RubyGems - recog - Versions diffs - 2.3.17 → 2.3.21 - Mend

recog 2.3.17 → 2.3.21

Files changed (51) hide show

checksums.yaml +4 -4
data/.github/workflows/ci.yml +26 -0
data/bin/recog_standardize +6 -0
data/cpe-remap.yaml +342 -200
data/identifiers/README.md +24 -10
data/identifiers/fields.txt +104 -0
data/identifiers/hw_device.txt +2 -0
data/identifiers/hw_family.txt +11 -0
data/identifiers/hw_product.txt +71 -0
data/identifiers/os_device.txt +2 -1
data/identifiers/os_family.txt +2 -0
data/identifiers/os_product.txt +36 -8
data/identifiers/service_family.txt +10 -1
data/identifiers/service_product.txt +78 -2
data/identifiers/vendor.txt +55 -0
data/lib/recog/nizer.rb +1 -82
data/lib/recog/version.rb +1 -1
data/requirements.txt +1 -1
data/update_cpes.py +18 -5
data/xml/apache_modules.xml +60 -0
data/xml/apache_os.xml +1 -1
data/xml/dns_versionbind.xml +11 -1
data/xml/favicons.xml +122 -3
data/xml/ftp_banners.xml +62 -51
data/xml/html_title.xml +553 -41
data/xml/http_cookies.xml +262 -61
data/xml/http_servers.xml +478 -108
data/xml/http_wwwauth.xml +36 -9
data/xml/imap_banners.xml +5 -5
data/xml/ldap_searchresult.xml +1 -0
data/xml/mdns_device-info_txt.xml +340 -10
data/xml/mysql_banners.xml +2 -1
data/xml/nntp_banners.xml +1 -1
data/xml/ntp_banners.xml +16 -2
data/xml/operating_system.xml +4 -4
data/xml/pop_banners.xml +4 -4
data/xml/rtsp_servers.xml +7 -0
data/xml/sip_banners.xml +347 -9
data/xml/sip_user_agents.xml +323 -4
data/xml/smb_native_lm.xml +32 -1
data/xml/smb_native_os.xml +160 -33
data/xml/smtp_banners.xml +167 -128
data/xml/smtp_expn.xml +1 -0
data/xml/smtp_vrfy.xml +1 -0
data/xml/snmp_sysdescr.xml +205 -36
data/xml/ssh_banners.xml +139 -25
data/xml/telnet_banners.xml +92 -48
data/xml/tls_jarm.xml +140 -0
data/xml/x509_issuers.xml +201 -2
data/xml/x509_subjects.xml +251 -32
metadata +5 -2

data/xml/mysql_banners.xml CHANGED Viewed

@@ -1354,9 +1354,10 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:10.04"/>
   </fingerprint>
-  <fingerprint pattern="^(?:\d{1,2}\.\d{1,3}\.[a-f\d]{1,3}-)?(\d{1,2}\.\d{1,3}\.[a-f\d]{1,4})-MariaDB-\d\:.*\+maria\~focal$" flags="REG_ICASE">
+  <fingerprint pattern="^(?:\d{1,2}\.\d{1,3}\.[a-f\d]{1,3}-)?(\d{1,2}\.\d{1,3}\.[a-f\d]{1,4})-MariaDB-\d\:.*\+maria\~focal(?:-log)?$" flags="REG_ICASE">
     <description>MariaDB MariaDB on Ubuntu 20.04 (Focal Fossa)</description>
     <example service.version="10.5.2">5.5.5-10.5.2-MariaDB-1:10.5.2+maria~focal</example>
+    <example service.version="10.1.1">5.5.5-10.1.1-MariaDB-1:10.1.1+maria~focal-log</example>
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.vendor" value="MariaDB"/>
     <param pos="0" name="service.family" value="MySQL"/>

data/xml/nntp_banners.xml CHANGED Viewed

@@ -13,7 +13,7 @@
     <param pos="0" name="service.product" value="CCProxy"/>
   </fingerprint>
-  <fingerprint pattern="^(\S+) Lyris ListManager NNTP Service ready">
+  <fingerprint pattern="^(\S{1,512}) Lyris ListManager NNTP Service ready">
     <description>Lyris Listmanager</description>
     <example host.name="blah">blah Lyris ListManager NNTP Service ready (posting ok).</example>
     <param pos="0" name="service.vendor" value="Lyris"/>

data/xml/ntp_banners.xml CHANGED Viewed

@@ -133,7 +133,9 @@
     <param pos="0" name="os.family" value="VMware ESX/ESXi"/>
     <param pos="0" name="os.product" value="VMware ESX Server"/>
     <param pos="2" name="os.arch"/>
+    <param pos="0" name="os.device" value="Hypervisor"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:vmware:esx:-"/>
+    <param pos="0" name="hw.device" value="Hypervisor"/>
   </fingerprint>
   <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;Linux/?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
@@ -339,7 +341,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.10"/>
   </fingerprint>
-  <fingerprint pattern="^.*version=&quot;ntpd ([^ p]+)(:?p[^ &quot;]+)?[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;FreeBSD/?(?:[^ ]+-NETSCALER-([^ ]+))&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
+  <fingerprint pattern="^.*version=&quot;ntpd ([^ p]+)(p[^ &quot;]+)?[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;FreeBSD/?(?:[^ ]+-NETSCALER-([^ ]+))&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
     <description>ntpd running on Citrix Netscaler, which is based on FreeBSD</description>
     <example service.version="4.2.6" service.version.version="p2@1.2194" os.arch="i386" os.version="9.3">
       version="ntpd 4.2.6p2@1.2194 Wed Nov 24 15:54:11 UTC 2010 (1)",
@@ -360,6 +362,7 @@
     <param pos="0" name="os.product" value="NetScaler"/>
     <param pos="3" name="os.arch"/>
     <param pos="4" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_firmware:{os.version}"/>
   </fingerprint>
   <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;FreeBSD/?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
@@ -925,6 +928,11 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:{os.version}"/>
   </fingerprint>
+  <!--
+    This may need to be split into ESX and ESXi. ESXi started w/ version 4.1 and
+    all versions 5.x were ESXi only.
+    -->
   <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;VMkernel/?([^ ]+)?&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
     <description>ntpd running on VMware ESXi</description>
     <example>
@@ -939,7 +947,9 @@
     <param pos="0" name="os.product" value="VMware ESXi Server"/>
     <param pos="2" name="os.arch"/>
     <param pos="3" name="os.version"/>
+    <param pos="0" name="os.device" value="Hypervisor"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:vmware:esxi:{os.version}"/>
+    <param pos="0" name="hw.device" value="Hypervisor"/>
   </fingerprint>
   <fingerprint pattern=".*processor=&quot;([^ ]+)&quot;,.*system=&quot;OSF1[/V]?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
@@ -1027,9 +1037,13 @@
     <param pos="0" name="os.vendor" value="NetApp"/>
     <param pos="0" name="os.family" value="Data ONTAP"/>
     <param pos="0" name="os.product" value="Data ONTAP"/>
-    <param pos="0" name="os.device" value="File Server"/>
     <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="NAS"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:netapp:data_ontap:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="NetApp"/>
+    <param pos="0" name="hw.device" value="NAS"/>
+    <param pos="0" name="hw.family" value="Data ONTAP"/>
+    <param pos="0" name="hw.product" value="Data ONTAP"/>
   </fingerprint>
   <fingerprint pattern="system=&quot;UNIX/HPUX&quot;" flags="REG_ICASE">

data/xml/operating_system.xml CHANGED Viewed

@@ -397,7 +397,7 @@
   <!-- Vendor-based distribution catch-call -->
-  <fingerprint pattern="^(?i:(.*)\sLinux?\s(.*))$">
+  <fingerprint pattern="(?i)^(\S{0,256})\s{1,8}Linux\s+([\w.-]*)$">
     <description>Vendor-based Linux catch-all</description>
     <example os.vendor="Aurox" os.version="10.2">Aurox Linux 10.2</example>
     <param pos="0" name="os.family" value="Linux"/>
@@ -409,7 +409,7 @@
   <!-- Linux catch-all goes at the bottom-->
-  <fingerprint pattern="^(?i:.*Linux?\s?(\d+?(?:\.\d+?)*?)?)$">
+  <fingerprint pattern="(?i)^.{0,1024}Linux?\s?(\d+?(?:\.\d+?)*?)?$">
     <description>Linux catch-all</description>
     <example os.version="2.42.6">Linux 2.42.6</example>
     <param pos="0" name="os.vendor" value="Linux"/>
@@ -588,7 +588,7 @@
   <!-- BSD begin -->
-  <fingerprint pattern="^(?i:(.*?BSD)\s?(\d+?(?:\.\d+?)*?(?:[\-\/_ ]?\w+?)?(?:-[a-z]\d+?)?)?)$">
+  <fingerprint pattern="(?i)^(.{0,256}?BSD)\s?(\d+?(?:\.\d+?)*?(?:[\-\/_ ]?\w+?)?(?:-[a-z]\d+?)?)?$">
     <description>Many BSD family OSes</description>
     <example os.version="10.3-RELEASE" os.product="FreeBSD">FreeBSD 10.3-RELEASE</example>
     <example os.version="10.3-RELEASE-p4" os.product="FreeBSD">FreeBSD 10.3-RELEASE-p4</example>
@@ -605,7 +605,7 @@
   <!-- Other Unix-likes begin -->
-  <fingerprint pattern="^(?i:(?:Oracle|Sun)?\s?OpenSolaris\s?(\d+?(?:\.\d+?)*?)?)$">
+  <fingerprint pattern="(?i)^(?:Oracle|Sun)?\s?OpenSolaris\s?(\d+?(?:\.\d+?)*?)?$">
     <description>OpenSolaris</description>
     <example os.version="2009.06">OpenSolaris 2009.06</example>
     <param pos="0" name="os.vendor" value="Sun"/>

data/xml/pop_banners.xml CHANGED Viewed

@@ -5,7 +5,7 @@
   matched against these patterns to fingerprint POP3 servers.
   -->
-  <fingerprint pattern="^([^ ]+) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
+  <fingerprint pattern="^([^ ]{1,512}) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
     <description>OSX Cyrus POP</description>
     <example host.domain="8.8.8.8" service.version="2.3.8" os.version="10.5">8.8.8.8 Cyrus POP3 v2.3.8-OS X Server 10.5: 9A562 server ready &lt;1999107648.1324502155@8.8.8.8&gt;</example>
     <param pos="0" name="service.vendor" value="Carnegie Mellon University"/>
@@ -20,7 +20,7 @@
     <param pos="1" name="host.domain"/>
   </fingerprint>
-  <fingerprint pattern="^([^ ]+) +Cyrus POP3 v([\d\.]+)">
+  <fingerprint pattern="^([^ ]{1,512}) +Cyrus POP3 v([\d\.]+)">
     <description>CMU Cyrus POP</description>
     <example host.domain="foo" service.version="2.3">foo Cyrus POP3 v2.3</example>
     <example host.domain="foo" service.version="2.3.14">foo Cyrus POP3 v2.3.14 server ready &lt;13087751828270990591.1301068892@foo&gt;</example>
@@ -229,7 +229,7 @@
     <param pos="0" name="hw.product" value="Raspberry Pi"/>
   </fingerprint>
-  <fingerprint pattern="^(\S+) Zimbra POP3 server ready\.?$">
+  <fingerprint pattern="^(\S{1,512}) Zimbra POP3 server ready\.?$">
     <description>VMware Zimbra POP</description>
     <example host.name="foo.bar">foo.bar Zimbra POP3 server ready</example>
     <param pos="0" name="service.vendor" value="VMware"/>
@@ -238,7 +238,7 @@
     <param pos="1" name="host.name"/>
   </fingerprint>
-  <fingerprint pattern="^(\S+) Zimbra (\S+) POP3 server ready\.?$">
+  <fingerprint pattern="^(\S{1,512}) Zimbra (\S+) POP3 server ready\.?$">
     <description>VMware Zimbra POP with version</description>
     <example host.name="foo.bar">foo.bar Zimbra 7.0.0_GA_3079 POP3 server ready</example>
     <param pos="0" name="service.vendor" value="VMware"/>

data/xml/rtsp_servers.xml CHANGED Viewed

@@ -93,4 +93,11 @@
     <param pos="1" name="os.version"/>
   </fingerprint>
+  <fingerprint pattern="^Linux/2\.6\.35\.14_nl-xarina\+ Ze-PRO$">
+    <description>Sony Network Camera</description>
+    <example>Linux/2.6.35.14_nl-xarina+ Ze-PRO</example>
+    <param pos="0" name="hw.vendor" value="Sony"/>
+    <param pos="0" name="hw.device" value="IP Camera"/>
+  </fingerprint>
 </fingerprints>

data/xml/sip_banners.xml CHANGED Viewed

@@ -60,10 +60,54 @@
     <param pos="2" name="hw.version"/>
   </fingerprint>
+  <!-- The next few Linksys fingerprints could be merged but are split to enable CPEs -->
+  <fingerprint pattern="^(?:[\dA-F]{1,64} )?Linksys/RT31P2-([\d.]+)\(\w+\)$">
+    <description>Linksys RT31P2</description>
+    <example os.version="3.1.9">Linksys/RT31P2-3.1.9(LId)</example>
+    <example os.version="3.1.6">Linksys/RT31P2-3.1.6(LI)</example>
+    <example os.version="3.1.6">001310E72B51 Linksys/RT31P2-3.1.6(LI)</example>
+    <param pos="0" name="os.vendor" value="Linksys"/>
+    <param pos="0" name="os.product" value="RT31P2 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="VoIP"/>
+    <param pos="0" name="hw.vendor" value="Linksys"/>
+    <param pos="0" name="hw.product" value="RT31P2"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:linksys:rt31p2:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Cisco/SPA122-([\d.]+)\(\w+\)[\w-]*$">
+    <description>Cisco SPA122</description>
+    <example os.version="1.3.5">Cisco/SPA122-1.3.5(004p)</example>
+    <example os.version="1.3.5">Cisco/SPA122-1.3.5(004p)_BestGo</example>
+    <param pos="0" name="os.vendor" value="Cisco"/>
+    <param pos="0" name="os.product" value="SPA122 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="VoIP"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:spa122_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Cisco"/>
+    <param pos="0" name="hw.product" value="SPA122"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:spa122:-"/>
+  </fingerprint>
+  <fingerprint pattern="^Cisco/SPA112-([\d.SR]+)\(\w+\)[\w-]*$">
+    <description>Cisco SPA112</description>
+    <example os.version="1.4.1SR1">Cisco/SPA112-1.4.1SR1(002)d-hisec</example>
+    <param pos="0" name="os.vendor" value="Cisco"/>
+    <param pos="0" name="os.product" value="SPA112 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="VoIP"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:cisco:spa112_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Cisco"/>
+    <param pos="0" name="hw.product" value="SPA112"/>
+    <param pos="0" name="hw.device" value="VoIP"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:spa112:-"/>
+  </fingerprint>
   <fingerprint pattern="(?:Cisco|Linksys)/(SPA\d+[DG]?\d?)-([\d\.a-zA-Z]+)">
     <description>Cisco/Linksys SPA VoIP Phone</description>
-    <example hw.model="SPA112" hw.version="1.4.1SR1">Cisco/SPA112-1.4.1SR1(002)d-hisec</example>
-    <example hw.model="SPA122" hw.version="1.3.3">Cisco/SPA122-1.3.3(004)</example>
     <example hw.model="SPA922" hw.version="6.1.5">PhoneSystems.net aabbccddeeff Linksys/SPA922-6.1.5(a)</example>
     <example hw.model="SPA232D" hw.version="1.4.1">Cisco/SPA232D-1.4.1(002_282)</example>
     <example hw.model="SPA504G" hw.version="7.5.2">Cisco/SPA504G-7.5.2</example>
@@ -155,6 +199,131 @@
     <param pos="1" name="hw.product"/>
   </fingerprint>
+  <!-- NEC -->
+  <fingerprint pattern="^NEC SL2100/([\d.]+)$">
+    <description>NEC SL2100 Communications Server</description>
+    <example os.version="2.1">NEC SL2100/2.1</example>
+    <param pos="0" name="os.vendor" value="NEC"/>
+    <param pos="0" name="os.product" value="SL2100 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:nec:sl2100_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="NEC"/>
+    <param pos="0" name="hw.family" value="SL2100"/>
+    <param pos="0" name="hw.product" value="SL2100"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:nec:sl2100:-"/>
+  </fingerprint>
+  <fingerprint pattern="^NEC (Aspire [WU]X) ([\d.]+)(?:/\d\.\d)?$">
+    <description>NEC UNIVERGE Aspire WX or UX SIP Gateway</description>
+    <example hw.product="Aspire WX" os.version="02.00.00">NEC Aspire WX 02.00.00</example>
+    <example hw.product="Aspire UX" os.version="08.00.00">NEC Aspire UX 08.00.00/2.1</example>
+    <param pos="0" name="os.vendor" value="NEC"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="NEC"/>
+    <param pos="0" name="hw.family" value="UNIVERGE"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+  </fingerprint>
+  <!-- The next few NEC fingerprints could be merged but are split to enable CPEs -->
+  <fingerprint pattern="^NEC(?:-i)? SV9100-(?:NA|GE) ([\d.]+)(?:/\d\.\d)?$">
+    <description>NEC UNIVERGE 9100 SIP Gateway</description>
+    <example os.version="08.00.65">NEC SV9100-NA 08.00.65/2.1</example>
+    <example os.version="09.00.60">NEC SV9100-GE 09.00.60/2.1</example>
+    <param pos="0" name="os.vendor" value="NEC"/>
+    <param pos="0" name="os.product" value="SV9100 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:nec:sv9100_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="NEC"/>
+    <param pos="0" name="hw.family" value="UNIVERGE"/>
+    <param pos="0" name="hw.product" value="SV9100"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:nec:sv9100:-"/>
+  </fingerprint>
+  <fingerprint pattern="^NEC(?:-i)? SV8100-(?:NA|GE) ([\d.]+)(?:/\d\.\d)?$">
+    <description>NEC UNIVERGE 8100 SIP Gateway</description>
+    <example os.version="08.00.65">NEC SV8100-GE 08.00.65/2.1</example>
+    <example os.version="09.50">NEC-i SV8100-NA 09.50/2.1</example>
+    <example os.version="10.12">NEC SV8100-NA 10.12/2.1</example>
+    <param pos="0" name="os.vendor" value="NEC"/>
+    <param pos="0" name="os.product" value="SV8100 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:nec:sv8100_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="NEC"/>
+    <param pos="0" name="hw.family" value="UNIVERGE"/>
+    <param pos="0" name="hw.product" value="SV8100"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:nec:sv8100:-"/>
+  </fingerprint>
+  <!-- Grandstream -->
+  <!-- The next few fingerprints could be merged but are split to enable CPEs -->
+  <fingerprint pattern="^Grandstream UCM6208V(\d\.\d\w) ([\d.]+)$">
+    <description>Grandstream UCM 6208</description>
+    <example hw.version="1.4A" os.version="1.0.16.20">Grandstream UCM6208V1.4A 1.0.16.20</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="UCM6208 Firmware"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ucm6208_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="UCM6208"/>
+    <param pos="1" name="hw.version"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ucm6208:{hw.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Grandstream UCM6204V(\d\.\d\w) ([\d.]+)$">
+    <description>Grandstream UCM 6204</description>
+    <example hw.version="1.4A" os.version="1.0.15.16">Grandstream UCM6204V1.4A 1.0.15.16</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="UCM6204 Firmware"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ucm6204_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="UCM6204"/>
+    <param pos="1" name="hw.version"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ucm6204:{hw.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Grandstream UCM6202V(\d\.\d\w) ([\d.]+)$">
+    <description>Grandstream UCM 6202</description>
+    <example hw.version="1.4A" os.version="1.0.15.16">Grandstream UCM6202V1.4A 1.0.15.16</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="UCM6202 Firmware"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ucm6202_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="UCM6202"/>
+    <param pos="1" name="hw.version"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ucm6202:{hw.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^Grandstream (UCM6\d\d\d)V(\d\.\d\w) ([\d.]+)$">
+    <description>Grandstream UCM 6xxx series generic</description>
+    <example hw.product="UCM6102" os.version="1.0.6.10">Grandstream UCM6102V1.5A 1.0.6.10</example>
+    <example hw.product="UCM6302" hw.version="1.2B">Grandstream UCM6302V1.2B 1.0.3.10</example>
+    <example hw.product="UCM6510">Grandstream UCM6510V1.4B 1.0.14.23</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="3" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="2" name="hw.version"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+  </fingerprint>
   <!-- Various -->
   <fingerprint pattern="EnGenius_Router$">
@@ -249,7 +418,7 @@
     <param pos="1" name="hw.product"/>
   </fingerprint>
-  <fingerprint pattern="^(?:Audiocodes-Sip-Gateway-)?(\S+) FX[A-Z_]+/v.(\S+)$">
+  <fingerprint pattern="^(?:Audiocodes-Sip-Gateway-)?(\S{1,64}) FX[A-Z_]+/v.(\S+)$">
     <description>Audiocodes-Sip-Gateway</description>
     <example hw.product="MP-124" os.version="6.00A.034.003">Audiocodes-Sip-Gateway-MP-124 FXS/v.6.00A.034.003</example>
     <example hw.product="MP-124" os.version="6.60A.342.003">MP-124 FXS/v.6.60A.342.003</example>
@@ -275,6 +444,18 @@
     <param pos="0" name="hw.product" value="SIP Gateway"/>
   </fingerprint>
+  <fingerprint pattern="^Wildix GW ([\d.~a-h]+)$">
+    <description>Wildix SIP Gateway - timestamp/build variant</description>
+    <example os.version="20201008.1~a2e84be1">Wildix GW 20201008.1~a2e84be1</example>
+    <param pos="0" name="os.vendor" value="Wildix"/>
+    <param pos="0" name="os.family" value="SIP Gateway"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="Wildix"/>
+    <param pos="0" name="hw.family" value="SIP Gateway"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.product" value="SIP Gateway"/>
+  </fingerprint>
   <fingerprint pattern="^Wildix GW$">
     <description>Wildix SIP Gateway w/o Version</description>
     <example>Wildix GW</example>
@@ -286,6 +467,18 @@
     <param pos="0" name="hw.product" value="SIP Gateway"/>
   </fingerprint>
+  <fingerprint pattern="^PBX-IP Media Gateway/([\d.]+)$">
+    <description>Dialogic Media Gateway w Version</description>
+    <example os.version="2.1">PBX-IP Media Gateway/2.1</example>
+    <param pos="0" name="os.vendor" value="Dialogic"/>
+    <param pos="0" name="os.family" value="SIP Gateway"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="Dialogic"/>
+    <param pos="0" name="hw.family" value="SIP Gateway"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.product" value="Media Gateway"/>
+  </fingerprint>
   <fingerprint pattern="^Asterisk PBX (\S+)$">
     <description>Asterisk PBX w/ Version</description>
     <example service.version="13.18.0-6.7.1.1.rl.1538157944.1c65507">Asterisk PBX 13.18.0-6.7.1.1.rl.1538157944.1c65507</example>
@@ -314,14 +507,115 @@
     <param pos="1" name="service.version"/>
   </fingerprint>
-  <fingerprint pattern="^kamailio \((\S+) \((.*)\)\)$">
-    <description>Kamailio SIP Server</description>
-    <example service.version="4.4.4" kamailio.platform="x86_64/linux">kamailio (4.4.4 (x86_64/linux))</example>
+  <!-- Kamailio seems to be a successor to OpenSER and perhaps OpenSIPS? -->
+  <fingerprint pattern="^[Kk]amailio \(([\d.]+)(?:-tls|-notls)? \(x86_64/linux\)\)$">
+    <description>Kamailio Kamailio - Linux on x86_64</description>
+    <example service.version="4.4.4">kamailio (4.4.4 (x86_64/linux))</example>
     <param pos="0" name="service.vendor" value="Kamailio"/>
-    <param pos="0" name="service.family" value="SIP Server"/>
-    <param pos="0" name="service.product" value="SIP Server"/>
+    <param pos="0" name="service.product" value="Kamailio"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:kamailio:kamailio:{service.version}"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.arch" value="x86_64"/>
+  </fingerprint>
+  <fingerprint pattern="^[Kk]amailio \(([\d.]+)(?:-tls|-notls)? \(i386/linux\)\)$">
+    <description>Kamailio Kamailio - Linux on x86</description>
+    <example service.version="1.5.2">Kamailio (1.5.2-notls (i386/linux))</example>
+    <param pos="0" name="service.vendor" value="Kamailio"/>
+    <param pos="0" name="service.product" value="Kamailio"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:kamailio:kamailio:{service.version}"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.arch" value="x86"/>
+  </fingerprint>
+  <fingerprint pattern="^OpenSIPS \(([\d.]+)(?:-tls|-notls)? \(x86_64/linux\)\)$">
+    <description>OpenSIPS OpenSIPS - Linux on x86_64</description>
+    <example service.version="1.7.2">OpenSIPS (1.7.2-notls (x86_64/linux))</example>
+    <example service.version="1.11.11">OpenSIPS (1.11.11-tls (x86_64/linux))</example>
+    <example service.version="2.2.7">OpenSIPS (2.2.7 (x86_64/linux))</example>
+    <param pos="0" name="service.vendor" value="OpenSIPS"/>
+    <param pos="0" name="service.product" value="OpenSIPS"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:opensips:opensips:{service.version}"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.arch" value="x86_64"/>
+  </fingerprint>
+  <fingerprint pattern="^OpenSIPS \(([\d.]+)(?:-tls|-notls)? \(i386/linux\)\)$">
+    <description>OpenSIPS OpenSIPS - Linux on x86</description>
+    <example service.version="1.8.2">OpenSIPS (1.8.2-notls (i386/linux))</example>
+    <example service.version="1.11.3">OpenSIPS (1.11.3-tls (i386/linux))</example>
+    <example service.version="2.3.3">OpenSIPS (2.3.3 (i386/linux))</example>
+    <param pos="0" name="service.vendor" value="OpenSIPS"/>
+    <param pos="0" name="service.product" value="OpenSIPS"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:opensips:opensips:{service.version}"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.arch" value="x86"/>
+  </fingerprint>
+  <fingerprint pattern="^OpenSIPS \(([\d.]+)(?:-tls|-notls)? \(arm(?:v4tl|v7l)?/linux\)\)$">
+    <description>OpenSIPS OpenSIPS - Linux on ARM</description>
+    <example service.version="2.2.2">OpenSIPS (2.2.2 (arm/linux))</example>
+    <example service.version="1.6.0">OpenSIPS (1.6.0-notls (armv4tl/linux))</example>
+    <example service.version="1.11.5">OpenSIPS (1.11.5-tls (armv7l/linux))</example>
+    <param pos="0" name="service.vendor" value="OpenSIPS"/>
+    <param pos="0" name="service.product" value="OpenSIPS"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:opensips:opensips:{service.version}"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.arch" value="ARM"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(sh4/linux\)\)$">
+    <description>OpenSER OpenSER - Linux on Renesas SH4</description>
+    <example service.version="1.3.2">OpenSER (1.3.2-notls (sh4/linux))</example>
+    <param pos="0" name="service.vendor" value="OpenSER"/>
+    <param pos="0" name="service.product" value="OpenSER"/>
     <param pos="1" name="service.version"/>
-    <param pos="2" name="kamailio.platform"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(x86_64/linux\)\)$">
+    <description>OpenSER OpenSER - Linux on x86_64</description>
+    <example service.version="1.1.0">OpenSer (1.1.0-notls (x86_64/linux))</example>
+    <param pos="0" name="service.vendor" value="OpenSER"/>
+    <param pos="0" name="service.product" value="OpenSER"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.arch" value="x86_64"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(i386/linux\)\)$">
+    <description>OpenSER OpenSER - Linux on x86</description>
+    <example service.version="1.3.0">OpenSER (1.3.0-notls (i386/linux))</example>
+    <param pos="0" name="service.vendor" value="OpenSER"/>
+    <param pos="0" name="service.product" value="OpenSER"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.arch" value="x86"/>
+  </fingerprint>
+  <fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(arm/linux\)\)$">
+    <description>OpenSER OpenSER - Linux on ARM</description>
+    <example service.version="1.3.2">OpenSER (1.3.2-tls (arm/linux))</example>
+    <param pos="0" name="service.vendor" value="OpenSER"/>
+    <param pos="0" name="service.product" value="OpenSER"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.arch" value="ARM"/>
   </fingerprint>
   <!-- This match covers multiple product families and should be split up further -->
@@ -351,4 +645,48 @@
     <param pos="0" name="hw.product" value="SIParator Firewall"/>
   </fingerprint>
+  <fingerprint pattern="^CommuniGatePro/(\d\.[\w.]+)$">
+    <description>Communigate Pro</description>
+    <example service.version="6.2.14">CommuniGatePro/6.2.14</example>
+    <example service.version="6.3c1m">CommuniGatePro/6.3c1m</example>
+    <param pos="0" name="service.vendor" value="Communigate"/>
+    <param pos="0" name="service.family" value="Pro"/>
+    <param pos="0" name="service.product" value="Communigate Pro"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:communigate:communigate_pro:{service.version}"/>
+  </fingerprint>
+  <fingerprint pattern="^STARFACE PBX$">
+    <description>STARFACE GmhH STARFACE PBX</description>
+    <example>STARFACE PBX</example>
+    <param pos="0" name="service.vendor" value="STARFACE GmhH"/>
+    <param pos="0" name="service.family" value="SIP Server"/>
+    <param pos="0" name="service.product" value="STARFACE PBX"/>
+  </fingerprint>
+  <fingerprint pattern="^FortiVoice-([\w-]+)$">
+    <description>Fortinet FortiVoice</description>
+    <example hw.product="200D">FortiVoice-200D</example>
+    <example hw.product="VM-Azure">FortiVoice-VM-Azure</example>
+    <example>FortiVoice-1000E</example>
+    <param pos="0" name="service.vendor" value="Fortinet"/>
+    <param pos="0" name="service.product" value="FortiVoice"/>
+    <param pos="0" name="service.device" value="SIP Gateway"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:fortinet:fortivoice:-"/>
+    <param pos="0" name="hw.vendor" value="Fortinet"/>
+    <param pos="0" name="hw.family" value="FortiVoice"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+  </fingerprint>
+  <fingerprint pattern="^Freeswitch ([\d.]+)$">
+    <description>FreeSWITCH FreeSWITCH</description>
+    <example service.version="2.0.0">Freeswitch 2.0.0</example>
+    <param pos="0" name="service.vendor" value="FreeSWITCH"/>
+    <param pos="0" name="service.product" value="FreeSWITCH"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.device" value="SIP Gateway"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:freeswitch:freeswitch:{service.version}"/>
+  </fingerprint>
 </fingerprints>