recog 2.3.11 → 2.3.16
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/SECURITY.md +35 -0
- data/.snyk +10 -0
- data/LICENSE +1 -1
- data/cpe-remap.yaml +18 -1
- data/identifiers/hw_family.txt +1 -1
- data/identifiers/hw_product.txt +1 -1
- data/identifiers/service_product.txt +1 -1
- data/lib/recog/version.rb +1 -1
- data/update_cpes.py +1 -1
- data/xml/dns_versionbind.xml +33 -19
- data/xml/favicons.xml +2 -0
- data/xml/ftp_banners.xml +71 -10
- data/xml/html_title.xml +30 -0
- data/xml/http_servers.xml +369 -60
- data/xml/imap_banners.xml +43 -0
- data/xml/pop_banners.xml +57 -2
- data/xml/smtp_banners.xml +87 -2
- data/xml/smtp_help.xml +2 -0
- data/xml/snmp_sysdescr.xml +94 -57
- data/xml/ssh_banners.xml +7 -3
- data/xml/telnet_banners.xml +147 -7
- data/xml/x509_issuers.xml +4 -2
- data/xml/x509_subjects.xml +2 -1
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f26ba5638d60668485ae809fd343a1a35262418a0174b31692e7467f0764152a
|
4
|
+
data.tar.gz: cfeeaf8d4740fbf534ac26b0300ffd9ac28f0649494a163f42cd654251f95a77
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cdb40798655b68545b2c28d1f72555c0c442c9afadd63a9e3a97cfae755263663452ed5543db83e703569746dff1f2fefbc3a95213d463086cbf88ba9e121be6
|
7
|
+
data.tar.gz: bb49a46e193fb2dcb13740ee86500dd820e08bca2a57569eb77f462fb2f71d5061dbc734aac9f756074b31f40f12815bbe29f9ec194d4e7ccfa521702d2747a1
|
data/.github/SECURITY.md
ADDED
@@ -0,0 +1,35 @@
|
|
1
|
+
# Reporting security issues
|
2
|
+
|
3
|
+
Thanks for your interest in making Recog more secure! If you feel
|
4
|
+
that you have found a security issue involving Metasploit, Meterpreter,
|
5
|
+
Recog, or any other Rapid7 open source project, you are welcome to let
|
6
|
+
us know in the way that's most comfortable for you.
|
7
|
+
|
8
|
+
## Via ZenDesk
|
9
|
+
|
10
|
+
You can click on the big blue button at [Rapid7's Vulnerability
|
11
|
+
Disclosure][r7-vulns] page, which will get you to our general
|
12
|
+
vulnerability reporting system. While this does require a (free) ZenDesk
|
13
|
+
account to use, you'll get regular updates on your issue as our software
|
14
|
+
support teams work through it. As it happens [that page][r7-vulns] also
|
15
|
+
will tell you what to expect when it comes to reporting vulns, how fast
|
16
|
+
we'll fix and respond, and all the rest, so it's a pretty good read
|
17
|
+
regardless.
|
18
|
+
|
19
|
+
## Via email
|
20
|
+
|
21
|
+
If you're more of a traditionalist, you can email your finding to
|
22
|
+
security@rapid7.com. If you like, you can use our [PGP key][pgp] to
|
23
|
+
encrypt your messages, but we certainly don't mind cleartext reports
|
24
|
+
over email.
|
25
|
+
|
26
|
+
## NOT via GitHub Issues
|
27
|
+
|
28
|
+
Please don't! Disclosing security vulnerabilities to public bug trackers
|
29
|
+
is kind of mean, even when it's well-intentioned, since you end up
|
30
|
+
dropping 0-day on pretty much everyone right out of the gate. We'd prefer
|
31
|
+
you didn't!
|
32
|
+
|
33
|
+
[r7-vulns]:https://www.rapid7.com/security/disclosure/
|
34
|
+
[pgp]:https://keybase.io/rapid7/pgp_keys.asc?fingerprint=9a90aea0576cbcafa39c502ba5e16807959d3eda
|
35
|
+
|
data/.snyk
ADDED
@@ -0,0 +1,10 @@
|
|
1
|
+
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
|
2
|
+
python: 3.6.0
|
3
|
+
version: v1.14.1
|
4
|
+
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
|
5
|
+
ignore:
|
6
|
+
SNYK-PYTHON-PYYAML-590151:
|
7
|
+
- pyyaml:
|
8
|
+
reason: Project doesn't use vulnerable code path.
|
9
|
+
expires: 2021-06-01T00:00:00.000Z
|
10
|
+
patch: {}
|
data/LICENSE
CHANGED
data/cpe-remap.yaml
CHANGED
@@ -16,10 +16,16 @@ mappings:
|
|
16
16
|
weblogic: weblogic_server
|
17
17
|
blue_coat:
|
18
18
|
vendor: bluecoat
|
19
|
+
carnegie_mellon_university:
|
20
|
+
vendor: cmu
|
21
|
+
products:
|
22
|
+
cyrus_imap: cyrus_imap_server
|
19
23
|
centos:
|
20
24
|
vendor: centos
|
21
25
|
products:
|
22
26
|
linux: centos
|
27
|
+
centos_webpanel:
|
28
|
+
vendor: centos-webpanel
|
23
29
|
check_point:
|
24
30
|
vendor: checkpoint
|
25
31
|
cisco:
|
@@ -32,6 +38,9 @@ mappings:
|
|
32
38
|
vendor: debian
|
33
39
|
products:
|
34
40
|
linux: debian_linux
|
41
|
+
embedthis:
|
42
|
+
products:
|
43
|
+
goahead_webserver: goahead
|
35
44
|
f5:
|
36
45
|
vendor: f5
|
37
46
|
products:
|
@@ -41,12 +50,12 @@ mappings:
|
|
41
50
|
vendor: hp
|
42
51
|
products:
|
43
52
|
ilo: integrated_lights_out
|
44
|
-
lotus_domino: lotus_domino_server
|
45
53
|
tru64_unix: tru64
|
46
54
|
ibm:
|
47
55
|
vendor: ibm
|
48
56
|
products:
|
49
57
|
lotus_domino: lotus_domino_server
|
58
|
+
ibm_domino: lotus_domino
|
50
59
|
os/400: os_400
|
51
60
|
jamf:
|
52
61
|
products:
|
@@ -57,6 +66,10 @@ mappings:
|
|
57
66
|
junos_os: junos
|
58
67
|
kibana:
|
59
68
|
vendor: elasticsearch
|
69
|
+
cz.nic:
|
70
|
+
vendor: knot-dns
|
71
|
+
litespeed_technologies:
|
72
|
+
vendor: litespeedtech
|
60
73
|
linux:
|
61
74
|
vendor: linux
|
62
75
|
products:
|
@@ -94,6 +107,10 @@ mappings:
|
|
94
107
|
vendor: modwsgi
|
95
108
|
mort_bay:
|
96
109
|
vendor: mortbay
|
110
|
+
nlnet_labs:
|
111
|
+
vendor: nlnetlabs
|
112
|
+
products:
|
113
|
+
dnsd: name_server_daemon
|
97
114
|
net-snmp:
|
98
115
|
vendor: net-snmp
|
99
116
|
products:
|
data/identifiers/hw_family.txt
CHANGED
data/identifiers/hw_product.txt
CHANGED
@@ -421,6 +421,7 @@ Symantec Endpoint Protection Manager
|
|
421
421
|
Symantec Mail Security for SMTP
|
422
422
|
Symantec Messaging Gateway
|
423
423
|
TBS FTP Server
|
424
|
+
TCP/IP
|
424
425
|
TCPIP POP server
|
425
426
|
TUX Web Server
|
426
427
|
TeamCity
|
@@ -554,4 +555,3 @@ vsFTPd
|
|
554
555
|
vsFTPd Extended
|
555
556
|
z/OS FTP Server
|
556
557
|
zFTPServer
|
557
|
-
TCP/IP
|
data/lib/recog/version.rb
CHANGED
data/update_cpes.py
CHANGED
@@ -9,7 +9,7 @@ from lxml import etree
|
|
9
9
|
|
10
10
|
def parse_r7_remapping(file):
|
11
11
|
with open(file) as remap_file:
|
12
|
-
return yaml.
|
12
|
+
return yaml.safe_load(remap_file)["mappings"]
|
13
13
|
|
14
14
|
def parse_cpe_vp_map(file):
|
15
15
|
vp_map = {} # cpe_type -> vendor -> products
|
data/xml/dns_versionbind.xml
CHANGED
@@ -516,6 +516,7 @@
|
|
516
516
|
<param pos="0" name="service.family" value="NSD"/>
|
517
517
|
<param pos="0" name="service.product" value="dnsd"/>
|
518
518
|
<param pos="1" name="service.version"/>
|
519
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:nlnetlabs:name_server_daemon:{service.version}"/>
|
519
520
|
</fingerprint>
|
520
521
|
|
521
522
|
<fingerprint pattern="^unbound ([\d.]+)$">
|
@@ -525,6 +526,7 @@
|
|
525
526
|
<param pos="0" name="service.family" value="Unbound"/>
|
526
527
|
<param pos="0" name="service.product" value="unbound"/>
|
527
528
|
<param pos="1" name="service.version"/>
|
529
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:nlnetlabs:unbound:{service.version}"/>
|
528
530
|
</fingerprint>
|
529
531
|
|
530
532
|
<fingerprint pattern="^(?i:unbound)$">
|
@@ -533,6 +535,7 @@
|
|
533
535
|
<param pos="0" name="service.vendor" value="NLnet Labs"/>
|
534
536
|
<param pos="0" name="service.family" value="Unbound"/>
|
535
537
|
<param pos="0" name="service.product" value="unbound"/>
|
538
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:nlnetlabs:unbound:-"/>
|
536
539
|
</fingerprint>
|
537
540
|
|
538
541
|
<fingerprint pattern="^(?:BIND )?(9.[^-]+(?:-[SP]\d)?)(?:-[\d\.]+)?\+deb10u\d+-Raspbian$">
|
@@ -583,8 +586,9 @@
|
|
583
586
|
<example service.version="2.5.0-dev">Knot DNS 2.5.0-dev</example>
|
584
587
|
<param pos="0" name="service.vendor" value="cz.nic"/>
|
585
588
|
<param pos="0" name="service.family" value="Knot"/>
|
586
|
-
<param pos="0" name="service.product" value="DNS"/>
|
589
|
+
<param pos="0" name="service.product" value="Knot DNS"/>
|
587
590
|
<param pos="1" name="service.version"/>
|
591
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:knot-dns:knot_dns:{service.version}"/>
|
588
592
|
</fingerprint>
|
589
593
|
|
590
594
|
<fingerprint pattern="^UltraDNS Resolver$">
|
@@ -615,17 +619,18 @@
|
|
615
619
|
dnscmd /config /EnableVersionQuery 1
|
616
620
|
-->
|
617
621
|
|
618
|
-
<fingerprint pattern="^Microsoft DNS (10.0.\d+)(?: \(\
|
622
|
+
<fingerprint pattern="^Microsoft DNS (10.0.\d+)(?: \(([^)]+)\))?$">
|
619
623
|
<description>Microsoft DNS on Windows 2016: GA</description>
|
620
624
|
<!-- Windows 10 / 2016 moved towards a rolling release so capturing build
|
621
625
|
is required unlike other Windows versions where we use a fixed string.
|
622
626
|
-->
|
623
627
|
|
624
|
-
<example service.version="10.0.14393" os.build="10.0.14393">Microsoft DNS 10.0.14393 (383900CE)</example>
|
628
|
+
<example service.version="10.0.14393" os.build="10.0.14393" service.version.version="383900CE">Microsoft DNS 10.0.14393 (383900CE)</example>
|
625
629
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
626
630
|
<param pos="0" name="service.family" value="DNS"/>
|
627
631
|
<param pos="0" name="service.product" value="DNS"/>
|
628
632
|
<param pos="1" name="service.version"/>
|
633
|
+
<param pos="2" name="service.version.version"/>
|
629
634
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
630
635
|
<param pos="0" name="os.family" value="Windows"/>
|
631
636
|
<param pos="0" name="os.product" value="Windows Server 2016"/>
|
@@ -633,13 +638,14 @@
|
|
633
638
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
|
634
639
|
</fingerprint>
|
635
640
|
|
636
|
-
<fingerprint pattern="^Microsoft DNS 6.3.9600(?: \(\
|
641
|
+
<fingerprint pattern="^Microsoft DNS 6.3.9600(?: \(([^)]+)\))?$">
|
637
642
|
<description>Microsoft DNS on Windows 2012 R2</description>
|
638
|
-
<example>Microsoft DNS 6.3.9600 (25804825)</example>
|
643
|
+
<example service.version.version="25804825">Microsoft DNS 6.3.9600 (25804825)</example>
|
639
644
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
640
645
|
<param pos="0" name="service.family" value="DNS"/>
|
641
646
|
<param pos="0" name="service.product" value="DNS"/>
|
642
647
|
<param pos="0" name="service.version" value="6.3.9600"/>
|
648
|
+
<param pos="1" name="service.version.version"/>
|
643
649
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
644
650
|
<param pos="0" name="os.family" value="Windows"/>
|
645
651
|
<param pos="0" name="os.product" value="Windows Server 2012 R2"/>
|
@@ -647,13 +653,14 @@
|
|
647
653
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
|
648
654
|
</fingerprint>
|
649
655
|
|
650
|
-
<fingerprint pattern="^Microsoft DNS 6.2.9200(?: \(\
|
656
|
+
<fingerprint pattern="^Microsoft DNS 6.2.9200(?: \(([^)]+)\))?$">
|
651
657
|
<description>Microsoft DNS on Windows 2012</description>
|
652
|
-
<example>Microsoft DNS 6.2.9200 (23F04000)</example>
|
658
|
+
<example service.version.version="23F04000">Microsoft DNS 6.2.9200 (23F04000)</example>
|
653
659
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
654
660
|
<param pos="0" name="service.family" value="DNS"/>
|
655
661
|
<param pos="0" name="service.product" value="DNS"/>
|
656
662
|
<param pos="0" name="service.version" value="6.2.9200"/>
|
663
|
+
<param pos="1" name="service.version.version"/>
|
657
664
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
658
665
|
<param pos="0" name="os.family" value="Windows"/>
|
659
666
|
<param pos="0" name="os.product" value="Windows Server 2012"/>
|
@@ -661,14 +668,15 @@
|
|
661
668
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
|
662
669
|
</fingerprint>
|
663
670
|
|
664
|
-
<fingerprint pattern="^Microsoft DNS 6.1.7601(?: \(\
|
671
|
+
<fingerprint pattern="^Microsoft DNS 6.1.7601(?: \(([^)]+)\))?$">
|
665
672
|
<description>Microsoft DNS on Windows 2008 R2 Service Pack 1</description>
|
666
|
-
<example>Microsoft DNS 6.1.7601 (1DB15CD4)</example>
|
673
|
+
<example service.version.version="1DB15CD4">Microsoft DNS 6.1.7601 (1DB15CD4)</example>
|
667
674
|
<example>Microsoft DNS 6.1.7601</example>
|
668
675
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
669
676
|
<param pos="0" name="service.family" value="DNS"/>
|
670
677
|
<param pos="0" name="service.product" value="DNS"/>
|
671
678
|
<param pos="0" name="service.version" value="6.1.7601"/>
|
679
|
+
<param pos="1" name="service.version.version"/>
|
672
680
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
673
681
|
<param pos="0" name="os.family" value="Windows"/>
|
674
682
|
<param pos="0" name="os.product" value="Windows Server 2008 R2"/>
|
@@ -677,13 +685,14 @@
|
|
677
685
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:Service Pack 1"/>
|
678
686
|
</fingerprint>
|
679
687
|
|
680
|
-
<fingerprint pattern="^Microsoft DNS 6.1.7600(?: \(\
|
688
|
+
<fingerprint pattern="^Microsoft DNS 6.1.7600(?: \(([^)]+)\))?$">
|
681
689
|
<description>Microsoft DNS on Windows 2008 R2</description>
|
682
|
-
<example>Microsoft DNS 6.1.7600 (1DB04228)</example>
|
690
|
+
<example service.version.version="1DB04228">Microsoft DNS 6.1.7600 (1DB04228)</example>
|
683
691
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
684
692
|
<param pos="0" name="service.family" value="DNS"/>
|
685
693
|
<param pos="0" name="service.product" value="DNS"/>
|
686
694
|
<param pos="0" name="service.version" value="6.1.7600"/>
|
695
|
+
<param pos="1" name="service.version.version"/>
|
687
696
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
688
697
|
<param pos="0" name="os.family" value="Windows"/>
|
689
698
|
<param pos="0" name="os.product" value="Windows Server 2008 R2"/>
|
@@ -704,13 +713,14 @@
|
|
704
713
|
<example>Microsoft DNS 6.0.6100 (2AEF76E)</example>
|
705
714
|
</fingerprint>
|
706
715
|
|
707
|
-
<fingerprint pattern="^Microsoft DNS 6.0.6003(?: \(\
|
716
|
+
<fingerprint pattern="^Microsoft DNS 6.0.6003(?: \(([^)]+)\))?$">
|
708
717
|
<description>Microsoft DNS on Windows 2008 Service Pack 2 - Preview Rollup KB4489887 and later</description>
|
709
|
-
<example>Microsoft DNS 6.0.6003 (1773501D)</example>
|
718
|
+
<example service.version.version="1773501D">Microsoft DNS 6.0.6003 (1773501D)</example>
|
710
719
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
711
720
|
<param pos="0" name="service.family" value="DNS"/>
|
712
721
|
<param pos="0" name="service.product" value="DNS"/>
|
713
722
|
<param pos="0" name="service.version" value="6.0.6003"/>
|
723
|
+
<param pos="1" name="service.version.version"/>
|
714
724
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
715
725
|
<param pos="0" name="os.family" value="Windows"/>
|
716
726
|
<param pos="0" name="os.product" value="Windows Server 2008"/>
|
@@ -719,13 +729,14 @@
|
|
719
729
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:Service Pack 2"/>
|
720
730
|
</fingerprint>
|
721
731
|
|
722
|
-
<fingerprint pattern="^Microsoft DNS 6.0.6002(?: \(\
|
732
|
+
<fingerprint pattern="^Microsoft DNS 6.0.6002(?: \(([^)]+)\))?$">
|
723
733
|
<description>Microsoft DNS on Windows 2008 Service Pack 2</description>
|
724
|
-
<example>Microsoft DNS 6.0.6002 (17724D35)</example>
|
734
|
+
<example service.version.version="17724D35">Microsoft DNS 6.0.6002 (17724D35)</example>
|
725
735
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
726
736
|
<param pos="0" name="service.family" value="DNS"/>
|
727
737
|
<param pos="0" name="service.product" value="DNS"/>
|
728
738
|
<param pos="0" name="service.version" value="6.0.6002"/>
|
739
|
+
<param pos="1" name="service.version.version"/>
|
729
740
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
730
741
|
<param pos="0" name="os.family" value="Windows"/>
|
731
742
|
<param pos="0" name="os.product" value="Windows Server 2008"/>
|
@@ -734,13 +745,14 @@
|
|
734
745
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:Service Pack 2"/>
|
735
746
|
</fingerprint>
|
736
747
|
|
737
|
-
<fingerprint pattern="^Microsoft DNS 6.0.6001(?: \(\
|
748
|
+
<fingerprint pattern="^Microsoft DNS 6.0.6001(?: \(([^)]+)\))?$">
|
738
749
|
<description>Microsoft DNS on Windows 2008 Service Pack 1</description>
|
739
|
-
<example>Microsoft DNS 6.0.6001 (17714726)</example>
|
750
|
+
<example service.version.version="17714726">Microsoft DNS 6.0.6001 (17714726)</example>
|
740
751
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
741
752
|
<param pos="0" name="service.family" value="DNS"/>
|
742
753
|
<param pos="0" name="service.product" value="DNS"/>
|
743
754
|
<param pos="0" name="service.version" value="6.0.6001"/>
|
755
|
+
<param pos="1" name="service.version.version"/>
|
744
756
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
745
757
|
<param pos="0" name="os.family" value="Windows"/>
|
746
758
|
<param pos="0" name="os.product" value="Windows Server 2008"/>
|
@@ -754,7 +766,8 @@
|
|
754
766
|
<example>DNSServer</example>
|
755
767
|
<param pos="0" name="service.vendor" value="Synology"/>
|
756
768
|
<param pos="0" name="service.family" value="DSM"/>
|
757
|
-
<param pos="0" name="service.product" value="DNS"/>
|
769
|
+
<param pos="0" name="service.product" value="DNS Server"/>
|
770
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:synology:dns_server:-"/>
|
758
771
|
<param pos="0" name="os.device" value="NAS"/>
|
759
772
|
<param pos="0" name="os.family" value="Linux"/>
|
760
773
|
<param pos="0" name="os.product" value="DSM"/>
|
@@ -855,9 +868,10 @@
|
|
855
868
|
<fingerprint pattern="^gdnsd$">
|
856
869
|
<description>gdnsd</description>
|
857
870
|
<example>gdnsd</example>
|
858
|
-
<param pos="0" name="service.vendor" value="
|
871
|
+
<param pos="0" name="service.vendor" value="gdnsd"/>
|
859
872
|
<param pos="0" name="service.family" value="gdnsd"/>
|
860
873
|
<param pos="0" name="service.product" value="gdnsd"/>
|
874
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:gdnsd:gdnsd:-"/>
|
861
875
|
</fingerprint>
|
862
876
|
|
863
877
|
<fingerprint pattern="^Hi: [\w\.: =]+\d{4}$">
|
data/xml/favicons.xml
CHANGED
@@ -464,6 +464,7 @@
|
|
464
464
|
<param pos="0" name="service.vendor" value="SABnzbd"/>
|
465
465
|
<param pos="0" name="service.product" value="SABnzbd"/>
|
466
466
|
<param pos="0" name="service.certainty" value="0.5"/>
|
467
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sabnzbd:sabnzbd:-"/>
|
467
468
|
</fingerprint>
|
468
469
|
|
469
470
|
<fingerprint pattern="^5c9f3938754b459fb3590a00e5947fed$">
|
@@ -612,6 +613,7 @@
|
|
612
613
|
<param pos="0" name="service.vendor" value="Elastic"/>
|
613
614
|
<param pos="0" name="service.product" value="Kibana"/>
|
614
615
|
<param pos="0" name="service.certainty" value="0.5"/>
|
616
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:elastic:kibana:-"/>
|
615
617
|
</fingerprint>
|
616
618
|
|
617
619
|
<fingerprint pattern="^(?:ef07026465d7b449a9759132486d1e3b|bcc4933f81eff43e5d9bcc5b2828aa70|b204c198a410e5ee28346c4a2110535e|c00da11c81f9b887eed4123daee89909)$">
|
data/xml/ftp_banners.xml
CHANGED
@@ -360,6 +360,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
360
360
|
<example service.version="1.0.11">=(<*>)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(<*>)=-</example>
|
361
361
|
<example service.version="1.0.11">=(<*>)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(<*>)=-
|
362
362
|
more stuff</example>
|
363
|
+
<param pos="0" name="service.fvendor" value="PureFTPd"/>
|
363
364
|
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
364
365
|
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
365
366
|
<param pos="1" name="service.version"/>
|
@@ -374,16 +375,20 @@ more stuff</example>
|
|
374
375
|
<example>--------- Welcome to Pure-FTPd [privsep] [TLS] ----------
|
375
376
|
more text</example>
|
376
377
|
<param pos="1" name="pureftpd.config"/>
|
378
|
+
<param pos="0" name="service.vendor" value="PureFTPd"/>
|
377
379
|
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
378
380
|
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
381
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:-"/>
|
379
382
|
</fingerprint>
|
380
383
|
|
381
384
|
<fingerprint pattern="^(?:Welcome to )?Pure-FTPd\.?$">
|
382
385
|
<description>Basic Pure-FTPd banner, no version</description>
|
383
386
|
<example>Welcome to Pure-FTPd</example>
|
384
387
|
<example>Pure-FTPd.</example>
|
388
|
+
<param pos="0" name="service.vendor" value="PureFTPd"/>
|
385
389
|
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
386
390
|
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
391
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:-"/>
|
387
392
|
</fingerprint>
|
388
393
|
|
389
394
|
<fingerprint pattern="^=\(.\*.\)=-\.:\. \(\( Welcome to PureFTPd (\d+\..+) \)\) \.:\.-=\(.\*.\)=-" flags="REG_MULTILINE">
|
@@ -391,26 +396,56 @@ more text</example>
|
|
391
396
|
<example service.version="1.1.0">=(<*>)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(<*>)=-</example>
|
392
397
|
<example service.version="1.1.0">=(<*>)=-.:. (( Welcome to PureFTPd 1.1.0 )) .:.-=(<*>)=-
|
393
398
|
more text</example>
|
399
|
+
<param pos="0" name="service.vendor" value="PureFTPd"/>
|
394
400
|
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
395
401
|
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
396
402
|
<param pos="1" name="service.version"/>
|
403
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:{service.version}"/>
|
397
404
|
</fingerprint>
|
398
405
|
|
399
|
-
|
400
|
-
|
406
|
+
<!-- CPEs for Serv-U 15.x and above changed to SolarWinds -->
|
407
|
+
|
408
|
+
<fingerprint pattern="^Serv-U FTP Server v(15\.\S+) ready\.\.\.$">
|
409
|
+
<description>SolarWinds Serv-U with version </description>
|
410
|
+
<example service.version="15.1.3.25">Serv-U FTP Server v15.1.3.25 ready...</example>
|
411
|
+
<param pos="0" name="service.vendor" value="SolarWinds"/>
|
412
|
+
<param pos="0" name="service.product" value="Serv-U FTP Server"/>
|
413
|
+
<param pos="0" name="service.family" value="Serv-U"/>
|
414
|
+
<param pos="1" name="service.version"/>
|
415
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
|
416
|
+
</fingerprint>
|
417
|
+
|
418
|
+
<fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+) for WinSock ready\.*$">
|
419
|
+
<description>Serv-U Serv-U with version on Windows</description>
|
401
420
|
<example service.version="2.5n">Serv-U FTP-Server v2.5n for WinSock ready...</example>
|
402
421
|
<example service.version="6.0">Serv-U FTP Server v6.0 for WinSock ready</example>
|
403
|
-
<
|
404
|
-
<param pos="0" name="service.vendor" value="Rhino Software"/>
|
422
|
+
<param pos="0" name="service.vendor" value="Serv-U"/>
|
405
423
|
<param pos="0" name="service.product" value="Serv-U"/>
|
406
424
|
<param pos="0" name="service.family" value="Serv-U"/>
|
407
425
|
<param pos="1" name="service.version"/>
|
426
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
|
408
427
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
409
428
|
<param pos="0" name="os.family" value="Windows"/>
|
410
429
|
<param pos="0" name="os.product" value="Windows"/>
|
411
430
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
412
431
|
</fingerprint>
|
413
432
|
|
433
|
+
<fingerprint pattern="^Serv-U FTP[ -]Server v(\d+\.\S+) ready\.*$">
|
434
|
+
<description>Serv-U Serv-U with version </description>
|
435
|
+
<example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
|
436
|
+
<example service.version="14.0">Serv-U FTP Server v14.0 ready...</example>
|
437
|
+
<param pos="0" name="service.vendor" value="Serv-U"/>
|
438
|
+
<param pos="0" name="service.product" value="Serv-U"/>
|
439
|
+
<param pos="0" name="service.family" value="Serv-U"/>
|
440
|
+
<param pos="1" name="service.version"/>
|
441
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:serv-u:serv-u:{service.version}"/>
|
442
|
+
</fingerprint>
|
443
|
+
|
444
|
+
<fingerprint pattern="^Welcom to Serv-U FTP Server$">
|
445
|
+
<description>Common FTP banner modification to look like Serv-U -- assert nothing.</description>
|
446
|
+
<example>Welcom to Serv-U FTP Server</example>
|
447
|
+
</fingerprint>
|
448
|
+
|
414
449
|
<fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
|
415
450
|
<description>zftpserver (only runs on Windows)</description>
|
416
451
|
<example service.version="4.0">zFTPServer v4.0, build 2008-12-24 01:41 ready.</example>
|
@@ -427,23 +462,28 @@ more text</example>
|
|
427
462
|
<description>vsFTPd (Very Secure FTP Daemon)</description>
|
428
463
|
<example service.version="1.1.3">(vsFTPd 1.1.3) host</example>
|
429
464
|
<example service.version="2.0.5">(vsFTPd 2.0.5)</example>
|
465
|
+
<param pos="0" name="service.vendor" value="vsFTPd Project"/>
|
430
466
|
<param pos="0" name="service.family" value="vsFTPd"/>
|
431
467
|
<param pos="0" name="service.product" value="vsFTPd"/>
|
432
468
|
<param pos="1" name="service.version"/>
|
469
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:{service.version}"/>
|
433
470
|
<param pos="2" name="host.name"/>
|
434
471
|
</fingerprint>
|
435
472
|
|
436
473
|
<fingerprint pattern="^ready, dude \(vsFTPd (\d+\..+): beat me, break me\)$">
|
437
474
|
<description>vsFTPd (Very Secure FTP Daemon) - break me variant</description>
|
438
475
|
<example service.version="1.1.0">ready, dude (vsFTPd 1.1.0: beat me, break me)</example>
|
476
|
+
<param pos="0" name="service.vendor" value="vsFTPd Project"/>
|
439
477
|
<param pos="0" name="service.family" value="vsFTPd"/>
|
440
478
|
<param pos="0" name="service.product" value="vsFTPd"/>
|
441
479
|
<param pos="1" name="service.version"/>
|
480
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:{service.version}"/>
|
442
481
|
</fingerprint>
|
443
482
|
|
444
483
|
<fingerprint pattern="^vsFTPd ([\d.]+\+ \(ext\.3\)) ready\.\.\.$">
|
445
484
|
<description>vsFTPd (Very Secure FTP Daemon) extended build (vsftpd.devnet.ru)</description>
|
446
485
|
<example service.version="2.0.4+ (ext.3)">vsFTPd 2.0.4+ (ext.3) ready...</example>
|
486
|
+
<param pos="0" name="service.vendor" value="vsFTPd Project"/>
|
447
487
|
<param pos="0" name="service.family" value="vsFTPd"/>
|
448
488
|
<param pos="0" name="service.product" value="vsFTPd Extended"/>
|
449
489
|
<param pos="1" name="service.version"/>
|
@@ -453,8 +493,10 @@ more text</example>
|
|
453
493
|
<description>vsFTPd (Very Secure FTP Daemon) error message</description>
|
454
494
|
<example>OOPS: vsftpd: root is not mounted.</example>
|
455
495
|
<example>OOPS: cannot read user list file:/etc/vsftpd.user_list</example>
|
496
|
+
<param pos="0" name="service.vendor" value="vsFTPd Project"/>
|
456
497
|
<param pos="0" name="service.family" value="vsFTPd"/>
|
457
498
|
<param pos="0" name="service.product" value="vsFTPd"/>
|
499
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:vsftpd_project:vsftpd:-"/>
|
458
500
|
</fingerprint>
|
459
501
|
|
460
502
|
<fingerprint pattern="^FileZilla Server(?: version)? (?:v)?(\d\.[\w.]+(?: beta)?).*$">
|
@@ -463,9 +505,15 @@ more text</example>
|
|
463
505
|
<example service.version="0.9.13a beta">FileZilla Server version 0.9.13a beta</example>
|
464
506
|
<example service.version="0.9.54 beta">FileZilla Server 0.9.54 beta</example>
|
465
507
|
<example service.version="0.9.33 beta">FileZilla Server v0.9.33 beta</example>
|
466
|
-
<param pos="0" name="service.
|
467
|
-
<param pos="0" name="service.
|
508
|
+
<param pos="0" name="service.vendor" value="Filezilla-Project"/>
|
509
|
+
<param pos="0" name="service.family" value="FileZilla FTP"/>
|
510
|
+
<param pos="0" name="service.product" value="FileZilla Server"/>
|
468
511
|
<param pos="1" name="service.version"/>
|
512
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:filezilla-project:filezilla_server:{service.version}"/>
|
513
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
514
|
+
<param pos="0" name="os.family" value="Windows"/>
|
515
|
+
<param pos="0" name="os.product" value="Windows"/>
|
516
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
469
517
|
</fingerprint>
|
470
518
|
|
471
519
|
<fingerprint pattern="^\s*APC FTP server ready\.$">
|
@@ -1292,7 +1340,7 @@ more text</example>
|
|
1292
1340
|
<param pos="0" name="os.product" value="Tru64 Unix"/>
|
1293
1341
|
<param pos="1" name="host.name"/>
|
1294
1342
|
<param pos="2" name="os.version"/>
|
1295
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:hp:
|
1343
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64_unix:{os.version}"/>
|
1296
1344
|
</fingerprint>
|
1297
1345
|
|
1298
1346
|
<fingerprint pattern="^(\S+) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
|
@@ -1315,9 +1363,11 @@ more text</example>
|
|
1315
1363
|
<param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
|
1316
1364
|
</fingerprint>
|
1317
1365
|
|
1318
|
-
<fingerprint pattern="
|
1319
|
-
<description>MikroTik
|
1320
|
-
<example os.version="6.
|
1366
|
+
<fingerprint pattern="^.* FTP server \(MikroTik (\d\.[\w\.]+)\) ready\.?$">
|
1367
|
+
<description>MikroTik with description</description>
|
1368
|
+
<example os.version="6.43.16">Super Thing_Place- FTP server (MikroTik 6.43.16) ready</example>
|
1369
|
+
<example os.version="6.43.16beta2">Super Thing_Place- FTP server (MikroTik 6.43.16beta2) ready</example>
|
1370
|
+
<example os.version="6.43.16rc56">Super Thing_Place- FTP server (MikroTik 6.43.16rc56) ready</example>
|
1321
1371
|
<param pos="0" name="os.vendor" value="MikroTik"/>
|
1322
1372
|
<param pos="0" name="os.product" value="RouterOS"/>
|
1323
1373
|
<param pos="1" name="os.version"/>
|
@@ -1722,4 +1772,15 @@ more text</example>
|
|
1722
1772
|
<param pos="0" name="os.device" value="Printer"/>
|
1723
1773
|
</fingerprint>
|
1724
1774
|
|
1775
|
+
<fingerprint pattern="^SurgeFTP ([\S]+) \(Version ([a-f\d.]+)\)$">
|
1776
|
+
<description>NetWin SurgeFTP</description>
|
1777
|
+
<example service.version="2.3a12">SurgeFTP 192.168.0.0 (Version 2.3a12)</example>
|
1778
|
+
<example host.name="foo.bar.baz">SurgeFTP foo.bar.baz (Version 2.2f9)</example>
|
1779
|
+
<param pos="0" name="service.vendor" value="NetWin"/>
|
1780
|
+
<param pos="0" name="service.product" value="SurgeFTP"/>
|
1781
|
+
<param pos="2" name="service.version"/>
|
1782
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:netwin:surgeftp:{service.version}"/>
|
1783
|
+
<param pos="1" name="host.name"/>
|
1784
|
+
</fingerprint>
|
1785
|
+
|
1725
1786
|
</fingerprints>
|