recog 2.3.17 → 2.3.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +26 -0
- data/bin/recog_standardize +6 -0
- data/cpe-remap.yaml +342 -200
- data/identifiers/README.md +24 -10
- data/identifiers/fields.txt +104 -0
- data/identifiers/hw_device.txt +2 -0
- data/identifiers/hw_family.txt +11 -0
- data/identifiers/hw_product.txt +71 -0
- data/identifiers/os_device.txt +2 -1
- data/identifiers/os_family.txt +2 -0
- data/identifiers/os_product.txt +36 -8
- data/identifiers/service_family.txt +10 -1
- data/identifiers/service_product.txt +78 -2
- data/identifiers/vendor.txt +55 -0
- data/lib/recog/nizer.rb +1 -82
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/update_cpes.py +18 -5
- data/xml/apache_modules.xml +60 -0
- data/xml/apache_os.xml +1 -1
- data/xml/dns_versionbind.xml +11 -1
- data/xml/favicons.xml +122 -3
- data/xml/ftp_banners.xml +62 -51
- data/xml/html_title.xml +553 -41
- data/xml/http_cookies.xml +262 -61
- data/xml/http_servers.xml +478 -108
- data/xml/http_wwwauth.xml +36 -9
- data/xml/imap_banners.xml +5 -5
- data/xml/ldap_searchresult.xml +1 -0
- data/xml/mdns_device-info_txt.xml +340 -10
- data/xml/mysql_banners.xml +2 -1
- data/xml/nntp_banners.xml +1 -1
- data/xml/ntp_banners.xml +16 -2
- data/xml/operating_system.xml +4 -4
- data/xml/pop_banners.xml +4 -4
- data/xml/rtsp_servers.xml +7 -0
- data/xml/sip_banners.xml +347 -9
- data/xml/sip_user_agents.xml +323 -4
- data/xml/smb_native_lm.xml +32 -1
- data/xml/smb_native_os.xml +160 -33
- data/xml/smtp_banners.xml +167 -128
- data/xml/smtp_expn.xml +1 -0
- data/xml/smtp_vrfy.xml +1 -0
- data/xml/snmp_sysdescr.xml +205 -36
- data/xml/ssh_banners.xml +139 -25
- data/xml/telnet_banners.xml +92 -48
- data/xml/tls_jarm.xml +140 -0
- data/xml/x509_issuers.xml +201 -2
- data/xml/x509_subjects.xml +251 -32
- metadata +5 -2
data/xml/mysql_banners.xml
CHANGED
@@ -1354,9 +1354,10 @@
|
|
1354
1354
|
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:10.04"/>
|
1355
1355
|
</fingerprint>
|
1356
1356
|
|
1357
|
-
<fingerprint pattern="^(?:\d{1,2}\.\d{1,3}\.[a-f\d]{1,3}-)?(\d{1,2}\.\d{1,3}\.[a-f\d]{1,4})-MariaDB-\d\:.*\+maria\~focal
|
1357
|
+
<fingerprint pattern="^(?:\d{1,2}\.\d{1,3}\.[a-f\d]{1,3}-)?(\d{1,2}\.\d{1,3}\.[a-f\d]{1,4})-MariaDB-\d\:.*\+maria\~focal(?:-log)?$" flags="REG_ICASE">
|
1358
1358
|
<description>MariaDB MariaDB on Ubuntu 20.04 (Focal Fossa)</description>
|
1359
1359
|
<example service.version="10.5.2">5.5.5-10.5.2-MariaDB-1:10.5.2+maria~focal</example>
|
1360
|
+
<example service.version="10.1.1">5.5.5-10.1.1-MariaDB-1:10.1.1+maria~focal-log</example>
|
1360
1361
|
<param pos="1" name="service.version"/>
|
1361
1362
|
<param pos="0" name="service.vendor" value="MariaDB"/>
|
1362
1363
|
<param pos="0" name="service.family" value="MySQL"/>
|
data/xml/nntp_banners.xml
CHANGED
@@ -13,7 +13,7 @@
|
|
13
13
|
<param pos="0" name="service.product" value="CCProxy"/>
|
14
14
|
</fingerprint>
|
15
15
|
|
16
|
-
<fingerprint pattern="^(\S
|
16
|
+
<fingerprint pattern="^(\S{1,512}) Lyris ListManager NNTP Service ready">
|
17
17
|
<description>Lyris Listmanager</description>
|
18
18
|
<example host.name="blah">blah Lyris ListManager NNTP Service ready (posting ok).</example>
|
19
19
|
<param pos="0" name="service.vendor" value="Lyris"/>
|
data/xml/ntp_banners.xml
CHANGED
@@ -133,7 +133,9 @@
|
|
133
133
|
<param pos="0" name="os.family" value="VMware ESX/ESXi"/>
|
134
134
|
<param pos="0" name="os.product" value="VMware ESX Server"/>
|
135
135
|
<param pos="2" name="os.arch"/>
|
136
|
+
<param pos="0" name="os.device" value="Hypervisor"/>
|
136
137
|
<param pos="0" name="os.cpe23" value="cpe:/o:vmware:esx:-"/>
|
138
|
+
<param pos="0" name="hw.device" value="Hypervisor"/>
|
137
139
|
</fingerprint>
|
138
140
|
|
139
141
|
<fingerprint pattern="^.*version="ntpd ([^ ]+)[^"]+",.*processor="([^ ]+)",.*system="Linux/?([^ ]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
@@ -339,7 +341,7 @@
|
|
339
341
|
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.10"/>
|
340
342
|
</fingerprint>
|
341
343
|
|
342
|
-
<fingerprint pattern="^.*version="ntpd ([^ p]+)(
|
344
|
+
<fingerprint pattern="^.*version="ntpd ([^ p]+)(p[^ "]+)?[^"]+",.*processor="([^ ]+)",.*system="FreeBSD/?(?:[^ ]+-NETSCALER-([^ ]+))"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
343
345
|
<description>ntpd running on Citrix Netscaler, which is based on FreeBSD</description>
|
344
346
|
<example service.version="4.2.6" service.version.version="p2@1.2194" os.arch="i386" os.version="9.3">
|
345
347
|
version="ntpd 4.2.6p2@1.2194 Wed Nov 24 15:54:11 UTC 2010 (1)",
|
@@ -360,6 +362,7 @@
|
|
360
362
|
<param pos="0" name="os.product" value="NetScaler"/>
|
361
363
|
<param pos="3" name="os.arch"/>
|
362
364
|
<param pos="4" name="os.version"/>
|
365
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_firmware:{os.version}"/>
|
363
366
|
</fingerprint>
|
364
367
|
|
365
368
|
<fingerprint pattern="^.*version="ntpd ([^ ]+)[^"]+",.*processor="([^ ]+)",.*system="FreeBSD/?([^ ]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
@@ -925,6 +928,11 @@
|
|
925
928
|
<param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:{os.version}"/>
|
926
929
|
</fingerprint>
|
927
930
|
|
931
|
+
<!--
|
932
|
+
This may need to be split into ESX and ESXi. ESXi started w/ version 4.1 and
|
933
|
+
all versions 5.x were ESXi only.
|
934
|
+
-->
|
935
|
+
|
928
936
|
<fingerprint pattern="^.*version="ntpd ([^ ]+)[^"]+",.*processor="([^ ]+)",.*system="VMkernel/?([^ ]+)?"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
929
937
|
<description>ntpd running on VMware ESXi</description>
|
930
938
|
<example>
|
@@ -939,7 +947,9 @@
|
|
939
947
|
<param pos="0" name="os.product" value="VMware ESXi Server"/>
|
940
948
|
<param pos="2" name="os.arch"/>
|
941
949
|
<param pos="3" name="os.version"/>
|
950
|
+
<param pos="0" name="os.device" value="Hypervisor"/>
|
942
951
|
<param pos="0" name="os.cpe23" value="cpe:/o:vmware:esxi:{os.version}"/>
|
952
|
+
<param pos="0" name="hw.device" value="Hypervisor"/>
|
943
953
|
</fingerprint>
|
944
954
|
|
945
955
|
<fingerprint pattern=".*processor="([^ ]+)",.*system="OSF1[/V]?([^ ]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
@@ -1027,9 +1037,13 @@
|
|
1027
1037
|
<param pos="0" name="os.vendor" value="NetApp"/>
|
1028
1038
|
<param pos="0" name="os.family" value="Data ONTAP"/>
|
1029
1039
|
<param pos="0" name="os.product" value="Data ONTAP"/>
|
1030
|
-
<param pos="0" name="os.device" value="File Server"/>
|
1031
1040
|
<param pos="1" name="os.version"/>
|
1041
|
+
<param pos="0" name="os.device" value="NAS"/>
|
1032
1042
|
<param pos="0" name="os.cpe23" value="cpe:/o:netapp:data_ontap:{os.version}"/>
|
1043
|
+
<param pos="0" name="hw.vendor" value="NetApp"/>
|
1044
|
+
<param pos="0" name="hw.device" value="NAS"/>
|
1045
|
+
<param pos="0" name="hw.family" value="Data ONTAP"/>
|
1046
|
+
<param pos="0" name="hw.product" value="Data ONTAP"/>
|
1033
1047
|
</fingerprint>
|
1034
1048
|
|
1035
1049
|
<fingerprint pattern="system="UNIX/HPUX"" flags="REG_ICASE">
|
data/xml/operating_system.xml
CHANGED
@@ -397,7 +397,7 @@
|
|
397
397
|
|
398
398
|
<!-- Vendor-based distribution catch-call -->
|
399
399
|
|
400
|
-
<fingerprint pattern="
|
400
|
+
<fingerprint pattern="(?i)^(\S{0,256})\s{1,8}Linux\s+([\w.-]*)$">
|
401
401
|
<description>Vendor-based Linux catch-all</description>
|
402
402
|
<example os.vendor="Aurox" os.version="10.2">Aurox Linux 10.2</example>
|
403
403
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -409,7 +409,7 @@
|
|
409
409
|
|
410
410
|
<!-- Linux catch-all goes at the bottom-->
|
411
411
|
|
412
|
-
<fingerprint pattern="
|
412
|
+
<fingerprint pattern="(?i)^.{0,1024}Linux?\s?(\d+?(?:\.\d+?)*?)?$">
|
413
413
|
<description>Linux catch-all</description>
|
414
414
|
<example os.version="2.42.6">Linux 2.42.6</example>
|
415
415
|
<param pos="0" name="os.vendor" value="Linux"/>
|
@@ -588,7 +588,7 @@
|
|
588
588
|
|
589
589
|
<!-- BSD begin -->
|
590
590
|
|
591
|
-
<fingerprint pattern="
|
591
|
+
<fingerprint pattern="(?i)^(.{0,256}?BSD)\s?(\d+?(?:\.\d+?)*?(?:[\-\/_ ]?\w+?)?(?:-[a-z]\d+?)?)?$">
|
592
592
|
<description>Many BSD family OSes</description>
|
593
593
|
<example os.version="10.3-RELEASE" os.product="FreeBSD">FreeBSD 10.3-RELEASE</example>
|
594
594
|
<example os.version="10.3-RELEASE-p4" os.product="FreeBSD">FreeBSD 10.3-RELEASE-p4</example>
|
@@ -605,7 +605,7 @@
|
|
605
605
|
|
606
606
|
<!-- Other Unix-likes begin -->
|
607
607
|
|
608
|
-
<fingerprint pattern="
|
608
|
+
<fingerprint pattern="(?i)^(?:Oracle|Sun)?\s?OpenSolaris\s?(\d+?(?:\.\d+?)*?)?$">
|
609
609
|
<description>OpenSolaris</description>
|
610
610
|
<example os.version="2009.06">OpenSolaris 2009.06</example>
|
611
611
|
<param pos="0" name="os.vendor" value="Sun"/>
|
data/xml/pop_banners.xml
CHANGED
@@ -5,7 +5,7 @@
|
|
5
5
|
matched against these patterns to fingerprint POP3 servers.
|
6
6
|
-->
|
7
7
|
|
8
|
-
<fingerprint pattern="^([^ ]
|
8
|
+
<fingerprint pattern="^([^ ]{1,512}) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
|
9
9
|
<description>OSX Cyrus POP</description>
|
10
10
|
<example host.domain="8.8.8.8" service.version="2.3.8" os.version="10.5">8.8.8.8 Cyrus POP3 v2.3.8-OS X Server 10.5: 9A562 server ready <1999107648.1324502155@8.8.8.8></example>
|
11
11
|
<param pos="0" name="service.vendor" value="Carnegie Mellon University"/>
|
@@ -20,7 +20,7 @@
|
|
20
20
|
<param pos="1" name="host.domain"/>
|
21
21
|
</fingerprint>
|
22
22
|
|
23
|
-
<fingerprint pattern="^([^ ]
|
23
|
+
<fingerprint pattern="^([^ ]{1,512}) +Cyrus POP3 v([\d\.]+)">
|
24
24
|
<description>CMU Cyrus POP</description>
|
25
25
|
<example host.domain="foo" service.version="2.3">foo Cyrus POP3 v2.3</example>
|
26
26
|
<example host.domain="foo" service.version="2.3.14">foo Cyrus POP3 v2.3.14 server ready <13087751828270990591.1301068892@foo></example>
|
@@ -229,7 +229,7 @@
|
|
229
229
|
<param pos="0" name="hw.product" value="Raspberry Pi"/>
|
230
230
|
</fingerprint>
|
231
231
|
|
232
|
-
<fingerprint pattern="^(\S
|
232
|
+
<fingerprint pattern="^(\S{1,512}) Zimbra POP3 server ready\.?$">
|
233
233
|
<description>VMware Zimbra POP</description>
|
234
234
|
<example host.name="foo.bar">foo.bar Zimbra POP3 server ready</example>
|
235
235
|
<param pos="0" name="service.vendor" value="VMware"/>
|
@@ -238,7 +238,7 @@
|
|
238
238
|
<param pos="1" name="host.name"/>
|
239
239
|
</fingerprint>
|
240
240
|
|
241
|
-
<fingerprint pattern="^(\S
|
241
|
+
<fingerprint pattern="^(\S{1,512}) Zimbra (\S+) POP3 server ready\.?$">
|
242
242
|
<description>VMware Zimbra POP with version</description>
|
243
243
|
<example host.name="foo.bar">foo.bar Zimbra 7.0.0_GA_3079 POP3 server ready</example>
|
244
244
|
<param pos="0" name="service.vendor" value="VMware"/>
|
data/xml/rtsp_servers.xml
CHANGED
@@ -93,4 +93,11 @@
|
|
93
93
|
<param pos="1" name="os.version"/>
|
94
94
|
</fingerprint>
|
95
95
|
|
96
|
+
<fingerprint pattern="^Linux/2\.6\.35\.14_nl-xarina\+ Ze-PRO$">
|
97
|
+
<description>Sony Network Camera</description>
|
98
|
+
<example>Linux/2.6.35.14_nl-xarina+ Ze-PRO</example>
|
99
|
+
<param pos="0" name="hw.vendor" value="Sony"/>
|
100
|
+
<param pos="0" name="hw.device" value="IP Camera"/>
|
101
|
+
</fingerprint>
|
102
|
+
|
96
103
|
</fingerprints>
|
data/xml/sip_banners.xml
CHANGED
@@ -60,10 +60,54 @@
|
|
60
60
|
<param pos="2" name="hw.version"/>
|
61
61
|
</fingerprint>
|
62
62
|
|
63
|
+
<!-- The next few Linksys fingerprints could be merged but are split to enable CPEs -->
|
64
|
+
|
65
|
+
<fingerprint pattern="^(?:[\dA-F]{1,64} )?Linksys/RT31P2-([\d.]+)\(\w+\)$">
|
66
|
+
<description>Linksys RT31P2</description>
|
67
|
+
<example os.version="3.1.9">Linksys/RT31P2-3.1.9(LId)</example>
|
68
|
+
<example os.version="3.1.6">Linksys/RT31P2-3.1.6(LI)</example>
|
69
|
+
<example os.version="3.1.6">001310E72B51 Linksys/RT31P2-3.1.6(LI)</example>
|
70
|
+
<param pos="0" name="os.vendor" value="Linksys"/>
|
71
|
+
<param pos="0" name="os.product" value="RT31P2 Firmware"/>
|
72
|
+
<param pos="1" name="os.version"/>
|
73
|
+
<param pos="0" name="os.device" value="VoIP"/>
|
74
|
+
<param pos="0" name="hw.vendor" value="Linksys"/>
|
75
|
+
<param pos="0" name="hw.product" value="RT31P2"/>
|
76
|
+
<param pos="0" name="hw.device" value="VoIP"/>
|
77
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:linksys:rt31p2:-"/>
|
78
|
+
</fingerprint>
|
79
|
+
|
80
|
+
<fingerprint pattern="^Cisco/SPA122-([\d.]+)\(\w+\)[\w-]*$">
|
81
|
+
<description>Cisco SPA122</description>
|
82
|
+
<example os.version="1.3.5">Cisco/SPA122-1.3.5(004p)</example>
|
83
|
+
<example os.version="1.3.5">Cisco/SPA122-1.3.5(004p)_BestGo</example>
|
84
|
+
<param pos="0" name="os.vendor" value="Cisco"/>
|
85
|
+
<param pos="0" name="os.product" value="SPA122 Firmware"/>
|
86
|
+
<param pos="1" name="os.version"/>
|
87
|
+
<param pos="0" name="os.device" value="VoIP"/>
|
88
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:spa122_firmware:{os.version}"/>
|
89
|
+
<param pos="0" name="hw.vendor" value="Cisco"/>
|
90
|
+
<param pos="0" name="hw.product" value="SPA122"/>
|
91
|
+
<param pos="0" name="hw.device" value="VoIP"/>
|
92
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:cisco:spa122:-"/>
|
93
|
+
</fingerprint>
|
94
|
+
|
95
|
+
<fingerprint pattern="^Cisco/SPA112-([\d.SR]+)\(\w+\)[\w-]*$">
|
96
|
+
<description>Cisco SPA112</description>
|
97
|
+
<example os.version="1.4.1SR1">Cisco/SPA112-1.4.1SR1(002)d-hisec</example>
|
98
|
+
<param pos="0" name="os.vendor" value="Cisco"/>
|
99
|
+
<param pos="0" name="os.product" value="SPA112 Firmware"/>
|
100
|
+
<param pos="1" name="os.version"/>
|
101
|
+
<param pos="0" name="os.device" value="VoIP"/>
|
102
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:spa112_firmware:{os.version}"/>
|
103
|
+
<param pos="0" name="hw.vendor" value="Cisco"/>
|
104
|
+
<param pos="0" name="hw.product" value="SPA112"/>
|
105
|
+
<param pos="0" name="hw.device" value="VoIP"/>
|
106
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:cisco:spa112:-"/>
|
107
|
+
</fingerprint>
|
108
|
+
|
63
109
|
<fingerprint pattern="(?:Cisco|Linksys)/(SPA\d+[DG]?\d?)-([\d\.a-zA-Z]+)">
|
64
110
|
<description>Cisco/Linksys SPA VoIP Phone</description>
|
65
|
-
<example hw.model="SPA112" hw.version="1.4.1SR1">Cisco/SPA112-1.4.1SR1(002)d-hisec</example>
|
66
|
-
<example hw.model="SPA122" hw.version="1.3.3">Cisco/SPA122-1.3.3(004)</example>
|
67
111
|
<example hw.model="SPA922" hw.version="6.1.5">PhoneSystems.net aabbccddeeff Linksys/SPA922-6.1.5(a)</example>
|
68
112
|
<example hw.model="SPA232D" hw.version="1.4.1">Cisco/SPA232D-1.4.1(002_282)</example>
|
69
113
|
<example hw.model="SPA504G" hw.version="7.5.2">Cisco/SPA504G-7.5.2</example>
|
@@ -155,6 +199,131 @@
|
|
155
199
|
<param pos="1" name="hw.product"/>
|
156
200
|
</fingerprint>
|
157
201
|
|
202
|
+
<!-- NEC -->
|
203
|
+
|
204
|
+
<fingerprint pattern="^NEC SL2100/([\d.]+)$">
|
205
|
+
<description>NEC SL2100 Communications Server</description>
|
206
|
+
<example os.version="2.1">NEC SL2100/2.1</example>
|
207
|
+
<param pos="0" name="os.vendor" value="NEC"/>
|
208
|
+
<param pos="0" name="os.product" value="SL2100 Firmware"/>
|
209
|
+
<param pos="1" name="os.version"/>
|
210
|
+
<param pos="0" name="os.device" value="SIP Gateway"/>
|
211
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:nec:sl2100_firmware:{os.version}"/>
|
212
|
+
<param pos="0" name="hw.vendor" value="NEC"/>
|
213
|
+
<param pos="0" name="hw.family" value="SL2100"/>
|
214
|
+
<param pos="0" name="hw.product" value="SL2100"/>
|
215
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
216
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:nec:sl2100:-"/>
|
217
|
+
</fingerprint>
|
218
|
+
|
219
|
+
<fingerprint pattern="^NEC (Aspire [WU]X) ([\d.]+)(?:/\d\.\d)?$">
|
220
|
+
<description>NEC UNIVERGE Aspire WX or UX SIP Gateway</description>
|
221
|
+
<example hw.product="Aspire WX" os.version="02.00.00">NEC Aspire WX 02.00.00</example>
|
222
|
+
<example hw.product="Aspire UX" os.version="08.00.00">NEC Aspire UX 08.00.00/2.1</example>
|
223
|
+
<param pos="0" name="os.vendor" value="NEC"/>
|
224
|
+
<param pos="2" name="os.version"/>
|
225
|
+
<param pos="0" name="hw.vendor" value="NEC"/>
|
226
|
+
<param pos="0" name="hw.family" value="UNIVERGE"/>
|
227
|
+
<param pos="1" name="hw.product"/>
|
228
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
229
|
+
</fingerprint>
|
230
|
+
|
231
|
+
<!-- The next few NEC fingerprints could be merged but are split to enable CPEs -->
|
232
|
+
|
233
|
+
<fingerprint pattern="^NEC(?:-i)? SV9100-(?:NA|GE) ([\d.]+)(?:/\d\.\d)?$">
|
234
|
+
<description>NEC UNIVERGE 9100 SIP Gateway</description>
|
235
|
+
<example os.version="08.00.65">NEC SV9100-NA 08.00.65/2.1</example>
|
236
|
+
<example os.version="09.00.60">NEC SV9100-GE 09.00.60/2.1</example>
|
237
|
+
<param pos="0" name="os.vendor" value="NEC"/>
|
238
|
+
<param pos="0" name="os.product" value="SV9100 Firmware"/>
|
239
|
+
<param pos="1" name="os.version"/>
|
240
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:nec:sv9100_firmware:{os.version}"/>
|
241
|
+
<param pos="0" name="hw.vendor" value="NEC"/>
|
242
|
+
<param pos="0" name="hw.family" value="UNIVERGE"/>
|
243
|
+
<param pos="0" name="hw.product" value="SV9100"/>
|
244
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
245
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:nec:sv9100:-"/>
|
246
|
+
</fingerprint>
|
247
|
+
|
248
|
+
<fingerprint pattern="^NEC(?:-i)? SV8100-(?:NA|GE) ([\d.]+)(?:/\d\.\d)?$">
|
249
|
+
<description>NEC UNIVERGE 8100 SIP Gateway</description>
|
250
|
+
<example os.version="08.00.65">NEC SV8100-GE 08.00.65/2.1</example>
|
251
|
+
<example os.version="09.50">NEC-i SV8100-NA 09.50/2.1</example>
|
252
|
+
<example os.version="10.12">NEC SV8100-NA 10.12/2.1</example>
|
253
|
+
<param pos="0" name="os.vendor" value="NEC"/>
|
254
|
+
<param pos="0" name="os.product" value="SV8100 Firmware"/>
|
255
|
+
<param pos="1" name="os.version"/>
|
256
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:nec:sv8100_firmware:{os.version}"/>
|
257
|
+
<param pos="0" name="hw.vendor" value="NEC"/>
|
258
|
+
<param pos="0" name="hw.family" value="UNIVERGE"/>
|
259
|
+
<param pos="0" name="hw.product" value="SV8100"/>
|
260
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
261
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:nec:sv8100:-"/>
|
262
|
+
</fingerprint>
|
263
|
+
|
264
|
+
<!-- Grandstream -->
|
265
|
+
|
266
|
+
<!-- The next few fingerprints could be merged but are split to enable CPEs -->
|
267
|
+
|
268
|
+
<fingerprint pattern="^Grandstream UCM6208V(\d\.\d\w) ([\d.]+)$">
|
269
|
+
<description>Grandstream UCM 6208</description>
|
270
|
+
<example hw.version="1.4A" os.version="1.0.16.20">Grandstream UCM6208V1.4A 1.0.16.20</example>
|
271
|
+
<param pos="0" name="os.vendor" value="Grandstream"/>
|
272
|
+
<param pos="0" name="os.product" value="UCM6208 Firmware"/>
|
273
|
+
<param pos="2" name="os.version"/>
|
274
|
+
<param pos="0" name="os.device" value="SIP Gateway"/>
|
275
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ucm6208_firmware:{os.version}"/>
|
276
|
+
<param pos="0" name="hw.vendor" value="Grandstream"/>
|
277
|
+
<param pos="0" name="hw.product" value="UCM6208"/>
|
278
|
+
<param pos="1" name="hw.version"/>
|
279
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
280
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ucm6208:{hw.version}"/>
|
281
|
+
</fingerprint>
|
282
|
+
|
283
|
+
<fingerprint pattern="^Grandstream UCM6204V(\d\.\d\w) ([\d.]+)$">
|
284
|
+
<description>Grandstream UCM 6204</description>
|
285
|
+
<example hw.version="1.4A" os.version="1.0.15.16">Grandstream UCM6204V1.4A 1.0.15.16</example>
|
286
|
+
<param pos="0" name="os.vendor" value="Grandstream"/>
|
287
|
+
<param pos="0" name="os.product" value="UCM6204 Firmware"/>
|
288
|
+
<param pos="2" name="os.version"/>
|
289
|
+
<param pos="0" name="os.device" value="SIP Gateway"/>
|
290
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ucm6204_firmware:{os.version}"/>
|
291
|
+
<param pos="0" name="hw.vendor" value="Grandstream"/>
|
292
|
+
<param pos="0" name="hw.product" value="UCM6204"/>
|
293
|
+
<param pos="1" name="hw.version"/>
|
294
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
295
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ucm6204:{hw.version}"/>
|
296
|
+
</fingerprint>
|
297
|
+
|
298
|
+
<fingerprint pattern="^Grandstream UCM6202V(\d\.\d\w) ([\d.]+)$">
|
299
|
+
<description>Grandstream UCM 6202</description>
|
300
|
+
<example hw.version="1.4A" os.version="1.0.15.16">Grandstream UCM6202V1.4A 1.0.15.16</example>
|
301
|
+
<param pos="0" name="os.vendor" value="Grandstream"/>
|
302
|
+
<param pos="0" name="os.product" value="UCM6202 Firmware"/>
|
303
|
+
<param pos="2" name="os.version"/>
|
304
|
+
<param pos="0" name="os.device" value="SIP Gateway"/>
|
305
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ucm6202_firmware:{os.version}"/>
|
306
|
+
<param pos="0" name="hw.vendor" value="Grandstream"/>
|
307
|
+
<param pos="0" name="hw.product" value="UCM6202"/>
|
308
|
+
<param pos="1" name="hw.version"/>
|
309
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
310
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ucm6202:{hw.version}"/>
|
311
|
+
</fingerprint>
|
312
|
+
|
313
|
+
<fingerprint pattern="^Grandstream (UCM6\d\d\d)V(\d\.\d\w) ([\d.]+)$">
|
314
|
+
<description>Grandstream UCM 6xxx series generic</description>
|
315
|
+
<example hw.product="UCM6102" os.version="1.0.6.10">Grandstream UCM6102V1.5A 1.0.6.10</example>
|
316
|
+
<example hw.product="UCM6302" hw.version="1.2B">Grandstream UCM6302V1.2B 1.0.3.10</example>
|
317
|
+
<example hw.product="UCM6510">Grandstream UCM6510V1.4B 1.0.14.23</example>
|
318
|
+
<param pos="0" name="os.vendor" value="Grandstream"/>
|
319
|
+
<param pos="3" name="os.version"/>
|
320
|
+
<param pos="0" name="os.device" value="SIP Gateway"/>
|
321
|
+
<param pos="0" name="hw.vendor" value="Grandstream"/>
|
322
|
+
<param pos="1" name="hw.product"/>
|
323
|
+
<param pos="2" name="hw.version"/>
|
324
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
325
|
+
</fingerprint>
|
326
|
+
|
158
327
|
<!-- Various -->
|
159
328
|
|
160
329
|
<fingerprint pattern="EnGenius_Router$">
|
@@ -249,7 +418,7 @@
|
|
249
418
|
<param pos="1" name="hw.product"/>
|
250
419
|
</fingerprint>
|
251
420
|
|
252
|
-
<fingerprint pattern="^(?:Audiocodes-Sip-Gateway-)?(\S
|
421
|
+
<fingerprint pattern="^(?:Audiocodes-Sip-Gateway-)?(\S{1,64}) FX[A-Z_]+/v.(\S+)$">
|
253
422
|
<description>Audiocodes-Sip-Gateway</description>
|
254
423
|
<example hw.product="MP-124" os.version="6.00A.034.003">Audiocodes-Sip-Gateway-MP-124 FXS/v.6.00A.034.003</example>
|
255
424
|
<example hw.product="MP-124" os.version="6.60A.342.003">MP-124 FXS/v.6.60A.342.003</example>
|
@@ -275,6 +444,18 @@
|
|
275
444
|
<param pos="0" name="hw.product" value="SIP Gateway"/>
|
276
445
|
</fingerprint>
|
277
446
|
|
447
|
+
<fingerprint pattern="^Wildix GW ([\d.~a-h]+)$">
|
448
|
+
<description>Wildix SIP Gateway - timestamp/build variant</description>
|
449
|
+
<example os.version="20201008.1~a2e84be1">Wildix GW 20201008.1~a2e84be1</example>
|
450
|
+
<param pos="0" name="os.vendor" value="Wildix"/>
|
451
|
+
<param pos="0" name="os.family" value="SIP Gateway"/>
|
452
|
+
<param pos="1" name="os.version"/>
|
453
|
+
<param pos="0" name="hw.vendor" value="Wildix"/>
|
454
|
+
<param pos="0" name="hw.family" value="SIP Gateway"/>
|
455
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
456
|
+
<param pos="0" name="hw.product" value="SIP Gateway"/>
|
457
|
+
</fingerprint>
|
458
|
+
|
278
459
|
<fingerprint pattern="^Wildix GW$">
|
279
460
|
<description>Wildix SIP Gateway w/o Version</description>
|
280
461
|
<example>Wildix GW</example>
|
@@ -286,6 +467,18 @@
|
|
286
467
|
<param pos="0" name="hw.product" value="SIP Gateway"/>
|
287
468
|
</fingerprint>
|
288
469
|
|
470
|
+
<fingerprint pattern="^PBX-IP Media Gateway/([\d.]+)$">
|
471
|
+
<description>Dialogic Media Gateway w Version</description>
|
472
|
+
<example os.version="2.1">PBX-IP Media Gateway/2.1</example>
|
473
|
+
<param pos="0" name="os.vendor" value="Dialogic"/>
|
474
|
+
<param pos="0" name="os.family" value="SIP Gateway"/>
|
475
|
+
<param pos="1" name="os.version"/>
|
476
|
+
<param pos="0" name="hw.vendor" value="Dialogic"/>
|
477
|
+
<param pos="0" name="hw.family" value="SIP Gateway"/>
|
478
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
479
|
+
<param pos="0" name="hw.product" value="Media Gateway"/>
|
480
|
+
</fingerprint>
|
481
|
+
|
289
482
|
<fingerprint pattern="^Asterisk PBX (\S+)$">
|
290
483
|
<description>Asterisk PBX w/ Version</description>
|
291
484
|
<example service.version="13.18.0-6.7.1.1.rl.1538157944.1c65507">Asterisk PBX 13.18.0-6.7.1.1.rl.1538157944.1c65507</example>
|
@@ -314,14 +507,115 @@
|
|
314
507
|
<param pos="1" name="service.version"/>
|
315
508
|
</fingerprint>
|
316
509
|
|
317
|
-
|
318
|
-
|
319
|
-
|
510
|
+
<!-- Kamailio seems to be a successor to OpenSER and perhaps OpenSIPS? -->
|
511
|
+
|
512
|
+
<fingerprint pattern="^[Kk]amailio \(([\d.]+)(?:-tls|-notls)? \(x86_64/linux\)\)$">
|
513
|
+
<description>Kamailio Kamailio - Linux on x86_64</description>
|
514
|
+
<example service.version="4.4.4">kamailio (4.4.4 (x86_64/linux))</example>
|
320
515
|
<param pos="0" name="service.vendor" value="Kamailio"/>
|
321
|
-
<param pos="0" name="service.
|
322
|
-
<param pos="
|
516
|
+
<param pos="0" name="service.product" value="Kamailio"/>
|
517
|
+
<param pos="1" name="service.version"/>
|
518
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:kamailio:kamailio:{service.version}"/>
|
519
|
+
<param pos="0" name="os.family" value="Linux"/>
|
520
|
+
<param pos="0" name="os.product" value="Linux"/>
|
521
|
+
<param pos="0" name="os.arch" value="x86_64"/>
|
522
|
+
</fingerprint>
|
523
|
+
|
524
|
+
<fingerprint pattern="^[Kk]amailio \(([\d.]+)(?:-tls|-notls)? \(i386/linux\)\)$">
|
525
|
+
<description>Kamailio Kamailio - Linux on x86</description>
|
526
|
+
<example service.version="1.5.2">Kamailio (1.5.2-notls (i386/linux))</example>
|
527
|
+
<param pos="0" name="service.vendor" value="Kamailio"/>
|
528
|
+
<param pos="0" name="service.product" value="Kamailio"/>
|
529
|
+
<param pos="1" name="service.version"/>
|
530
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:kamailio:kamailio:{service.version}"/>
|
531
|
+
<param pos="0" name="os.family" value="Linux"/>
|
532
|
+
<param pos="0" name="os.product" value="Linux"/>
|
533
|
+
<param pos="0" name="os.arch" value="x86"/>
|
534
|
+
</fingerprint>
|
535
|
+
|
536
|
+
<fingerprint pattern="^OpenSIPS \(([\d.]+)(?:-tls|-notls)? \(x86_64/linux\)\)$">
|
537
|
+
<description>OpenSIPS OpenSIPS - Linux on x86_64</description>
|
538
|
+
<example service.version="1.7.2">OpenSIPS (1.7.2-notls (x86_64/linux))</example>
|
539
|
+
<example service.version="1.11.11">OpenSIPS (1.11.11-tls (x86_64/linux))</example>
|
540
|
+
<example service.version="2.2.7">OpenSIPS (2.2.7 (x86_64/linux))</example>
|
541
|
+
<param pos="0" name="service.vendor" value="OpenSIPS"/>
|
542
|
+
<param pos="0" name="service.product" value="OpenSIPS"/>
|
543
|
+
<param pos="1" name="service.version"/>
|
544
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:opensips:opensips:{service.version}"/>
|
545
|
+
<param pos="0" name="os.family" value="Linux"/>
|
546
|
+
<param pos="0" name="os.product" value="Linux"/>
|
547
|
+
<param pos="0" name="os.arch" value="x86_64"/>
|
548
|
+
</fingerprint>
|
549
|
+
|
550
|
+
<fingerprint pattern="^OpenSIPS \(([\d.]+)(?:-tls|-notls)? \(i386/linux\)\)$">
|
551
|
+
<description>OpenSIPS OpenSIPS - Linux on x86</description>
|
552
|
+
<example service.version="1.8.2">OpenSIPS (1.8.2-notls (i386/linux))</example>
|
553
|
+
<example service.version="1.11.3">OpenSIPS (1.11.3-tls (i386/linux))</example>
|
554
|
+
<example service.version="2.3.3">OpenSIPS (2.3.3 (i386/linux))</example>
|
555
|
+
<param pos="0" name="service.vendor" value="OpenSIPS"/>
|
556
|
+
<param pos="0" name="service.product" value="OpenSIPS"/>
|
557
|
+
<param pos="1" name="service.version"/>
|
558
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:opensips:opensips:{service.version}"/>
|
559
|
+
<param pos="0" name="os.family" value="Linux"/>
|
560
|
+
<param pos="0" name="os.product" value="Linux"/>
|
561
|
+
<param pos="0" name="os.arch" value="x86"/>
|
562
|
+
</fingerprint>
|
563
|
+
|
564
|
+
<fingerprint pattern="^OpenSIPS \(([\d.]+)(?:-tls|-notls)? \(arm(?:v4tl|v7l)?/linux\)\)$">
|
565
|
+
<description>OpenSIPS OpenSIPS - Linux on ARM</description>
|
566
|
+
<example service.version="2.2.2">OpenSIPS (2.2.2 (arm/linux))</example>
|
567
|
+
<example service.version="1.6.0">OpenSIPS (1.6.0-notls (armv4tl/linux))</example>
|
568
|
+
<example service.version="1.11.5">OpenSIPS (1.11.5-tls (armv7l/linux))</example>
|
569
|
+
<param pos="0" name="service.vendor" value="OpenSIPS"/>
|
570
|
+
<param pos="0" name="service.product" value="OpenSIPS"/>
|
571
|
+
<param pos="1" name="service.version"/>
|
572
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:opensips:opensips:{service.version}"/>
|
573
|
+
<param pos="0" name="os.family" value="Linux"/>
|
574
|
+
<param pos="0" name="os.product" value="Linux"/>
|
575
|
+
<param pos="0" name="os.arch" value="ARM"/>
|
576
|
+
</fingerprint>
|
577
|
+
|
578
|
+
<fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(sh4/linux\)\)$">
|
579
|
+
<description>OpenSER OpenSER - Linux on Renesas SH4</description>
|
580
|
+
<example service.version="1.3.2">OpenSER (1.3.2-notls (sh4/linux))</example>
|
581
|
+
<param pos="0" name="service.vendor" value="OpenSER"/>
|
582
|
+
<param pos="0" name="service.product" value="OpenSER"/>
|
323
583
|
<param pos="1" name="service.version"/>
|
324
|
-
<param pos="
|
584
|
+
<param pos="0" name="os.family" value="Linux"/>
|
585
|
+
<param pos="0" name="os.product" value="Linux"/>
|
586
|
+
</fingerprint>
|
587
|
+
|
588
|
+
<fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(x86_64/linux\)\)$">
|
589
|
+
<description>OpenSER OpenSER - Linux on x86_64</description>
|
590
|
+
<example service.version="1.1.0">OpenSer (1.1.0-notls (x86_64/linux))</example>
|
591
|
+
<param pos="0" name="service.vendor" value="OpenSER"/>
|
592
|
+
<param pos="0" name="service.product" value="OpenSER"/>
|
593
|
+
<param pos="1" name="service.version"/>
|
594
|
+
<param pos="0" name="os.family" value="Linux"/>
|
595
|
+
<param pos="0" name="os.product" value="Linux"/>
|
596
|
+
<param pos="0" name="os.arch" value="x86_64"/>
|
597
|
+
</fingerprint>
|
598
|
+
|
599
|
+
<fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(i386/linux\)\)$">
|
600
|
+
<description>OpenSER OpenSER - Linux on x86</description>
|
601
|
+
<example service.version="1.3.0">OpenSER (1.3.0-notls (i386/linux))</example>
|
602
|
+
<param pos="0" name="service.vendor" value="OpenSER"/>
|
603
|
+
<param pos="0" name="service.product" value="OpenSER"/>
|
604
|
+
<param pos="1" name="service.version"/>
|
605
|
+
<param pos="0" name="os.family" value="Linux"/>
|
606
|
+
<param pos="0" name="os.product" value="Linux"/>
|
607
|
+
<param pos="0" name="os.arch" value="x86"/>
|
608
|
+
</fingerprint>
|
609
|
+
|
610
|
+
<fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(arm/linux\)\)$">
|
611
|
+
<description>OpenSER OpenSER - Linux on ARM</description>
|
612
|
+
<example service.version="1.3.2">OpenSER (1.3.2-tls (arm/linux))</example>
|
613
|
+
<param pos="0" name="service.vendor" value="OpenSER"/>
|
614
|
+
<param pos="0" name="service.product" value="OpenSER"/>
|
615
|
+
<param pos="1" name="service.version"/>
|
616
|
+
<param pos="0" name="os.family" value="Linux"/>
|
617
|
+
<param pos="0" name="os.product" value="Linux"/>
|
618
|
+
<param pos="0" name="os.arch" value="ARM"/>
|
325
619
|
</fingerprint>
|
326
620
|
|
327
621
|
<!-- This match covers multiple product families and should be split up further -->
|
@@ -351,4 +645,48 @@
|
|
351
645
|
<param pos="0" name="hw.product" value="SIParator Firewall"/>
|
352
646
|
</fingerprint>
|
353
647
|
|
648
|
+
<fingerprint pattern="^CommuniGatePro/(\d\.[\w.]+)$">
|
649
|
+
<description>Communigate Pro</description>
|
650
|
+
<example service.version="6.2.14">CommuniGatePro/6.2.14</example>
|
651
|
+
<example service.version="6.3c1m">CommuniGatePro/6.3c1m</example>
|
652
|
+
<param pos="0" name="service.vendor" value="Communigate"/>
|
653
|
+
<param pos="0" name="service.family" value="Pro"/>
|
654
|
+
<param pos="0" name="service.product" value="Communigate Pro"/>
|
655
|
+
<param pos="1" name="service.version"/>
|
656
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:communigate:communigate_pro:{service.version}"/>
|
657
|
+
</fingerprint>
|
658
|
+
|
659
|
+
<fingerprint pattern="^STARFACE PBX$">
|
660
|
+
<description>STARFACE GmhH STARFACE PBX</description>
|
661
|
+
<example>STARFACE PBX</example>
|
662
|
+
<param pos="0" name="service.vendor" value="STARFACE GmhH"/>
|
663
|
+
<param pos="0" name="service.family" value="SIP Server"/>
|
664
|
+
<param pos="0" name="service.product" value="STARFACE PBX"/>
|
665
|
+
</fingerprint>
|
666
|
+
|
667
|
+
<fingerprint pattern="^FortiVoice-([\w-]+)$">
|
668
|
+
<description>Fortinet FortiVoice</description>
|
669
|
+
<example hw.product="200D">FortiVoice-200D</example>
|
670
|
+
<example hw.product="VM-Azure">FortiVoice-VM-Azure</example>
|
671
|
+
<example>FortiVoice-1000E</example>
|
672
|
+
<param pos="0" name="service.vendor" value="Fortinet"/>
|
673
|
+
<param pos="0" name="service.product" value="FortiVoice"/>
|
674
|
+
<param pos="0" name="service.device" value="SIP Gateway"/>
|
675
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:fortinet:fortivoice:-"/>
|
676
|
+
<param pos="0" name="hw.vendor" value="Fortinet"/>
|
677
|
+
<param pos="0" name="hw.family" value="FortiVoice"/>
|
678
|
+
<param pos="1" name="hw.product"/>
|
679
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
680
|
+
</fingerprint>
|
681
|
+
|
682
|
+
<fingerprint pattern="^Freeswitch ([\d.]+)$">
|
683
|
+
<description>FreeSWITCH FreeSWITCH</description>
|
684
|
+
<example service.version="2.0.0">Freeswitch 2.0.0</example>
|
685
|
+
<param pos="0" name="service.vendor" value="FreeSWITCH"/>
|
686
|
+
<param pos="0" name="service.product" value="FreeSWITCH"/>
|
687
|
+
<param pos="1" name="service.version"/>
|
688
|
+
<param pos="0" name="service.device" value="SIP Gateway"/>
|
689
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:freeswitch:freeswitch:{service.version}"/>
|
690
|
+
</fingerprint>
|
691
|
+
|
354
692
|
</fingerprints>
|