recog 2.3.15 → 2.3.20

Sign up to get free protection for your applications and to get access to all the features.
Files changed (53) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ci.yml +26 -0
  3. data/.snyk +10 -0
  4. data/LICENSE +1 -1
  5. data/bin/recog_standardize +8 -2
  6. data/cpe-remap.yaml +314 -170
  7. data/identifiers/README.md +24 -10
  8. data/identifiers/fields.txt +104 -0
  9. data/identifiers/hw_device.txt +5 -4
  10. data/identifiers/hw_family.txt +17 -0
  11. data/identifiers/hw_product.txt +87 -6
  12. data/identifiers/os_architecture.txt +0 -10
  13. data/identifiers/os_device.txt +12 -31
  14. data/identifiers/os_family.txt +2 -94
  15. data/identifiers/os_product.txt +45 -124
  16. data/identifiers/service_family.txt +14 -37
  17. data/identifiers/service_product.txt +283 -88
  18. data/identifiers/vendor.txt +99 -192
  19. data/lib/recog/version.rb +1 -1
  20. data/requirements.txt +1 -1
  21. data/update_cpes.py +110 -49
  22. data/xml/apache_modules.xml +60 -0
  23. data/xml/dns_versionbind.xml +40 -17
  24. data/xml/favicons.xml +163 -20
  25. data/xml/ftp_banners.xml +25 -25
  26. data/xml/hp_pjl_id.xml +1 -1
  27. data/xml/html_title.xml +561 -51
  28. data/xml/http_cookies.xml +266 -61
  29. data/xml/http_servers.xml +472 -96
  30. data/xml/http_wwwauth.xml +53 -26
  31. data/xml/ldap_searchresult.xml +10 -6
  32. data/xml/mdns_device-info_txt.xml +308 -10
  33. data/xml/ntp_banners.xml +15 -1
  34. data/xml/operating_system.xml +1 -0
  35. data/xml/rtsp_servers.xml +7 -0
  36. data/xml/sip_banners.xml +346 -8
  37. data/xml/sip_user_agents.xml +321 -7
  38. data/xml/smb_native_lm.xml +32 -1
  39. data/xml/smb_native_os.xml +158 -33
  40. data/xml/smtp_banners.xml +48 -7
  41. data/xml/smtp_expn.xml +1 -0
  42. data/xml/smtp_help.xml +2 -0
  43. data/xml/smtp_vrfy.xml +3 -1
  44. data/xml/snmp_sysdescr.xml +211 -42
  45. data/xml/ssh_banners.xml +127 -14
  46. data/xml/telnet_banners.xml +44 -14
  47. data/xml/tls_jarm.xml +140 -0
  48. data/xml/x509_issuers.xml +179 -7
  49. data/xml/x509_subjects.xml +252 -35
  50. metadata +6 -5
  51. data/identifiers/software_class.txt +0 -26
  52. data/identifiers/software_family.txt +0 -91
  53. data/identifiers/software_product.txt +0 -333
data/xml/http_cookies.xml CHANGED
@@ -5,8 +5,71 @@
5
5
  servers.
6
6
  -->
7
7
 
8
+ <fingerprint pattern="^__cfd?uid=">
9
+ <description>CloudFlare web load balancer endpoint</description>
10
+ <example>__cfuid=1337</example>
11
+ <example>__cfduid=dd450f2431e1e611a61a15f68974de9a41618794671; expires=Wed, 19-May-21 01:11:11 GMT; path=/; domain=.foo.bar; HttpOnly; SameSite=Lax</example>
12
+ <param pos="0" name="service.vendor" value="CloudFlare"/>
13
+ <param pos="0" name="service.product" value="CloudFlare Load Balancer"/>
14
+ <param pos="0" name="service.family" value="CloudFlare"/>
15
+ <param pos="0" name="service.cpe23" value="cpe:/a:cloudflare:load_balancing:-"/>
16
+ </fingerprint>
17
+
18
+ <fingerprint pattern="^(AWSALB(?:TG)?(?:CORS)?)=.*$">
19
+ <description>Amazon Application Load Balancer</description>
20
+ <example cookie="AWSALB">AWSALB=791357231C9C446E295988DA51A2CD313D13788329433D96A05631377389B17BF097D4C8A2D0BE5BC4F3C649AED7DFF939364A5790E2EC67F33C4483E2E9DD17E99814071B;PATH=/;HttpOnly;Secure</example>
21
+ <example cookie="AWSALBCORS">AWSALBCORS=D5A3BF7B08C8E0626B1C77DAAEAB0A7542DEB35F43097F06FD3833E22A9BA2543B805B7AE1B6E97F2BE3A701A19AF5D2CC898E0DB5E52055B0B983CC64EAD006CF77C1CF72;PATH=/;SECURE;SAMESITE=None</example>
22
+ <example cookie="AWSALBTGCORS">AWSALBTGCORS=E0+uuQyz1jbU2P5jrIIWTuoK0aAbjfgsuA814N0xT5w9Vu4N61/CZTKT+yxwCfUqIUx/IgZfsDyA24+eSXKFO60aqEbtGPw2Mm4bGNDMVpcZ/yKHzifDPjT7mNQvNVq7xCAed5VgTpMH/nD3D2pLn9+ooJcShVgv+z97rSYAV5C98tecx6Q=; Expires=Mon, 10 May 2021 01:21:27 GMT; Path=/; SameSite=None; Secure</example>
23
+ <param pos="1" name="cookie"/>
24
+ <param pos="0" name="service.vendor" value="Amazon"/>
25
+ <param pos="0" name="service.family" value="Web Services"/>
26
+ <param pos="0" name="service.product" value="Application Load Balancer"/>
27
+ </fingerprint>
28
+
29
+ <fingerprint pattern="^(AWSELB(?:CORS)?)=.*$">
30
+ <description>Amazon Elastic Load Balancer</description>
31
+ <example cookie="AWSELB">AWSELB=791357231C9C446E295988DA51A2CD313D13788329433D96A05631377389B17BF097D4C8A2D0BE5BC4F3C649AED7DFF939364A5790E2EC67F33C4483E2E9DD17E99814071B;PATH=/;HttpOnly;Secure</example>
32
+ <example cookie="AWSELBCORS">AWSELBCORS=D5A3BF7B08C8E0626B1C77DAAEAB0A7542DEB35F43097F06FD3833E22A9BA2543B805B7AE1B6E97F2BE3A701A19AF5D2CC898E0DB5E52055B0B983CC64EAD006CF77C1CF72;PATH=/;SECURE;SAMESITE=None</example>
33
+ <param pos="1" name="cookie"/>
34
+ <param pos="0" name="service.vendor" value="Amazon"/>
35
+ <param pos="0" name="service.family" value="Web Services"/>
36
+ <param pos="0" name="service.product" value="Elastic Load Balancer"/>
37
+ </fingerprint>
38
+
39
+ <fingerprint pattern="^(PHPSESSI(?:D|ON))=.*">
40
+ <description>PHP - http://www.php.net/ref.session</description>
41
+ <example cookie="PHPSESSID">PHPSESSID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/</example>
42
+ <example cookie="PHPSESSION">PHPSESSION=vt2ag6n7t6ngvlg8adk4860h46; path=/</example>
43
+ <param pos="1" name="cookie"/>
44
+ <param pos="0" name="service.vendor" value="PHP"/>
45
+ <param pos="0" name="service.family" value="PHP"/>
46
+ <param pos="0" name="service.product" value="PHP"/>
47
+ <param pos="0" name="service.cpe23" value="cpe:/a:php:php:-"/>
48
+ </fingerprint>
49
+
50
+ <fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=.*">
51
+ <description>Microsoft IIS (ASP.NET)
52
+ http://msdn2.microsoft.com/en-us/library/ms953828.aspx
53
+ http://msdn2.microsoft.com/en-us/library/91ka2e6a.aspx
54
+ </description>
55
+ <example cookie="ASPSESSIONIDQSBRRTTB">ASPSESSIONIDQSBRRTTB=BECILMBCPMGHJGAHKCHNGENF; path=/</example>
56
+ <example cookie="ASP.NET_SessionId">ASP.NET_SessionId=00nxm4qqh2tdjl0p52m10edv</example>
57
+ <example cookie=".ASPXANONYMOUS">.ASPXANONYMOUS=5ts5UmJr1wEkAAAAMmY0Y2EwNTUtZGZhYi00YTFlLTlmNzAtYmEwNjdiYTgxZDA40; expires=Sun, 27-Jun-2021 14:40:06 GMT; path=/; HttpOnly</example>
58
+ <param pos="1" name="cookie"/>
59
+ <param pos="0" name="service.vendor" value="Microsoft"/>
60
+ <param pos="0" name="service.family" value="IIS"/>
61
+ <param pos="0" name="service.product" value="IIS"/>
62
+ <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:-"/>
63
+ <param pos="0" name="service.component.vendor" value="Microsoft"/>
64
+ <param pos="0" name="service.component.family" value="ASP.NET"/>
65
+ <param pos="0" name="service.component.product" value="ASP.NET"/>
66
+ <param pos="0" name="service.component.cpe23" value="cpe:/a:microsoft:asp.net:-"/>
67
+ </fingerprint>
68
+
8
69
  <fingerprint pattern="^(CFCLIENT_[^=]+|CFGLOBALS|CFID|CFTOKEN)=.*">
9
70
  <description>Adobe (Macromedia) ColdFusion uses various cookies</description>
71
+ <example cookie="CFTOKEN">CFTOKEN=f3863673461e83d7-8B854468-1866-DAAC-99FBB842C6018037;expires=Mon, 01-Aug-2050 01:05:45 GMT;path=/;HttpOnly;</example>
72
+ <example cookie="CFCLIENT_FOO_CORP">CFCLIENT_FOO_CORP=preflanguage%3DEN%23; Expires=Wed, 12-Apr-2051 01:11:37 GMT; Path=/</example>
10
73
  <param pos="1" name="cookie"/>
11
74
  <param pos="0" name="service.vendor" value="Adobe"/>
12
75
  <param pos="0" name="service.family" value="ColdFusion"/>
@@ -33,9 +96,10 @@
33
96
  <param pos="0" name="service.cpe23" value="cpe:/a:apache:http_server:-"/>
34
97
  </fingerprint>
35
98
 
36
- <fingerprint pattern="^(JServSessionIdroot)=.*">
99
+ <fingerprint pattern="^JServSessionIdroot=.*">
37
100
  <description>Apache JServ</description>
38
- <param pos="1" name="cookie"/>
101
+ <example>JServSessionIdroot=tphxjy73e1.JS1; path=/</example>
102
+ <param pos="0" name="cookie" value="JServSessionIdroot"/>
39
103
  <param pos="0" name="service.vendor" value="Apache"/>
40
104
  <param pos="0" name="service.family" value="JServ"/>
41
105
  <param pos="0" name="service.product" value="JServ"/>
@@ -43,12 +107,22 @@
43
107
 
44
108
  <fingerprint pattern="^(ATG_SESSION_ID|DYN_USER_CONFIRM|DYN_USER_ID)=.*">
45
109
  <description>ATG Dynamo</description>
110
+ <example cookie="ATG_SESSION_ID">ATG_SESSION_ID=yuAUs8xnkzLaF8P3Zk1v5hR28XB4dKsOKZ4jCkVO; path=/</example>
46
111
  <param pos="1" name="cookie"/>
47
112
  <param pos="0" name="service.vendor" value="ATG"/>
48
113
  <param pos="0" name="service.family" value="Dynamo"/>
49
114
  <param pos="0" name="service.product" value="Dynamo"/>
50
115
  </fingerprint>
51
116
 
117
+ <fingerprint pattern="^Bugzilla_login_request_cookie=.*">
118
+ <description>Bugzilla</description>
119
+ <example>Bugzilla_login_request_cookie=ylMVo9ZDtd; path=/; secure</example>
120
+ <param pos="0" name="cookie" value="Bugzilla_login_request_cookie"/>
121
+ <param pos="0" name="service.vendor" value="Mozilla"/>
122
+ <param pos="0" name="service.product" value="Bugzilla"/>
123
+ <param pos="0" name="service.cpe23" value="cpe:/a:mozilla:bugzilla:-"/>
124
+ </fingerprint>
125
+
52
126
  <fingerprint pattern="^(WebLogicSession)=[^!]+![^!]+!([0-9]+);.*">
53
127
  <description>BEA WebLogic (with timestamp)</description>
54
128
  <param pos="1" name="cookie"/>
@@ -76,9 +150,10 @@
76
150
  <param pos="0" name="service.product" value="Proxy"/>
77
151
  </fingerprint>
78
152
 
79
- <fingerprint pattern="^(CAKEPHP)=.*">
153
+ <fingerprint pattern="^CAKEPHP=.*">
80
154
  <description>CakePHP - http://www.cakephp.org/</description>
81
- <param pos="1" name="cookie"/>
155
+ <example>CAKEPHP=03bgv7jqfurftnm5crn3lc0ob1; expires=Mon, 19-Apr-2021 08:56:06 GMT; Max-Age=14400; path=/; HttpOnly</example>
156
+ <param pos="0" name="cookie" value="CAKEPHP"/>
82
157
  <param pos="0" name="service.family" value="PHP"/>
83
158
  <param pos="0" name="service.product" value="CakePHP"/>
84
159
  </fingerprint>
@@ -91,19 +166,21 @@
91
166
  http://www.cisco.com/warp/public/117/AP_cookies.html
92
167
  -->
93
168
 
94
- <fingerprint pattern="^(ARPT)=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]+.*">
169
+ <fingerprint pattern="^ARPT=([A-Z]+)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})[A-Z]+.*">
95
170
  <description>Cisco 11000 Series Content Service Switch (CSS)</description>
96
- <param pos="1" name="cookie"/>
97
- <param pos="2" name="host.id"/>
98
- <param pos="3" name="host.ip"/>
171
+ <example host.id="FOOOB" host.ip="192.168.15.52">ARPT=FOOOB192.168.15.52CKOKM; path=/</example>
172
+ <param pos="0" name="cookie" value="ARPT"/>
173
+ <param pos="1" name="host.id"/>
174
+ <param pos="2" name="host.ip"/>
99
175
  <param pos="0" name="service.vendor" value="Cisco"/>
100
176
  <param pos="0" name="service.family" value="Content Service Switch"/>
101
177
  <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
102
178
  </fingerprint>
103
179
 
104
- <fingerprint pattern="^(ARPT)=.*">
180
+ <fingerprint pattern="^ARPT=.*">
105
181
  <description>Cisco 11000 Series Content Service Switch (CSS) - catch all variant</description>
106
- <param pos="1" name="cookie"/>
182
+ <example>ARPT=388766892.51247.0000; path=/; Httponly/</example>
183
+ <param pos="0" name="cookie" value="ARPT"/>
107
184
  <param pos="0" name="service.vendor" value="Cisco"/>
108
185
  <param pos="0" name="service.family" value="Content Service Switch"/>
109
186
  <param pos="0" name="service.product" value="11000 Series Content Service Switch"/>
@@ -122,7 +199,7 @@
122
199
  <param pos="0" name="os.vendor" value="Cisco"/>
123
200
  <param pos="0" name="os.family" value="Adaptive Security Appliance"/>
124
201
  <param pos="0" name="os.product" value="Adaptive Security Appliance"/>
125
- <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance:-"/>
202
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance_software:-"/>
126
203
  <param pos="0" name="hw.vendor" value="Cisco"/>
127
204
  <param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
128
205
  <param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
@@ -130,9 +207,9 @@
130
207
  <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
131
208
  </fingerprint>
132
209
 
133
- <fingerprint pattern="^(st8id)=.*">
210
+ <fingerprint pattern="^st8id=.*">
134
211
  <description>Citrix Application Protection System, Enterprise - http://support.citrix.com/article/CTX109330</description>
135
- <param pos="1" name="cookie"/>
212
+ <param pos="0" name="cookie" value="st8id"/>
136
213
  <param pos="0" name="service.vendor" value="Citrix"/>
137
214
  <param pos="0" name="service.family" value="Application Protection System"/>
138
215
  <param pos="0" name="service.product" value="Application Protection System, Enterprise"/>
@@ -146,6 +223,7 @@
146
223
  <param pos="0" name="os.family" value="NetScaler"/>
147
224
  <param pos="0" name="os.device" value="Network Management Device"/>
148
225
  <param pos="0" name="os.product" value="NetScaler"/>
226
+ <param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_firmware:-"/>
149
227
  <param pos="0" name="service.vendor" value="Citrix"/>
150
228
  <param pos="0" name="service.family" value="NetScaler"/>
151
229
  <param pos="0" name="service.device" value="Network Management Device"/>
@@ -156,20 +234,42 @@
156
234
  <fingerprint pattern="^DSSignInURL=/">
157
235
  <description>Pulse Secure VPN</description>
158
236
  <example>DSSignInURL=/; path=/; secure</example>
237
+ <param pos="0" name="service.vendor" value="Pulse Secure"/>
238
+ <param pos="0" name="service.product" value="Pulse Connect Secure"/>
239
+ <param pos="0" name="service.cpe23" value="cpe:/a:pulsesecure:pulse_connect_secure:-"/>
159
240
  <param pos="0" name="os.vendor" value="Pulse Secure"/>
160
241
  <param pos="0" name="os.family" value="SSL-VPN"/>
161
242
  <param pos="0" name="os.device" value="SSL-VPN"/>
162
- <param pos="0" name="os.product" value="SSL-VPN"/>
243
+ <param pos="0" name="os.product" value="Pulse Connect Secure"/>
244
+ </fingerprint>
245
+
246
+ <fingerprint pattern="^DokuWiki=.*">
247
+ <description>Dokuwiki</description>
248
+ <example>DokuWiki=t8l1aev7703vbtejovp165pv01; path=/; secure</example>
249
+ <param pos="0" name="cookie" value="DokuWiki"/>
250
+ <param pos="0" name="service.vendor" value="Dokuwiki"/>
251
+ <param pos="0" name="service.product" value="Dokuwiki"/>
252
+ <param pos="0" name="service.cpe23" value="cpe:/a:dokuwiki:dokuwiki:-"/>
163
253
  </fingerprint>
164
254
 
165
255
  <fingerprint pattern="^(EktGUID|ecm)=.*">
166
256
  <description>Ektron CMS400.net</description>
257
+ <example cookie="EktGUID">EktGUID=382107cc-a38d-4d25-8182-3748834e21c8; expires=Tue, 19-Apr-2022 03:12:15 GMT; path=/</example>
167
258
  <param pos="1" name="cookie"/>
168
259
  <param pos="0" name="service.vendor" value="Ektron"/>
169
260
  <param pos="0" name="service.family" value="CMS400.NET"/>
170
261
  <param pos="0" name="service.product" value="CMS400.NET"/>
171
262
  </fingerprint>
172
263
 
264
+ <fingerprint pattern="^FESESSIONID=">
265
+ <description>Atlanssian's Fisheye</description>
266
+ <example>FESESSIONID=133713381337</example>
267
+ <param pos="0" name="cookie" value="FESESSIONID"/>
268
+ <param pos="0" name="service.vendor" value="Atlassian"/>
269
+ <param pos="0" name="service.product" value="Fisheye"/>
270
+ <param pos="0" name="service.cpe23" value="cpe:/a:atlassian:fisheye:-"/>
271
+ </fingerprint>
272
+
173
273
  <fingerprint pattern="(?i)^(BIGipServer([^=]+))=.*">
174
274
  <description>F5 BIG-IP LTM - Server variant</description>
175
275
  <example loadbalancer.poolname="CustomerRP">BigIpServerCustomerRP=5a; path=/; domain=.foo.bar; secure; HttpOnly</example>
@@ -181,8 +281,19 @@
181
281
  <param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
182
282
  </fingerprint>
183
283
 
184
- <fingerprint pattern="^(BigIPCookie)=.*">
284
+ <fingerprint pattern="^i_like_gogits=.*">
285
+ <description>Gogs</description>
286
+ <example>i_like_gogits=fc3914645f1d5c76; Path=/; HttpOnly</example>
287
+ <param pos="0" name="cookie" value="i_like_gogits"/>
288
+ <param pos="0" name="service.vendor" value="Gogs"/>
289
+ <param pos="0" name="service.product" value="Gogs"/>
290
+ <param pos="0" name="service.cpe23" value="cpe:/a:gogs:gogs:-"/>
291
+ </fingerprint>
292
+
293
+ <fingerprint pattern="^(BigIPCookie[^=]*)=.*">
185
294
  <description>F5 BIG-IP LTM</description>
295
+ <example cookie="BigIPCookie">BigIPCookie=855248779.20480.0000; path=/; Httponly</example>
296
+ <example cookie="BigIPCookie_foo_corp_prod">BigIPCookie_foo_corp_prod=!tJHKH9zIwsUuJYJ38CCV0XSqmJXsZVQaOjj/m/SBSTQTg21/S+s2gmbsoGwwKXr5Tj9e0ijWZWItfA==; path=/; Httponly</example>
186
297
  <param pos="1" name="cookie"/>
187
298
  <param pos="0" name="service.vendor" value="F5"/>
188
299
  <param pos="0" name="service.family" value="BIG-IP"/>
@@ -190,10 +301,40 @@
190
301
  <param pos="0" name="service.cpe23" value="cpe:/a:f5:big-ip_local_traffic_manager:-"/>
191
302
  </fingerprint>
192
303
 
193
- <fingerprint pattern="^(SERVERID)=([A-Za-z0-9\-_]+)">
304
+ <fingerprint pattern="^flyspray_project=">
305
+ <description>Flyspray</description>
306
+ <example>flyspray_project=133713381234; Path=/; HttpOnly</example>
307
+ <param pos="0" name="cookie" value="flyspray_project"/>
308
+ <param pos="0" name="service.vendor" value="Flyspray"/>
309
+ <param pos="0" name="service.product" value="Flyspray"/>
310
+ <param pos="0" name="service.cpe23" value="cpe:/a:flyspray:flyspray:-"/>
311
+ </fingerprint>
312
+
313
+ <fingerprint pattern="^i_like_gitea=.*">
314
+ <description>Gitea</description>
315
+ <example>i_like_gitea=fc39d4645b1d5c7c; Path=/</example>
316
+ <param pos="0" name="cookie" value="i_like_gitea"/>
317
+ <param pos="0" name="service.vendor" value="Gitea"/>
318
+ <param pos="0" name="service.product" value="Gitea"/>
319
+ <param pos="0" name="service.certainty" value="0.5"/>
320
+ <param pos="0" name="service.cpe23" value="cpe:/a:gitea:gitea:-"/>
321
+ </fingerprint>
322
+
323
+ <fingerprint pattern="^_gitlab_session=.*">
324
+ <description>GitLab</description>
325
+ <example>_gitlab_session=032d024e9c2445b595e68255da9e6835; path=/; expires=Mon, 26 Apr 2021 03:09:57 -0000; HttpOnly</example>
326
+ <param pos="0" name="cookie" value="_gitlab_session"/>
327
+ <param pos="0" name="service.vendor" value="GitLab"/>
328
+ <param pos="0" name="service.product" value="GitLab"/>
329
+ <param pos="0" name="service.certainty" value="0.5"/>
330
+ <param pos="0" name="service.cpe23" value="cpe:/a:gitlab:gitlab:-"/>
331
+ </fingerprint>
332
+
333
+ <fingerprint pattern="^SERVERID=([A-Za-z0-9\-_]+)">
194
334
  <description>HAProxy - http://haproxy.1wt.eu/download/1.2/doc/architecture.txt</description>
195
- <param pos="1" name="cookie"/>
196
- <param pos="2" name="host.name"/>
335
+ <example host.name="foo1">SERVERID=foo1; path=/</example>
336
+ <param pos="0" name="cookie" value="SERVERID"/>
337
+ <param pos="1" name="host.name"/>
197
338
  <param pos="0" name="service.family" value="HAProxy"/>
198
339
  <param pos="0" name="service.product" value="HAProxy"/>
199
340
  </fingerprint>
@@ -202,6 +343,7 @@
202
343
  <description>IBM Tivoli Access Manager for e-business WebSEAL
203
344
  http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin180.htm
204
345
  </description>
346
+ <example cookie="AMWEBJCT!%2F4plportal!JSESSIONID" junction.name="%2F4plportal" junction.cookie="JSESSIONID">AMWEBJCT!%2F4plportal!JSESSIONID=fQDCzpljFPMhMVaDUOD+uOBe.undefined; Path=/</example>
205
347
  <param pos="1" name="cookie"/>
206
348
  <param pos="2" name="junction.name"/>
207
349
  <param pos="3" name="junction.cookie"/>
@@ -214,15 +356,17 @@
214
356
  <description>IBM Tivoli Access Manager for e-business WebSeal
215
357
  http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_webseal_admin117.htm
216
358
  </description>
359
+ <example cookie="PD-S-SESSION-ID">PD-S-SESSION-ID=1_2_0_xRzIc55lBOTYkrYfW+qWHWGgdqlVKeEgwrhtKt+KRfq8R3lW; Path=/; Secure; HttpOnly</example>
360
+ <example cookie="PD_STATEFUL_db45742c-3e5b-11e9-91da-00505682181c">PD_STATEFUL_db45742c-3e5b-11e9-91da-00505682181c=%2F; Path=/</example>
217
361
  <param pos="1" name="cookie"/>
218
362
  <param pos="0" name="service.vendor" value="IBM"/>
219
363
  <param pos="0" name="service.family" value="Tivoli"/>
220
364
  <param pos="0" name="service.product" value="Tivoli Access Manager for e-business WebSEAL"/>
221
365
  </fingerprint>
222
366
 
223
- <fingerprint pattern="^(IBMCBR)=.*">
367
+ <fingerprint pattern="^IBMCBR=.*">
224
368
  <description>IBM WebSphere Load Balancer</description>
225
- <param pos="1" name="cookie"/>
369
+ <param pos="0" name="cookie" value="IBMCBR"/>
226
370
  <param pos="0" name="service.vendor" value="IBM"/>
227
371
  <param pos="0" name="service.family" value="WebSphere"/>
228
372
  <param pos="0" name="service.product" value="WebSphere Load Balancer"/>
@@ -230,11 +374,19 @@
230
374
 
231
375
  <fingerprint pattern="^(mbfcookie(?:\[lang\])?)=.*">
232
376
  <description>Joom!Fish http://www.joomfish.net/</description>
377
+ <example cookie="mbfcookie">mbfcookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/</example>
378
+ <example cookie="mbfcookie[lang]">mbfcookie[lang]=pt_BR; expires=Tue, 20-Apr-2021 03:30:47 GMT; path=/</example>
233
379
  <param pos="1" name="cookie"/>
234
380
  <param pos="0" name="service.family" value="Joom!Fish"/>
235
381
  <param pos="0" name="service.product" value="Joom!Fish"/>
236
382
  </fingerprint>
237
383
 
384
+ <fingerprint pattern="^_mastodon_session=">
385
+ <description>Mastodon</description>
386
+ <param pos="0" name="cookie" value="_mastodon_session"/>
387
+ <param pos="0" name="service.product" value="Mastodon"/>
388
+ </fingerprint>
389
+
238
390
  <fingerprint pattern="^(MSCSAuth|MSCSProfile)=.*">
239
391
  <description>Microsoft Commerce Server - http://msdn2.microsoft.com/en-us/library/ms953828.aspx</description>
240
392
  <param pos="1" name="cookie"/>
@@ -244,30 +396,35 @@
244
396
  <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:commerce_server:-"/>
245
397
  </fingerprint>
246
398
 
247
- <fingerprint pattern="^(ASPSESSIONID[A-Z]+|ASP\.NET_SessionId|\.ASPXANONYMOUS)=.*">
248
- <description>Microsoft IIS (ASP.NET)
249
- http://msdn2.microsoft.com/en-us/library/ms953828.aspx
250
- http://msdn2.microsoft.com/en-us/library/91ka2e6a.aspx
251
- </description>
399
+ <fingerprint pattern="^(nc_sameSiteCookiestrict|nc_sameSiteCookielax|oc_sessionPassphrase)=.*">
400
+ <description>Nextcloud</description>
401
+ <example cookie="nc_sameSiteCookiestrict">nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict</example>
402
+ <example cookie="nc_sameSiteCookielax">nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax</example>
403
+ <example>oc_sessionPassphrase=Y%2BZjBn8Gn%2B8jIJPVx468Tlt8qDNm%2B5IVXLxgtwlY%2BQU2T7edVmDS4091nQrT; path=/nextcloud; secure; HttpOnly</example>
252
404
  <param pos="1" name="cookie"/>
253
- <param pos="0" name="service.vendor" value="Microsoft"/>
254
- <param pos="0" name="service.family" value="IIS"/>
255
- <param pos="0" name="service.product" value="IIS"/>
256
- <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:iis:-"/>
257
- <param pos="0" name="service.component.vendor" value="Microsoft"/>
258
- <param pos="0" name="service.component.family" value="ASP.NET"/>
259
- <param pos="0" name="service.component.product" value="ASP.NET"/>
260
- <param pos="0" name="service.component.cpe23" value="cpe:/a:microsoft:asp.net:-"/>
405
+ <param pos="0" name="service.vendor" value="Nextcloud"/>
406
+ <param pos="0" name="service.product" value="Nextcloud Server"/>
407
+ <param pos="0" name="service.cpe23" value="cpe:/a:nextcloud:nextcloud_server:-"/>
261
408
  </fingerprint>
262
409
 
263
- <fingerprint pattern="^(AlteonP)=.*">
410
+ <fingerprint pattern="^AlteonP=.*">
264
411
  <description>Nortel Alteon Web Switch</description>
265
- <param pos="1" name="cookie"/>
412
+ <example>AlteonP=c46736793e45929dbaeebabb; path=</example>
413
+ <param pos="0" name="cookie" value="AlteonP"/>
266
414
  <param pos="0" name="service.vendor" value="Nortel"/>
267
415
  <param pos="0" name="service.family" value="Alteon"/>
268
416
  <param pos="0" name="service.product" value="Alteon Web Switch"/>
269
417
  </fingerprint>
270
418
 
419
+ <fingerprint pattern="^OBSID=.*">
420
+ <description>Observium</description>
421
+ <example>OBSID=gud74jg1slhskdo7idqgklkamm6g3908; expires=Tue, 20-Apr-2021 01:31:27 GMT; Max-Age=86400; path=/; HttpOnly</example>
422
+ <param pos="0" name="cookie" value="OBSID"/>
423
+ <param pos="0" name="service.vendor" value="Observium"/>
424
+ <param pos="0" name="service.product" value="Observium"/>
425
+ <param pos="0" name="service.cpe23" value="cpe:/a:observium:observium:-"/>
426
+ </fingerprint>
427
+
271
428
  <fingerprint pattern="^((?:SS_X_)?CSINTERSESSIONID)=.*">
272
429
  <description>OpenMarket/FatWire Content Server (www.fatwire.com)</description>
273
430
  <param pos="1" name="cookie"/>
@@ -276,42 +433,46 @@
276
433
  <param pos="0" name="service.product" value="Content Server"/>
277
434
  </fingerprint>
278
435
 
279
- <fingerprint pattern="^(parkinglot)=.*">
436
+ <fingerprint pattern="^parkinglot=.*">
280
437
  <description>Oversee Webserver</description>
281
- <param pos="1" name="cookie"/>
438
+ <param pos="0" name="cookie" value="parkinglot"/>
282
439
  <param pos="0" name="service.vendor" value="Oversee"/>
283
440
  <param pos="0" name="service.family" value="Webserver"/>
284
441
  <param pos="0" name="service.product" value="Webserver"/>
285
442
  </fingerprint>
286
443
 
287
- <fingerprint pattern="^(PHPSESSID|PHPSESSION)=.*">
288
- <description>PHP - http://www.php.net/ref.session</description>
289
- <param pos="1" name="cookie"/>
290
- <param pos="0" name="service.vendor" value="PHP"/>
291
- <param pos="0" name="service.family" value="PHP"/>
292
- <param pos="0" name="service.product" value="PHP"/>
293
- <param pos="0" name="service.cpe23" value="cpe:/a:php:php:-"/>
444
+ <fingerprint pattern="^phsid=.*">
445
+ <description>Phabricator</description>
446
+ <example>phsid=A%2Fxesybc4bypb74dlgojdgw2edct6osflno25h2fw7</example>
447
+ <param pos="0" name="cookie" value="phsid"/>
448
+ <param pos="0" name="service.vendor" value="Phacility"/>
449
+ <param pos="0" name="service.family" value="Phabricator"/>
450
+ <param pos="0" name="service.product" value="Phabricator"/>
451
+ <param pos="0" name="service.cpe23" value="cpe:/a:phacility:phabricator:-"/>
294
452
  </fingerprint>
295
453
 
296
- <fingerprint pattern="^(RMID)=.*">
454
+ <fingerprint pattern="^RMID=.*">
297
455
  <description>RealMedia OpenAdStream</description>
298
- <param pos="1" name="cookie"/>
456
+ <example>RMID=36c12633607cf7a0; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.foo.bar</example>
457
+ <param pos="0" name="cookie" value="RMID"/>
299
458
  <param pos="0" name="service.vendor" value="RealMedia"/>
300
459
  <param pos="0" name="service.family" value="OpenAdStream"/>
301
460
  <param pos="0" name="service.product" value="OpenAdStream"/>
302
461
  </fingerprint>
303
462
 
304
- <fingerprint pattern="^(RoxenUserID)=.*">
463
+ <fingerprint pattern="^RoxenUserID=.*">
305
464
  <description>Roxen WebServer</description>
306
- <param pos="1" name="cookie"/>
465
+ <example>RoxenUserID=c70fd536bc9e1342ce2a608b10547f88; expires=Wed, 19 Apr 2023 02:44:41 GMT; path=/</example>
466
+ <param pos="0" name="cookie" value="RoxenUserID"/>
307
467
  <param pos="0" name="service.vendor" value="Roxen"/>
308
468
  <param pos="0" name="service.family" value="WebServer"/>
309
469
  <param pos="0" name="service.product" value="WebServer"/>
310
470
  </fingerprint>
311
471
 
312
- <fingerprint pattern="^(_sn)=.*">
472
+ <fingerprint pattern="^_sn=.*">
313
473
  <description>Siebel CRM</description>
314
- <param pos="1" name="cookie"/>
474
+ <example>_sn=e7139835ca75f921e25c364d4a8fef48; path=/; expires=Mon, 19 Apr 2021 06:06:58 GMT; HttpOnly</example>
475
+ <param pos="0" name="cookie" value="_sn"/>
315
476
  <param pos="0" name="service.vendor" value="Siebel"/>
316
477
  <param pos="0" name="service.family" value="CRM"/>
317
478
  <param pos="0" name="service.product" value="CRM"/>
@@ -329,9 +490,9 @@
329
490
 
330
491
  -->
331
492
 
332
- <fingerprint pattern="^(NSES40Session)=.*">
493
+ <fingerprint pattern="^NSES40Session=.*">
333
494
  <description>Netscape Enterprise Server (subsequently iPlanet Web Server, Sun ONE Web Server, presently Sun Java System Web Server)</description>
334
- <param pos="1" name="cookie"/>
495
+ <param pos="0" name="cookie" value="NSES40Session"/>
335
496
  <param pos="0" name="service.vendor" value="Sun"/>
336
497
  <param pos="0" name="service.family" value="Java System Web Server"/>
337
498
  <param pos="0" name="service.product" value="Java System Web Server"/>
@@ -339,6 +500,24 @@
339
500
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_web_server:4.0"/>
340
501
  </fingerprint>
341
502
 
503
+ <fingerprint pattern="^_redmine_session=.*">
504
+ <description>Redmine</description>
505
+ <example>_redmine_session=BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJWY2MGY5MTJiZjg0NGU1ZmQxZWI2OTViNzAxYjU4NTRiBjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMW1kV3Z5NDl6eVkwWDl4bFQvMUxSSmxmbjhhaDR1WWxERWUrMFQ4dVcvS0k9BjsARg%3D%3D--ce5f52d49b68e30a7ec34b75bf456d6c79d234d2; path=/; HttpOnly</example>
506
+ <param pos="0" name="cookie" value="_redmine_session"/>
507
+ <param pos="0" name="service.vendor" value="Redmine"/>
508
+ <param pos="0" name="service.product" value="Redmine"/>
509
+ <param pos="0" name="service.cpe23" value="cpe:/a:redmine:redmine:-"/>
510
+ </fingerprint>
511
+
512
+ <fingerprint pattern="^(syracuse\.sid\.\d+)=">
513
+ <description>Sage X3 Syracuse Web Server</description>
514
+ <example cookie="syracuse.sid.8124">syracuse.sid.8124=8b102bf7-327c-4962-9279-550e72afcaa9; path=/; HttpOnly</example>
515
+ <param pos="1" name="cookie"/>
516
+ <param pos="0" name="service.vendor" value="Sage"/>
517
+ <param pos="0" name="service.family" value="Sage X3 Syracuse Web Server"/>
518
+ <param pos="0" name="service.product" value="Sage X3 Syracuse Web Server"/>
519
+ </fingerprint>
520
+
342
521
  <fingerprint pattern="^(gx_session_id|JROUTE)=.*">
343
522
  <description>Sun Java System Application Server (formerly iPlanet Application Server, Sun ONE Application Server)</description>
344
523
  <param pos="1" name="cookie"/>
@@ -348,17 +527,19 @@
348
527
  <param pos="0" name="service.cpe23" value="cpe:/a:sun:java_system_application_server:-"/>
349
528
  </fingerprint>
350
529
 
351
- <fingerprint pattern="^(fe_typo_user)=.*">
530
+ <fingerprint pattern="^fe_typo_user=.*">
352
531
  <description>TYPO3 CMS - http://typo3.com/</description>
353
- <param pos="1" name="cookie"/>
532
+ <example>fe_typo_user=aae725f7dcb8cb5215e64f66d4584cc92; path=/</example>
533
+ <param pos="0" name="cookie" value="fe_typo_user"/>
354
534
  <param pos="0" name="service.vendor" value="TYPO3"/>
355
535
  <param pos="0" name="service.family" value="CMS"/>
356
536
  <param pos="0" name="service.product" value="CMS"/>
357
537
  </fingerprint>
358
538
 
359
- <fingerprint pattern="^(SaneID)=.*">
539
+ <fingerprint pattern="^SaneID=.*">
360
540
  <description>Unica NetTracker - http://netinsight.unica.com/Products/NetTracker.cfm</description>
361
- <param pos="1" name="cookie"/>
541
+ <example>SaneID=10.1.1.223.1618798365976948; path=/; domain=.foo.bar</example>
542
+ <param pos="0" name="cookie" value="SaneID"/>
362
543
  <param pos="0" name="service.vendor" value="Unica"/>
363
544
  <param pos="0" name="service.family" value="NetTracker"/>
364
545
  <param pos="0" name="service.product" value="NetTracker"/>
@@ -366,12 +547,23 @@
366
547
 
367
548
  <fingerprint pattern="^(__utm[a-z])=.*">
368
549
  <description>Urchin Tracking Module - http://www.google.com/support/urchin45/bin/answer.py?answer=28307&amp;topic=7425</description>
550
+ <example cookie="__utmp">__utmp=2071164266.582676006.3393543082; path=/; domain=.foo.bar</example>
369
551
  <param pos="1" name="cookie"/>
370
552
  <param pos="0" name="service.vendor" value="Google"/>
371
553
  <param pos="0" name="service.family" value="Urchin"/>
372
554
  <param pos="0" name="service.product" value="Urchin Tracking Module"/>
373
555
  </fingerprint>
374
556
 
557
+ <fingerprint pattern="vxoaSessionID=">
558
+ <description>Silver Peak Appliance</description>
559
+ <example>vxoaSessionID=s%3A2650cfe1df092fc617d229d6d6b5dbfc.70yKRpb371czAWFkZWXdNfCSNexQvtiVr%2B3Z51YXbIw; Path=/; HttpOnly; Secure</example>
560
+ <example>vxoaSessionID=s%3A65e39ce7ae15193cb4bb0f812d20105b.qgHrgV4MtPKWeKwBrfynmxZmn5iaegh%2FRP0nV5ntaE8; Path=/; HttpOnly; Secure</example>
561
+ <example>vxoaSessionID=s%3A7e17300953b68c4713990a01bd00aa2b.5mg3edagZCkddCmWqMXbp4AOEzTVby6K2z2jfhal7Uw; Path=/; HttpOnly; Secure</example>
562
+ <param pos="0" name="hw.vendor" value="Silver Peak"/>
563
+ <param pos="0" name="hw.device" value="Network Appliance"/>
564
+ <param pos="0" name="hw.product" value="SD-WAN"/>
565
+ </fingerprint>
566
+
375
567
  <fingerprint pattern="^(vgncontext|vgnvisitor|ssuid)=.*">
376
568
  <description>Vignette</description>
377
569
  <param pos="1" name="cookie"/>
@@ -380,25 +572,38 @@
380
572
  <param pos="0" name="service.product" value="Vignette"/>
381
573
  </fingerprint>
382
574
 
383
- <fingerprint pattern="^(wgSession)=.*">
575
+ <fingerprint pattern="^wgSession=.*">
384
576
  <description>Plain Black WebGUI - http://www.plainblack.com/webgui</description>
385
- <param pos="1" name="cookie"/>
577
+ <example>wgSession=xngFQdcbCap87x6d8qc1YA; path=/; expires=Thu, 17-Apr-2031 02:29:05 GMT</example>
578
+ <param pos="0" name="cookie" value="wgSession"/>
386
579
  <param pos="0" name="service.vendor" value="Plain Black"/>
387
580
  <param pos="0" name="service.family" value="WebGUI"/>
388
581
  <param pos="0" name="service.product" value="WebGUI"/>
389
582
  </fingerprint>
390
583
 
391
- <fingerprint pattern="^(WEBTRENDSID|WEBTRENDS_ID)=.*">
584
+ <fingerprint pattern="^(WEBTRENDS_?ID)=.*">
392
585
  <description>WebTrends</description>
586
+ <example cookie="WEBTRENDS_ID">WEBTRENDS_ID=10.247.9.69.1618795409656141; path=/; expires=Tue, 19-Apr-22 01:23:29 GMT; domain=.foo.bar</example>
393
587
  <param pos="1" name="cookie"/>
394
588
  <param pos="0" name="service.vendor" value="WebTrends"/>
395
589
  <param pos="0" name="service.family" value="WebTrends"/>
396
590
  <param pos="0" name="service.product" value="WebTrends"/>
397
591
  </fingerprint>
398
592
 
399
- <fingerprint pattern="^(_ZopeId)=.*">
400
- <description>Zope</description>
593
+ <fingerprint pattern="^(ZM_TEST|ZM_LOGIN_CSRF)=.*">
594
+ <description>Zimbra</description>
595
+ <example cookie="ZM_TEST">ZM_TEST=true;Secure</example>
596
+ <example cookie="ZM_LOGIN_CSRF">ZM_LOGIN_CSRF=38ef0bea-a4c3-4f41-9ac3-73d7622f3131;Secure;HttpOnly</example>
401
597
  <param pos="1" name="cookie"/>
598
+ <param pos="0" name="service.vendor" value="Synacor"/>
599
+ <param pos="0" name="service.product" value="Zimbra Collaboration Suite"/>
600
+ <param pos="0" name="service.cpe23" value="cpe:/a:synacor:zimbra_collaboration_suite:-"/>
601
+ </fingerprint>
602
+
603
+ <fingerprint pattern="^_ZopeId=.*">
604
+ <description>Zope</description>
605
+ <example>_ZopeId="91304233A995SVLz3SI"; Path=/</example>
606
+ <param pos="0" name="cookie" value="_ZopeId"/>
402
607
  <param pos="0" name="service.family" value="Zope"/>
403
608
  <param pos="0" name="service.product" value="Zope"/>
404
609
  </fingerprint>