recog 2.3.15 → 2.3.20
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +26 -0
- data/.snyk +10 -0
- data/LICENSE +1 -1
- data/bin/recog_standardize +8 -2
- data/cpe-remap.yaml +314 -170
- data/identifiers/README.md +24 -10
- data/identifiers/fields.txt +104 -0
- data/identifiers/hw_device.txt +5 -4
- data/identifiers/hw_family.txt +17 -0
- data/identifiers/hw_product.txt +87 -6
- data/identifiers/os_architecture.txt +0 -10
- data/identifiers/os_device.txt +12 -31
- data/identifiers/os_family.txt +2 -94
- data/identifiers/os_product.txt +45 -124
- data/identifiers/service_family.txt +14 -37
- data/identifiers/service_product.txt +283 -88
- data/identifiers/vendor.txt +99 -192
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/update_cpes.py +110 -49
- data/xml/apache_modules.xml +60 -0
- data/xml/dns_versionbind.xml +40 -17
- data/xml/favicons.xml +163 -20
- data/xml/ftp_banners.xml +25 -25
- data/xml/hp_pjl_id.xml +1 -1
- data/xml/html_title.xml +561 -51
- data/xml/http_cookies.xml +266 -61
- data/xml/http_servers.xml +472 -96
- data/xml/http_wwwauth.xml +53 -26
- data/xml/ldap_searchresult.xml +10 -6
- data/xml/mdns_device-info_txt.xml +308 -10
- data/xml/ntp_banners.xml +15 -1
- data/xml/operating_system.xml +1 -0
- data/xml/rtsp_servers.xml +7 -0
- data/xml/sip_banners.xml +346 -8
- data/xml/sip_user_agents.xml +321 -7
- data/xml/smb_native_lm.xml +32 -1
- data/xml/smb_native_os.xml +158 -33
- data/xml/smtp_banners.xml +48 -7
- data/xml/smtp_expn.xml +1 -0
- data/xml/smtp_help.xml +2 -0
- data/xml/smtp_vrfy.xml +3 -1
- data/xml/snmp_sysdescr.xml +211 -42
- data/xml/ssh_banners.xml +127 -14
- data/xml/telnet_banners.xml +44 -14
- data/xml/tls_jarm.xml +140 -0
- data/xml/x509_issuers.xml +179 -7
- data/xml/x509_subjects.xml +252 -35
- metadata +6 -5
- data/identifiers/software_class.txt +0 -26
- data/identifiers/software_family.txt +0 -91
- data/identifiers/software_product.txt +0 -333
data/xml/http_cookies.xml
CHANGED
@@ -5,8 +5,71 @@
|
|
5
5
|
servers.
|
6
6
|
-->
|
7
7
|
|
8
|
+
<fingerprint pattern="^__cfd?uid=">
|
9
|
+
<description>CloudFlare web load balancer endpoint</description>
|
10
|
+
<example>__cfuid=1337</example>
|
11
|
+
<example>__cfduid=dd450f2431e1e611a61a15f68974de9a41618794671; expires=Wed, 19-May-21 01:11:11 GMT; path=/; domain=.foo.bar; HttpOnly; SameSite=Lax</example>
|
12
|
+
<param pos="0" name="service.vendor" value="CloudFlare"/>
|
13
|
+
<param pos="0" name="service.product" value="CloudFlare Load Balancer"/>
|
14
|
+
<param pos="0" name="service.family" value="CloudFlare"/>
|
15
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:cloudflare:load_balancing:-"/>
|
16
|
+
</fingerprint>
|
17
|
+
|
18
|
+
<fingerprint pattern="^(AWSALB(?:TG)?(?:CORS)?)=.*$">
|
19
|
+
<description>Amazon Application Load Balancer</description>
|
20
|
+
<example cookie="AWSALB">AWSALB=791357231C9C446E295988DA51A2CD313D13788329433D96A05631377389B17BF097D4C8A2D0BE5BC4F3C649AED7DFF939364A5790E2EC67F33C4483E2E9DD17E99814071B;PATH=/;HttpOnly;Secure</example>
|
21
|
+
<example cookie="AWSALBCORS">AWSALBCORS=D5A3BF7B08C8E0626B1C77DAAEAB0A7542DEB35F43097F06FD3833E22A9BA2543B805B7AE1B6E97F2BE3A701A19AF5D2CC898E0DB5E52055B0B983CC64EAD006CF77C1CF72;PATH=/;SECURE;SAMESITE=None</example>
|
22
|
+
<example cookie="AWSALBTGCORS">AWSALBTGCORS=E0+uuQyz1jbU2P5jrIIWTuoK0aAbjfgsuA814N0xT5w9Vu4N61/CZTKT+yxwCfUqIUx/IgZfsDyA24+eSXKFO60aqEbtGPw2Mm4bGNDMVpcZ/yKHzifDPjT7mNQvNVq7xCAed5VgTpMH/nD3D2pLn9+ooJcShVgv+z97rSYAV5C98tecx6Q=; Expires=Mon, 10 May 2021 01:21:27 GMT; Path=/; SameSite=None; Secure</example>
|
23
|
+
<param pos="1" name="cookie"/>
|
24
|
+
<param pos="0" name="service.vendor" value="Amazon"/>
|
25
|
+
<param pos="0" name="service.family" value="Web Services"/>
|
26
|
+
<param pos="0" name="service.product" value="Application Load Balancer"/>
|
27
|
+
</fingerprint>
|
28
|
+
|
29
|
+
<fingerprint pattern="^(AWSELB(?:CORS)?)=.*$">
|
30
|
+
<description>Amazon Elastic Load Balancer</description>
|
31
|
+
<example cookie="AWSELB">AWSELB=791357231C9C446E295988DA51A2CD313D13788329433D96A05631377389B17BF097D4C8A2D0BE5BC4F3C649AED7DFF939364A5790E2EC67F33C4483E2E9DD17E99814071B;PATH=/;HttpOnly;Secure</example>
|
32
|
+
<example cookie="AWSELBCORS">AWSELBCORS=D5A3BF7B08C8E0626B1C77DAAEAB0A7542DEB35F43097F06FD3833E22A9BA2543B805B7AE1B6E97F2BE3A701A19AF5D2CC898E0DB5E52055B0B983CC64EAD006CF77C1CF72;PATH=/;SECURE;SAMESITE=None</example>
|
33
|
+
<param pos="1" name="cookie"/>
|
34
|
+
<param pos="0" name="service.vendor" value="Amazon"/>
|
35
|
+
<param pos="0" name="service.family" value="Web Services"/>
|
36
|
+
<param pos="0" name="service.product" value="Elastic Load Balancer"/>
|
37
|
+
</fingerprint>
|
38
|
+
|
39
|
+
<fingerprint pattern="^(PHPSESSI(?:D|ON))=.*">
|
40
|
+
<description>PHP - http://www.php.net/ref.session</description>
|
41
|
+
<example cookie="PHPSESSID">PHPSESSID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/</example>
|
42
|
+
<example cookie="PHPSESSION">PHPSESSION=vt2ag6n7t6ngvlg8adk4860h46; path=/</example>
|
43
|
+
<param pos="1" name="cookie"/>
|
44
|
+
<param pos="0" name="service.vendor" value="PHP"/>
|
45
|
+
<param pos="0" name="service.family" value="PHP"/>
|
46
|
+
<param pos="0" name="service.product" value="PHP"/>
|
47
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:php:php:-"/>
|
48
|
+
</fingerprint>
|
49
|
+
|
50
|
+
<fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=.*">
|
51
|
+
<description>Microsoft IIS (ASP.NET)
|
52
|
+
http://msdn2.microsoft.com/en-us/library/ms953828.aspx
|
53
|
+
http://msdn2.microsoft.com/en-us/library/91ka2e6a.aspx
|
54
|
+
</description>
|
55
|
+
<example cookie="ASPSESSIONIDQSBRRTTB">ASPSESSIONIDQSBRRTTB=BECILMBCPMGHJGAHKCHNGENF; path=/</example>
|
56
|
+
<example cookie="ASP.NET_SessionId">ASP.NET_SessionId=00nxm4qqh2tdjl0p52m10edv</example>
|
57
|
+
<example cookie=".ASPXANONYMOUS">.ASPXANONYMOUS=5ts5UmJr1wEkAAAAMmY0Y2EwNTUtZGZhYi00YTFlLTlmNzAtYmEwNjdiYTgxZDA40; expires=Sun, 27-Jun-2021 14:40:06 GMT; path=/; HttpOnly</example>
|
58
|
+
<param pos="1" name="cookie"/>
|
59
|
+
<param pos="0" name="service.vendor" value="Microsoft"/>
|
60
|
+
<param pos="0" name="service.family" value="IIS"/>
|
61
|
+
<param pos="0" name="service.product" value="IIS"/>
|
62
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:-"/>
|
63
|
+
<param pos="0" name="service.component.vendor" value="Microsoft"/>
|
64
|
+
<param pos="0" name="service.component.family" value="ASP.NET"/>
|
65
|
+
<param pos="0" name="service.component.product" value="ASP.NET"/>
|
66
|
+
<param pos="0" name="service.component.cpe23" value="cpe:/a:microsoft:asp.net:-"/>
|
67
|
+
</fingerprint>
|
68
|
+
|
8
69
|
<fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)=.*">
|
9
70
|
<description>Adobe (Macromedia) ColdFusion uses various cookies</description>
|
71
|
+
<example cookie="CFTOKEN">CFTOKEN=f3863673461e83d7-8B854468-1866-DAAC-99FBB842C6018037;expires=Mon, 01-Aug-2050 01:05:45 GMT;path=/;HttpOnly;</example>
|
72
|
+
<example cookie="CFCLIENT_FOO_CORP">CFCLIENT_FOO_CORP=preflanguage%3DEN%23; Expires=Wed, 12-Apr-2051 01:11:37 GMT; Path=/</example>
|
10
73
|
<param pos="1" name="cookie"/>
|
11
74
|
<param pos="0" name="service.vendor" value="Adobe"/>
|
12
75
|
<param pos="0" name="service.family" value="ColdFusion"/>
|
@@ -33,9 +96,10 @@
|
|
33
96
|
<param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
|
34
97
|
</fingerprint>
|
35
98
|
|
36
|
-
<fingerprint pattern="^
|
99
|
+
<fingerprint pattern="^JServSessionIdroot=.*">
|
37
100
|
<description>Apache JServ</description>
|
38
|
-
<
|
101
|
+
<example>JServSessionIdroot=tphxjy73e1.JS1; path=/</example>
|
102
|
+
<param pos="0" name="cookie" value="JServSessionIdroot"/>
|
39
103
|
<param pos="0" name="service.vendor" value="Apache"/>
|
40
104
|
<param pos="0" name="service.family" value="JServ"/>
|
41
105
|
<param pos="0" name="service.product" value="JServ"/>
|
@@ -43,12 +107,22 @@
|
|
43
107
|
|
44
108
|
<fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)=.*">
|
45
109
|
<description>ATG Dynamo</description>
|
110
|
+
<example cookie="ATG_SESSION_ID">ATG_SESSION_ID=yuAUs8xnkzLaF8P3Zk1v5hR28XB4dKsOKZ4jCkVO; path=/</example>
|
46
111
|
<param pos="1" name="cookie"/>
|
47
112
|
<param pos="0" name="service.vendor" value="ATG"/>
|
48
113
|
<param pos="0" name="service.family" value="Dynamo"/>
|
49
114
|
<param pos="0" name="service.product" value="Dynamo"/>
|
50
115
|
</fingerprint>
|
51
116
|
|
117
|
+
<fingerprint pattern="^Bugzilla_login_request_cookie=.*">
|
118
|
+
<description>Bugzilla</description>
|
119
|
+
<example>Bugzilla_login_request_cookie=ylMVo9ZDtd; path=/; secure</example>
|
120
|
+
<param pos="0" name="cookie" value="Bugzilla_login_request_cookie"/>
|
121
|
+
<param pos="0" name="service.vendor" value="Mozilla"/>
|
122
|
+
<param pos="0" name="service.product" value="Bugzilla"/>
|
123
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:mozilla:bugzilla:-"/>
|
124
|
+
</fingerprint>
|
125
|
+
|
52
126
|
<fingerprint pattern="^(WebLogicSession)=[^!]+![^!]+!([0-9]+);.*">
|
53
127
|
<description>BEA WebLogic (with timestamp)</description>
|
54
128
|
<param pos="1" name="cookie"/>
|
@@ -76,9 +150,10 @@
|
|
76
150
|
<param pos="0" name="service.product" value="Proxy"/>
|
77
151
|
</fingerprint>
|
78
152
|
|
79
|
-
<fingerprint pattern="^
|
153
|
+
<fingerprint pattern="^CAKEPHP=.*">
|
80
154
|
<description>CakePHP - http://www.cakephp.org/</description>
|
81
|
-
<
|
155
|
+
<example>CAKEPHP=03bgv7jqfurftnm5crn3lc0ob1; expires=Mon, 19-Apr-2021 08:56:06 GMT; Max-Age=14400; path=/; HttpOnly</example>
|
156
|
+
<param pos="0" name="cookie" value="CAKEPHP"/>
|
82
157
|
<param pos="0" name="service.family" value="PHP"/>
|
83
158
|
<param pos="0" name="service.product" value="CakePHP"/>
|
84
159
|
</fingerprint>
|
@@ -91,19 +166,21 @@
|
|
91
166
|
http://www.cisco.com/warp/public/117/AP_cookies.html
|
92
167
|
-->
|
93
168
|
|
94
|
-
<fingerprint pattern="^
|
169
|
+
<fingerprint pattern="^ARPT=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]+.*">
|
95
170
|
<description>Cisco 11000 Series Content Service Switch (CSS)</description>
|
96
|
-
<
|
97
|
-
<param pos="
|
98
|
-
<param pos="
|
171
|
+
<example host.id="FOOOB" host.ip="192.168.15.52">ARPT=FOOOB192.168.15.52CKOKM; path=/</example>
|
172
|
+
<param pos="0" name="cookie" value="ARPT"/>
|
173
|
+
<param pos="1" name="host.id"/>
|
174
|
+
<param pos="2" name="host.ip"/>
|
99
175
|
<param pos="0" name="service.vendor" value="Cisco"/>
|
100
176
|
<param pos="0" name="service.family" value="Content Service Switch"/>
|
101
177
|
<param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
|
102
178
|
</fingerprint>
|
103
179
|
|
104
|
-
<fingerprint pattern="^
|
180
|
+
<fingerprint pattern="^ARPT=.*">
|
105
181
|
<description>Cisco 11000 Series Content Service Switch (CSS) - catch all variant</description>
|
106
|
-
<
|
182
|
+
<example>ARPT=388766892.51247.0000; path=/; Httponly/</example>
|
183
|
+
<param pos="0" name="cookie" value="ARPT"/>
|
107
184
|
<param pos="0" name="service.vendor" value="Cisco"/>
|
108
185
|
<param pos="0" name="service.family" value="Content Service Switch"/>
|
109
186
|
<param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
|
@@ -122,7 +199,7 @@
|
|
122
199
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
123
200
|
<param pos="0" name="os.family" value="Adaptive Security Appliance"/>
|
124
201
|
<param pos="0" name="os.product" value="Adaptive Security Appliance"/>
|
125
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:
|
202
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance_software:-"/>
|
126
203
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
127
204
|
<param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
|
128
205
|
<param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
|
@@ -130,9 +207,9 @@
|
|
130
207
|
<param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
|
131
208
|
</fingerprint>
|
132
209
|
|
133
|
-
<fingerprint pattern="^
|
210
|
+
<fingerprint pattern="^st8id=.*">
|
134
211
|
<description>Citrix Application Protection System, Enterprise - http://support.citrix.com/article/CTX109330</description>
|
135
|
-
<param pos="
|
212
|
+
<param pos="0" name="cookie" value="st8id"/>
|
136
213
|
<param pos="0" name="service.vendor" value="Citrix"/>
|
137
214
|
<param pos="0" name="service.family" value="Application Protection System"/>
|
138
215
|
<param pos="0" name="service.product" value="Application Protection System, Enterprise"/>
|
@@ -146,6 +223,7 @@
|
|
146
223
|
<param pos="0" name="os.family" value="NetScaler"/>
|
147
224
|
<param pos="0" name="os.device" value="Network Management Device"/>
|
148
225
|
<param pos="0" name="os.product" value="NetScaler"/>
|
226
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_firmware:-"/>
|
149
227
|
<param pos="0" name="service.vendor" value="Citrix"/>
|
150
228
|
<param pos="0" name="service.family" value="NetScaler"/>
|
151
229
|
<param pos="0" name="service.device" value="Network Management Device"/>
|
@@ -156,20 +234,42 @@
|
|
156
234
|
<fingerprint pattern="^DSSignInURL=/">
|
157
235
|
<description>Pulse Secure VPN</description>
|
158
236
|
<example>DSSignInURL=/; path=/; secure</example>
|
237
|
+
<param pos="0" name="service.vendor" value="Pulse Secure"/>
|
238
|
+
<param pos="0" name="service.product" value="Pulse Connect Secure"/>
|
239
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:pulsesecure:pulse_connect_secure:-"/>
|
159
240
|
<param pos="0" name="os.vendor" value="Pulse Secure"/>
|
160
241
|
<param pos="0" name="os.family" value="SSL-VPN"/>
|
161
242
|
<param pos="0" name="os.device" value="SSL-VPN"/>
|
162
|
-
<param pos="0" name="os.product" value="
|
243
|
+
<param pos="0" name="os.product" value="Pulse Connect Secure"/>
|
244
|
+
</fingerprint>
|
245
|
+
|
246
|
+
<fingerprint pattern="^DokuWiki=.*">
|
247
|
+
<description>Dokuwiki</description>
|
248
|
+
<example>DokuWiki=t8l1aev7703vbtejovp165pv01; path=/; secure</example>
|
249
|
+
<param pos="0" name="cookie" value="DokuWiki"/>
|
250
|
+
<param pos="0" name="service.vendor" value="Dokuwiki"/>
|
251
|
+
<param pos="0" name="service.product" value="Dokuwiki"/>
|
252
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:dokuwiki:dokuwiki:-"/>
|
163
253
|
</fingerprint>
|
164
254
|
|
165
255
|
<fingerprint pattern="^(EktGUID|ecm)=.*">
|
166
256
|
<description>Ektron CMS400.net</description>
|
257
|
+
<example cookie="EktGUID">EktGUID=382107cc-a38d-4d25-8182-3748834e21c8; expires=Tue, 19-Apr-2022 03:12:15 GMT; path=/</example>
|
167
258
|
<param pos="1" name="cookie"/>
|
168
259
|
<param pos="0" name="service.vendor" value="Ektron"/>
|
169
260
|
<param pos="0" name="service.family" value="CMS400.NET"/>
|
170
261
|
<param pos="0" name="service.product" value="CMS400.NET"/>
|
171
262
|
</fingerprint>
|
172
263
|
|
264
|
+
<fingerprint pattern="^FESESSIONID=">
|
265
|
+
<description>Atlanssian's Fisheye</description>
|
266
|
+
<example>FESESSIONID=133713381337</example>
|
267
|
+
<param pos="0" name="cookie" value="FESESSIONID"/>
|
268
|
+
<param pos="0" name="service.vendor" value="Atlassian"/>
|
269
|
+
<param pos="0" name="service.product" value="Fisheye"/>
|
270
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:atlassian:fisheye:-"/>
|
271
|
+
</fingerprint>
|
272
|
+
|
173
273
|
<fingerprint pattern="(?i)^(BIGipServer([^=]+))=.*">
|
174
274
|
<description>F5 BIG-IP LTM - Server variant</description>
|
175
275
|
<example loadbalancer.poolname="CustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
|
@@ -181,8 +281,19 @@
|
|
181
281
|
<param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
|
182
282
|
</fingerprint>
|
183
283
|
|
184
|
-
<fingerprint pattern="^
|
284
|
+
<fingerprint pattern="^i_like_gogits=.*">
|
285
|
+
<description>Gogs</description>
|
286
|
+
<example>i_like_gogits=fc3914645f1d5c76; Path=/; HttpOnly</example>
|
287
|
+
<param pos="0" name="cookie" value="i_like_gogits"/>
|
288
|
+
<param pos="0" name="service.vendor" value="Gogs"/>
|
289
|
+
<param pos="0" name="service.product" value="Gogs"/>
|
290
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:gogs:gogs:-"/>
|
291
|
+
</fingerprint>
|
292
|
+
|
293
|
+
<fingerprint pattern="^(BigIPCookie[^=]*)=.*">
|
185
294
|
<description>F5 BIG-IP LTM</description>
|
295
|
+
<example cookie="BigIPCookie">BigIPCookie=855248779.20480.0000; path=/; Httponly</example>
|
296
|
+
<example cookie="BigIPCookie_foo_corp_prod">BigIPCookie_foo_corp_prod=!tJHKH9zIwsUuJYJ38CCV0XSqmJXsZVQaOjj/m/SBSTQTg21/S+s2gmbsoGwwKXr5Tj9e0ijWZWItfA==; path=/; Httponly</example>
|
186
297
|
<param pos="1" name="cookie"/>
|
187
298
|
<param pos="0" name="service.vendor" value="F5"/>
|
188
299
|
<param pos="0" name="service.family" value="BIG-IP"/>
|
@@ -190,10 +301,40 @@
|
|
190
301
|
<param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
|
191
302
|
</fingerprint>
|
192
303
|
|
193
|
-
<fingerprint pattern="^
|
304
|
+
<fingerprint pattern="^flyspray_project=">
|
305
|
+
<description>Flyspray</description>
|
306
|
+
<example>flyspray_project=133713381234; Path=/; HttpOnly</example>
|
307
|
+
<param pos="0" name="cookie" value="flyspray_project"/>
|
308
|
+
<param pos="0" name="service.vendor" value="Flyspray"/>
|
309
|
+
<param pos="0" name="service.product" value="Flyspray"/>
|
310
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:flyspray:flyspray:-"/>
|
311
|
+
</fingerprint>
|
312
|
+
|
313
|
+
<fingerprint pattern="^i_like_gitea=.*">
|
314
|
+
<description>Gitea</description>
|
315
|
+
<example>i_like_gitea=fc39d4645b1d5c7c; Path=/</example>
|
316
|
+
<param pos="0" name="cookie" value="i_like_gitea"/>
|
317
|
+
<param pos="0" name="service.vendor" value="Gitea"/>
|
318
|
+
<param pos="0" name="service.product" value="Gitea"/>
|
319
|
+
<param pos="0" name="service.certainty" value="0.5"/>
|
320
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:gitea:gitea:-"/>
|
321
|
+
</fingerprint>
|
322
|
+
|
323
|
+
<fingerprint pattern="^_gitlab_session=.*">
|
324
|
+
<description>GitLab</description>
|
325
|
+
<example>_gitlab_session=032d024e9c2445b595e68255da9e6835; path=/; expires=Mon, 26 Apr 2021 03:09:57 -0000; HttpOnly</example>
|
326
|
+
<param pos="0" name="cookie" value="_gitlab_session"/>
|
327
|
+
<param pos="0" name="service.vendor" value="GitLab"/>
|
328
|
+
<param pos="0" name="service.product" value="GitLab"/>
|
329
|
+
<param pos="0" name="service.certainty" value="0.5"/>
|
330
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:gitlab:gitlab:-"/>
|
331
|
+
</fingerprint>
|
332
|
+
|
333
|
+
<fingerprint pattern="^SERVERID=([A-Za-z0-9\-_]+)">
|
194
334
|
<description>HAProxy - http://haproxy.1wt.eu/download/1.2/doc/architecture.txt</description>
|
195
|
-
<
|
196
|
-
<param pos="
|
335
|
+
<example host.name="foo1">SERVERID=foo1; path=/</example>
|
336
|
+
<param pos="0" name="cookie" value="SERVERID"/>
|
337
|
+
<param pos="1" name="host.name"/>
|
197
338
|
<param pos="0" name="service.family" value="HAProxy"/>
|
198
339
|
<param pos="0" name="service.product" value="HAProxy"/>
|
199
340
|
</fingerprint>
|
@@ -202,6 +343,7 @@
|
|
202
343
|
<description>IBM Tivoli Access Manager for e-business WebSEAL
|
203
344
|
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin180.htm
|
204
345
|
</description>
|
346
|
+
<example cookie="AMWEBJCT!%2F4plportal!JSESSIONID" junction.name="%2F4plportal" junction.cookie="JSESSIONID">AMWEBJCT!%2F4plportal!JSESSIONID=fQDCzpljFPMhMVaDUOD+uOBe.undefined; Path=/</example>
|
205
347
|
<param pos="1" name="cookie"/>
|
206
348
|
<param pos="2" name="junction.name"/>
|
207
349
|
<param pos="3" name="junction.cookie"/>
|
@@ -214,15 +356,17 @@
|
|
214
356
|
<description>IBM Tivoli Access Manager for e-business WebSeal
|
215
357
|
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin117.htm
|
216
358
|
</description>
|
359
|
+
<example cookie="PD-S-SESSION-ID">PD-S-SESSION-ID=1_2_0_xRzIc55lBOTYkrYfW+qWHWGgdqlVKeEgwrhtKt+KRfq8R3lW; Path=/; Secure; HttpOnly</example>
|
360
|
+
<example cookie="PD_STATEFUL_db45742c-3e5b-11e9-91da-00505682181c">PD_STATEFUL_db45742c-3e5b-11e9-91da-00505682181c=%2F; Path=/</example>
|
217
361
|
<param pos="1" name="cookie"/>
|
218
362
|
<param pos="0" name="service.vendor" value="IBM"/>
|
219
363
|
<param pos="0" name="service.family" value="Tivoli"/>
|
220
364
|
<param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
|
221
365
|
</fingerprint>
|
222
366
|
|
223
|
-
<fingerprint pattern="^
|
367
|
+
<fingerprint pattern="^IBMCBR=.*">
|
224
368
|
<description>IBM WebSphere Load Balancer</description>
|
225
|
-
<param pos="
|
369
|
+
<param pos="0" name="cookie" value="IBMCBR"/>
|
226
370
|
<param pos="0" name="service.vendor" value="IBM"/>
|
227
371
|
<param pos="0" name="service.family" value="WebSphere"/>
|
228
372
|
<param pos="0" name="service.product" value="WebSphere Load Balancer"/>
|
@@ -230,11 +374,19 @@
|
|
230
374
|
|
231
375
|
<fingerprint pattern="^(mbfcookie(?:\[lang\])?)=.*">
|
232
376
|
<description>Joom!Fish http://www.joomfish.net/</description>
|
377
|
+
<example cookie="mbfcookie">mbfcookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/</example>
|
378
|
+
<example cookie="mbfcookie[lang]">mbfcookie[lang]=pt_BR; expires=Tue, 20-Apr-2021 03:30:47 GMT; path=/</example>
|
233
379
|
<param pos="1" name="cookie"/>
|
234
380
|
<param pos="0" name="service.family" value="Joom!Fish"/>
|
235
381
|
<param pos="0" name="service.product" value="Joom!Fish"/>
|
236
382
|
</fingerprint>
|
237
383
|
|
384
|
+
<fingerprint pattern="^_mastodon_session=">
|
385
|
+
<description>Mastodon</description>
|
386
|
+
<param pos="0" name="cookie" value="_mastodon_session"/>
|
387
|
+
<param pos="0" name="service.product" value="Mastodon"/>
|
388
|
+
</fingerprint>
|
389
|
+
|
238
390
|
<fingerprint pattern="^(MSCSAuth|MSCSProfile)=.*">
|
239
391
|
<description>Microsoft Commerce Server - http://msdn2.microsoft.com/en-us/library/ms953828.aspx</description>
|
240
392
|
<param pos="1" name="cookie"/>
|
@@ -244,30 +396,35 @@
|
|
244
396
|
<param pos="0" name="service.cpe23" value="cpe:/a:microsoft:commerce_server:-"/>
|
245
397
|
</fingerprint>
|
246
398
|
|
247
|
-
<fingerprint pattern="^(
|
248
|
-
<description>
|
249
|
-
|
250
|
-
|
251
|
-
</
|
399
|
+
<fingerprint pattern="^(nc_sameSiteCookiestrict|nc_sameSiteCookielax|oc_sessionPassphrase)=.*">
|
400
|
+
<description>Nextcloud</description>
|
401
|
+
<example cookie="nc_sameSiteCookiestrict">nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict</example>
|
402
|
+
<example cookie="nc_sameSiteCookielax">nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax</example>
|
403
|
+
<example>oc_sessionPassphrase=Y%2BZjBn8Gn%2B8jIJPVx468Tlt8qDNm%2B5IVXLxgtwlY%2BQU2T7edVmDS4091nQrT; path=/nextcloud; secure; HttpOnly</example>
|
252
404
|
<param pos="1" name="cookie"/>
|
253
|
-
<param pos="0" name="service.vendor" value="
|
254
|
-
<param pos="0" name="service.
|
255
|
-
<param pos="0" name="service.
|
256
|
-
<param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:-"/>
|
257
|
-
<param pos="0" name="service.component.vendor" value="Microsoft"/>
|
258
|
-
<param pos="0" name="service.component.family" value="ASP.NET"/>
|
259
|
-
<param pos="0" name="service.component.product" value="ASP.NET"/>
|
260
|
-
<param pos="0" name="service.component.cpe23" value="cpe:/a:microsoft:asp.net:-"/>
|
405
|
+
<param pos="0" name="service.vendor" value="Nextcloud"/>
|
406
|
+
<param pos="0" name="service.product" value="Nextcloud Server"/>
|
407
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:nextcloud:nextcloud_server:-"/>
|
261
408
|
</fingerprint>
|
262
409
|
|
263
|
-
<fingerprint pattern="^
|
410
|
+
<fingerprint pattern="^AlteonP=.*">
|
264
411
|
<description>Nortel Alteon Web Switch</description>
|
265
|
-
<
|
412
|
+
<example>AlteonP=c46736793e45929dbaeebabb; path=</example>
|
413
|
+
<param pos="0" name="cookie" value="AlteonP"/>
|
266
414
|
<param pos="0" name="service.vendor" value="Nortel"/>
|
267
415
|
<param pos="0" name="service.family" value="Alteon"/>
|
268
416
|
<param pos="0" name="service.product" value="Alteon Web Switch"/>
|
269
417
|
</fingerprint>
|
270
418
|
|
419
|
+
<fingerprint pattern="^OBSID=.*">
|
420
|
+
<description>Observium</description>
|
421
|
+
<example>OBSID=gud74jg1slhskdo7idqgklkamm6g3908; expires=Tue, 20-Apr-2021 01:31:27 GMT; Max-Age=86400; path=/; HttpOnly</example>
|
422
|
+
<param pos="0" name="cookie" value="OBSID"/>
|
423
|
+
<param pos="0" name="service.vendor" value="Observium"/>
|
424
|
+
<param pos="0" name="service.product" value="Observium"/>
|
425
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:observium:observium:-"/>
|
426
|
+
</fingerprint>
|
427
|
+
|
271
428
|
<fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=.*">
|
272
429
|
<description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
|
273
430
|
<param pos="1" name="cookie"/>
|
@@ -276,42 +433,46 @@
|
|
276
433
|
<param pos="0" name="service.product" value="Content Server"/>
|
277
434
|
</fingerprint>
|
278
435
|
|
279
|
-
<fingerprint pattern="^
|
436
|
+
<fingerprint pattern="^parkinglot=.*">
|
280
437
|
<description>Oversee Webserver</description>
|
281
|
-
<param pos="
|
438
|
+
<param pos="0" name="cookie" value="parkinglot"/>
|
282
439
|
<param pos="0" name="service.vendor" value="Oversee"/>
|
283
440
|
<param pos="0" name="service.family" value="Webserver"/>
|
284
441
|
<param pos="0" name="service.product" value="Webserver"/>
|
285
442
|
</fingerprint>
|
286
443
|
|
287
|
-
<fingerprint pattern="^
|
288
|
-
<description>
|
289
|
-
<
|
290
|
-
<param pos="0" name="
|
291
|
-
<param pos="0" name="service.
|
292
|
-
<param pos="0" name="service.
|
293
|
-
<param pos="0" name="service.
|
444
|
+
<fingerprint pattern="^phsid=.*">
|
445
|
+
<description>Phabricator</description>
|
446
|
+
<example>phsid=A%2Fxesybc4bypb74dlgojdgw2edct6osflno25h2fw7</example>
|
447
|
+
<param pos="0" name="cookie" value="phsid"/>
|
448
|
+
<param pos="0" name="service.vendor" value="Phacility"/>
|
449
|
+
<param pos="0" name="service.family" value="Phabricator"/>
|
450
|
+
<param pos="0" name="service.product" value="Phabricator"/>
|
451
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:phacility:phabricator:-"/>
|
294
452
|
</fingerprint>
|
295
453
|
|
296
|
-
<fingerprint pattern="^
|
454
|
+
<fingerprint pattern="^RMID=.*">
|
297
455
|
<description>RealMedia OpenAdStream</description>
|
298
|
-
<
|
456
|
+
<example>RMID=36c12633607cf7a0; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.foo.bar</example>
|
457
|
+
<param pos="0" name="cookie" value="RMID"/>
|
299
458
|
<param pos="0" name="service.vendor" value="RealMedia"/>
|
300
459
|
<param pos="0" name="service.family" value="OpenAdStream"/>
|
301
460
|
<param pos="0" name="service.product" value="OpenAdStream"/>
|
302
461
|
</fingerprint>
|
303
462
|
|
304
|
-
<fingerprint pattern="^
|
463
|
+
<fingerprint pattern="^RoxenUserID=.*">
|
305
464
|
<description>Roxen WebServer</description>
|
306
|
-
<
|
465
|
+
<example>RoxenUserID=c70fd536bc9e1342ce2a608b10547f88; expires=Wed, 19 Apr 2023 02:44:41 GMT; path=/</example>
|
466
|
+
<param pos="0" name="cookie" value="RoxenUserID"/>
|
307
467
|
<param pos="0" name="service.vendor" value="Roxen"/>
|
308
468
|
<param pos="0" name="service.family" value="WebServer"/>
|
309
469
|
<param pos="0" name="service.product" value="WebServer"/>
|
310
470
|
</fingerprint>
|
311
471
|
|
312
|
-
<fingerprint pattern="^
|
472
|
+
<fingerprint pattern="^_sn=.*">
|
313
473
|
<description>Siebel CRM</description>
|
314
|
-
<
|
474
|
+
<example>_sn=e7139835ca75f921e25c364d4a8fef48; path=/; expires=Mon, 19 Apr 2021 06:06:58 GMT; HttpOnly</example>
|
475
|
+
<param pos="0" name="cookie" value="_sn"/>
|
315
476
|
<param pos="0" name="service.vendor" value="Siebel"/>
|
316
477
|
<param pos="0" name="service.family" value="CRM"/>
|
317
478
|
<param pos="0" name="service.product" value="CRM"/>
|
@@ -329,9 +490,9 @@
|
|
329
490
|
|
330
491
|
-->
|
331
492
|
|
332
|
-
<fingerprint pattern="^
|
493
|
+
<fingerprint pattern="^NSES40Session=.*">
|
333
494
|
<description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
|
334
|
-
<param pos="
|
495
|
+
<param pos="0" name="cookie" value="NSES40Session"/>
|
335
496
|
<param pos="0" name="service.vendor" value="Sun"/>
|
336
497
|
<param pos="0" name="service.family" value="Java System Web Server"/>
|
337
498
|
<param pos="0" name="service.product" value="Java System Web Server"/>
|
@@ -339,6 +500,24 @@
|
|
339
500
|
<param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:4.0"/>
|
340
501
|
</fingerprint>
|
341
502
|
|
503
|
+
<fingerprint pattern="^_redmine_session=.*">
|
504
|
+
<description>Redmine</description>
|
505
|
+
<example>_redmine_session=BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJWY2MGY5MTJiZjg0NGU1ZmQxZWI2OTViNzAxYjU4NTRiBjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMW1kV3Z5NDl6eVkwWDl4bFQvMUxSSmxmbjhhaDR1WWxERWUrMFQ4dVcvS0k9BjsARg%3D%3D--ce5f52d49b68e30a7ec34b75bf456d6c79d234d2; path=/; HttpOnly</example>
|
506
|
+
<param pos="0" name="cookie" value="_redmine_session"/>
|
507
|
+
<param pos="0" name="service.vendor" value="Redmine"/>
|
508
|
+
<param pos="0" name="service.product" value="Redmine"/>
|
509
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:redmine:redmine:-"/>
|
510
|
+
</fingerprint>
|
511
|
+
|
512
|
+
<fingerprint pattern="^(syracuse\.sid\.\d+)=">
|
513
|
+
<description>Sage X3 Syracuse Web Server</description>
|
514
|
+
<example cookie="syracuse.sid.8124">syracuse.sid.8124=8b102bf7-327c-4962-9279-550e72afcaa9; path=/; HttpOnly</example>
|
515
|
+
<param pos="1" name="cookie"/>
|
516
|
+
<param pos="0" name="service.vendor" value="Sage"/>
|
517
|
+
<param pos="0" name="service.family" value="Sage X3 Syracuse Web Server"/>
|
518
|
+
<param pos="0" name="service.product" value="Sage X3 Syracuse Web Server"/>
|
519
|
+
</fingerprint>
|
520
|
+
|
342
521
|
<fingerprint pattern="^(gx_session_id|JROUTE)=.*">
|
343
522
|
<description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
|
344
523
|
<param pos="1" name="cookie"/>
|
@@ -348,17 +527,19 @@
|
|
348
527
|
<param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_application_server:-"/>
|
349
528
|
</fingerprint>
|
350
529
|
|
351
|
-
<fingerprint pattern="^
|
530
|
+
<fingerprint pattern="^fe_typo_user=.*">
|
352
531
|
<description>TYPO3 CMS - http://typo3.com/</description>
|
353
|
-
<
|
532
|
+
<example>fe_typo_user=aae725f7dcb8cb5215e64f66d4584cc92; path=/</example>
|
533
|
+
<param pos="0" name="cookie" value="fe_typo_user"/>
|
354
534
|
<param pos="0" name="service.vendor" value="TYPO3"/>
|
355
535
|
<param pos="0" name="service.family" value="CMS"/>
|
356
536
|
<param pos="0" name="service.product" value="CMS"/>
|
357
537
|
</fingerprint>
|
358
538
|
|
359
|
-
<fingerprint pattern="^
|
539
|
+
<fingerprint pattern="^SaneID=.*">
|
360
540
|
<description>Unica NetTracker - http://netinsight.unica.com/Products/NetTracker.cfm</description>
|
361
|
-
<
|
541
|
+
<example>SaneID=10.1.1.223.1618798365976948; path=/; domain=.foo.bar</example>
|
542
|
+
<param pos="0" name="cookie" value="SaneID"/>
|
362
543
|
<param pos="0" name="service.vendor" value="Unica"/>
|
363
544
|
<param pos="0" name="service.family" value="NetTracker"/>
|
364
545
|
<param pos="0" name="service.product" value="NetTracker"/>
|
@@ -366,12 +547,23 @@
|
|
366
547
|
|
367
548
|
<fingerprint pattern="^(__utm[a-z])=.*">
|
368
549
|
<description>Urchin Tracking Module - http://www.google.com/support/urchin45/bin/answer.py?answer=28307&topic=7425</description>
|
550
|
+
<example cookie="__utmp">__utmp=2071164266.582676006.3393543082; path=/; domain=.foo.bar</example>
|
369
551
|
<param pos="1" name="cookie"/>
|
370
552
|
<param pos="0" name="service.vendor" value="Google"/>
|
371
553
|
<param pos="0" name="service.family" value="Urchin"/>
|
372
554
|
<param pos="0" name="service.product" value="Urchin Tracking Module"/>
|
373
555
|
</fingerprint>
|
374
556
|
|
557
|
+
<fingerprint pattern="vxoaSessionID=">
|
558
|
+
<description>Silver Peak Appliance</description>
|
559
|
+
<example>vxoaSessionID=s%3A2650cfe1df092fc617d229d6d6b5dbfc.70yKRpb371czAWFkZWXdNfCSNexQvtiVr%2B3Z51YXbIw; Path=/; HttpOnly; Secure</example>
|
560
|
+
<example>vxoaSessionID=s%3A65e39ce7ae15193cb4bb0f812d20105b.qgHrgV4MtPKWeKwBrfynmxZmn5iaegh%2FRP0nV5ntaE8; Path=/; HttpOnly; Secure</example>
|
561
|
+
<example>vxoaSessionID=s%3A7e17300953b68c4713990a01bd00aa2b.5mg3edagZCkddCmWqMXbp4AOEzTVby6K2z2jfhal7Uw; Path=/; HttpOnly; Secure</example>
|
562
|
+
<param pos="0" name="hw.vendor" value="Silver Peak"/>
|
563
|
+
<param pos="0" name="hw.device" value="Network Appliance"/>
|
564
|
+
<param pos="0" name="hw.product" value="SD-WAN"/>
|
565
|
+
</fingerprint>
|
566
|
+
|
375
567
|
<fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=.*">
|
376
568
|
<description>Vignette</description>
|
377
569
|
<param pos="1" name="cookie"/>
|
@@ -380,25 +572,38 @@
|
|
380
572
|
<param pos="0" name="service.product" value="Vignette"/>
|
381
573
|
</fingerprint>
|
382
574
|
|
383
|
-
<fingerprint pattern="^
|
575
|
+
<fingerprint pattern="^wgSession=.*">
|
384
576
|
<description>Plain Black WebGUI - http://www.plainblack.com/webgui</description>
|
385
|
-
<
|
577
|
+
<example>wgSession=xngFQdcbCap87x6d8qc1YA; path=/; expires=Thu, 17-Apr-2031 02:29:05 GMT</example>
|
578
|
+
<param pos="0" name="cookie" value="wgSession"/>
|
386
579
|
<param pos="0" name="service.vendor" value="Plain Black"/>
|
387
580
|
<param pos="0" name="service.family" value="WebGUI"/>
|
388
581
|
<param pos="0" name="service.product" value="WebGUI"/>
|
389
582
|
</fingerprint>
|
390
583
|
|
391
|
-
<fingerprint pattern="^(
|
584
|
+
<fingerprint pattern="^(WEBTRENDS_?ID)=.*">
|
392
585
|
<description>WebTrends</description>
|
586
|
+
<example cookie="WEBTRENDS_ID">WEBTRENDS_ID=10.247.9.69.1618795409656141; path=/; expires=Tue, 19-Apr-22 01:23:29 GMT; domain=.foo.bar</example>
|
393
587
|
<param pos="1" name="cookie"/>
|
394
588
|
<param pos="0" name="service.vendor" value="WebTrends"/>
|
395
589
|
<param pos="0" name="service.family" value="WebTrends"/>
|
396
590
|
<param pos="0" name="service.product" value="WebTrends"/>
|
397
591
|
</fingerprint>
|
398
592
|
|
399
|
-
<fingerprint pattern="^(
|
400
|
-
<description>
|
593
|
+
<fingerprint pattern="^(ZM_TEST|ZM_LOGIN_CSRF)=.*">
|
594
|
+
<description>Zimbra</description>
|
595
|
+
<example cookie="ZM_TEST">ZM_TEST=true;Secure</example>
|
596
|
+
<example cookie="ZM_LOGIN_CSRF">ZM_LOGIN_CSRF=38ef0bea-a4c3-4f41-9ac3-73d7622f3131;Secure;HttpOnly</example>
|
401
597
|
<param pos="1" name="cookie"/>
|
598
|
+
<param pos="0" name="service.vendor" value="Synacor"/>
|
599
|
+
<param pos="0" name="service.product" value="Zimbra Collaboration Suite"/>
|
600
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:synacor:zimbra_collaboration_suite:-"/>
|
601
|
+
</fingerprint>
|
602
|
+
|
603
|
+
<fingerprint pattern="^_ZopeId=.*">
|
604
|
+
<description>Zope</description>
|
605
|
+
<example>_ZopeId="91304233A995SVLz3SI"; Path=/</example>
|
606
|
+
<param pos="0" name="cookie" value="_ZopeId"/>
|
402
607
|
<param pos="0" name="service.family" value="Zope"/>
|
403
608
|
<param pos="0" name="service.product" value="Zope"/>
|
404
609
|
</fingerprint>
|