recog 2.1.36 → 2.1.37

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 38bdc881c4ede4d0940ef9fde54b73dff9b76d81
4
- data.tar.gz: b14431b396c9a8405ca5db785226b8324e404b94
3
+ metadata.gz: bedbc15c938e70988703707bf0bd8f012c3419eb
4
+ data.tar.gz: a8e520662bc9dc4b5adcce03b5c592afc18264ab
5
5
  SHA512:
6
- metadata.gz: 223ebf60ee2383bb813fd15ef20c1ad2362336f30e633c4a8b7799f5801e54f1a196189a85137767901c953a04a83d081142d8618e83abc275e54467912427c9
7
- data.tar.gz: d07e6f5fe1415e4bc16d48ec7e847b00b50ce57ab816457f63603284f85e0a2961f78315c26c1bb4cd6c964c3d1770dccf770124b4b033d6a00d17e7beb37894
6
+ metadata.gz: fdd4793619ba2ba21c5bcc7cf9b6e1b7a6dde4f446499570da657a5d746753b6e301d02dbf99ca1c5cda779d92c47eed706c2c3618fe9c7e78a1c601290ef1dd
7
+ data.tar.gz: a9984190a25fd84004610efc0eafb6bc843aa373e226a11523390044bac321f968f5f03aec5ee20b839f91dca9bc8aafaaf296a63f5c89af173e177588fe7049
data/lib/recog/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Recog
2
- VERSION = '2.1.36'
2
+ VERSION = '2.1.37'
3
3
  end
@@ -622,6 +622,8 @@
622
622
  <param pos="0" name="service.product" value="DNS"/>
623
623
  <param pos="0" name="os.device" value="NAS"/>
624
624
  <param pos="0" name="os.family" value="Linux"/>
625
+ <param pos="0" name="os.product" value="DSM"/>
626
+ <param pos="0" name="os.vendor" value="Synology"/>
625
627
  <param pos="0" name="hw.vendor" value="Synology"/>
626
628
  <param pos="0" name="hw.device" value="NAS"/>
627
629
  </fingerprint>
data/xml/http_cookies.xml CHANGED
@@ -105,13 +105,14 @@
105
105
  <param pos="0" name="service.family" value="Content Service Switch"/>
106
106
  <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
107
107
  </fingerprint>
108
- <fingerprint pattern="^webvpn(?:c|_portal|Lang|login|SharePoint)?=">
108
+ <fingerprint pattern="^webvpn(?:c|context|_portal|Lang|login|SharePoint)?=">
109
109
  <description>Cisco ASA VPN</description>
110
110
  <example>webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure</example>
111
111
  <example>webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure</example>
112
112
  <example>webvpn_portal=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure</example>
113
113
  <example>webvpnSharePoint=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure</example>
114
114
  <example>webvpnlogin=1; path=/; secure</example>
115
+ <example>webvpncontext=00@sslvpn</example>
115
116
  <param pos="0" name="service.vendor" value="Cisco"/>
116
117
  <param pos="0" name="service.product" value="HTTP"/>
117
118
  <param pos="0" name="os.vendor" value="Cisco"/>
@@ -132,6 +133,14 @@
132
133
  <param pos="0" name="service.family" value="Application Protection System"/>
133
134
  <param pos="0" name="service.product" value="Application Protection System, Enterprise"/>
134
135
  </fingerprint>
136
+ <fingerprint pattern="^NSC_(?:AAAC|CERT|DLGE|EPAC|TASS|TEMP|TMA[APS])=.*">
137
+ <description>Citrix NetScaler</description>
138
+ <example>NSC_AAAC=xyz;</example>
139
+ <param pos="0" name="os.vendor" value="Citrix"/>
140
+ <param pos="0" name="os.family" value="NetScaler"/>
141
+ <param pos="0" name="os.device" value="NetScaler"/>
142
+ <param pos="0" name="os.product" value="NetScaler"/>
143
+ </fingerprint>
135
144
  <fingerprint pattern="^(EktGUID|ecm)=.*">
136
145
  <description>Ektron CMS400.net
137
146
  http://www.ektron.com/developers/cms400kb.cfm?id=2174
data/xml/http_servers.xml CHANGED
@@ -65,6 +65,13 @@
65
65
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:{service.version}"/>
66
66
  <param pos="2" name="apache.info"/>
67
67
  </fingerprint>
68
+ <fingerprint pattern="(?i)^CouchDB/([\.\d]+) .*$">
69
+ <description>Apache CouchDB</description>
70
+ <example service.version="2.1.1">CouchDB/2.1.1 (Erlang OTP/20)</example>
71
+ <param pos="0" name="service.vendor" value="Apache"/>
72
+ <param pos="0" name="service.product" value="CouchDB"/>
73
+ <param pos="1" name="service.version"/>
74
+ </fingerprint>
68
75
  <fingerprint pattern="^support@arraynetworks.net$">
69
76
  <description>Array Networks device</description>
70
77
  <example>support@arraynetworks.net</example>
@@ -296,6 +303,14 @@
296
303
  <param pos="0" name="service.component.family" value="Coyote"/>
297
304
  <param pos="1" name="service.component.version"/>
298
305
  </fingerprint>
306
+ <fingerprint pattern="^Apache Tomcat$">
307
+ <description>HTTP connector for Apache Tomcat with no version</description>
308
+ <example>Apache Tomcat</example>
309
+ <param pos="0" name="service.vendor" value="Apache"/>
310
+ <param pos="0" name="service.product" value="Tomcat"/>
311
+ <param pos="0" name="service.family" value="Tomcat"/>
312
+ <param pos="0" name="service.cpe23" value="cpe:/a:apache:tomcat:-"/>
313
+ </fingerprint>
299
314
  <fingerprint pattern="^Servlet [\d\.]+; JBoss-(\S+) \(build: .*\)/Tomcat-(\S+)$">
300
315
  <description>JBoss with embedded tomcat</description>
301
316
  <example service.version="4.0.4.GA" service.component.version="5.5">Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5</example>
@@ -754,6 +769,13 @@
754
769
  <param pos="0" name="os.product" value="Windows"/>
755
770
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
756
771
  </fingerprint>
772
+ <fingerprint pattern="(?i)^(?:(?:Cube|(?:Mini )?Dome|Day/Night|PAN/?Tilt|POE|IR|HD|H.264|Surveillance|With|Wired|Wireless(?: N)?|Network|Internet|(?:IP(?:[\s_-])?)?Cameras?[\s_]*\d*) ?){1,5}?(?: Login)?$">
773
+ <description>Generic IP Cameras</description>
774
+ <example>camera</example>
775
+ <example>IPCamera Login</example>
776
+ <example>Mini Dome IP Camera</example>
777
+ <param pos="0" name="hw.device" value="Camera"/>
778
+ </fingerprint>
757
779
  <fingerprint pattern="^ASP.NET$">
758
780
  <description>Something written in ASP.NET</description>
759
781
  <example>ASP.NET</example>
@@ -780,6 +802,12 @@
780
802
  <param pos="0" name="hw.vendor" value="Bosch"/>
781
803
  <param pos="0" name="hw.device" value="DVR"/>
782
804
  </fingerprint>
805
+ <fingerprint pattern="^FUHO-DVR$">
806
+ <description>FUHO Surveillance/DVR</description>
807
+ <example>FUHO-DVR</example>
808
+ <param pos="0" name="hw.vendor" value="FUHO"/>
809
+ <param pos="0" name="hw.device" value="DVR"/>
810
+ </fingerprint>
783
811
  <fingerprint pattern="^HeiTel GmbH Web Server \[\S+\]$">
784
812
  <description>HeiTel Digital Video Recorder</description>
785
813
  <example>HeiTel GmbH Web Server [V1.15/V1.14/V1.3]</example>
@@ -1498,6 +1526,13 @@
1498
1526
  <param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
1499
1527
  <param pos="0" name="hw.device" value="Firewall"/>
1500
1528
  </fingerprint>
1529
+ <fingerprint pattern="^CradlepointHTTPService/([\d\.]+)$">
1530
+ <description>Cradlepoint HTTP service</description>
1531
+ <example service.version="1.0.0">CradlepointHTTPService/1.0.0</example>
1532
+ <param pos="1" name="service.version"/>
1533
+ <param pos="0" name="service.vendor" value="Cradlepoint"/>
1534
+ <param pos="0" name="service.product" value="HTTP"/>
1535
+ </fingerprint>
1501
1536
  <fingerprint pattern="^DesktopAuthority/(.*)$">
1502
1537
  <description>ScriptLogic DesktopAuthority</description>
1503
1538
  <param pos="1" name="service.version"/>
@@ -2094,6 +2129,12 @@
2094
2129
  <param pos="0" name="hw.vendor" value="ARRIS"/>
2095
2130
  <param pos="0" name="hw.device" value="Cable Modem"/>
2096
2131
  </fingerprint>
2132
+ <fingerprint pattern="^2wire Gateway$">
2133
+ <description>Web server found on some Arris/2wire devices</description>
2134
+ <example>2wire Gateway</example>
2135
+ <param pos="0" name="service.vendor" value="ARRIS"/>
2136
+ <param pos="0" name="service.product" value="2wire"/>
2137
+ </fingerprint>
2097
2138
  <!-- junit says,
2098
2139
  "Example pattern '' from http_servers.xml didn't match pattern '^$'"
2099
2140
  Figure out if we have a way to support matching empty strings later.
@@ -2171,9 +2212,10 @@
2171
2212
  <param pos="0" name="service.vendor" value="Amazon"/>
2172
2213
  <param pos="0" name="service.product" value="Snowball"/>
2173
2214
  </fingerprint>
2174
- <fingerprint pattern="^cloudflare-nginx$">
2215
+ <fingerprint pattern="^cloudflare(?:-nginx)?$">
2175
2216
  <description>CloudFlare web load balancer endpoint</description>
2176
2217
  <example>cloudflare-nginx</example>
2218
+ <example>cloudflare</example>
2177
2219
  <param pos="0" name="service.vendor" value="CloudFlare"/>
2178
2220
  <param pos="0" name="service.product" value="CloudFlare Load Balancer"/>
2179
2221
  <param pos="0" name="service.family" value="CloudFlare"/>
@@ -2279,6 +2321,15 @@
2279
2321
  <param pos="0" name="hw.family" value="DVR"/>
2280
2322
  <param pos="0" name="hw.device" value="DVR"/>
2281
2323
  </fingerprint>
2324
+ <fingerprint pattern="^OpenTV/([\d\.]+)$">
2325
+ <description>OpenTV</description>
2326
+ <example os.version="5.40">OpenTV/5.40</example>
2327
+ <param pos="0" name="os.vendor" value="NAGRA"/>
2328
+ <param pos="0" name="os.product" value="OpenTV"/>
2329
+ <param pos="0" name="os.device" value="DVR"/>
2330
+ <param pos="1" name="os.version"/>
2331
+ <param pos="0" name="hw.device" value="DVR"/>
2332
+ </fingerprint>
2282
2333
  <!-- Tridium previously had a product with the 'Niagra' spelling -->
2283
2334
  <fingerprint pattern="^Niagara Web Server\/([\d.]+)$">
2284
2335
  <description>Tridium Niagara AX Framework</description>
data/xml/http_wwwauth.xml CHANGED
@@ -54,6 +54,11 @@
54
54
  <param pos="0" name="os.version" value="12"/>
55
55
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:12"/>
56
56
  </fingerprint>
57
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;Cisco_CCSP_CWMP_TCPCR&quot;.*$">
58
+ <description>Generic Cisco CWMP/CPE equipment</description>
59
+ <example>Basic realm=&quot;Cisco_CCSP_CWMP_TCPCR&quot;</example>
60
+ <param pos="0" name="hw.vendor" value="Cisco"/>
61
+ </fingerprint>
57
62
  <fingerprint pattern="^(?:Basic|Digest) realm=.FW-1. Reason: no user Server .$">
58
63
  <description>Check Point FireWall-1</description>
59
64
  <param pos="0" name="service.vendor" value="Check Point"/>
@@ -65,6 +70,12 @@
65
70
  <param pos="0" name="os.family" value="Firewall-1"/>
66
71
  <param pos="0" name="os.product" value="Firewall-1"/>
67
72
  </fingerprint>
73
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;cpanel&quot;.*">
74
+ <description>cPanel</description>
75
+ <example>Basic realm=&quot;cPanel&quot;</example>
76
+ <param pos="0" name="service.vendor" value="cPanel"/>
77
+ <param pos="0" name="service.product" value="cPanel"/>
78
+ </fingerprint>
68
79
  <fingerprint pattern="^(?:Basic|Digest) realm=.APC Management Card.$">
69
80
  <description>APC device</description>
70
81
  <param pos="0" name="service.vendor" value="APC"/>
@@ -73,6 +84,61 @@
73
84
  <param pos="0" name="os.product" value="Unknown"/>
74
85
  <param pos="0" name="os.device" value="Power device"/>
75
86
  </fingerprint>
87
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;ADSL\S* (?:Modem|Router|Modem/Router)&quot;.*$">
88
+ <description>Generic ADSL modems/routers</description>
89
+ <example>Basic realm=&quot;ADSL Modem&quot;</example>
90
+ <example>Basic realm=&quot;ADSL Modem/Router&quot;</example>
91
+ <example>Basic realm=&quot;ADSL Router&quot;</example>
92
+ <example>Basic realm=&quot;ADSL2+ Router&quot;</example>
93
+ <param pos="0" name="hw.device" value="ADSL Modem"/>
94
+ </fingerprint>
95
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;Broadband Router&quot;.*$">
96
+ <description>Generic Broadband modems/routers</description>
97
+ <example>Basic realm=&quot;Broadband Router&quot;</example>
98
+ <param pos="0" name="hw.device" value="Broadband router"/>
99
+ </fingerprint>
100
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;DSL\S* (?:Modem|Router|Modem/Router)&quot;.*$">
101
+ <description>Generic DSL modems/routers</description>
102
+ <example>Basic realm=&quot;DSL Modem&quot;</example>
103
+ <param pos="0" name="hw.device" value="DSL Modem"/>
104
+ </fingerprint>
105
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;DVR&quot;.*$">
106
+ <description>Generic DVR</description>
107
+ <example>Basic realm=&quot;DVR&quot;</example>
108
+ <param pos="0" name="hw.device" value="DVR"/>
109
+ </fingerprint>
110
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;Wireless Access Point&quot;.*$">
111
+ <description>Generic WAP</description>
112
+ <example>Basic realm=&quot;Wireless Access Point&quot;</example>
113
+ <param pos="0" name="hw.device" value="WAP"/>
114
+ </fingerprint>
115
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;(?:(?:Cube|(?:Mini )?Dome|Day/Night|PAN/Tilt|POE|IR|HD|H.264|Surveillance|Wired|Wireless(?: N)?|Network|Internet|(?:IP(?:[\s_-])?)?Cameras?[\s_]*\d*) ?){1,4}?(?: Login)?&quot;.*$">
116
+ <description>Generic IP Cameras</description>
117
+ <example>Basic realm=&quot;camera&quot;</example>
118
+ <example>Basic realm=&quot;IPCamera Login&quot;</example>
119
+ <example>Basic realm=&quot;Mini Dome IP Camera&quot;</example>
120
+ <param pos="0" name="hw.device" value="Camera"/>
121
+ </fingerprint>
122
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;(DCS-[^&quot;]+)&quot;.*$">
123
+ <description>D-Link DCS IP Cameras</description>
124
+ <example hw.product="DCS-5222LB1">Basic realm=&quot;DCS-5222LB1&quot;</example>
125
+ <example hw.product="DCS-2530L">Basic realm=&quot;DCS-2530L&quot;</example>
126
+ <param pos="0" name="hw.vendor" value="D-Link"/>
127
+ <param pos="0" name="hw.device" value="Camera"/>
128
+ <param pos="1" name="hw.product"/>
129
+ </fingerprint>
130
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;GoAhead&quot;.*$">
131
+ <description>GoAhead webserver</description>
132
+ <example>Basic realm=&quot;GoAhead&quot;</example>
133
+ <param pos="0" name="service.vendor" value="Oracle"/>
134
+ <param pos="0" name="service.product" value="GoAhead Webserver"/>
135
+ <param pos="0" name="service.family" value="GoAhead Webserver"/>
136
+ </fingerprint>
137
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;kubernetes-master&quot;.*$">
138
+ <description>Kubernetes master nodes</description>
139
+ <example>Basic realm=&quot;kubernetes-master&quot;</example>
140
+ <param pos="0" name="service.vendor" value="Kubernetes"/>
141
+ </fingerprint>
76
142
  <fingerprint pattern="^(?:Basic|Digest) realm=.SpeedTouch \(([0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2})\).$">
77
143
  <description>Thomson SpeedTouch xDSL routers</description>
78
144
  <param pos="0" name="service.vendor" value="Thomson"/>
@@ -106,6 +172,13 @@
106
172
  <param pos="1" name="os.product"/>
107
173
  <param pos="2" name="host.mac"/>
108
174
  </fingerprint>
175
+ <fingerprint pattern="^(?:Basic|Digest).*realm=&quot;Thomson(?: Gateway)?&quot;.*$">
176
+ <description>Thomson generic devices</description>
177
+ <example>Digest realm=&quot;Thomson Gateway&quot;</example>
178
+ <example>Basic realm=&quot;Thomson&quot;</example>
179
+ <param pos="0" name="hw.vendor" value="Thomson"/>
180
+ <param pos="0" name="hw.device" value="Broadband router"/>
181
+ </fingerprint>
109
182
  <fingerprint pattern="^(?:Basic|Digest) realm=.(?:SmartAX )?(MT\d+[^ ]*)(?: ADSL Router)?.$">
110
183
  <description>Huawei xDSL routers</description>
111
184
  <param pos="0" name="service.vendor" value="Huawei"/>
@@ -116,6 +189,21 @@
116
189
  <param pos="0" name="os.family" value="MT"/>
117
190
  <param pos="1" name="os.product"/>
118
191
  </fingerprint>
192
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;HuaweiHomeGateway&quot;.*$">
193
+ <description>Huawei Home Gateway Routers</description>
194
+ <example>Basic realm=&quot;HuaweiHomeGateway&quot;</example>
195
+ <param pos="0" name="hw.vendor" value="Huawei"/>
196
+ <param pos="0" name="hw.device" value="Broadband router"/>
197
+ <param pos="0" name="hw.product" value="Home Gateway"/>
198
+ </fingerprint>
199
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;EchoLife .*&quot;.*$">
200
+ <description>Huawei EchoLife Home Gateways</description>
201
+ <example>Basic realm=&quot;EchoLife Portal de Inicio&quot;</example>
202
+ <example>Basic realm=&quot;EchoLife Home Gateway&quot;</example>
203
+ <param pos="0" name="hw.vendor" value="Huawei"/>
204
+ <param pos="0" name="hw.device" value="Broadband router"/>
205
+ <param pos="0" name="hw.product" value="EchoLife Home Gateway"/>
206
+ </fingerprint>
119
207
  <fingerprint pattern="^(?:Basic|Digest) realm=.WRT54G.$">
120
208
  <description>Linksys WRT54G wireless access point
121
209
  (dozen of variants of the product)</description>
@@ -142,13 +230,6 @@
142
230
  <param pos="0" name="os.device" value="Router"/>
143
231
  <param pos="1" name="os.product"/>
144
232
  </fingerprint>
145
- <fingerprint pattern="^(?:Basic|Digest) realm=.TP-LINK.*Router ([A-Z0-9\-\+]+).*$">
146
- <description>TP-LINK SoHo Router</description>
147
- <example>Basic realm="TP-LINK Wireless N Router WR841N"</example>
148
- <param pos="0" name="os.vendor" value="TP-LINK"/>
149
- <param pos="0" name="os.device" value="Router"/>
150
- <param pos="1" name="os.product"/>
151
- </fingerprint>
152
233
  <fingerprint pattern="^(?:Basic|Digest) realm=.TP-LINK.*(?:Access Point|Extender|AP) ([A-Z0-9\-\+]+).*$">
153
234
  <description>TP-LINK SoHo Router</description>
154
235
  <example>Basic realm="TP-LINK Wireless N Access Point WA801N"</example>
@@ -171,6 +252,21 @@
171
252
  <param pos="0" name="os.device" value="WAP"/>
172
253
  <param pos="1" name="os.product"/>
173
254
  </fingerprint>
255
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;TP-LINK (.*Router.*)&quot;.*$">
256
+ <description>TP-LINK Routers</description>
257
+ <example>Basic realm=&quot;TP-LINK Wireless N Router WR841N&quot;</example>
258
+ <example>Basic realm=&quot;TP-LINK Gigabit Broadband VPN Router R600VPN&quot;</example>
259
+ <example>Basic realm=&quot;TP-LINK Wireless Lite N Router WR740N/WR741ND&quot;</example>
260
+ <param pos="0" name="hw.vendor" value="TP-Link"/>
261
+ <param pos="0" name="hw.device" value="Router"/>
262
+ <param pos="1" name="hw.product"/>
263
+ </fingerprint>
264
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;TP-LINK IP-Camera&quot;.*$">
265
+ <description>TP-LINK IP-Cameras</description>
266
+ <example>Basic realm=&quot;TP-LINK IP-Camera&quot;</example>
267
+ <param pos="0" name="hw.vendor" value="TP-Link"/>
268
+ <param pos="0" name="hw.device" value="Camera"/>
269
+ </fingerprint>
174
270
  <fingerprint pattern="(?i)^(?:Basic|Digest) .*realm=&quot;Broadcom Management Service&quot;.*$">
175
271
  <description>Supposedly part of Broadcom Advanced Control Suite 3 (BACS3) or something similar</description>
176
272
  <example>Digest qop="auth", realm="Broadcom Management Service", nonce="AAAAAAAAAAAAAP//DwHpMwYy1zc=", algorithm="MD5"</example>
@@ -226,6 +322,24 @@
226
322
  <param pos="0" name="os.device" value="Switch"/>
227
323
  <param pos="1" name="os.product"/>
228
324
  </fingerprint>
325
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;SERCOMM CPE Authentication&quot;.*$">
326
+ <description>Assorted Sercomm CPE devices</description>
327
+ <example>Digest realm="SERCOMM CPE Authentication"</example>
328
+ <param pos="0" name="hw.vendor" value="Sercomm"/>
329
+ </fingerprint>
330
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;TiVo DVR&quot;.*$">
331
+ <description>Tivo DVR</description>
332
+ <example>Digest realm=&quot;TiVo DVR&quot;</example>
333
+ <param pos="0" name="hw.vendor" value="Tivo"/>
334
+ <param pos="0" name="hw.family" value="DVR"/>
335
+ <param pos="0" name="hw.device" value="DVR"/>
336
+ </fingerprint>
337
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;UBEE&quot;.*$">
338
+ <description>Ubee Cable Modems</description>
339
+ <example>Digest qop=&quot;auth&quot;, realm=&quot;Ubee&quot;, nonce=&quot;1544738973&quot;</example>
340
+ <param pos="0" name="hw.vendor" value="Ubee"/>
341
+ <param pos="0" name="hw.device" value="Broadband router"/>
342
+ </fingerprint>
229
343
  <fingerprint pattern="^(?:Basic|Digest) realm=&quot;XDB&quot;$">
230
344
  <description>Web server providing web services for Oracle's XML DB.</description>
231
345
  <example>Basic realm="XDB"</example>
@@ -233,6 +347,27 @@
233
347
  <param pos="0" name="service.product" value="XML DB"/>
234
348
  <param pos="0" name="service.family" value="Oracle"/>
235
349
  </fingerprint>
350
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;cpe@zte.com&quot;.*$">
351
+ <description>Assorted ZTE CPE devices</description>
352
+ <example>Digest realm=&quot;cpe@zte.com&quot;</example>
353
+ <param pos="0" name="hw.vendor" value="ZTE"/>
354
+ </fingerprint>
355
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;ZXHN (\S+)&quot;.*$">
356
+ <description>ZTE ZXHN router</description>
357
+ <example>Basic realm=&quot;ZXHN H108L&quot;</example>
358
+ <param pos="0" name="hw.vendor" value="ZTE"/>
359
+ <param pos="0" name="hw.device" value="Router"/>
360
+ <param pos="0" name="hw.family" value="ZXHN"/>
361
+ <param pos="1" name="hw.product"/>
362
+ </fingerprint>
363
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;(ZXV\S* \S+)&quot;.*$">
364
+ <description>ZTE ZXV router</description>
365
+ <example hw.product="ZXV10 W300">Basic realm=&quot;ZXV10 W300&quot;</example>
366
+ <param pos="0" name="hw.vendor" value="ZTE"/>
367
+ <param pos="0" name="hw.device" value="Router"/>
368
+ <param pos="0" name="hw.family" value="ZXV"/>
369
+ <param pos="1" name="hw.product"/>
370
+ </fingerprint>
236
371
  <!-- a variety of headers we currently just ignore -->
237
372
  <fingerprint pattern="(?i)^NTLM$">
238
373
  <description>Ignore NTLM-only</description>
@@ -243,9 +378,13 @@
243
378
  <description>Ignore Negotiate-only</description>
244
379
  <example>Negotiate</example>
245
380
  </fingerprint>
246
- <fingerprint pattern="^(?:Basic|Digest) .*realm=&quot;null&quot;">
247
- <description>Ignore null</description>
381
+ <fingerprint pattern="^(?:Basic|Digest) .*realm=&quot;(?:/|\.|null|/?index.html?)?&quot;">
382
+ <description>Ignore null/empty/period/index.</description>
248
383
  <example>Basic realm="null"</example>
384
+ <example>Basic realm="."</example>
385
+ <example>Basic realm=""</example>
386
+ <example>Basic realm="/"</example>
387
+ <example>Basic realm="index.html"</example>
249
388
  </fingerprint>
250
389
  <fingerprint pattern="^(?:Basic|Digest) .*realm=&quot;(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)&quot;.*$">
251
390
  <description>Ignore realms with an IPv4 address</description>
@@ -257,6 +257,18 @@
257
257
  <param pos="0" name="hw.product" value="MacBook Pro (13-inch, 2016, Two Thunderbolt 3 ports)"/>
258
258
  <param pos="0" name="hw.device" value="Laptop"/>
259
259
  </fingerprint>
260
+ <fingerprint pattern="^model=MacBookPro12,1$">
261
+ <description>MacBook Pro (Retina, 13-inch, Early 2015)</description>
262
+ <example>model=MacBookPro12,1</example>
263
+ <param pos="0" name="os.vendor" value="Apple"/>
264
+ <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:-"/>
265
+ <param pos="0" name="os.family" value="Mac OS X"/>
266
+ <param pos="0" name="os.product" value="Mac OS X"/>
267
+ <param pos="0" name="hw.vendor" value="Apple"/>
268
+ <param pos="0" name="hw.family" value="MacBook Pro"/>
269
+ <param pos="0" name="hw.product" value="MacBook Pro (Retina, 13-inch, Early 2015)"/>
270
+ <param pos="0" name="hw.device" value="Laptop"/>
271
+ </fingerprint>
260
272
  <fingerprint pattern="^model=MacBookPro11,4$">
261
273
  <description>MacBook Pro (Retina, 15-inch, Mid 2015)</description>
262
274
  <example>model=MacBookPro11,4</example>
@@ -342,6 +354,18 @@
342
354
  <param pos="0" name="hw.product" value="MacBook (Retina, 12-inch, 2017)"/>
343
355
  <param pos="0" name="hw.device" value="Laptop"/>
344
356
  </fingerprint>
357
+ <fingerprint pattern="^model=MacBookPro9,2$">
358
+ <description>MacBook Pro (13-inch, Mid 2012)</description>
359
+ <example>model=MacBookPro9,2</example>
360
+ <param pos="0" name="os.vendor" value="Apple"/>
361
+ <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:-"/>
362
+ <param pos="0" name="os.family" value="Mac OS X"/>
363
+ <param pos="0" name="os.product" value="Mac OS X"/>
364
+ <param pos="0" name="hw.vendor" value="Apple"/>
365
+ <param pos="0" name="hw.family" value="MacBook Pro"/>
366
+ <param pos="0" name="hw.product" value="MacBook Pro (13-inch, Mid 2012)"/>
367
+ <param pos="0" name="hw.device" value="Laptop"/>
368
+ </fingerprint>
345
369
  <fingerprint pattern="^model=MacBook9,1$">
346
370
  <description>MacBook (Retina, 12-inch, Early 2016)</description>
347
371
  <example>model=MacBook9,1</example>
@@ -429,7 +453,7 @@
429
453
  <param pos="0" name="hw.device" value="Tablet"/>
430
454
  </fingerprint>
431
455
  <fingerprint pattern="^model=J12[78]AP$">
432
- <description>iPad Pro (9.7-inch))</description>
456
+ <description>iPad Pro (9.7-inch)</description>
433
457
  <example>model=J127AP</example>
434
458
  <param pos="0" name="os.vendor" value="Apple"/>
435
459
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:iphone_os:-"/>
@@ -440,6 +464,18 @@
440
464
  <param pos="0" name="hw.product" value="iPad Pro (9.7-inch)"/>
441
465
  <param pos="0" name="hw.device" value="Tablet"/>
442
466
  </fingerprint>
467
+ <fingerprint pattern="^model=J121AP$">
468
+ <description>iPad Pro (12.9-inch)</description>
469
+ <example>model=J121AP</example>
470
+ <param pos="0" name="os.vendor" value="Apple"/>
471
+ <param pos="0" name="os.cpe23" value="cpe:/o:apple:iphone_os:-"/>
472
+ <param pos="0" name="os.family" value="iOS"/>
473
+ <param pos="0" name="os.product" value="iOS"/>
474
+ <param pos="0" name="hw.vendor" value="Apple"/>
475
+ <param pos="0" name="hw.family" value="iPad Pro"/>
476
+ <param pos="0" name="hw.product" value="iPad Pro (12.9-inch)"/>
477
+ <param pos="0" name="hw.device" value="Tablet"/>
478
+ </fingerprint>
443
479
  <!-- iPad -->
444
480
  <fingerprint pattern="^model=J71[ts]AP$">
445
481
  <description>iPad (5th generation)</description>
@@ -466,6 +502,18 @@
466
502
  <param pos="0" name="hw.product" value="iPad Air"/>
467
503
  <param pos="0" name="hw.device" value="Tablet"/>
468
504
  </fingerprint>
505
+ <fingerprint pattern="^model=J8[12]AP$">
506
+ <description>iPad Air 2</description>
507
+ <example>model=J81AP</example>
508
+ <param pos="0" name="os.vendor" value="Apple"/>
509
+ <param pos="0" name="os.cpe23" value="cpe:/o:apple:iphone_os:-"/>
510
+ <param pos="0" name="os.family" value="iOS"/>
511
+ <param pos="0" name="os.product" value="iOS"/>
512
+ <param pos="0" name="hw.vendor" value="Apple"/>
513
+ <param pos="0" name="hw.family" value="iPad Air"/>
514
+ <param pos="0" name="hw.product" value="iPad Air 2"/>
515
+ <param pos="0" name="hw.device" value="Tablet"/>
516
+ </fingerprint>
469
517
  <!-- iPad mini -->
470
518
  <fingerprint pattern="^model=J8[567]AP$">
471
519
  <description>iPad mini 2</description>
data/xml/sip_banners.xml CHANGED
@@ -94,6 +94,13 @@
94
94
  <param pos="1" name="hw.model"/>
95
95
  <param pos="2" name="hw.version"/>
96
96
  </fingerprint>
97
+ <fingerprint pattern="EnGenius_Router$">
98
+ <description>EnGenius DuraFon IP Phone</description>
99
+ <example>EnGenius_Router</example>
100
+ <param pos="0" name="hw.vendor" value="enGenius"/>
101
+ <param pos="0" name="hw.product" value="DuraFon"/>
102
+ <param pos="0" name="hw.device" value="VoIP"/>
103
+ </fingerprint>
97
104
  <fingerprint pattern="^M5T SIP(?: Stack|-UA SAFE)/v?([\d\.]+)">
98
105
  <description>Media5 Corporation SIP Stack</description>
99
106
  <example service.version="4.1.2.2">M5T SIP Stack/4.1.2.2</example>
@@ -134,12 +141,22 @@
134
141
  <param pos="1" name="hw.product"/>
135
142
  <param pos="2" name="hw.version"/>
136
143
  </fingerprint>
137
- <fingerprint pattern="^ZXHN (H\d{3}N)/V?(\d(?:[\d\.A-Z_]+))$">
144
+ <fingerprint pattern="^ZXDSL (\S+)/V?(\d(?:[\d\.A-Z_]+))$">
145
+ <description>ZTE ZXDSL router</description>
146
+ <example hw.product="931VII" hw.version="2.0.00.OTET06">ZXDSL 931VII/V2.0.00.OTET06</example>
147
+ <param pos="0" name="hw.vendor" value="ZTE"/>
148
+ <param pos="0" name="hw.device" value="Router"/>
149
+ <param pos="0" name="hw.family" value="ZXDSL"/>
150
+ <param pos="1" name="hw.product"/>
151
+ <param pos="2" name="hw.version"/>
152
+ </fingerprint>
153
+ <fingerprint pattern="^(?:ZXHN )?(H\d{3}N)/V?(\d(?:[\d\.A-Z_]+))$">
138
154
  <description>ZTE ZXHN router</description>
139
155
  <example hw.product="H218N" hw.version="1.02.01_ERS">ZXHN H218N/V1.02.01_ERS</example>
140
156
  <example hw.product="H367N" hw.version="1.0.4">ZXHN H367N/V1.0.4</example>
141
157
  <example hw.product="H218N" hw.version="1.02.01">ZXHN H218N/V1.02.01</example>
142
158
  <example hw.product="H208N" hw.version="1.0.2T02">ZXHN H208N/V1.0.2T02</example>
159
+ <example hw.product="H368N" hw.version="1.10.00T10">H368N/V1.10.00T10</example>
143
160
  <param pos="0" name="hw.vendor" value="ZTE"/>
144
161
  <param pos="0" name="hw.device" value="Router"/>
145
162
  <param pos="0" name="hw.family" value="ZXHN"/>
@@ -55,4 +55,73 @@
55
55
  <param pos="1" name="os.product"/>
56
56
  <param pos="2" name="os.version"/>
57
57
  </fingerprint>
58
+ <fingerprint pattern="^Mitel-(\S+)-SIP-Phone ([\d\.]+) (.{12})$">
59
+ <description>Mitel SIP Phones</description>
60
+ <example hw.product="5320" hw.version="06.05.00.11" host.mac="010203040506">Mitel-5320-SIP-Phone 06.05.00.11 010203040506</example>
61
+ <param pos="0" name="hw.vendor" value="Mitel"/>
62
+ <param pos="0" name="hw.device" value="VoIP"/>
63
+ <param pos="1" name="hw.product"/>
64
+ <param pos="2" name="hw.version"/>
65
+ <param pos="3" name="host.mac"/>
66
+ </fingerprint>
67
+ <fingerprint pattern="^Mitel Border GW/(\S+)$">
68
+ <description>Mitel SIP Gateway</description>
69
+ <example hw.version="4.0.0.9">Mitel Border GW/4.0.0.9</example>
70
+ <param pos="0" name="hw.vendor" value="Mitel"/>
71
+ <param pos="0" name="hw.device" value="VoIP"/>
72
+ <param pos="0" name="hw.product" value="Border GW"/>
73
+ <param pos="1" name="hw.version"/>
74
+ </fingerprint>
75
+ <fingerprint pattern="^(?:Polycom/[\d\.]+ )?Polycom(SoundPoint|VVX|SoundStation)\S+_(\d+)-UA/([\d\.]+)(?:_(.{12}))?$">
76
+ <description>Polycom SoundPoint, SountdStation, VVX VoIP phones</description>
77
+ <example hw.version="5.8.0.13337" hw.family="VVX" hw.product="VVX 350">PolycomVVX-VVX_350-UA/5.8.0.13337</example>
78
+ <example hw.version="4.1.4.7430" hw.family="VVX" hw.product="VVX 400" host.mac="010203040506">PolycomVVX-VVX_400-UA/4.1.4.7430_010203040506</example>
79
+ <example hw.version="5.5.0.23866" hw.family="VVX" hw.product="VVX 501">Polycom/5.5.0.23866 PolycomVVX-VVX_501-UA/5.5.0.23866</example>
80
+ <example hw.version="4.0.7.2514" hw.family="SoundPoint" hw.product="SoundPoint 670">PolycomSoundPointIP-SPIP_670-UA/4.0.7.2514</example>
81
+ <example hw.version="4.0.8.1608" hw.family="SoundStation" hw.product="SoundStation 7000">PolycomSoundStationIP-SSIP_7000-UA/4.0.8.1608</example>
82
+ <param pos="0" name="hw.vendor" value="Polycom"/>
83
+ <param pos="0" name="hw.device" value="VoIP"/>
84
+ <param pos="1" name="hw.family"/>
85
+ <param pos="0" name="hw.product" value="{hw.family} {hw.model}"/>
86
+ <param pos="2" name="hw.model"/>
87
+ <param pos="3" name="hw.version"/>
88
+ <param pos="4" name="host.mac"/>
89
+ </fingerprint>
90
+ <fingerprint pattern="^(?:Polycom/[\d\.]+ )?Polycom(?:RealPresenceTrio)-Trio_(\S+)-UA/([\d\.]+)(?:_(.{12}))?$">
91
+ <description>Polycom RealPresence Trio Phones</description>
92
+ <example hw.version="5.4.0.12197" hw.product="RealPresence Trio 8800">PolycomRealPresenceTrio-Trio_8800-UA/5.4.0.12197</example>
93
+ <example hw.version="5.7.2.3123" hw.product="RealPresence Trio Visual+">PolycomRealPresenceTrio-Trio_Visual+-UA/5.7.2.3123</example>
94
+ <example hw.version="5.4.3.2389" hw.product="RealPresence Trio 8800">Polycom/5.4.3.2389 PolycomRealPresenceTrio-Trio_8800-UA/5.4.3.2389</example>
95
+ <param pos="0" name="hw.vendor" value="Polycom"/>
96
+ <param pos="0" name="hw.device" value="VoIP"/>
97
+ <param pos="0" name="hw.family" value="RealPresence"/>
98
+ <param pos="0" name="hw.product" value="RealPresence Trio {hw.model}"/>
99
+ <param pos="1" name="hw.model"/>
100
+ <param pos="2" name="hw.version"/>
101
+ <param pos="3" name="host.mac"/>
102
+ </fingerprint>
103
+ <fingerprint pattern="^Polycom ?HDX ?(\d+)(?: ?HD)?(?:/| \(Release - )([^\)]+)\)?">
104
+ <description>Polycom HDX Video Conferencing</description>
105
+ <example hw.model="9006" hw.product="HDX 9006" hw.version="3.0.6-37004">Polycom HDX 9006 (Release - 3.0.6-37004)</example>
106
+ <example hw.model="4000" hw.product="HDX 4000" hw.version="3.1.0">PolycomHDX4000/3.1.0</example>
107
+ <example hw.model="7000" hw.product="HDX 7000" hw.version="3.0.2.1-17007">Polycom HDX 7000 HD (Release - 3.0.2.1-17007)</example>
108
+ <example hw.model="8000" hw.product="HDX 8000" hw.version="3.1.7">PolycomHDX8000HD/3.1.7</example>
109
+ <param pos="0" name="hw.vendor" value="Polycom"/>
110
+ <param pos="0" name="hw.family" value="HDX"/>
111
+ <param pos="0" name="hw.device" value="Video Conferencing"/>
112
+ <param pos="0" name="hw.product" value="HDX {hw.model}"/>
113
+ <param pos="1" name="hw.model"/>
114
+ <param pos="2" name="hw.version"/>
115
+ </fingerprint>
116
+ <fingerprint pattern="^PolycomRealPresenceGroup(\d+)/([\d\._]+)+$">
117
+ <description>Polycom RealPresence Group Video Conferencing</description>
118
+ PolycomRealPresenceGroup700/6.2.0
119
+ <example hw.model="700" hw.product="RealPresence Group 700" hw.version="6.2.0">PolycomRealPresenceGroup700/6.2.0</example>
120
+ <param pos="0" name="hw.vendor" value="Polycom"/>
121
+ <param pos="0" name="hw.family" value="RealPresence Group"/>
122
+ <param pos="0" name="hw.device" value="Video Conferencing"/>
123
+ <param pos="0" name="hw.product" value="RealPresence Group {hw.model}"/>
124
+ <param pos="1" name="hw.model"/>
125
+ <param pos="2" name="hw.version"/>
126
+ </fingerprint>
58
127
  </fingerprints>
@@ -702,7 +702,7 @@
702
702
  </fingerprint>
703
703
  -->
704
704
  <fingerprint pattern="^DEFINITY ONE Release (\S+) Agent$">
705
- <description>Avaya Definity One media, voicemail, VOIP server</description>
705
+ <description>Avaya Definity One media, voicemail, VoIP server</description>
706
706
  <example>DEFINITY ONE Release 3 Agent</example>
707
707
  <param pos="0" name="os.vendor" value="Avaya"/>
708
708
  <param pos="0" name="os.product" value="Definity One"/>
@@ -1358,7 +1358,7 @@
1358
1358
  <example>TANDBERG MPS-MCU</example>
1359
1359
  <param pos="0" name="os.vendor" value="Cisco"/>
1360
1360
  <param pos="0" name="os.product" value="MPS-MCU"/>
1361
- <param pos="0" name="os.device" value="VOIP"/>
1361
+ <param pos="0" name="os.device" value="VoIP"/>
1362
1362
  </fingerprint>
1363
1363
  <fingerprint pattern="^Cisco Adaptive Security Appliance Version (\d+\.\d+\(\d+\)\d*)">
1364
1364
  <description>Cisco Adaptive Security Appliance</description>
@@ -1379,7 +1379,7 @@
1379
1379
  <param pos="0" name="os.vendor" value="Cisco"/>
1380
1380
  <param pos="0" name="os.family" value="760 Series"/>
1381
1381
  <param pos="0" name="os.product" value="761"/>
1382
- <param pos="0" name="os.device" value="Broadband Router"/>
1382
+ <param pos="0" name="os.device" value="Broadband router"/>
1383
1383
  <param pos="1" name="os.version"/>
1384
1384
  </fingerprint>
1385
1385
  <fingerprint pattern="^Cisco Systems, Inc\./VPN 3000 Concentrator(?: Series)? Version (\S+) built.*$">
@@ -4411,7 +4411,7 @@ Copyright (c) 1995-2005 by Cisco Systems
4411
4411
  <example>Netopia R9100 v4.8.2</example>
4412
4412
  <param pos="0" name="os.vendor" value="Netopia"/>
4413
4413
  <param pos="0" name="os.family" value="Netopia"/>
4414
- <param pos="0" name="os.device" value="Broadband Router"/>
4414
+ <param pos="0" name="os.device" value="Broadband router"/>
4415
4415
  <param pos="1" name="os.product"/>
4416
4416
  <param pos="2" name="os.version"/>
4417
4417
  </fingerprint>
@@ -5644,13 +5644,13 @@ Copyright (c) 1995-2005 by Cisco Systems
5644
5644
  SHORETEL
5645
5645
  =======================================================================-->
5646
5646
  <fingerprint pattern="^ShoreGear (\S+)$">
5647
- <description>Shoretel ShoreGear VOIP Switch</description>
5647
+ <description>Shoretel ShoreGear VoIP Switch</description>
5648
5648
  <example>ShoreGear 60/12</example>
5649
5649
  <example>ShoreGear T1</example>
5650
5650
  <param pos="0" name="os.certainty" value="0.9"/>
5651
5651
  <param pos="0" name="os.vendor" value="Shoretel"/>
5652
5652
  <param pos="0" name="os.family" value="ShoreGear"/>
5653
- <param pos="0" name="os.device" value="VOIP"/>
5653
+ <param pos="0" name="os.device" value="VoIP"/>
5654
5654
  <param pos="1" name="os.product"/>
5655
5655
  </fingerprint>
5656
5656
  <!--======================================================================
@@ -5716,12 +5716,12 @@ Copyright (c) 1995-2005 by Cisco Systems
5716
5716
  SIEMENS
5717
5717
  =======================================================================-->
5718
5718
  <fingerprint pattern="^SNMP agent for HiPath 3000.*V(\S+)$">
5719
- <description>Siemens HiPath 3000 VOIP system</description>
5719
+ <description>Siemens HiPath 3000 VoIP system</description>
5720
5720
  <example>SNMP agent for HiPath 3000 V3/V4</example>
5721
5721
  <example>SNMP agent for HiPath 3000/5000 V5.x</example>
5722
5722
  <example>SNMP agent for HiPath 3000 V3.x</example>
5723
5723
  <param pos="0" name="os.vendor" value="Siemens"/>
5724
- <param pos="0" name="os.device" value="VOIP"/>
5724
+ <param pos="0" name="os.device" value="VoIP"/>
5725
5725
  <param pos="0" name="os.product" value="HiPath 3000"/>
5726
5726
  <param pos="1" name="os.version"/>
5727
5727
  </fingerprint>
@@ -5757,7 +5757,7 @@ Copyright (c) 1995-2005 by Cisco Systems
5757
5757
  <example>HiPath optiPoint 400 Economy HFA</example>
5758
5758
  <example>HiPath optiPoint 400 Standard HFA</example>
5759
5759
  <param pos="0" name="os.vendor" value="Siemens"/>
5760
- <param pos="0" name="os.device" value="VOIP"/>
5760
+ <param pos="0" name="os.device" value="VoIP"/>
5761
5761
  <param pos="0" name="os.family" value="HFA"/>
5762
5762
  <param pos="1" name="os.product"/>
5763
5763
  </fingerprint>
@@ -5766,7 +5766,7 @@ Copyright (c) 1995-2005 by Cisco Systems
5766
5766
  <example>optiPoint 410 phone</example>
5767
5767
  <example>optiPoint 600 office</example>
5768
5768
  <param pos="0" name="os.vendor" value="Siemens"/>
5769
- <param pos="0" name="os.device" value="VOIP"/>
5769
+ <param pos="0" name="os.device" value="VoIP"/>
5770
5770
  <param pos="0" name="os.family" value="optiPoint"/>
5771
5771
  <param pos="1" name="os.product"/>
5772
5772
  </fingerprint>
@@ -6553,20 +6553,20 @@ Copyright (c) 1995-2005 by Cisco Systems
6553
6553
  <example>Prestige 642R-13</example>
6554
6554
  <param pos="0" name="os.vendor" value="ZyXEL"/>
6555
6555
  <param pos="0" name="os.product" value="Prestige 642R-13"/>
6556
- <param pos="0" name="os.device" value="Broadband Router"/>
6556
+ <param pos="0" name="os.device" value="Broadband router"/>
6557
6557
  </fingerprint>
6558
6558
  <fingerprint pattern="^Prestige 660ME-61$">
6559
6559
  <description>ZxXEL Prestige 660ME-61 ADSL router</description>
6560
6560
  <example>Prestige 660ME-61</example>
6561
6561
  <param pos="0" name="os.vendor" value="ZyXEL"/>
6562
6562
  <param pos="0" name="os.product" value="Prestige 660ME-61"/>
6563
- <param pos="0" name="os.device" value="Broadband Router"/>
6563
+ <param pos="0" name="os.device" value="Broadband router"/>
6564
6564
  </fingerprint>
6565
6565
  <fingerprint pattern="^Prestige 650R-T3$">
6566
6566
  <description>ZxXEL Prestige 650R-T3 ADSL router</description>
6567
6567
  <example>Prestige 650R-T3</example>
6568
6568
  <param pos="0" name="os.vendor" value="ZyXEL"/>
6569
6569
  <param pos="0" name="os.product" value="Prestige 650R-T3"/>
6570
- <param pos="0" name="os.device" value="Broadband Router"/>
6570
+ <param pos="0" name="os.device" value="Broadband router"/>
6571
6571
  </fingerprint>
6572
6572
  </fingerprints>
@@ -986,7 +986,7 @@
986
986
  Rmxvd1BvaW50LzIyMDAgU0RTTCBbQVRNXSBSb3V0ZXIgZnAyMjAwLTEyIHYzLjAuMiBSZWFkeQpMb2dpbjog
987
987
  </example>
988
988
  <param pos="0" name="os.vendor" value="Flowpoint"/>
989
- <param pos="0" name="hw.device" value="Broadband Router"/>
989
+ <param pos="0" name="hw.device" value="Broadband router"/>
990
990
  <param pos="0" name="hw.product" value="DSL router"/>
991
991
  <param pos="1" name="hw.model"/>
992
992
  <param pos="2" name="os.version"/>
@@ -999,7 +999,7 @@
999
999
  MpIDIwMDEtMjAwMyBieSBHbG9iZXNwYW5WaXJhdGEsIEluYy4KCgpsb2dpbjog
1000
1000
  </example>
1001
1001
  <param pos="0" name="os.vendor" value="Conexant"/>
1002
- <param pos="0" name="hw.device" value="Broadband Router"/>
1002
+ <param pos="0" name="hw.device" value="Broadband router"/>
1003
1003
  <param pos="1" name="os.version"/>
1004
1004
  </fingerprint>
1005
1005
  <fingerprint pattern="^VxWorks login:">
data/xml/upnp_banners.xml CHANGED
@@ -1,6 +1,15 @@
1
1
  <?xml version="1.0" encoding="UTF-8"?>
2
+ <!-- UPnP Server headers are matched against these patterns to fingerprint UPnP servers. -->
2
3
  <fingerprints matches="ssdp_header.server" protocol="ssdp" database_type="service" preference="0.70">
3
- <!-- UPnP Server headers are matched against these patterns to fingerprint UPnP servers. -->
4
+ <fingerprint pattern="(?i)^(.*) UPnP/[\d\.]+\s+AVM FRITZ!(.*) ([\d\.]+)$">
5
+ <description>AVM FRITZ! devices of various types</description>
6
+ <example host.name="some thing" os.product="WLAN Repeater 1750E" os.version="134.07.01">some thing UPnP/1.0 AVM FRITZ!WLAN Repeater 1750E 134.07.01</example>
7
+ <param pos="0" name="os.vendor" value="AVM"/>
8
+ <param pos="0" name="os.family" value="FRITZ!Box"/>
9
+ <param pos="2" name="os.product"/>
10
+ <param pos="3" name="os.version"/>
11
+ <param pos="1" name="host.name"/>
12
+ </fingerprint>
4
13
  <fingerprint pattern="(?i)^Linux/(\S+) UPnP/[\d\.]+ miniupnpd/([\d\.]+)$">
5
14
  <description>Linux MiniUPnPd UPnP Server</description>
6
15
  <example>Linux/Cross_compiled UPnP/1.0 miniupnpd/1.0</example>
@@ -446,6 +455,11 @@
446
455
  <param pos="1" name="os.version"/>
447
456
  <param pos="0" name="os.device" value="Router"/>
448
457
  </fingerprint>
458
+ <fingerprint pattern="^TBS/R2 UPnP/[\d\.]+ MiniUPnPd/[\d\.]+$">
459
+ <description>D-Link generic</description>
460
+ <example>TBS/R2 UPnP/1.0 MiniUPnPd/1.2</example>
461
+ <param pos="0" name="hw.vendor" value="D-Link"/>
462
+ </fingerprint>
449
463
  <fingerprint pattern="^ipos/([\d\.]+) UPnP/[\d\.]+ (TL-\w+)/(\S+)$">
450
464
  <description>TP-Link WAP UPnP Server</description>
451
465
  <example>ipos/7.0 UPnP/1.0 TL-WR841N/6.0/7.0</example>
@@ -531,6 +545,38 @@
531
545
  <param pos="1" name="os.version"/>
532
546
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:{os.version}"/>
533
547
  </fingerprint>
548
+ <fingerprint pattern="^Loxone Miniserver (.*) UPnP/1.0$">
549
+ <description>Loxone Miniserver Smart Home</description>
550
+ <example host.name="some name">Loxone Miniserver some name UPnP/1.0</example>
551
+ <param pos="0" name="hw.vendor" value="Loxone"/>
552
+ <param pos="0" name="hw.product" value="Miniserver"/>
553
+ <param pos="0" name="hw.device" value="Building Automation"/>
554
+ <param pos="1" name="host.name"/>
555
+ </fingerprint>
556
+ <fingerprint pattern="^RouterOS/(\S+)UPnP/1.0 MikroTik UPnP/1.0$">
557
+ <description>Mikrotik RouterOS</description>
558
+ <example os.version="6.43">RouterOS/6.43UPnP/1.0 MikroTik UPnP/1.0</example>
559
+ <param pos="0" name="os.vendor" value="MikroTik"/>
560
+ <param pos="0" name="os.device" value="Router"/>
561
+ <param pos="0" name="os.family" value="RouterOS"/>
562
+ <param pos="0" name="os.product" value="RouterOS"/>
563
+ <param pos="1" name="os.version"/>
564
+ </fingerprint>
565
+ <fingerprint pattern="^Roku UPnP/\S+ Roku/(\S+)$">
566
+ <description>Roku with a version</description>
567
+ <example hw.version="8.1.6">Roku UPnP/1.0 Roku/8.1.6</example>
568
+ <param pos="0" name="hw.vendor" value="Roku"/>
569
+ <param pos="0" name="hw.product" value="Roku"/>
570
+ <param pos="0" name="hw.device" value="Media Server"/>
571
+ <param pos="1" name="hw.version"/>
572
+ </fingerprint>
573
+ <fingerprint pattern="^Roku UPnP/\S+ MiniUPnPd/\S+$">
574
+ <description>Roku without a version</description>
575
+ <example>Roku UPnP/1.0 MiniUPnPd/1.4</example>
576
+ <param pos="0" name="hw.vendor" value="Roku"/>
577
+ <param pos="0" name="hw.product" value="Roku"/>
578
+ <param pos="0" name="hw.device" value="Media Server"/>
579
+ </fingerprint>
534
580
  <fingerprint pattern="^UPnP/\S+, DLNADOC/\S+, Platinum/(\S+)$">
535
581
  <description>Xbox Media Center UPnP Server</description>
536
582
  <example>UPnP/1.0, DLNADOC/1.50, Platinum/0.5.1</example>
@@ -541,4 +587,24 @@
541
587
  <param pos="0" name="service.product" value="XBMC"/>
542
588
  <param pos="1" name="service.version"/>
543
589
  </fingerprint>
590
+ <fingerprint pattern="Synology/DSM/(\d+\.\d+\.\d+\.\d+)$">
591
+ <description>Synology DiskStation NAS with IP</description>
592
+ <example host.ip="192.168.1.100">Synology/DSM/192.168.1.100</example>
593
+ <param pos="0" name="hw.vendor" value="Synology"/>
594
+ <param pos="0" name="hw.family" value="DiskStation"/>
595
+ <param pos="0" name="hw.device" value="NAS"/>
596
+ <param pos="0" name="os.device" value="NAS"/>
597
+ <param pos="0" name="os.family" value="Linux"/>
598
+ <param pos="0" name="os.product" value="DSM"/>
599
+ <param pos="0" name="os.vendor" value="Synology"/>
600
+ <param pos="1" name="host.ip"/>
601
+ </fingerprint>
602
+ <fingerprint pattern="Synology/DSM/(\S+)$">
603
+ <description>Synology DiskStation NAS with hostname</description>
604
+ <example host.name="stuff">Synology/DSM/stuff</example>
605
+ <param pos="0" name="hw.vendor" value="Synology"/>
606
+ <param pos="0" name="hw.family" value="DiskStation"/>
607
+ <param pos="0" name="hw.device" value="NAS"/>
608
+ <param pos="1" name="host.name"/>
609
+ </fingerprint>
544
610
  </fingerprints>
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: recog
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.36
4
+ version: 2.1.37
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rapid7 Research
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-12-12 00:00:00.000000000 Z
11
+ date: 2018-12-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec