recog 2.1.22 → 2.1.23
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/cpe-remap.yaml +125 -0
- data/lib/recog/version.rb +1 -1
- data/spec/lib/fingerprint_self_test_spec.rb +4 -0
- data/update_cpes.py +5 -21
- data/xml/dns_versionbind.xml +1 -1
- data/xml/hp_pjl_id.xml +0 -41
- data/xml/http_cookies.xml +8 -0
- data/xml/http_servers.xml +5 -1399
- data/xml/http_wwwauth.xml +0 -94
- data/xml/sip_user_agents.xml +0 -11
- data/xml/snmp_sysdescr.xml +0 -896
- data/xml/ssh_banners.xml +5 -0
- data/xml/telnet_banners.xml +819 -0
- data/xml/upnp_banners.xml +0 -227
- metadata +5 -4
- data/remap.json +0 -135
data/xml/ssh_banners.xml
CHANGED
|
@@ -5,6 +5,11 @@
|
|
|
5
5
|
the identification string after "SSH-x.x-") are matched against these patterns to
|
|
6
6
|
fingerprint SSH servers.
|
|
7
7
|
-->
|
|
8
|
+
<fingerprint pattern="^ArrayOS$">
|
|
9
|
+
<description>Array Networks device</description>
|
|
10
|
+
<example>ArrayOS</example>
|
|
11
|
+
<param pos="0" name="service.vendor" value="Array Networks"/>
|
|
12
|
+
</fingerprint>
|
|
8
13
|
<fingerprint pattern="^RomSShell_([\d\.]+)$">
|
|
9
14
|
<description>Allegro RomSShell SSH</description>
|
|
10
15
|
<example service.version="4.62">RomSShell_4.62</example>
|
|
@@ -0,0 +1,819 @@
|
|
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
|
2
|
+
<fingerprints protocol="telnet" database_type="service" preference=".80">
|
|
3
|
+
<!--
|
|
4
|
+
TELNET banners with CR/LF/whitespace trimmed from either end.
|
|
5
|
+
Examples with CR, LF, etc must be base64 encoded in order to past tests.
|
|
6
|
+
Please follow the style established below.
|
|
7
|
+
-->
|
|
8
|
+
<!--
|
|
9
|
+
The following 'assert nothing' block is intended to handle banners so simple
|
|
10
|
+
that they cannot be attributed to a product or vendor. They are at the
|
|
11
|
+
beginning of the file as a performance tweak given how frequenty they occur.
|
|
12
|
+
|
|
13
|
+
NOTE:
|
|
14
|
+
Due to the multi-line nature of TELNET banners the regex are leveraging \A
|
|
15
|
+
instead of ^ to prevent matching in the beginning of a 'line' (^) instead of
|
|
16
|
+
at the beginning of the string (\A). This has been verified to work with
|
|
17
|
+
Ruby, Python, Java, and Golang.
|
|
18
|
+
-->
|
|
19
|
+
<fingerprint pattern="\A(?i)(?:\r|\n)*login:\s*$">
|
|
20
|
+
<description>bare 'login:' -- assert nothing.</description>
|
|
21
|
+
<example>login:</example>
|
|
22
|
+
</fingerprint>
|
|
23
|
+
<fingerprint pattern="\A(?i)(?:\r|\n)*User(?:name)?\s*:\s*$">
|
|
24
|
+
<description>bare 'Username:' -- assert nothing.</description>
|
|
25
|
+
<example>Username:</example>
|
|
26
|
+
<example>User:</example>
|
|
27
|
+
</fingerprint>
|
|
28
|
+
<fingerprint pattern="\A(?i)(?:\r|\n)*Password:\s*$">
|
|
29
|
+
<description>bare 'Password:' -- assert nothing.</description>
|
|
30
|
+
<example>Password:</example>
|
|
31
|
+
</fingerprint>
|
|
32
|
+
<fingerprint pattern="\A(?i)(?:\r|\n)*Account:\s*$">
|
|
33
|
+
<description>bare 'Account:' -- assert nothing.</description>
|
|
34
|
+
<example>Account:</example>
|
|
35
|
+
</fingerprint>
|
|
36
|
+
<fingerprint pattern="\A(?i)Connection refused(?:\r|\n)*$">
|
|
37
|
+
<description>bare 'Connection refused' -- assert nothing.</description>
|
|
38
|
+
<example>Connection refused</example>
|
|
39
|
+
</fingerprint>
|
|
40
|
+
<!-- end of assert nothing block -->
|
|
41
|
+
<fingerprint pattern="^(?:\r|\n)*User Access Verification(?:\r|\n)+(?:Username|Password):\s*$">
|
|
42
|
+
<description>Cisco switch or router - user access variant</description>
|
|
43
|
+
<!-- User Access Verification\r\n\r\nUsername: -->
|
|
44
|
+
<example _encoding="base64">VXNlciBBY2Nlc3MgVmVyaWZpY2F0aW9uDQoNClVzZXJuYW1lOgo=</example>
|
|
45
|
+
<!-- User Access Verification\r\n\r\nPassword: -->
|
|
46
|
+
<example _encoding="base64">VXNlciBBY2Nlc3MgVmVyaWZpY2F0aW9uDQoNClBhc3N3b3JkOgo=</example>
|
|
47
|
+
<param pos="0" name="service.vendor" value="Cisco"/>
|
|
48
|
+
<param pos="0" name="os.vendor" value="Cisco"/>
|
|
49
|
+
<param pos="0" name="hw.vendor" value="Cisco"/>
|
|
50
|
+
</fingerprint>
|
|
51
|
+
<fingerprint pattern="^(?:\r|\n)*Password required, but none set(?:\r|\n)*$">
|
|
52
|
+
<description>Cisco switch or router - password not set variant</description>
|
|
53
|
+
<example>Password required, but none set</example>
|
|
54
|
+
<param pos="0" name="service.vendor" value="Cisco"/>
|
|
55
|
+
<param pos="0" name="os.vendor" value="Cisco"/>
|
|
56
|
+
<param pos="0" name="hw.vendor" value="Cisco"/>
|
|
57
|
+
</fingerprint>
|
|
58
|
+
<fingerprint pattern="^(?:\r|\n)*MikroTik v([\w.]+)(?: \(\w+\))?(?:\r|\n)+Login:\s*$">
|
|
59
|
+
<description>MikroTik RouterOS</description>
|
|
60
|
+
<!-- MikroTik v5.2\r\nLogin: -->
|
|
61
|
+
<example _encoding="base64" os.version="5.2">TWlrcm9UaWsgdjUuMg0KTG9naW46Cg==</example>
|
|
62
|
+
<!-- MikroTik v6.42.3 (stable)\r\nLogin: -->
|
|
63
|
+
<example _encoding="base64" os.version="6.42.3">TWlrcm9UaWsgdjYuNDIuMyAoc3RhYmxlKQ0KTG9naW46Cg==</example>
|
|
64
|
+
<!-- MikroTik v6.40.8 (bugfix)\r\nLogin: -->
|
|
65
|
+
<example _encoding="base64" os.version="6.40.8">TWlrcm9UaWsgdjYuNDAuOCAoYnVnZml4KQ0KTG9naW46Cg==</example>
|
|
66
|
+
<!-- MikroTik v6.36rc12 (testing)\r\nLogin: -->
|
|
67
|
+
<example _encoding="base64" os.version="6.36rc12">TWlrcm9UaWsgdjYuMzZyYzEyICh0ZXN0aW5nKQ0KTG9naW46Cg==</example>
|
|
68
|
+
<param pos="0" name="os.vendor" value="MikroTik"/>
|
|
69
|
+
<param pos="0" name="os.device" value="Router"/>
|
|
70
|
+
<param pos="0" name="os.product" value="RouterOS"/>
|
|
71
|
+
<param pos="1" name="os.version"/>
|
|
72
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
|
|
73
|
+
<param pos="0" name="hw.vendor" value="MikroTik"/>
|
|
74
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
75
|
+
</fingerprint>
|
|
76
|
+
<fingerprint pattern="^(?:\r|\n)?ZXHN (\w+)(?: V([\d.]+))?(?:\r|\n)*Login:\s*$">
|
|
77
|
+
<description>ZTE ZXHN router</description>
|
|
78
|
+
<!-- ZXHN H108N\r\nLogin: -->
|
|
79
|
+
<example _encoding="base64" hw.product="H108N">WlhITiBIMTA4Tg0KTG9naW46Cg==</example>
|
|
80
|
+
<!-- ZXHN H298A V1.1\r\nLogin: -->
|
|
81
|
+
<example _encoding="base64" hw.product="H298A" hw.version="1.1">WlhITiBIMjk4QSBWMS4xDQpMb2dpbjoK</example>
|
|
82
|
+
<!-- ZXHN H367N\r\n\rLogin: -->
|
|
83
|
+
<example _encoding="base64" hw.product="H367N">WlhITiBIMzY3Tg0KDUxvZ2luOgo=</example>
|
|
84
|
+
<param pos="0" name="hw.vendor" value="ZTE"/>
|
|
85
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
86
|
+
<param pos="0" name="hw.family" value="ZXHN"/>
|
|
87
|
+
<param pos="1" name="hw.product"/>
|
|
88
|
+
<param pos="2" name="hw.version"/>
|
|
89
|
+
</fingerprint>
|
|
90
|
+
<fingerprint pattern="^(F6\d+\w?)\r\n\rLogin:\s*$">
|
|
91
|
+
<description>ZTE F6xx series GPON router</description>
|
|
92
|
+
<!-- F668\r\n\rLogin: -->
|
|
93
|
+
<example _encoding="base64" hw.product="F668">RjY2OA0KDUxvZ2luOgo=</example>
|
|
94
|
+
<!-- F612W\r\n\rLogin: -->
|
|
95
|
+
<example _encoding="base64" hw.product="F612W">RjYxMlcNCg1Mb2dpbjoK</example>
|
|
96
|
+
<param pos="0" name="hw.vendor" value="ZTE"/>
|
|
97
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
98
|
+
<param pos="1" name="hw.product"/>
|
|
99
|
+
</fingerprint>
|
|
100
|
+
<fingerprint pattern="^(?:\r|\n)*DD-WRT v([\d.]+)(?:-(\w+))? ([\w-]+) \(c\) \d{4} NewMedia-NET GmbH(?:\r|\n)+Release: \d+\/\d+\/\d+ \(SVN revision: ([:\w]+)\)(?:\r|\n)+.* login:\s*$">
|
|
101
|
+
<description>DD-WRT - 24 family</description>
|
|
102
|
+
<!-- DD-WRT v24-sp2 mini (c) 2013 NewMedia-NET GmbH\r\nRelease: 05/27/13 (SVN revision: 21676)\r\n\r\nDD-WRT login: -->
|
|
103
|
+
<example _encoding="base64" os.version="24" os.version.version="sp2" os.edition="mini" os.build="21676">
|
|
104
|
+
REQtV1JUIHYyNC1zcDIgbWluaSAoYykgMjAxMyBOZXdNZWRpYS1ORVQgR21iSA0KUmVsZWFzZ
|
|
105
|
+
TogMDUvMjcvMTMgKFNWTiByZXZpc2lvbjogMjE2NzYpDQoNCkRELVdSVCBsb2dpbjoK
|
|
106
|
+
</example>
|
|
107
|
+
<!-- DD-WRT v24 micro (c) 2010 NewMedia-NET GmbH\r\nRelease: 08/07/10 (SVN revision: 14896)\r\n\r\nProliant DL980R07 X6550 8-core 4P SAS login: -->
|
|
108
|
+
<example _encoding="base64" os.version="24" os.edition="micro" os.build="14896">
|
|
109
|
+
REQtV1JUIHYyNCBtaWNybyAoYykgMjAxMCBOZXdNZWRpYS1ORVQgR21iSA0KUmVsZWFzZTogM
|
|
110
|
+
DgvMDcvMTAgKFNWTiByZXZpc2lvbjogMTQ4OTYpDQoNClByb2xpYW50IERMOTgwUjA3IFg2NT
|
|
111
|
+
UwIDgtY29yZSA0UCBTQVMgbG9naW46Cg==
|
|
112
|
+
</example>
|
|
113
|
+
<param pos="0" name="os.vendor" value="DD-WRT"/>
|
|
114
|
+
<param pos="0" name="os.product" value="DD-WRT"/>
|
|
115
|
+
<param pos="0" name="os.device" value="Router"/>
|
|
116
|
+
<param pos="1" name="os.version"/>
|
|
117
|
+
<param pos="2" name="os.version.version"/>
|
|
118
|
+
<param pos="3" name="os.edition"/>
|
|
119
|
+
<param pos="4" name="os.build"/>
|
|
120
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
121
|
+
</fingerprint>
|
|
122
|
+
<fingerprint pattern="^(?:\r|\n)*DD-WRT v(3.\d)-(r([\w]+)) ([\w-]+) \(c\) \d{4} NewMedia-NET GmbH(?:\r|\n)+Release: \d+\/\d+\/\d+(?:\r|\n)+.* login:\s*$">
|
|
123
|
+
<description>DD-WRT - 3.0 family</description>
|
|
124
|
+
<!-- DD-WRT v3.0-r34886M std (c) 2018 NewMedia-NET GmbH\r\nRelease: 02/10/18\r\n\r\nwibrate login: -->
|
|
125
|
+
<example _encoding="base64" os.version="3.0" os.version.version="r34886M" os.edition="std" os.build="34886M">
|
|
126
|
+
REQtV1JUIHYzLjAtcjM0ODg2TSBzdGQgKGMpIDIwMTggTmV3TWVkaWEtTkVUIEdtYkgNClJlb
|
|
127
|
+
GVhc2U6IDAyLzEwLzE4DQoNCndpYnJhdGUgbG9naW46Cg==
|
|
128
|
+
</example>
|
|
129
|
+
<param pos="0" name="os.vendor" value="DD-WRT"/>
|
|
130
|
+
<param pos="0" name="os.product" value="DD-WRT"/>
|
|
131
|
+
<param pos="0" name="os.device" value="Router"/>
|
|
132
|
+
<param pos="1" name="os.version"/>
|
|
133
|
+
<param pos="2" name="os.version.version"/>
|
|
134
|
+
<param pos="3" name="os.build"/>
|
|
135
|
+
<param pos="4" name="os.edition"/>
|
|
136
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
137
|
+
</fingerprint>
|
|
138
|
+
<fingerprint pattern="^(TD-\w+) [\d.]+ DSL Modem Router(?:\r|\n)+Authorization failed after trying \d+ times!!!\.(?:\r|\n)+Please login after \d+ seconds!\s*$">
|
|
139
|
+
<description>TP-LINK TD Family DSL Modem/Router</description>
|
|
140
|
+
<!-- TD-W8960N 5.0 DSL Modem Router\r\nAuthorization failed after trying 5 times!!!.\r\nPlease login after 416 seconds! -->
|
|
141
|
+
<example _encoding="base64" hw.product="TD-W8960N">
|
|
142
|
+
VEQtVzg5NjBOIDUuMCBEU0wgTW9kZW0gUm91dGVyDQpBdXRob3JpemF0aW9uIGZhaWxlZCBhZ
|
|
143
|
+
nRlciB0cnlpbmcgNSB0aW1lcyEhIS4NClBsZWFzZSBsb2dpbiBhZnRlciA0MTYgc2Vjb25kcy
|
|
144
|
+
E=
|
|
145
|
+
</example>
|
|
146
|
+
<param pos="0" name="hw.vendor" value="TP-Link"/>
|
|
147
|
+
<param pos="1" name="hw.product"/>
|
|
148
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
149
|
+
</fingerprint>
|
|
150
|
+
<fingerprint pattern="^(?:\r|\n)*ZyXEL login:$">
|
|
151
|
+
<description>ZyXEL simple</description>
|
|
152
|
+
<example>ZyXEL login:</example>
|
|
153
|
+
<param pos="0" name="hw.vendor" value="ZyXEL"/>
|
|
154
|
+
</fingerprint>
|
|
155
|
+
<fingerprint pattern="^ZyXEL \w?DSL Router\r\nLogin:$">
|
|
156
|
+
<description>ZyXEL Router - simple</description>
|
|
157
|
+
<!-- ZyXEL VDSL Router\r\nLogin: -->
|
|
158
|
+
<example _encoding="base64">WnlYRUwgVkRTTCBSb3V0ZXINCkxvZ2luOgo=</example>
|
|
159
|
+
<param pos="0" name="hw.vendor" value="ZyXEL"/>
|
|
160
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
161
|
+
</fingerprint>
|
|
162
|
+
<fingerprint pattern="^Debian GNU\/Linux 9(?:\r|\n)+([\w.-]+) login:\s*$">
|
|
163
|
+
<description>Debian 9.0 (stretch)</description>
|
|
164
|
+
<!-- Debian GNU/Linux 9\r\nserver-01.2 login: -->
|
|
165
|
+
<example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA5DQpzZXJ2ZXItMDEuMiBsb2dpbjoK</example>
|
|
166
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
167
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
168
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
169
|
+
<param pos="0" name="os.version" value="9.0"/>
|
|
170
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:9.0"/>
|
|
171
|
+
<param pos="1" name="host.name"/>
|
|
172
|
+
</fingerprint>
|
|
173
|
+
<fingerprint pattern="^Debian GNU\/Linux 8(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
|
|
174
|
+
<description>Debian 8.0 (jessie)</description>
|
|
175
|
+
<!-- Debian GNU/Linux 8\r\nserver-01.2 login: -->
|
|
176
|
+
<example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA4DQpzZXJ2ZXItMDEuMiBsb2dpbjoK</example>
|
|
177
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
178
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
179
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
180
|
+
<param pos="0" name="os.version" value="8.0"/>
|
|
181
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:8.0"/>
|
|
182
|
+
<param pos="1" name="host.name"/>
|
|
183
|
+
</fingerprint>
|
|
184
|
+
<fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux 7(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
|
|
185
|
+
<description>Debian 7.0 (wheezy)</description>
|
|
186
|
+
<!-- Debian GNU/Linux 7\r\nserver-01.2 login: -->
|
|
187
|
+
<example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA3DQpzZXJ2ZXItMDEuMiBsb2dpbjoK</example>
|
|
188
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
189
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
190
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
191
|
+
<param pos="0" name="os.version" value="7.0"/>
|
|
192
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:7.0"/>
|
|
193
|
+
<param pos="1" name="host.name"/>
|
|
194
|
+
</fingerprint>
|
|
195
|
+
<fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux 6(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
|
|
196
|
+
<description>Debian 6.0 (sqeeze)</description>
|
|
197
|
+
<!-- Debian GNU/Linux 6.0\r\nserver-01.2 login: -->
|
|
198
|
+
<example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA2LjANCnNlcnZlci0wMS4yIGxvZ2luOgo=</example>
|
|
199
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
200
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
201
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
202
|
+
<param pos="0" name="os.version" value="6.0"/>
|
|
203
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:6.0"/>
|
|
204
|
+
<param pos="1" name="host.name"/>
|
|
205
|
+
</fingerprint>
|
|
206
|
+
<fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux 5(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
|
|
207
|
+
<description>Debian 5.0 (lenny)</description>
|
|
208
|
+
<!-- Debian GNU/Linux 5.0\r\nserver-01.2 login: -->
|
|
209
|
+
<example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA1LjANCnNlcnZlci0wMS4yIGxvZ2luOgo=</example>
|
|
210
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
211
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
212
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
213
|
+
<param pos="0" name="os.version" value="5.0"/>
|
|
214
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:5.0"/>
|
|
215
|
+
<param pos="1" name="host.name"/>
|
|
216
|
+
</fingerprint>
|
|
217
|
+
<fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux 4(?:.0)?(?:\r|\n)+([\w.-]+) login:\s*$">
|
|
218
|
+
<description>Debian 4.0 (etch)</description>
|
|
219
|
+
<!-- Debian GNU/Linux 4.0\r\nserver-01.2 login: -->
|
|
220
|
+
<example _encoding="base64" host.name="server-01.2">RGViaWFuIEdOVS9MaW51eCA0LjANCnNlcnZlci0wMS4yIGxvZ2luOgo=</example>
|
|
221
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
222
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
223
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
224
|
+
<param pos="0" name="os.version" value="4.0"/>
|
|
225
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:4.0"/>
|
|
226
|
+
<param pos="1" name="host.name"/>
|
|
227
|
+
</fingerprint>
|
|
228
|
+
<fingerprint pattern="^(?:\r|\n)*Debian GNU\/Linux (3.\d)(?: [\w.-]+)?(?:\r|\n)+([\w.-]+) login:\s*$">
|
|
229
|
+
<description>Debian 3.x (woody/sarge)</description>
|
|
230
|
+
<!-- Debian GNU/Linux 3.1\r\nserver-01.2 login: -->
|
|
231
|
+
<example _encoding="base64" os.version="3.1" host.name="server-01.2">
|
|
232
|
+
RGViaWFuIEdOVS9MaW51eCAzLjENCnNlcnZlci0wMS4yIGxvZ2luOgo=
|
|
233
|
+
</example>
|
|
234
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
235
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
236
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
237
|
+
<param pos="1" name="os.version"/>
|
|
238
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:{os.version}"/>
|
|
239
|
+
<param pos="2" name="host.name"/>
|
|
240
|
+
</fingerprint>
|
|
241
|
+
<fingerprint pattern="^(?:\r|\n)*Ubuntu ([\d.]+)(?: LTS)?(?:\r|\n)+([\w.-]+) login:\s*$">
|
|
242
|
+
<description>Ubuntu - most versions</description>
|
|
243
|
+
<!-- Ubuntu 16.04.4 LTS\r\nserver-01.2 login: -->
|
|
244
|
+
<example _encoding="base64" os.version="16.04.4" host.name="server-01.2">
|
|
245
|
+
VWJ1bnR1IDE2LjA0LjQgTFRTDQpzZXJ2ZXItMDEuMiBsb2dpbjoK
|
|
246
|
+
</example>
|
|
247
|
+
<!-- Ubuntu 17.04\r\nnginx login: -->
|
|
248
|
+
<example _encoding="base64" os.version="17.04" host.name="nginx">
|
|
249
|
+
VWJ1bnR1IDE3LjA0DQpuZ2lueCBsb2dpbjoK
|
|
250
|
+
</example>
|
|
251
|
+
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
|
252
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
253
|
+
<param pos="0" name="os.product" value="Ubuntu Linux"/>
|
|
254
|
+
<param pos="1" name="os.version"/>
|
|
255
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:{os.version}"/>
|
|
256
|
+
<param pos="2" name="host.name"/>
|
|
257
|
+
</fingerprint>
|
|
258
|
+
<fingerprint pattern="(?:\r|\n)*Debian GNU\/Linux (2.\d)(?: [\w.-]+)?(?:\r|\n)+([\w.-]+) login:\s*">
|
|
259
|
+
<description>Debian 2.x (hamm/slink/potato)</description>
|
|
260
|
+
<!-- Debian GNU/Linux 2.2\r\nserver-01.2 login: -->
|
|
261
|
+
<example _encoding="base64" os.version="2.2" host.name="server-01.2">
|
|
262
|
+
RGViaWFuIEdOVS9MaW51eCAyLjINCnNlcnZlci0wMS4yIGxvZ2luOgo=
|
|
263
|
+
</example>
|
|
264
|
+
<!-- Debian GNU/Linux 2.2 localhost.localdomain\r\nmoon login: -->
|
|
265
|
+
<example _encoding="base64" os.version="2.2" host.name="moon">
|
|
266
|
+
RGViaWFuIEdOVS9MaW51eCAyLjIgbG9jYWxob3N0LmxvY2FsZG9tYWluDQptb29uIGxvZ2luOgo=
|
|
267
|
+
</example>
|
|
268
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
269
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
270
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
271
|
+
<param pos="1" name="os.version"/>
|
|
272
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:{os.version}"/>
|
|
273
|
+
<param pos="2" name="host.name"/>
|
|
274
|
+
</fingerprint>
|
|
275
|
+
<fingerprint pattern="^CentOS release ([\d.]+) \(Final\)(?:\r|\n)+Kernel ([\w.-]+) on an (\w+)(?:\r|\n)+(?:([\w.-]+) )?login:\s*$">
|
|
276
|
+
<description>CentOS</description>
|
|
277
|
+
<!-- CentOS release 5.9 (Final)\r\nKernel 2.6.18-348.6.1.el5 on an i686\r\nlogin: -->
|
|
278
|
+
<example _encoding="base64" os.version="5.9" linux.kernel.version="2.6.18-348.6.1.el5" os.arch="i686">
|
|
279
|
+
Q2VudE9TIHJlbGVhc2UgNS45IChGaW5hbCkNCktlcm5lbCAyLjYuMTgtMzQ4LjYuMS5lbDUgb
|
|
280
|
+
24gYW4gaTY4Ng0KbG9naW46Cg==
|
|
281
|
+
</example>
|
|
282
|
+
<!-- CentOS release 6.10 (Final)\r\nKernel 2.6.32-754.2.1.el6.x86_64 on an x86_64\r\nserver-01.2 login: -->
|
|
283
|
+
<example _encoding="base64" os.version="6.10" linux.kernel.version="2.6.32-754.2.1.el6.x86_64" os.arch="x86_64" host.name="server-01.2">
|
|
284
|
+
Q2VudE9TIHJlbGVhc2UgNi4xMCAoRmluYWwpDQpLZXJuZWwgMi42LjMyLTc1NC4yLjEuZWw2L
|
|
285
|
+
ng4Nl82NCBvbiBhbiB4ODZfNjQNCnNlcnZlci0wMS4yIGxvZ2luOgo=
|
|
286
|
+
</example>
|
|
287
|
+
<param pos="0" name="os.vendor" value="CentOS"/>
|
|
288
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
289
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
290
|
+
<param pos="1" name="os.version"/>
|
|
291
|
+
<param pos="2" name="linux.kernel.version"/>
|
|
292
|
+
<param pos="3" name="os.arch"/>
|
|
293
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:{os.version}"/>
|
|
294
|
+
<param pos="4" name="host.name"/>
|
|
295
|
+
</fingerprint>
|
|
296
|
+
<fingerprint pattern="^(?:\r|\n)*(RT-AC\d\d\w) login:\s*$">
|
|
297
|
+
<description>Asus Wireless Access Point/Router - RT-AC prefix</description>
|
|
298
|
+
<example hw.product="RT-AC54U">RT-AC54U login:</example>
|
|
299
|
+
<example hw.product="RT-AC68R">RT-AC68R login:</example>
|
|
300
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
301
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
302
|
+
<param pos="0" name="hw.vendor" value="Asus"/>
|
|
303
|
+
<param pos="0" name="hw.device" value="WAP"/>
|
|
304
|
+
<param pos="1" name="hw.product"/>
|
|
305
|
+
</fingerprint>
|
|
306
|
+
<fingerprint pattern="^(?:\r|\n)*(AC\d\d00) login:\s*$">
|
|
307
|
+
<description>Asus Wireless Access Point/Router - AC prefix</description>
|
|
308
|
+
<example hw.product="AC1000">AC1000 login:</example>
|
|
309
|
+
<example hw.product="AC3000">AC3000 login:</example>
|
|
310
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
311
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
312
|
+
<param pos="0" name="hw.vendor" value="Asus"/>
|
|
313
|
+
<param pos="0" name="hw.device" value="WAP"/>
|
|
314
|
+
<param pos="1" name="hw.product"/>
|
|
315
|
+
</fingerprint>
|
|
316
|
+
<fingerprint pattern="^(?:\r|\n)*(Air5\d+\w{0,2}) login:\s*$">
|
|
317
|
+
<description>Airties</description>
|
|
318
|
+
<example hw.product="Air5650">Air5650 login:</example>
|
|
319
|
+
<example hw.product="Air5650TT">Air5650TT login:</example>
|
|
320
|
+
<param pos="0" name="hw.vendor" value="Airties"/>
|
|
321
|
+
<param pos="0" name="hw.device" value="WAP"/>
|
|
322
|
+
<param pos="1" name="hw.product"/>
|
|
323
|
+
</fingerprint>
|
|
324
|
+
<fingerprint pattern="^Amazon Linux AMI release ([\d.]+)(?:\r|\n)+Kernel ([\w.-]+) on an (\w+)(?:\r|\n)+(?:([\w.-]+) )?login:\s*$">
|
|
325
|
+
<description>Amazon Linux AMI</description>
|
|
326
|
+
<!-- Amazon Linux AMI release 2013.09\r\nKernel 3.4.68-59.97.amzn1.x86_64 on an x86_64\r\nserver-01.2 login: -->
|
|
327
|
+
<example _encoding="base64" os.version="2013.09" linux.kernel.version="3.4.68-59.97.amzn1.x86_64" os.arch="x86_64" host.name="server-01.2">
|
|
328
|
+
QW1hem9uIExpbnV4IEFNSSByZWxlYXNlIDIwMTMuMDkNCktlcm5lbCAzLjQuNjgtNTkuOTcuY
|
|
329
|
+
W16bjEueDg2XzY0IG9uIGFuIHg4Nl82NA0Kc2VydmVyLTAxLjIgbG9naW46Cg==
|
|
330
|
+
</example>
|
|
331
|
+
<param pos="0" name="os.vendor" value="Amazon"/>
|
|
332
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
333
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
334
|
+
<param pos="1" name="os.version"/>
|
|
335
|
+
<param pos="2" name="linux.kernel.version"/>
|
|
336
|
+
<param pos="3" name="os.arch"/>
|
|
337
|
+
<param pos="4" name="host.name"/>
|
|
338
|
+
</fingerprint>
|
|
339
|
+
<fingerprint pattern="^(?m)TiMOS-[CB]-([\S]+) (?:both|cpm)/([\w]+) ALCATEL (SR [\S]+) Copyright.*Login:\s*$">
|
|
340
|
+
<description>ALCATEL Service Router running TiMOS</description>
|
|
341
|
+
<!-- TiMOS-C-12.0.R12 cpm/hops64 ALCATEL SR 7750 Copyright (c) 2000-2015 Alcatel-Lucent.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
|
|
342
|
+
<example _encoding="base64" os.version="12.0.R12" hw.product="SR 7750" os.arch="hops64">
|
|
343
|
+
VGlNT1MtQy0xMi4wLlIxMiBjcG0vaG9wczY0IEFMQ0FURUwgU1IgNzc1MCBDb3B5cmlnaHQgK
|
|
344
|
+
GMpIDIwMDAtMjAxNSBBbGNhdGVsLUx1Y2VudC4NDQpCYW5uZXIgU2hvcnRlbmVkIEZvciANDQ
|
|
345
|
+
pCcmV2aXR5DQpMb2dpbjoK
|
|
346
|
+
</example>
|
|
347
|
+
<param pos="0" name="os.vendor" value="ALCATEL"/>
|
|
348
|
+
<param pos="0" name="os.product" value="TimOS"/>
|
|
349
|
+
<param pos="0" name="os.device" value="Router"/>
|
|
350
|
+
<param pos="1" name="os.version"/>
|
|
351
|
+
<param pos="2" name="os.arch"/>
|
|
352
|
+
<param pos="0" name="hw.vendor" value="ALCATEL"/>
|
|
353
|
+
<param pos="0" name="hw.family" value="Service Router"/>
|
|
354
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
355
|
+
<param pos="3" name="hw.product"/>
|
|
356
|
+
</fingerprint>
|
|
357
|
+
<!-- Nokia purchased Alcatel Lucent, finalized in Nov 2016 -->
|
|
358
|
+
<fingerprint pattern="^(?m)TiMOS-[CB]-([\S]+) (?:both|cpm)\/([\w]+) Nokia ([\S]+ [SRX]+) Copyright.*Login:\s*$">
|
|
359
|
+
<description>Nokia Service Router running TiMOS</description>
|
|
360
|
+
<!-- TiMOS-C-14.0.R5 cpm/hops64 Nokia 7750 SR Copyright (c) 2000-2016 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
|
|
361
|
+
<example _encoding="base64" os.version="14.0.R5" os.arch="hops64" hw.product="7750 SR">
|
|
362
|
+
VGlNT1MtQy0xNC4wLlI1IGNwbS9ob3BzNjQgTm9raWEgNzc1MCBTUiBDb3B5cmlnaHQgKGMpI
|
|
363
|
+
DIwMDAtMjAxNiBOb2tpYS4NDQpCYW5uZXIgU2hvcnRlbmVkIEZvciANDQpCcmV2aXR5DQpMb2
|
|
364
|
+
dpbjoK
|
|
365
|
+
</example>
|
|
366
|
+
<!-- TiMOS-C-14.0.R10 cpm/hops64 Nokia 7950 XRS Copyright (c) 2000-2017 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
|
|
367
|
+
<example _encoding="base64" os.version="14.0.R10" os.arch="hops64" hw.product="7950 XRS">
|
|
368
|
+
VGlNT1MtQy0xNC4wLlIxMCBjcG0vaG9wczY0IE5va2lhIDc5NTAgWFJTIENvcHlyaWdodCAoY
|
|
369
|
+
ykgMjAwMC0yMDE3IE5va2lhLg0NCkJhbm5lciBTaG9ydGVuZWQgRm9yIA0NCkJyZXZpdHkNCk
|
|
370
|
+
xvZ2luOgo=
|
|
371
|
+
</example>
|
|
372
|
+
<param pos="0" name="os.vendor" value="Nokia"/>
|
|
373
|
+
<param pos="0" name="os.product" value="TimOS"/>
|
|
374
|
+
<param pos="0" name="os.device" value="Router"/>
|
|
375
|
+
<param pos="1" name="os.version"/>
|
|
376
|
+
<param pos="2" name="os.arch"/>
|
|
377
|
+
<param pos="0" name="hw.vendor" value="Nokia"/>
|
|
378
|
+
<param pos="0" name="hw.family" value="Service Router"/>
|
|
379
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
380
|
+
<param pos="3" name="hw.product"/>
|
|
381
|
+
</fingerprint>
|
|
382
|
+
<fingerprint pattern="^(?m)TiMOS-[CB]-([\S]+) (?:both|cpm)\/([\w]+) Nokia (SAS[+\w\s-]+) Copyright.*Login:\s*$">
|
|
383
|
+
<description>Nokia Service Access Switch running TiMOS</description>
|
|
384
|
+
<!-- TiMOS-B-8.0.R12 both/hops Nokia SAS-Mxp 22F2C 4SFP+ 7210 Copyright (c) 2000-2017 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
|
|
385
|
+
<example _encoding="base64" os.version="8.0.R12" os.arch="hops" hw.product="SAS-Mxp 22F2C 4SFP+ 7210">
|
|
386
|
+
VGlNT1MtQi04LjAuUjEyIGJvdGgvaG9wcyBOb2tpYSBTQVMtTXhwIDIyRjJDIDRTRlArIDcyM
|
|
387
|
+
TAgQ29weXJpZ2h0IChjKSAyMDAwLTIwMTcgTm9raWEuDQ0KQmFubmVyIFNob3J0ZW5lZCBGb3
|
|
388
|
+
IgDQ0KQnJldml0eQ0KTG9naW46Cg==
|
|
389
|
+
</example>
|
|
390
|
+
<!-- TiMOS-B-9.0.R9 both/mpc Nokia SAS-M 24F 2XFP 7210 Copyright (c) 2000-2017 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
|
|
391
|
+
<example _encoding="base64" os.version="9.0.R9" os.arch="mpc" hw.product="SAS-M 24F 2XFP 7210">
|
|
392
|
+
VGlNT1MtQi05LjAuUjkgYm90aC9tcGMgTm9raWEgU0FTLU0gMjRGIDJYRlAgNzIxMCBDb3B5c
|
|
393
|
+
mlnaHQgKGMpIDIwMDAtMjAxNyBOb2tpYS4NDQpCYW5uZXIgU2hvcnRlbmVkIEZvciANDQpCcm
|
|
394
|
+
V2aXR5DQpMb2dpbjoK
|
|
395
|
+
</example>
|
|
396
|
+
<param pos="0" name="os.vendor" value="Nokia"/>
|
|
397
|
+
<param pos="0" name="os.product" value="TimOS"/>
|
|
398
|
+
<param pos="0" name="os.device" value="Switch"/>
|
|
399
|
+
<param pos="1" name="os.version"/>
|
|
400
|
+
<param pos="2" name="os.arch"/>
|
|
401
|
+
<param pos="0" name="hw.vendor" value="Nokia"/>
|
|
402
|
+
<param pos="0" name="hw.family" value="Service Access Switch"/>
|
|
403
|
+
<param pos="0" name="hw.device" value="Switch"/>
|
|
404
|
+
<param pos="3" name="hw.product"/>
|
|
405
|
+
</fingerprint>
|
|
406
|
+
<fingerprint pattern="^(?:\r|\n)*Grandstream (HT[\d-]+)\s+(?:V\d\.\d\w?\s+)?Command Shell Copyright \d\d\d\d-\d\d\d\d(?:\r|\n)+Password:\s*$">
|
|
407
|
+
<description>Grandstream HandyTone Analog Telephone Adapters</description>
|
|
408
|
+
<!-- Grandstream HT812 Command Shell Copyright 2006-2017\r\nPassword: -->
|
|
409
|
+
<example _encoding="base64" hw.product="HT812">
|
|
410
|
+
R3JhbmRzdHJlYW0gSFQ4MTIgQ29tbWFuZCBTaGVsbCBDb3B5cmlnaHQgMjAwNi0yMDE3DQpQY
|
|
411
|
+
XNzd29yZDoK
|
|
412
|
+
</example>
|
|
413
|
+
<!-- Grandstream HT-502 V2.0A Command Shell Copyright 2006-2014\r\nPassword: -->
|
|
414
|
+
<example _encoding="base64" hw.product="HT-502">
|
|
415
|
+
R3JhbmRzdHJlYW0gSFQtNTAyICBWMi4wQSBDb21tYW5kIFNoZWxsIENvcHlyaWdodCAyMDA2L
|
|
416
|
+
TIwMTQNClBhc3N3b3JkOgo=
|
|
417
|
+
</example>
|
|
418
|
+
<param pos="0" name="hw.vendor" value="Grandstream"/>
|
|
419
|
+
<param pos="0" name="hw.family" value="HandyTone"/>
|
|
420
|
+
<param pos="0" name="hw.device" value="VoIP"/>
|
|
421
|
+
<param pos="1" name="hw.product"/>
|
|
422
|
+
</fingerprint>
|
|
423
|
+
<fingerprint pattern="^(?:\r|\n)*Grandstream (GXW[\d-]+)\s+(?:V\d\.\d\w?\s+)?Command Shell Copyright \d\d\d\d(?:-\d\d\d\d)?(?:\r|\n)+Password:\s*$">
|
|
424
|
+
<description>Grandstream Analog VoIP Gateways</description>
|
|
425
|
+
<!-- Grandstream GXW-4008 V1.5A Command Shell Copyright 2006-2015\r\nPassword: -->
|
|
426
|
+
<example _encoding="base64" hw.product="GXW-4008">
|
|
427
|
+
R3JhbmRzdHJlYW0gR1hXLTQwMDggIFYxLjVBIENvbW1hbmQgU2hlbGwgQ29weXJpZ2h0IDIwM
|
|
428
|
+
DYtMjAxNQ0KUGFzc3dvcmQ6Cg==
|
|
429
|
+
</example>
|
|
430
|
+
<!-- Grandstream GXW4216 V2.3B Command Shell Copyright 2015\r\nPassword: -->
|
|
431
|
+
<example _encoding="base64" hw.product="GXW4216">
|
|
432
|
+
R3JhbmRzdHJlYW0gR1hXNDIxNiAgVjIuM0IgQ29tbWFuZCBTaGVsbCBDb3B5cmlnaHQgMjAxN
|
|
433
|
+
Q0KUGFzc3dvcmQ6Cg==
|
|
434
|
+
</example>
|
|
435
|
+
<param pos="0" name="hw.vendor" value="Grandstream"/>
|
|
436
|
+
<param pos="0" name="hw.family" value="GXW"/>
|
|
437
|
+
<param pos="0" name="hw.device" value="VoIP"/>
|
|
438
|
+
<param pos="1" name="hw.product"/>
|
|
439
|
+
</fingerprint>
|
|
440
|
+
<fingerprint pattern="^(?:\r|\n|\s)*Grandstream (GXV[\w-]+)\s+(?:V\d\.\d\w?\s+)?Shell Command.Copyight \d\d\d\d-\d\d\d\d(?:\r|\n)+Username:\s*$">
|
|
441
|
+
<description>Grandstream IP Cameras</description>
|
|
442
|
+
<!-- Grandstream GXV3674_FHD_VF Shell Command.Copyight 2011-2014\r\nUsername: -->
|
|
443
|
+
<example _encoding="base64" hw.product="GXV3674_FHD_VF">
|
|
444
|
+
R3JhbmRzdHJlYW0gR1hWMzY3NF9GSERfVkYgICAgU2hlbGwgQ29tbWFuZC5Db3B5aWdodCAyM
|
|
445
|
+
DExLTIwMTQNClVzZXJuYW1lOgo=
|
|
446
|
+
</example>
|
|
447
|
+
<param pos="0" name="hw.vendor" value="Grandstream"/>
|
|
448
|
+
<param pos="0" name="hw.family" value="GXV"/>
|
|
449
|
+
<param pos="0" name="hw.device" value="Camera"/>
|
|
450
|
+
<param pos="1" name="hw.product"/>
|
|
451
|
+
</fingerprint>
|
|
452
|
+
<fingerprint pattern="^(?:\r|\n)*Welcome to Polycom RMX\s*(\w+) \(COP\) Console Utility(?:\r|\n)+Copyright \(C\) \d\d\d\d-\d\d\d\d POLYCOM(?:\r|\n)+Password:\s*$">
|
|
453
|
+
<description>Polycom Real Time Media Conferencing</description>
|
|
454
|
+
<!-- Welcome to Polycom RMX 500 (COP) Console Utility\r\n\rCopyright (C) 2008-2010 POLYCOM\r\n\r\r\n\rPassword: -->
|
|
455
|
+
<example _encoding="base64" hw.product="500">
|
|
456
|
+
V2VsY29tZSB0byBQb2x5Y29tIFJNWCA1MDAgKENPUCkgQ29uc29sZSBVdGlsaXR5DQoNQ29we
|
|
457
|
+
XJpZ2h0IChDKSAyMDA4LTIwMTAgUE9MWUNPTQ0KDQ0KDVBhc3N3b3JkOgo=
|
|
458
|
+
</example>
|
|
459
|
+
<!-- Welcome to Polycom RMX 1000C (COP) Console Utility\r\n\rCopyright (C) 2008-2012 POLYCOM\r\n\r\r\n\rPassword: -->
|
|
460
|
+
<example _encoding="base64" hw.product="1000C">
|
|
461
|
+
V2VsY29tZSB0byBQb2x5Y29tIFJNWCAxMDAwQyAoQ09QKSBDb25zb2xlIFV0aWxpdHkNCg1Db
|
|
462
|
+
3B5cmlnaHQgKEMpIDIwMDgtMjAxMiBQT0xZQ09NDQoNDQoNUGFzc3dvcmQ6Cg==
|
|
463
|
+
</example>
|
|
464
|
+
<param pos="0" name="hw.vendor" value="Polycom"/>
|
|
465
|
+
<param pos="0" name="hw.family" value="RMX"/>
|
|
466
|
+
<param pos="0" name="hw.device" value="Video Conferencing"/>
|
|
467
|
+
<param pos="1" name="hw.product"/>
|
|
468
|
+
</fingerprint>
|
|
469
|
+
<fingerprint pattern="^(?:\r|\n)*Hi, my name is :\s+[\w.\s-]+(?:\r|\n)+Here is what I know about myself:(?:\r|\n)+Model:\s+VSX (\w+)(?:\r|\n)+Serial Number:\s+(\w+)(?:\r|\n)+Software Version:\s+Release ([\d.-]+)\s">
|
|
470
|
+
<description>Polycom Video Conferencing - VSX Family</description>
|
|
471
|
+
<!-- Hi, my name is : Something Pity\r\nHere is what I know about myself:\r\nModel: VSX 6000A\r\nSerial Number: 00070906FC34F6\r\nSoftware Version: Release 9.0.6.2-103 - 04Sep2011 21:27\r\nBuild Information: ecomman -->
|
|
472
|
+
<example _encoding="base64" hw.product="6000A" host.id="00070906FC34F6" os.version="9.0.6.2-103">
|
|
473
|
+
SGksIG15IG5hbWUgaXMgOiAgICAgU29tZXRoaW5nIFBpdHkNCkhlcmUgaXMgd2hhdCBJIGtub
|
|
474
|
+
3cgYWJvdXQgbXlzZWxmOg0KTW9kZWw6ICAgICAgICAgICAgICAgVlNYIDYwMDBBDQpTZXJpYW
|
|
475
|
+
wgTnVtYmVyOiAgICAgICAwMDA3MDkwNkZDMzRGNg0KU29mdHdhcmUgVmVyc2lvbjogICAgUmV
|
|
476
|
+
sZWFzZSA5LjAuNi4yLTEwMyAtIDA0U2VwMjAxMSAyMToyNw0KQnVpbGQgSW5mb3JtYXRpb246
|
|
477
|
+
ICAgZWNvbW1hbgo=
|
|
478
|
+
</example>
|
|
479
|
+
<param pos="0" name="hw.vendor" value="Polycom"/>
|
|
480
|
+
<param pos="0" name="hw.family" value="VSX"/>
|
|
481
|
+
<param pos="0" name="hw.device" value="Video Conferencing"/>
|
|
482
|
+
<param pos="1" name="hw.product"/>
|
|
483
|
+
<param pos="2" name="host.id"/>
|
|
484
|
+
<param pos="3" name="os.version"/>
|
|
485
|
+
</fingerprint>
|
|
486
|
+
<fingerprint pattern="Polycom Command Shell(?:\r|\n)+XCOM host:\s+localhost port: \d+">
|
|
487
|
+
<description>Polycom Diagnotic Service</description>
|
|
488
|
+
<!-- Polycom Command Shell\r\r\nXCOM host: localhost port: 4121\r\r\nTTY name: /dev/pts/0\r\r\nSession type: telnet\r\r\nNCF\r\nNCF\r\n2018-08-15 18:03:10 DEBUG -->
|
|
489
|
+
<example _encoding="base64">
|
|
490
|
+
UG9seWNvbSBDb21tYW5kIFNoZWxsDQ0KWENPTSBob3N0OiAgICBsb2NhbGhvc3QgcG9ydDogN
|
|
491
|
+
DEyMQ0NClRUWSBuYW1lOiAgICAgL2Rldi9wdHMvMA0NClNlc3Npb24gdHlwZTogdGVsbmV0DQ
|
|
492
|
+
0KTkNGDQpOQ0YNCjIwMTgtMDgtMTUgMTg6MDM6MTAgREVCVUcK
|
|
493
|
+
</example>
|
|
494
|
+
<param pos="0" name="hw.vendor" value="Polycom"/>
|
|
495
|
+
<param pos="0" name="hw.device" value="Video Conferencing"/>
|
|
496
|
+
</fingerprint>
|
|
497
|
+
<fingerprint pattern="^Welcome to the Windows CE Telnet Service on (WEBBOX[\w.-]+)(?:\r|\n)+login:\s*$">
|
|
498
|
+
<description>Sunny WebBox Windows CE</description>
|
|
499
|
+
<!-- Welcome to the Windows CE Telnet Service on WEBBOX150000000\r\n\r\nlogin: -->
|
|
500
|
+
<example _encoding="base64" host.name="WEBBOX150000000">
|
|
501
|
+
V2VsY29tZSB0byB0aGUgV2luZG93cyBDRSBUZWxuZXQgU2VydmljZSBvbiBXRUJCT1gxNTAwM
|
|
502
|
+
DAwMDANCg0KbG9naW46Cg==
|
|
503
|
+
</example>
|
|
504
|
+
<param pos="0" name="hw.vendor" value="SMA Solar Technology Ag"/>
|
|
505
|
+
<param pos="0" name="hw.family" value="Sunny"/>
|
|
506
|
+
<param pos="0" name="hw.product" value="WebBox"/>
|
|
507
|
+
<param pos="0" name="hw.device" value="Power Management"/>
|
|
508
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
509
|
+
<param pos="0" name="os.family" value="Windows"/>
|
|
510
|
+
<param pos="0" name="os.product" value="Windows CE"/>
|
|
511
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:-"/>
|
|
512
|
+
<param pos="1" name="host.name"/>
|
|
513
|
+
</fingerprint>
|
|
514
|
+
<fingerprint pattern="^Welcome to the Windows CE Telnet Service on ([\w.-]+)(?:\r|\n)+login:\s*$">
|
|
515
|
+
<description>Windows CE</description>
|
|
516
|
+
<!-- Welcome to the Windows CE Telnet Service on MY-CE-DEVICE\r\n\r\nlogin: -->
|
|
517
|
+
<example _encoding="base64" host.name="MY-CE-DEVICE">
|
|
518
|
+
V2VsY29tZSB0byB0aGUgV2luZG93cyBDRSBUZWxuZXQgU2VydmljZSBvbiBNWS1DRS1ERVZJQ
|
|
519
|
+
0UNCg0KbG9naW46Cg==
|
|
520
|
+
</example>
|
|
521
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
522
|
+
<param pos="0" name="os.family" value="Windows"/>
|
|
523
|
+
<param pos="0" name="os.product" value="Windows CE"/>
|
|
524
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_ce:-"/>
|
|
525
|
+
<param pos="1" name="host.name"/>
|
|
526
|
+
</fingerprint>
|
|
527
|
+
<fingerprint pattern="^(?:\r|\n)*HP JetDirect(?:\r|\n)+$">
|
|
528
|
+
<description>HP Printer - Jet Direct</description>
|
|
529
|
+
<!-- HP JetDirect\r\nPassword is not set\r\n\r\nPlease type "menu" for the MENU system, \r\nor "?" for help, or "/" for current settings.\r\n> -->
|
|
530
|
+
<example _encoding="base64">
|
|
531
|
+
SFAgSmV0RGlyZWN0DQpQYXNzd29yZCBpcyBub3Qgc2V0DQoNClBsZWFzZSB0eXBlICJtZW51I
|
|
532
|
+
iBmb3IgdGhlIE1FTlUgc3lzdGVtLCANCm9yICI/IiBmb3IgaGVscCwgb3IgIi8iIGZvciBjdX
|
|
533
|
+
JyZW50IHNldHRpbmdzLg0KPgo=
|
|
534
|
+
</example>
|
|
535
|
+
<!-- HP JetDirect\r\n\r\nEnter username: -->
|
|
536
|
+
<example _encoding="base64">SFAgSmV0RGlyZWN0DQoNCkVudGVyIHVzZXJuYW1lOgo=</example>
|
|
537
|
+
<param pos="0" name="service.vendor" value="HP"/>
|
|
538
|
+
<param pos="0" name="service.product" value="JetDirect"/>
|
|
539
|
+
<param pos="0" name="service.family" value="JetDirect"/>
|
|
540
|
+
<param pos="0" name="os.vendor" value="HP"/>
|
|
541
|
+
<param pos="0" name="os.device" value="Printer"/>
|
|
542
|
+
<param pos="0" name="os.family" value="JetDirect"/>
|
|
543
|
+
<param pos="0" name="os.product" value="JetDirect"/>
|
|
544
|
+
<param pos="0" name="hw.vendor" value="HP"/>
|
|
545
|
+
<param pos="0" name="hw.family" value="JetDirect"/>
|
|
546
|
+
<param pos="0" name="hw.product" value="JetDirect"/>
|
|
547
|
+
<param pos="0" name="hw.device" value="Printer"/>
|
|
548
|
+
</fingerprint>
|
|
549
|
+
<fingerprint pattern="^(?:\r|\n)*%connection closed by remote host!(?:\u0000)?$">
|
|
550
|
+
<description>HP switch blocking connection using network ACL</description>
|
|
551
|
+
<!-- %connection closed by remote host! -->
|
|
552
|
+
<example _encoding="base64">JWNvbm5lY3Rpb24gY2xvc2VkIGJ5IHJlbW90ZSBob3N0IQ==</example>
|
|
553
|
+
<param pos="0" name="hw.vendor" value="HP"/>
|
|
554
|
+
<param pos="0" name="hw.device" value="Switch"/>
|
|
555
|
+
</fingerprint>
|
|
556
|
+
<fingerprint pattern="^(?:\r|\n)*Welcome Visiting Huawei Home Gateway\r\nCopyright by Huawei Technologies Co., Ltd.\r\n\r\nLogin:$">
|
|
557
|
+
<description>Huawei HG series Home Gateway routers</description>
|
|
558
|
+
<!-- Welcome Visiting Huawei Home Gateway\r\nCopyright by Huawei Technologies Co., Ltd.\r\n\r\nLogin: -->
|
|
559
|
+
<example _encoding="base64">
|
|
560
|
+
V2VsY29tZSBWaXNpdGluZyBIdWF3ZWkgSG9tZSBHYXRld2F5DQpDb3B5cmlnaHQgYnkgSHVhd
|
|
561
|
+
2VpIFRlY2hub2xvZ2llcyBDby4sIEx0ZC4NCg0KTG9naW46Cg==
|
|
562
|
+
</example>
|
|
563
|
+
<param pos="0" name="hw.vendor" value="Huawei"/>
|
|
564
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
565
|
+
</fingerprint>
|
|
566
|
+
<fingerprint pattern="^(?:\r|\n)*Warning: Telnet is not a secure protocol, and it is recommended to use Stelnet.(?:(?:\r|\n)+Login authentication)?(?:\r|\n)+Username:$">
|
|
567
|
+
<description>Huawei Router</description>
|
|
568
|
+
<!-- Warning: Telnet is not a secure protocol, and it is recommended to use Stelnet.\r\n\r\nLogin authentication\r\n\r\n\r\nUsername: -->
|
|
569
|
+
<example _encoding="base64">
|
|
570
|
+
V2FybmluZzogVGVsbmV0IGlzIG5vdCBhIHNlY3VyZSBwcm90b2NvbCwgYW5kIGl0IGlzIHJlY
|
|
571
|
+
29tbWVuZGVkIHRvIHVzZSBTdGVsbmV0Lg0KDQpMb2dpbiBhdXRoZW50aWNhdGlvbg0KDQoNCl
|
|
572
|
+
VzZXJuYW1lOgo=
|
|
573
|
+
</example>
|
|
574
|
+
<param pos="0" name="hw.vendor" value="Huawei"/>
|
|
575
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
576
|
+
</fingerprint>
|
|
577
|
+
<fingerprint pattern="^(?:\r|\n)*(?:% Password expiration warning.\r\n)?-+\r\nCisco Configuration Professional \(Cisco CP\) is installed on this device. \r\nThis feature requires the one-time use of the username">
|
|
578
|
+
<description>Cisco router - Cisco Configuration Pro variant</description>
|
|
579
|
+
<!-- There are are roughly 69 dash characters before the CRLF in the banner below but can't be included in XML comments. -->
|
|
580
|
+
<!-- \r\nCisco Configuration Professional (Cisco CP) is installed on this device. \r\nThis feature requires the one-time use of the username -->
|
|
581
|
+
<example _encoding="base64">
|
|
582
|
+
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tL
|
|
583
|
+
S0tLS0tLS0tLS0tLS0tLS0NCkNpc2NvIENvbmZpZ3VyYXRpb24gUHJvZmVzc2lvbmFsIChDaX
|
|
584
|
+
NjbyBDUCkgaXMgaW5zdGFsbGVkIG9uIHRoaXMgZGV2aWNlLiANClRoaXMgZmVhdHVyZSByZXF
|
|
585
|
+
1aXJlcyB0aGUgb25lLXRpbWUgdXNlIG9mIHRoZSB1c2VybmFtZQo=
|
|
586
|
+
</example>
|
|
587
|
+
<param pos="0" name="service.vendor" value="Cisco"/>
|
|
588
|
+
<param pos="0" name="os.vendor" value="Cisco"/>
|
|
589
|
+
<param pos="0" name="os.family" value="IOS"/>
|
|
590
|
+
<param pos="0" name="os.product" value="IOS"/>
|
|
591
|
+
<param pos="0" name="os.device" value="Router"/>
|
|
592
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:-"/>
|
|
593
|
+
<param pos="0" name="hw.vendor" value="Cisco"/>
|
|
594
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
595
|
+
</fingerprint>
|
|
596
|
+
<fingerprint pattern="^(?m)(?:\r|\n)*Catalyst 1900 Management Console(?:\r|\n)+.*Ethernet Address:\s+([\w-]+)(?:\r|\n)+.*Model Number:\s+([\w-]+)(?:\r|\n)+System Serial Number:\s+(\w+)(?:\r|\n)+Power Supply">
|
|
597
|
+
<description>Cisco Catalyst 1900</description>
|
|
598
|
+
<!-- Catalyst 1900, unlike other Catalyst models, didn't run CatOS or IOS -->
|
|
599
|
+
<!-- Catalyst 1900 Management Console\r\nCopyright (c) Cisco Systems, Inc. 1993-1998\r\nAll rights reserved.\r\nEnterprise Edition Software\r\nEthernet Address: 00-AA-19-38-AA-00\r\n\r\nPCA Number: 73-31AA-AA\r\nPCA Serial Number: FAB033AAAAA\r\nModel Number: WS-C1924-EN\r\nSystem Serial Number: FAB0341AAAA\r\nPower Supply S/N: -->
|
|
600
|
+
<example _encoding="base64" host.mac="00-AA-19-38-AA-00" hw.model="WS-C1924-EN" host.id="FAB0341AAAA">
|
|
601
|
+
Q2F0YWx5c3QgMTkwMCBNYW5hZ2VtZW50IENvbnNvbGUNCkNvcHlyaWdodCAoYykgQ2lzY28gU
|
|
602
|
+
3lzdGVtcywgSW5jLiAgMTk5My0xOTk4DQpBbGwgcmlnaHRzIHJlc2VydmVkLg0KRW50ZXJwcm
|
|
603
|
+
lzZSBFZGl0aW9uIFNvZnR3YXJlDQpFdGhlcm5ldCBBZGRyZXNzOiAgICAgIDAwLUFBLTE5LTM
|
|
604
|
+
4LUFBLTAwDQoNClBDQSBOdW1iZXI6ICAgICAgICAgICAgNzMtMzFBQS1BQQ0KUENBIFNlcmlh
|
|
605
|
+
bCBOdW1iZXI6ICAgICBGQUIwMzNBQUFBQQ0KTW9kZWwgTnVtYmVyOiAgICAgICAgICBXUy1DM
|
|
606
|
+
TkyNC1FTg0KU3lzdGVtIFNlcmlhbCBOdW1iZXI6ICBGQUIwMzQxQUFBQQ0KUG93ZXIgU3VwcG
|
|
607
|
+
x5IFMvTjogICAK
|
|
608
|
+
</example>
|
|
609
|
+
<param pos="0" name="service.vendor" value="Cisco"/>
|
|
610
|
+
<param pos="0" name="os.vendor" value="Cisco"/>
|
|
611
|
+
<param pos="0" name="os.device" value="Switch"/>
|
|
612
|
+
<param pos="0" name="hw.vendor" value="Cisco"/>
|
|
613
|
+
<param pos="0" name="hw.product" value="Catalyst 1900"/>
|
|
614
|
+
<param pos="0" name="hw.device" value="Switch"/>
|
|
615
|
+
<param pos="1" name="host.mac"/>
|
|
616
|
+
<param pos="2" name="hw.model"/>
|
|
617
|
+
<param pos="3" name="host.id"/>
|
|
618
|
+
</fingerprint>
|
|
619
|
+
<fingerprint pattern="^192.0.0.64 login:\s*$">
|
|
620
|
+
<description>Hikvision cameras and NVRs (multiple)</description>
|
|
621
|
+
<example>192.0.0.64 login:</example>
|
|
622
|
+
<param pos="0" name="os.vendor" value="Hikvision"/>
|
|
623
|
+
<param pos="0" name="hw.vendor" value="Hikvision"/>
|
|
624
|
+
</fingerprint>
|
|
625
|
+
<fingerprint pattern="^Remote Management Console\r\nlogin:\s*$">
|
|
626
|
+
<description>Juniper Netscreen</description>
|
|
627
|
+
<!-- Remote Management Console\r\nlogin: -->
|
|
628
|
+
<example _encoding="base64">UmVtb3RlIE1hbmFnZW1lbnQgQ29uc29sZQ0KbG9naW46Cg==</example>
|
|
629
|
+
<param pos="0" name="os.vendor" value="Juniper"/>
|
|
630
|
+
<param pos="0" name="os.device" value="Firewall"/>
|
|
631
|
+
<param pos="0" name="os.family" value="ScreenOS"/>
|
|
632
|
+
<param pos="0" name="os.product" value="ScreenOS"/>
|
|
633
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:juniper:screenos:-"/>
|
|
634
|
+
<param pos="0" name="hw.vendor" value="Juniper"/>
|
|
635
|
+
<param pos="0" name="hw.device" value="Firewall"/>
|
|
636
|
+
<param pos="0" name="hw.product" value="NetScreen"/>
|
|
637
|
+
</fingerprint>
|
|
638
|
+
<fingerprint pattern="^(?:\r|\n)*(FGT\w{13}) login:\s*$">
|
|
639
|
+
<description>Fortinet FortiGate - w/ autogenerated hostname</description>
|
|
640
|
+
<example host.name="FGT60C3G13001111">FGT60C3G13001111 login:</example>
|
|
641
|
+
<param pos="0" name="os.vendor" value="Fortinet"/>
|
|
642
|
+
<param pos="0" name="os.family" value="FortiOS"/>
|
|
643
|
+
<param pos="0" name="os.product" value="FortiOS"/>
|
|
644
|
+
<param pos="0" name="os.device" value="Firewall"/>
|
|
645
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:fortinet:fortios:-"/>
|
|
646
|
+
<param pos="0" name="hw.vendor" value="Fortinet"/>
|
|
647
|
+
<param pos="0" name="hw.family" value="FortiGate"/>
|
|
648
|
+
<param pos="0" name="hw.device" value="Firewall"/>
|
|
649
|
+
<param pos="1" name="host.name"/>
|
|
650
|
+
</fingerprint>
|
|
651
|
+
<fingerprint pattern="^(?:\r|\n)*KWS-1043N login:\s*$">
|
|
652
|
+
<description>Clipcomm KWS router</description>
|
|
653
|
+
<example hw.product="KWS-1043N">KWS-1043N login:</example>
|
|
654
|
+
<param pos="0" name="hw.vendor" value="Clipcomm"/>
|
|
655
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
656
|
+
<param pos="0" name="hw.product" value="KWS-1043N"/>
|
|
657
|
+
</fingerprint>
|
|
658
|
+
<fingerprint pattern="^(?:\r|\n)*(SMCD3\w+-\w\w\w) login:\s*$">
|
|
659
|
+
<description>SMC Cable Modem</description>
|
|
660
|
+
<example hw.product="SMCD3GN2-BIZ">SMCD3GN2-BIZ login:</example>
|
|
661
|
+
<param pos="0" name="hw.vendor" value="SMC Networks"/>
|
|
662
|
+
<param pos="0" name="hw.device" value="Cable Modem"/>
|
|
663
|
+
<param pos="1" name="hw.product"/>
|
|
664
|
+
</fingerprint>
|
|
665
|
+
<fingerprint pattern="^(?:\r|\n)*ADB-4820CD login:\s*$"><description>ADB ADB-4820CD DVR</description><example>ADB-4820CD login:</example>>
|
|
666
|
+
<param pos="0" name="hw.vendor" value="ADB"/><param pos="0" name="hw.device" value="DVR"/><param pos="0" name="hw.product" value="ADB-4820CD"/></fingerprint>
|
|
667
|
+
<fingerprint pattern="^(?:\r|\n)*IMDVRS login:\s*$"><description>Rifatron IMDVRS DVR</description><example>IMDVRS login:</example>>
|
|
668
|
+
<param pos="0" name="hw.vendor" value="Rifatron"/><param pos="0" name="hw.family" value="IMDVR"/><param pos="0" name="hw.device" value="DVR"/></fingerprint>
|
|
669
|
+
<fingerprint pattern="^(?:\r|\n)*Ruijie login:\s*$"><description>Ruijie device (likely router/switch) </description><example>Ruijie login:</example>>
|
|
670
|
+
<param pos="0" name="hw.vendor" value="Ruijie"/></fingerprint>
|
|
671
|
+
<fingerprint pattern="^Welcome to Microsoft Telnet Service \r\n\n\rlogin:\s*$">
|
|
672
|
+
<description>Microsoft Windows</description>
|
|
673
|
+
<!-- Welcome to Microsoft Telnet Service \r\n\n\rlogin: -->
|
|
674
|
+
<example _encoding="base64">V2VsY29tZSB0byBNaWNyb3NvZnQgVGVsbmV0IFNlcnZpY2UgDQoKDWxvZ2luOgo=</example>
|
|
675
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
676
|
+
<param pos="0" name="os.family" value="Windows"/>
|
|
677
|
+
</fingerprint>
|
|
678
|
+
<!-- The following fingerprints are for generic Broadcom hardware where the
|
|
679
|
+
vendor has left the default banner in place. These could be rebadged by
|
|
680
|
+
ZTE, CenturyLink, Sky, Huawei, etc.
|
|
681
|
+
-->
|
|
682
|
+
<fingerprint pattern="^(BCM\d+) (?:Broadband|ADSL|xDSL|DSL) Router\r\nLogin:\s*">
|
|
683
|
+
<description>OEM'd Broadcom Router</description>
|
|
684
|
+
<!-- BCM963268 Broadband Router\r\nLogin: -->
|
|
685
|
+
<example _encoding="base64" hw.product="BCM963268">QkNNOTYzMjY4IEJyb2FkYmFuZCBSb3V0ZXINCkxvZ2luOgo=</example>
|
|
686
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
687
|
+
<param pos="1" name="hw.product"/>
|
|
688
|
+
</fingerprint>
|
|
689
|
+
<fingerprint pattern="^(BCM\d+) Broadband Router\r\nTelnet is Disabled in WAN Side$">
|
|
690
|
+
<description>OEM'd Broadcom Router - telnet disabled on WAN side</description>
|
|
691
|
+
<!-- BCM963268 Broadband Router\r\nTelnet is Disabled in WAN Side -->
|
|
692
|
+
<example _encoding="base64" hw.product="BCM963268">QkNNOTYzMjY4IEJyb2FkYmFuZCBSb3V0ZXINClRlbG5ldCBpcyBEaXNhYmxlZCBpbiBXQU4gU2lkZQo=</example>
|
|
693
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
694
|
+
<param pos="1" name="hw.product"/>
|
|
695
|
+
</fingerprint>
|
|
696
|
+
<fingerprint pattern="^(?m)(BCM\d+) Broadband Router\r\n.*Please input the verification code:$">
|
|
697
|
+
<description>OEM'd Broadcom Router - input validation code</description>
|
|
698
|
+
<!-- BCM96318 Broadband Router\r\n====================================================\r\n * * * * * * * * * * * * * * \r\n * * * * * \r\n * * * * * * * * * * * * * \r\n * * * * * \r\n * * * * * \r\n * * * * * * * * * * * * * * * * \r\n====================================================\r\nPlease input the verification code: -->
|
|
699
|
+
<example _encoding="base64" hw.product="BCM96318">
|
|
700
|
+
QkNNOTYzMTggQnJvYWRiYW5kIFJvdXRlcg0KPT09PT09PT09PT09PT09PT09PT09PT09PT09P
|
|
701
|
+
T09PT09PT09PT09PT09PT09PT09PT09PQ0KICAgICogKiAgICAgICAgICogKiAqICogICAgIC
|
|
702
|
+
AqICogKiAqICAgICAgKiAqICogKiAgIA0KICAgICAgKiAgICAgICAgICogICAgICAgICAgICA
|
|
703
|
+
gICAgICAqICAgICAgKiAgICAgKiAgIA0KICAgICAgKiAgICAgICAgICogKiAqICogICAgICAq
|
|
704
|
+
ICogKiAqICAgICAgKiAqICogKiAgIA0KICAgICAgKiAgICAgICAgICogICAgICogICAgICAgI
|
|
705
|
+
CAgICAqICAgICAgICAgICAgKiAgIA0KICAgICAgKiAgICAgICAgICogICAgICogICAgICAgIC
|
|
706
|
+
AgICAqICAgICAgICAgICAgKiAgIA0KICAgKiAqICogKiAgICAgICogKiAqICogICAgICAqICo
|
|
707
|
+
gKiAqICAgICAgKiAqICogKiAgIA0KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
|
|
708
|
+
PT09PT09PT09PT09PT09PT09PQ0KUGxlYXNlIGlucHV0IHRoZSB2ZXJpZmljYXRpb24gY29kZ
|
|
709
|
+
ToK
|
|
710
|
+
</example>
|
|
711
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
712
|
+
<param pos="1" name="hw.product"/>
|
|
713
|
+
</fingerprint>
|
|
714
|
+
<fingerprint pattern="^(BCM\d+) Broadband Router\r\nMaximum number of incorrect account entries exceeded.">
|
|
715
|
+
<description>OEM'd Broadcom Router - Max incorrect tries - variant 1</description>
|
|
716
|
+
<!-- BCM96328 Broadband Router\r\nMaximum number of incorrect account entries exceeded. -->
|
|
717
|
+
<example _encoding="base64" hw.product="BCM96328">
|
|
718
|
+
QkNNOTYzMjggQnJvYWRiYW5kIFJvdXRlcg0KTWF4aW11bSBudW1iZXIgb2YgaW5jb3JyZWN0I
|
|
719
|
+
GFjY291bnQgZW50cmllcyBleGNlZWRlZC4K
|
|
720
|
+
</example>
|
|
721
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
722
|
+
<param pos="1" name="hw.product"/>
|
|
723
|
+
</fingerprint>
|
|
724
|
+
<fingerprint pattern="^(BCM\d+) Broadband Router\r\nSorry, you need to wait for \d+ second before next login attempt.(?:\r|\n)*">
|
|
725
|
+
<description>OEM'd Broadcom Router - Max incorrect tries - variant 2</description>
|
|
726
|
+
<!-- BCM96816 Broadband Router\r\nSorry, you need to wait for 119 second before next login attempt. -->
|
|
727
|
+
<example _encoding="base64" hw.product="BCM96816">
|
|
728
|
+
QkNNOTY4MTYgQnJvYWRiYW5kIFJvdXRlcg0KU29ycnksIHlvdSBuZWVkIHRvIHdhaXQgZm9yI
|
|
729
|
+
DExOSBzZWNvbmQgYmVmb3JlIG5leHQgbG9naW4gYXR0ZW1wdC4K
|
|
730
|
+
</example>
|
|
731
|
+
<param pos="0" name="hw.device" value="Router"/>
|
|
732
|
+
<param pos="1" name="hw.product"/>
|
|
733
|
+
</fingerprint>
|
|
734
|
+
<!-- Moxa Industrial Solutions-->
|
|
735
|
+
<fingerprint pattern="^(?:\r|\n)*NPort (NP6[\w-]+)(?:\r|\n|\x00)+Console terminal type">
|
|
736
|
+
<description>Moxa NPort Terminal Server - 6xxx Series</description>
|
|
737
|
+
<!-- NPort NP6610-32\r\u0000\nConsole terminal type (1: ansi/vt100, 2: vt52) : 1 -->
|
|
738
|
+
<example _encoding="base64" hw.product="NP6610-32">
|
|
739
|
+
TlBvcnQgTlA2NjEwLTMyDQAKQ29uc29sZSB0ZXJtaW5hbCB0eXBlICgxOiBhbnNpL3Z0MTAwLC
|
|
740
|
+
AyOiB2dDUyKSA6IDE=
|
|
741
|
+
</example>
|
|
742
|
+
<param pos="0" name="hw.vendor" value="Moxa"/>
|
|
743
|
+
<param pos="0" name="hw.family" value="NPort"/>
|
|
744
|
+
<param pos="0" name="hw.device" value="Terminal Server"/>
|
|
745
|
+
<param pos="1" name="hw.product"/>
|
|
746
|
+
</fingerprint>
|
|
747
|
+
<fingerprint pattern="^Model name\s+: NPort (IA-\d+)(?:\r|\n|\x00)+MAC address\s+: ([\w:]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Firmware version : ([\d.]+) Build (\d+)(?:\r|\n|\x00)+System uptime">
|
|
748
|
+
<description>Moxa NPort Device Server - IA Series</description>
|
|
749
|
+
<!-- Model name : NPort IA-5250\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No. : 281\r\u0000\nFirmware version : 1.6 Build 17060616\r\u0000\nSystem uptime : 31 days, 06h:03m:45s\r\u0000\n\r\u0000\nPlease keyin your password: -->
|
|
750
|
+
<example _encoding="base64" hw.product="IA-5250" host.mac="00:90:E8:AA:AA:AA" host.id="281" os.version="1.6" os.version.version="17060616">
|
|
751
|
+
TW9kZWwgbmFtZSAgICAgICA6IE5Qb3J0IElBLTUyNTANAApNQUMgYWRkcmVzcyAgICAgIDogM
|
|
752
|
+
DA6OTA6RTg6QUE6QUE6QUENAApTZXJpYWwgTm8uICAgICAgIDogMjgxDQAKRmlybXdhcmUgdm
|
|
753
|
+
Vyc2lvbiA6IDEuNiBCdWlsZCAxNzA2MDYxNg0AClN5c3RlbSB1cHRpbWUgICAgOiAzMSBkYXl
|
|
754
|
+
zLCAwNmg6MDNtOjQ1cw0ACg0AClBsZWFzZSBrZXlpbiB5b3VyIHBhc3N3b3JkOg==
|
|
755
|
+
</example>
|
|
756
|
+
<param pos="0" name="hw.vendor" value="Moxa"/>
|
|
757
|
+
<param pos="0" name="hw.family" value="NPort"/>
|
|
758
|
+
<param pos="0" name="hw.device" value="Device Server"/>
|
|
759
|
+
<param pos="1" name="hw.product"/>
|
|
760
|
+
<param pos="2" name="host.mac"/>
|
|
761
|
+
<param pos="3" name="host.id"/>
|
|
762
|
+
<param pos="4" name="os.version"/>
|
|
763
|
+
<param pos="5" name="os.version.version"/>
|
|
764
|
+
</fingerprint>
|
|
765
|
+
<fingerprint pattern="^(?:\r|\n|\x00|-)*Model name\s+: NPort (5[\w-]+)(?:\r|\n|\x00)+MAC address\s+: ([\w:]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Firmware version : ([\d.]+) Build (\d+)(?:\r|\n|\x00)+">
|
|
766
|
+
<description>Moxa NPort Device Server - 5xxx Series</description>
|
|
767
|
+
<!-- Some versions of the banner below have a line full of dashes which cannot be included in the example comment -->
|
|
768
|
+
<!-- Model name : NPort 5610-8-DT\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No. : 9522\r\u0000\nFirmware version : 2.2 Build 11090613\r\u0000\nSystem uptime : 8 days, 02h:11m:44s\r\u0000\n\r\u0000\nPlease keyin your password: -->
|
|
769
|
+
<example _encoding="base64" hw.product="5610-8-DT" host.mac="00:90:E8:AA:AA:AA" host.id="9522" os.version="2.2" os.version.version="11090613">
|
|
770
|
+
TW9kZWwgbmFtZSAgICAgICA6IE5Qb3J0IDU2MTAtOC1EVA0ACk1BQyBhZGRyZXNzICAgICAgO
|
|
771
|
+
iAwMDo5MDpFODpBQTpBQTpBQQ0AClNlcmlhbCBOby4gICAgICAgOiA5NTIyDQAKRmlybXdhcm
|
|
772
|
+
UgdmVyc2lvbiA6IDIuMiBCdWlsZCAxMTA5MDYxMw0AClN5c3RlbSB1cHRpbWUgICAgOiA4IGR
|
|
773
|
+
heXMsIDAyaDoxMW06NDRzDQAKDQAKUGxlYXNlIGtleWluIHlvdXIgcGFzc3dvcmQ6
|
|
774
|
+
</example>
|
|
775
|
+
<param pos="0" name="hw.vendor" value="Moxa"/>
|
|
776
|
+
<param pos="0" name="hw.family" value="NPort"/>
|
|
777
|
+
<param pos="0" name="hw.device" value="Device Server"/>
|
|
778
|
+
<param pos="1" name="hw.product"/>
|
|
779
|
+
<param pos="2" name="host.mac"/>
|
|
780
|
+
<param pos="3" name="host.id"/>
|
|
781
|
+
<param pos="4" name="os.version"/>
|
|
782
|
+
<param pos="5" name="os.version.version"/>
|
|
783
|
+
</fingerprint>
|
|
784
|
+
<fingerprint pattern="^Model name\s+: MGate (MB3[\w-]+)(?:\r|\n|\x00|)+MAC address\s+: ([\w:]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Firmware version : ([\d.]+) Build (\d+)(?:\r|\n|\x00)+">
|
|
785
|
+
<description>Moxa MGate Modbus Gateway</description>
|
|
786
|
+
<!-- Model name : MGate MB3180\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No. : 9474\r\u0000\nFirmware version : 1.2 Build 09101913\r\u0000\nSystem uptime : 15 days, 16h:37m:48s\r\u0000\n\r\u0000\nPlease keyin your password: -->
|
|
787
|
+
<example _encoding="base64" hw.product="MB3180" host.mac="00:90:E8:AA:AA:AA" host.id="9474" os.version="1.2" os.version.version="09101913">
|
|
788
|
+
TW9kZWwgbmFtZSAgICAgICA6IE1HYXRlIE1CMzE4MA0ACk1BQyBhZGRyZXNzICAgICAgOiAwM
|
|
789
|
+
Do5MDpFODpBQTpBQTpBQQ0AClNlcmlhbCBOby4gICAgICAgOiA5NDc0DQAKRmlybXdhcmUgdm
|
|
790
|
+
Vyc2lvbiA6IDEuMiBCdWlsZCAwOTEwMTkxMw0AClN5c3RlbSB1cHRpbWUgICAgOiAxNSBkYXl
|
|
791
|
+
zLCAxNmg6MzdtOjQ4cw0ACg0AClBsZWFzZSBrZXlpbiB5b3VyIHBhc3N3b3JkOg==
|
|
792
|
+
</example>
|
|
793
|
+
<param pos="0" name="hw.vendor" value="Moxa"/>
|
|
794
|
+
<param pos="0" name="hw.family" value="MGate"/>
|
|
795
|
+
<param pos="0" name="hw.device" value="Industrial Control"/>
|
|
796
|
+
<param pos="1" name="hw.product"/>
|
|
797
|
+
<param pos="2" name="host.mac"/>
|
|
798
|
+
<param pos="3" name="host.id"/>
|
|
799
|
+
<param pos="4" name="os.version"/>
|
|
800
|
+
<param pos="5" name="os.version.version"/>
|
|
801
|
+
</fingerprint>
|
|
802
|
+
<fingerprint pattern="^Model name\s+: (NE[\w-]+)(?:\r|\n|\x00)+MAC address\s+: ([\w:]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Firmware version\s+: ([\d.]+) Build (\d+)(?:\r|\n|\x00)+">
|
|
803
|
+
<description>Moxa NE Series Embedded device server</description>
|
|
804
|
+
<!-- Model name : NE-4110S\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No : 3616\r\u0000\nFirmware version : 4.1 Build 07061517\r\u0000\n\r\u0000\nPlease keyin your password: -->
|
|
805
|
+
<example _encoding="base64" hw.product="NE-4110S" host.mac="00:90:E8:AA:AA:AA" host.id="3616" os.version="4.1" os.version.version="07061517">
|
|
806
|
+
TW9kZWwgbmFtZSAgICAgICA6IE5FLTQxMTBTDQAKTUFDIGFkZHJlc3MgICAgICA6IDAwOjkwO
|
|
807
|
+
kU4OkFBOkFBOkFBDQAKU2VyaWFsIE5vICAgICAgICA6IDM2MTYNAApGaXJtd2FyZSB2ZXJzaW
|
|
808
|
+
9uIDogNC4xIEJ1aWxkIDA3MDYxNTE3DQAKDQAKUGxlYXNlIGtleWluIHlvdXIgcGFzc3dvcmQ6
|
|
809
|
+
</example>
|
|
810
|
+
<param pos="0" name="hw.vendor" value="Moxa"/>
|
|
811
|
+
<param pos="0" name="hw.family" value="NE"/>
|
|
812
|
+
<param pos="0" name="hw.device" value="Device Server"/>
|
|
813
|
+
<param pos="1" name="hw.product"/>
|
|
814
|
+
<param pos="2" name="host.mac"/>
|
|
815
|
+
<param pos="3" name="host.id"/>
|
|
816
|
+
<param pos="4" name="os.version"/>
|
|
817
|
+
<param pos="5" name="os.version.version"/>
|
|
818
|
+
</fingerprint>
|
|
819
|
+
</fingerprints>
|