recog 2.3.11 → 2.3.16

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 97d63040d77ee814dfef18425b59f861c5502b6e929826c27b3f6ec81423edfe
4
- data.tar.gz: 27f184ce296b50e0c061e67c0fb5cff846eca187ee72750684904aea66061bc7
3
+ metadata.gz: f26ba5638d60668485ae809fd343a1a35262418a0174b31692e7467f0764152a
4
+ data.tar.gz: cfeeaf8d4740fbf534ac26b0300ffd9ac28f0649494a163f42cd654251f95a77
5
5
  SHA512:
6
- metadata.gz: fec43f32715f27d49b9c0258cd46b2b647c11d9649d30601ac7220b4f37459a9664686c25f84304c307e74690815de91e3883ba018d4b9d1546aea4867cebe42
7
- data.tar.gz: e8612ca2e848fe0c8f8ccd32646309614fca7cdbc3101f01554c4e770ea738fead20ea24c003b70f0241a412186cbaa819b5d805b2e71d834dd77a327bdfc7e6
6
+ metadata.gz: cdb40798655b68545b2c28d1f72555c0c442c9afadd63a9e3a97cfae755263663452ed5543db83e703569746dff1f2fefbc3a95213d463086cbf88ba9e121be6
7
+ data.tar.gz: bb49a46e193fb2dcb13740ee86500dd820e08bca2a57569eb77f462fb2f71d5061dbc734aac9f756074b31f40f12815bbe29f9ec194d4e7ccfa521702d2747a1
@@ -0,0 +1,35 @@
1
+ # Reporting security issues
2
+
3
+ Thanks for your interest in making Recog more secure! If you feel
4
+ that you have found a security issue involving Metasploit, Meterpreter,
5
+ Recog, or any other Rapid7 open source project, you are welcome to let
6
+ us know in the way that's most comfortable for you.
7
+
8
+ ## Via ZenDesk
9
+
10
+ You can click on the big blue button at [Rapid7's Vulnerability
11
+ Disclosure][r7-vulns] page, which will get you to our general
12
+ vulnerability reporting system. While this does require a (free) ZenDesk
13
+ account to use, you'll get regular updates on your issue as our software
14
+ support teams work through it. As it happens [that page][r7-vulns] also
15
+ will tell you what to expect when it comes to reporting vulns, how fast
16
+ we'll fix and respond, and all the rest, so it's a pretty good read
17
+ regardless.
18
+
19
+ ## Via email
20
+
21
+ If you're more of a traditionalist, you can email your finding to
22
+ security@rapid7.com. If you like, you can use our [PGP key][pgp] to
23
+ encrypt your messages, but we certainly don't mind cleartext reports
24
+ over email.
25
+
26
+ ## NOT via GitHub Issues
27
+
28
+ Please don't! Disclosing security vulnerabilities to public bug trackers
29
+ is kind of mean, even when it's well-intentioned, since you end up
30
+ dropping 0-day on pretty much everyone right out of the gate. We'd prefer
31
+ you didn't!
32
+
33
+ [r7-vulns]:https://www.rapid7.com/security/disclosure/
34
+ [pgp]:https://keybase.io/rapid7/pgp_keys.asc?fingerprint=9a90aea0576cbcafa39c502ba5e16807959d3eda
35
+
data/.snyk ADDED
@@ -0,0 +1,10 @@
1
+ # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
2
+ python: 3.6.0
3
+ version: v1.14.1
4
+ # ignores vulnerabilities until expiry date; change duration by modifying expiry date
5
+ ignore:
6
+ SNYK-PYTHON-PYYAML-590151:
7
+ - pyyaml:
8
+ reason: Project doesn't use vulnerable code path.
9
+ expires: 2021-06-01T00:00:00.000Z
10
+ patch: {}
data/LICENSE CHANGED
@@ -2,6 +2,6 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
2
2
  Source: https://github.com/rapid7/recog
3
3
 
4
4
  Files: *
5
- Copyright: 2014-2015, Rapid7, Inc.
5
+ Copyright: 2014, Rapid7, Inc.
6
6
  License: BSD-2-clause
7
7
 
@@ -16,10 +16,16 @@ mappings:
16
16
  weblogic: weblogic_server
17
17
  blue_coat:
18
18
  vendor: bluecoat
19
+ carnegie_mellon_university:
20
+ vendor: cmu
21
+ products:
22
+ cyrus_imap: cyrus_imap_server
19
23
  centos:
20
24
  vendor: centos
21
25
  products:
22
26
  linux: centos
27
+ centos_webpanel:
28
+ vendor: centos-webpanel
23
29
  check_point:
24
30
  vendor: checkpoint
25
31
  cisco:
@@ -32,6 +38,9 @@ mappings:
32
38
  vendor: debian
33
39
  products:
34
40
  linux: debian_linux
41
+ embedthis:
42
+ products:
43
+ goahead_webserver: goahead
35
44
  f5:
36
45
  vendor: f5
37
46
  products:
@@ -41,12 +50,12 @@ mappings:
41
50
  vendor: hp
42
51
  products:
43
52
  ilo: integrated_lights_out
44
- lotus_domino: lotus_domino_server
45
53
  tru64_unix: tru64
46
54
  ibm:
47
55
  vendor: ibm
48
56
  products:
49
57
  lotus_domino: lotus_domino_server
58
+ ibm_domino: lotus_domino
50
59
  os/400: os_400
51
60
  jamf:
52
61
  products:
@@ -57,6 +66,10 @@ mappings:
57
66
  junos_os: junos
58
67
  kibana:
59
68
  vendor: elasticsearch
69
+ cz.nic:
70
+ vendor: knot-dns
71
+ litespeed_technologies:
72
+ vendor: litespeedtech
60
73
  linux:
61
74
  vendor: linux
62
75
  products:
@@ -94,6 +107,10 @@ mappings:
94
107
  vendor: modwsgi
95
108
  mort_bay:
96
109
  vendor: mortbay
110
+ nlnet_labs:
111
+ vendor: nlnetlabs
112
+ products:
113
+ dnsd: name_server_daemon
97
114
  net-snmp:
98
115
  vendor: net-snmp
99
116
  products:
@@ -93,4 +93,4 @@ iPad
93
93
  iPad Air
94
94
  iPad Pro
95
95
  iPad mini
96
- iPhone
96
+ iPhone
@@ -325,4 +325,4 @@ iPhone X
325
325
  iPhone XR
326
326
  iPhone XS
327
327
  iPhone XS Max
328
- vManage
328
+ vManage
@@ -421,6 +421,7 @@ Symantec Endpoint Protection Manager
421
421
  Symantec Mail Security for SMTP
422
422
  Symantec Messaging Gateway
423
423
  TBS FTP Server
424
+ TCP/IP
424
425
  TCPIP POP server
425
426
  TUX Web Server
426
427
  TeamCity
@@ -554,4 +555,3 @@ vsFTPd
554
555
  vsFTPd Extended
555
556
  z/OS FTP Server
556
557
  zFTPServer
557
- TCP/IP
@@ -1,3 +1,3 @@
1
1
  module Recog
2
- VERSION = '2.3.11'
2
+ VERSION = '2.3.16'
3
3
  end
@@ -9,7 +9,7 @@ from lxml import etree
9
9
 
10
10
  def parse_r7_remapping(file):
11
11
  with open(file) as remap_file:
12
- return yaml.load(remap_file)["mappings"]
12
+ return yaml.safe_load(remap_file)["mappings"]
13
13
 
14
14
  def parse_cpe_vp_map(file):
15
15
  vp_map = {} # cpe_type -> vendor -> products
@@ -516,6 +516,7 @@
516
516
  <param pos="0" name="service.family" value="NSD"/>
517
517
  <param pos="0" name="service.product" value="dnsd"/>
518
518
  <param pos="1" name="service.version"/>
519
+ <param pos="0" name="service.cpe23" value="cpe:/a:nlnetlabs:name_server_daemon:{service.version}"/>
519
520
  </fingerprint>
520
521
 
521
522
  <fingerprint pattern="^unbound ([\d.]+)$">
@@ -525,6 +526,7 @@
525
526
  <param pos="0" name="service.family" value="Unbound"/>
526
527
  <param pos="0" name="service.product" value="unbound"/>
527
528
  <param pos="1" name="service.version"/>
529
+ <param pos="0" name="service.cpe23" value="cpe:/a:nlnetlabs:unbound:{service.version}"/>
528
530
  </fingerprint>
529
531
 
530
532
  <fingerprint pattern="^(?i:unbound)$">
@@ -533,6 +535,7 @@
533
535
  <param pos="0" name="service.vendor" value="NLnet Labs"/>
534
536
  <param pos="0" name="service.family" value="Unbound"/>
535
537
  <param pos="0" name="service.product" value="unbound"/>
538
+ <param pos="0" name="service.cpe23" value="cpe:/a:nlnetlabs:unbound:-"/>
536
539
  </fingerprint>
537
540
 
538
541
  <fingerprint pattern="^(?:BIND )?(9.[^-]+(?:-[SP]\d)?)(?:-[\d\.]+)?\+deb10u\d+-Raspbian$">
@@ -583,8 +586,9 @@
583
586
  <example service.version="2.5.0-dev">Knot DNS 2.5.0-dev</example>
584
587
  <param pos="0" name="service.vendor" value="cz.nic"/>
585
588
  <param pos="0" name="service.family" value="Knot"/>
586
- <param pos="0" name="service.product" value="DNS"/>
589
+ <param pos="0" name="service.product" value="Knot DNS"/>
587
590
  <param pos="1" name="service.version"/>
591
+ <param pos="0" name="service.cpe23" value="cpe:/a:knot-dns:knot_dns:{service.version}"/>
588
592
  </fingerprint>
589
593
 
590
594
  <fingerprint pattern="^UltraDNS Resolver$">
@@ -615,17 +619,18 @@
615
619
  dnscmd /config /EnableVersionQuery 1
616
620
  -->
617
621
 
618
- <fingerprint pattern="^Microsoft DNS (10.0.\d+)(?: \(\w+\))?$">
622
+ <fingerprint pattern="^Microsoft DNS (10.0.\d+)(?: \(([^)]+)\))?$">
619
623
  <description>Microsoft DNS on Windows 2016: GA</description>
620
624
  <!-- Windows 10 / 2016 moved towards a rolling release so capturing build
621
625
  is required unlike other Windows versions where we use a fixed string.
622
626
  -->
623
627
 
624
- <example service.version="10.0.14393" os.build="10.0.14393">Microsoft DNS 10.0.14393 (383900CE)</example>
628
+ <example service.version="10.0.14393" os.build="10.0.14393" service.version.version="383900CE">Microsoft DNS 10.0.14393 (383900CE)</example>
625
629
  <param pos="0" name="service.vendor" value="Microsoft"/>
626
630
  <param pos="0" name="service.family" value="DNS"/>
627
631
  <param pos="0" name="service.product" value="DNS"/>
628
632
  <param pos="1" name="service.version"/>
633
+ <param pos="2" name="service.version.version"/>
629
634
  <param pos="0" name="os.vendor" value="Microsoft"/>
630
635
  <param pos="0" name="os.family" value="Windows"/>
631
636
  <param pos="0" name="os.product" value="Windows Server 2016"/>
@@ -633,13 +638,14 @@
633
638
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
634
639
  </fingerprint>
635
640
 
636
- <fingerprint pattern="^Microsoft DNS 6.3.9600(?: \(\w+\))?$">
641
+ <fingerprint pattern="^Microsoft DNS 6.3.9600(?: \(([^)]+)\))?$">
637
642
  <description>Microsoft DNS on Windows 2012 R2</description>
638
- <example>Microsoft DNS 6.3.9600 (25804825)</example>
643
+ <example service.version.version="25804825">Microsoft DNS 6.3.9600 (25804825)</example>
639
644
  <param pos="0" name="service.vendor" value="Microsoft"/>
640
645
  <param pos="0" name="service.family" value="DNS"/>
641
646
  <param pos="0" name="service.product" value="DNS"/>
642
647
  <param pos="0" name="service.version" value="6.3.9600"/>
648
+ <param pos="1" name="service.version.version"/>
643
649
  <param pos="0" name="os.vendor" value="Microsoft"/>
644
650
  <param pos="0" name="os.family" value="Windows"/>
645
651
  <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
@@ -647,13 +653,14 @@
647
653
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
648
654
  </fingerprint>
649
655
 
650
- <fingerprint pattern="^Microsoft DNS 6.2.9200(?: \(\w+\))?$">
656
+ <fingerprint pattern="^Microsoft DNS 6.2.9200(?: \(([^)]+)\))?$">
651
657
  <description>Microsoft DNS on Windows 2012</description>
652
- <example>Microsoft DNS 6.2.9200 (23F04000)</example>
658
+ <example service.version.version="23F04000">Microsoft DNS 6.2.9200 (23F04000)</example>
653
659
  <param pos="0" name="service.vendor" value="Microsoft"/>
654
660
  <param pos="0" name="service.family" value="DNS"/>
655
661
  <param pos="0" name="service.product" value="DNS"/>
656
662
  <param pos="0" name="service.version" value="6.2.9200"/>
663
+ <param pos="1" name="service.version.version"/>
657
664
  <param pos="0" name="os.vendor" value="Microsoft"/>
658
665
  <param pos="0" name="os.family" value="Windows"/>
659
666
  <param pos="0" name="os.product" value="Windows Server 2012"/>
@@ -661,14 +668,15 @@
661
668
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
662
669
  </fingerprint>
663
670
 
664
- <fingerprint pattern="^Microsoft DNS 6.1.7601(?: \(\w+\))?$">
671
+ <fingerprint pattern="^Microsoft DNS 6.1.7601(?: \(([^)]+)\))?$">
665
672
  <description>Microsoft DNS on Windows 2008 R2 Service Pack 1</description>
666
- <example>Microsoft DNS 6.1.7601 (1DB15CD4)</example>
673
+ <example service.version.version="1DB15CD4">Microsoft DNS 6.1.7601 (1DB15CD4)</example>
667
674
  <example>Microsoft DNS 6.1.7601</example>
668
675
  <param pos="0" name="service.vendor" value="Microsoft"/>
669
676
  <param pos="0" name="service.family" value="DNS"/>
670
677
  <param pos="0" name="service.product" value="DNS"/>
671
678
  <param pos="0" name="service.version" value="6.1.7601"/>
679
+ <param pos="1" name="service.version.version"/>
672
680
  <param pos="0" name="os.vendor" value="Microsoft"/>
673
681
  <param pos="0" name="os.family" value="Windows"/>
674
682
  <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
@@ -677,13 +685,14 @@
677
685
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:Service Pack 1"/>
678
686
  </fingerprint>
679
687
 
680
- <fingerprint pattern="^Microsoft DNS 6.1.7600(?: \(\w+\))?$">
688
+ <fingerprint pattern="^Microsoft DNS 6.1.7600(?: \(([^)]+)\))?$">
681
689
  <description>Microsoft DNS on Windows 2008 R2</description>
682
- <example>Microsoft DNS 6.1.7600 (1DB04228)</example>
690
+ <example service.version.version="1DB04228">Microsoft DNS 6.1.7600 (1DB04228)</example>
683
691
  <param pos="0" name="service.vendor" value="Microsoft"/>
684
692
  <param pos="0" name="service.family" value="DNS"/>
685
693
  <param pos="0" name="service.product" value="DNS"/>
686
694
  <param pos="0" name="service.version" value="6.1.7600"/>
695
+ <param pos="1" name="service.version.version"/>
687
696
  <param pos="0" name="os.vendor" value="Microsoft"/>
688
697
  <param pos="0" name="os.family" value="Windows"/>
689
698
  <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
@@ -704,13 +713,14 @@
704
713
  <example>Microsoft DNS 6.0.6100 (2AEF76E)</example>
705
714
  </fingerprint>
706
715
 
707
- <fingerprint pattern="^Microsoft DNS 6.0.6003(?: \(\w+\))?$">
716
+ <fingerprint pattern="^Microsoft DNS 6.0.6003(?: \(([^)]+)\))?$">
708
717
  <description>Microsoft DNS on Windows 2008 Service Pack 2 - Preview Rollup KB4489887 and later</description>
709
- <example>Microsoft DNS 6.0.6003 (1773501D)</example>
718
+ <example service.version.version="1773501D">Microsoft DNS 6.0.6003 (1773501D)</example>
710
719
  <param pos="0" name="service.vendor" value="Microsoft"/>
711
720
  <param pos="0" name="service.family" value="DNS"/>
712
721
  <param pos="0" name="service.product" value="DNS"/>
713
722
  <param pos="0" name="service.version" value="6.0.6003"/>
723
+ <param pos="1" name="service.version.version"/>
714
724
  <param pos="0" name="os.vendor" value="Microsoft"/>
715
725
  <param pos="0" name="os.family" value="Windows"/>
716
726
  <param pos="0" name="os.product" value="Windows Server 2008"/>
@@ -719,13 +729,14 @@
719
729
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:Service Pack 2"/>
720
730
  </fingerprint>
721
731
 
722
- <fingerprint pattern="^Microsoft DNS 6.0.6002(?: \(\w+\))?$">
732
+ <fingerprint pattern="^Microsoft DNS 6.0.6002(?: \(([^)]+)\))?$">
723
733
  <description>Microsoft DNS on Windows 2008 Service Pack 2</description>
724
- <example>Microsoft DNS 6.0.6002 (17724D35)</example>
734
+ <example service.version.version="17724D35">Microsoft DNS 6.0.6002 (17724D35)</example>
725
735
  <param pos="0" name="service.vendor" value="Microsoft"/>
726
736
  <param pos="0" name="service.family" value="DNS"/>
727
737
  <param pos="0" name="service.product" value="DNS"/>
728
738
  <param pos="0" name="service.version" value="6.0.6002"/>
739
+ <param pos="1" name="service.version.version"/>
729
740
  <param pos="0" name="os.vendor" value="Microsoft"/>
730
741
  <param pos="0" name="os.family" value="Windows"/>
731
742
  <param pos="0" name="os.product" value="Windows Server 2008"/>
@@ -734,13 +745,14 @@
734
745
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:Service Pack 2"/>
735
746
  </fingerprint>
736
747
 
737
- <fingerprint pattern="^Microsoft DNS 6.0.6001(?: \(\w+\))?$">
748
+ <fingerprint pattern="^Microsoft DNS 6.0.6001(?: \(([^)]+)\))?$">
738
749
  <description>Microsoft DNS on Windows 2008 Service Pack 1</description>
739
- <example>Microsoft DNS 6.0.6001 (17714726)</example>
750
+ <example service.version.version="17714726">Microsoft DNS 6.0.6001 (17714726)</example>
740
751
  <param pos="0" name="service.vendor" value="Microsoft"/>
741
752
  <param pos="0" name="service.family" value="DNS"/>
742
753
  <param pos="0" name="service.product" value="DNS"/>
743
754
  <param pos="0" name="service.version" value="6.0.6001"/>
755
+ <param pos="1" name="service.version.version"/>
744
756
  <param pos="0" name="os.vendor" value="Microsoft"/>
745
757
  <param pos="0" name="os.family" value="Windows"/>
746
758
  <param pos="0" name="os.product" value="Windows Server 2008"/>
@@ -754,7 +766,8 @@
754
766
  <example>DNSServer</example>
755
767
  <param pos="0" name="service.vendor" value="Synology"/>
756
768
  <param pos="0" name="service.family" value="DSM"/>
757
- <param pos="0" name="service.product" value="DNS"/>
769
+ <param pos="0" name="service.product" value="DNS Server"/>
770
+ <param pos="0" name="service.cpe23" value="cpe:/a:synology:dns_server:-"/>
758
771
  <param pos="0" name="os.device" value="NAS"/>
759
772
  <param pos="0" name="os.family" value="Linux"/>
760
773
  <param pos="0" name="os.product" value="DSM"/>
@@ -855,9 +868,10 @@
855
868
  <fingerprint pattern="^gdnsd$">
856
869
  <description>gdnsd</description>
857
870
  <example>gdnsd</example>
858
- <param pos="0" name="service.vendor" value="Brandon Black"/>
871
+ <param pos="0" name="service.vendor" value="gdnsd"/>
859
872
  <param pos="0" name="service.family" value="gdnsd"/>
860
873
  <param pos="0" name="service.product" value="gdnsd"/>
874
+ <param pos="0" name="service.cpe23" value="cpe:/a:gdnsd:gdnsd:-"/>
861
875
  </fingerprint>
862
876
 
863
877
  <fingerprint pattern="^Hi: [\w\.: =]+\d{4}$">
@@ -464,6 +464,7 @@
464
464
  <param pos="0" name="service.vendor" value="SABnzbd"/>
465
465
  <param pos="0" name="service.product" value="SABnzbd"/>
466
466
  <param pos="0" name="service.certainty" value="0.5"/>
467
+ <param pos="0" name="service.cpe23" value="cpe:/a:sabnzbd:sabnzbd:-"/>
467
468
  </fingerprint>
468
469
 
469
470
  <fingerprint pattern="^5c9f3938754b459fb3590a00e5947fed$">
@@ -612,6 +613,7 @@
612
613
  <param pos="0" name="service.vendor" value="Elastic"/>
613
614
  <param pos="0" name="service.product" value="Kibana"/>
614
615
  <param pos="0" name="service.certainty" value="0.5"/>
616
+ <param pos="0" name="service.cpe23" value="cpe:/a:elastic:kibana:-"/>
615
617
  </fingerprint>
616
618
 
617
619
  <fingerprint pattern="^(?:ef07026465d7b449a9759132486d1e3b|bcc4933f81eff43e5d9bcc5b2828aa70|b204c198a410e5ee28346c4a2110535e|c00da11c81f9b887eed4123daee89909)$">
@@ -360,6 +360,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
360
360
  <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-</example>
361
361
  <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-&#13;
362
362
  more stuff</example>
363
+ <param pos="0" name="service.fvendor" value="PureFTPd"/>
363
364
  <param pos="0" name="service.family" value="Pure-FTPd"/>
364
365
  <param pos="0" name="service.product" value="Pure-FTPd"/>
365
366
  <param pos="1" name="service.version"/>
@@ -374,16 +375,20 @@ more stuff</example>
374
375
  <example>--------- Welcome to Pure-FTPd [privsep] [TLS] ----------&#13;
375
376
  more text</example>
376
377
  <param pos="1" name="pureftpd.config"/>
378
+ <param pos="0" name="service.vendor" value="PureFTPd"/>
377
379
  <param pos="0" name="service.family" value="Pure-FTPd"/>
378
380
  <param pos="0" name="service.product" value="Pure-FTPd"/>
381
+ <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:-"/>
379
382
  </fingerprint>
380
383
 
381
384
  <fingerprint pattern="^(?:Welcome to )?Pure-FTPd\.?$">
382
385
  <description>Basic Pure-FTPd banner, no version</description>
383
386
  <example>Welcome to Pure-FTPd</example>
384
387
  <example>Pure-FTPd.</example>
388
+ <param pos="0" name="service.vendor" value="PureFTPd"/>
385
389
  <param pos="0" name="service.family" value="Pure-FTPd"/>
386
390
  <param pos="0" name="service.product" value="Pure-FTPd"/>
391
+ <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:-"/>
387
392
  </fingerprint>
388
393
 
389
394
  <fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-" flags="REG_MULTILINE">
@@ -391,26 +396,56 @@ more text</example>
391
396
  <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-</example>
392
397
  <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-&#13;
393
398
  more text</example>
399
+ <param pos="0" name="service.vendor" value="PureFTPd"/>
394
400
  <param pos="0" name="service.family" value="Pure-FTPd"/>
395
401
  <param pos="0" name="service.product" value="Pure-FTPd"/>
396
402
  <param pos="1" name="service.version"/>
403
+ <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:{service.version}"/>
397
404
  </fingerprint>
398
405
 
399
- <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+)(?: for WinSock)? ready\.*$">
400
- <description>Serv-U (only runs on Windows)</description>
406
+ <!-- CPEs for Serv-U 15.x and above changed to SolarWinds -->
407
+
408
+ <fingerprint pattern="^Serv-U FTP Server v(15\.\S+) ready\.\.\.$">
409
+ <description>SolarWinds Serv-U with version </description>
410
+ <example service.version="15.1.3.25">Serv-U FTP Server v15.1.3.25 ready...</example>
411
+ <param pos="0" name="service.vendor" value="SolarWinds"/>
412
+ <param pos="0" name="service.product" value="Serv-U FTP Server"/>
413
+ <param pos="0" name="service.family" value="Serv-U"/>
414
+ <param pos="1" name="service.version"/>
415
+ <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
416
+ </fingerprint>
417
+
418
+ <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+) for WinSock ready\.*$">
419
+ <description>Serv-U Serv-U with version on Windows</description>
401
420
  <example service.version="2.5n">Serv-U FTP-Server v2.5n for WinSock ready...</example>
402
421
  <example service.version="6.0">Serv-U FTP Server v6.0 for WinSock ready</example>
403
- <example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
404
- <param pos="0" name="service.vendor" value="Rhino Software"/>
422
+ <param pos="0" name="service.vendor" value="Serv-U"/>
405
423
  <param pos="0" name="service.product" value="Serv-U"/>
406
424
  <param pos="0" name="service.family" value="Serv-U"/>
407
425
  <param pos="1" name="service.version"/>
426
+ <param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
408
427
  <param pos="0" name="os.vendor" value="Microsoft"/>
409
428
  <param pos="0" name="os.family" value="Windows"/>
410
429
  <param pos="0" name="os.product" value="Windows"/>
411
430
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
412
431
  </fingerprint>
413
432
 
433
+ <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+) ready\.*$">
434
+ <description>Serv-U Serv-U with version </description>
435
+ <example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
436
+ <example service.version="14.0">Serv-U FTP Server v14.0 ready...</example>
437
+ <param pos="0" name="service.vendor" value="Serv-U"/>
438
+ <param pos="0" name="service.product" value="Serv-U"/>
439
+ <param pos="0" name="service.family" value="Serv-U"/>
440
+ <param pos="1" name="service.version"/>
441
+ <param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
442
+ </fingerprint>
443
+
444
+ <fingerprint pattern="^Welcom to Serv-U FTP Server$">
445
+ <description>Common FTP banner modification to look like Serv-U -- assert nothing.</description>
446
+ <example>Welcom to Serv-U FTP Server</example>
447
+ </fingerprint>
448
+
414
449
  <fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
415
450
  <description>zftpserver (only runs on Windows)</description>
416
451
  <example service.version="4.0">zFTPServer v4.0, build 2008-12-24 01:41 ready.</example>
@@ -427,23 +462,28 @@ more text</example>
427
462
  <description>vsFTPd (Very Secure FTP Daemon)</description>
428
463
  <example service.version="1.1.3">(vsFTPd 1.1.3) host</example>
429
464
  <example service.version="2.0.5">(vsFTPd 2.0.5)</example>
465
+ <param pos="0" name="service.vendor" value="vsFTPd Project"/>
430
466
  <param pos="0" name="service.family" value="vsFTPd"/>
431
467
  <param pos="0" name="service.product" value="vsFTPd"/>
432
468
  <param pos="1" name="service.version"/>
469
+ <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:{service.version}"/>
433
470
  <param pos="2" name="host.name"/>
434
471
  </fingerprint>
435
472
 
436
473
  <fingerprint pattern="^ready, dude \(vsFTPd (\d+\..+): beat me, break me\)$">
437
474
  <description>vsFTPd (Very Secure FTP Daemon) - break me variant</description>
438
475
  <example service.version="1.1.0">ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
476
+ <param pos="0" name="service.vendor" value="vsFTPd Project"/>
439
477
  <param pos="0" name="service.family" value="vsFTPd"/>
440
478
  <param pos="0" name="service.product" value="vsFTPd"/>
441
479
  <param pos="1" name="service.version"/>
480
+ <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:{service.version}"/>
442
481
  </fingerprint>
443
482
 
444
483
  <fingerprint pattern="^vsFTPd ([\d.]+\+ \(ext\.3\)) ready\.\.\.$">
445
484
  <description>vsFTPd (Very Secure FTP Daemon) extended build (vsftpd.devnet.ru)</description>
446
485
  <example service.version="2.0.4+ (ext.3)">vsFTPd 2.0.4+ (ext.3) ready...</example>
486
+ <param pos="0" name="service.vendor" value="vsFTPd Project"/>
447
487
  <param pos="0" name="service.family" value="vsFTPd"/>
448
488
  <param pos="0" name="service.product" value="vsFTPd Extended"/>
449
489
  <param pos="1" name="service.version"/>
@@ -453,8 +493,10 @@ more text</example>
453
493
  <description>vsFTPd (Very Secure FTP Daemon) error message</description>
454
494
  <example>OOPS: vsftpd: root is not mounted.</example>
455
495
  <example>OOPS: cannot read user list file:/etc/vsftpd.user_list</example>
496
+ <param pos="0" name="service.vendor" value="vsFTPd Project"/>
456
497
  <param pos="0" name="service.family" value="vsFTPd"/>
457
498
  <param pos="0" name="service.product" value="vsFTPd"/>
499
+ <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:-"/>
458
500
  </fingerprint>
459
501
 
460
502
  <fingerprint pattern="^FileZilla Server(?: version)? (?:v)?(\d\.[\w.]+(?: beta)?).*$">
@@ -463,9 +505,15 @@ more text</example>
463
505
  <example service.version="0.9.13a beta">FileZilla Server version 0.9.13a beta</example>
464
506
  <example service.version="0.9.54 beta">FileZilla Server 0.9.54 beta</example>
465
507
  <example service.version="0.9.33 beta">FileZilla Server v0.9.33 beta</example>
466
- <param pos="0" name="service.family" value="FileZilla FTP Server"/>
467
- <param pos="0" name="service.product" value="FileZilla FTP Server"/>
508
+ <param pos="0" name="service.vendor" value="Filezilla-Project"/>
509
+ <param pos="0" name="service.family" value="FileZilla FTP"/>
510
+ <param pos="0" name="service.product" value="FileZilla Server"/>
468
511
  <param pos="1" name="service.version"/>
512
+ <param pos="0" name="service.cpe23" value="cpe:/a:filezilla-project:filezilla_server:{service.version}"/>
513
+ <param pos="0" name="os.vendor" value="Microsoft"/>
514
+ <param pos="0" name="os.family" value="Windows"/>
515
+ <param pos="0" name="os.product" value="Windows"/>
516
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
469
517
  </fingerprint>
470
518
 
471
519
  <fingerprint pattern="^\s*APC FTP server ready\.$">
@@ -1292,7 +1340,7 @@ more text</example>
1292
1340
  <param pos="0" name="os.product" value="Tru64 Unix"/>
1293
1341
  <param pos="1" name="host.name"/>
1294
1342
  <param pos="2" name="os.version"/>
1295
- <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
1343
+ <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64_unix:{os.version}"/>
1296
1344
  </fingerprint>
1297
1345
 
1298
1346
  <fingerprint pattern="^(\S+) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
@@ -1315,9 +1363,11 @@ more text</example>
1315
1363
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
1316
1364
  </fingerprint>
1317
1365
 
1318
- <fingerprint pattern="^MikroTik FTP server \(MikroTik ([\w.]+)\) ready\.?$">
1319
- <description>MikroTik w/o hostname</description>
1320
- <example os.version="6.0rc14">MikroTik FTP server (MikroTik 6.0rc14) ready</example>
1366
+ <fingerprint pattern="^.* FTP server \(MikroTik (\d\.[\w\.]+)\) ready\.?$">
1367
+ <description>MikroTik with description</description>
1368
+ <example os.version="6.43.16">Super Thing_Place- FTP server (MikroTik 6.43.16) ready</example>
1369
+ <example os.version="6.43.16beta2">Super Thing_Place- FTP server (MikroTik 6.43.16beta2) ready</example>
1370
+ <example os.version="6.43.16rc56">Super Thing_Place- FTP server (MikroTik 6.43.16rc56) ready</example>
1321
1371
  <param pos="0" name="os.vendor" value="MikroTik"/>
1322
1372
  <param pos="0" name="os.product" value="RouterOS"/>
1323
1373
  <param pos="1" name="os.version"/>
@@ -1722,4 +1772,15 @@ more text</example>
1722
1772
  <param pos="0" name="os.device" value="Printer"/>
1723
1773
  </fingerprint>
1724
1774
 
1775
+ <fingerprint pattern="^SurgeFTP ([\S]+) \(Version ([a-f\d.]+)\)$">
1776
+ <description>NetWin SurgeFTP</description>
1777
+ <example service.version="2.3a12">SurgeFTP 192.168.0.0 (Version 2.3a12)</example>
1778
+ <example host.name="foo.bar.baz">SurgeFTP foo.bar.baz (Version 2.2f9)</example>
1779
+ <param pos="0" name="service.vendor" value="NetWin"/>
1780
+ <param pos="0" name="service.product" value="SurgeFTP"/>
1781
+ <param pos="2" name="service.version"/>
1782
+ <param pos="0" name="service.cpe23" value="cpe:/a:netwin:surgeftp:{service.version}"/>
1783
+ <param pos="1" name="host.name"/>
1784
+ </fingerprint>
1785
+
1725
1786
  </fingerprints>