recog 2.3.11 → 2.3.16

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 97d63040d77ee814dfef18425b59f861c5502b6e929826c27b3f6ec81423edfe
-  data.tar.gz: 27f184ce296b50e0c061e67c0fb5cff846eca187ee72750684904aea66061bc7
+  metadata.gz: f26ba5638d60668485ae809fd343a1a35262418a0174b31692e7467f0764152a
+  data.tar.gz: cfeeaf8d4740fbf534ac26b0300ffd9ac28f0649494a163f42cd654251f95a77
 SHA512:
-  metadata.gz: fec43f32715f27d49b9c0258cd46b2b647c11d9649d30601ac7220b4f37459a9664686c25f84304c307e74690815de91e3883ba018d4b9d1546aea4867cebe42
-  data.tar.gz: e8612ca2e848fe0c8f8ccd32646309614fca7cdbc3101f01554c4e770ea738fead20ea24c003b70f0241a412186cbaa819b5d805b2e71d834dd77a327bdfc7e6
+  metadata.gz: cdb40798655b68545b2c28d1f72555c0c442c9afadd63a9e3a97cfae755263663452ed5543db83e703569746dff1f2fefbc3a95213d463086cbf88ba9e121be6
+  data.tar.gz: bb49a46e193fb2dcb13740ee86500dd820e08bca2a57569eb77f462fb2f71d5061dbc734aac9f756074b31f40f12815bbe29f9ec194d4e7ccfa521702d2747a1

data/.github/SECURITY.md

@@ -0,0 +1,35 @@
+# Reporting security issues
+
+Thanks for your interest in making Recog more secure! If you feel
+that you have found a security issue involving Metasploit, Meterpreter,
+Recog, or any other Rapid7 open source project, you are welcome to let
+us know in the way that's most comfortable for you.
+
+## Via ZenDesk
+
+You can click on the big blue button at [Rapid7's Vulnerability
+Disclosure][r7-vulns] page, which will get you to our general
+vulnerability reporting system. While this does require a (free) ZenDesk
+account to use, you'll get regular updates on your issue as our software
+support teams work through it. As it happens [that page][r7-vulns] also
+will tell you what to expect when it comes to reporting vulns, how fast
+we'll fix and respond, and all the rest, so it's a pretty good read
+regardless.
+
+## Via email
+
+If you're more of a traditionalist, you can email your finding to
+security@rapid7.com. If you like, you can use our [PGP key][pgp] to
+encrypt your messages, but we certainly don't mind cleartext reports
+over email.
+
+## NOT via GitHub Issues
+
+Please don't! Disclosing security vulnerabilities to public bug trackers
+is kind of mean, even when it's well-intentioned, since you end up
+dropping 0-day on pretty much everyone right out of the gate. We'd prefer
+you didn't!
+
+[r7-vulns]:https://www.rapid7.com/security/disclosure/
+[pgp]:https://keybase.io/rapid7/pgp_keys.asc?fingerprint=9a90aea0576cbcafa39c502ba5e16807959d3eda
+

data/.snyk

@@ -0,0 +1,10 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+python: 3.6.0
+version: v1.14.1
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  SNYK-PYTHON-PYYAML-590151:
+    - pyyaml:
+        reason: Project doesn't use vulnerable code path.
+        expires: 2021-06-01T00:00:00.000Z
+patch: {}

data/LICENSE

@@ -2,6 +2,6 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Source: https://github.com/rapid7/recog
 
 Files: *
-Copyright: 2014-2015, Rapid7, Inc.
+Copyright: 2014, Rapid7, Inc.
 License: BSD-2-clause
 

data/cpe-remap.yaml

@@ -16,10 +16,16 @@ mappings:
       weblogic: weblogic_server
   blue_coat:
     vendor: bluecoat
+  carnegie_mellon_university:
+    vendor: cmu
+    products:
+      cyrus_imap: cyrus_imap_server
   centos:
     vendor: centos
     products:
       linux: centos
+  centos_webpanel:
+    vendor: centos-webpanel
   check_point:
     vendor: checkpoint
   cisco:
@@ -32,6 +38,9 @@ mappings:
     vendor: debian
     products:
       linux: debian_linux
+  embedthis:
+    products:
+       goahead_webserver: goahead
   f5:
     vendor: f5
     products:
@@ -41,12 +50,12 @@ mappings:
     vendor: hp
     products:
       ilo: integrated_lights_out
-      lotus_domino: lotus_domino_server
       tru64_unix: tru64
   ibm:
     vendor: ibm
     products:
       lotus_domino: lotus_domino_server
+      ibm_domino: lotus_domino
       os/400: os_400
   jamf:
     products:
@@ -57,6 +66,10 @@ mappings:
       junos_os: junos
   kibana:
     vendor: elasticsearch
+  cz.nic:
+    vendor: knot-dns
+  litespeed_technologies:
+    vendor: litespeedtech
   linux:
     vendor: linux
     products:
@@ -94,6 +107,10 @@ mappings:
     vendor: modwsgi
   mort_bay:
     vendor: mortbay
+  nlnet_labs:
+    vendor: nlnetlabs
+    products:
+      dnsd: name_server_daemon
   net-snmp:
     vendor: net-snmp
     products:

data/identifiers/hw_family.txt

@@ -93,4 +93,4 @@ iPad
 iPad Air
 iPad Pro
 iPad mini
-iPhone
+iPhone

data/identifiers/hw_product.txt

@@ -325,4 +325,4 @@ iPhone X
 iPhone XR
 iPhone XS
 iPhone XS Max
-vManage
+vManage

data/identifiers/service_product.txt

@@ -421,6 +421,7 @@ Symantec Endpoint Protection Manager
 Symantec Mail Security for SMTP
 Symantec Messaging Gateway
 TBS FTP Server
+TCP/IP
 TCPIP POP server
 TUX Web Server
 TeamCity
@@ -554,4 +555,3 @@ vsFTPd
 vsFTPd Extended
 z/OS FTP Server
 zFTPServer
-TCP/IP

data/lib/recog/version.rb

@@ -1,3 +1,3 @@
 module Recog
-  VERSION = '2.3.11'
+  VERSION = '2.3.16'
 end

data/update_cpes.py

@@ -9,7 +9,7 @@ from lxml import etree
 
 def parse_r7_remapping(file):
     with open(file) as remap_file:
-        return yaml.load(remap_file)["mappings"]
+        return yaml.safe_load(remap_file)["mappings"]
 
 def parse_cpe_vp_map(file):
     vp_map = {} # cpe_type -> vendor -> products

data/xml/dns_versionbind.xml

@@ -516,6 +516,7 @@
     <param pos="0" name="service.family" value="NSD"/>
     <param pos="0" name="service.product" value="dnsd"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:nlnetlabs:name_server_daemon:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^unbound ([\d.]+)$">
@@ -525,6 +526,7 @@
     <param pos="0" name="service.family" value="Unbound"/>
     <param pos="0" name="service.product" value="unbound"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:nlnetlabs:unbound:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^(?i:unbound)$">
@@ -533,6 +535,7 @@
     <param pos="0" name="service.vendor" value="NLnet Labs"/>
     <param pos="0" name="service.family" value="Unbound"/>
     <param pos="0" name="service.product" value="unbound"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:nlnetlabs:unbound:-"/>
   </fingerprint>
 
   <fingerprint pattern="^(?:BIND )?(9.[^-]+(?:-[SP]\d)?)(?:-[\d\.]+)?\+deb10u\d+-Raspbian$">
@@ -583,8 +586,9 @@
     <example service.version="2.5.0-dev">Knot DNS 2.5.0-dev</example>
     <param pos="0" name="service.vendor" value="cz.nic"/>
     <param pos="0" name="service.family" value="Knot"/>
-    <param pos="0" name="service.product" value="DNS"/>
+    <param pos="0" name="service.product" value="Knot DNS"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:knot-dns:knot_dns:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^UltraDNS Resolver$">
@@ -615,17 +619,18 @@
        dnscmd /config /EnableVersionQuery 1
   -->
 
-  <fingerprint pattern="^Microsoft DNS (10.0.\d+)(?: \(\w+\))?$">
+  <fingerprint pattern="^Microsoft DNS (10.0.\d+)(?: \(([^)]+)\))?$">
     <description>Microsoft DNS on Windows 2016: GA</description>
     <!-- Windows 10 / 2016 moved towards a rolling release so capturing build
          is required unlike other Windows versions where we use a fixed string.
     -->
 
-    <example service.version="10.0.14393" os.build="10.0.14393">Microsoft DNS 10.0.14393 (383900CE)</example>
+    <example service.version="10.0.14393" os.build="10.0.14393" service.version.version="383900CE">Microsoft DNS 10.0.14393 (383900CE)</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.family" value="DNS"/>
     <param pos="0" name="service.product" value="DNS"/>
     <param pos="1" name="service.version"/>
+    <param pos="2" name="service.version.version"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.family" value="Windows"/>
     <param pos="0" name="os.product" value="Windows Server 2016"/>
@@ -633,13 +638,14 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^Microsoft DNS 6.3.9600(?: \(\w+\))?$">
+  <fingerprint pattern="^Microsoft DNS 6.3.9600(?: \(([^)]+)\))?$">
     <description>Microsoft DNS on Windows 2012 R2</description>
-    <example>Microsoft DNS 6.3.9600 (25804825)</example>
+    <example service.version.version="25804825">Microsoft DNS 6.3.9600 (25804825)</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.family" value="DNS"/>
     <param pos="0" name="service.product" value="DNS"/>
     <param pos="0" name="service.version" value="6.3.9600"/>
+    <param pos="1" name="service.version.version"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.family" value="Windows"/>
     <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
@@ -647,13 +653,14 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^Microsoft DNS 6.2.9200(?: \(\w+\))?$">
+  <fingerprint pattern="^Microsoft DNS 6.2.9200(?: \(([^)]+)\))?$">
     <description>Microsoft DNS on Windows 2012</description>
-    <example>Microsoft DNS 6.2.9200 (23F04000)</example>
+    <example service.version.version="23F04000">Microsoft DNS 6.2.9200 (23F04000)</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.family" value="DNS"/>
     <param pos="0" name="service.product" value="DNS"/>
     <param pos="0" name="service.version" value="6.2.9200"/>
+    <param pos="1" name="service.version.version"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.family" value="Windows"/>
     <param pos="0" name="os.product" value="Windows Server 2012"/>
@@ -661,14 +668,15 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^Microsoft DNS 6.1.7601(?: \(\w+\))?$">
+  <fingerprint pattern="^Microsoft DNS 6.1.7601(?: \(([^)]+)\))?$">
     <description>Microsoft DNS on Windows 2008 R2 Service Pack 1</description>
-    <example>Microsoft DNS 6.1.7601 (1DB15CD4)</example>
+    <example service.version.version="1DB15CD4">Microsoft DNS 6.1.7601 (1DB15CD4)</example>
     <example>Microsoft DNS 6.1.7601</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.family" value="DNS"/>
     <param pos="0" name="service.product" value="DNS"/>
     <param pos="0" name="service.version" value="6.1.7601"/>
+    <param pos="1" name="service.version.version"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.family" value="Windows"/>
     <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
@@ -677,13 +685,14 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:Service Pack 1"/>
   </fingerprint>
 
-  <fingerprint pattern="^Microsoft DNS 6.1.7600(?: \(\w+\))?$">
+  <fingerprint pattern="^Microsoft DNS 6.1.7600(?: \(([^)]+)\))?$">
     <description>Microsoft DNS on Windows 2008 R2</description>
-    <example>Microsoft DNS 6.1.7600 (1DB04228)</example>
+    <example service.version.version="1DB04228">Microsoft DNS 6.1.7600 (1DB04228)</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.family" value="DNS"/>
     <param pos="0" name="service.product" value="DNS"/>
     <param pos="0" name="service.version" value="6.1.7600"/>
+    <param pos="1" name="service.version.version"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.family" value="Windows"/>
     <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
@@ -704,13 +713,14 @@
     <example>Microsoft DNS 6.0.6100 (2AEF76E)</example>
   </fingerprint>
 
-  <fingerprint pattern="^Microsoft DNS 6.0.6003(?: \(\w+\))?$">
+  <fingerprint pattern="^Microsoft DNS 6.0.6003(?: \(([^)]+)\))?$">
     <description>Microsoft DNS on Windows 2008 Service Pack 2 - Preview Rollup KB4489887 and later</description>
-    <example>Microsoft DNS 6.0.6003 (1773501D)</example>
+    <example service.version.version="1773501D">Microsoft DNS 6.0.6003 (1773501D)</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.family" value="DNS"/>
     <param pos="0" name="service.product" value="DNS"/>
     <param pos="0" name="service.version" value="6.0.6003"/>
+    <param pos="1" name="service.version.version"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.family" value="Windows"/>
     <param pos="0" name="os.product" value="Windows Server 2008"/>
@@ -719,13 +729,14 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:Service Pack 2"/>
   </fingerprint>
 
-  <fingerprint pattern="^Microsoft DNS 6.0.6002(?: \(\w+\))?$">
+  <fingerprint pattern="^Microsoft DNS 6.0.6002(?: \(([^)]+)\))?$">
     <description>Microsoft DNS on Windows 2008 Service Pack 2</description>
-    <example>Microsoft DNS 6.0.6002 (17724D35)</example>
+    <example service.version.version="17724D35">Microsoft DNS 6.0.6002 (17724D35)</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.family" value="DNS"/>
     <param pos="0" name="service.product" value="DNS"/>
     <param pos="0" name="service.version" value="6.0.6002"/>
+    <param pos="1" name="service.version.version"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.family" value="Windows"/>
     <param pos="0" name="os.product" value="Windows Server 2008"/>
@@ -734,13 +745,14 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:Service Pack 2"/>
   </fingerprint>
 
-  <fingerprint pattern="^Microsoft DNS 6.0.6001(?: \(\w+\))?$">
+  <fingerprint pattern="^Microsoft DNS 6.0.6001(?: \(([^)]+)\))?$">
     <description>Microsoft DNS on Windows 2008 Service Pack 1</description>
-    <example>Microsoft DNS 6.0.6001 (17714726)</example>
+    <example service.version.version="17714726">Microsoft DNS 6.0.6001 (17714726)</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.family" value="DNS"/>
     <param pos="0" name="service.product" value="DNS"/>
     <param pos="0" name="service.version" value="6.0.6001"/>
+    <param pos="1" name="service.version.version"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.family" value="Windows"/>
     <param pos="0" name="os.product" value="Windows Server 2008"/>
@@ -754,7 +766,8 @@
     <example>DNSServer</example>
     <param pos="0" name="service.vendor" value="Synology"/>
     <param pos="0" name="service.family" value="DSM"/>
-    <param pos="0" name="service.product" value="DNS"/>
+    <param pos="0" name="service.product" value="DNS Server"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:synology:dns_server:-"/>
     <param pos="0" name="os.device" value="NAS"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="DSM"/>
@@ -855,9 +868,10 @@
   <fingerprint pattern="^gdnsd$">
     <description>gdnsd</description>
     <example>gdnsd</example>
-    <param pos="0" name="service.vendor" value="Brandon Black"/>
+    <param pos="0" name="service.vendor" value="gdnsd"/>
     <param pos="0" name="service.family" value="gdnsd"/>
     <param pos="0" name="service.product" value="gdnsd"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:gdnsd:gdnsd:-"/>
   </fingerprint>
 
   <fingerprint pattern="^Hi: [\w\.: =]+\d{4}$">

data/xml/favicons.xml

@@ -464,6 +464,7 @@
     <param pos="0" name="service.vendor" value="SABnzbd"/>
     <param pos="0" name="service.product" value="SABnzbd"/>
     <param pos="0" name="service.certainty" value="0.5"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:sabnzbd:sabnzbd:-"/>
   </fingerprint>
 
   <fingerprint pattern="^5c9f3938754b459fb3590a00e5947fed$">
@@ -612,6 +613,7 @@
     <param pos="0" name="service.vendor" value="Elastic"/>
     <param pos="0" name="service.product" value="Kibana"/>
     <param pos="0" name="service.certainty" value="0.5"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:elastic:kibana:-"/>
   </fingerprint>
 
   <fingerprint pattern="^(?:ef07026465d7b449a9759132486d1e3b|bcc4933f81eff43e5d9bcc5b2828aa70|b204c198a410e5ee28346c4a2110535e|c00da11c81f9b887eed4123daee89909)$">

data/xml/ftp_banners.xml

@@ -360,6 +360,7 @@ example.com FTP server (Version:  Mac OS X Server) ready.</example>
     <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-</example>
     <example service.version="1.0.11">=(&lt;*&gt;)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(&lt;*&gt;)=-&#13;
 more stuff</example>
+    <param pos="0" name="service.fvendor" value="PureFTPd"/>
     <param pos="0" name="service.family" value="Pure-FTPd"/>
     <param pos="0" name="service.product" value="Pure-FTPd"/>
     <param pos="1" name="service.version"/>
@@ -374,16 +375,20 @@ more stuff</example>
     <example>--------- Welcome to Pure-FTPd [privsep] [TLS] ----------&#13;
 more text</example>
     <param pos="1" name="pureftpd.config"/>
+    <param pos="0" name="service.vendor" value="PureFTPd"/>
     <param pos="0" name="service.family" value="Pure-FTPd"/>
     <param pos="0" name="service.product" value="Pure-FTPd"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:-"/>
   </fingerprint>
 
   <fingerprint pattern="^(?:Welcome to )?Pure-FTPd\.?$">
     <description>Basic Pure-FTPd banner, no version</description>
     <example>Welcome to Pure-FTPd</example>
     <example>Pure-FTPd.</example>
+    <param pos="0" name="service.vendor" value="PureFTPd"/>
     <param pos="0" name="service.family" value="Pure-FTPd"/>
     <param pos="0" name="service.product" value="Pure-FTPd"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:-"/>
   </fingerprint>
 
   <fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-" flags="REG_MULTILINE">
@@ -391,26 +396,56 @@ more text</example>
     <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-</example>
     <example service.version="1.1.0">=(&lt;*&gt;)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(&lt;*&gt;)=-&#13;
 more text</example>
+    <param pos="0" name="service.vendor" value="PureFTPd"/>
     <param pos="0" name="service.family" value="Pure-FTPd"/>
     <param pos="0" name="service.product" value="Pure-FTPd"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:{service.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+)(?: for WinSock)? ready\.*$">
-    <description>Serv-U (only runs on Windows)</description>
+  <!-- CPEs for Serv-U 15.x and above changed to SolarWinds -->
+
+  <fingerprint pattern="^Serv-U FTP Server v(15\.\S+) ready\.\.\.$">
+    <description>SolarWinds Serv-U with version </description>
+    <example service.version="15.1.3.25">Serv-U FTP Server v15.1.3.25 ready...</example>
+    <param pos="0" name="service.vendor" value="SolarWinds"/>
+    <param pos="0" name="service.product" value="Serv-U FTP Server"/>
+    <param pos="0" name="service.family" value="Serv-U"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+) for WinSock ready\.*$">
+    <description>Serv-U Serv-U with version on Windows</description>
     <example service.version="2.5n">Serv-U FTP-Server v2.5n for WinSock ready...</example>
     <example service.version="6.0">Serv-U FTP Server v6.0 for WinSock ready</example>
-    <example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
-    <param pos="0" name="service.vendor" value="Rhino Software"/>
+    <param pos="0" name="service.vendor" value="Serv-U"/>
     <param pos="0" name="service.product" value="Serv-U"/>
     <param pos="0" name="service.family" value="Serv-U"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.family" value="Windows"/>
     <param pos="0" name="os.product" value="Windows"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
 
+  <fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+) ready\.*$">
+    <description>Serv-U Serv-U with version </description>
+    <example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
+    <example service.version="14.0">Serv-U FTP Server v14.0 ready...</example>
+    <param pos="0" name="service.vendor" value="Serv-U"/>
+    <param pos="0" name="service.product" value="Serv-U"/>
+    <param pos="0" name="service.family" value="Serv-U"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Welcom to Serv-U FTP Server$">
+    <description>Common FTP banner modification to look like Serv-U -- assert nothing.</description>
+    <example>Welcom to Serv-U FTP Server</example>
+  </fingerprint>
+
   <fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
     <description>zftpserver (only runs on Windows)</description>
     <example service.version="4.0">zFTPServer v4.0, build 2008-12-24 01:41 ready.</example>
@@ -427,23 +462,28 @@ more text</example>
     <description>vsFTPd (Very Secure FTP Daemon)</description>
     <example service.version="1.1.3">(vsFTPd 1.1.3) host</example>
     <example service.version="2.0.5">(vsFTPd 2.0.5)</example>
+    <param pos="0" name="service.vendor" value="vsFTPd Project"/>
     <param pos="0" name="service.family" value="vsFTPd"/>
     <param pos="0" name="service.product" value="vsFTPd"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:{service.version}"/>
     <param pos="2" name="host.name"/>
   </fingerprint>
 
   <fingerprint pattern="^ready, dude \(vsFTPd (\d+\..+): beat me, break me\)$">
     <description>vsFTPd (Very Secure FTP Daemon) - break me variant</description>
     <example service.version="1.1.0">ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
+    <param pos="0" name="service.vendor" value="vsFTPd Project"/>
     <param pos="0" name="service.family" value="vsFTPd"/>
     <param pos="0" name="service.product" value="vsFTPd"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:{service.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^vsFTPd ([\d.]+\+ \(ext\.3\)) ready\.\.\.$">
     <description>vsFTPd (Very Secure FTP Daemon) extended build (vsftpd.devnet.ru)</description>
     <example service.version="2.0.4+ (ext.3)">vsFTPd 2.0.4+ (ext.3) ready...</example>
+    <param pos="0" name="service.vendor" value="vsFTPd Project"/>
     <param pos="0" name="service.family" value="vsFTPd"/>
     <param pos="0" name="service.product" value="vsFTPd Extended"/>
     <param pos="1" name="service.version"/>
@@ -453,8 +493,10 @@ more text</example>
     <description>vsFTPd (Very Secure FTP Daemon) error message</description>
     <example>OOPS: vsftpd: root is not mounted.</example>
     <example>OOPS: cannot read user list file:/etc/vsftpd.user_list</example>
+    <param pos="0" name="service.vendor" value="vsFTPd Project"/>
     <param pos="0" name="service.family" value="vsFTPd"/>
     <param pos="0" name="service.product" value="vsFTPd"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:-"/>
   </fingerprint>
 
   <fingerprint pattern="^FileZilla Server(?: version)? (?:v)?(\d\.[\w.]+(?: beta)?).*$">
@@ -463,9 +505,15 @@ more text</example>
     <example service.version="0.9.13a beta">FileZilla Server version 0.9.13a beta</example>
     <example service.version="0.9.54 beta">FileZilla Server 0.9.54 beta</example>
     <example service.version="0.9.33 beta">FileZilla Server v0.9.33 beta</example>
-    <param pos="0" name="service.family" value="FileZilla FTP Server"/>
-    <param pos="0" name="service.product" value="FileZilla FTP Server"/>
+    <param pos="0" name="service.vendor" value="Filezilla-Project"/>
+    <param pos="0" name="service.family" value="FileZilla FTP"/>
+    <param pos="0" name="service.product" value="FileZilla Server"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:filezilla-project:filezilla_server:{service.version}"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
 
   <fingerprint pattern="^\s*APC FTP server ready\.$">
@@ -1292,7 +1340,7 @@ more text</example>
     <param pos="0" name="os.product" value="Tru64 Unix"/>
     <param pos="1" name="host.name"/>
     <param pos="2" name="os.version"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64:{os.version}"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64_unix:{os.version}"/>
   </fingerprint>
 
   <fingerprint pattern="^(\S+) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
@@ -1315,9 +1363,11 @@ more text</example>
     <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
   </fingerprint>
 
-  <fingerprint pattern="^MikroTik FTP server \(MikroTik ([\w.]+)\) ready\.?$">
-    <description>MikroTik w/o hostname</description>
-    <example os.version="6.0rc14">MikroTik FTP server (MikroTik 6.0rc14) ready</example>
+  <fingerprint pattern="^.* FTP server \(MikroTik (\d\.[\w\.]+)\) ready\.?$">
+    <description>MikroTik with description</description>
+    <example os.version="6.43.16">Super Thing_Place-  FTP server (MikroTik 6.43.16) ready</example>
+    <example os.version="6.43.16beta2">Super Thing_Place-  FTP server (MikroTik 6.43.16beta2) ready</example>
+    <example os.version="6.43.16rc56">Super Thing_Place-  FTP server (MikroTik 6.43.16rc56) ready</example>
     <param pos="0" name="os.vendor" value="MikroTik"/>
     <param pos="0" name="os.product" value="RouterOS"/>
     <param pos="1" name="os.version"/>
@@ -1722,4 +1772,15 @@ more text</example>
     <param pos="0" name="os.device" value="Printer"/>
   </fingerprint>
 
+  <fingerprint pattern="^SurgeFTP ([\S]+) \(Version ([a-f\d.]+)\)$">
+    <description>NetWin SurgeFTP</description>
+    <example service.version="2.3a12">SurgeFTP 192.168.0.0 (Version 2.3a12)</example>
+    <example host.name="foo.bar.baz">SurgeFTP foo.bar.baz (Version 2.2f9)</example>
+    <param pos="0" name="service.vendor" value="NetWin"/>
+    <param pos="0" name="service.product" value="SurgeFTP"/>
+    <param pos="2" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:netwin:surgeftp:{service.version}"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
+
 </fingerprints>