recog 2.3.0 → 2.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/recog/version.rb +1 -1
- data/spec/lib/fingerprint_self_test_spec.rb +17 -0
- data/xml/apache_os.xml +4 -4
- data/xml/ftp_banners.xml +37 -46
- data/xml/h323_callresp.xml +1 -1
- data/xml/http_cookies.xml +26 -58
- data/xml/http_servers.xml +65 -95
- data/xml/http_wwwauth.xml +6 -6
- data/xml/imap_banners.xml +12 -5
- data/xml/ldap_searchresult.xml +2 -2
- data/xml/mysql_banners.xml +3 -3
- data/xml/mysql_error.xml +0 -1
- data/xml/ntp_banners.xml +2 -2
- data/xml/operating_system.xml +0 -1
- data/xml/pop_banners.xml +5 -6
- data/xml/smb_native_os.xml +4 -4
- data/xml/smtp_banners.xml +13 -19
- data/xml/smtp_debug.xml +5 -13
- data/xml/smtp_ehlo.xml +2 -7
- data/xml/smtp_expn.xml +12 -24
- data/xml/smtp_help.xml +22 -62
- data/xml/smtp_noop.xml +5 -9
- data/xml/smtp_quit.xml +3 -7
- data/xml/smtp_rcptto.xml +3 -7
- data/xml/smtp_vrfy.xml +16 -35
- data/xml/snmp_sysdescr.xml +258 -278
- data/xml/snmp_sysobjid.xml +3 -3
- data/xml/ssh_banners.xml +8 -11
- data/xml/x509_subjects.xml +14 -17
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 920e1485b77b016b102fa9dac98a5083466bd25f
|
|
4
|
+
data.tar.gz: a2933977255f0482e2eeaecf0c5fcc03b7da51a5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e76194edd0b9a4e6658abfe66afbb4da62cd5ef69bff5c6ead19481ecf14ba858a025f7598e384aa00d93c4fe79958aad4cd58101846c384e9ea29f87b59aba3
|
|
7
|
+
data.tar.gz: 35ca17bafa51461fa4cacc03750154e4cdd56e6e1d9c9053a6c3a6604c217ea2834a2e5195ec65a4eaf87496f09051dfeb6092d67fa2d73f2a73019555f2f832
|
data/lib/recog/version.rb
CHANGED
|
@@ -28,9 +28,18 @@ describe Recog::DB do
|
|
|
28
28
|
expect(db.preference).to be_between(0.10, 0.90)
|
|
29
29
|
end
|
|
30
30
|
|
|
31
|
+
fp_descriptions = []
|
|
31
32
|
db.fingerprints.each_index do |i|
|
|
32
33
|
fp = db.fingerprints[i]
|
|
33
34
|
|
|
35
|
+
it "doesn't have a duplicate description" do
|
|
36
|
+
if fp_descriptions.include?(fp.name)
|
|
37
|
+
fail "'#{fp.name}'s description is not unique"
|
|
38
|
+
else
|
|
39
|
+
fp_descriptions << fp.name
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
|
|
34
43
|
context "#{fp.name}" do
|
|
35
44
|
param_names = []
|
|
36
45
|
it "has consistent os.device and hw.device" do
|
|
@@ -127,7 +136,15 @@ describe Recog::DB do
|
|
|
127
136
|
expect(fp.tests.length).to be <= 20
|
|
128
137
|
end
|
|
129
138
|
|
|
139
|
+
fp_examples = []
|
|
130
140
|
fp.tests.each do |example|
|
|
141
|
+
it "doesn't have a duplicate examples" do
|
|
142
|
+
if fp_examples.include?(example.content)
|
|
143
|
+
fail "'#{fp.name}' has duplicate example '#{example.content}'"
|
|
144
|
+
else
|
|
145
|
+
fp_examples << example.content
|
|
146
|
+
end
|
|
147
|
+
end
|
|
131
148
|
it "Example '#{example.content}' matches this regex" do
|
|
132
149
|
match = fp.match(example.content)
|
|
133
150
|
expect(match).to_not be_nil, 'Regex did not match'
|
data/xml/apache_os.xml
CHANGED
|
@@ -37,7 +37,7 @@
|
|
|
37
37
|
<param pos="0" name="os.cpe23" value="cpe:/o:mandriva:linux:-"/>
|
|
38
38
|
</fingerprint>
|
|
39
39
|
<fingerprint pattern=".*\(Mandrakelinux/.*">
|
|
40
|
-
<description>Mandriva (formerly Mandrake) Linux unknown version</description>
|
|
40
|
+
<description>Mandriva (formerly Mandrake) Linux unknown version - variant 2</description>
|
|
41
41
|
<param pos="0" name="os.vendor" value="Mandriva"/>
|
|
42
42
|
<param pos="0" name="os.family" value="Linux"/>
|
|
43
43
|
<param pos="0" name="os.product" value="Linux"/>
|
|
@@ -131,7 +131,7 @@
|
|
|
131
131
|
<param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:-"/>
|
|
132
132
|
</fingerprint>
|
|
133
133
|
<fingerprint pattern=".*\(RHEL\).*">
|
|
134
|
-
<description>Red Hat
|
|
134
|
+
<description>Red Hat Enterprise Linux</description>
|
|
135
135
|
<param pos="0" name="os.vendor" value="Red Hat"/>
|
|
136
136
|
<param pos="0" name="os.family" value="Linux"/>
|
|
137
137
|
<param pos="0" name="os.product" value="Enterprise Linux"/>
|
|
@@ -206,14 +206,14 @@
|
|
|
206
206
|
<param pos="0" name="os.cpe23" value="cpe:/o:gentoo:linux:-"/>
|
|
207
207
|
</fingerprint>
|
|
208
208
|
<fingerprint pattern=".*\(Conectiva(?:/Linux)?\).*">
|
|
209
|
-
<description>
|
|
209
|
+
<description>Conectiva Linux</description>
|
|
210
210
|
<param pos="0" name="os.vendor" value="Conectiva"/>
|
|
211
211
|
<param pos="0" name="os.family" value="Linux"/>
|
|
212
212
|
<param pos="0" name="os.product" value="Linux"/>
|
|
213
213
|
<param pos="0" name="os.cpe23" value="cpe:/o:conectiva:linux:-"/>
|
|
214
214
|
</fingerprint>
|
|
215
215
|
<fingerprint pattern=".*\(Trustix Secure Linux(?:/Linux)?\).*">
|
|
216
|
-
<description>
|
|
216
|
+
<description>Trustix Linux</description>
|
|
217
217
|
<param pos="0" name="os.vendor" value="Trustix"/>
|
|
218
218
|
<param pos="0" name="os.family" value="Linux"/>
|
|
219
219
|
<param pos="0" name="os.product" value="Secure Linux"/>
|
data/xml/ftp_banners.xml
CHANGED
|
@@ -71,9 +71,7 @@
|
|
|
71
71
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
|
72
72
|
</fingerprint>
|
|
73
73
|
<fingerprint pattern="^([^ ]+) +FTP +Server \(Version ([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
|
|
74
|
-
<description>
|
|
75
|
-
FTP on HPUX with a PHNE (HP Networking patch) installed
|
|
76
|
-
</description>
|
|
74
|
+
<description>FTP on HPUX with a PHNE (HP Networking patch) installed</description>
|
|
77
75
|
<example>example.com FTP server (Version 1.1.214.4(PHNE_38458) Mon Feb 15 06:03:12 GMT 2010) ready.</example>
|
|
78
76
|
<param pos="0" name="service.vendor" value="HP"/>
|
|
79
77
|
<param pos="0" name="service.product" value="FTPD"/>
|
|
@@ -85,9 +83,7 @@
|
|
|
85
83
|
<param pos="2" name="service.version"/>
|
|
86
84
|
</fingerprint>
|
|
87
85
|
<fingerprint pattern="^([^ ]+) +FTP +Server \(Revision \S+ Version wuftpd-([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
|
|
88
|
-
<description>
|
|
89
|
-
WU-FTPD on HPUX with a PHNE (HP Networking patch) installed
|
|
90
|
-
</description>
|
|
86
|
+
<description>WU-FTPD on HPUX with a PHNE (HP Networking patch) installed</description>
|
|
91
87
|
<example>example.com FTP server (Revision 1.1 Version wuftpd-2.6.1(PHNE_38578) Fri Sep 5 12:10:54 GMT 2008) ready.</example>
|
|
92
88
|
<param pos="0" name="service.vendor" value="Washington University"/>
|
|
93
89
|
<param pos="0" name="service.product" value="WU-FTPD"/>
|
|
@@ -309,9 +305,7 @@ more stuff</example>
|
|
|
309
305
|
<param pos="1" name="service.version"/>
|
|
310
306
|
</fingerprint>
|
|
311
307
|
<fingerprint pattern="^-{9,10}(?:.*)\s+Pure-FTPd\s+(.*)-{9,10}">
|
|
312
|
-
<description>Pure-FTPd versions >= 1.0.14
|
|
313
|
-
Config data can be zero or more of: [privsep] [TLS]
|
|
314
|
-
</description>
|
|
308
|
+
<description>Pure-FTPd versions >= 1.0.14 - Config data can be zero or more of: [privsep] [TLS]</description>
|
|
315
309
|
<example>---------- Welcome to Pure-FTPd ----------</example>
|
|
316
310
|
<example>--------- Bienvenido a Pure-FTPd [privsep] [TLS] ----------</example>
|
|
317
311
|
<example>--------- Pure-FTPd [privsep] ----------</example>
|
|
@@ -373,7 +367,7 @@ more text</example>
|
|
|
373
367
|
<param pos="2" name="host.name"/>
|
|
374
368
|
</fingerprint>
|
|
375
369
|
<fingerprint pattern="^ready, dude \(vsFTPd (\d+\..+): beat me, break me\)$">
|
|
376
|
-
<description>vsFTPd (Very Secure FTP Daemon)</description>
|
|
370
|
+
<description>vsFTPd (Very Secure FTP Daemon) - break me variant</description>
|
|
377
371
|
<example service.version="1.1.0">ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
|
|
378
372
|
<param pos="0" name="service.family" value="vsFTPd"/>
|
|
379
373
|
<param pos="0" name="service.product" value="vsFTPd"/>
|
|
@@ -611,10 +605,7 @@ more text</example>
|
|
|
611
605
|
<example>NRG MP 3350 FTP server (7.05) ready.</example>
|
|
612
606
|
<example>NRG MP C3500 FTP server (5.17) ready.</example>
|
|
613
607
|
<example>NRG MP 171 FTP server (9.02.1) ready.</example>
|
|
614
|
-
<example>NRG MP 3350 FTP server (7.05) ready.</example>
|
|
615
608
|
<example>NRG MP C2550 FTP server (8.25) ready.</example>
|
|
616
|
-
<example>NRG MP C2800 FTP server (8.25) ready.</example>
|
|
617
|
-
<example>NRG MP C3500 FTP server (5.17) ready.</example>
|
|
618
609
|
<example>NRG MP C3500 FTP server (5.19) ready.</example>
|
|
619
610
|
<example>NRG MP C4000 FTP server (8.30) ready.</example>
|
|
620
611
|
<example>NRG MP C4500 FTP server (5.14) ready.</example>
|
|
@@ -662,34 +653,31 @@ more text</example>
|
|
|
662
653
|
<param pos="1" name="os.product"/>
|
|
663
654
|
</fingerprint>
|
|
664
655
|
<fingerprint pattern="^ET(\S{12}) Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
|
|
665
|
-
<description>Lexmark
|
|
666
|
-
<example>ET000400CEA560 Lexmark T640 FTP Server NS.NP.N219 ready.</example>
|
|
656
|
+
<description>Lexmark printer with MAC address</description>
|
|
657
|
+
<example host.mac="000400CEA560" hw.product="T640" os.version="NS.NP.N219">ET000400CEA560 Lexmark T640 FTP Server NS.NP.N219 ready.</example>
|
|
667
658
|
<param pos="0" name="os.vendor" value="Lexmark"/>
|
|
668
659
|
<param pos="0" name="os.device" value="Printer"/>
|
|
669
660
|
<param pos="1" name="host.mac"/>
|
|
670
|
-
<param pos="2" name="os.product"/>
|
|
671
661
|
<param pos="3" name="os.version"/>
|
|
672
662
|
<param pos="0" name="hw.vendor" value="Lexmark"/>
|
|
673
663
|
<param pos="0" name="hw.device" value="Printer"/>
|
|
674
664
|
<param pos="2" name="hw.product"/>
|
|
675
665
|
</fingerprint>
|
|
676
666
|
<fingerprint pattern="^.*Lexmark (\S+) FTP Server (\S+) ready\.?$" certainty="1.0" flags="REG_ICASE">
|
|
677
|
-
<description>Lexmark
|
|
678
|
-
<example
|
|
667
|
+
<description>Lexmark printer with OS version</description>
|
|
668
|
+
<example hw.product="T654" os.version="NR.APS.F368">ET0021718 Lexmark T654 FTP Server NR.APS.F368 ready.</example>
|
|
679
669
|
<param pos="0" name="os.vendor" value="Lexmark"/>
|
|
680
670
|
<param pos="0" name="os.device" value="Printer"/>
|
|
681
|
-
<param pos="1" name="os.product"/>
|
|
682
671
|
<param pos="2" name="os.version"/>
|
|
683
672
|
<param pos="0" name="hw.vendor" value="Lexmark"/>
|
|
684
673
|
<param pos="0" name="hw.device" value="Printer"/>
|
|
685
674
|
<param pos="1" name="hw.product"/>
|
|
686
675
|
</fingerprint>
|
|
687
676
|
<fingerprint pattern="^.*Lexmark (\S+) FTP Server ready\.?$" certainty="1.0" flags="REG_ICASE">
|
|
688
|
-
<description>Lexmark
|
|
689
|
-
<example
|
|
677
|
+
<description>Lexmark printer</description>
|
|
678
|
+
<example hw.product="X500">Lexmark X500 FTP server ready</example>
|
|
690
679
|
<param pos="0" name="os.vendor" value="Lexmark"/>
|
|
691
680
|
<param pos="0" name="os.device" value="Printer"/>
|
|
692
|
-
<param pos="1" name="os.product"/>
|
|
693
681
|
<param pos="0" name="hw.vendor" value="Lexmark"/>
|
|
694
682
|
<param pos="0" name="hw.device" value="Printer"/>
|
|
695
683
|
<param pos="1" name="hw.product"/>
|
|
@@ -772,21 +760,21 @@ more text</example>
|
|
|
772
760
|
<param pos="2" name="os.version"/>
|
|
773
761
|
</fingerprint>
|
|
774
762
|
<fingerprint pattern="^LinkCom Xpress (.*) FTP version ([\d\.]+) ready$" certainty="1.0">
|
|
775
|
-
<description>MPI Technologies Linkcom Express FTP Server</description>
|
|
776
|
-
<example>LinkCom Xpress 10/100 +IPDS FTP version 1.0 ready</example>
|
|
777
|
-
<param pos="0" name="
|
|
778
|
-
<param pos="0" name="
|
|
779
|
-
<param pos="0" name="
|
|
780
|
-
<param pos="1" name="
|
|
763
|
+
<description>MPI Technologies Linkcom Express FTP Server with os version</description>
|
|
764
|
+
<example hw.product="10/100 +IPDS" os.version="1.0">LinkCom Xpress 10/100 +IPDS FTP version 1.0 ready</example>
|
|
765
|
+
<param pos="0" name="hw.vendor" value="MPI Technologies"/>
|
|
766
|
+
<param pos="0" name="hw.family" value="LinkCom Xpress"/>
|
|
767
|
+
<param pos="0" name="hw.device" value="Print server"/>
|
|
768
|
+
<param pos="1" name="hw.product"/>
|
|
781
769
|
<param pos="2" name="os.version"/>
|
|
782
770
|
</fingerprint>
|
|
783
771
|
<fingerprint pattern="^LinkCom Xpress (.*)$" certainty="1.0">
|
|
784
772
|
<description>MPI Technologies Linkcom Express FTP Server</description>
|
|
785
|
-
<example>LinkCom Xpress EIO PRO 10</example>
|
|
786
|
-
<param pos="0" name="
|
|
787
|
-
<param pos="0" name="
|
|
788
|
-
<param pos="0" name="
|
|
789
|
-
<param pos="1" name="
|
|
773
|
+
<example hw.product="EIO PRO 10">LinkCom Xpress EIO PRO 10</example>
|
|
774
|
+
<param pos="0" name="hw.vendor" value="MPI Technologies"/>
|
|
775
|
+
<param pos="0" name="hw.family" value="LinkCom Xpress"/>
|
|
776
|
+
<param pos="0" name="hw.device" value="Print server"/>
|
|
777
|
+
<param pos="1" name="hw.product"/>
|
|
790
778
|
</fingerprint>
|
|
791
779
|
<fingerprint pattern="^LXKE\S+ IBM Infoprint (\d+) FTP Server (\d+\.\d+\.\d+) ready.$" certainty="1.0">
|
|
792
780
|
<description>IBM Infoprint FTP</description>
|
|
@@ -813,7 +801,7 @@ more text</example>
|
|
|
813
801
|
<param pos="2" name="os.version"/>
|
|
814
802
|
</fingerprint>
|
|
815
803
|
<fingerprint pattern="^(Gestetner \S+)$" certainty="1.0">
|
|
816
|
-
<description>Gestetner Printer FTP</description>
|
|
804
|
+
<description>Gestetner Printer FTP - short banner</description>
|
|
817
805
|
<example>Gestetner MPC2500</example>
|
|
818
806
|
<param pos="0" name="os.vendor" value="Ricoh"/>
|
|
819
807
|
<param pos="0" name="os.device" value="Multifunction Device"/>
|
|
@@ -842,12 +830,15 @@ more text</example>
|
|
|
842
830
|
</fingerprint>
|
|
843
831
|
<fingerprint pattern="^ET(\S+) (Pro\d+) Series FTP Server ready\.$" certainty="1.0">
|
|
844
832
|
<description>Lexmark ProXXX Series of Printers</description>
|
|
845
|
-
<example>ET0020007E4D2A Pro700 Series FTP Server ready.</example>
|
|
833
|
+
<example host.mac="0020007E4D2A" hw.product="Pro700">ET0020007E4D2A Pro700 Series FTP Server ready.</example>
|
|
846
834
|
<param pos="0" name="os.vendor" value="Lexmark"/>
|
|
847
835
|
<param pos="0" name="os.device" value="Printer"/>
|
|
848
836
|
<param pos="0" name="os.family" value="Pro Series"/>
|
|
849
837
|
<param pos="1" name="host.mac"/>
|
|
850
|
-
<param pos="
|
|
838
|
+
<param pos="0" name="hw.vendor" value="Lexmark"/>
|
|
839
|
+
<param pos="0" name="hw.family" value="Pro Series"/>
|
|
840
|
+
<param pos="0" name="hw.device" value="Printer"/>
|
|
841
|
+
<param pos="2" name="hw.product"/>
|
|
851
842
|
</fingerprint>
|
|
852
843
|
<fingerprint pattern="^ET(\S+) Lexmark Forms Printer (\d+) Ethernet FTP Server (\S+) ready\.$" certainty="1.0">
|
|
853
844
|
<description>Lexmark Forms Printer</description>
|
|
@@ -864,9 +855,9 @@ more text</example>
|
|
|
864
855
|
<param pos="2" name="hw.product"/>
|
|
865
856
|
</fingerprint>
|
|
866
857
|
<fingerprint pattern="^ET(\S+) TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
|
|
867
|
-
<description>Toshiba Printer</description>
|
|
858
|
+
<description>Toshiba e-STUDIO Printer with MAC address</description>
|
|
868
859
|
<example os.version="NC2.NPS.N221">ET0004001E9C00 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N221 ready.</example>
|
|
869
|
-
<example>ET00040089BE42 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
|
|
860
|
+
<example host.mac="00040089BE42">ET00040089BE42 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
|
|
870
861
|
<param pos="0" name="os.vendor" value="Toshiba"/>
|
|
871
862
|
<param pos="0" name="os.device" value="Multifunction Device"/>
|
|
872
863
|
<param pos="0" name="os.product" value="e-STUDIO"/>
|
|
@@ -877,7 +868,7 @@ more text</example>
|
|
|
877
868
|
<param pos="0" name="hw.product" value="e-STUDIO"/>
|
|
878
869
|
</fingerprint>
|
|
879
870
|
<fingerprint pattern="^\S+ TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
|
|
880
|
-
<description>Toshiba Printer</description>
|
|
871
|
+
<description>Toshiba e-STUDIO Printer</description>
|
|
881
872
|
<example os.version="NC2.NPS.N211">JHBPRN13 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
|
|
882
873
|
<param pos="0" name="os.vendor" value="Toshiba"/>
|
|
883
874
|
<param pos="0" name="os.device" value="Multifunction Device"/>
|
|
@@ -923,7 +914,7 @@ more text</example>
|
|
|
923
914
|
<param pos="1" name="hw.product"/>
|
|
924
915
|
</fingerprint>
|
|
925
916
|
<fingerprint pattern="^(FS-\S+MFP\S*?) FTP server\.?$" certainty="1.0">
|
|
926
|
-
<description>Kyocera
|
|
917
|
+
<description>Kyocera Printer with version string</description>
|
|
927
918
|
<example os.product="FS-C2126MFP">FS-C2126MFP FTP server</example>
|
|
928
919
|
<example hw.product="FS-C2026MFP+">FS-C2026MFP+ FTP server</example>
|
|
929
920
|
<example hw.product="FS-1128MFP">FS-1128MFP FTP server</example>
|
|
@@ -935,9 +926,9 @@ more text</example>
|
|
|
935
926
|
<param pos="1" name="hw.product"/>
|
|
936
927
|
</fingerprint>
|
|
937
928
|
<fingerprint pattern="^(FS-\S+(?:DN|D|N)) FTP server\.?$" certainty="1.0">
|
|
938
|
-
<description>Kyocera
|
|
939
|
-
<example>FS-1370DN FTP server</example>
|
|
940
|
-
<example>FS-C5015N FTP server.</example>
|
|
929
|
+
<description>Kyocera Printer</description>
|
|
930
|
+
<example os.product="FS-1370DN">FS-1370DN FTP server</example>
|
|
931
|
+
<example hw.product="FS-C5015N">FS-C5015N FTP server.</example>
|
|
941
932
|
<param pos="0" name="os.vendor" value="Kyocera"/>
|
|
942
933
|
<param pos="0" name="os.device" value="Printer"/>
|
|
943
934
|
<param pos="0" name="os.family" value="FS"/>
|
|
@@ -1019,7 +1010,7 @@ more text</example>
|
|
|
1019
1010
|
<param pos="1" name="hw.product"/>
|
|
1020
1011
|
</fingerprint>
|
|
1021
1012
|
<fingerprint pattern="^KONICA MINOLTA FTP server ready\.?$">
|
|
1022
|
-
<description>Konica Minolta FTP Server</description>
|
|
1013
|
+
<description>Konica Minolta FTP Server - w/o version</description>
|
|
1023
1014
|
<example>KONICA MINOLTA FTP server ready.</example>
|
|
1024
1015
|
<param pos="0" name="os.device" value="Printer"/>
|
|
1025
1016
|
<param pos="0" name="os.vendor" value="Konica Minolta"/>
|
|
@@ -1032,7 +1023,7 @@ more text</example>
|
|
|
1032
1023
|
</fingerprint>
|
|
1033
1024
|
<fingerprint pattern="^(KM\S+) FTP server \(KM FTPD version (\d*(?:\.\d*))\) ready\.?$">
|
|
1034
1025
|
<description>Konica Minolta FTP Server</description>
|
|
1035
|
-
<example>KM23BC97 FTP server (KM FTPD version 1.00) ready.</example>
|
|
1026
|
+
<example os.product="KM23BC97" service.version="1.00">KM23BC97 FTP server (KM FTPD version 1.00) ready.</example>
|
|
1036
1027
|
<example>KM23BF0A FTP server (KM FTPD version 1.00) ready.</example>
|
|
1037
1028
|
<example>KM23CBDB FTP server (KM FTPD version 1.00) ready.</example>
|
|
1038
1029
|
<example>KM23E608 FTP server (KM FTPD version 1.00) ready.</example>
|
|
@@ -1092,7 +1083,7 @@ more text</example>
|
|
|
1092
1083
|
<param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
|
|
1093
1084
|
</fingerprint>
|
|
1094
1085
|
<fingerprint pattern="^(\S+) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
|
|
1095
|
-
<description>Digital/Compaq/HP Tru64 Unix</description>
|
|
1086
|
+
<description>Digital/Compaq/HP Tru64 Unix w/o branding</description>
|
|
1096
1087
|
<example host.name="example.com" os.version="5.60">example.com FTP server (Digital UNIX Version 5.60) ready.</example>
|
|
1097
1088
|
<param pos="0" name="os.vendor" value="HP"/>
|
|
1098
1089
|
<param pos="0" name="os.family" value="Unix"/>
|
data/xml/h323_callresp.xml
CHANGED
|
@@ -565,7 +565,7 @@
|
|
|
565
565
|
<param pos="2" name="service.version"/>
|
|
566
566
|
</fingerprint>
|
|
567
567
|
<fingerprint pattern="^0xb500(?:4c54|600d)\:(.*)\:.*?(\d*\.*\d*\.*\d*).*$" flags="REG_ICASE">
|
|
568
|
-
<description>Lucent Technologies H.323 Server</description>
|
|
568
|
+
<description>Lucent Technologies H.323 Server - variant 1</description>
|
|
569
569
|
<param pos="0" name="service.vendor" value="Lucent Technologies"/>
|
|
570
570
|
<param pos="1" name="service.product"/>
|
|
571
571
|
<param pos="2" name="service.version"/>
|
data/xml/http_cookies.xml
CHANGED
|
@@ -5,11 +5,7 @@
|
|
|
5
5
|
servers.
|
|
6
6
|
-->
|
|
7
7
|
<fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)=.*">
|
|
8
|
-
<description>
|
|
9
|
-
Adobe (Macromedia) ColdFusion uses various cookies.
|
|
10
|
-
See http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_17915&sliceId=1
|
|
11
|
-
and http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_17919&sliceId=2
|
|
12
|
-
</description>
|
|
8
|
+
<description>Adobe (Macromedia) ColdFusion uses various cookies</description>
|
|
13
9
|
<param pos="1" name="cookie"/>
|
|
14
10
|
<param pos="0" name="service.vendor" value="Adobe"/>
|
|
15
11
|
<param pos="0" name="service.family" value="ColdFusion"/>
|
|
@@ -72,19 +68,21 @@
|
|
|
72
68
|
<param pos="0" name="service.product" value="Proxy"/>
|
|
73
69
|
</fingerprint>
|
|
74
70
|
<fingerprint pattern="^(CAKEPHP)=.*">
|
|
75
|
-
<description>CakePHP http://www.cakephp.org/</description>
|
|
71
|
+
<description>CakePHP - http://www.cakephp.org/</description>
|
|
76
72
|
<param pos="1" name="cookie"/>
|
|
77
73
|
<param pos="0" name="service.family" value="PHP"/>
|
|
78
74
|
<param pos="0" name="service.product" value="CakePHP"/>
|
|
79
75
|
</fingerprint>
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
http://www.cisco.com/warp/public/117/AP_cookies.html
|
|
83
|
-
|
|
76
|
+
<!--
|
|
77
|
+
For the following two Cisco Content Service Switch fingerprints:
|
|
84
78
|
The cookie value breaks down to [box-id][service-id][timeout-value]
|
|
85
79
|
unfortunately, there's no separator so it's hard to tell what the
|
|
86
80
|
actual break is between the pieces of data.
|
|
87
|
-
|
|
81
|
+
|
|
82
|
+
http://www.cisco.com/warp/public/117/AP_cookies.html
|
|
83
|
+
-->
|
|
84
|
+
<fingerprint pattern="^(ARPT)=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]+.*">
|
|
85
|
+
<description>Cisco 11000 Series Content Service Switch (CSS)</description>
|
|
88
86
|
<param pos="1" name="cookie"/>
|
|
89
87
|
<param pos="2" name="host.id"/>
|
|
90
88
|
<param pos="3" name="host.ip"/>
|
|
@@ -93,13 +91,7 @@
|
|
|
93
91
|
<param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
|
|
94
92
|
</fingerprint>
|
|
95
93
|
<fingerprint pattern="^(ARPT)=.*">
|
|
96
|
-
<description>Cisco 11000 Series Content Service Switch (CSS)
|
|
97
|
-
http://www.cisco.com/warp/public/117/AP_cookies.html
|
|
98
|
-
|
|
99
|
-
The cookie value breaks down to [box-id][service-id][timeout-value]
|
|
100
|
-
unfortunately, there's no separator so it's hard to tell what the
|
|
101
|
-
actual break is between the pieces of data.
|
|
102
|
-
</description>
|
|
94
|
+
<description>Cisco 11000 Series Content Service Switch (CSS) - catch all variant</description>
|
|
103
95
|
<param pos="1" name="cookie"/>
|
|
104
96
|
<param pos="0" name="service.vendor" value="Cisco"/>
|
|
105
97
|
<param pos="0" name="service.family" value="Content Service Switch"/>
|
|
@@ -125,9 +117,7 @@
|
|
|
125
117
|
<param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
|
|
126
118
|
</fingerprint>
|
|
127
119
|
<fingerprint pattern="^(st8id)=.*">
|
|
128
|
-
<description>Citrix Application Protection System, Enterprise
|
|
129
|
-
http://support.citrix.com/article/CTX109330
|
|
130
|
-
</description>
|
|
120
|
+
<description>Citrix Application Protection System, Enterprise - http://support.citrix.com/article/CTX109330</description>
|
|
131
121
|
<param pos="1" name="cookie"/>
|
|
132
122
|
<param pos="0" name="service.vendor" value="Citrix"/>
|
|
133
123
|
<param pos="0" name="service.family" value="Application Protection System"/>
|
|
@@ -142,19 +132,14 @@
|
|
|
142
132
|
<param pos="0" name="os.product" value="NetScaler"/>
|
|
143
133
|
</fingerprint>
|
|
144
134
|
<fingerprint pattern="^(EktGUID|ecm)=.*">
|
|
145
|
-
<description>Ektron CMS400.net
|
|
146
|
-
http://www.ektron.com/developers/cms400kb.cfm?id=2174
|
|
147
|
-
</description>
|
|
135
|
+
<description>Ektron CMS400.net</description>
|
|
148
136
|
<param pos="1" name="cookie"/>
|
|
149
137
|
<param pos="0" name="service.vendor" value="Ektron"/>
|
|
150
138
|
<param pos="0" name="service.family" value="CMS400.NET"/>
|
|
151
139
|
<param pos="0" name="service.product" value="CMS400.NET"/>
|
|
152
140
|
</fingerprint>
|
|
153
141
|
<fingerprint pattern="^(BIGipServer([^=]+))=.*">
|
|
154
|
-
<description>F5 BIG-IP LTM
|
|
155
|
-
http://www.f5.com/solutions/deployment/pdfs/peoplesoft-ltm-dg.pdf
|
|
156
|
-
http://www.f5.com/solutions/deployment/pdfs/SAP_v94_dg.pdf
|
|
157
|
-
</description>
|
|
142
|
+
<description>F5 BIG-IP LTM - Server variant</description>
|
|
158
143
|
<param pos="1" name="cookie"/>
|
|
159
144
|
<param pos="2" name="loadbalancer.poolname"/>
|
|
160
145
|
<param pos="0" name="service.vendor" value="F5"/>
|
|
@@ -163,10 +148,7 @@
|
|
|
163
148
|
<param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
|
|
164
149
|
</fingerprint>
|
|
165
150
|
<fingerprint pattern="^(BigIPCookie)=.*">
|
|
166
|
-
<description>F5 BIG-IP LTM
|
|
167
|
-
http://www.f5.com/solutions/deployment/pdfs/peoplesoft-ltm-dg.pdf
|
|
168
|
-
http://www.f5.com/solutions/deployment/pdfs/SAP_v94_dg.pdf
|
|
169
|
-
</description>
|
|
151
|
+
<description>F5 BIG-IP LTM</description>
|
|
170
152
|
<param pos="1" name="cookie"/>
|
|
171
153
|
<param pos="0" name="service.vendor" value="F5"/>
|
|
172
154
|
<param pos="0" name="service.family" value="BIG-IP"/>
|
|
@@ -174,9 +156,7 @@
|
|
|
174
156
|
<param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
|
|
175
157
|
</fingerprint>
|
|
176
158
|
<fingerprint pattern="^(SERVERID)=([A-Za-z0-9\-_]+)">
|
|
177
|
-
<description>HAProxy
|
|
178
|
-
http://haproxy.1wt.eu/download/1.2/doc/architecture.txt
|
|
179
|
-
</description>
|
|
159
|
+
<description>HAProxy - http://haproxy.1wt.eu/download/1.2/doc/architecture.txt</description>
|
|
180
160
|
<param pos="1" name="cookie"/>
|
|
181
161
|
<param pos="2" name="host.name"/>
|
|
182
162
|
<param pos="0" name="service.family" value="HAProxy"/>
|
|
@@ -185,7 +165,7 @@
|
|
|
185
165
|
<fingerprint pattern="^(AMWEBJCT!([^!]+)!([^=]+))=.*">
|
|
186
166
|
<description>IBM Tivoli Access Manager for e-business WebSEAL
|
|
187
167
|
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin180.htm
|
|
188
|
-
|
|
168
|
+
</description>
|
|
189
169
|
<param pos="1" name="cookie"/>
|
|
190
170
|
<param pos="2" name="junction.name"/>
|
|
191
171
|
<param pos="3" name="junction.cookie"/>
|
|
@@ -196,32 +176,27 @@
|
|
|
196
176
|
<fingerprint pattern="^(PD-S-SESSION-ID|PD-H-SESSION-ID|PD_STATEFUL_[^=]+)=.*">
|
|
197
177
|
<description>IBM Tivoli Access Manager for e-business WebSeal
|
|
198
178
|
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin117.htm
|
|
199
|
-
|
|
179
|
+
</description>
|
|
200
180
|
<param pos="1" name="cookie"/>
|
|
201
181
|
<param pos="0" name="service.vendor" value="IBM"/>
|
|
202
182
|
<param pos="0" name="service.family" value="Tivoli"/>
|
|
203
183
|
<param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
|
|
204
184
|
</fingerprint>
|
|
205
185
|
<fingerprint pattern="^(IBMCBR)=.*">
|
|
206
|
-
<description>IBM WebSphere Load Balancer
|
|
207
|
-
http://www-306.ibm.com/software/webservers/appserv/doc/v51/ec/infocenter/edge/LBguide.htm
|
|
208
|
-
</description>
|
|
186
|
+
<description>IBM WebSphere Load Balancer</description>
|
|
209
187
|
<param pos="1" name="cookie"/>
|
|
210
188
|
<param pos="0" name="service.vendor" value="IBM"/>
|
|
211
189
|
<param pos="0" name="service.family" value="WebSphere"/>
|
|
212
190
|
<param pos="0" name="service.product" value="WebSphere Load Balancer"/>
|
|
213
191
|
</fingerprint>
|
|
214
192
|
<fingerprint pattern="^(mbfcookie(?:\[lang\])?)=.*">
|
|
215
|
-
<description>Joom!Fish http://www.joomfish.net
|
|
216
|
-
</description>
|
|
193
|
+
<description>Joom!Fish http://www.joomfish.net/</description>
|
|
217
194
|
<param pos="1" name="cookie"/>
|
|
218
195
|
<param pos="0" name="service.family" value="Joom!Fish"/>
|
|
219
196
|
<param pos="0" name="service.product" value="Joom!Fish"/>
|
|
220
197
|
</fingerprint>
|
|
221
198
|
<fingerprint pattern="^(MSCSAuth|MSCSProfile)=.*">
|
|
222
|
-
<description>Microsoft Commerce Server
|
|
223
|
-
http://msdn2.microsoft.com/en-us/library/ms953828.aspx
|
|
224
|
-
</description>
|
|
199
|
+
<description>Microsoft Commerce Server - http://msdn2.microsoft.com/en-us/library/ms953828.aspx</description>
|
|
225
200
|
<param pos="1" name="cookie"/>
|
|
226
201
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
|
227
202
|
<param pos="0" name="service.family" value="Commerce Server"/>
|
|
@@ -231,9 +206,8 @@
|
|
|
231
206
|
<fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=.*">
|
|
232
207
|
<description>Microsoft IIS (ASP.NET)
|
|
233
208
|
http://msdn2.microsoft.com/en-us/library/ms953828.aspx
|
|
234
|
-
http://support.microsoft.com/kb/899918
|
|
235
209
|
http://msdn2.microsoft.com/en-us/library/91ka2e6a.aspx
|
|
236
|
-
|
|
210
|
+
</description>
|
|
237
211
|
<param pos="1" name="cookie"/>
|
|
238
212
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
|
239
213
|
<param pos="0" name="service.family" value="IIS"/>
|
|
@@ -266,7 +240,7 @@
|
|
|
266
240
|
<param pos="0" name="service.product" value="Webserver"/>
|
|
267
241
|
</fingerprint>
|
|
268
242
|
<fingerprint pattern="^(PHPSESSID|PHPSESSION)=.*">
|
|
269
|
-
<description>PHP http://www.php.net/ref.session</description>
|
|
243
|
+
<description>PHP - http://www.php.net/ref.session</description>
|
|
270
244
|
<param pos="1" name="cookie"/>
|
|
271
245
|
<param pos="0" name="service.vendor" value="PHP"/>
|
|
272
246
|
<param pos="0" name="service.family" value="PHP"/>
|
|
@@ -305,8 +279,7 @@
|
|
|
305
279
|
</fingerprint>
|
|
306
280
|
-->
|
|
307
281
|
<fingerprint pattern="^(NSES40Session)=.*">
|
|
308
|
-
<description>Netscape Enterprise Server (subsequently iPlanet Web Server,
|
|
309
|
-
Sun ONE Web Server, presently Sun Java System Web Server)</description>
|
|
282
|
+
<description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
|
|
310
283
|
<param pos="1" name="cookie"/>
|
|
311
284
|
<param pos="0" name="service.vendor" value="Sun"/>
|
|
312
285
|
<param pos="0" name="service.family" value="Java System Web Server"/>
|
|
@@ -315,8 +288,7 @@
|
|
|
315
288
|
<param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:4.0"/>
|
|
316
289
|
</fingerprint>
|
|
317
290
|
<fingerprint pattern="^(gx_session_id|JROUTE)=.*">
|
|
318
|
-
<description>Sun Java System Application Server (formerly iPlanet Application Server,
|
|
319
|
-
Sun ONE Application Server)</description>
|
|
291
|
+
<description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
|
|
320
292
|
<param pos="1" name="cookie"/>
|
|
321
293
|
<param pos="0" name="service.vendor" value="Sun"/>
|
|
322
294
|
<param pos="0" name="service.family" value="Java System Application Server"/>
|
|
@@ -338,9 +310,7 @@
|
|
|
338
310
|
<param pos="0" name="service.product" value="NetTracker"/>
|
|
339
311
|
</fingerprint>
|
|
340
312
|
<fingerprint pattern="^(__utm[a-z])=.*">
|
|
341
|
-
<description>Urchin Tracking Module
|
|
342
|
-
http://www.google.com/support/urchin45/bin/answer.py?answer=28307&topic=7425
|
|
343
|
-
</description>
|
|
313
|
+
<description>Urchin Tracking Module - http://www.google.com/support/urchin45/bin/answer.py?answer=28307&topic=7425</description>
|
|
344
314
|
<param pos="1" name="cookie"/>
|
|
345
315
|
<param pos="0" name="service.vendor" value="Google"/>
|
|
346
316
|
<param pos="0" name="service.family" value="Urchin"/>
|
|
@@ -374,9 +344,7 @@
|
|
|
374
344
|
<param pos="0" name="service.product" value="Zope"/>
|
|
375
345
|
</fingerprint>
|
|
376
346
|
<fingerprint pattern="^(portal)=([0-9]+\.[0-9]+\.[0-9]+).*">
|
|
377
|
-
<description>
|
|
378
|
-
http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_f.htm
|
|
379
|
-
</description>
|
|
347
|
+
<description>OracleAS Portal default cookie name - http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_f.htm</description>
|
|
380
348
|
<param pos="1" name="cookie"/>
|
|
381
349
|
<param pos="2" name="service.version"/>
|
|
382
350
|
<param pos="0" name="service.vendor" value="Oracle"/>
|