recog 2.3.15 → 2.3.20
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +26 -0
- data/.snyk +10 -0
- data/LICENSE +1 -1
- data/bin/recog_standardize +8 -2
- data/cpe-remap.yaml +314 -170
- data/identifiers/README.md +24 -10
- data/identifiers/fields.txt +104 -0
- data/identifiers/hw_device.txt +5 -4
- data/identifiers/hw_family.txt +17 -0
- data/identifiers/hw_product.txt +87 -6
- data/identifiers/os_architecture.txt +0 -10
- data/identifiers/os_device.txt +12 -31
- data/identifiers/os_family.txt +2 -94
- data/identifiers/os_product.txt +45 -124
- data/identifiers/service_family.txt +14 -37
- data/identifiers/service_product.txt +283 -88
- data/identifiers/vendor.txt +99 -192
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/update_cpes.py +110 -49
- data/xml/apache_modules.xml +60 -0
- data/xml/dns_versionbind.xml +40 -17
- data/xml/favicons.xml +163 -20
- data/xml/ftp_banners.xml +25 -25
- data/xml/hp_pjl_id.xml +1 -1
- data/xml/html_title.xml +561 -51
- data/xml/http_cookies.xml +266 -61
- data/xml/http_servers.xml +472 -96
- data/xml/http_wwwauth.xml +53 -26
- data/xml/ldap_searchresult.xml +10 -6
- data/xml/mdns_device-info_txt.xml +308 -10
- data/xml/ntp_banners.xml +15 -1
- data/xml/operating_system.xml +1 -0
- data/xml/rtsp_servers.xml +7 -0
- data/xml/sip_banners.xml +346 -8
- data/xml/sip_user_agents.xml +321 -7
- data/xml/smb_native_lm.xml +32 -1
- data/xml/smb_native_os.xml +158 -33
- data/xml/smtp_banners.xml +48 -7
- data/xml/smtp_expn.xml +1 -0
- data/xml/smtp_help.xml +2 -0
- data/xml/smtp_vrfy.xml +3 -1
- data/xml/snmp_sysdescr.xml +211 -42
- data/xml/ssh_banners.xml +127 -14
- data/xml/telnet_banners.xml +44 -14
- data/xml/tls_jarm.xml +140 -0
- data/xml/x509_issuers.xml +179 -7
- data/xml/x509_subjects.xml +252 -35
- metadata +6 -5
- data/identifiers/software_class.txt +0 -26
- data/identifiers/software_family.txt +0 -91
- data/identifiers/software_product.txt +0 -333
data/lib/recog/version.rb
CHANGED
data/requirements.txt
CHANGED
@@ -1,2 +1,2 @@
|
|
1
|
-
lxml==4.
|
1
|
+
lxml==4.6.3
|
2
2
|
pyyaml
|
data/update_cpes.py
CHANGED
@@ -1,28 +1,37 @@
|
|
1
1
|
#!/usr/bin/env python
|
2
2
|
|
3
|
-
import yaml
|
4
3
|
import logging
|
5
4
|
import re
|
6
5
|
import sys
|
7
6
|
|
7
|
+
import yaml
|
8
8
|
from lxml import etree
|
9
9
|
|
10
10
|
def parse_r7_remapping(file):
|
11
11
|
with open(file) as remap_file:
|
12
|
-
return yaml.
|
12
|
+
return yaml.safe_load(remap_file)["mappings"]
|
13
13
|
|
14
14
|
def parse_cpe_vp_map(file):
|
15
15
|
vp_map = {} # cpe_type -> vendor -> products
|
16
16
|
parser = etree.XMLParser(remove_comments=False)
|
17
17
|
doc = etree.parse(file, parser)
|
18
18
|
namespaces = {'ns': 'http://cpe.mitre.org/dictionary/2.0', 'meta': 'http://scap.nist.gov/schema/cpe-dictionary-metadata/0.2'}
|
19
|
-
for
|
19
|
+
for entry in doc.xpath("//ns:cpe-list/ns:cpe-item", namespaces=namespaces):
|
20
|
+
cpe_name = entry.get("name")
|
21
|
+
if not cpe_name:
|
22
|
+
continue
|
23
|
+
|
24
|
+
# If the entry is deprecated then don't add it to our list of valid CPEs.
|
25
|
+
if entry.get("deprecated"):
|
26
|
+
continue
|
27
|
+
|
20
28
|
cpe_match = re.match('^cpe:/([aho]):([^:]+):([^:]+)', cpe_name)
|
29
|
+
|
21
30
|
if cpe_match:
|
22
31
|
cpe_type, vendor, product = cpe_match.group(1, 2, 3)
|
23
|
-
if not
|
32
|
+
if cpe_type not in vp_map:
|
24
33
|
vp_map[cpe_type] = {}
|
25
|
-
if not
|
34
|
+
if vendor not in vp_map[cpe_type]:
|
26
35
|
vp_map[cpe_type][vendor] = set()
|
27
36
|
product = product.replace('%2f', '/')
|
28
37
|
vp_map[cpe_type][vendor].add(product)
|
@@ -34,12 +43,12 @@ def parse_cpe_vp_map(file):
|
|
34
43
|
def main():
|
35
44
|
if len(sys.argv) != 4:
|
36
45
|
logging.critical("Expecting exactly 3 arguments; recog XML file, CPE 2.3 XML dictionary, JSON remapping, got %s", (len(sys.argv) - 1))
|
37
|
-
exit(1)
|
46
|
+
sys.exit(1)
|
38
47
|
|
39
48
|
cpe_vp_map = parse_cpe_vp_map(sys.argv[2])
|
40
49
|
if not cpe_vp_map:
|
41
50
|
logging.critical("No CPE vendor => product mappings read from CPE 2.3 XML dictionary %s", sys.argv[2])
|
42
|
-
exit(1)
|
51
|
+
sys.exit(1)
|
43
52
|
|
44
53
|
r7_vp_map = parse_r7_remapping(sys.argv[3])
|
45
54
|
if not r7_vp_map:
|
@@ -47,6 +56,86 @@ def main():
|
|
47
56
|
|
48
57
|
update_cpes(sys.argv[1], cpe_vp_map, r7_vp_map)
|
49
58
|
|
59
|
+
def lookup_cpe(vendor, product, cpe_type, cpe_table, remap):
|
60
|
+
"""Identify the correct vendor and product values for a CPE
|
61
|
+
|
62
|
+
This function attempts to determine the correct CPE using vendor and product
|
63
|
+
values supplied by the caller as well as a remapping dictionary for mapping
|
64
|
+
these values to more correct values used by NIST.
|
65
|
+
|
66
|
+
For example, the remapping might tell us that a value of 'alpine' for the
|
67
|
+
vendor string should be 'aplinelinux' instead, or for product 'solaris'
|
68
|
+
should be 'sunos'.
|
69
|
+
|
70
|
+
This function should only emit values seen in the official NIST CPE list
|
71
|
+
which is provided to it in cpe_table.
|
72
|
+
|
73
|
+
Lookup priority:
|
74
|
+
1. Original vendor / product
|
75
|
+
2. Original vendor / remap product
|
76
|
+
3. Remap vendor / original product
|
77
|
+
4. Remap vendor / remap product
|
78
|
+
|
79
|
+
Args:
|
80
|
+
vendor (str): vendor name
|
81
|
+
product (str): product name
|
82
|
+
cpe_type (str): CPE type - o, a, h, etc.
|
83
|
+
cpe_table (dict): dict containing the official NIST CPE data
|
84
|
+
remap (dict): dict containing the remapping values
|
85
|
+
Returns:
|
86
|
+
success, vendor, product
|
87
|
+
"""
|
88
|
+
|
89
|
+
if (
|
90
|
+
vendor in cpe_table[cpe_type]
|
91
|
+
and product in cpe_table[cpe_type][vendor]
|
92
|
+
):
|
93
|
+
# Hot path, success with original values
|
94
|
+
return True, vendor, product
|
95
|
+
|
96
|
+
# Everything else depends on a remap of some sort.
|
97
|
+
# get the remappings for this one vendor string.
|
98
|
+
vendor_remap = None
|
99
|
+
|
100
|
+
remap_type = remap.get(cpe_type, None)
|
101
|
+
if remap_type:
|
102
|
+
vendor_remap = remap_type.get(vendor, None)
|
103
|
+
|
104
|
+
if vendor_remap:
|
105
|
+
# If we have product remappings, work that angle next
|
106
|
+
possible_product = None
|
107
|
+
if (
|
108
|
+
vendor_remap.get('products', None)
|
109
|
+
and product in vendor_remap['products']
|
110
|
+
):
|
111
|
+
possible_product = vendor_remap['products'][product]
|
112
|
+
|
113
|
+
if (vendor in cpe_table[cpe_type]
|
114
|
+
and possible_product
|
115
|
+
and possible_product in cpe_table[cpe_type][vendor]):
|
116
|
+
# Found original vendor, remap product
|
117
|
+
return True, vendor, possible_product
|
118
|
+
|
119
|
+
# Start working the process to find a match with a remapped vendor name
|
120
|
+
if vendor_remap.get('vendor', None):
|
121
|
+
new_vendor = vendor_remap['vendor']
|
122
|
+
|
123
|
+
if new_vendor in cpe_table[cpe_type]:
|
124
|
+
|
125
|
+
if product in cpe_table[cpe_type][new_vendor]:
|
126
|
+
# Found remap vendor, original product
|
127
|
+
return True, new_vendor, product
|
128
|
+
|
129
|
+
if possible_product and possible_product in cpe_table[cpe_type][new_vendor]:
|
130
|
+
# Found remap vendor, remap product
|
131
|
+
return True, new_vendor, possible_product
|
132
|
+
|
133
|
+
|
134
|
+
logging.error("Product %s from vendor %s invalid for CPE %s and no mapping",
|
135
|
+
product, vendor, cpe_type)
|
136
|
+
return False, None, None
|
137
|
+
|
138
|
+
|
50
139
|
def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
|
51
140
|
parser = etree.XMLParser(remove_comments=False, remove_blank_text=True)
|
52
141
|
doc = etree.parse(xml_file, parser)
|
@@ -114,55 +203,27 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
|
|
114
203
|
continue
|
115
204
|
|
116
205
|
vendor = vendor.lower().replace(' ', '_').replace(',', '')
|
117
|
-
product = product.lower().replace(' ', '_').replace(',', '')
|
206
|
+
product = product.lower().replace(' ', '_').replace(',', '').replace('!', '%21')
|
118
207
|
if 'unknown' in [vendor, product]:
|
119
208
|
continue
|
120
209
|
|
121
210
|
if (vendor.startswith('{') and vendor.endswith('}')) or (product.startswith('{') and product.endswith('}')):
|
122
211
|
continue
|
123
212
|
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
logging.error("Vendor %s invalid for CPE %s and no remapping (product %s)", vendor, cpe_type, product)
|
135
|
-
continue
|
136
|
-
|
137
|
-
|
138
|
-
# if the product as specified is not found in the CPE dictionary for this vendor
|
139
|
-
if not product in cpe_vp_map[cpe_type][vendor]:
|
140
|
-
# if this vendor has a remapping from R7
|
141
|
-
if og_vendor in r7_vp_map and 'products' in r7_vp_map[og_vendor]:
|
142
|
-
# if this product has a remapping for this vendor from R7
|
143
|
-
if product in r7_vp_map[og_vendor]['products']:
|
144
|
-
og_product = product
|
145
|
-
product = r7_vp_map[og_vendor]['products'][product]
|
146
|
-
# ensure that the remapped product is valid for the given vendor in CPE
|
147
|
-
if not product in cpe_vp_map[cpe_type][vendor]:
|
148
|
-
logging.error("Remapped product %s (remapped from %s) from vendor %s invalid for CPE %s", product, og_product, vendor, cpe_type)
|
149
|
-
continue
|
150
|
-
else:
|
151
|
-
if remapped_vendor:
|
152
|
-
logging.error("Product %s from vendor %s (remapped from %s) invalid for CPE %s and no mapping", product, vendor, og_vendor, cpe_type)
|
153
|
-
else:
|
154
|
-
logging.error("Product %s from vendor %s invalid for CPE %s and no mapping", product, vendor, cpe_type)
|
155
|
-
continue
|
156
|
-
else:
|
157
|
-
if remapped_vendor:
|
158
|
-
logging.error("Vendor %s (remapped from %s) is valid for CPE %s but product %s not valid and no mapping", vendor, og_vendor, cpe_type, product)
|
159
|
-
else:
|
160
|
-
logging.error("Vendor %s is valid for CPE %s but product %s not valid and no mapping", vendor, cpe_type, product)
|
161
|
-
continue
|
213
|
+
success, vendor, product = lookup_cpe(vendor, product, cpe_type, cpe_vp_map, r7_vp_map)
|
214
|
+
if not success:
|
215
|
+
continue
|
216
|
+
|
217
|
+
# Sanity check the value to ensure that no invalid values will
|
218
|
+
# slip in due to logic or mapping bugs.
|
219
|
+
# If it's not in the official NIST list then log it and kick it out
|
220
|
+
if product not in cpe_vp_map[cpe_type][vendor]:
|
221
|
+
logging.error("Invalid CPE type %s created for vendor %s and product %s. This may be due to an invalid mapping.", cpe_type, vendor, product)
|
222
|
+
continue
|
162
223
|
|
163
224
|
# building the CPE string
|
164
|
-
# Last minute escaping of '/'
|
165
|
-
product = product.replace('/', '\/')
|
225
|
+
# Last minute escaping of '/' and `!`
|
226
|
+
product = product.replace('/', '\/').replace('%21', '\!')
|
166
227
|
cpe_value = 'cpe:/{}:{}:{}'.format(cpe_type, vendor, product)
|
167
228
|
|
168
229
|
if version:
|
@@ -185,5 +246,5 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
|
|
185
246
|
xml_out.write(etree.tostring(root, pretty_print=True, xml_declaration=True, encoding=doc.docinfo.encoding))
|
186
247
|
|
187
248
|
if __name__ == '__main__':
|
188
|
-
try: exit(main())
|
249
|
+
try: sys.exit(main())
|
189
250
|
except KeyboardInterrupt: pass
|
data/xml/apache_modules.xml
CHANGED
@@ -220,6 +220,36 @@
|
|
220
220
|
<param pos="0" name="service.component.product" value="mod_auth_ldap"/>
|
221
221
|
</fingerprint>
|
222
222
|
|
223
|
+
<fingerprint pattern="mod_auth_oracle/(\S+)$">
|
224
|
+
<description>mod_auth_oracle with version</description>
|
225
|
+
<example service.component.version="1.2.3">mod_auth_oracle/1.2.3</example>
|
226
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
227
|
+
<param pos="0" name="service.component.product" value="mod_auth_oracle"/>
|
228
|
+
<param pos="1" name="service.component.version"/>
|
229
|
+
</fingerprint>
|
230
|
+
|
231
|
+
<fingerprint pattern="mod_auth_oracle/?$">
|
232
|
+
<description>mod_auth_oracle without version</description>
|
233
|
+
<example>mod_auth_oracle/</example>
|
234
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
235
|
+
<param pos="0" name="service.component.product" value="mod_auth_oracle"/>
|
236
|
+
</fingerprint>
|
237
|
+
|
238
|
+
<fingerprint pattern="mod_auth_pgsql/(\S+)$">
|
239
|
+
<description>mod_auth_pgsql with version</description>
|
240
|
+
<example service.component.version="1.2.3">mod_auth_pgsql/1.2.3</example>
|
241
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
242
|
+
<param pos="0" name="service.component.product" value="mod_auth_pgsql"/>
|
243
|
+
<param pos="1" name="service.component.version"/>
|
244
|
+
</fingerprint>
|
245
|
+
|
246
|
+
<fingerprint pattern="mod_auth_pgsql/?$">
|
247
|
+
<description>mod_auth_pgsql without version</description>
|
248
|
+
<example>mod_auth_pgsql/</example>
|
249
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
250
|
+
<param pos="0" name="service.component.product" value="mod_auth_pgsql"/>
|
251
|
+
</fingerprint>
|
252
|
+
|
223
253
|
<fingerprint pattern="mod_auth_radius/(\S+)$">
|
224
254
|
<description>mod_auth_radius with version</description>
|
225
255
|
<example service.component.version="1.2.3">mod_auth_radius/1.2.3</example>
|
@@ -978,6 +1008,36 @@
|
|
978
1008
|
<param pos="0" name="service.component.product" value="mod_filter"/>
|
979
1009
|
</fingerprint>
|
980
1010
|
|
1011
|
+
<fingerprint pattern="mod_frontpage/(\S+)$">
|
1012
|
+
<description>mod_frontpage with version</description>
|
1013
|
+
<example service.component.version="1.2.3">mod_frontpage/1.2.3</example>
|
1014
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
1015
|
+
<param pos="0" name="service.component.product" value="mod_frontpage"/>
|
1016
|
+
<param pos="1" name="service.component.version"/>
|
1017
|
+
</fingerprint>
|
1018
|
+
|
1019
|
+
<fingerprint pattern="mod_frontpage/?$">
|
1020
|
+
<description>mod_frontpage without version</description>
|
1021
|
+
<example>mod_frontpage/</example>
|
1022
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
1023
|
+
<param pos="0" name="service.component.product" value="mod_frontpage"/>
|
1024
|
+
</fingerprint>
|
1025
|
+
|
1026
|
+
<fingerprint pattern="mod_gzip/(\S+)$">
|
1027
|
+
<description>mod_gzip with version</description>
|
1028
|
+
<example service.component.version="1.2.3">mod_gzip/1.2.3</example>
|
1029
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
1030
|
+
<param pos="0" name="service.component.product" value="mod_gzip"/>
|
1031
|
+
<param pos="1" name="service.component.version"/>
|
1032
|
+
</fingerprint>
|
1033
|
+
|
1034
|
+
<fingerprint pattern="mod_gzip/?$">
|
1035
|
+
<description>mod_gzip without version</description>
|
1036
|
+
<example>mod_gzip/</example>
|
1037
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
1038
|
+
<param pos="0" name="service.component.product" value="mod_gzip"/>
|
1039
|
+
</fingerprint>
|
1040
|
+
|
981
1041
|
<fingerprint pattern="mod_headers/(\S+)$">
|
982
1042
|
<description>mod_headers with version</description>
|
983
1043
|
<example service.component.version="1.2.3">mod_headers/1.2.3</example>
|
data/xml/dns_versionbind.xml
CHANGED
@@ -427,7 +427,7 @@
|
|
427
427
|
<param pos="0" name="service.cpe23" value="cpe:/a:powerdns:authoritative_server:{service.version}"/>
|
428
428
|
</fingerprint>
|
429
429
|
|
430
|
-
<fingerprint pattern="^PowerDNS Authoritative Server (\d\.[\w.]+(?:-rc\d)?(?:-alpha\d)?(?:-beta\d)?[^ ]*) \(built [\w\s:]+ by [\w]+\@[\w
|
430
|
+
<fingerprint pattern="^PowerDNS Authoritative Server (\d\.[\w.]+(?:-rc\d)?(?:-alpha\d)?(?:-beta\d)?[^ ]*) \(built [\w\s:]+ by [\w]+\@[\w.:-]*\)$">
|
431
431
|
<description>PowerDNS Authoritative Server: format 2</description>
|
432
432
|
<example service.version="4.0.4">PowerDNS Authoritative Server 4.0.4 (built Jul 26 2017 15:04:27 by root@FreeBSD:11:amd64-default-job-03)</example>
|
433
433
|
<example service.version="4.0.0-rc2">PowerDNS Authoritative Server 4.0.0-rc2 (built Jul 4 2016 15:44:39 by root@foo-bar.baz)</example>
|
@@ -619,17 +619,18 @@
|
|
619
619
|
dnscmd /config /EnableVersionQuery 1
|
620
620
|
-->
|
621
621
|
|
622
|
-
<fingerprint pattern="^Microsoft DNS (10.0.\d+)(?: \(\
|
622
|
+
<fingerprint pattern="^Microsoft DNS (10.0.\d+)(?: \(([^)]+)\))?$">
|
623
623
|
<description>Microsoft DNS on Windows 2016: GA</description>
|
624
624
|
<!-- Windows 10 / 2016 moved towards a rolling release so capturing build
|
625
625
|
is required unlike other Windows versions where we use a fixed string.
|
626
626
|
-->
|
627
627
|
|
628
|
-
<example service.version="10.0.14393" os.build="10.0.14393">Microsoft DNS 10.0.14393 (383900CE)</example>
|
628
|
+
<example service.version="10.0.14393" os.build="10.0.14393" service.version.version="383900CE">Microsoft DNS 10.0.14393 (383900CE)</example>
|
629
629
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
630
630
|
<param pos="0" name="service.family" value="DNS"/>
|
631
631
|
<param pos="0" name="service.product" value="DNS"/>
|
632
632
|
<param pos="1" name="service.version"/>
|
633
|
+
<param pos="2" name="service.version.version"/>
|
633
634
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
634
635
|
<param pos="0" name="os.family" value="Windows"/>
|
635
636
|
<param pos="0" name="os.product" value="Windows Server 2016"/>
|
@@ -637,13 +638,14 @@
|
|
637
638
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
|
638
639
|
</fingerprint>
|
639
640
|
|
640
|
-
<fingerprint pattern="^Microsoft DNS 6.3.9600(?: \(\
|
641
|
+
<fingerprint pattern="^Microsoft DNS 6.3.9600(?: \(([^)]+)\))?$">
|
641
642
|
<description>Microsoft DNS on Windows 2012 R2</description>
|
642
|
-
<example>Microsoft DNS 6.3.9600 (25804825)</example>
|
643
|
+
<example service.version.version="25804825">Microsoft DNS 6.3.9600 (25804825)</example>
|
643
644
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
644
645
|
<param pos="0" name="service.family" value="DNS"/>
|
645
646
|
<param pos="0" name="service.product" value="DNS"/>
|
646
647
|
<param pos="0" name="service.version" value="6.3.9600"/>
|
648
|
+
<param pos="1" name="service.version.version"/>
|
647
649
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
648
650
|
<param pos="0" name="os.family" value="Windows"/>
|
649
651
|
<param pos="0" name="os.product" value="Windows Server 2012 R2"/>
|
@@ -651,13 +653,14 @@
|
|
651
653
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
|
652
654
|
</fingerprint>
|
653
655
|
|
654
|
-
<fingerprint pattern="^Microsoft DNS 6.2.9200(?: \(\
|
656
|
+
<fingerprint pattern="^Microsoft DNS 6.2.9200(?: \(([^)]+)\))?$">
|
655
657
|
<description>Microsoft DNS on Windows 2012</description>
|
656
|
-
<example>Microsoft DNS 6.2.9200 (23F04000)</example>
|
658
|
+
<example service.version.version="23F04000">Microsoft DNS 6.2.9200 (23F04000)</example>
|
657
659
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
658
660
|
<param pos="0" name="service.family" value="DNS"/>
|
659
661
|
<param pos="0" name="service.product" value="DNS"/>
|
660
662
|
<param pos="0" name="service.version" value="6.2.9200"/>
|
663
|
+
<param pos="1" name="service.version.version"/>
|
661
664
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
662
665
|
<param pos="0" name="os.family" value="Windows"/>
|
663
666
|
<param pos="0" name="os.product" value="Windows Server 2012"/>
|
@@ -665,14 +668,15 @@
|
|
665
668
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
|
666
669
|
</fingerprint>
|
667
670
|
|
668
|
-
<fingerprint pattern="^Microsoft DNS 6.1.7601(?: \(\
|
671
|
+
<fingerprint pattern="^Microsoft DNS 6.1.7601(?: \(([^)]+)\))?$">
|
669
672
|
<description>Microsoft DNS on Windows 2008 R2 Service Pack 1</description>
|
670
|
-
<example>Microsoft DNS 6.1.7601 (1DB15CD4)</example>
|
673
|
+
<example service.version.version="1DB15CD4">Microsoft DNS 6.1.7601 (1DB15CD4)</example>
|
671
674
|
<example>Microsoft DNS 6.1.7601</example>
|
672
675
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
673
676
|
<param pos="0" name="service.family" value="DNS"/>
|
674
677
|
<param pos="0" name="service.product" value="DNS"/>
|
675
678
|
<param pos="0" name="service.version" value="6.1.7601"/>
|
679
|
+
<param pos="1" name="service.version.version"/>
|
676
680
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
677
681
|
<param pos="0" name="os.family" value="Windows"/>
|
678
682
|
<param pos="0" name="os.product" value="Windows Server 2008 R2"/>
|
@@ -681,13 +685,14 @@
|
|
681
685
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:Service Pack 1"/>
|
682
686
|
</fingerprint>
|
683
687
|
|
684
|
-
<fingerprint pattern="^Microsoft DNS 6.1.7600(?: \(\
|
688
|
+
<fingerprint pattern="^Microsoft DNS 6.1.7600(?: \(([^)]+)\))?$">
|
685
689
|
<description>Microsoft DNS on Windows 2008 R2</description>
|
686
|
-
<example>Microsoft DNS 6.1.7600 (1DB04228)</example>
|
690
|
+
<example service.version.version="1DB04228">Microsoft DNS 6.1.7600 (1DB04228)</example>
|
687
691
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
688
692
|
<param pos="0" name="service.family" value="DNS"/>
|
689
693
|
<param pos="0" name="service.product" value="DNS"/>
|
690
694
|
<param pos="0" name="service.version" value="6.1.7600"/>
|
695
|
+
<param pos="1" name="service.version.version"/>
|
691
696
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
692
697
|
<param pos="0" name="os.family" value="Windows"/>
|
693
698
|
<param pos="0" name="os.product" value="Windows Server 2008 R2"/>
|
@@ -708,13 +713,14 @@
|
|
708
713
|
<example>Microsoft DNS 6.0.6100 (2AEF76E)</example>
|
709
714
|
</fingerprint>
|
710
715
|
|
711
|
-
<fingerprint pattern="^Microsoft DNS 6.0.6003(?: \(\
|
716
|
+
<fingerprint pattern="^Microsoft DNS 6.0.6003(?: \(([^)]+)\))?$">
|
712
717
|
<description>Microsoft DNS on Windows 2008 Service Pack 2 - Preview Rollup KB4489887 and later</description>
|
713
|
-
<example>Microsoft DNS 6.0.6003 (1773501D)</example>
|
718
|
+
<example service.version.version="1773501D">Microsoft DNS 6.0.6003 (1773501D)</example>
|
714
719
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
715
720
|
<param pos="0" name="service.family" value="DNS"/>
|
716
721
|
<param pos="0" name="service.product" value="DNS"/>
|
717
722
|
<param pos="0" name="service.version" value="6.0.6003"/>
|
723
|
+
<param pos="1" name="service.version.version"/>
|
718
724
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
719
725
|
<param pos="0" name="os.family" value="Windows"/>
|
720
726
|
<param pos="0" name="os.product" value="Windows Server 2008"/>
|
@@ -723,13 +729,14 @@
|
|
723
729
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:Service Pack 2"/>
|
724
730
|
</fingerprint>
|
725
731
|
|
726
|
-
<fingerprint pattern="^Microsoft DNS 6.0.6002(?: \(\
|
732
|
+
<fingerprint pattern="^Microsoft DNS 6.0.6002(?: \(([^)]+)\))?$">
|
727
733
|
<description>Microsoft DNS on Windows 2008 Service Pack 2</description>
|
728
|
-
<example>Microsoft DNS 6.0.6002 (17724D35)</example>
|
734
|
+
<example service.version.version="17724D35">Microsoft DNS 6.0.6002 (17724D35)</example>
|
729
735
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
730
736
|
<param pos="0" name="service.family" value="DNS"/>
|
731
737
|
<param pos="0" name="service.product" value="DNS"/>
|
732
738
|
<param pos="0" name="service.version" value="6.0.6002"/>
|
739
|
+
<param pos="1" name="service.version.version"/>
|
733
740
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
734
741
|
<param pos="0" name="os.family" value="Windows"/>
|
735
742
|
<param pos="0" name="os.product" value="Windows Server 2008"/>
|
@@ -738,13 +745,14 @@
|
|
738
745
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:Service Pack 2"/>
|
739
746
|
</fingerprint>
|
740
747
|
|
741
|
-
<fingerprint pattern="^Microsoft DNS 6.0.6001(?: \(\
|
748
|
+
<fingerprint pattern="^Microsoft DNS 6.0.6001(?: \(([^)]+)\))?$">
|
742
749
|
<description>Microsoft DNS on Windows 2008 Service Pack 1</description>
|
743
|
-
<example>Microsoft DNS 6.0.6001 (17714726)</example>
|
750
|
+
<example service.version.version="17714726">Microsoft DNS 6.0.6001 (17714726)</example>
|
744
751
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
745
752
|
<param pos="0" name="service.family" value="DNS"/>
|
746
753
|
<param pos="0" name="service.product" value="DNS"/>
|
747
754
|
<param pos="0" name="service.version" value="6.0.6001"/>
|
755
|
+
<param pos="1" name="service.version.version"/>
|
748
756
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
749
757
|
<param pos="0" name="os.family" value="Windows"/>
|
750
758
|
<param pos="0" name="os.product" value="Windows Server 2008"/>
|
@@ -753,6 +761,21 @@
|
|
753
761
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:Service Pack 1"/>
|
754
762
|
</fingerprint>
|
755
763
|
|
764
|
+
<fingerprint pattern="^Microsoft DNS 5.2.3790(?: \(([^)]+)\))?$">
|
765
|
+
<description>Microsoft DNS on Windows 2003</description>
|
766
|
+
<example service.version.version="ECE135D">Microsoft DNS 5.2.3790 (ECE135D)</example>
|
767
|
+
<param pos="0" name="service.vendor" value="Microsoft"/>
|
768
|
+
<param pos="0" name="service.family" value="DNS"/>
|
769
|
+
<param pos="0" name="service.product" value="DNS"/>
|
770
|
+
<param pos="0" name="service.version" value="5.2.3790"/>
|
771
|
+
<param pos="1" name="service.version.version"/>
|
772
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
773
|
+
<param pos="0" name="os.family" value="Windows"/>
|
774
|
+
<param pos="0" name="os.product" value="Windows Server 2003"/>
|
775
|
+
<param pos="0" name="os.build" value="5.2.3790"/>
|
776
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2003:-"/>
|
777
|
+
</fingerprint>
|
778
|
+
|
756
779
|
<fingerprint pattern="^DNSServer$">
|
757
780
|
<description>Synology DNS service</description>
|
758
781
|
<example>DNSServer</example>
|