RubyGems - recog - Versions diffs - 2.3.17 → 2.3.21 - Mend

recog 2.3.17 → 2.3.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (51) hide show

checksums.yaml +4 -4
data/.github/workflows/ci.yml +26 -0
data/bin/recog_standardize +6 -0
data/cpe-remap.yaml +342 -200
data/identifiers/README.md +24 -10
data/identifiers/fields.txt +104 -0
data/identifiers/hw_device.txt +2 -0
data/identifiers/hw_family.txt +11 -0
data/identifiers/hw_product.txt +71 -0
data/identifiers/os_device.txt +2 -1
data/identifiers/os_family.txt +2 -0
data/identifiers/os_product.txt +36 -8
data/identifiers/service_family.txt +10 -1
data/identifiers/service_product.txt +78 -2
data/identifiers/vendor.txt +55 -0
data/lib/recog/nizer.rb +1 -82
data/lib/recog/version.rb +1 -1
data/requirements.txt +1 -1
data/update_cpes.py +18 -5
data/xml/apache_modules.xml +60 -0
data/xml/apache_os.xml +1 -1
data/xml/dns_versionbind.xml +11 -1
data/xml/favicons.xml +122 -3
data/xml/ftp_banners.xml +62 -51
data/xml/html_title.xml +553 -41
data/xml/http_cookies.xml +262 -61
data/xml/http_servers.xml +478 -108
data/xml/http_wwwauth.xml +36 -9
data/xml/imap_banners.xml +5 -5
data/xml/ldap_searchresult.xml +1 -0
data/xml/mdns_device-info_txt.xml +340 -10
data/xml/mysql_banners.xml +2 -1
data/xml/nntp_banners.xml +1 -1
data/xml/ntp_banners.xml +16 -2
data/xml/operating_system.xml +4 -4
data/xml/pop_banners.xml +4 -4
data/xml/rtsp_servers.xml +7 -0
data/xml/sip_banners.xml +347 -9
data/xml/sip_user_agents.xml +323 -4
data/xml/smb_native_lm.xml +32 -1
data/xml/smb_native_os.xml +160 -33
data/xml/smtp_banners.xml +167 -128
data/xml/smtp_expn.xml +1 -0
data/xml/smtp_vrfy.xml +1 -0
data/xml/snmp_sysdescr.xml +205 -36
data/xml/ssh_banners.xml +139 -25
data/xml/telnet_banners.xml +92 -48
data/xml/tls_jarm.xml +140 -0
data/xml/x509_issuers.xml +201 -2
data/xml/x509_subjects.xml +251 -32
metadata +5 -2

data/xml/mysql_banners.xml CHANGED Viewed

@@ -1354,9 +1354,10 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:10.04"/>
   </fingerprint>
-  <fingerprint pattern="^(?:\d{1,2}\.\d{1,3}\.[a-f\d]{1,3}-)?(\d{1,2}\.\d{1,3}\.[a-f\d]{1,4})-MariaDB-\d\:.*\+maria\~focal$" flags="REG_ICASE">
+  <fingerprint pattern="^(?:\d{1,2}\.\d{1,3}\.[a-f\d]{1,3}-)?(\d{1,2}\.\d{1,3}\.[a-f\d]{1,4})-MariaDB-\d\:.*\+maria\~focal(?:-log)?$" flags="REG_ICASE">
     <description>MariaDB MariaDB on Ubuntu 20.04 (Focal Fossa)</description>
     <example service.version="10.5.2">5.5.5-10.5.2-MariaDB-1:10.5.2+maria~focal</example>
+    <example service.version="10.1.1">5.5.5-10.1.1-MariaDB-1:10.1.1+maria~focal-log</example>
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.vendor" value="MariaDB"/>
     <param pos="0" name="service.family" value="MySQL"/>

data/xml/nntp_banners.xml CHANGED Viewed

@@ -13,7 +13,7 @@
     <param pos="0" name="service.product" value="CCProxy"/>
   </fingerprint>
-  <fingerprint pattern="^(\S+) Lyris ListManager NNTP Service ready">
+  <fingerprint pattern="^(\S{1,512}) Lyris ListManager NNTP Service ready">
     <description>Lyris Listmanager</description>
     <example host.name="blah">blah Lyris ListManager NNTP Service ready (posting ok).</example>
     <param pos="0" name="service.vendor" value="Lyris"/>

data/xml/ntp_banners.xml CHANGED Viewed

@@ -133,7 +133,9 @@
     <param pos="0" name="os.family" value="VMware ESX/ESXi"/>
     <param pos="0" name="os.product" value="VMware ESX Server"/>
     <param pos="2" name="os.arch"/>
+    <param pos="0" name="os.device" value="Hypervisor"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:vmware:esx:-"/>
+    <param pos="0" name="hw.device" value="Hypervisor"/>
   </fingerprint>
   <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;Linux/?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
@@ -339,7 +341,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.10"/>
   </fingerprint>
-  <fingerprint pattern="^.*version=&quot;ntpd ([^ p]+)(:?p[^ &quot;]+)?[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;FreeBSD/?(?:[^ ]+-NETSCALER-([^ ]+))&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+  <fingerprint pattern="^.*version=&quot;ntpd ([^ p]+)(p[^ &quot;]+)?[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;FreeBSD/?(?:[^ ]+-NETSCALER-([^ ]+))&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
     <description>ntpd running on Citrix Netscaler, which is based on FreeBSD</description>
     <example service.version="4.2.6" service.version.version="p2@1.2194" os.arch="i386" os.version="9.3">
       version="ntpd 4.2.6p2@1.2194 Wed Nov 24 15:54:11 UTC 2010 (1)",
@@ -360,6 +362,7 @@
     <param pos="0" name="os.product" value="NetScaler"/>
     <param pos="3" name="os.arch"/>
     <param pos="4" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_firmware:{os.version}"/>
   </fingerprint>
   <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;FreeBSD/?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
@@ -925,6 +928,11 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:{os.version}"/>
   </fingerprint>
+  <!--
+    This may need to be split into ESX and ESXi. ESXi started w/ version 4.1 and
+    all versions 5.x were ESXi only.
+    -->
   <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;VMkernel/?([^ ]+)?&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
     <description>ntpd running on VMware ESXi</description>
     <example>
@@ -939,7 +947,9 @@
     <param pos="0" name="os.product" value="VMware ESXi Server"/>
     <param pos="2" name="os.arch"/>
     <param pos="3" name="os.version"/>
+    <param pos="0" name="os.device" value="Hypervisor"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:vmware:esxi:{os.version}"/>
+    <param pos="0" name="hw.device" value="Hypervisor"/>
   </fingerprint>
   <fingerprint pattern=".*processor=&quot;([^ ]+)&quot;,.*system=&quot;OSF1[/V]?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
@@ -1027,9 +1037,13 @@
     <param pos="0" name="os.vendor" value="NetApp"/>
     <param pos="0" name="os.family" value="Data ONTAP"/>
     <param pos="0" name="os.product" value="Data ONTAP"/>
-    <param pos="0" name="os.device" value="File Server"/>
     <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="NAS"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:netapp:data_ontap:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="NetApp"/>
+    <param pos="0" name="hw.device" value="NAS"/>
+    <param pos="0" name="hw.family" value="Data ONTAP"/>
+    <param pos="0" name="hw.product" value="Data ONTAP"/>
   </fingerprint>
   <fingerprint pattern="system=&quot;UNIX/HPUX&quot;" flags="REG_ICASE">

data/xml/operating_system.xml CHANGED Viewed

@@ -397,7 +397,7 @@
   <!-- Vendor-based distribution catch-call -->
-  <fingerprint pattern="^(?i:(.*)\sLinux?\s(.*))$">
+  <fingerprint pattern="(?i)^(\S{0,256})\s{1,8}Linux\s+([\w.-]*)$">
     <description>Vendor-based Linux catch-all</description>
     <example os.vendor="Aurox" os.version="10.2">Aurox Linux 10.2</example>
     <param pos="0" name="os.family" value="Linux"/>
@@ -409,7 +409,7 @@
   <!-- Linux catch-all goes at the bottom-->
-  <fingerprint pattern="^(?i:.*Linux?\s?(\d+?(?:\.\d+?)*?)?)$">
+  <fingerprint pattern="(?i)^.{0,1024}Linux?\s?(\d+?(?:\.\d+?)*?)?$">
     <description>Linux catch-all</description>
     <example os.version="2.42.6">Linux 2.42.6</example>
     <param pos="0" name="os.vendor" value="Linux"/>
@@ -588,7 +588,7 @@
   <!-- BSD begin -->
-  <fingerprint pattern="^(?i:(.*?BSD)\s?(\d+?(?:\.\d+?)*?(?:[\-\/_ ]?\w+?)?(?:-[a-z]\d+?)?)?)$">
+  <fingerprint pattern="(?i)^(.{0,256}?BSD)\s?(\d+?(?:\.\d+?)*?(?:[\-\/_ ]?\w+?)?(?:-[a-z]\d+?)?)?$">
     <description>Many BSD family OSes</description>
     <example os.version="10.3-RELEASE" os.product="FreeBSD">FreeBSD 10.3-RELEASE</example>
     <example os.version="10.3-RELEASE-p4" os.product="FreeBSD">FreeBSD 10.3-RELEASE-p4</example>
@@ -605,7 +605,7 @@
   <!-- Other Unix-likes begin -->
-  <fingerprint pattern="^(?i:(?:Oracle|Sun)?\s?OpenSolaris\s?(\d+?(?:\.\d+?)*?)?)$">
+  <fingerprint pattern="(?i)^(?:Oracle|Sun)?\s?OpenSolaris\s?(\d+?(?:\.\d+?)*?)?$">
     <description>OpenSolaris</description>
     <example os.version="2009.06">OpenSolaris 2009.06</example>
     <param pos="0" name="os.vendor" value="Sun"/>

data/xml/pop_banners.xml CHANGED Viewed

@@ -5,7 +5,7 @@
   matched against these patterns to fingerprint POP3 servers.
   -->
-  <fingerprint pattern="^([^ ]+) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
+  <fingerprint pattern="^([^ ]{1,512}) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
     <description>OSX Cyrus POP</description>
     <example host.domain="8.8.8.8" service.version="2.3.8" os.version="10.5">8.8.8.8 Cyrus POP3 v2.3.8-OS X Server 10.5: 9A562 server ready &lt;1999107648.1324502155@8.8.8.8&gt;</example>
     <param pos="0" name="service.vendor" value="Carnegie Mellon University"/>
@@ -20,7 +20,7 @@
     <param pos="1" name="host.domain"/>
   </fingerprint>
-  <fingerprint pattern="^([^ ]+) +Cyrus POP3 v([\d\.]+)">
+  <fingerprint pattern="^([^ ]{1,512}) +Cyrus POP3 v([\d\.]+)">
     <description>CMU Cyrus POP</description>
     <example host.domain="foo" service.version="2.3">foo Cyrus POP3 v2.3</example>
     <example host.domain="foo" service.version="2.3.14">foo Cyrus POP3 v2.3.14 server ready &lt;13087751828270990591.1301068892@foo&gt;</example>
@@ -229,7 +229,7 @@
     <param pos="0" name="hw.product" value="Raspberry Pi"/>
   </fingerprint>
-  <fingerprint pattern="^(\S+) Zimbra POP3 server ready\.?$">
+  <fingerprint pattern="^(\S{1,512}) Zimbra POP3 server ready\.?$">
     <description>VMware Zimbra POP</description>
     <example host.name="foo.bar">foo.bar Zimbra POP3 server ready</example>
     <param pos="0" name="service.vendor" value="VMware"/>
@@ -238,7 +238,7 @@
     <param pos="1" name="host.name"/>
   </fingerprint>
-  <fingerprint pattern="^(\S+) Zimbra (\S+) POP3 server ready\.?$">
+  <fingerprint pattern="^(\S{1,512}) Zimbra (\S+) POP3 server ready\.?$">
     <description>VMware Zimbra POP with version</description>
     <example host.name="foo.bar">foo.bar Zimbra 7.0.0_GA_3079 POP3 server ready</example>
     <param pos="0" name="service.vendor" value="VMware"/>

data/xml/rtsp_servers.xml CHANGED Viewed

@@ -93,4 +93,11 @@
     <param pos="1" name="os.version"/>
   </fingerprint>
+  <fingerprint pattern="^Linux/2\.6\.35\.14_nl-xarina\+ Ze-PRO$">
+    <description>Sony Network Camera</description>
+    <example>Linux/2.6.35.14_nl-xarina+ Ze-PRO</example>
+    <param pos="0" name="hw.vendor" value="Sony"/>
+    <param pos="0" name="hw.device" value="IP Camera"/>
+  </fingerprint>
 </fingerprints>

data/xml/sip_banners.xml CHANGED Viewed

@@ -60,10 +60,54 @@
     <param pos="2" name="hw.version"/>
   </fingerprint>
+  <!-- The next few Linksys fingerprints could be merged but are split to enable CPEs -->
+  <fingerprint pattern="^(?:[\dA-F]{1,64} )?Linksys/RT31P2-([\d.]+)\(\w+\)$">
+    <description>Linksys RT31P2</description>
+    <example os.version="3.1.9">Linksys/RT31P2-3.1.9(LId)</example>
+    <example os.version="3.1.6">Linksys/RT31P2-3.1.6(LI)</example>
+    <example os.version="3.1.6">001310E72B51 Linksys/RT31P2-3.1.6(LI)</example>
+    <param pos="0" name="os.vendor" value="Linksys"/>
+    <param pos="0" name="os.product" value="RT31P2 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="VoIP"/>
+    <param pos="0" name="hw.vendor" value="Linksys"/>
+    <param pos="0" name="hw.product" value="RT31P2"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:linksys:rt31p2:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Cisco/SPA122-([\d.]+)\(\w+\)[\w-]*$">
+    <description>Cisco SPA122</description>
+    <example os.version="1.3.5">Cisco/SPA122-1.3.5(004p)</example>
+    <example os.version="1.3.5">Cisco/SPA122-1.3.5(004p)_BestGo</example>
+    <param pos="0" name="os.vendor" value="Cisco"/>
+    <param pos="0" name="os.product" value="SPA122 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="VoIP"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:spa122_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Cisco"/>
+    <param pos="0" name="hw.product" value="SPA122"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:spa122:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Cisco/SPA112-([\d.SR]+)\(\w+\)[\w-]*$">
+    <description>Cisco SPA112</description>
+    <example os.version="1.4.1SR1">Cisco/SPA112-1.4.1SR1(002)d-hisec</example>
+    <param pos="0" name="os.vendor" value="Cisco"/>
+    <param pos="0" name="os.product" value="SPA112 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="VoIP"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:spa112_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Cisco"/>
+    <param pos="0" name="hw.product" value="SPA112"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:spa112:-"/>
+  </fingerprint>
   <fingerprint pattern="(?:Cisco|Linksys)/(SPA\d+[DG]?\d?)-([\d\.a-zA-Z]+)">
     <description>Cisco/Linksys SPA VoIP Phone</description>
-    <example hw.model="SPA112" hw.version="1.4.1SR1">Cisco/SPA112-1.4.1SR1(002)d-hisec</example>
-    <example hw.model="SPA122" hw.version="1.3.3">Cisco/SPA122-1.3.3(004)</example>
     <example hw.model="SPA922" hw.version="6.1.5">PhoneSystems.net aabbccddeeff Linksys/SPA922-6.1.5(a)</example>
     <example hw.model="SPA232D" hw.version="1.4.1">Cisco/SPA232D-1.4.1(002_282)</example>
     <example hw.model="SPA504G" hw.version="7.5.2">Cisco/SPA504G-7.5.2</example>
@@ -155,6 +199,131 @@
     <param pos="1" name="hw.product"/>
   </fingerprint>
+  <!-- NEC -->
+  <fingerprint pattern="^NEC SL2100/([\d.]+)$">
+    <description>NEC SL2100 Communications Server</description>
+    <example os.version="2.1">NEC SL2100/2.1</example>
+    <param pos="0" name="os.vendor" value="NEC"/>
+    <param pos="0" name="os.product" value="SL2100 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:nec:sl2100_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="NEC"/>
+    <param pos="0" name="hw.family" value="SL2100"/>
+    <param pos="0" name="hw.product" value="SL2100"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:nec:sl2100:-"/>
+  </fingerprint>
+  <fingerprint pattern="^NEC (Aspire [WU]X) ([\d.]+)(?:/\d\.\d)?$">
+    <description>NEC UNIVERGE Aspire WX or UX SIP Gateway</description>
+    <example hw.product="Aspire WX" os.version="02.00.00">NEC Aspire WX 02.00.00</example>
+    <example hw.product="Aspire UX" os.version="08.00.00">NEC Aspire UX 08.00.00/2.1</example>
+    <param pos="0" name="os.vendor" value="NEC"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="NEC"/>
+    <param pos="0" name="hw.family" value="UNIVERGE"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+  </fingerprint>
+  <!-- The next few NEC fingerprints could be merged but are split to enable CPEs -->
+  <fingerprint pattern="^NEC(?:-i)? SV9100-(?:NA|GE) ([\d.]+)(?:/\d\.\d)?$">
+    <description>NEC UNIVERGE 9100 SIP Gateway</description>
+    <example os.version="08.00.65">NEC SV9100-NA 08.00.65/2.1</example>
+    <example os.version="09.00.60">NEC SV9100-GE 09.00.60/2.1</example>
+    <param pos="0" name="os.vendor" value="NEC"/>
+    <param pos="0" name="os.product" value="SV9100 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:nec:sv9100_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="NEC"/>
+    <param pos="0" name="hw.family" value="UNIVERGE"/>
+    <param pos="0" name="hw.product" value="SV9100"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:nec:sv9100:-"/>
+  </fingerprint>
+  <fingerprint pattern="^NEC(?:-i)? SV8100-(?:NA|GE) ([\d.]+)(?:/\d\.\d)?$">
+    <description>NEC UNIVERGE 8100 SIP Gateway</description>
+    <example os.version="08.00.65">NEC SV8100-GE 08.00.65/2.1</example>
+    <example os.version="09.50">NEC-i SV8100-NA 09.50/2.1</example>
+    <example os.version="10.12">NEC SV8100-NA 10.12/2.1</example>
+    <param pos="0" name="os.vendor" value="NEC"/>
+    <param pos="0" name="os.product" value="SV8100 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:nec:sv8100_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="NEC"/>
+    <param pos="0" name="hw.family" value="UNIVERGE"/>
+    <param pos="0" name="hw.product" value="SV8100"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:nec:sv8100:-"/>
+  </fingerprint>
+  <!-- Grandstream -->
+  <!-- The next few fingerprints could be merged but are split to enable CPEs -->
+  <fingerprint pattern="^Grandstream UCM6208V(\d\.\d\w) ([\d.]+)$">
+    <description>Grandstream UCM 6208</description>
+    <example hw.version="1.4A" os.version="1.0.16.20">Grandstream UCM6208V1.4A 1.0.16.20</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="UCM6208 Firmware"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ucm6208_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="UCM6208"/>
+    <param pos="1" name="hw.version"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ucm6208:{hw.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Grandstream UCM6204V(\d\.\d\w) ([\d.]+)$">
+    <description>Grandstream UCM 6204</description>
+    <example hw.version="1.4A" os.version="1.0.15.16">Grandstream UCM6204V1.4A 1.0.15.16</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="UCM6204 Firmware"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ucm6204_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="UCM6204"/>
+    <param pos="1" name="hw.version"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ucm6204:{hw.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Grandstream UCM6202V(\d\.\d\w) ([\d.]+)$">
+    <description>Grandstream UCM 6202</description>
+    <example hw.version="1.4A" os.version="1.0.15.16">Grandstream UCM6202V1.4A 1.0.15.16</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="UCM6202 Firmware"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ucm6202_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="UCM6202"/>
+    <param pos="1" name="hw.version"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ucm6202:{hw.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Grandstream (UCM6\d\d\d)V(\d\.\d\w) ([\d.]+)$">
+    <description>Grandstream UCM 6xxx series generic</description>
+    <example hw.product="UCM6102" os.version="1.0.6.10">Grandstream UCM6102V1.5A 1.0.6.10</example>
+    <example hw.product="UCM6302" hw.version="1.2B">Grandstream UCM6302V1.2B 1.0.3.10</example>
+    <example hw.product="UCM6510">Grandstream UCM6510V1.4B 1.0.14.23</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="3" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="2" name="hw.version"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+  </fingerprint>
   <!-- Various -->
   <fingerprint pattern="EnGenius_Router$">
@@ -249,7 +418,7 @@
     <param pos="1" name="hw.product"/>
   </fingerprint>
-  <fingerprint pattern="^(?:Audiocodes-Sip-Gateway-)?(\S+) FX[A-Z_]+/v.(\S+)$">
+  <fingerprint pattern="^(?:Audiocodes-Sip-Gateway-)?(\S{1,64}) FX[A-Z_]+/v.(\S+)$">
     <description>Audiocodes-Sip-Gateway</description>
     <example hw.product="MP-124" os.version="6.00A.034.003">Audiocodes-Sip-Gateway-MP-124 FXS/v.6.00A.034.003</example>
     <example hw.product="MP-124" os.version="6.60A.342.003">MP-124 FXS/v.6.60A.342.003</example>
@@ -275,6 +444,18 @@
     <param pos="0" name="hw.product" value="SIP Gateway"/>
   </fingerprint>
+  <fingerprint pattern="^Wildix GW ([\d.~a-h]+)$">
+    <description>Wildix SIP Gateway - timestamp/build variant</description>
+    <example os.version="20201008.1~a2e84be1">Wildix GW 20201008.1~a2e84be1</example>
+    <param pos="0" name="os.vendor" value="Wildix"/>
+    <param pos="0" name="os.family" value="SIP Gateway"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="Wildix"/>
+    <param pos="0" name="hw.family" value="SIP Gateway"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.product" value="SIP Gateway"/>
+  </fingerprint>
   <fingerprint pattern="^Wildix GW$">
     <description>Wildix SIP Gateway w/o Version</description>
     <example>Wildix GW</example>
@@ -286,6 +467,18 @@
     <param pos="0" name="hw.product" value="SIP Gateway"/>
   </fingerprint>
+  <fingerprint pattern="^PBX-IP Media Gateway/([\d.]+)$">
+    <description>Dialogic Media Gateway w Version</description>
+    <example os.version="2.1">PBX-IP Media Gateway/2.1</example>
+    <param pos="0" name="os.vendor" value="Dialogic"/>
+    <param pos="0" name="os.family" value="SIP Gateway"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="Dialogic"/>
+    <param pos="0" name="hw.family" value="SIP Gateway"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.product" value="Media Gateway"/>
+  </fingerprint>
   <fingerprint pattern="^Asterisk PBX (\S+)$">
     <description>Asterisk PBX w/ Version</description>
     <example service.version="13.18.0-6.7.1.1.rl.1538157944.1c65507">Asterisk PBX 13.18.0-6.7.1.1.rl.1538157944.1c65507</example>
@@ -314,14 +507,115 @@
     <param pos="1" name="service.version"/>
   </fingerprint>
-  <fingerprint pattern="^kamailio \((\S+) \((.*)\)\)$">
-    <description>Kamailio SIP Server</description>
-    <example service.version="4.4.4" kamailio.platform="x86_64/linux">kamailio (4.4.4 (x86_64/linux))</example>
+  <!-- Kamailio seems to be a successor to OpenSER and perhaps OpenSIPS? -->
+  <fingerprint pattern="^[Kk]amailio \(([\d.]+)(?:-tls|-notls)? \(x86_64/linux\)\)$">
+    <description>Kamailio Kamailio - Linux on x86_64</description>
+    <example service.version="4.4.4">kamailio (4.4.4 (x86_64/linux))</example>
     <param pos="0" name="service.vendor" value="Kamailio"/>
-    <param pos="0" name="service.family" value="SIP Server"/>
-    <param pos="0" name="service.product" value="SIP Server"/>
+    <param pos="0" name="service.product" value="Kamailio"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:kamailio:kamailio:{service.version}"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.arch" value="x86_64"/>
+  </fingerprint>
+  <fingerprint pattern="^[Kk]amailio \(([\d.]+)(?:-tls|-notls)? \(i386/linux\)\)$">
+    <description>Kamailio Kamailio - Linux on x86</description>
+    <example service.version="1.5.2">Kamailio (1.5.2-notls (i386/linux))</example>
+    <param pos="0" name="service.vendor" value="Kamailio"/>
+    <param pos="0" name="service.product" value="Kamailio"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:kamailio:kamailio:{service.version}"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.arch" value="x86"/>
+  </fingerprint>
+  <fingerprint pattern="^OpenSIPS \(([\d.]+)(?:-tls|-notls)? \(x86_64/linux\)\)$">
+    <description>OpenSIPS OpenSIPS - Linux on x86_64</description>
+    <example service.version="1.7.2">OpenSIPS (1.7.2-notls (x86_64/linux))</example>
+    <example service.version="1.11.11">OpenSIPS (1.11.11-tls (x86_64/linux))</example>
+    <example service.version="2.2.7">OpenSIPS (2.2.7 (x86_64/linux))</example>
+    <param pos="0" name="service.vendor" value="OpenSIPS"/>
+    <param pos="0" name="service.product" value="OpenSIPS"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:opensips:opensips:{service.version}"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.arch" value="x86_64"/>
+  </fingerprint>
+  <fingerprint pattern="^OpenSIPS \(([\d.]+)(?:-tls|-notls)? \(i386/linux\)\)$">
+    <description>OpenSIPS OpenSIPS - Linux on x86</description>
+    <example service.version="1.8.2">OpenSIPS (1.8.2-notls (i386/linux))</example>
+    <example service.version="1.11.3">OpenSIPS (1.11.3-tls (i386/linux))</example>
+    <example service.version="2.3.3">OpenSIPS (2.3.3 (i386/linux))</example>
+    <param pos="0" name="service.vendor" value="OpenSIPS"/>
+    <param pos="0" name="service.product" value="OpenSIPS"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:opensips:opensips:{service.version}"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.arch" value="x86"/>
+  </fingerprint>
+  <fingerprint pattern="^OpenSIPS \(([\d.]+)(?:-tls|-notls)? \(arm(?:v4tl|v7l)?/linux\)\)$">
+    <description>OpenSIPS OpenSIPS - Linux on ARM</description>
+    <example service.version="2.2.2">OpenSIPS (2.2.2 (arm/linux))</example>
+    <example service.version="1.6.0">OpenSIPS (1.6.0-notls (armv4tl/linux))</example>
+    <example service.version="1.11.5">OpenSIPS (1.11.5-tls (armv7l/linux))</example>
+    <param pos="0" name="service.vendor" value="OpenSIPS"/>
+    <param pos="0" name="service.product" value="OpenSIPS"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:opensips:opensips:{service.version}"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.arch" value="ARM"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(sh4/linux\)\)$">
+    <description>OpenSER OpenSER - Linux on Renesas SH4</description>
+    <example service.version="1.3.2">OpenSER (1.3.2-notls (sh4/linux))</example>
+    <param pos="0" name="service.vendor" value="OpenSER"/>
+    <param pos="0" name="service.product" value="OpenSER"/>
     <param pos="1" name="service.version"/>
-    <param pos="2" name="kamailio.platform"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(x86_64/linux\)\)$">
+    <description>OpenSER OpenSER - Linux on x86_64</description>
+    <example service.version="1.1.0">OpenSer (1.1.0-notls (x86_64/linux))</example>
+    <param pos="0" name="service.vendor" value="OpenSER"/>
+    <param pos="0" name="service.product" value="OpenSER"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.arch" value="x86_64"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(i386/linux\)\)$">
+    <description>OpenSER OpenSER - Linux on x86</description>
+    <example service.version="1.3.0">OpenSER (1.3.0-notls (i386/linux))</example>
+    <param pos="0" name="service.vendor" value="OpenSER"/>
+    <param pos="0" name="service.product" value="OpenSER"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.arch" value="x86"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(arm/linux\)\)$">
+    <description>OpenSER OpenSER - Linux on ARM</description>
+    <example service.version="1.3.2">OpenSER (1.3.2-tls (arm/linux))</example>
+    <param pos="0" name="service.vendor" value="OpenSER"/>
+    <param pos="0" name="service.product" value="OpenSER"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.arch" value="ARM"/>
   </fingerprint>
   <!-- This match covers multiple product families and should be split up further -->
@@ -351,4 +645,48 @@
     <param pos="0" name="hw.product" value="SIParator Firewall"/>
   </fingerprint>
+  <fingerprint pattern="^CommuniGatePro/(\d\.[\w.]+)$">
+    <description>Communigate Pro</description>
+    <example service.version="6.2.14">CommuniGatePro/6.2.14</example>
+    <example service.version="6.3c1m">CommuniGatePro/6.3c1m</example>
+    <param pos="0" name="service.vendor" value="Communigate"/>
+    <param pos="0" name="service.family" value="Pro"/>
+    <param pos="0" name="service.product" value="Communigate Pro"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:communigate:communigate_pro:{service.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^STARFACE PBX$">
+    <description>STARFACE GmhH STARFACE PBX</description>
+    <example>STARFACE PBX</example>
+    <param pos="0" name="service.vendor" value="STARFACE GmhH"/>
+    <param pos="0" name="service.family" value="SIP Server"/>
+    <param pos="0" name="service.product" value="STARFACE PBX"/>
+  </fingerprint>
+  <fingerprint pattern="^FortiVoice-([\w-]+)$">
+    <description>Fortinet FortiVoice</description>
+    <example hw.product="200D">FortiVoice-200D</example>
+    <example hw.product="VM-Azure">FortiVoice-VM-Azure</example>
+    <example>FortiVoice-1000E</example>
+    <param pos="0" name="service.vendor" value="Fortinet"/>
+    <param pos="0" name="service.product" value="FortiVoice"/>
+    <param pos="0" name="service.device" value="SIP Gateway"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:fortinet:fortivoice:-"/>
+    <param pos="0" name="hw.vendor" value="Fortinet"/>
+    <param pos="0" name="hw.family" value="FortiVoice"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+  </fingerprint>
+  <fingerprint pattern="^Freeswitch ([\d.]+)$">
+    <description>FreeSWITCH FreeSWITCH</description>
+    <example service.version="2.0.0">Freeswitch 2.0.0</example>
+    <param pos="0" name="service.vendor" value="FreeSWITCH"/>
+    <param pos="0" name="service.product" value="FreeSWITCH"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.device" value="SIP Gateway"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:freeswitch:freeswitch:{service.version}"/>
+  </fingerprint>
 </fingerprints>