recog 2.3.0 → 2.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/recog/version.rb +1 -1
- data/spec/lib/fingerprint_self_test_spec.rb +17 -0
- data/xml/apache_os.xml +4 -4
- data/xml/ftp_banners.xml +37 -46
- data/xml/h323_callresp.xml +1 -1
- data/xml/http_cookies.xml +26 -58
- data/xml/http_servers.xml +65 -95
- data/xml/http_wwwauth.xml +6 -6
- data/xml/imap_banners.xml +12 -5
- data/xml/ldap_searchresult.xml +2 -2
- data/xml/mysql_banners.xml +3 -3
- data/xml/mysql_error.xml +0 -1
- data/xml/ntp_banners.xml +2 -2
- data/xml/operating_system.xml +0 -1
- data/xml/pop_banners.xml +5 -6
- data/xml/smb_native_os.xml +4 -4
- data/xml/smtp_banners.xml +13 -19
- data/xml/smtp_debug.xml +5 -13
- data/xml/smtp_ehlo.xml +2 -7
- data/xml/smtp_expn.xml +12 -24
- data/xml/smtp_help.xml +22 -62
- data/xml/smtp_noop.xml +5 -9
- data/xml/smtp_quit.xml +3 -7
- data/xml/smtp_rcptto.xml +3 -7
- data/xml/smtp_vrfy.xml +16 -35
- data/xml/snmp_sysdescr.xml +258 -278
- data/xml/snmp_sysobjid.xml +3 -3
- data/xml/ssh_banners.xml +8 -11
- data/xml/x509_subjects.xml +14 -17
- metadata +3 -3
data/xml/http_wwwauth.xml
CHANGED
|
@@ -26,7 +26,7 @@
|
|
|
26
26
|
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:ios:11"/>
|
|
27
27
|
</fingerprint>
|
|
28
28
|
<fingerprint pattern="^(?:Basic|Digest) realm=.level[ _]15[ _]or[ _]view[ _]access.$">
|
|
29
|
-
<description>Cisco IOS 12.x</description>
|
|
29
|
+
<description>Cisco IOS 12.x - view access variant</description>
|
|
30
30
|
<param pos="0" name="service.vendor" value="Cisco"/>
|
|
31
31
|
<param pos="0" name="service.product" value="IOS"/>
|
|
32
32
|
<param pos="0" name="service.family" value="IOS"/>
|
|
@@ -168,7 +168,7 @@
|
|
|
168
168
|
<param pos="0" name="hw.vendor" value="Ruijie"/>
|
|
169
169
|
</fingerprint>
|
|
170
170
|
<fingerprint pattern="^(?:Basic|Digest) realm=.SpeedTouch \(([0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2})\).$">
|
|
171
|
-
<description>Thomson SpeedTouch xDSL
|
|
171
|
+
<description>Thomson SpeedTouch xDSL router</description>
|
|
172
172
|
<param pos="0" name="service.vendor" value="Thomson"/>
|
|
173
173
|
<param pos="0" name="service.product" value="SpeedTouch"/>
|
|
174
174
|
<param pos="0" name="service.family" value="SpeedTouch"/>
|
|
@@ -179,7 +179,7 @@
|
|
|
179
179
|
<param pos="1" name="host.mac"/>
|
|
180
180
|
</fingerprint>
|
|
181
181
|
<fingerprint pattern="^(?:Basic|Digest) realm=.SpeedTouch., nonce=.[0-9A-Z]+:([0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}):\d+:\d+., qop=.auth.$">
|
|
182
|
-
<description>Thomson SpeedTouch xDSL
|
|
182
|
+
<description>Thomson SpeedTouch xDSL router - qop variant</description>
|
|
183
183
|
<param pos="0" name="service.vendor" value="Thomson"/>
|
|
184
184
|
<param pos="0" name="service.product" value="SpeedTouch"/>
|
|
185
185
|
<param pos="0" name="service.family" value="SpeedTouch"/>
|
|
@@ -190,7 +190,7 @@
|
|
|
190
190
|
<param pos="1" name="host.mac"/>
|
|
191
191
|
</fingerprint>
|
|
192
192
|
<fingerprint pattern="^(?:Basic|Digest) realm=.ST (\d+) R 5.x Telecom Italia., nonce=.[0-9A-Z]+:([0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}):\d+:\d+., qop=.auth.$">
|
|
193
|
-
<description>Thomson SpeedTouch xDSL
|
|
193
|
+
<description>Thomson SpeedTouch xDSL router - Telecom Italia</description>
|
|
194
194
|
<param pos="0" name="service.vendor" value="Thomson"/>
|
|
195
195
|
<param pos="0" name="service.product" value="SpeedTouch"/>
|
|
196
196
|
<param pos="0" name="service.family" value="SpeedTouch"/>
|
|
@@ -240,7 +240,7 @@
|
|
|
240
240
|
<param pos="0" name="os.product" value="WRT54G"/>
|
|
241
241
|
</fingerprint>
|
|
242
242
|
<fingerprint pattern="^(?:Basic|Digest) realm=.(TD-[VW8][A-Z0-9]+)(?:| \d+\.\d+).$">
|
|
243
|
-
<description>TP-LINK SoHo Router</description>
|
|
243
|
+
<description>TP-LINK SoHo Router - dash variant</description>
|
|
244
244
|
<example>Basic realm="TD-W8901G"</example>
|
|
245
245
|
<example>Basic realm="TD-8840T 2.0"</example>
|
|
246
246
|
<example>Basic realm="TD-8811"</example>
|
|
@@ -259,7 +259,7 @@
|
|
|
259
259
|
<param pos="1" name="os.product"/>
|
|
260
260
|
</fingerprint>
|
|
261
261
|
<fingerprint pattern="^(?:Basic|Digest) realm=.TP-LINK.*(?:Access Point|Extender|AP) ([A-Z0-9\-\+]+).*$">
|
|
262
|
-
<description>TP-LINK SoHo Router</description>
|
|
262
|
+
<description>TP-LINK SoHo Router - verbose variant</description>
|
|
263
263
|
<example>Basic realm="TP-LINK Wireless N Access Point WA801N"</example>
|
|
264
264
|
<example>Basic realm="TP-LINK Wireless Range Extender WA830RE"</example>
|
|
265
265
|
<example>Basic realm="TP-LINK Wireless Range Extender WA850RE"</example>
|
data/xml/imap_banners.xml
CHANGED
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
<!-- IMAP banners are matched against these patterns to fingerprint IMAP servers. -->
|
|
4
4
|
<fingerprint pattern="^Microsoft Exchange IMAP4rev1 server version (5\.5\.\d{4}\.\d+) \((.*)\) ready$">
|
|
5
5
|
<description>Microsoft Exchange Server 5.5</description>
|
|
6
|
+
<example service.version="5.5.2448.8" host.name="foo.bar">Microsoft Exchange IMAP4rev1 server version 5.5.2448.8 (foo.bar) ready</example>
|
|
6
7
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
|
7
8
|
<param pos="0" name="service.family" value="Exchange Server"/>
|
|
8
9
|
<param pos="0" name="service.product" value="Exchange Server 5.5"/>
|
|
@@ -16,6 +17,7 @@
|
|
|
16
17
|
</fingerprint>
|
|
17
18
|
<fingerprint pattern="^Microsoft Exchange 2000 IMAP4rev1 server version (6\.0\.\d{4}\.\d+) \((.*)\) ready\.$">
|
|
18
19
|
<description>Microsoft Exchange Server 2000</description>
|
|
20
|
+
<example service.version="6.0.6249.0" host.name="foo.bar">Microsoft Exchange 2000 IMAP4rev1 server version 6.0.6249.0 (foo.bar) ready.</example>
|
|
19
21
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
|
20
22
|
<param pos="0" name="service.family" value="Exchange Server"/>
|
|
21
23
|
<param pos="0" name="service.product" value="Exchange 2000 Server"/>
|
|
@@ -29,6 +31,7 @@
|
|
|
29
31
|
</fingerprint>
|
|
30
32
|
<fingerprint pattern="^Microsoft Exchange Server 2003 IMAP4rev1 server version (6\.5\.\d{4}\.\d+) \((.*)\) ready\.$">
|
|
31
33
|
<description>Microsoft Exchange Server 2003</description>
|
|
34
|
+
<example service.version="6.5.7638.1" host.name="foo.bar">Microsoft Exchange Server 2003 IMAP4rev1 server version 6.5.7638.1 (foo.bar) ready.</example>
|
|
32
35
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
|
33
36
|
<param pos="0" name="service.family" value="Exchange Server"/>
|
|
34
37
|
<param pos="0" name="service.product" value="Exchange 2003 Server"/>
|
|
@@ -42,6 +45,7 @@
|
|
|
42
45
|
</fingerprint>
|
|
43
46
|
<fingerprint pattern="^Der Microsoft Exchange Server 2003 IMAP4rev1-Server, Version (6\.5\.\d{4}\.\d+) \((.*)\),.*$">
|
|
44
47
|
<description>Microsoft Exchange Server 2003, German</description>
|
|
48
|
+
<example service.version="6.5.7638.1" host.name="foo.bar">Der Microsoft Exchange Server 2003 IMAP4rev1-Server, Version 6.5.7638.1 (foo.bar), steht zur Verfgung.</example>
|
|
45
49
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
|
46
50
|
<param pos="0" name="service.family" value="Exchange Server"/>
|
|
47
51
|
<param pos="0" name="service.product" value="Exchange 2003 Server"/>
|
|
@@ -55,6 +59,7 @@
|
|
|
55
59
|
</fingerprint>
|
|
56
60
|
<fingerprint pattern="^Microsoft Exchange Server 2007 IMAP4 service ready$">
|
|
57
61
|
<description>Microsoft Exchange Server 2007</description>
|
|
62
|
+
<example>Microsoft Exchange Server 2007 IMAP4 service ready</example>
|
|
58
63
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
|
59
64
|
<param pos="0" name="service.family" value="Exchange Server"/>
|
|
60
65
|
<param pos="0" name="service.product" value="Exchange 2007 Server"/>
|
|
@@ -78,6 +83,7 @@
|
|
|
78
83
|
</fingerprint>
|
|
79
84
|
<fingerprint pattern="^Domino IMAP4 Server Release (\d+\.\d+.*) ready (.+)$">
|
|
80
85
|
<description>IBM Lotus Notes/Domino</description>
|
|
86
|
+
<example service.version="9.0.1FP9" host.time="Thu, 4 Apr 2019 20:19:31 +0200">Domino IMAP4 Server Release 9.0.1FP9 ready Thu, 4 Apr 2019 20:19:31 +0200</example>
|
|
81
87
|
<param pos="0" name="service.vendor" value="IBM"/>
|
|
82
88
|
<param pos="0" name="service.family" value="Lotus Domino"/>
|
|
83
89
|
<param pos="0" name="service.product" value="Lotus Domino"/>
|
|
@@ -86,7 +92,7 @@
|
|
|
86
92
|
<param pos="2" name="host.time"/>
|
|
87
93
|
</fingerprint>
|
|
88
94
|
<fingerprint pattern="^Domino IMAP4 Server V\.?(\d+\.\d+.*) ready (.+)$">
|
|
89
|
-
<description>IBM Lotus Notes/Domino</description>
|
|
95
|
+
<description>IBM Lotus Notes/Domino - variant 2</description>
|
|
90
96
|
<param pos="0" name="service.vendor" value="IBM"/>
|
|
91
97
|
<param pos="0" name="service.family" value="Lotus Domino"/>
|
|
92
98
|
<param pos="0" name="service.product" value="Lotus Domino"/>
|
|
@@ -96,6 +102,8 @@
|
|
|
96
102
|
</fingerprint>
|
|
97
103
|
<fingerprint pattern="^[dD]ovecot (?:DA )?ready\.$">
|
|
98
104
|
<description>Dovecot Secure IMAP Server</description>
|
|
105
|
+
<example>Dovecot ready.</example>
|
|
106
|
+
<example>Dovecot DA ready.</example>
|
|
99
107
|
<param pos="0" name="service.family" value="Dovecot"/>
|
|
100
108
|
<param pos="0" name="service.product" value="Dovecot"/>
|
|
101
109
|
</fingerprint>
|
|
@@ -118,16 +126,15 @@
|
|
|
118
126
|
</fingerprint>
|
|
119
127
|
<fingerprint pattern="^(\S+) Zimbra IMAP4rev1 server ready\.?$">
|
|
120
128
|
<description>VMware Zimbra IMAP</description>
|
|
121
|
-
<example>
|
|
122
|
-
<example>dogfood.zimbra.com Zimbra IMAP4rev1 server ready</example>
|
|
129
|
+
<example host.name="foo.bar">foo.bar Zimbra IMAP4rev1 server ready</example>
|
|
123
130
|
<param pos="0" name="service.vendor" value="VMware"/>
|
|
124
131
|
<param pos="0" name="service.product" value="Zimbra"/>
|
|
125
132
|
<param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:-"/>
|
|
126
133
|
<param pos="1" name="host.name"/>
|
|
127
134
|
</fingerprint>
|
|
128
135
|
<fingerprint pattern="^(\S+) Zimbra (\S+) IMAP4rev1 server ready\.?$">
|
|
129
|
-
<description>VMware Zimbra IMAP</description>
|
|
130
|
-
<example>
|
|
136
|
+
<description>VMware Zimbra IMAP with service version</description>
|
|
137
|
+
<example host.name="foo.bar" service.version="7.0.0_GA_3079">foo.bar Zimbra 7.0.0_GA_3079 IMAP4rev1 server ready</example>
|
|
131
138
|
<param pos="0" name="service.vendor" value="VMware"/>
|
|
132
139
|
<param pos="0" name="service.product" value="Zimbra"/>
|
|
133
140
|
<param pos="2" name="service.version"/>
|
data/xml/ldap_searchresult.xml
CHANGED
|
@@ -404,7 +404,7 @@
|
|
|
404
404
|
<param pos="1" name="service.version"/>
|
|
405
405
|
</fingerprint>
|
|
406
406
|
<fingerprint pattern="(?im:IBM Lotus Software0.\x04\rvendorversion1.\x04.Release (\d+\.\d+[\w .]*)0.\x04.dominomajminversion)">
|
|
407
|
-
<description>IBM (Lotus) Domino LDAP Server</description>
|
|
407
|
+
<description>IBM (Lotus) Domino LDAP Server - majminversion variant</description>
|
|
408
408
|
<example service.version="8.5.3" _encoding="base64">
|
|
409
409
|
SUJNIExvdHVzIFNvZnR3YXJlMCAEDXZlbmRvcnZlcnNpb24xDwQNUmVsZWFzZSA4LjUuMzAeB
|
|
410
410
|
BNkb21pbm9tYWptaW52ZXJzaW9uMQcE
|
|
@@ -428,7 +428,7 @@
|
|
|
428
428
|
<param pos="1" name="service.version"/>
|
|
429
429
|
</fingerprint>
|
|
430
430
|
<fingerprint pattern="(?im:IBM Lotus Software0.\x04\rvendorversion1.\x04.Build (V[\w .]*)0.\x04.dominomajminversion)">
|
|
431
|
-
<description>IBM (Lotus) Domino LDAP Server</description>
|
|
431
|
+
<description>IBM (Lotus) Domino LDAP Server - build variant</description>
|
|
432
432
|
<example service.version="V902_12302013" _encoding="base64">
|
|
433
433
|
SUJNIExvdHVzIFNvZnR3YXJlMCYEDXZlbmRvcnZlcnNpb24xFQQTQnVpbGQgVjkwMl8xMjMwM
|
|
434
434
|
jAxMzAeBBNkb21pbm9tYWptaW52ZXJzaW9uMQcE
|
data/xml/mysql_banners.xml
CHANGED
|
@@ -144,7 +144,7 @@
|
|
|
144
144
|
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:{os.version}"/>
|
|
145
145
|
</fingerprint>
|
|
146
146
|
<fingerprint pattern="^(\d{1,2}\.\d{1,3}\.\d{1,2})-(?:Debian_)?\dubuntu(\d{1,2}\.\d\d)[.\d]*(?:-log)?$">
|
|
147
|
-
<description>Oracle MySQL on Ubuntu</description>
|
|
147
|
+
<description>Oracle MySQL on Ubuntu - Debian string variant</description>
|
|
148
148
|
<example service.version="5.0.22" os.version="6.06">5.0.22-Debian_0ubuntu6.06.14-log</example>
|
|
149
149
|
<example service.version="5.1.41" os.version="12.10">5.1.41-3ubuntu12.10</example>
|
|
150
150
|
<param pos="1" name="service.version"/>
|
|
@@ -458,7 +458,7 @@
|
|
|
458
458
|
<param pos="0" name="os.family" value="Windows"/>
|
|
459
459
|
</fingerprint>
|
|
460
460
|
<fingerprint pattern="^(\d{1,2}\.\d{1,3}\.[a-f\d]{1,3})(?:-rc)?-enterprise" flags="REG_ICASE">
|
|
461
|
-
<description>Oracle MySQL Enterprise Edition</description>
|
|
461
|
+
<description>Oracle MySQL Enterprise Edition - variant 1</description>
|
|
462
462
|
<example service.version="5.1.26">5.1.26-rc-enterprise-gpl-log</example>
|
|
463
463
|
<example service.version="5.5.27">5.5.27-enterprise-commercial-advanced-log</example>
|
|
464
464
|
<param pos="1" name="service.version"/>
|
|
@@ -469,7 +469,7 @@
|
|
|
469
469
|
<param pos="0" name="service.cpe23" value="cpe:/a:oracle:mysql:{service.version}"/>
|
|
470
470
|
</fingerprint>
|
|
471
471
|
<fingerprint pattern="^(\d{1,2}\.\d{1,3}\.[a-f\d]{1,3}-ndb-\d\.\d{1,2}\.[a-f\d]{1,3})" flags="REG_ICASE">
|
|
472
|
-
<description>Oracle MySQL Cluster Edition</description>
|
|
472
|
+
<description>Oracle MySQL Cluster Edition - nbd variant</description>
|
|
473
473
|
<example service.version="5.1.30-ndb-6.3.20">5.1.30-ndb-6.3.20-cluster-gpl-log</example>
|
|
474
474
|
<example service.version="5.5.20-ndb-7.2.5">5.5.20-ndb-7.2.5-gpl</example>
|
|
475
475
|
<param pos="1" name="service.version"/>
|
data/xml/mysql_error.xml
CHANGED
|
@@ -52,7 +52,6 @@
|
|
|
52
52
|
<fingerprint pattern="^^(?:#HY000)?Host '[^']+' is not allowed to connect to this MySQL server$$">
|
|
53
53
|
<description>Oracle MySQL error ER_HOST_NOT_PRIVILEGED (eng)</description>
|
|
54
54
|
<example>Host '10.10.10.10' is not allowed to connect to this MySQL server</example>
|
|
55
|
-
<example>Host '10.10.10.10' is not allowed to connect to this MySQL server</example>
|
|
56
55
|
<example>#HY000Host '10.10.10.10' is not allowed to connect to this MySQL server</example>
|
|
57
56
|
<param pos="0" name="service.vendor" value="Oracle"/>
|
|
58
57
|
<param pos="0" name="service.family" value="MySQL"/>
|
data/xml/ntp_banners.xml
CHANGED
|
@@ -380,7 +380,7 @@
|
|
|
380
380
|
<param pos="0" name="os.cpe23" value="cpe:/o:netbsd:netbsd:{os.version}"/>
|
|
381
381
|
</fingerprint>
|
|
382
382
|
<fingerprint pattern="^.*processor="([^ ]+)",.*system="NetBSD/?([^ ]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
383
|
-
<description>ntpd running on NetBSD</description>
|
|
383
|
+
<description>ntpd running on NetBSD - variant 2</description>
|
|
384
384
|
<example os.arch="i386" os.version="1.5.3">
|
|
385
385
|
processor="i386", system="NetBSD1.5.3"
|
|
386
386
|
</example>
|
|
@@ -1034,7 +1034,7 @@
|
|
|
1034
1034
|
<param pos="1" name="os.product"/>
|
|
1035
1035
|
</fingerprint>
|
|
1036
1036
|
<fingerprint pattern="^.*processor="([^"]+)", system="SCO_SV([\d\.]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
|
1037
|
-
<description>SCO Unixware NTP</description>
|
|
1037
|
+
<description>SCO Unixware NTP - SCO_SV variant</description>
|
|
1038
1038
|
<example os.version="3.2" os.arch="i386">
|
|
1039
1039
|
processor="i386", system="SCO_SV3.2", leap=0, stratum=2, precision=-18
|
|
1040
1040
|
</example>
|
data/xml/operating_system.xml
CHANGED
|
@@ -17,7 +17,6 @@
|
|
|
17
17
|
<example os.product="Windows Server 2008" os.edition="Enterprise" os.version="Service Pack 2">Windows Server 2008 Enterprise without Hyper-V Service Pack 2</example>
|
|
18
18
|
<example os.product="Windows Server 2008" os.edition="Enterprise" os.version="SP1">Windows Server 2008 Enterprise with Hyper-V SP1</example>
|
|
19
19
|
<example os.product="Windows Server 2012 R2" os.edition="Foundation">Windows Server 2012 R2 Foundation Edition</example>
|
|
20
|
-
<example os.product="Windows Storage Server 2012 R2">Windows Storage Server 2012 R2</example>
|
|
21
20
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
22
21
|
<param pos="0" name="os.family" value="Windows"/>
|
|
23
22
|
<param pos="1" name="os.product"/>
|
data/xml/pop_banners.xml
CHANGED
|
@@ -37,8 +37,8 @@
|
|
|
37
37
|
<param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:-"/>
|
|
38
38
|
</fingerprint>
|
|
39
39
|
<fingerprint pattern="^Lotus Notes POP3 server version Release ([^ ]+) ready on .*$">
|
|
40
|
-
<description>IBM Lotus Notes/Domino</description>
|
|
41
|
-
<example>Lotus Notes POP3 server version Release 8.5.1FP5 ready on foo/US.</example>
|
|
40
|
+
<description>IBM Lotus Notes/Domino - Release variant</description>
|
|
41
|
+
<example service.version="8.5.1FP5">Lotus Notes POP3 server version Release 8.5.1FP5 ready on foo/US.</example>
|
|
42
42
|
<param pos="0" name="service.vendor" value="IBM"/>
|
|
43
43
|
<param pos="0" name="service.family" value="Lotus Domino"/>
|
|
44
44
|
<param pos="0" name="service.product" value="Lotus Domino"/>
|
|
@@ -171,16 +171,15 @@
|
|
|
171
171
|
</fingerprint>
|
|
172
172
|
<fingerprint pattern="^(\S+) Zimbra POP3 server ready\.?$">
|
|
173
173
|
<description>VMware Zimbra POP</description>
|
|
174
|
-
<example>
|
|
175
|
-
<example>dogfood.example.com Zimbra POP3 server ready</example>
|
|
174
|
+
<example host.name="foo.bar">foo.bar Zimbra POP3 server ready</example>
|
|
176
175
|
<param pos="0" name="service.vendor" value="VMware"/>
|
|
177
176
|
<param pos="0" name="service.product" value="Zimbra"/>
|
|
178
177
|
<param pos="0" name="service.cpe23" value="cpe:/a:vmware:zimbra_desktop:-"/>
|
|
179
178
|
<param pos="1" name="host.name"/>
|
|
180
179
|
</fingerprint>
|
|
181
180
|
<fingerprint pattern="^(\S+) Zimbra (\S+) POP3 server ready\.?$">
|
|
182
|
-
<description>VMware Zimbra POP</description>
|
|
183
|
-
<example>
|
|
181
|
+
<description>VMware Zimbra POP with version</description>
|
|
182
|
+
<example host.name="foo.bar">foo.bar Zimbra 7.0.0_GA_3079 POP3 server ready</example>
|
|
184
183
|
<param pos="0" name="service.vendor" value="VMware"/>
|
|
185
184
|
<param pos="0" name="service.product" value="Zimbra"/>
|
|
186
185
|
<param pos="2" name="service.version"/>
|
data/xml/smb_native_os.xml
CHANGED
|
@@ -35,7 +35,7 @@
|
|
|
35
35
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:-"/>
|
|
36
36
|
</fingerprint>
|
|
37
37
|
<fingerprint pattern="^Windows XP (\d+) (Service Pack \d+)$">
|
|
38
|
-
<description>Windows XP</description>
|
|
38
|
+
<description>Windows XP with Service Pack</description>
|
|
39
39
|
<example os.build="2600" os.version="Service Pack 1">Windows XP 2600 Service Pack 1</example>
|
|
40
40
|
<param pos="0" name="os.certainty" value="1.0"/>
|
|
41
41
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
@@ -45,7 +45,7 @@
|
|
|
45
45
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:{os.version}"/>
|
|
46
46
|
</fingerprint>
|
|
47
47
|
<fingerprint pattern="^Windows XP (\d+)$">
|
|
48
|
-
<description>Windows XP</description>
|
|
48
|
+
<description>Windows XP with build number</description>
|
|
49
49
|
<example os.build="2600">Windows XP 2600</example>
|
|
50
50
|
<param pos="0" name="os.certainty" value="1.0"/>
|
|
51
51
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
@@ -205,7 +205,7 @@
|
|
|
205
205
|
</fingerprint>
|
|
206
206
|
<!-- 2008 R2 -->
|
|
207
207
|
<fingerprint pattern="^Windows Server 2008 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)(?:, v\.\d+)?$">
|
|
208
|
-
<description>Windows Server 2008</description>
|
|
208
|
+
<description>Windows Server 2008 R2</description>
|
|
209
209
|
<example>Windows Server 2008 R2 Enterprise 7601 Service Pack 1</example>
|
|
210
210
|
<example>Windows Server 2008 R2 Standard 7601 Service Pack 1</example>
|
|
211
211
|
<param pos="0" name="os.certainty" value="1.0"/>
|
|
@@ -217,7 +217,7 @@
|
|
|
217
217
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
|
|
218
218
|
</fingerprint>
|
|
219
219
|
<fingerprint pattern="^Windows Server 2008 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
|
|
220
|
-
<description>Windows Server 2008 R2</description>
|
|
220
|
+
<description>Windows Server 2008 R2 without Service Pack</description>
|
|
221
221
|
<example os.edition="Enterprise">Windows Server 2008 R2 Enterprise 7600</example>
|
|
222
222
|
<example os.edition="Standard">Windows Server 2008 R2 Standard 7600</example>
|
|
223
223
|
<example os.edition="Datacenter">Windows Server 2008 R2 Datacenter 7600</example>
|
data/xml/smtp_banners.xml
CHANGED
|
@@ -141,17 +141,18 @@
|
|
|
141
141
|
<param pos="0" name="service.product" value="CCProxy"/>
|
|
142
142
|
<param pos="1" name="service.version"/>
|
|
143
143
|
</fingerprint>
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
Cisco PIX firewall: PIX sits between an internal SMTP server and the rest of the world.
|
|
144
|
+
<!--
|
|
145
|
+
Cisco PIX sits between an internal SMTP server and the rest of the world.
|
|
147
146
|
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
147
|
+
Its MailGuard feature strips all information out of the 220 header except for the ' ' (space), '2' (digit two),
|
|
148
|
+
and '0' (digit zero) characters, replacing them with asterisks. While this effectively
|
|
149
|
+
hides the back-end SMTP server, it does tell us that they are running Cisco PIX firewall
|
|
150
|
+
(at least for SMTP, and possibly other services as well).
|
|
152
151
|
|
|
153
|
-
|
|
154
|
-
|
|
152
|
+
Search Cisco's documentation for "fixup protocol SMTP" for more information.
|
|
153
|
+
-->
|
|
154
|
+
<fingerprint pattern="^[\*20 ]+$">
|
|
155
|
+
<description>Cisco PIX firewall MailGuard banner stripping</description>
|
|
155
156
|
<example os.product="PIX">***************************</example>
|
|
156
157
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
|
157
158
|
<param pos="0" name="os.family" value="PIX"/>
|
|
@@ -159,10 +160,7 @@
|
|
|
159
160
|
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:pix_firewall_software:-"/>
|
|
160
161
|
</fingerprint>
|
|
161
162
|
<fingerprint pattern="^([^ ]+) +ESMTP CPMTA-([^ ]+)_([^ ]+)_([^ ]+)_([^ ]+) - NO UCE *$">
|
|
162
|
-
<description>Critical Path (aka InScribe) Messaging Server
|
|
163
|
-
http://www.cp.net/products/inscr_messagingserv_overview.html
|
|
164
|
-
Runs on Windows NT4/2k, Solaris 2.6, 2.7, and 2.8 Sparc/Intel, SGI IRIX 6.5.3 or later, and AIX
|
|
165
|
-
</description>
|
|
163
|
+
<description>Critical Path (aka InScribe) Messaging Server on Windows NT4/2k, Solaris 2.6/2.7/2.8 Sparc/Intel, SGI IRIX 6.5.3 or later, or AIX </description>
|
|
166
164
|
<param pos="0" name="service.vendor" value="Critical Path"/>
|
|
167
165
|
<param pos="0" name="service.family" value="Messaging Server"/>
|
|
168
166
|
<param pos="0" name="service.product" value="Messaging Server"/>
|
|
@@ -370,11 +368,7 @@
|
|
|
370
368
|
<param pos="1" name="host.name"/>
|
|
371
369
|
</fingerprint>
|
|
372
370
|
<fingerprint pattern="^([^ ]+) +SMTP/smap Ready\.$">
|
|
373
|
-
<description>TIS FWTK and derivatives
|
|
374
|
-
http://www.tis.com/research/software/
|
|
375
|
-
This fingerprint may be ambiguous because other firewalls (like
|
|
376
|
-
Gauntlet) are derived from TIS
|
|
377
|
-
</description>
|
|
371
|
+
<description>TIS FWTK and derivatives (other firewalls, like Gauntlet, are derived from TIS)</description>
|
|
378
372
|
<example host.name="foo.bar">foo.bar SMTP/smap Ready.</example>
|
|
379
373
|
<param pos="0" name="service.vendor" value="TIS"/>
|
|
380
374
|
<param pos="0" name="service.family" value="FWTK"/>
|
|
@@ -1255,7 +1249,7 @@
|
|
|
1255
1249
|
</fingerprint>
|
|
1256
1250
|
<fingerprint pattern="^([^ ]+) ESMTP MetaInfo Sendmail ([^ ]+) Build ([^ ]+) \(Berkeley ([^ ]+)\)/([^;]+); (.+)$">
|
|
1257
1251
|
<description>Sendmail - MetaInfo</description>
|
|
1258
|
-
<example>foo.bar ESMTP MetaInfo Sendmail 2.5 Build 2630 (Berkeley 8.8.6)/8.8.4; Mon, 30 Jul</example>
|
|
1252
|
+
<example host.name="foo.bar" service.version="8.8.6">foo.bar ESMTP MetaInfo Sendmail 2.5 Build 2630 (Berkeley 8.8.6)/8.8.4; Mon, 30 Jul</example>
|
|
1259
1253
|
<param pos="0" name="service.vendor" value="MetaInfo"/>
|
|
1260
1254
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1261
1255
|
<param pos="0" name="service.product" value="Sendmail"/>
|
data/xml/smtp_debug.xml
CHANGED
|
@@ -10,30 +10,22 @@
|
|
|
10
10
|
of SMTP related fingerprint databases as described in 'smtp_banners.xml'.
|
|
11
11
|
-->
|
|
12
12
|
<fingerprint pattern="^500 No way!$">
|
|
13
|
-
<description>
|
|
14
|
-
|
|
15
|
-
example: 500 No way!
|
|
16
|
-
</description>
|
|
13
|
+
<description>Exim</description>
|
|
14
|
+
<example>500 No way!</example>
|
|
17
15
|
<param pos="0" name="service.vendor" value="exim"/>
|
|
18
16
|
<param pos="0" name="service.family" value="exim"/>
|
|
19
17
|
<param pos="0" name="service.product" value="exim"/>
|
|
20
18
|
<param pos="0" name="service.cpe23" value="cpe:/a:exim:exim:-"/>
|
|
21
19
|
</fingerprint>
|
|
22
20
|
<fingerprint pattern="^250[ -] *Debug set -NOT!$">
|
|
23
|
-
<description>
|
|
24
|
-
TIS FWTK and derivatives
|
|
25
|
-
http://www.tis.com/research/software/
|
|
26
|
-
This fingerprint may be ambiguous because other firewalls (like
|
|
27
|
-
Gauntlet) are derived from TIS
|
|
28
|
-
</description>
|
|
21
|
+
<description>TIS FWTK and derivatives (other firewalls, like Gauntlet, are derived from TIS)</description>
|
|
29
22
|
<param pos="0" name="service.vendor" value="TIS"/>
|
|
30
23
|
<param pos="0" name="service.family" value="FWTK"/>
|
|
31
24
|
<param pos="0" name="service.product" value="FWTK"/>
|
|
32
25
|
</fingerprint>
|
|
33
26
|
<fingerprint pattern="^500[ -]What\? I don't understand that\.$">
|
|
34
|
-
<description>
|
|
35
|
-
|
|
36
|
-
</description>
|
|
27
|
+
<description>Alt-N MDaemon SMTP</description>
|
|
28
|
+
<example>500 What? I don't understand that.</example>
|
|
37
29
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
38
30
|
<param pos="0" name="service.family" value="MDaemon"/>
|
|
39
31
|
<param pos="0" name="service.product" value="MDaemon"/>
|
data/xml/smtp_ehlo.xml
CHANGED
|
@@ -10,10 +10,7 @@
|
|
|
10
10
|
of SMTP related fingerprint databases as described in 'smtp_banners.xml'.
|
|
11
11
|
-->
|
|
12
12
|
<fingerprint pattern="^500[ -]Syntax error, command "XXXX" unrecognized$">
|
|
13
|
-
<description>
|
|
14
|
-
Cisco PIX changes the command letters to 'X' before passing
|
|
15
|
-
them to the real SMTP server.
|
|
16
|
-
</description>
|
|
13
|
+
<description>Cisco PIX - changes the command letters to 'X' before passing them to the real SMTP server</description>
|
|
17
14
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
|
18
15
|
<param pos="0" name="os.family" value="PIX"/>
|
|
19
16
|
<param pos="0" name="os.product" value="PIX"/>
|
|
@@ -38,9 +35,7 @@
|
|
|
38
35
|
</fingerprint>
|
|
39
36
|
-->
|
|
40
37
|
<fingerprint pattern="^221[ -]See ya in cyberspace$">
|
|
41
|
-
<description>
|
|
42
|
-
221 See ya in cyberspace
|
|
43
|
-
</description>
|
|
38
|
+
<description>221 See ya in cyberspace</description>
|
|
44
39
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
45
40
|
<param pos="0" name="service.family" value="MDaemon"/>
|
|
46
41
|
<param pos="0" name="service.product" value="MDaemon"/>
|
data/xml/smtp_expn.xml
CHANGED
|
@@ -10,30 +10,23 @@
|
|
|
10
10
|
of SMTP related fingerprint databases as described in 'smtp_banners.xml'.
|
|
11
11
|
-->
|
|
12
12
|
<fingerprint pattern="^500[ -]Syntax error, command "XXXX.*" unrecognized$">
|
|
13
|
-
<description>
|
|
14
|
-
Cisco PIX changes the command letters to 'X' before passing
|
|
15
|
-
them to the real SMTP server.
|
|
16
|
-
</description>
|
|
13
|
+
<description>Cisco PIX - changes the command letters to 'X' before passing them to the real SMTP server - expn variant</description>
|
|
17
14
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
|
18
15
|
<param pos="0" name="os.family" value="PIX"/>
|
|
19
16
|
<param pos="0" name="os.product" value="PIX"/>
|
|
20
17
|
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:pix_firewall_software:-"/>
|
|
21
18
|
</fingerprint>
|
|
22
19
|
<fingerprint pattern="^550[ -]EXPN not available to \(.+\) \[.+\] *$">
|
|
23
|
-
<description>
|
|
24
|
-
|
|
25
|
-
example: 550 EXPN not available to (foo.bar.com) [192.168.0.1]
|
|
26
|
-
</description>
|
|
20
|
+
<description>Exim - expn variant 1</description>
|
|
21
|
+
<example>550 EXPN not available to (foo.bar.com) [192.168.0.1]</example>
|
|
27
22
|
<param pos="0" name="service.vendor" value="exim"/>
|
|
28
23
|
<param pos="0" name="service.family" value="exim"/>
|
|
29
24
|
<param pos="0" name="service.product" value="exim"/>
|
|
30
25
|
<param pos="0" name="service.cpe23" value="cpe:/a:exim:exim:-"/>
|
|
31
26
|
</fingerprint>
|
|
32
27
|
<fingerprint pattern="^550[ -]EXPN not available to [^ ]+ \(.+\) \[.+\] *$">
|
|
33
|
-
<description>
|
|
34
|
-
|
|
35
|
-
example: 550 EXPN not available to evil.com (foo.bar.com) [192.168.0.1]
|
|
36
|
-
</description>
|
|
28
|
+
<description>Exim - expn variant 2</description>
|
|
29
|
+
<example>550 EXPN not available to evil.com (foo.bar.com) [192.168.0.1]</example>
|
|
37
30
|
<param pos="0" name="service.vendor" value="exim"/>
|
|
38
31
|
<param pos="0" name="service.family" value="exim"/>
|
|
39
32
|
<param pos="0" name="service.product" value="exim"/>
|
|
@@ -53,18 +46,16 @@
|
|
|
53
46
|
<param pos="0" name="service.product" value="VM"/>
|
|
54
47
|
</fingerprint>
|
|
55
48
|
<fingerprint pattern="^550[ -]lists are confidential *$">
|
|
56
|
-
<description>
|
|
57
|
-
|
|
58
|
-
</description>
|
|
49
|
+
<description>Ipswitch IMail Server - expn variant</description>
|
|
50
|
+
<example>550 lists are confidential</example>
|
|
59
51
|
<param pos="0" name="service.vendor" value="Ipswitch"/>
|
|
60
52
|
<param pos="0" name="service.family" value="IMail Server"/>
|
|
61
53
|
<param pos="0" name="service.product" value="IMail Server"/>
|
|
62
54
|
<param pos="0" name="service.cpe23" value="cpe:/a:ipswitch:imail_server:-"/>
|
|
63
55
|
</fingerprint>
|
|
64
56
|
<fingerprint pattern="^502[ -]command is not active$">
|
|
65
|
-
<description>
|
|
66
|
-
|
|
67
|
-
</description>
|
|
57
|
+
<description>Alt-N MDaemon - expn variant</description>
|
|
58
|
+
<example>502 command is not active</example>
|
|
68
59
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
69
60
|
<param pos="0" name="service.family" value="MDaemon"/>
|
|
70
61
|
<param pos="0" name="service.product" value="MDaemon"/>
|
|
@@ -76,17 +67,14 @@
|
|
|
76
67
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
|
77
68
|
</fingerprint>
|
|
78
69
|
<fingerprint pattern="^252 Unable to EXPN ".*", but will accept message and attempt delivery *$">
|
|
79
|
-
<description>
|
|
80
|
-
Lotus Domino
|
|
81
|
-
</description>
|
|
70
|
+
<description>Lotus Domino</description>
|
|
82
71
|
<param pos="0" name="service.vendor" value="Lotus"/>
|
|
83
72
|
<param pos="0" name="service.family" value="Lotus Domino"/>
|
|
84
73
|
<param pos="0" name="service.product" value="Lotus Domino"/>
|
|
85
74
|
</fingerprint>
|
|
86
75
|
<fingerprint pattern="^550[ -]Unable to find list '.*'\.$">
|
|
87
|
-
<description>
|
|
88
|
-
|
|
89
|
-
</description>
|
|
76
|
+
<description>Seattle Labs SLMail</description>
|
|
77
|
+
<example>550 Unable to find list 'list'.</example>
|
|
90
78
|
<param pos="0" name="service.vendor" value="Seattle Labs"/>
|
|
91
79
|
<param pos="0" name="service.family" value="SLMail"/>
|
|
92
80
|
<param pos="0" name="service.product" value="SLMail"/>
|