RubyGems - recog - Versions diffs - 2.3.15 → 2.3.20 - Mend

recog 2.3.15 → 2.3.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (53) hide show

checksums.yaml +4 -4
data/.github/workflows/ci.yml +26 -0
data/.snyk +10 -0
data/LICENSE +1 -1
data/bin/recog_standardize +8 -2
data/cpe-remap.yaml +314 -170
data/identifiers/README.md +24 -10
data/identifiers/fields.txt +104 -0
data/identifiers/hw_device.txt +5 -4
data/identifiers/hw_family.txt +17 -0
data/identifiers/hw_product.txt +87 -6
data/identifiers/os_architecture.txt +0 -10
data/identifiers/os_device.txt +12 -31
data/identifiers/os_family.txt +2 -94
data/identifiers/os_product.txt +45 -124
data/identifiers/service_family.txt +14 -37
data/identifiers/service_product.txt +283 -88
data/identifiers/vendor.txt +99 -192
data/lib/recog/version.rb +1 -1
data/requirements.txt +1 -1
data/update_cpes.py +110 -49
data/xml/apache_modules.xml +60 -0
data/xml/dns_versionbind.xml +40 -17
data/xml/favicons.xml +163 -20
data/xml/ftp_banners.xml +25 -25
data/xml/hp_pjl_id.xml +1 -1
data/xml/html_title.xml +561 -51
data/xml/http_cookies.xml +266 -61
data/xml/http_servers.xml +472 -96
data/xml/http_wwwauth.xml +53 -26
data/xml/ldap_searchresult.xml +10 -6
data/xml/mdns_device-info_txt.xml +308 -10
data/xml/ntp_banners.xml +15 -1
data/xml/operating_system.xml +1 -0
data/xml/rtsp_servers.xml +7 -0
data/xml/sip_banners.xml +346 -8
data/xml/sip_user_agents.xml +321 -7
data/xml/smb_native_lm.xml +32 -1
data/xml/smb_native_os.xml +158 -33
data/xml/smtp_banners.xml +48 -7
data/xml/smtp_expn.xml +1 -0
data/xml/smtp_help.xml +2 -0
data/xml/smtp_vrfy.xml +3 -1
data/xml/snmp_sysdescr.xml +211 -42
data/xml/ssh_banners.xml +127 -14
data/xml/telnet_banners.xml +44 -14
data/xml/tls_jarm.xml +140 -0
data/xml/x509_issuers.xml +179 -7
data/xml/x509_subjects.xml +252 -35
metadata +6 -5
data/identifiers/software_class.txt +0 -26
data/identifiers/software_family.txt +0 -91
data/identifiers/software_product.txt +0 -333

data/xml/sip_user_agents.xml CHANGED Viewed

@@ -4,13 +4,97 @@
   SIP User Agent header values are matched against these patterns to fingerprint SIP devices.
   -->
+  <!-- Generic high volume matches -->
+  <fingerprint pattern="^SIP/2.0$">
+    <description>Generic SIP/2.0 response -- assert nothing.</description>
+    <example>SIP/2.0</example>
+  </fingerprint>
+  <fingerprint pattern="^TP-Link SIP Stack V1.0.0$">
+    <description>TP-Link SIP enabled device</description>
+    <example>TP-Link SIP Stack V1.0.0</example>
+    <param pos="0" name="hw.vendor" value="TP-LINK"/>
+  </fingerprint>
+  <fingerprint pattern="^DLink VoIP Stack$">
+    <description>DLink SIP enabled device</description>
+    <example>DLink VoIP Stack</example>
+    <param pos="0" name="hw.vendor" value="D-Link"/>
+  </fingerprint>
+  <fingerprint pattern="^Home&amp;Life HUB/([\d.]+)$">
+    <description>Zyxel home routers</description>
+    <example>Home&amp;Life HUB/1.1.26.00</example>
+    <param pos="0" name="os.vendor" value="Zyxel"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="Router"/>
+    <param pos="0" name="hw.vendor" value="Zyxel"/>
+    <param pos="0" name="hw.device" value="Router"/>
+  </fingerprint>
+  <!-- Technicolor devices -->
+  <fingerprint pattern="^Technicolor / VANT-6 / AGTOT_([\d.]+) / AGTOT_[\d.]+$">
+    <description>Technicolor TG789vac Router</description>
+    <example os.version="2.1.4">Technicolor / VANT-6 / AGTOT_2.1.4 / AGTOT_2.1.4</example>
+    <param pos="0" name="os.vendor" value="Technicolor"/>
+    <param pos="0" name="os.device" value="Router"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="Technicolor"/>
+    <param pos="0" name="hw.product" value="TG789vac"/>
+    <param pos="0" name="hw.device" value="Router"/>
+  </fingerprint>
+  <fingerprint pattern="^Technicolor / VANT-6$">
+    <description>Technicolor TG789vac Router w/o version string</description>
+    <example>Technicolor / VANT-6</example>
+    <param pos="0" name="os.vendor" value="Technicolor"/>
+    <param pos="0" name="os.device" value="Router"/>
+    <param pos="0" name="hw.vendor" value="Technicolor"/>
+    <param pos="0" name="hw.product" value="TG789vac"/>
+    <param pos="0" name="hw.device" value="Router"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:Technicolor|MediaAccess) (TG[\w]+) (?:v\d )?Build (\d+\.[\w.-]+)(?: CP\w+)?$">
+    <description>Technicolor TGxxx Router with build info</description>
+    <example hw.product="TG784n" os.version="10.2.1.O">Technicolor TG784n v3 Build 10.2.1.O</example>
+    <example hw.product="TG789vn" os.version="10.5.2.Z.EC">Technicolor TG789vn v3 Build 10.5.2.Z.EC</example>
+    <example>MediaAccess TG789vac v2 Build 10.5.8.Y.GX CP1916SAQHD</example>
+    <example hw.product="TG799vn" os.version="10.5.2.T.JF">Technicolor TG799vn v2 Build 10.5.2.T.JF</example>
+    <example hw.product="TG788vn" os.version="10.5.2.S.GD">MediaAccess TG788vn v2 Build 10.5.2.S.GD</example>
+    <example hw.product="TG799vac" os.version="17.2.0405-1021">MediaAccess TG799vac Build 17.2.0405-1021</example>
+    <example hw.product="TG389">MediaAccess TG389 Build 10.5.2.T.AQ</example>
+    <param pos="0" name="os.vendor" value="Technicolor"/>
+    <param pos="0" name="os.device" value="Router"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="Technicolor"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="Router"/>
+  </fingerprint>
+  <!-- Thomson was an older name for Technicolor-->
+  <fingerprint pattern="^Thomson (TG[\w]+) (?:v\d )?Build (\d+\.[\w.-]+)(?: CP\w+)?$">
+    <description>Thomson TGxxx Router with build info</description>
+    <example hw.product="TG784" os.version="8.4.2.Q">Thomson TG784 Build 8.4.2.Q</example>
+    <example hw.product="TG784n" os.version="8.4.H.F">Thomson TG784n Build 8.4.H.F</example>
+    <example hw.product="TG797n" os.version="8.C.D.9">Thomson TG797n v2 Build 8.C.D.9</example>
+    <param pos="0" name="os.vendor" value="Thomson"/>
+    <param pos="0" name="os.device" value="Router"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="Thomson"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="Router"/>
+  </fingerprint>
   <!-- Axis devices -->
   <fingerprint pattern="(?i)^AXIS (\S+) Network Video Door Station$">
     <description>Axis Network Video Door stations, which have voice</description>
     <example hw.product="A8105-E">AXIS A8105-E Network Video Door Station</example>
     <param pos="0" name="hw.vendor" value="Axis"/>
-    <param pos="0" name="hw.device" value="Web cam"/>
+    <param pos="0" name="hw.device" value="IP Camera"/>
     <param pos="0" name="hw.family" value="Network Video Door Station"/>
     <param pos="1" name="hw.product"/>
     <param pos="0" name="os.vendor" value="AXIS"/>
@@ -43,10 +127,12 @@
   <!-- AVM.DE Devices -->
   <fingerprint pattern="^FRITZ!OS$">
-    <description>AVM FritzOS Device</description>
+    <description>AVM Fritz!OS Device</description>
     <example>FRITZ!OS</example>
     <param pos="0" name="os.vendor" value="AVM"/>
-    <param pos="0" name="os.product" value="FRITZ!BOX"/>
+    <param pos="0" name="os.product" value="FRITZ!OS"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:avm:fritz\!os:-"/>
+    <param pos="0" name="hw.vendor" value="AVM"/>
   </fingerprint>
   <fingerprint pattern="^(?:AVM )?(FRITZ!Box .*) +(\d+\.\d+\.\d+)">
@@ -67,6 +153,8 @@
     <param pos="0" name="os.family" value="FRITZ!Box"/>
     <param pos="1" name="os.product"/>
     <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="AVM"/>
+    <param pos="0" name="hw.family" value="FRITZ!Box"/>
   </fingerprint>
   <fingerprint pattern="^(?:AVM )?(FRITZ!Fon .*) +(\d+\.\d+\.\d+)">
@@ -77,15 +165,19 @@
     <param pos="0" name="os.family" value="FRITZ!Fon"/>
     <param pos="1" name="os.product"/>
     <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="AVM"/>
+    <param pos="0" name="hw.family" value="FRITZ!Fon"/>
   </fingerprint>
   <fingerprint pattern="^(?:AVM )?(Multibox .*) +(\d+\.\d+\.\d+)">
-    <description>AVM Multibox</description>
+    <description>AVM Multibox - Generic</description>
     <example>AVM Multibox 7390 NGN 84.05.09 (Jan 13 2012)</example>
     <param pos="0" name="os.vendor" value="AVM"/>
     <param pos="0" name="os.family" value="Multibox"/>
     <param pos="1" name="os.product"/>
     <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="AVM"/>
+    <param pos="1" name="hw.product"/>
   </fingerprint>
   <!-- Huawei devices -->
@@ -100,7 +192,7 @@
     <description>Huawei Home Gateway</description>
     <example>Huawei-HomeGateway/V100R001</example>
     <param pos="0" name="hw.vendor" value="Huawei"/>
-    <param pos="0" name="hw.device" value="Broadband router"/>
+    <param pos="0" name="hw.device" value="Broadband Router"/>
     <param pos="0" name="hw.product" value="Home Gateway"/>
   </fingerprint>
@@ -108,7 +200,7 @@
     <description>Huawei EchoLife Home Gateway</description>
     <example hw.model="HG8121H">HUAWEI-EchoLife HG8121H/V3R018C00S110</example>
     <param pos="0" name="hw.vendor" value="Huawei"/>
-    <param pos="0" name="hw.device" value="Broadband router"/>
+    <param pos="0" name="hw.device" value="Broadband Router"/>
     <param pos="0" name="hw.product" value="EchoLife Home Gateway"/>
     <param pos="1" name="hw.model"/>
   </fingerprint>
@@ -196,7 +288,7 @@
     <param pos="2" name="hw.version"/>
   </fingerprint>
-  <fingerprint pattern="^Nero SIPPS IP Phone Version ([\d\.]+)+$">
+  <fingerprint pattern="^Nero SIPPS IP Phone Version ([\d\.]+)$">
     <description>Nero SIPPS IP Phone</description>
     <example service.version="2.0.51.16">Nero SIPPS IP Phone Version 2.0.51.16</example>
     <param pos="0" name="service.vendor" value="Nero"/>
@@ -245,4 +337,226 @@
     <param pos="1" name="hw.product"/>
   </fingerprint>
+  <!-- Grandstream -->
+  <!-- The next few fingerprints could be merged but are split to enable CPEs -->
+  <fingerprint pattern="^Grandstream HT818 ([\d.]+)$">
+    <description>Grandstream Handy Tone HT818</description>
+    <example os.version="1.0.8.7">Grandstream HT818 1.0.8.7</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="HT818 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht818_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="HT818"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht818:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Grandstream HT814 ([\d.]+)$">
+    <description>Grandstream Handy Tone HT814</description>
+    <example os.version="1.0.9.3">Grandstream HT814 1.0.9.3</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="HT814 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht814_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="HT814"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht814:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Grandstream HT813 ([\d.]+)$">
+    <description>Grandstream Handy Tone HT813</description>
+    <example os.version="1.0.1.2">Grandstream HT813 1.0.1.2</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="HT813 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht813_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="HT813"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht813:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Grandstream HT812 ([\d.]+)$">
+    <description>Grandstream Handy Tone HT812</description>
+    <example os.version="1.0.3.5">Grandstream HT812 1.0.3.5</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="HT812 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht812_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="HT812"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht812:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Grandstream HT802 ([\d.]+)$">
+    <description>Grandstream Handy Tone HT802</description>
+    <example os.version="1.0.3.2">Grandstream HT802 1.0.3.2</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="HT802 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht802_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="HT802"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht802:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Grandstream HT801 ([\d.]+)$">
+    <description>Grandstream Handy Tone HT801</description>
+    <example os.version="1.0.3.2">Grandstream HT801 1.0.3.2</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="HT801 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht801_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="HT801"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht801:-"/>
+  </fingerprint>
+  <!-- Grandstream Handy Tone catchall for when CPEs aren't required for vuln mapping-->
+  <fingerprint pattern="^Grandstream (HT7\d\d) ([\d.]+)$">
+    <description>Grandstream Handy Tone HT7xx</description>
+    <example hw.product="HT701" os.version="1.0.8.2">Grandstream HT701 1.0.8.2</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="{hw.product} Firmware"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+  </fingerprint>
+  <!-- The next few fingerprints could be merged but are split to enable CPEs -->
+  <fingerprint pattern="^Grandstream GXP2200 ([\d.]+)$">
+    <description>Grandstream GXP SIP Phone GXP2200</description>
+    <example os.version="1.0.3.27">Grandstream GXP2200 1.0.3.27</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="GXP2200 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Device"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:gxp2200_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="GXP2200"/>
+    <param pos="0" name="hw.device" value="SIP Device"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:gxp2200:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Grandstream GXP1628 ([\d.]+)$">
+    <description>Grandstream GXP SIP Phone GXP1628</description>
+    <example os.version="1.0.7.6">Grandstream GXP1628 1.0.7.6</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="GXP1628 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Device"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:gxp1628_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="GXP1628"/>
+    <param pos="0" name="hw.device" value="SIP Device"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:gxp1628:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Grandstream GXP1625 ([\d.]+)$">
+    <description>Grandstream GXP SIP Phone GXP1625</description>
+    <example os.version="1.0.4.128">Grandstream GXP1625 1.0.4.128</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="GXP1625 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Device"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:gxp1625_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="GXP1625"/>
+    <param pos="0" name="hw.device" value="SIP Device"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:gxp1625:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Grandstream GXP1615 ([\d.]+)$">
+    <description>Grandstream GXP SIP Phone GXP1615</description>
+    <example os.version="1.0.4.128">Grandstream GXP1615 1.0.4.128</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="GXP1615 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Device"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:gxp1615_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="GXP1615"/>
+    <param pos="0" name="hw.device" value="SIP Device"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:gxp1615:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Grandstream GXP1610 ([\d.]+)$">
+    <description>Grandstream GXP SIP Phone GXP1610</description>
+    <example os.version="1.0.4.138">Grandstream GXP1610 1.0.4.138</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="GXP1610 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Device"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:gxp1610_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="GXP1610"/>
+    <param pos="0" name="hw.device" value="SIP Device"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:gxp1610:-"/>
+  </fingerprint>
+  <!-- Grandstream GXP catchall for when CPEs aren't required for vuln mapping-->
+  <fingerprint pattern="^Grandstream (GXP\d\d\d\d) ([\d.]+)$">
+    <description>Grandstream GXP SIP Phone</description>
+    <example hw.product="GXP2135" os.version="1.0.9.108">Grandstream GXP2135 1.0.9.108</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="{hw.product} Firmware"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Device"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="SIP Device"/>
+  </fingerprint>
+  <fingerprint pattern="^FortiVoice/([\w.-]+)$">
+    <description>Fortinet FortiVoice</description>
+    <example service.version="7.31b00">FortiVoice/7.31b00</example>
+    <example service.version="5.2.95-5">FortiVoice/5.2.95-5</example>
+    <param pos="0" name="service.vendor" value="Fortinet"/>
+    <param pos="0" name="service.product" value="FortiVoice"/>
+    <param pos="0" name="service.device" value="SIP Gateway"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:fortinet:fortivoice:{service.version}"/>
+    <param pos="0" name="hw.vendor" value="Fortinet"/>
+    <param pos="0" name="hw.family" value="FortiVoice"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+  </fingerprint>
+  <fingerprint pattern="^FreeSWITCH$">
+    <description>FreeSWITCH FreeSWITCH without version</description>
+    <example>FreeSWITCH</example>
+    <param pos="0" name="service.vendor" value="FreeSWITCH"/>
+    <param pos="0" name="service.product" value="FreeSWITCH"/>
+    <param pos="0" name="service.device" value="SIP Gateway"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:freeswitch:freeswitch:-"/>
+  </fingerprint>
+  <fingerprint pattern="^FreeSWITCH-mod_sofia/([\d.]+)">
+    <description>FreeSWITCH FreeSWITCH with version, mod_sofia</description>
+    <example service.version="1.10.4">FreeSWITCH-mod_sofia/1.10.4-release+git~20200805T110119Z~133fc2c870~64bit</example>
+    <example service.version="1.6.20">FreeSWITCH-mod_sofia/1.6.20~64bit</example>
+    <param pos="0" name="service.vendor" value="FreeSWITCH"/>
+    <param pos="0" name="service.product" value="FreeSWITCH"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.device" value="SIP Gateway"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:freeswitch:freeswitch:{service.version}"/>
+  </fingerprint>
 </fingerprints>

data/xml/smb_native_lm.xml CHANGED Viewed

@@ -40,7 +40,7 @@
   <fingerprint pattern="^Samba (\d\.\d+.\d+\w*)">
     <description>Samba</description>
     <example>Samba 3.0.24</example>
-    <example>Samba 3.0.28a</example>
+    <example service.version="3.0.28a">Samba 3.0.28a</example>
     <example>Samba 3.0.32-0.2-2210-SUSE-SL10.3</example>
     <example>Samba 3.6.3</example>
     <example>Samba 3.6.6</example>
@@ -51,6 +51,20 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
   </fingerprint>
+  <fingerprint pattern="^Samba (?:Samba )?for GuardianOS v\.?(\d\.[\d.]+)$">
+    <description>Samba on a SnapServer appliance</description>
+    <example os.version="4.3.007.200609131215">Samba Samba for GuardianOS v4.3.007.200609131215</example>
+    <example os.version="5.0.133.200807301131">Samba Samba for GuardianOS v5.0.133.200807301131</example>
+    <example os.version="7.7.220">Samba for GuardianOS v.7.7.220</example>
+    <param pos="0" name="service.vendor" value="Samba"/>
+    <param pos="0" name="service.product" value="Samba"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:-"/>
+    <param pos="0" name="os.vendor" value="SnapServer"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="GuardianOS"/>
+    <param pos="1" name="os.version"/>
+  </fingerprint>
   <fingerprint pattern="^Netreon LANMAN 1.0$">
     <description>Netreon SAN software</description>
     <example>Netreon LANMAN 1.0</example>
@@ -67,4 +81,21 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:-"/>
   </fingerprint>
+  <fingerprint pattern="^NQ (\d\.\d+)$">
+    <description>Visuality Systems NQ Enterprise Storage SMB stack</description>
+    <example service.version="7.3">NQ 7.3</example>
+    <example service.version="4.32">NQ 4.32</example>
+    <param pos="0" name="service.vendor" value="Visuality Systems"/>
+    <param pos="0" name="service.product" value="NQ"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^YNQ (\d\.[\d.]+)$">
+    <description>Visuality Systems YNQ Storage SMB stack</description>
+    <example service.version="1.2.1">YNQ 1.2.1</example>
+    <param pos="0" name="service.vendor" value="Visuality Systems"/>
+    <param pos="0" name="service.product" value="YNQ"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
 </fingerprints>

data/xml/smb_native_os.xml CHANGED Viewed

@@ -2,6 +2,9 @@
 <fingerprints matches="smb.native_os" protocol="smb" database_type="util.os">
   <!--
     SMB fingerprints obtained from the Native OS field of SMB negotations
+    NOTE: os.version is used to capture Service Pack for Microsoft Windows.
+          This is inconsistent with other OSs and CPE generation and should
+          be reviewed for correction.
   -->
   <fingerprint pattern="^(Windows NT \d\.\d+)$">
@@ -39,6 +42,11 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:-"/>
   </fingerprint>
+  <fingerprint pattern="^Windows 6.1$">
+    <description>Spoofed value often used by Samba -- assert nothing.</description>
+    <example>Windows 6.1</example>
+  </fingerprint>
   <fingerprint pattern="^Windows XP (\d+) (Service Pack \d+)$">
     <description>Windows XP with Service Pack</description>
     <example os.build="2600" os.version="Service Pack 1">Windows XP 2600 Service Pack 1</example>
@@ -195,7 +203,7 @@
   <!-- TODO: Need an example string -->
   <fingerprint pattern="^Windows \(R\) Storage Server 2008 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
-    <description>Windows Web Server 2008 Storage</description>
+    <description>Windows Server 2008 Storage</description>
     <param pos="0" name="os.certainty" value="1.0"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.product" value="Windows Server 2008"/>
@@ -216,8 +224,6 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
   </fingerprint>
-  <!-- TODO: Need an example string -->
   <fingerprint pattern="^Windows Server 2008 HPC Edition (\d+)$">
     <description>Windows Web Server 2008 HPC</description>
     <example>Windows Server 2008 HPC Edition 7600</example>
@@ -257,30 +263,6 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
   </fingerprint>
-  <fingerprint pattern="^Windows Server 2016(?: Technical Preview \d+)? (\w+|\w+ \w+|\w+ \w+ \w+)(?: Evaluation)? (\d+)$">
-    <description>Windows Server 2016 with a build, without service pack</description>
-    <example os.edition="Datacenter" os.build="14393">Windows Server 2016 Datacenter 14393</example>
-    <example os.edition="Standard" os.build="14393">Windows Server 2016 Standard Evaluation 14393</example>
-    <example os.edition="Essentials" os.build="10586">Windows Server 2016 Technical Preview 4 Essentials 10586</example>
-    <param pos="0" name="os.certainty" value="1.0"/>
-    <param pos="0" name="os.vendor" value="Microsoft"/>
-    <param pos="0" name="os.product" value="Windows Server 2016"/>
-    <param pos="1" name="os.edition"/>
-    <param pos="2" name="os.build"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
-  </fingerprint>
-  <fingerprint pattern="^Windows Storage Server 2016 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
-    <description>Windows Server 2016 Storage</description>
-    <example os.build="14393">Windows Storage Server 2016 Standard 14393</example>
-    <param pos="0" name="os.certainty" value="1.0"/>
-    <param pos="0" name="os.vendor" value="Microsoft"/>
-    <param pos="0" name="os.product" value="Windows Server 2016"/>
-    <param pos="0" name="os.edition" value="Storage"/>
-    <param pos="1" name="os.build"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
-  </fingerprint>
   <fingerprint pattern="^Windows Web Server 2008 R2 (\d+) (Service Pack \d+)$">
     <description>Windows Server 2008 R2 Web</description>
     <example os.version="Service Pack 1">Windows Web Server 2008 R2 7601 Service Pack 1</example>
@@ -316,6 +298,81 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
   </fingerprint>
+  <fingerprint pattern="^Hyper-V Server 7601 Service Pack 1$">
+    <description>Windows Server 2008 R2 Hyper-V</description>
+    <example>Hyper-V Server 7601 Service Pack 1</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
+    <param pos="0" name="os.edition" value="Hyper-V"/>
+    <param pos="0" name="os.build" value="7601"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
+  </fingerprint>
+  <!-- Windows 2019 -->
+  <fingerprint pattern="^Windows Server 2019 (\w+|\w+ \w+|\w+ \w+ \w+)(?: Evaluation)? (\d+)$">
+    <description>Windows Server 2019 with a build, without service pack</description>
+    <example os.build="17763" os.edition="Standard">Windows Server 2019 Standard 17763</example>
+    <example os.build="17763" os.edition="Standard">Windows Server 2019 Standard Evaluation 17763</example>
+    <example os.build="17763" os.edition="Datacenter">Windows Server 2019 Datacenter 17763</example>
+    <example os.build="17763" os.edition="Essentials">Windows Server 2019 Essentials 17763</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2019"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2019:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Hyper-V Server 2019  (\d+)$">
+    <description>Windows Server 2019 Hyper-V</description>
+    <example os.build="17763">Hyper-V Server 2019  17763</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2019"/>
+    <param pos="0" name="os.edition" value="Hyper-V"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2019:-"/>
+  </fingerprint>
+  <!-- Windows 2016 -->
+  <fingerprint pattern="^Windows Server 2016(?: Technical Preview \d+)? (\w+|\w+ \w+|\w+ \w+ \w+)(?: Evaluation)? (\d+)$">
+    <description>Windows Server 2016 with a build, without service pack</description>
+    <example os.edition="Datacenter" os.build="14393">Windows Server 2016 Datacenter 14393</example>
+    <example os.edition="Standard" os.build="14393">Windows Server 2016 Standard Evaluation 14393</example>
+    <example os.edition="Essentials" os.build="10586">Windows Server 2016 Technical Preview 4 Essentials 10586</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2016"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Windows Storage Server 2016 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows Server 2016 Storage</description>
+    <example os.build="14393">Windows Storage Server 2016 Standard 14393</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2016"/>
+    <param pos="0" name="os.edition" value="Storage"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Hyper-V Server 2016 (\d+)$">
+    <description>Windows Server 2016 Hyper-V</description>
+    <example os.build="14393">Hyper-V Server 2016 14393</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2016"/>
+    <param pos="0" name="os.edition" value="Hyper-V"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
+  </fingerprint>
   <fingerprint pattern="^Windows Vista \(TM\) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
     <description>Windows Vista (SP)</description>
     <example os.edition="Home Premium" os.version="Service Pack 2">Windows Vista (TM) Home Premium 6002 Service Pack 2</example>
@@ -385,10 +442,9 @@
   <!-- Windows 2012 R2 matches go first to simplify the regular expressions -->
-  <!-- TODO: Need an example string -->
   <fingerprint pattern="^Windows Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
     <description>Windows Server 2012 R2 (SP)</description>
+    <example os.build="9600" os.edition="Standard" os.version="Service Pack 1">Windows Server 2012 R2 Standard 9600 Service Pack 1</example>
     <param pos="0" name="os.certainty" value="1.0"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
@@ -400,7 +456,7 @@
   <fingerprint pattern="^Windows Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
     <description>Windows Server 2012 R2</description>
-    <example os.edition="Standard">Windows Server 2012 R2 Standard 9600</example>
+    <example os.build="9600" os.edition="Standard">Windows Server 2012 R2 Standard 9600</example>
     <param pos="0" name="os.certainty" value="1.0"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
@@ -409,10 +465,35 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
   </fingerprint>
-  <!-- TODO: Need an example string -->
+  <fingerprint pattern="^Windows Storage Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows Server 2012 R2 Storage</description>
+    <example os.build="9600" os.edition="Standard">Windows Storage Server 2012 R2 Standard 9600</example>
+    <example os.build="9600" os.edition="Workgroup">Windows Storage Server 2012 R2 Workgroup 9600</example>
+    <example os.build="9600" os.edition="Essentials">Windows Storage Server 2012 R2 Essentials 9600</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Hyper-V Server 2012 R2 (\d+)$">
+    <description>Windows Server 2012 R2 Hyper-V</description>
+    <example os.build="9600">Hyper-V Server 2012 R2 9600</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
+    <param pos="0" name="os.edition" value="Hyper-V"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
+  </fingerprint>
+  <!-- Windows 2012 -->
   <fingerprint pattern="^Windows Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
     <description>Windows Server 2012 (SP)</description>
+    <example os.build="9200" os.edition="Standard" os.version="Service Pack 1">Windows Server 2012 Standard 9200 Service Pack 1</example>
     <param pos="0" name="os.certainty" value="1.0"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.product" value="Windows Server 2012"/>
@@ -433,6 +514,29 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
   </fingerprint>
+  <fingerprint pattern="^Windows Storage Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows Server 2012 Storage</description>
+    <example os.build="9200" os.edition="Standard">Windows Storage Server 2012 Standard 9200</example>
+    <example os.build="9200" os.edition="Workgroup">Windows Storage Server 2012 Workgroup 9200</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Hyper-V Server 2012 (\d+)$">
+    <description>Windows Server 2012 Hyper-V</description>
+    <example os.build="9200">Hyper-V Server 2012 9200</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012"/>
+    <param pos="0" name="os.edition" value="Hyper-V"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
+  </fingerprint>
   <fingerprint pattern="^Windows MultiPoint Server 2012 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
     <description>Windows MultiPoint Server 2012 (SP)</description>
     <example os.build="9201" os.version="Service Pack 1">Windows MultiPoint Server 2012 Premium 9201 Service Pack 1</example>
@@ -487,7 +591,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_10:-"/>
   </fingerprint>
-  <fingerprint pattern="^VxWorks">
+  <fingerprint pattern="^VxWorks$">
     <description>VxWorks</description>
     <example>VxWorks</example>
     <param pos="0" name="os.certainty" value="0.5"/>
@@ -498,9 +602,10 @@
     <param pos="0" name="service.product" value="VxWorks CIFS"/>
   </fingerprint>
-  <fingerprint pattern="^OS/400 \D(\d+)\D(\d+)\D(\d+)">
+  <fingerprint pattern="^OS/?400 \D(\d+)\D(\d+)\D(\d+)$">
     <description>OS/400</description>
     <example os.version="4" os.version.version="5" os.version.version.version="0">OS/400 V4R5M0</example>
+    <example os.version="5" os.version.version="4" os.version.version.version="5">OS400 V5R4M5</example>
     <param pos="0" name="os.vendor" value="IBM"/>
     <param pos="0" name="os.product" value="OS/400"/>
     <param pos="1" name="os.version"/>
@@ -509,6 +614,17 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:{os.version}"/>
   </fingerprint>
+  <fingerprint pattern="^I5OS \D(\d+)\D(\d+)\D(\d+)$">
+    <description>IBM i5/OS</description>
+    <example os.version="6" os.version.version="1" os.version.version.version="1">I5OS V6R1M1</example>
+    <param pos="0" name="os.vendor" value="IBM"/>
+    <param pos="0" name="os.product" value="i5/OS"/>
+    <param pos="1" name="os.version"/>
+    <param pos="2" name="os.version.version"/>
+    <param pos="3" name="os.version.version.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:ibm:i5os:{os.version}"/>
+  </fingerprint>
   <fingerprint pattern="^Apple Base Station$">
     <description>SMB exposed via SMB shared USB disks on Apple devices</description>
     <example>Apple Base Station</example>
@@ -529,6 +645,7 @@
     <param pos="0" name="hw.vendor" value="EMC"/>
     <param pos="0" name="hw.device" value="Storage"/>
     <param pos="0" name="hw.product" value="Celerra"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:emc:celerra_network_attached_storage:-"/>
   </fingerprint>
   <fingerprint pattern="^Netreon OS 1.0$">
@@ -537,6 +654,14 @@
     <param pos="0" name="service.vendor" value="Netreon"/>
   </fingerprint>
+  <fingerprint pattern="^QTS$">
+    <description>QNAP QTS</description>
+    <example>QTS</example>
+    <param pos="0" name="os.vendor" value="QNAP"/>
+    <param pos="0" name="os.product" value="QTS"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:qnap:qts:-"/>
+  </fingerprint>
   <!-- VisionFS -->
   <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)ai(\d{4})">