0
- data/xml/upnp_banners.xml +0 -227
- metadata +5 -4
- data/remap.json +0 -135
data/xml/ssh_banners.xml
CHANGED
|
@@ -5,6 +5,11 @@
|
|
|
5
5
|
the identification string after "SSH-x.x-") are matched against these patterns to
|
|
6
6
|
fingerprint SSH servers.
|
|
7
7
|
-->
|
|
8
|
+
<fingerprint pattern="^ArrayOS$">
|
|
9
|
+
<description>Array Networks device</description>
|
|
10
|
+
<example>ArrayOS</example>
|
|
11
|
+
<param pos="0" name="service.vendor" value="Array Networks"/>
|
|
12
|
+
</fingerprint>
|
|
8
13
|
<fingerprint pattern="^RomSShell_([\d\.]+)$">
|
|
9
14
|
<description>Allegro RomSShell SSH</description>
|
|
10
15
|
<example service.version="4.62">RomSShell_4.62</example>
|
|
@@ -0,0 +1,819 @@
|
|
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
|
2
|
+
<fingerprints protocol="telnet" database_type="service" preference=".80">
|
|
3
|
+
<!--
|
|
4
|
+
TELNET banners with CR/LF/whitespace trimmed from either end.
|
|
5
|
+
Examples with CR, LF, etc must be base64 encoded in order to past tests.
|
|
6
|
+
Please follow the style established below.
|
|
7
|
+
-->
|
|
8
|
+
<!--
|
|
9
|
+
The following 'assert nothing' block is intended to handle banners so simple
|
|
10
|
+
that they cannot be attributed to a product or vendor. They are at the
|
|
11
|
+
beginning of the file as a performance tweak given how frequenty they occur.
|
|
12
|
+
|
|
13
|
+
NOTE:
|
|
14
|
+
Due to the multi-line nature of TELNET banners the regex are leveraging \A
|
|
15
|
+
instead of ^ to prevent matching in the beginning of a 'line' (^) instead of
|
|
16
|
+
at the beginning of the string (\A). This has been verified to work with
|
|
17
|
+
Ruby, Python, Java, and Golang.
|
|
18
|
+
-->
|
|
19
|
+
<fingerprint pattern="\A(?i)(?:\r|\n)*login:\s*$">
|
|
20
|
+
<description>bare 'login:' -- assert nothing.</description>
|
|
21
|
+
<example>login:</example>
|
|
22
|
+
</fingerprint>
|
|
23
|
+
<fingerprint pattern="\A(?i)(?:\r|\n)*User(?:name)?\s*:\s*$">
|
|
24
|
+
<description>bare 'Username:' -- assert nothing.</description>
|
|
25
|
+
<example>Username:</example>
|
|
26
|
+
<example>User:</example>
|
|
27
|
+
</fingerprint>
|
|
28
|
+
<fingerprint pattern="\A(?i)(?:\r|\n)*Password:\s*$">
|
|
29
|
+
<description>bare 'Password:' -- assert nothing.</description>
|
|
30
|
+
<example>Password:</example>
|
|
31
|
+
</fingerprint>
|
|
32
|
+
<fingerprint pattern="\A(?i)(?:\r|\n)*Account:\s*$">
|
|
33
|
+
<description>bare 'Account:' -- assert nothing.</description>
|
|
34
|
+
<example>Account:</example>
|
|
35
|
+
</fingerprint>
|
|
36
|
+
<fingerprint pattern="\A(?i)Connection refused(?:\r|\n)*$">
|
|
37
|
+
<description>bare 'Connection refused' -- assert nothing.</description>
|
|
38
|
+
<example>Connection refused</example>
|
|
39
|
+
</fingerprint>
|
|
40
|
+
<!-- end of assert nothing block -->
|
|
41
|
+
<fingerprint pattern="^(?:\r|\n)*User Access Verification(?:\r|\n)+(?:Username|Password):\s*$">
|
|
42
|
+
<description>Cisco switch or router - user access variant</description>
|
|
43
|
+
<!-- User Access Verification\r\n\r\nUsername: -->
|
|
44
|
+
<example _encoding="base64">VXNlciBBY2Nlc3MgVmVyaWZpY2F0aW9uDQoNClVzZXJuYW1lOgo=</example>
|
|
45
|
+
<!-- User Access Verification\r\n\r\nPassword: -->
|
|
46
|
+
<example _encoding="base64">VXNlciBBY2Nlc3MgVmVyaWZpY2F0aW9uDQoNClBhc3N3b3JkOgo=</example>
|
|
47
|
+
<param pos="0" name="service.vendor" value="Cisco"/>
|
|
48
|
+
<param pos="0" name="os.vendor" value="Cisco"/>
|
|
49
|
+
<param pos="0" name="hw.vendor" value="Cisco"/>
|
|
50
|
+
</fingerprint>
|
|
51
|
+
<fingerprint pattern="^(?:\r|\n)*Password required, but none set(?:\r|\n)*$">
|
|
52
|
+
<description>Cisco switch or router - password not set variant</description>
|
|
53
|
+
<example>Password required, but none set</example>
|
|
54
|
+
<param pos="0" name="service.vendor" value="Cisco"/>
|
|
55
|
+
<param pos="0" name="os.vendor" value="Cisco"/>
|
|
56
|
+
<param pos="0" name="hw.vendor" value="Cisco"/>
|
|
57
|
+
</fingerprint>
|
|
58
|
+
<fingerprint pattern="^(?:\r|\n)*MikroTik v([\w.]+)(?: \(\w+\))?(?:\r|\n)+Login:\s*$">
|
|
59
|
+
<description>MikroTik RouterOS</description>
|
|
60
|
+
<!-- MikroTik v5.2\r\nLogin: -->
|
|
61
|
+
<example _encoding="base64" os.version="5.2">TWlrcm9UaWsgdjUuMg0KTG9naW46Cg==</example>
|
|
62
|
+
<!-- MikroTik v6.42.3 (stable)\r\nLogin: -->
|
|
63
|
+
<example _encoding="base64" os.version="6.42.3">TWlrcm9UaWsgdjYuNDIuMyAoc3RhYmxlKQ0KTG9naW46Cg==</example>
|
|
64
|
+
<!-- MikroTik v6.40.8 (bugfix)\r\nLogin: -->
|
|
65
|
+
<example _encoding="base64" os.version="6.40.8">TWlrcm9UaWsgdjYuNDAuOCAoYnVnZml4KQ0KTG9naW46Cg==</example>
|
|
66
|
+
<!-- MikroTik v6.36rc12 (testing)\r\nLogin: -->
|
|
67
|
+
<example _encoding="base64" os.version="6.36rc12">TWlrcm9UaWsgdjYuMzZyYzEyICh0ZXN0aW5nKQ0KTG9naW46Cg==</example>
|
|
68
|
+
<param pos="0" name="os.vendor" value="MikroTik"/>
|
|
69
|
+
<param pos="0" name="os.device" value="Router"/>
|
|
70
|
+
<param pos="0" name="os.product" value="RouterOS"/>
|
|
71
|
+
<param pos="1" name="os.version"/>
|
|
72
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
|
|
73
|
+
<param pos="0" name="hw.vendor" value="MikroTik"/>
|
|
74
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
75
|
+
</fingerprint>
|
|
76
|
+
<fingerprint pattern="^(?:\r|\n)?ZXHN (\w+)(?: V([\d.]+))?(?:\r|\n)*Login:\s*$">
|
|
77
|
+
<description>ZTE ZXHN router</description>
|
|
78
|
+
<!-- ZXHN H108N\r\nLogin: -->
|
|
79
|
+
<example _encoding="base64" hw.product="H108N">WlhITiBIMTA4Tg0KTG9naW46Cg==</example>
|
|
80
|
+
<!-- ZXHN H298A V1.1\r\nLogin: -->
|
|
81
|
+
<example _encoding="base64" hw.product="H298A" hw.version="1.1">WlhITiBIMjk4QSBWMS4xDQpMb2dpbjoK</example>
|
|
82
|
+
<!-- ZXHN H367N\r\n\rLogin: -->
|
|
83
|
+
<example _encoding="base64" hw.product="H367N">WlhITiBIMzY3Tg0KDUxvZ2luOgo=</example>
|
|
84
|
+
<param pos="0" name="hw.vendor" value="ZTE"/>
|
|
85
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
86
|
+
<param pos="0" name="hw.family" value="ZXHN"/>
|
|
87
|
+
<param pos="1" name="hw.product"/>
|
|
88
|
+
<param pos="2" name="hw.version"/>
|
|
89
|
+
</fingerprint>
|
|
90
|
+
<fingerprint pattern="^(F6\d+\w?)\r\n\rLogin:\s*$">
|
|
91
|
+
<description>ZTE F6xx series GPON router</description>
|
|
92
|
+
<!-- F668\r\n\rLogin: -->
|
|
93
|
+
<example _encoding="base64" hw.product="F668">RjY2OA0KDUxvZ2luOgo=</example>
|
|
94
|
+
<!-- F612W\r\n\rLogin: -->
|
|
95
|
+
<example _encoding="base64" hw.product="F612W">RjYxMlcNCg1Mb2dpbjoK</example>
|
|
96
|
+
<param pos="0" name="hw.vendor" value="ZTE"/>
|
|
97
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
98
|
+
<param pos="1" name="hw.product"/>
|
|
99
|
+
</fingerprint>
|
|
100
|
+
<fingerprint pattern="^(?:\r|\n)*DD-WRT v([\d.]+)(?:-(\w+))? ([\w-]+) \(c\) \d{4} NewMedia-NET GmbH(?:\r|\n)+Release: \d+\/\d+\/\d+ \(SVN revision: ([:\w]+)\)(?:\r|\n)+.* login:\s*$">
|
|
101
|
+
<description>DD-WRT - 24 family</description>
|
|
102
|
+
<!-- DD-WRT v24-sp2 mini (c) 2013 NewMedia-NET GmbH\r\nRelease: 05/27/13 (SVN revision: 21676)\r\n\r\nDD-WRT login: -->
|
|
103
|
+
<example _encoding="base64" os.version="24" os.version.version="sp2" os.edition="mini" os.build="21676">
|
|
104
|
+
REQtV1JUIHYyNC1zcDIgbWluaSAoYykgMjAxMyBOZXdNZWRpYS1ORVQgR21iSA0KUmVsZWFzZ
|
|
105
|
+
TogMDUvMjcvMTMgKFNWTiByZXZpc2lvbjogMjE2NzYpDQoNCkRELVdSVCBsb2dpbjoK
|
|
106
|
+
</example>
|
|
107
|
+
<!-- DD-WRT v24 micro (c) 2010 NewMedia-NET GmbH\r\nRelease: 08/07/10 (SVN revision: 14896)\r\n\r\nProliant DL980R07 X6550 8-core 4P SAS login: -->
|
|
108
|
+
<example _encoding="base64" os.version="24" os.edition="micro" os.build="14896">
|
|
109
|
+
REQtV1JUIHYyNCBtaWNybyAoYykgMjAxMCBOZXdNZWRpYS1ORVQgR21iSA0KUmVsZWFzZTogM
|
|
110
|
+
DgvMDcvMTAgKFNWTiByZXZpc2lvbjogMTQ4OTYpDQoNClByb2xpYW50IERMOTgwUjA3IFg2NT
|
|
111
|
+
UwIDgtY29yZSA0UCBTQVMgbG9naW46Cg==
|
|
112
|
+
</example>
|
|
113
|
+
<param pos="0" name="os.vendor" value="DD-WRT"/>
|
|
114
|
+
<param pos="0" name="os.product" value="DD-WRT"/>
|
|
115
|
+
<param pos="0" name="os.device" value="Router"/>
|
|
116
|
+
<param pos="1" name="os.version"/>
|
|
117
|
+
<param pos="2" name="os.version.version"/>
|
|
118
|
+
<param pos="3" name="os.edition"/>
|
|
119
|
+
<param pos="4" name="os.build"/>
|
|
120
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
121
|
+
</fingerprint>
|
|
122
|
+
<fingerprint pattern="^(?:\r|\n)*DD-WRT v(3.\d)-(r([\w]+)) ([\w-]+) \(c\) \d{4} NewMedia-NET GmbH(?:\r|\n)+Release: \d+\/\d+\/\d+(?:\r|\n)+.* login:\s*$">
|
|
123
|
+
<description>DD-WRT - 3.0 family</description>
|
|
124
|
+
<!-- DD-WRT v3.0-r34886M std (c) 2018 NewMedia-NET GmbH\r\nRelease: 02/10/18\r\n\r\nwibrate login: -->
|
|
125
|
+
<example _encoding="base64" os.version="3.0" os.version.version="r34886M" os.edition="std" os.build="34886M">
|
|
126
|
+
REQtV1JUIHYzLjAtcjM0ODg2TSBzdGQgKGMpIDIwMTggTmV3TWVkaWEtTkVUIEdtYkgNClJlb
|
|
127
|
+
GVhc2U6IDAyLzEwLzE4DQoNCndpYnJhdGUgbG9naW46Cg==
|
|
128
|
+
</example>
|
|
129
|
+
<param pos="0" name="os.vendor" value="DD-WRT"/>
|
|
130
|
+
<param pos="0" name="os.product" value="DD-WRT"/>
|
|
131
|
+
<param pos="0" name="os.device" value="Router"/>
|
|
132
|
+
<param pos="1" name="os.version"/>
|
|
133
|
+
<param pos="2" name="os.version.version"/>
|
|
134
|
+
<param pos="3" name="os.build"/>
|
|
135
|
+
<param pos="4" name="os.edition"/>
|
|
136
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
137
|
+
</fingerprint>
|
|
138
|
+
<fingerprint pattern="^(TD-\w+) [\d.]+ DSL Modem Router(?:\r|\n)+Authorization failed after trying \d+ times!!!\.(?:\r|\n)+Please login after \d+ seconds!\s*$">
|
|
139
|
+
<description>TP-LINK TD Family DSL Modem/Router</description>
|
|
140
|
+
<!-- TD-W8960N 5.0 DSL Modem Router\r\nAuthorization failed after trying 5 times!!!.\r\nPlease login after 416 seconds! -->
|
|
141
|
+
<example _encoding="base64" hw.product="TD-W8960N">
|
|
142
|
+
VEQtVzg5NjBOIDUuMCBEU0wgTW9kZW0gUm91dGVyDQpBdXRob3JpemF0aW9uIGZhaWxlZCBhZ
|
|
143
|
+
nRlciB0cnlpbmcgNSB0aW1lcyEhIS4NClBsZWFzZSBsb2dpbiBhZnRlciA0MTYgc2Vjb25kcy
|
|
144
|
+
E=
|
|
145
|
+
</example>
|
|
146
|
+
<param pos="0" name="hw.vendor" value="TP-Link"/>
|
|
147
|
+
<param pos="1" name="hw.product"/>
|
|
148
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
149
|
+
</fingerprint>
|
|
150
|
+
<fingerprint pattern="^(?:\r|\n)*ZyXEL login:$">
|
|
151
|
+
<description>ZyXEL simple</description>
|
|
152
|
+
<example>ZyXEL login:</example>
|
|
153
|
+
<param pos="0" name="hw.vendor" value="ZyXEL"/>
|
|
154
|
+
</fingerprint>
|
|
155
|
+
<fingerprint pattern="^ZyXEL \w?DSL Router\r\nLogin:$">
|
|
156
|
+
<description>ZyXEL Router - simple</description>
|
|
157
|
+
<!-- ZyXEL VDSL Router\r\nLogin: -->
|
|
158
|
+
<example _encoding="base64">WnlYRUwgVkRTTCBSb3V0ZXINCkxvZ2luOgo=</example>
|
|
159
|
+
<param pos="0" name="hw.vendor" value="ZyXEL"/>
|
|
160
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
161
|
+
</fingerprint>
|
|
162
|
+
<fingerprint pattern="^Debian GNU\/Linux 9(?:\r|\n)+([\w.-]+) login:\s*$">
|
|
163
|
+
<description>Debian 9.0 (stretch)</description>
|
|
164
|
+
<!-- Debian GNU/Linux 9\r\nserver-01.2 login: -->
|
|
165
|
+
<example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA5DQpzZXJ2ZXItMDEuMiBsb2dpbjoK</example>
|
|
166
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
167
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
168
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
169
|
+
<param pos="0" name="os.version" value="9.0"/>
|
|
170
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:9.0"/>
|
|
171
|
+
<param pos="1" name="host.name"/>
|
|
172
|
+
</fingerprint>
|
|
173
|
+
<fingerprint pattern="^Debian GNU\/Linux 8(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
|
|
174
|
+
<description>Debian 8.0 (jessie)</description>
|
|
175
|
+
<!-- Debian GNU/Linux 8\r\nserver-01.2 login: -->
|
|
176
|
+
<example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA4DQpzZXJ2ZXItMDEuMiBsb2dpbjoK</example>
|
|
177
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
178
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
179
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
180
|
+
<param pos="0" name="os.version" value="8.0"/>
|
|
181
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:8.0"/>
|
|
182
|
+
<param pos="1" name="host.name"/>
|
|
183
|
+
</fingerprint>
|
|
184
|
+
<fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux 7(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
|
|
185
|
+
<description>Debian 7.0 (wheezy)</description>
|
|
186
|
+
<!-- Debian GNU/Linux 7\r\nserver-01.2 login: -->
|
|
187
|
+
<example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA3DQpzZXJ2ZXItMDEuMiBsb2dpbjoK</example>
|
|
188
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
189
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
190
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
191
|
+
<param pos="0" name="os.version" value="7.0"/>
|
|
192
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:7.0"/>
|
|
193
|
+
<param pos="1" name="host.name"/>
|
|
194
|
+
</fingerprint>
|
|
195
|
+
<fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux 6(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
|
|
196
|
+
<description>Debian 6.0 (sqeeze)</description>
|
|
197
|
+
<!-- Debian GNU/Linux 6.0\r\nserver-01.2 login: -->
|
|
198
|
+
<example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA2LjANCnNlcnZlci0wMS4yIGxvZ2luOgo=</example>
|
|
199
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
200
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
201
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
202
|
+
<param pos="0" name="os.version" value="6.0"/>
|
|
203
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:6.0"/>
|
|
204
|
+
<param pos="1" name="host.name"/>
|
|
205
|
+
</fingerprint>
|
|
206
|
+
<fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux 5(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
|
|
207
|
+
<description>Debian 5.0 (lenny)</description>
|
|
208
|
+
<!-- Debian GNU/Linux 5.0\r\nserver-01.2 login: -->
|
|
209
|
+
<example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA1LjANCnNlcnZlci0wMS4yIGxvZ2luOgo=</example>
|
|
210
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
211
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
212
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
213
|
+
<param pos="0" name="os.version" value="5.0"/>
|
|
214
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:5.0"/>
|
|
215
|
+
<param pos="1" name="host.name"/>
|
|
216
|
+
</fingerprint>
|
|
217
|
+
<fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux 4(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
|
|
218
|
+
<description>Debian 4.0 (etch)</description>
|
|
219
|
+
<!-- Debian GNU/Linux 4.0\r\nserver-01.2 login: -->
|
|
220
|
+
<example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA0LjANCnNlcnZlci0wMS4yIGxvZ2luOgo=</example>
|
|
221
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
222
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
223
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
224
|
+
<param pos="0" name="os.version" value="4.0"/>
|
|
225
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:4.0"/>
|
|
226
|
+
<param pos="1" name="host.name"/>
|
|
227
|
+
</fingerprint>
|
|
228
|
+
<fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux (3.\d)(?: [\w.-]+)?(?:\r|\n)+([\w.-]+) login:\s*$">
|
|
229
|
+
<description>Debian 3.x (woody/sarge)</description>
|
|
230
|
+
<!-- Debian GNU/Linux 3.1\r\nserver-01.2 login: -->
|
|
231
|
+
<example _encoding="base64" os.version="3.1" host.name="server-01.2">
|
|
232
|
+
RGViaWFuIEdOVS9MaW51eCAzLjENCnNlcnZlci0wMS4yIGxvZ2luOgo=
|
|
233
|
+
</example>
|
|
234
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
235
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
236
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
237
|
+
<param pos="1" name="os.version"/>
|
|
238
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:{os.version}"/>
|
|
239
|
+
<param pos="2" name="host.name"/>
|
|
240
|
+
</fingerprint>
|
|
241
|
+
<fingerprint pattern="^(?:\r|\n)*Ubuntu ([\d.]+)(?: LTS)?(?:\r|\n)+([\w.-]+) login:\s*$">
|
|
242
|
+
<description>Ubuntu - most versions</description>
|
|
243
|
+
<!-- Ubuntu 16.04.4 LTS\r\nserver-01.2 login: -->
|
|
244
|
+
<example _encoding="base64" os.version="16.04.4" host.name="server-01.2">
|
|
245
|
+
VWJ1bnR1IDE2LjA0LjQgTFRTDQpzZXJ2ZXItMDEuMiBsb2dpbjoK
|
|
246
|
+
</example>
|
|
247
|
+
<!-- Ubuntu 17.04\r\nnginx login: -->
|
|
248
|
+
<example _encoding="base64" os.version="17.04" host.name="nginx">
|
|
249
|
+
VWJ1bnR1IDE3LjA0DQpuZ2lueCBsb2dpbjoK
|
|
250
|
+
</example>
|
|
251
|
+
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
|
252
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
253
|
+
<param pos="0" name="os.product" value="Ubuntu Linux"/>
|
|
254
|
+
<param pos="1" name="os.version"/>
|
|
255
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:{os.version}"/>
|
|
256
|
+
<param pos="2" name="host.name"/>
|
|
257
|
+
</fingerprint>
|
|
258
|
+
<fingerprint pattern="(?:\r|\n)*Debian GNU\/Linux (2.\d)(?: [\w.-]+)?(?:\r|\n)+([\w.-]+) login:\s*">
|
|
259
|
+
<description>Debian 2.x (hamm/slink/potato)</description>
|
|
260
|
+
<!-- Debian GNU/Linux 2.2\r\nserver-01.2 login: -->
|
|
261
|
+
<example _encoding="base64" os.version="2.2" host.name="server-01.2">
|
|
262
|
+
RGViaWFuIEdOVS9MaW51eCAyLjINCnNlcnZlci0wMS4yIGxvZ2luOgo=
|
|
263
|
+
</example>
|
|
264
|
+
<!-- Debian GNU/Linux 2.2 localhost.localdomain\r\nmoon login: -->
|
|
265
|
+
<example _encoding="base64" os.version="2.2" host.name="moon">
|
|
266
|
+
RGViaWFuIEdOVS9MaW51eCAyLjIgbG9jYWxob3N0LmxvY2FsZG9tYWluDQptb29uIGxvZ2luOgo=
|
|
267
|
+
</example>
|
|
268
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
269
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
270
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
271
|
+
<param pos="1" name="os.version"/>
|
|
272
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:{os.version}"/>
|
|
273
|
+
<param pos="2" name="host.name"/>
|
|
274
|
+
</fingerprint>
|
|
275
|
+
<fingerprint pattern="^CentOS release ([\d.]+) \(Final\)(?:\r|\n)+Kernel ([\w.-]+) on an (\w+)(?:\r|\n)+(?:([\w.-]+) )?login:\s*$">
|
|
276
|
+
<description>CentOS</description>
|
|
277
|
+
<!-- CentOS release 5.9 (Final)\r\nKernel 2.6.18-348.6.1.el5 on an i686\r\nlogin: -->
|
|
278
|
+
<example _encoding="base64" os.version="5.9" linux.kernel.version="2.6.18-348.6.1.el5" os.arch="i686">
|
|
279
|
+
Q2VudE9TIHJlbGVhc2UgNS45IChGaW5hbCkNCktlcm5lbCAyLjYuMTgtMzQ4LjYuMS5lbDUgb
|
|
280
|
+
24gYW4gaTY4Ng0KbG9naW46Cg==
|
|
281
|
+
</example>
|
|
282
|
+
<!-- CentOS release 6.10 (Final)\r\nKernel 2.6.32-754.2.1.el6.x86_64 on an x86_64\r\nserver-01.2 login: -->
|
|
283
|
+
<example _encoding="base64" os.version="6.10" linux.kernel.version="2.6.32-754.2.1.el6.x86_64" os.arch="x86_64" host.name="server-01.2">
|
|
284
|
+
Q2VudE9TIHJlbGVhc2UgNi4xMCAoRmluYWwpDQpLZXJuZWwgMi42LjMyLTc1NC4yLjEuZWw2L
|
|
285
|
+
ng4Nl82NCBvbiBhbiB4ODZfNjQNCnNlcnZlci0wMS4yIGxvZ2luOgo=
|
|
286
|
+
</example>
|
|
287
|
+
<param pos="0" name="os.vendor" value="CentOS"/>
|
|
288
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
289
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
290
|
+
<param pos="1" name="os.version"/>
|
|
291
|
+
<param pos="2" name="linux.kernel.version"/>
|
|
292
|
+
<param pos="3" name="os.arch"/>
|
|
293
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:{os.version}"/>
|
|
294
|
+
<param pos="4" name="host.name"/>
|
|
295
|
+
</fingerprint>
|
|
296
|
+
<fingerprint pattern="^(?:\r|\n)*(RT-AC\d\d\w) login:\s*$">
|
|
297
|
+
<description>Asus Wireless Access Point/Router - RT-AC prefix</description>
|
|
298
|
+
<example hw.product="RT-AC54U">RT-AC54U login:</example>
|
|
299
|
+
<example hw.product="RT-AC68R">RT-AC68R login:</example>
|
|
300
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
301
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
302
|
+
<param pos="0" name="hw.vendor" value="Asus"/>
|
|
303
|
+
<param pos="0" name="hw.device" value="WAP"/>
|
|
304
|
+
<param pos="1" name="hw.product"/>
|
|
305
|
+
</fingerprint>
|
|
306
|
+
<fingerprint pattern="^(?:\r|\n)*(AC\d\d00) login:\s*$">
|
|
307
|
+
<description>Asus Wireless Access Point/Router - AC prefix</description>
|
|
308
|
+
<example hw.product="AC1000">AC1000 login:</example>
|
|
309
|
+
<example hw.product="AC3000">AC3000 login:</example>
|
|
310
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
311
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
312
|
+
<param pos="0" name="hw.vendor" value="Asus"/>
|
|
313
|
+
<param pos="0" name="hw.device" value="WAP"/>
|
|
314
|
+
<param pos="1" name="hw.product"/>
|
|
315
|
+
</fingerprint>
|
|
316
|
+
<fingerprint pattern="^(?:\r|\n)*(Air5\d+\w{0,2}) login:\s*$">
|
|
317
|
+
<description>Airties</description>
|
|
318
|
+
<example hw.product="Air5650">Air5650 login:</example>
|
|
319
|
+
<example hw.product="Air5650TT">Air5650TT login:</example>
|
|
320
|
+
<param pos="0" name="hw.vendor" value="Airties"/>
|
|
321
|
+
<param pos="0" name="hw.device" value="WAP"/>
|
|
322
|
+
<param pos="1" name="hw.product"/>
|
|
323
|
+
</fingerprint>
|
|
324
|
+
<fingerprint pattern="^Amazon Linux AMI release ([\d.]+)(?:\r|\n)+Kernel ([\w.-]+) on an (\w+)(?:\r|\n)+(?:([\w.-]+) )?login:\s*$">
|
|
325
|
+
<description>Amazon Linux AMI</description>
|
|
326
|
+
<!-- Amazon Linux AMI release 2013.09\r\nKernel 3.4.68-59.97.amzn1.x86_64 on an x86_64\r\nserver-01.2 login: -->
|
|
327
|
+
<example _encoding="base64" os.version="2013.09" linux.kernel.version="3.4.68-59.97.amzn1.x86_64" os.arch="x86_64" host.name="server-01.2">
|
|
328
|
+
QW1hem9uIExpbnV4IEFNSSByZWxlYXNlIDIwMTMuMDkNCktlcm5lbCAzLjQuNjgtNTkuOTcuY
|
|
329
|
+
W16bjEueDg2XzY0IG9uIGFuIHg4Nl82NA0Kc2VydmVyLTAxLjIgbG9naW46Cg==
|
|
330
|
+
</example>
|
|
331
|
+
<param pos="0" name="os.vendor" value="Amazon"/>
|
|
332
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
333
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
334
|
+
<param pos="1" name="os.version"/>
|
|
335
|
+
<param pos="2" name="linux.kernel.version"/>
|
|
336
|
+
<param pos="3" name="os.arch"/>
|
|
337
|
+
<param pos="4" name="host.name"/>
|
|
338
|
+
</fingerprint>
|
|
339
|
+
<fingerprint pattern="^(?m)TiMOS-[CB]-([\S]+) (?:both|cpm)/([\w]+) ALCATEL (SR [\S]+) Copyright.*Login:\s*$">
|
|
340
|
+
<description>ALCATEL Service Router running TiMOS</description>
|
|
341
|
+
<!-- TiMOS-C-12.0.R12 cpm/hops64 ALCATEL SR 7750 Copyright (c) 2000-2015 Alcatel-Lucent.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
|
|
342
|
+
<example _encoding="base64" os.version="12.0.R12" hw.product="SR 7750" os.arch="hops64">
|
|
343
|
+
VGlNT1MtQy0xMi4wLlIxMiBjcG0vaG9wczY0IEFMQ0FURUwgU1IgNzc1MCBDb3B5cmlnaHQgK
|
|
344
|
+
GMpIDIwMDAtMjAxNSBBbGNhdGVsLUx1Y2VudC4NDQpCYW5uZXIgU2hvcnRlbmVkIEZvciANDQ
|
|
345
|
+
pCcmV2aXR5DQpMb2dpbjoK
|
|
346
|
+
</example>
|
|
347
|
+
<param pos="0" name="os.vendor" value="ALCATEL"/>
|
|
348
|
+
<param pos="0" name="os.product" value="TimOS"/>
|
|
349
|
+
<param pos="0" name="os.device" value="Router"/>
|
|
350
|
+
<param pos="1" name="os.version"/>
|
|
351
|
+
<param pos="2" name="os.arch"/>
|
|
352
|
+
<param pos="0" name="hw.vendor" value="ALCATEL"/>
|
|
353
|
+
<param pos="0" name="hw.family" value="Service Router"/>
|
|
354
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
355
|
+
<param pos="3" name="hw.product"/>
|
|
356
|
+
</fingerprint>
|
|
357
|
+
<!-- Nokia purchased Alcatel Lucent, finalized in Nov 2016 -->
|
|
358
|
+
<fingerprint pattern="^(?m)TiMOS-[CB]-([\S]+) (?:both|cpm)\/([\w]+) Nokia ([\S]+ [SRX]+) Copyright.*Login:\s*$">
|
|
359
|
+
<description>Nokia Service Router running TiMOS</description>
|
|
360
|
+
<!-- TiMOS-C-14.0.R5 cpm/hops64 Nokia 7750 SR Copyright (c) 2000-2016 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
|
|
361
|
+
<example _encoding="base64" os.version="14.0.R5" os.arch="hops64" hw.product="7750 SR">
|
|
362
|
+
VGlNT1MtQy0xNC4wLlI1IGNwbS9ob3BzNjQgTm9raWEgNzc1MCBTUiBDb3B5cmlnaHQgKGMpI
|
|
363
|
+
DIwMDAtMjAxNiBOb2tpYS4NDQpCYW5uZXIgU2hvcnRlbmVkIEZvciANDQpCcmV2aXR5DQpMb2
|
|
364
|
+
dpbjoK
|
|
365
|
+
</example>
|
|
366
|
+
<!-- TiMOS-C-14.0.R10 cpm/hops64 Nokia 7950 XRS Copyright (c) 2000-2017 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
|
|
367
|
+
<example _encoding="base64" os.version="14.0.R10" os.arch="hops64" hw.product="7950 XRS">
|
|
368
|
+
VGlNT1MtQy0xNC4wLlIxMCBjcG0vaG9wczY0IE5va2lhIDc5NTAgWFJTIENvcHlyaWdodCAoY
|
|
369
|
+
ykgMjAwMC0yMDE3IE5va2lhLg0NCkJhbm5lciBTaG9ydGVuZWQgRm9yIA0NCkJyZXZpdHkNCk
|
|
370
|
+
xvZ2luOgo=
|
|
371
|
+
</example>
|
|
372
|
+
<param pos="0" name="os.vendor" value="Nokia"/>
|
|
373
|
+
<param pos="0" name="os.product" value="TimOS"/>
|
|
374
|
+
<param pos="0" name="os.device" value="Router"/>
|
|
375
|
+
<param pos="1" name="os.version"/>
|
|
376
|
+
<param pos="2" name="os.arch"/>
|
|
377
|
+
<param pos="0" name="hw.vendor" value="Nokia"/>
|
|
378
|
+
<param pos="0" name="hw.family" value="Service Router"/>
|
|
379
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
380
|
+
<param pos="3" name="hw.product"/>
|
|
381
|
+
</fingerprint>
|
|
382
|
+
<fingerprint pattern="^(?m)TiMOS-[CB]-([\S]+) (?:both|cpm)\/([\w]+) Nokia (SAS[+\w\s-]+) Copyright.*Login:\s*$">
|
|
383
|
+
<description>Nokia Service Access Switch running TiMOS</description>
|
|
384
|
+
<!-- TiMOS-B-8.0.R12 both/hops Nokia SAS-Mxp 22F2C 4SFP+ 7210 Copyright (c) 2000-2017 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
|
|
385
|
+
<example _encoding="base64" os.version="8.0.R12" os.arch="hops" hw.product="SAS-Mxp 22F2C 4SFP+ 7210">
|
|
386
|
+
VGlNT1MtQi04LjAuUjEyIGJvdGgvaG9wcyBOb2tpYSBTQVMtTXhwIDIyRjJDIDRTRlArIDcyM
|
|
387
|
+
TAgQ29weXJpZ2h0IChjKSAyMDAwLTIwMTcgTm9raWEuDQ0KQmFubmVyIFNob3J0ZW5lZCBGb3
|
|
388
|
+
IgDQ0KQnJldml0eQ0KTG9naW46Cg==
|
|
389
|
+
</example>
|
|
390
|
+
<!-- TiMOS-B-9.0.R9 both/mpc Nokia SAS-M 24F 2XFP 7210 Copyright (c) 2000-2017 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
|
|
391
|
+
<example _encoding="base64" os.version="9.0.R9" os.arch="mpc" hw.product="SAS-M 24F 2XFP 7210">
|
|
392
|
+
VGlNT1MtQi05LjAuUjkgYm90aC9tcGMgTm9raWEgU0FTLU0gMjRGIDJYRlAgNzIxMCBDb3B5c
|
|
393
|
+
mlnaHQgKGMpIDIwMDAtMjAxNyBOb2tpYS4NDQpCYW5uZXIgU2hvcnRlbmVkIEZvciANDQpCcm
|
|
394
|
+
V2aXR5DQpMb2dpbjoK
|
|
395
|
+
</example>
|
|
396
|
+
<param pos="0" name="os.vendor" value="Nokia"/>
|
|
397
|
+
<param pos="0" name="os.product" value="TimOS"/>
|
|
398
|
+
<param pos="0" name="os.device" value="Switch"/>
|
|
399
|
+
<param pos="1" name="os.version"/>
|
|
400
|
+
<param pos="2" name="os.arch"/>
|
|
401
|
+
<param pos="0" name="hw.vendor" value="Nokia"/>
|
|
402
|
+
<param pos="0" name="hw.family" value="Service Access Switch"/>
|
|
403
|
+
<param pos="0" name="hw.device" value="Switch"/>
|
|
404
|
+
<param pos="3" name="hw.product"/>
|
|
405
|
+
</fingerprint>
|
|
406
|
+
<fingerprint pattern="^(?:\r|\n)*Grandstream (HT[\d-]+)\s+(?:V\d\.\d\w?\s+)?Command Shell Copyright \d\d\d\d-\d\d\d\d(?:\r|\n)+Password:\s*$">
|
|
407
|
+
<description>Grandstream HandyTone Analog Telephone Adapters</description>
|
|
408
|
+
<!-- Grandstream HT812 Command Shell Copyright 2006-2017\r\nPassword: -->
|
|
409
|
+
<example _encoding="base64" hw.product="HT812">
|
|
410
|
+
R3JhbmRzdHJlYW0gSFQ4MTIgQ29tbWFuZCBTaGVsbCBDb3B5cmlnaHQgMjAwNi0yMDE3DQpQY
|
|
411
|
+
XNzd29yZDoK
|
|
412
|
+
</example>
|
|
413
|
+
<!-- Grandstream HT-502 V2.0A Command Shell Copyright 2006-2014\r\nPassword: -->
|
|
414
|
+
<example _encoding="base64" hw.product="HT-502">
|
|
415
|
+
R3JhbmRzdHJlYW0gSFQtNTAyICBWMi4wQSBDb21tYW5kIFNoZWxsIENvcHlyaWdodCAyMDA2L
|
|
416
|
+
TIwMTQNClBhc3N3b3JkOgo=
|
|
417
|
+
</example>
|
|
418
|
+
<param pos="0" name="hw.vendor" value="Grandstream"/>
|
|
419
|
+
<param pos="0" name="hw.family" value="HandyTone"/>
|
|
420
|
+
<param pos="0" name="hw.device" value="VoIP"/>
|
|
421
|
+
<param pos="1" name="hw.product"/>
|
|
422
|
+
</fingerprint>
|
|
423
|
+
<fingerprint pattern="^(?:\r|\n)*Grandstream (GXW[\d-]+)\s+(?:V\d\.\d\w?\s+)?Command Shell Copyright \d\d\d\d(?:-\d\d\d\d)?(?:\r|\n)+Password:\s*$">
|
|
424
|
+
<description>Grandstream Analog VoIP Gateways</description>
|
|
425
|
+
<!-- Grandstream GXW-4008 V1.5A Command Shell Copyright 2006-2015\r\nPassword: -->
|
|
426
|
+
<example _encoding="base64" hw.product="GXW-4008">
|
|
427
|
+
R3JhbmRzdHJlYW0gR1hXLTQwMDggIFYxLjVBIENvbW1hbmQgU2hlbGwgQ29weXJpZ2h0IDIwM
|
|
428
|
+
DYtMjAxNQ0KUGFzc3dvcmQ6Cg==
|
|
429
|
+
</example>
|
|
430
|
+
<!-- Grandstream GXW4216 V2.3B Command Shell Copyright 2015\r\nPassword: -->
|
|
431
|
+
<example _encoding="base64" hw.product="GXW4216">
|
|
432
|
+
R3JhbmRzdHJlYW0gR1hXNDIxNiAgVjIuM0IgQ29tbWFuZCBTaGVsbCBDb3B5cmlnaHQgMjAxN
|
|
433
|
+
Q0KUGFzc3dvcmQ6Cg==
|
|
434
|
+
</example>
|
|
435
|
+
<param pos="0" name="hw.vendor" value="Grandstream"/>
|
|
436
|
+
<param pos="0" name="hw.family" value="GXW"/>
|
|
437
|
+
<param pos="0" name="hw.device" value="VoIP"/>
|
|
438
|
+
<param pos="1" name="hw.product"/>
|
|
439
|
+
</fingerprint>
|
|
440
|
+
<fingerprint pattern="^(?:\r|\n|\s)*Grandstream (GXV[\w-]+)\s+(?:V\d\.\d\w?\s+)?Shell Command.Copyight \d\d\d\d-\d\d\d\d(?:\r|\n)+Username:\s*$">
|
|
441
|
+
<description>Grandstream IP Cameras</description>
|
|
442
|
+
<!-- Grandstream GXV3674_FHD_VF Shell Command.Copyight 2011-2014\r\nUsername: -->
|
|
443
|
+
<example _encoding="base64" hw.product="GXV3674_FHD_VF">
|
|
444
|
+
R3JhbmRzdHJlYW0gR1hWMzY3NF9GSERfVkYgICAgU2hlbGwgQ29tbWFuZC5Db3B5aWdodCAyM
|
|
445
|
+
DExLTIwMTQNClVzZXJuYW1lOgo=
|
|
446
|
+
</example>
|
|
447
|
+
<param pos="0" name="hw.vendor" value="Grandstream"/>
|
|
448
|
+
<param pos="0" name="hw.family" value="GXV"/>
|
|
449
|
+
<param pos="0" name="hw.device" value="Camera"/>
|
|
450
|
+
<param pos="1" name="hw.product"/>
|
|
451
|
+
</fingerprint>
|
|
452
|
+
<fingerprint pattern="^(?:\r|\n)*Welcome to Polycom RMX\s*(\w+) \(COP\) Console Utility(?:\r|\n)+Copyright \(C\) \d\d\d\d-\d\d\d\d POLYCOM(?:\r|\n)+Password:\s*$">
|
|
453
|
+
<description>Polycom Real Time Media Conferencing</description>
|
|
454
|
+
<!-- Welcome to Polycom RMX 500 (COP) Console Utility\r\n\rCopyright (C) 2008-2010 POLYCOM\r\n\r\r\n\rPassword: -->
|
|
455
|
+
<example _encoding="base64" hw.product="500">
|
|
456
|
+
V2VsY29tZSB0byBQb2x5Y29tIFJNWCA1MDAgKENPUCkgQ29uc29sZSBVdGlsaXR5DQoNQ29we
|
|
457
|
+
XJpZ2h0IChDKSAyMDA4LTIwMTAgUE9MWUNPTQ0KDQ0KDVBhc3N3b3JkOgo=
|
|
458
|
+
</example>
|
|
459
|
+
<!-- Welcome to Polycom RMX 1000C (COP) Console Utility\r\n\rCopyright (C) 2008-2012 POLYCOM\r\n\r\r\n\rPassword: -->
|
|
460
|
+
<example _encoding="base64" hw.product="1000C">
|
|
461
|
+
V2VsY29tZSB0byBQb2x5Y29tIFJNWCAxMDAwQyAoQ09QKSBDb25zb2xlIFV0aWxpdHkNCg1Db
|
|
462
|
+
3B5cmlnaHQgKEMpIDIwMDgtMjAxMiBQT0xZQ09NDQoNDQoNUGFzc3dvcmQ6Cg==
|
|
463
|
+
</example>
|
|
464
|
+
<param pos="0" name="hw.vendor" value="Polycom"/>
|
|
465
|
+
<param pos="0" name="hw.family" value="RMX"/>
|
|
466
|
+
<param pos="0" name="hw.device" value="Video Conferencing"/>
|
|
467
|
+
<param pos="1" name="hw.product"/>
|
|
468
|
+
</fingerprint>
|
|
469
|
+
<fingerprint pattern="^(?:\r|\n)*Hi, my name is :\s+[\w.\s-]+(?:\r|\n)+Here is what I know about myself:(?:\r|\n)+Model:\s+VSX (\w+)(?:\r|\n)+Serial Number:\s+(\w+)(?:\r|\n)+Software Version:\s+Release ([\d.-]+)\s">
|
|
470
|
+
<description>Polycom Video Conferencing - VSX Family</description>
|
|
471
|
+
<!-- Hi, my name is : Something Pity\r\nHere is what I know about myself:\r\nModel: VSX 6000A\r\nSerial Number: 00070906FC34F6\r\nSoftware Version: Release 9.0.6.2-103 - 04Sep2011 21:27\r\nBuild Information: ecomman -->
|
|
472
|
+
<example _encoding="base64" hw.product="6000A" host.id="00070906FC34F6" os.version="9.0.6.2-103">
|
|
473
|
+
SGksIG15IG5hbWUgaXMgOiAgICAgU29tZXRoaW5nIFBpdHkNCkhlcmUgaXMgd2hhdCBJIGtub
|
|
474
|
+
3cgYWJvdXQgbXlzZWxmOg0KTW9kZWw6ICAgICAgICAgICAgICAgVlNYIDYwMDBBDQpTZXJpYW
|
|
475
|
+
wgTnVtYmVyOiAgICAgICAwMDA3MDkwNkZDMzRGNg0KU29mdHdhcmUgVmVyc2lvbjogICAgUmV
|
|
476
|
+
sZWFzZSA5LjAuNi4yLTEwMyAtIDA0U2VwMjAxMSAyMToyNw0KQnVpbGQgSW5mb3JtYXRpb246
|
|
477
|
+
ICAgZWNvbW1hbgo=
|
|
478
|
+
</example>
|
|
479
|
+
<param pos="0" name="hw.vendor" value="Polycom"/>
|
|
480
|
+
<param pos="0" name="hw.family" value="VSX"/>
|
|
481
|
+
<param pos="0" name="hw.device" value="Video Conferencing"/>
|
|
482
|
+
<param pos="1" name="hw.product"/>
|
|
483
|
+
<param pos="2" name="host.id"/>
|
|
484
|
+
<param pos="3" name="os.version"/>
|
|
485
|
+
</fingerprint>
|
|
486
|
+
<fingerprint pattern="Polycom Command Shell(?:\r|\n)+XCOM host:\s+localhost port: \d+">
|
|
487
|
+
<description>Polycom Diagnotic Service</description>
|
|
488
|
+
<!-- Polycom Command Shell\r\r\nXCOM host: localhost port: 4121\r\r\nTTY name: /dev/pts/0\r\r\nSession type: telnet\r\r\nNCF\r\nNCF\r\n2018-08-15 18:03:10 DEBUG -->
|
|
489
|
+
<example _encoding="base64">
|
|
490
|
+
UG9seWNvbSBDb21tYW5kIFNoZWxsDQ0KWENPTSBob3N0OiAgICBsb2NhbGhvc3QgcG9ydDogN
|
|
491
|
+
DEyMQ0NClRUWSBuYW1lOiAgICAgL2Rldi9wdHMvMA0NClNlc3Npb24gdHlwZTogdGVsbmV0DQ
|
|
492
|
+
0KTkNGDQpOQ0YNCjIwMTgtMDgtMTUgMTg6MDM6MTAgREVCVUcK
|
|
493
|
+
</example>
|
|
494
|
+
<param pos="0" name="hw.vendor" value="Polycom"/>
|
|
495
|
+
<param pos="0" name="hw.device" value="Video Conferencing"/>
|
|
496
|
+
</fingerprint>
|
|
497
|
+
<fingerprint pattern="^Welcome to the Windows CE Telnet Service on (WEBBOX[\w.-]+)(?:\r|\n)+login:\s*$">
|
|
498
|
+
<description>Sunny WebBox Windows CE</description>
|
|
499
|
+
<!-- Welcome to the Windows CE Telnet Service on WEBBOX150000000\r\n\r\nlogin: -->
|
|
500
|
+
<example _encoding="base64" host.name="WEBBOX150000000">
|
|
501
|
+
V2VsY29tZSB0byB0aGUgV2luZG93cyBDRSBUZWxuZXQgU2VydmljZSBvbiBXRUJCT1gxNTAwM
|
|
502
|
+
DAwMDANCg0KbG9naW46Cg==
|
|
503
|
+
</example>
|
|
504
|
+
<param pos="0" name="hw.vendor" value="SMA Solar Technology Ag"/>
|
|
505
|
+
<param pos="0" name="hw.family" value="Sunny"/>
|
|
506
|
+
<param pos="0" name="hw.product" value="WebBox"/>
|
|
507
|
+
<param pos="0" name="hw.device" value="Power Management"/>
|
|
508
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
509
|
+
<param pos="0" name="os.family" value="Windows"/>
|
|
510
|
+
<param pos="0" name="os.product" value="Windows CE"/>
|
|
511
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:-"/>
|
|
512
|
+
<param pos="1" name="host.name"/>
|
|
513
|
+
</fingerprint>
|
|
514
|
+
<fingerprint pattern="^Welcome to the Windows CE Telnet Service on ([\w.-]+)(?:\r|\n)+login:\s*$">
|
|
515
|
+
<description>Windows CE</description>
|
|
516
|
+
<!-- Welcome to the Windows CE Telnet Service on MY-CE-DEVICE\r\n\r\nlogin: -->
|
|
517
|
+
<example _encoding="base64" host.name="MY-CE-DEVICE">
|
|
518
|
+
V2VsY29tZSB0byB0aGUgV2luZG93cyBDRSBUZWxuZXQgU2VydmljZSBvbiBNWS1DRS1ERVZJQ
|
|
519
|
+
0UNCg0KbG9naW46Cg==
|
|
520
|
+
</example>
|
|
521
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
522
|
+
<param pos="0" name="os.family" value="Windows"/>
|
|
523
|
+
<param pos="0" name="os.product" value="Windows CE"/>
|
|
524
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:-"/>
|
|
525
|
+
<param pos="1" name="host.name"/>
|
|
526
|
+
</fingerprint>
|
|
527
|
+
<fingerprint pattern="^(?:\r|\n)*HP JetDirect(?:\r|\n)+$">
|
|
528
|
+
<description>HP Printer - Jet Direct</description>
|
|
529
|
+
<!-- HP JetDirect\r\nPassword is not set\r\n\r\nPlease type "menu" for the MENU system, \r\nor "?" for help, or "/" for current settings.\r\n> -->
|
|
530
|
+
<example _encoding="base64">
|
|
531
|
+
SFAgSmV0RGlyZWN0DQpQYXNzd29yZCBpcyBub3Qgc2V0DQoNClBsZWFzZSB0eXBlICJtZW51I
|
|
532
|
+
iBmb3IgdGhlIE1FTlUgc3lzdGVtLCANCm9yICI/IiBmb3IgaGVscCwgb3IgIi8iIGZvciBjdX
|
|
533
|
+
JyZW50IHNldHRpbmdzLg0KPgo=
|
|
534
|
+
</example>
|
|
535
|
+
<!-- HP JetDirect\r\n\r\nEnter username: -->
|
|
536
|
+
<example _encoding="base64">SFAgSmV0RGlyZWN0DQoNCkVudGVyIHVzZXJuYW1lOgo=</example>
|
|
537
|
+
<param pos="0" name="service.vendor" value="HP"/>
|
|
538
|
+
<param pos="0" name="service.product" value="JetDirect"/>
|
|
539
|
+
<param pos="0" name="service.family" value="JetDirect"/>
|
|
540
|
+
<param pos="0" name="os.vendor" value="HP"/>
|
|
541
|
+
<param pos="0" name="os.device" value="Printer"/>
|
|
542
|
+
<param pos="0" name="os.family" value="JetDirect"/>
|
|
543
|
+
<param pos="0" name="os.product" value="JetDirect"/>
|
|
544
|
+
<param pos="0" name="hw.vendor" value="HP"/>
|
|
545
|
+
<param pos="0" name="hw.family" value="JetDirect"/>
|
|
546
|
+
<param pos="0" name="hw.product" value="JetDirect"/>
|
|
547
|
+
<param pos="0" name="hw.device" value="Printer"/>
|
|
548
|
+
</fingerprint>
|
|
549
|
+
<fingerprint pattern="^(?:\r|\n)*%connection closed by remote host!(?:\u0000)?$">
|
|
550
|
+
<description>HP switch blocking connection using network ACL</description>
|
|
551
|
+
<!-- %connection closed by remote host! -->
|
|
552
|
+
<example _encoding="base64">JWNvbm5lY3Rpb24gY2xvc2VkIGJ5IHJlbW90ZSBob3N0IQ==</example>
|
|
553
|
+
<param pos="0" name="hw.vendor" value="HP"/>
|
|
554
|
+
<param pos="0" name="hw.device" value="Switch"/>
|
|
555
|
+
</fingerprint>
|
|
556
|
+
<fingerprint pattern="^(?:\r|\n)*Welcome Visiting Huawei Home Gateway\r\nCopyright by Huawei Technologies Co., Ltd.\r\n\r\nLogin:$">
|
|
557
|
+
<description>Huawei HG series Home Gateway routers</description>
|
|
558
|
+
<!-- Welcome Visiting Huawei Home Gateway\r\nCopyright by Huawei Technologies Co., Ltd.\r\n\r\nLogin: -->
|
|
559
|
+
<example _encoding="base64">
|
|
560
|
+
V2VsY29tZSBWaXNpdGluZyBIdWF3ZWkgSG9tZSBHYXRld2F5DQpDb3B5cmlnaHQgYnkgSHVhd
|
|
561
|
+
2VpIFRlY2hub2xvZ2llcyBDby4sIEx0ZC4NCg0KTG9naW46Cg==
|
|
562
|
+
</example>
|
|
563
|
+
<param pos="0" name="hw.vendor" value="Huawei"/>
|
|
564
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
565
|
+
</fingerprint>
|
|
566
|
+
<fingerprint pattern="^(?:\r|\n)*Warning: Telnet is not a secure protocol, and it is recommended to use Stelnet.(?:(?:\r|\n)+Login authentication)?(?:\r|\n)+Username:$">
|
|
567
|
+
<description>Huawei Router</description>
|
|
568
|
+
<!-- Warning: Telnet is not a secure protocol, and it is recommended to use Stelnet.\r\n\r\nLogin authentication\r\n\r\n\r\nUsername: -->
|
|
569
|
+
<example _encoding="base64">
|
|
570
|
+
V2FybmluZzogVGVsbmV0IGlzIG5vdCBhIHNlY3VyZSBwcm90b2NvbCwgYW5kIGl0IGlzIHJlY
|
|
571
|
+
29tbWVuZGVkIHRvIHVzZSBTdGVsbmV0Lg0KDQpMb2dpbiBhdXRoZW50aWNhdGlvbg0KDQoNCl
|
|
572
|
+
VzZXJuYW1lOgo=
|
|
573
|
+
</example>
|
|
574
|
+
<param pos="0" name="hw.vendor" value="Huawei"/>
|
|
575
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
576
|
+
</fingerprint>
|
|
577
|
+
<fingerprint pattern="^(?:\r|\n)*(?:% Password expiration warning.\r\n)?-+\r\nCisco Configuration Professional \(Cisco CP\) is installed on this device. \r\nThis feature requires the one-time use of the username">
|
|
578
|
+
<description>Cisco router - Cisco Configuration Pro variant</description>
|
|
579
|
+
<!-- There are are roughly 69 dash characters before the CRLF in the banner below but can't be included in XML comments. -->
|
|
580
|
+
<!-- \r\nCisco Configuration Professional (Cisco CP) is installed on this device. \r\nThis feature requires the one-time use of the username -->
|
|
581
|
+
<example _encoding="base64">
|
|
582
|
+
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tL
|
|
583
|
+
S0tLS0tLS0tLS0tLS0tLS0NCkNpc2NvIENvbmZpZ3VyYXRpb24gUHJvZmVzc2lvbmFsIChDaX
|
|
584
|
+
NjbyBDUCkgaXMgaW5zdGFsbGVkIG9uIHRoaXMgZGV2aWNlLiANClRoaXMgZmVhdHVyZSByZXF
|
|
585
|
+
1aXJlcyB0aGUgb25lLXRpbWUgdXNlIG9mIHRoZSB1c2VybmFtZQo=
|
|
586
|
+
</example>
|
|
587
|
+
<param pos="0" name="service.vendor" value="Cisco"/>
|
|
588
|
+
<param pos="0" name="os.vendor" value="Cisco"/>
|
|
589
|
+
<param pos="0" name="os.family" value="IOS"/>
|
|
590
|
+
<param pos="0" name="os.product" value="IOS"/>
|
|
591
|
+
<param pos="0" name="os.device" value="Router"/>
|
|
592
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:-"/>
|
|
593
|
+
<param pos="0" name="hw.vendor" value="Cisco"/>
|
|
594
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
595
|
+
</fingerprint>
|
|
596
|
+
<fingerprint pattern="^(?m)(?:\r|\n)*Catalyst 1900 Management Console(?:\r|\n)+.*Ethernet Address:\s+([\w-]+)(?:\r|\n)+.*Model Number:\s+([\w-]+)(?:\r|\n)+System Serial Number:\s+(\w+)(?:\r|\n)+Power Supply">
|
|
597
|
+
<description>Cisco Catalyst 1900</description>
|
|
598
|
+
<!-- Catalyst 1900, unlike other Catalyst models, didn't run CatOS or IOS -->
|
|
599
|
+
<!-- Catalyst 1900 Management Console\r\nCopyright (c) Cisco Systems, Inc. 1993-1998\r\nAll rights reserved.\r\nEnterprise Edition Software\r\nEthernet Address: 00-AA-19-38-AA-00\r\n\r\nPCA Number: 73-31AA-AA\r\nPCA Serial Number: FAB033AAAAA\r\nModel Number: WS-C1924-EN\r\nSystem Serial Number: FAB0341AAAA\r\nPower Supply S/N: -->
|
|
600
|
+
<example _encoding="base64" host.mac="00-AA-19-38-AA-00" hw.model="WS-C1924-EN" host.id="FAB0341AAAA">
|
|
601
|
+
Q2F0YWx5c3QgMTkwMCBNYW5hZ2VtZW50IENvbnNvbGUNCkNvcHlyaWdodCAoYykgQ2lzY28gU
|
|
602
|
+
3lzdGVtcywgSW5jLiAgMTk5My0xOTk4DQpBbGwgcmlnaHRzIHJlc2VydmVkLg0KRW50ZXJwcm
|
|
603
|
+
lzZSBFZGl0aW9uIFNvZnR3YXJlDQpFdGhlcm5ldCBBZGRyZXNzOiAgICAgIDAwLUFBLTE5LTM
|
|
604
|
+
4LUFBLTAwDQoNClBDQSBOdW1iZXI6ICAgICAgICAgICAgNzMtMzFBQS1BQQ0KUENBIFNlcmlh
|
|
605
|
+
bCBOdW1iZXI6ICAgICBGQUIwMzNBQUFBQQ0KTW9kZWwgTnVtYmVyOiAgICAgICAgICBXUy1DM
|
|
606
|
+
TkyNC1FTg0KU3lzdGVtIFNlcmlhbCBOdW1iZXI6ICBGQUIwMzQxQUFBQQ0KUG93ZXIgU3VwcG
|
|
607
|
+
x5IFMvTjogICAK
|
|
608
|
+
</example>
|
|
609
|
+
<param pos="0" name="service.vendor" value="Cisco"/>
|
|
610
|
+
<param pos="0" name="os.vendor" value="Cisco"/>
|
|
611
|
+
<param pos="0" name="os.device" value="Switch"/>
|
|
612
|
+
<param pos="0" name="hw.vendor" value="Cisco"/>
|
|
613
|
+
<param pos="0" name="hw.product" value="Catalyst 1900"/>
|
|
614
|
+
<param pos="0" name="hw.device" value="Switch"/>
|
|
615
|
+
<param pos="1" name="host.mac"/>
|
|
616
|
+
<param pos="2" name="hw.model"/>
|
|
617
|
+
<param pos="3" name="host.id"/>
|
|
618
|
+
</fingerprint>
|
|
619
|
+
<fingerprint pattern="^192.0.0.64 login:\s*$">
|
|
620
|
+
<description>Hikvision cameras and NVRs (multiple)</description>
|
|
621
|
+
<example>192.0.0.64 login:</example>
|
|
622
|
+
<param pos="0" name="os.vendor" value="Hikvision"/>
|
|
623
|
+
<param pos="0" name="hw.vendor" value="Hikvision"/>
|
|
624
|
+
</fingerprint>
|
|
625
|
+
<fingerprint pattern="^Remote Management Console\r\nlogin:\s*$">
|
|
626
|
+
<description>Juniper Netscreen</description>
|
|
627
|
+
<!-- Remote Management Console\r\nlogin: -->
|
|
628
|
+
<example _encoding="base64">UmVtb3RlIE1hbmFnZW1lbnQgQ29uc29sZQ0KbG9naW46Cg==</example>
|
|
629
|
+
<param pos="0" name="os.vendor" value="Juniper"/>
|
|
630
|
+
<param pos="0" name="os.device" value="Firewall"/>
|
|
631
|
+
<param pos="0" name="os.family" value="ScreenOS"/>
|
|
632
|
+
<param pos="0" name="os.product" value="ScreenOS"/>
|
|
633
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:juniper:screenos:-"/>
|
|
634
|
+
<param pos="0" name="hw.vendor" value="Juniper"/>
|
|
635
|
+
<param pos="0" name="hw.device" value="Firewall"/>
|
|
636
|
+
<param pos="0" name="hw.product" value="NetScreen"/>
|
|
637
|
+
</fingerprint>
|
|
638
|
+
<fingerprint pattern="^(?:\r|\n)*(FGT\w{13}) login:\s*$">
|
|
639
|
+
<description>Fortinet FortiGate - w/ autogenerated hostname</description>
|
|
640
|
+
<example host.name="FGT60C3G13001111">FGT60C3G13001111 login:</example>
|
|
641
|
+
<param pos="0" name="os.vendor" value="Fortinet"/>
|
|
642
|
+
<param pos="0" name="os.family" value="FortiOS"/>
|
|
643
|
+
<param pos="0" name="os.product" value="FortiOS"/>
|
|
644
|
+
<param pos="0" name="os.device" value="Firewall"/>
|
|
645
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:fortinet:fortios:-"/>
|
|
646
|
+
<param pos="0" name="hw.vendor" value="Fortinet"/>
|
|
647
|
+
<param pos="0" name="hw.family" value="FortiGate"/>
|
|
648
|
+
<param pos="0" name="hw.device" value="Firewall"/>
|
|
649
|
+
<param pos="1" name="host.name"/>
|
|
650
|
+
</fingerprint>
|
|
651
|
+
<fingerprint pattern="^(?:\r|\n)*KWS-1043N login:\s*$">
|
|
652
|
+
<description>Clipcomm KWS router</description>
|
|
653
|
+
<example hw.product="KWS-1043N">KWS-1043N login:</example>
|
|
654
|
+
<param pos="0" name="hw.vendor" value="Clipcomm"/>
|
|
655
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
656
|
+
<param pos="0" name="hw.product" value="KWS-1043N"/>
|
|
657
|
+
</fingerprint>
|
|
658
|
+
<fingerprint pattern="^(?:\r|\n)*(SMCD3\w+-\w\w\w) login:\s*$">
|
|
659
|
+
<description>SMC Cable Modem</description>
|
|
660
|
+
<example hw.product="SMCD3GN2-BIZ">SMCD3GN2-BIZ login:</example>
|
|
661
|
+
<param pos="0" name="hw.vendor" value="SMC Networks"/>
|
|
662
|
+
<param pos="0" name="hw.device" value="Cable Modem"/>
|
|
663
|
+
<param pos="1" name="hw.product"/>
|
|
664
|
+
</fingerprint>
|
|
665
|
+
<fingerprint pattern="^(?:\r|\n)*ADB-4820CD login:\s*$"><description>ADB ADB-4820CD DVR</description><example>ADB-4820CD login:</example>>
|
|
666
|
+
<param pos="0" name="hw.vendor" value="ADB"/><param pos="0" name="hw.device" value="DVR"/><param pos="0" name="hw.product" value="ADB-4820CD"/></fingerprint>
|
|
667
|
+
<fingerprint pattern="^(?:\r|\n)*IMDVRS login:\s*$"><description>Rifatron IMDVRS DVR</description><example>IMDVRS login:</example>>
|
|
668
|
+
<param pos="0" name="hw.vendor" value="Rifatron"/><param pos="0" name="hw.family" value="IMDVR"/><param pos="0" name="hw.device" value="DVR"/></fingerprint>
|
|
669
|
+
<fingerprint pattern="^(?:\r|\n)*Ruijie login:\s*$"><description>Ruijie device (likely router/switch) </description><example>Ruijie login:</example>>
|
|
670
|
+
<param pos="0" name="hw.vendor" value="Ruijie"/></fingerprint>
|
|
671
|
+
<fingerprint pattern="^Welcome to Microsoft Telnet Service \r\n\n\rlogin:\s*$">
|
|
672
|
+
<description>Microsoft Windows</description>
|
|
673
|
+
<!-- Welcome to Microsoft Telnet Service \r\n\n\rlogin: -->
|
|
674
|
+
<example _encoding="base64">V2VsY29tZSB0byBNaWNyb3NvZnQgVGVsbmV0IFNlcnZpY2UgDQoKDWxvZ2luOgo=</example>
|
|
675
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
676
|
+
<param pos="0" name="os.family" value="Windows"/>
|
|
677
|
+
</fingerprint>
|
|
678
|
+
<!-- The following fingerprints are for generic Broadcom hardware where the
|
|
679
|
+
vendor has left the default banner in place. These could be rebadged by
|
|
680
|
+
ZTE, CenturyLink, Sky, Huawei, etc.
|
|
681
|
+
-->
|
|
682
|
+
<fingerprint pattern="^(BCM\d+) (?:Broadband|ADSL|xDSL|DSL) Router\r\nLogin:\s*">
|
|
683
|
+
<description>OEM'd Broadcom Router</description>
|
|
684
|
+
<!-- BCM963268 Broadband Router\r\nLogin: -->
|
|
685
|
+
<example _encoding="base64" hw.product="BCM963268">QkNNOTYzMjY4IEJyb2FkYmFuZCBSb3V0ZXINCkxvZ2luOgo=</example>
|
|
686
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
687
|
+
<param pos="1" name="hw.product"/>
|
|
688
|
+
</fingerprint>
|
|
689
|
+
<fingerprint pattern="^(BCM\d+) Broadband Router\r\nTelnet is Disabled in WAN Side$">
|
|
690
|
+
<description>OEM'd Broadcom Router - telnet disabled on WAN side</description>
|
|
691
|
+
<!-- BCM963268 Broadband Router\r\nTelnet is Disabled in WAN Side -->
|
|
692
|
+
<example _encoding="base64" hw.product="BCM963268">QkNNOTYzMjY4IEJyb2FkYmFuZCBSb3V0ZXINClRlbG5ldCBpcyBEaXNhYmxlZCBpbiBXQU4gU2lkZQo=</example>
|
|
693
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
694
|
+
<param pos="1" name="hw.product"/>
|
|
695
|
+
</fingerprint>
|
|
696
|
+
<fingerprint pattern="^(?m)(BCM\d+) Broadband Router\r\n.*Please input the verification code:$">
|
|
697
|
+
<description>OEM'd Broadcom Router - input validation code</description>
|
|
698
|
+
<!-- BCM96318 Broadband Router\r\n====================================================\r\n * * * * * * * * * * * * * * \r\n * * * * * \r\n * * * * * * * * * * * * * \r\n * * * * * \r\n * * * * * \r\n * * * * * * * * * * * * * * * * \r\n====================================================\r\nPlease input the verification code: -->
|
|
699
|
+
<example _encoding="base64" hw.product="BCM96318">
|
|
700
|
+
QkNNOTYzMTggQnJvYWRiYW5kIFJvdXRlcg0KPT09PT09PT09PT09PT09PT09PT09PT09PT09P
|
|
701
|
+
T09PT09PT09PT09PT09PT09PT09PT09PQ0KICAgICogKiAgICAgICAgICogKiAqICogICAgIC
|
|
702
|
+
AqICogKiAqICAgICAgKiAqICogKiAgIA0KICAgICAgKiAgICAgICAgICogICAgICAgICAgICA
|
|
703
|
+
gICAgICAqICAgICAgKiAgICAgKiAgIA0KICAgICAgKiAgICAgICAgICogKiAqICogICAgICAq
|
|
704
|
+
ICogKiAqICAgICAgKiAqICogKiAgIA0KICAgICAgKiAgICAgICAgICogICAgICogICAgICAgI
|
|
705
|
+
CAgICAqICAgICAgICAgICAgKiAgIA0KICAgICAgKiAgICAgICAgICogICAgICogICAgICAgIC
|
|
706
|
+
AgICAqICAgICAgICAgICAgKiAgIA0KICAgKiAqICogKiAgICAgICogKiAqICogICAgICAqICo
|
|
707
|
+
gKiAqICAgICAgKiAqICogKiAgIA0KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
|
|
708
|
+
PT09PT09PT09PT09PT09PT09PQ0KUGxlYXNlIGlucHV0IHRoZSB2ZXJpZmljYXRpb24gY29kZ
|
|
709
|
+
ToK
|
|
710
|
+
</example>
|
|
711
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
712
|
+
<param pos="1" name="hw.product"/>
|
|
713
|
+
</fingerprint>
|
|
714
|
+
<fingerprint pattern="^(BCM\d+) Broadband Router\r\nMaximum number of incorrect account entries exceeded.">
|
|
715
|
+
<description>OEM'd Broadcom Router - Max incorrect tries - variant 1</description>
|
|
716
|
+
<!-- BCM96328 Broadband Router\r\nMaximum number of incorrect account entries exceeded. -->
|
|
717
|
+
<example _encoding="base64" hw.product="BCM96328">
|
|
718
|
+
QkNNOTYzMjggQnJvYWRiYW5kIFJvdXRlcg0KTWF4aW11bSBudW1iZXIgb2YgaW5jb3JyZWN0I
|
|
719
|
+
GFjY291bnQgZW50cmllcyBleGNlZWRlZC4K
|
|
720
|
+
</example>
|
|
721
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
722
|
+
<param pos="1" name="hw.product"/>
|
|
723
|
+
</fingerprint>
|
|
724
|
+
<fingerprint pattern="^(BCM\d+) Broadband Router\r\nSorry, you need to wait for \d+ second before next login attempt.(?:\r|\n)*">
|
|
725
|
+
<description>OEM'd Broadcom Router - Max incorrect tries - variant 2</description>
|
|
726
|
+
<!-- BCM96816 Broadband Router\r\nSorry, you need to wait for 119 second before next login attempt. -->
|
|
727
|
+
<example _encoding="base64" hw.product="BCM96816">
|
|
728
|
+
QkNNOTY4MTYgQnJvYWRiYW5kIFJvdXRlcg0KU29ycnksIHlvdSBuZWVkIHRvIHdhaXQgZm9yI
|
|
729
|
+
DExOSBzZWNvbmQgYmVmb3JlIG5leHQgbG9naW4gYXR0ZW1wdC4K
|
|
730
|
+
</example>
|
|
731
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
732
|
+
<param pos="1" name="hw.product"/>
|
|
733
|
+
</fingerprint>
|
|
734
|
+
<!-- Moxa Industrial Solutions-->
|
|
735
|
+
<fingerprint pattern="^(?:\r|\n)*NPort (NP6[\w-]+)(?:\r|\n|\x00)+Console terminal type">
|
|
736
|
+
<description>Moxa NPort Terminal Server - 6xxx Series</description>
|
|
737
|
+
<!-- NPort NP6610-32\r\u0000\nConsole terminal type (1: ansi/vt100, 2: vt52) : 1 -->
|
|
738
|
+
<example _encoding="base64" hw.product="NP6610-32">
|
|
739
|
+
TlBvcnQgTlA2NjEwLTMyDQAKQ29uc29sZSB0ZXJtaW5hbCB0eXBlICgxOiBhbnNpL3Z0MTAwLC
|
|
740
|
+
AyOiB2dDUyKSA6IDE=
|
|
741
|
+
</example>
|
|
742
|
+
<param pos="0" name="hw.vendor" value="Moxa"/>
|
|
743
|
+
<param pos="0" name="hw.family" value="NPort"/>
|
|
744
|
+
<param pos="0" name="hw.device" value="Terminal Server"/>
|
|
745
|
+
<param pos="1" name="hw.product"/>
|
|
746
|
+
</fingerprint>
|
|
747
|
+
<fingerprint pattern="^Model name\s+: NPort (IA-\d+)(?:\r|\n|\x00)+MAC address\s+: ([\w:]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Firmware version : ([\d.]+) Build (\d+)(?:\r|\n|\x00)+System uptime">
|
|
748
|
+
<description>Moxa NPort Device Server - IA Series</description>
|
|
749
|
+
<!-- Model name : NPort IA-5250\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No. : 281\r\u0000\nFirmware version : 1.6 Build 17060616\r\u0000\nSystem uptime : 31 days, 06h:03m:45s\r\u0000\n\r\u0000\nPlease keyin your password: -->
|
|
750
|
+
<example _encoding="base64" hw.product="IA-5250" host.mac="00:90:E8:AA:AA:AA" host.id="281" os.version="1.6" os.version.version="17060616">
|
|
751
|
+
TW9kZWwgbmFtZSAgICAgICA6IE5Qb3J0IElBLTUyNTANAApNQUMgYWRkcmVzcyAgICAgIDogM
|
|
752
|
+
DA6OTA6RTg6QUE6QUE6QUENAApTZXJpYWwgTm8uICAgICAgIDogMjgxDQAKRmlybXdhcmUgdm
|
|
753
|
+
Vyc2lvbiA6IDEuNiBCdWlsZCAxNzA2MDYxNg0AClN5c3RlbSB1cHRpbWUgICAgOiAzMSBkYXl
|
|
754
|
+
zLCAwNmg6MDNtOjQ1cw0ACg0AClBsZWFzZSBrZXlpbiB5b3VyIHBhc3N3b3JkOg==
|
|
755
|
+
</example>
|
|
756
|
+
<param pos="0" name="hw.vendor" value="Moxa"/>
|
|
757
|
+
<param pos="0" name="hw.family" value="NPort"/>
|
|
758
|
+
<param pos="0" name="hw.device" value="Device Server"/>
|
|
759
|
+
<param pos="1" name="hw.product"/>
|
|
760
|
+
<param pos="2" name="host.mac"/>
|
|
761
|
+
<param pos="3" name="host.id"/>
|
|
762
|
+
<param pos="4" name="os.version"/>
|
|
763
|
+
<param pos="5" name="os.version.version"/>
|
|
764
|
+
</fingerprint>
|
|
765
|
+
<fingerprint pattern="^(?:\r|\n|\x00|-)*Model name\s+: NPort (5[\w-]+)(?:\r|\n|\x00)+MAC address\s+: ([\w:]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Firmware version : ([\d.]+) Build (\d+)(?:\r|\n|\x00)+">
|
|
766
|
+
<description>Moxa NPort Device Server - 5xxx Series</description>
|
|
767
|
+
<!-- Some versions of the banner below have a line full of dashes which cannot be included in the example comment -->
|
|
768
|
+
<!-- Model name : NPort 5610-8-DT\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No. : 9522\r\u0000\nFirmware version : 2.2 Build 11090613\r\u0000\nSystem uptime : 8 days, 02h:11m:44s\r\u0000\n\r\u0000\nPlease keyin your password: -->
|
|
769
|
+
<example _encoding="base64" hw.product="5610-8-DT" host.mac="00:90:E8:AA:AA:AA" host.id="9522" os.version="2.2" os.version.version="11090613">
|
|
770
|
+
TW9kZWwgbmFtZSAgICAgICA6IE5Qb3J0IDU2MTAtOC1EVA0ACk1BQyBhZGRyZXNzICAgICAgO
|
|
771
|
+
iAwMDo5MDpFODpBQTpBQTpBQQ0AClNlcmlhbCBOby4gICAgICAgOiA5NTIyDQAKRmlybXdhcm
|
|
772
|
+
UgdmVyc2lvbiA6IDIuMiBCdWlsZCAxMTA5MDYxMw0AClN5c3RlbSB1cHRpbWUgICAgOiA4IGR
|
|
773
|
+
heXMsIDAyaDoxMW06NDRzDQAKDQAKUGxlYXNlIGtleWluIHlvdXIgcGFzc3dvcmQ6
|
|
774
|
+
</example>
|
|
775
|
+
<param pos="0" name="hw.vendor" value="Moxa"/>
|
|
776
|
+
<param pos="0" name="hw.family" value="NPort"/>
|
|
777
|
+
<param pos="0" name="hw.device" value="Device Server"/>
|
|
778
|
+
<param pos="1" name="hw.product"/>
|
|
779
|
+
<param pos="2" name="host.mac"/>
|
|
780
|
+
<param pos="3" name="host.id"/>
|
|
781
|
+
<param pos="4" name="os.version"/>
|
|
782
|
+
<param pos="5" name="os.version.version"/>
|
|
783
|
+
</fingerprint>
|
|
784
|
+
<fingerprint pattern="^Model name\s+: MGate (MB3[\w-]+)(?:\r|\n|\x00|)+MAC address\s+: ([\w:]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Firmware version : ([\d.]+) Build (\d+)(?:\r|\n|\x00)+">
|
|
785
|
+
<description>Moxa MGate Modbus Gateway</description>
|
|
786
|
+
<!-- Model name : MGate MB3180\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No. : 9474\r\u0000\nFirmware version : 1.2 Build 09101913\r\u0000\nSystem uptime : 15 days, 16h:37m:48s\r\u0000\n\r\u0000\nPlease keyin your password: -->
|
|
787
|
+
<example _encoding="base64" hw.product="MB3180" host.mac="00:90:E8:AA:AA:AA" host.id="9474" os.version="1.2" os.version.version="09101913">
|
|
788
|
+
TW9kZWwgbmFtZSAgICAgICA6IE1HYXRlIE1CMzE4MA0ACk1BQyBhZGRyZXNzICAgICAgOiAwM
|
|
789
|
+
Do5MDpFODpBQTpBQTpBQQ0AClNlcmlhbCBOby4gICAgICAgOiA5NDc0DQAKRmlybXdhcmUgdm
|
|
790
|
+
Vyc2lvbiA6IDEuMiBCdWlsZCAwOTEwMTkxMw0AClN5c3RlbSB1cHRpbWUgICAgOiAxNSBkYXl
|
|
791
|
+
zLCAxNmg6MzdtOjQ4cw0ACg0AClBsZWFzZSBrZXlpbiB5b3VyIHBhc3N3b3JkOg==
|
|
792
|
+
</example>
|
|
793
|
+
<param pos="0" name="hw.vendor" value="Moxa"/>
|
|
794
|
+
<param pos="0" name="hw.family" value="MGate"/>
|
|
795
|
+
<param pos="0" name="hw.device" value="Industrial Control"/>
|
|
796
|
+
<param pos="1" name="hw.product"/>
|
|
797
|
+
<param pos="2" name="host.mac"/>
|
|
798
|
+
<param pos="3" name="host.id"/>
|
|
799
|
+
<param pos="4" name="os.version"/>
|
|
800
|
+
<param pos="5" name="os.version.version"/>
|
|
801
|
+
</fingerprint>
|
|
802
|
+
<fingerprint pattern="^Model name\s+: (NE[\w-]+)(?:\r|\n|\x00)+MAC address\s+: ([\w:]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Firmware version\s+: ([\d.]+) Build (\d+)(?:\r|\n|\x00)+">
|
|
803
|
+
<description>Moxa NE Series Embedded device server</description>
|
|
804
|
+
<!-- Model name : NE-4110S\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No : 3616\r\u0000\nFirmware version : 4.1 Build 07061517\r\u0000\n\r\u0000\nPlease keyin your password: -->
|
|
805
|
+
<example _encoding="base64" hw.product="NE-4110S" host.mac="00:90:E8:AA:AA:AA" host.id="3616" os.version="4.1" os.version.version="07061517">
|
|
806
|
+
TW9kZWwgbmFtZSAgICAgICA6IE5FLTQxMTBTDQAKTUFDIGFkZHJlc3MgICAgICA6IDAwOjkwO
|
|
807
|
+
kU4OkFBOkFBOkFBDQAKU2VyaWFsIE5vICAgICAgICA6IDM2MTYNAApGaXJtd2FyZSB2ZXJzaW
|
|
808
|
+
9uIDogNC4xIEJ1aWxkIDA3MDYxNTE3DQAKDQAKUGxlYXNlIGtleWluIHlvdXIgcGFzc3dvcmQ6
|
|
809
|
+
</example>
|
|
810
|
+
<param pos="0" name="hw.vendor" value="Moxa"/>
|
|
811
|
+
<param pos="0" name="hw.family" value="NE"/>
|
|
812
|
+
<param pos="0" name="hw.device" value="Device Server"/>
|
|
813
|
+
<param pos="1" name="hw.product"/>
|
|
814
|
+
<param pos="2" name="host.mac"/>
|
|
815
|
+
<param pos="3" name="host.id"/>
|
|
816
|
+
<param pos="4" name="os.version"/>
|
|
817
|
+
<param pos="5" name="os.version.version"/>
|
|
818
|
+
</fingerprint>
|
|
819
|
+
</fingerprints>
|