recog 2.3.14 → 2.3.19

Sign up to get free protection for your applications and to get access to all the features.
Files changed (50) hide show
  1. checksums.yaml +4 -4
  2. data/.github/SECURITY.md +35 -0
  3. data/.github/workflows/ci.yml +26 -0
  4. data/.snyk +10 -0
  5. data/LICENSE +1 -1
  6. data/bin/recog_standardize +2 -2
  7. data/cpe-remap.yaml +55 -14
  8. data/identifiers/hw_device.txt +5 -4
  9. data/identifiers/hw_family.txt +12 -0
  10. data/identifiers/hw_product.txt +76 -6
  11. data/identifiers/os_architecture.txt +0 -10
  12. data/identifiers/os_device.txt +13 -31
  13. data/identifiers/os_family.txt +2 -95
  14. data/identifiers/os_product.txt +34 -117
  15. data/identifiers/service_family.txt +7 -36
  16. data/identifiers/service_product.txt +238 -92
  17. data/identifiers/vendor.txt +78 -193
  18. data/lib/recog/version.rb +1 -1
  19. data/requirements.txt +1 -1
  20. data/update_cpes.py +96 -48
  21. data/xml/dns_versionbind.xml +39 -16
  22. data/xml/favicons.xml +150 -17
  23. data/xml/ftp_banners.xml +21 -19
  24. data/xml/hp_pjl_id.xml +1 -1
  25. data/xml/html_title.xml +200 -23
  26. data/xml/http_cookies.xml +89 -1
  27. data/xml/http_servers.xml +144 -18
  28. data/xml/http_wwwauth.xml +28 -20
  29. data/xml/ldap_searchresult.xml +9 -6
  30. data/xml/mdns_device-info_txt.xml +308 -10
  31. data/xml/ntp_banners.xml +9 -1
  32. data/xml/operating_system.xml +1 -0
  33. data/xml/rtsp_servers.xml +7 -0
  34. data/xml/sip_banners.xml +344 -8
  35. data/xml/sip_user_agents.xml +320 -7
  36. data/xml/smb_native_lm.xml +32 -1
  37. data/xml/smb_native_os.xml +158 -33
  38. data/xml/smtp_banners.xml +7 -2
  39. data/xml/smtp_help.xml +2 -0
  40. data/xml/smtp_vrfy.xml +2 -1
  41. data/xml/snmp_sysdescr.xml +252 -86
  42. data/xml/ssh_banners.xml +118 -11
  43. data/xml/telnet_banners.xml +34 -9
  44. data/xml/tls_jarm.xml +139 -0
  45. data/xml/x509_issuers.xml +24 -5
  46. data/xml/x509_subjects.xml +97 -17
  47. metadata +6 -5
  48. data/identifiers/software_class.txt +0 -26
  49. data/identifiers/software_family.txt +0 -91
  50. data/identifiers/software_product.txt +0 -333
data/xml/ssh_banners.xml CHANGED
@@ -552,7 +552,7 @@
552
552
  </fingerprint>
553
553
 
554
554
  <fingerprint pattern="^OpenSSH_(7\.8) (FreeBSD-20180909)$">
555
- <description>OpenSSH running on FreeBSD 12.0</description>
555
+ <description>OpenSSH running on FreeBSD 12.0/12.1</description>
556
556
  <example service.version="7.8" openssh.comment="FreeBSD-20180909">OpenSSH_7.8 FreeBSD-20180909</example>
557
557
  <param pos="1" name="service.version"/>
558
558
  <param pos="2" name="openssh.comment"/>
@@ -888,9 +888,10 @@
888
888
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:13.04"/>
889
889
  </fingerprint>
890
890
 
891
- <fingerprint pattern="^OpenSSH_(6\.2p2) (Ubuntu-6unbuntu\d(?:\.\d)?)$">
891
+ <fingerprint pattern="^OpenSSH_(6\.2p2) (Ubuntu-6\S*)$">
892
892
  <description>OpenSSH running on Ubuntu 13.10</description>
893
893
  <example service.version="6.2p2" openssh.comment="Ubuntu-6unbuntu0.4">OpenSSH_6.2p2 Ubuntu-6unbuntu0.4</example>
894
+ <example service.version="6.2p2" openssh.comment="Ubuntu-6">OpenSSH_6.2p2 Ubuntu-6</example>
894
895
  <param pos="1" name="service.version"/>
895
896
  <param pos="2" name="openssh.comment"/>
896
897
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -917,10 +918,11 @@
917
918
  <param pos="0" name="service.cpe23" value="cpe:/a:openbsd:openssh:{service.version}"/>
918
919
  </fingerprint>
919
920
 
920
- <fingerprint pattern="^OpenSSH_(6\.6(?:\.\d)?p1) (Ubuntu-2ubuntu\d+(?:\.\d+)?)$">
921
+ <fingerprint pattern="^OpenSSH_(6\.6(?:\.1)?p1) (Ubuntu-2\S*)$">
921
922
  <description>OpenSSH running on Ubuntu 14.04</description>
922
923
  <example service.version="6.6p1" openssh.comment="Ubuntu-2ubuntu1">OpenSSH_6.6p1 Ubuntu-2ubuntu1</example>
923
924
  <example service.version="6.6.1p1" openssh.comment="Ubuntu-2ubuntu2">OpenSSH_6.6.1p1 Ubuntu-2ubuntu2</example>
925
+ <example service.version="6.6.1p1" openssh.comment="Ubuntu-2ubuntu2.13">OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13</example>
924
926
  <param pos="1" name="service.version"/>
925
927
  <param pos="2" name="openssh.comment"/>
926
928
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -950,9 +952,10 @@
950
952
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:14.10"/>
951
953
  </fingerprint>
952
954
 
953
- <fingerprint pattern="^OpenSSH_(6\.7p1) (Ubuntu-5ubuntu\d(?:\.\d)?)$">
955
+ <fingerprint pattern="^OpenSSH_(6\.7p1) (Ubuntu-5\S*)$">
954
956
  <description>OpenSSH running on Ubuntu 15.04 (vivid)</description>
955
957
  <example service.version="6.7p1" openssh.comment="Ubuntu-5ubuntu1">OpenSSH_6.7p1 Ubuntu-5ubuntu1</example>
958
+ <example service.version="6.7p1" openssh.comment="Ubuntu-5ubuntu1.4">OpenSSH_6.7p1 Ubuntu-5ubuntu1.4</example>
956
959
  <param pos="1" name="service.version"/>
957
960
  <param pos="2" name="openssh.comment"/>
958
961
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -966,9 +969,10 @@
966
969
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:15.04"/>
967
970
  </fingerprint>
968
971
 
969
- <fingerprint pattern="^OpenSSH_(6\.9p1) (Ubuntu-2)$">
972
+ <fingerprint pattern="^OpenSSH_(6\.9p1) (Ubuntu-2\S*)$">
970
973
  <description>OpenSSH running on Ubuntu 15.10</description>
971
974
  <example service.version="6.9p1" openssh.comment="Ubuntu-2">OpenSSH_6.9p1 Ubuntu-2</example>
975
+ <example service.version="6.9p1" openssh.comment="Ubuntu-2ubuntu0.2">OpenSSH_6.9p1 Ubuntu-2ubuntu0.2</example>
972
976
  <param pos="1" name="service.version"/>
973
977
  <param pos="2" name="openssh.comment"/>
974
978
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -982,9 +986,11 @@
982
986
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:15.10"/>
983
987
  </fingerprint>
984
988
 
985
- <fingerprint pattern="^OpenSSH_(7\.2p2) (Ubuntu-4ubuntu\d(?:\.\d)?)$">
989
+ <fingerprint pattern="^OpenSSH_(7\.2p2) (Ubuntu-4\S*)$">
986
990
  <description>OpenSSH running on Ubuntu 16.04 (vivid)</description>
987
991
  <example service.version="7.2p2" openssh.comment="Ubuntu-4ubuntu2.7">OpenSSH_7.2p2 Ubuntu-4ubuntu2.7</example>
992
+ <example service.version="7.2p2" openssh.comment="Ubuntu-4ubuntu1">OpenSSH_7.2p2 Ubuntu-4ubuntu1</example>
993
+ <example service.version="7.2p2" openssh.comment="Ubuntu-4">OpenSSH_7.2p2 Ubuntu-4</example>
988
994
  <param pos="1" name="service.version"/>
989
995
  <param pos="2" name="openssh.comment"/>
990
996
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -1030,9 +1036,10 @@
1030
1036
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:17.04"/>
1031
1037
  </fingerprint>
1032
1038
 
1033
- <fingerprint pattern="^OpenSSH_(7\.5p1) (Ubuntu-10ubuntu\d(?:\.\d)?)$">
1039
+ <fingerprint pattern="^OpenSSH_(7\.5p1) (Ubuntu-10\S*)$">
1034
1040
  <description>OpenSSH running on Ubuntu 17.10</description>
1035
1041
  <example service.version="7.5p1" openssh.comment="Ubuntu-10ubuntu0.1">OpenSSH_7.5p1 Ubuntu-10ubuntu0.1</example>
1042
+ <example service.version="7.5p1" openssh.comment="Ubuntu-10">OpenSSH_7.5p1 Ubuntu-10</example>
1036
1043
  <param pos="1" name="service.version"/>
1037
1044
  <param pos="2" name="openssh.comment"/>
1038
1045
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -1046,9 +1053,10 @@
1046
1053
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:17.10"/>
1047
1054
  </fingerprint>
1048
1055
 
1049
- <fingerprint pattern="^OpenSSH_(7\.6p1) (Ubuntu-4ubuntu\d(?:\.\d)?)$">
1056
+ <fingerprint pattern="^OpenSSH_(7\.6p1) (Ubuntu-4\S*)$">
1050
1057
  <description>OpenSSH running on Ubuntu 18.04</description>
1051
1058
  <example service.version="7.6p1" openssh.comment="Ubuntu-4ubuntu0.3">OpenSSH_7.6p1 Ubuntu-4ubuntu0.3</example>
1059
+ <example service.version="7.6p1" openssh.comment="Ubuntu-4">OpenSSH_7.6p1 Ubuntu-4</example>
1052
1060
  <param pos="1" name="service.version"/>
1053
1061
  <param pos="2" name="openssh.comment"/>
1054
1062
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -1062,9 +1070,10 @@
1062
1070
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:18.04"/>
1063
1071
  </fingerprint>
1064
1072
 
1065
- <fingerprint pattern="^OpenSSH_(7\.7p1) (Ubuntu-4)$">
1073
+ <fingerprint pattern="^OpenSSH_(7\.7p1) (Ubuntu-4\S*)$">
1066
1074
  <description>OpenSSH running on Ubuntu 18.10</description>
1067
1075
  <example service.version="7.7p1" openssh.comment="Ubuntu-4">OpenSSH_7.7p1 Ubuntu-4</example>
1076
+ <example service.version="7.7p1" openssh.comment="Ubuntu-4ubuntu0.3">OpenSSH_7.7p1 Ubuntu-4ubuntu0.3</example>
1068
1077
  <param pos="1" name="service.version"/>
1069
1078
  <param pos="2" name="openssh.comment"/>
1070
1079
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -1110,6 +1119,39 @@
1110
1119
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:19.10"/>
1111
1120
  </fingerprint>
1112
1121
 
1122
+ <fingerprint pattern="^OpenSSH_(8\.2p1) (Ubuntu-4\S*)$">
1123
+ <description>OpenSSH running on Ubuntu 20.04</description>
1124
+ <example service.version="8.2p1" openssh.comment="Ubuntu-4ubuntu0.1">OpenSSH_8.2p1 Ubuntu-4ubuntu0.1</example>
1125
+ <example service.version="8.2p1" openssh.comment="Ubuntu-4">OpenSSH_8.2p1 Ubuntu-4</example>
1126
+ <param pos="1" name="service.version"/>
1127
+ <param pos="2" name="openssh.comment"/>
1128
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
1129
+ <param pos="0" name="service.family" value="OpenSSH"/>
1130
+ <param pos="0" name="service.product" value="OpenSSH"/>
1131
+ <param pos="0" name="service.cpe23" value="cpe:/a:openbsd:openssh:{service.version}"/>
1132
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
1133
+ <param pos="0" name="os.family" value="Linux"/>
1134
+ <param pos="0" name="os.product" value="Linux"/>
1135
+ <param pos="0" name="os.version" value="20.04"/>
1136
+ <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:20.04"/>
1137
+ </fingerprint>
1138
+
1139
+ <fingerprint pattern="^OpenSSH_(8\.3p1) (Ubuntu-1\S*)$">
1140
+ <description>OpenSSH running on Ubuntu 20.10</description>
1141
+ <example service.version="8.3p1" openssh.comment="Ubuntu-1">OpenSSH_8.3p1 Ubuntu-1</example>
1142
+ <param pos="1" name="service.version"/>
1143
+ <param pos="2" name="openssh.comment"/>
1144
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
1145
+ <param pos="0" name="service.family" value="OpenSSH"/>
1146
+ <param pos="0" name="service.product" value="OpenSSH"/>
1147
+ <param pos="0" name="service.cpe23" value="cpe:/a:openbsd:openssh:{service.version}"/>
1148
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
1149
+ <param pos="0" name="os.family" value="Linux"/>
1150
+ <param pos="0" name="os.product" value="Linux"/>
1151
+ <param pos="0" name="os.version" value="20.10"/>
1152
+ <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:20.10"/>
1153
+ </fingerprint>
1154
+
1113
1155
  <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Ubuntu-\d\d?)$">
1114
1156
  <description>OpenSSH running on Ubuntu (unknown release)</description>
1115
1157
  <example service.version="7.6p1" openssh.comment="Ubuntu-2">OpenSSH_7.6p1 Ubuntu-2</example>
@@ -1329,9 +1371,56 @@
1329
1371
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:9.0"/>
1330
1372
  </fingerprint>
1331
1373
 
1332
- <fingerprint pattern="^OpenSSH_(7\.9p1) (Debian-10|Debian-\d\d?\+deb10u\d+)$">
1333
- <description>OpenSSH running on Debian 10.x (buster)</description>
1374
+ <fingerprint pattern="^OpenSSH_(7\.9p1) (Debian-10)$">
1375
+ <description>OpenSSH running on Debian 10.0 (buster)</description>
1334
1376
  <example service.version="7.9p1" openssh.comment="Debian-10">OpenSSH_7.9p1 Debian-10</example>
1377
+ <param pos="1" name="service.version"/>
1378
+ <param pos="2" name="openssh.comment"/>
1379
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
1380
+ <param pos="0" name="service.family" value="OpenSSH"/>
1381
+ <param pos="0" name="service.product" value="OpenSSH"/>
1382
+ <param pos="0" name="service.cpe23" value="cpe:/a:openbsd:openssh:{service.version}"/>
1383
+ <param pos="0" name="os.vendor" value="Debian"/>
1384
+ <param pos="0" name="os.family" value="Linux"/>
1385
+ <param pos="0" name="os.product" value="Linux"/>
1386
+ <param pos="0" name="os.version" value="10.0"/>
1387
+ <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:10.0"/>
1388
+ </fingerprint>
1389
+
1390
+ <fingerprint pattern="^OpenSSH_(7\.9p1) (Debian-10\+deb10u1)$">
1391
+ <description>OpenSSH running on Debian 10.1 (buster)</description>
1392
+ <example service.version="7.9p1" openssh.comment="Debian-10+deb10u1">OpenSSH_7.9p1 Debian-10+deb10u1</example>
1393
+ <param pos="1" name="service.version"/>
1394
+ <param pos="2" name="openssh.comment"/>
1395
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
1396
+ <param pos="0" name="service.family" value="OpenSSH"/>
1397
+ <param pos="0" name="service.product" value="OpenSSH"/>
1398
+ <param pos="0" name="service.cpe23" value="cpe:/a:openbsd:openssh:{service.version}"/>
1399
+ <param pos="0" name="os.vendor" value="Debian"/>
1400
+ <param pos="0" name="os.family" value="Linux"/>
1401
+ <param pos="0" name="os.product" value="Linux"/>
1402
+ <param pos="0" name="os.version" value="10.1"/>
1403
+ <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:10.1"/>
1404
+ </fingerprint>
1405
+
1406
+ <fingerprint pattern="^OpenSSH_(7\.9p1) (Debian-10\+deb10u2)$">
1407
+ <description>OpenSSH running on Debian 10.2 (buster)</description>
1408
+ <example service.version="7.9p1" openssh.comment="Debian-10+deb10u2">OpenSSH_7.9p1 Debian-10+deb10u2</example>
1409
+ <param pos="1" name="service.version"/>
1410
+ <param pos="2" name="openssh.comment"/>
1411
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
1412
+ <param pos="0" name="service.family" value="OpenSSH"/>
1413
+ <param pos="0" name="service.product" value="OpenSSH"/>
1414
+ <param pos="0" name="service.cpe23" value="cpe:/a:openbsd:openssh:{service.version}"/>
1415
+ <param pos="0" name="os.vendor" value="Debian"/>
1416
+ <param pos="0" name="os.family" value="Linux"/>
1417
+ <param pos="0" name="os.product" value="Linux"/>
1418
+ <param pos="0" name="os.version" value="10.2"/>
1419
+ <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:10.2"/>
1420
+ </fingerprint>
1421
+
1422
+ <fingerprint pattern="^OpenSSH_(7\.9p1) (Debian-10\S+)$">
1423
+ <description>OpenSSH running on Debian 10.x (buster catchall)</description>
1335
1424
  <example service.version="7.9p1" openssh.comment="Debian-10+deb10u6">OpenSSH_7.9p1 Debian-10+deb10u6</example>
1336
1425
  <param pos="1" name="service.version"/>
1337
1426
  <param pos="2" name="openssh.comment"/>
@@ -2019,7 +2108,12 @@
2019
2108
  <param pos="0" name="os.vendor" value="NetApp"/>
2020
2109
  <param pos="0" name="os.family" value="Data ONTAP"/>
2021
2110
  <param pos="0" name="os.product" value="Data ONTAP"/>
2111
+ <param pos="0" name="os.device" value="NAS"/>
2022
2112
  <param pos="0" name="os.cpe23" value="cpe:/o:netapp:data_ontap:-"/>
2113
+ <param pos="0" name="hw.vendor" value="NetApp"/>
2114
+ <param pos="0" name="hw.family" value="Data ONTAP"/>
2115
+ <param pos="0" name="hw.product" value="Data ONTAP"/>
2116
+ <param pos="0" name="hw.device" value="NAS"/>
2023
2117
  </fingerprint>
2024
2118
 
2025
2119
  <fingerprint pattern="^(\d\.\d+\.\d+) SSH Secure Shell OpenVMS V\d+\.\d+$">
@@ -2125,6 +2219,19 @@
2125
2219
  <param pos="0" name="service.product" value="WeOnlyDo SSH Server"/>
2126
2220
  </fingerprint>
2127
2221
 
2222
+ <fingerprint pattern="^Zyxel SSH server$">
2223
+ <description>Zyxel Firewall SSH service</description>
2224
+ <example>Zyxel SSH server</example>
2225
+ <param pos="0" name="service.vendor" value="Zyxel"/>
2226
+ <param pos="0" name="service.family" value="Zywall"/>
2227
+ <param pos="0" name="os.vendor" value="Zyxel"/>
2228
+ <param pos="0" name="os.product" value="ZyNOS firmware"/>
2229
+ <param pos="0" name="os.cpe23" value="cpe:/o:zyxel:zynos_firmware:-"/>
2230
+ <param pos="0" name="hw.vendor" value="Zyxel"/>
2231
+ <param pos="0" name="hw.device" value="Firewall"/>
2232
+ <param pos="0" name="hw.family" value="Unified Security Gateway"/>
2233
+ </fingerprint>
2234
+
2128
2235
  <!--
2129
2236
  1.2.22j4rad
2130
2237
  2.40
@@ -550,7 +550,7 @@
550
550
  </example>
551
551
  <param pos="0" name="hw.vendor" value="Grandstream"/>
552
552
  <param pos="0" name="hw.family" value="GXV"/>
553
- <param pos="0" name="hw.device" value="Web cam"/>
553
+ <param pos="0" name="hw.device" value="IP Camera"/>
554
554
  <param pos="1" name="hw.product"/>
555
555
  </fingerprint>
556
556
 
@@ -617,7 +617,7 @@
617
617
  <param pos="0" name="hw.vendor" value="SMA Solar Technology Ag"/>
618
618
  <param pos="0" name="hw.family" value="Sunny"/>
619
619
  <param pos="0" name="hw.product" value="WebBox"/>
620
- <param pos="0" name="hw.device" value="Power device"/>
620
+ <param pos="0" name="hw.device" value="Power Device"/>
621
621
  <param pos="0" name="os.vendor" value="Microsoft"/>
622
622
  <param pos="0" name="os.family" value="Windows"/>
623
623
  <param pos="0" name="os.product" value="Windows CE"/>
@@ -1064,6 +1064,7 @@
1064
1064
  <param pos="0" name="hw.family" value="EDR"/>
1065
1065
  <param pos="0" name="hw.device" value="Router"/>
1066
1066
  <param pos="0" name="hw.product" value="EDR-G902"/>
1067
+ <param pos="0" name="hw.cpe23" value="cpe:/h:moxa:edr-g902:-"/>
1067
1068
  <param pos="0" name="os.vendor" value="Moxa"/>
1068
1069
  <param pos="0" name="os.family" value="EDR"/>
1069
1070
  <param pos="0" name="os.device" value="Router"/>
@@ -1234,7 +1235,7 @@
1234
1235
  </fingerprint>
1235
1236
 
1236
1237
  <fingerprint pattern="^Welcome to ViewStation">
1237
- <description>Polycom ViewStation Video Vonference System</description>
1238
+ <description>Polycom ViewStation Video Conference System</description>
1238
1239
  <!-- Welcome to ViewStation\nPassword: -->
1239
1240
 
1240
1241
  <example _encoding="base64">
@@ -1252,7 +1253,7 @@
1252
1253
  Rmxvd1BvaW50LzIyMDAgU0RTTCBbQVRNXSBSb3V0ZXIgZnAyMjAwLTEyIHYzLjAuMiBSZWFkeQpMb2dpbjog
1253
1254
  </example>
1254
1255
  <param pos="0" name="os.vendor" value="FlowPoint"/>
1255
- <param pos="0" name="hw.device" value="Broadband router"/>
1256
+ <param pos="0" name="hw.device" value="Broadband Router"/>
1256
1257
  <param pos="0" name="hw.product" value="DSL Router"/>
1257
1258
  <param pos="1" name="hw.model"/>
1258
1259
  <param pos="2" name="os.version"/>
@@ -1267,7 +1268,7 @@
1267
1268
  MpIDIwMDEtMjAwMyBieSBHbG9iZXNwYW5WaXJhdGEsIEluYy4KCgpsb2dpbjog
1268
1269
  </example>
1269
1270
  <param pos="0" name="os.vendor" value="Conexant"/>
1270
- <param pos="0" name="hw.device" value="Broadband router"/>
1271
+ <param pos="0" name="hw.device" value="Broadband Router"/>
1271
1272
  <param pos="1" name="os.version"/>
1272
1273
  </fingerprint>
1273
1274
 
@@ -1491,7 +1492,12 @@
1491
1492
  <param pos="0" name="os.vendor" value="NetApp"/>
1492
1493
  <param pos="0" name="os.family" value="Data ONTAP"/>
1493
1494
  <param pos="0" name="os.product" value="Data ONTAP"/>
1495
+ <param pos="0" name="os.device" value="NAS"/>
1494
1496
  <param pos="0" name="os.cpe23" value="cpe:/o:netapp:data_ontap:-"/>
1497
+ <param pos="0" name="hw.vendor" value="NetApp"/>
1498
+ <param pos="0" name="hw.family" value="Data ONTAP"/>
1499
+ <param pos="0" name="hw.product" value="Data ONTAP"/>
1500
+ <param pos="0" name="hw.device" value="NAS"/>
1495
1501
  </fingerprint>
1496
1502
 
1497
1503
  <fingerprint pattern="OpenVMS.*Version\sV([^\s]+).*">
@@ -1573,7 +1579,7 @@
1573
1579
  T1JUPj4+TE9HT04gUEFTU1dPUkQ+My4yNyoqKioqKg==
1574
1580
  </example>
1575
1581
  <param pos="0" name="os.vendor" value="Conexant"/>
1576
- <param pos="0" name="os.device" value="Broadband router"/>
1582
+ <param pos="0" name="os.device" value="Broadband Router"/>
1577
1583
  <param pos="0" name="os.product" value="AccessRunner ADSL router"/>
1578
1584
  </fingerprint>
1579
1585
 
@@ -1586,7 +1592,7 @@
1586
1592
  RoZSBjb25uZWN0aW9uIHJlcXVlc3QgISEh
1587
1593
  </example>
1588
1594
  <param pos="0" name="hw.vendor" value="DrayTek"/>
1589
- <param pos="0" name="hw.device" value="Broadband router"/>
1595
+ <param pos="0" name="hw.device" value="Broadband Router"/>
1590
1596
  <param pos="0" name="hw.product" value="Vigor"/>
1591
1597
  </fingerprint>
1592
1598
 
@@ -1943,9 +1949,9 @@
1943
1949
  <example _encoding="base64" os.version="2.90.00">
1944
1950
  UHJlY2lzZS9SVENTIHYyLjkwLjAwIFRlbG5ldCBzZXJ2ZXIKCgpTZXJ2aWNlIFBvcnQgTWFuYWdlciBBY3RpdmUKCjxFc2M+IEVuZHMgU2Vzc2lvbgoKroot
1945
1951
  </example>
1946
- <param pos="0" name="hw.device" value="Power device"/>
1952
+ <param pos="0" name="hw.device" value="Power Device"/>
1947
1953
  <param pos="0" name="hw.vendor" value="Liebert"/>
1948
- <param pos="0" name="os.device" value="Power device"/>
1954
+ <param pos="0" name="os.device" value="Power Device"/>
1949
1955
  <param pos="0" name="os.vendor" value="Liebert"/>
1950
1956
  <param pos="1" name="os.version"/>
1951
1957
  </fingerprint>
@@ -2065,4 +2071,23 @@
2065
2071
  <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
2066
2072
  </fingerprint>
2067
2073
 
2074
+ <fingerprint pattern="^(?:\r|\n|\s)*UDP/TCP/IP Stack: ACT Video security">
2075
+ <description>ACT Security IP Cameras</description>
2076
+ <!--
2077
+ UDP/TCP/IP Stack: ACT Video security\r\n
2078
+ V5.8\r\n
2079
+ Welcome connection : 192.168.0.1:61300\r\n
2080
+ \r\n
2081
+ Password:
2082
+ -->
2083
+
2084
+ <example _encoding="base64">
2085
+ VURQL1RDUC9JUCBTdGFjazogQUNUIFZpZGVvIHNlY3VyaXR5DQpWNS44DQpX
2086
+ ZWxjb21lIGNvbm5lY3Rpb24gOiAxOTIuMTY4LjAuMTo2MTMwMA0KDQpQYXNz
2087
+ d29yZDog
2088
+ </example>
2089
+ <param pos="0" name="hw.vendor" value="ACT Security"/>
2090
+ <param pos="0" name="hw.device" value="IP Camera"/>
2091
+ </fingerprint>
2092
+
2068
2093
  </fingerprints>
data/xml/tls_jarm.xml ADDED
@@ -0,0 +1,139 @@
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
+ <fingerprints matches="tls.jarm" protocol="tls" database_type="service">
3
+ <!--
4
+ Fingerprint based on https://github.com/salesforce/jarm
5
+ -->
6
+
7
+ <fingerprint pattern="^2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa|2ad2ad16d2ad2ad22c2ad2ad2ad2adce2e4c8c53174ecbf5529ce7584d5518$|2ad2ad16d2ad2ad22c42d42d000000d342d5966a57139eeaff9f8bc4841b25$">
8
+ <description>Tor relay</description>
9
+ <example>2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa</example>
10
+ <example>2ad2ad16d2ad2ad22c2ad2ad2ad2adce2e4c8c53174ecbf5529ce7584d5518</example>
11
+ <example>2ad2ad16d2ad2ad22c42d42d000000d342d5966a57139eeaff9f8bc4841b25</example>
12
+ <param pos="0" name="service.product" value="Tor"/>
13
+ <param pos="0" name="service.vendor" value="Tor Project"/>
14
+ <param pos="0" name="service.cpe23" value="cpe:/a:torproject:tor:-"/>
15
+ </fingerprint>
16
+
17
+ <fingerprint pattern="^2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d$">
18
+ <description>Synology NAS</description>
19
+ <example>2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d</example>
20
+ <param pos="0" name="os.device" value="NAS"/>
21
+ <param pos="0" name="os.family" value="Linux"/>
22
+ <param pos="0" name="os.product" value="DSM"/>
23
+ <param pos="0" name="os.vendor" value="Synology"/>
24
+ <param pos="0" name="hw.vendor" value="Synology"/>
25
+ <param pos="0" name="hw.device" value="NAS"/>
26
+ </fingerprint>
27
+
28
+ <fingerprint pattern="^2ad2ad16d2ad2ad22c2ad2ad2ad2ad7e5e7dc6f569c9c16238278a408347ef$">
29
+ <description>Ubiquiti EdgeRouter</description>
30
+ <example>2ad2ad16d2ad2ad22c2ad2ad2ad2ad7e5e7dc6f569c9c16238278a408347ef</example>
31
+ <param pos="0" name="hw.vendor" value="Ubiquiti"/>
32
+ <param pos="0" name="hw.device" value="Router"/>
33
+ <param pos="0" name="hw.Product" value="EdgeRouter X"/>
34
+ <param pos="0" name="os.vendor" value="Ubiquiti"/>
35
+ <param pos="0" name="os.family" value="Linux"/>
36
+ <param pos="0" name="os.device" value="Router"/>
37
+ </fingerprint>
38
+
39
+ <fingerprint pattern="^07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d$">
40
+ <description>Metasploit listener</description>
41
+ <example>07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d</example>
42
+ <param pos="0" name="service.vendor" value="Rapid7"/>
43
+ <param pos="0" name="service.product" value="Metasploit"/>
44
+ <param pos="0" name="service.cpe23" value="cpe:/a:rapid7:metasploit:-"/>
45
+ </fingerprint>
46
+
47
+ <!-- This fingerprint matches Java's TLS stack,
48
+ see https://blog.cobaltstrike.com/2020/12/08/a-red-teamer-plays-with-jarm/ for details -->
49
+
50
+ <fingerprint pattern="^07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1$">
51
+ <description>Cobalt Strike listener</description>
52
+ <example>07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1</example>
53
+ <param pos="0" name="service.vendor" value="Strategic Cyber LLC"/>
54
+ <param pos="0" name="service.product" value="Cobalt Strike Listener"/>
55
+ <param pos="0" name="service.certainty" value="0.3"/>
56
+ </fingerprint>
57
+
58
+ <fingerprint pattern="^04b02b00004b04b04b04b02b04b04b9674c6b4e623ae36cc2d998e99e2262e$">
59
+ <description>Ligowave WiFi access point</description>
60
+ <example>04b02b00004b04b04b04b02b04b04b9674c6b4e623ae36cc2d998e99e2262e</example>
61
+ <param pos="0" name="hw.vendor" value="Ligowave"/>
62
+ <param pos="0" name="hw.product" value="Infinity Controler"/>
63
+ </fingerprint>
64
+
65
+ <fingerprint pattern="^06d06d07d06d06d06c06d06d06d06d7991b0b1ad2cbf06082e3b1a9dcaaa8d$">
66
+ <description>D-Link DCS-825L WiFi baby camera</description>
67
+ <example>06d06d07d06d06d06c06d06d06d06d7991b0b1ad2cbf06082e3b1a9dcaaa8d</example>
68
+ <param pos="0" name="hw.vendor" value="D-Link"/>
69
+ <param pos="0" name="hw.product" value="DCS-825L"/>
70
+ </fingerprint>
71
+
72
+ <fingerprint pattern="^0ed3dd16d25d00000042d43d000000e9435856b7ee99e87c06831602602f2d$">
73
+ <description>LANCOM Systems - 883 VoIP</description>
74
+ <example>0ed3dd16d25d00000042d43d000000e9435856b7ee99e87c06831602602f2d</example>
75
+ <param pos="0" name="hw.vendor" value="LANCOM Systems"/>
76
+ <param pos="0" name="hw.product" value="883 VoIP"/>
77
+ </fingerprint>
78
+
79
+ <fingerprint pattern="^21d14d00021d21d21c42d43d00041d320c989d4ed06a7e9d3133ba36bb2752$">
80
+ <description>Apple CUPS - web interface</description>
81
+ <example>21d14d00021d21d21c42d43d00041d320c989d4ed06a7e9d3133ba36bb2752</example>
82
+ <param pos="0" name="service.vendor" value="Apple"/>
83
+ <param pos="0" name="service.product" value="CUPS"/>
84
+ <param pos="0" name="service.family" value="CUPS"/>
85
+ <param pos="0" name="service.cpe23" value="cpe:/a:apple:cups:-"/>
86
+ </fingerprint>
87
+
88
+ <fingerprint pattern="^0bd14d0000bd0bd0000bd14d0bd0bd6b64279c20472e17718ddea38ab610fa$">
89
+ <description>Netgear R Series</description>
90
+ <example>0bd14d0000bd0bd0000bd14d0bd0bd6b64279c20472e17718ddea38ab610fa</example>
91
+ <param pos="0" name="hw.vendor" value="Netgear"/>
92
+ <param pos="0" name="hw.product" value="R Series"/>
93
+ </fingerprint>
94
+
95
+ <fingerprint pattern="^2ad2ad16d2ad2ad07c2ad2ad2ad2ad4271ee10d978b0aecbc22f1de60ab611$">
96
+ <description>Netgear Orbi-micro</description>
97
+ <example>2ad2ad16d2ad2ad07c2ad2ad2ad2ad4271ee10d978b0aecbc22f1de60ab611</example>
98
+ <param pos="0" name="hw.vendor" value="Netgear"/>
99
+ <param pos="0" name="hw.product" value="Orbi micro"/>
100
+ <param pos="0" name="hw.device" value="WAP"/>
101
+ <param pos="0" name="hw.family" value="Orbi"/>
102
+ </fingerprint>
103
+
104
+ <fingerprint pattern="^04d02d00004d04d04c04d02d04d04d9674c6b4e623ae36cc2d998e99e2262e$">
105
+ <description>Netgear D Series</description>
106
+ <example>04d02d00004d04d04c04d02d04d04d9674c6b4e623ae36cc2d998e99e2262e</example>
107
+ <param pos="0" name="hw.vendor" value="Netgear"/>
108
+ <param pos="0" name="hw.product" value="D Series"/>
109
+ </fingerprint>
110
+
111
+ <fingerprint pattern="^21d3fd00021d21d21c21d3fd21d21d89188428dae58757cf803176e9701156$">
112
+ <description>Chromecast</description>
113
+ <example>21d3fd00021d21d21c21d3fd21d21d89188428dae58757cf803176e9701156</example>
114
+ <param pos="0" name="os.vendor" value="Google"/>
115
+ <param pos="0" name="os.product" value="Chrome OS"/>
116
+ <param pos="0" name="os.cpe23" value="cpe:/o:google:chrome_os:-"/>
117
+ <param pos="0" name="hw.device" value="Media Server"/>
118
+ <param pos="0" name="hw.vendor" value="Google"/>
119
+ <param pos="0" name="hw.product" value="Chromecast"/>
120
+ </fingerprint>
121
+
122
+ <fingerprint pattern="^21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601$">
123
+ <description>VMWare ESXi</description>
124
+ <example>21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601</example>
125
+ <param pos="0" name="os.vendor" value="VMware"/>
126
+ <param pos="0" name="os.family" value="VMware ESX/ESXi"/>
127
+ <param pos="0" name="os.product" value="ESXi"/>
128
+ <param pos="0" name="os.device" value="Hypervisor"/>
129
+ <param pos="0" name="os.cpe23" value="cpe:/o:vmware:esxi:-"/>
130
+ <param pos="0" name="hw.device" value="Hypervisor"/>
131
+ </fingerprint>
132
+
133
+ <fingerprint pattern="^29d21b20d29d29d21c41d21b21b41d494e0df9532e75299f15ba73156cee38$">
134
+ <description>Merlin C2</description>
135
+ <example>29d21b20d29d29d21c41d21b21b41d494e0df9532e75299f15ba73156cee38</example>
136
+ <param pos="0" name="service.product" value="Merlin"/>
137
+ </fingerprint>
138
+
139
+ </fingerprints>