recog 2.3.17 → 2.3.21

Sign up to get free protection for your applications and to get access to all the features.
Files changed (51) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ci.yml +26 -0
  3. data/bin/recog_standardize +6 -0
  4. data/cpe-remap.yaml +342 -200
  5. data/identifiers/README.md +24 -10
  6. data/identifiers/fields.txt +104 -0
  7. data/identifiers/hw_device.txt +2 -0
  8. data/identifiers/hw_family.txt +11 -0
  9. data/identifiers/hw_product.txt +71 -0
  10. data/identifiers/os_device.txt +2 -1
  11. data/identifiers/os_family.txt +2 -0
  12. data/identifiers/os_product.txt +36 -8
  13. data/identifiers/service_family.txt +10 -1
  14. data/identifiers/service_product.txt +78 -2
  15. data/identifiers/vendor.txt +55 -0
  16. data/lib/recog/nizer.rb +1 -82
  17. data/lib/recog/version.rb +1 -1
  18. data/requirements.txt +1 -1
  19. data/update_cpes.py +18 -5
  20. data/xml/apache_modules.xml +60 -0
  21. data/xml/apache_os.xml +1 -1
  22. data/xml/dns_versionbind.xml +11 -1
  23. data/xml/favicons.xml +122 -3
  24. data/xml/ftp_banners.xml +62 -51
  25. data/xml/html_title.xml +553 -41
  26. data/xml/http_cookies.xml +262 -61
  27. data/xml/http_servers.xml +478 -108
  28. data/xml/http_wwwauth.xml +36 -9
  29. data/xml/imap_banners.xml +5 -5
  30. data/xml/ldap_searchresult.xml +1 -0
  31. data/xml/mdns_device-info_txt.xml +340 -10
  32. data/xml/mysql_banners.xml +2 -1
  33. data/xml/nntp_banners.xml +1 -1
  34. data/xml/ntp_banners.xml +16 -2
  35. data/xml/operating_system.xml +4 -4
  36. data/xml/pop_banners.xml +4 -4
  37. data/xml/rtsp_servers.xml +7 -0
  38. data/xml/sip_banners.xml +347 -9
  39. data/xml/sip_user_agents.xml +323 -4
  40. data/xml/smb_native_lm.xml +32 -1
  41. data/xml/smb_native_os.xml +160 -33
  42. data/xml/smtp_banners.xml +167 -128
  43. data/xml/smtp_expn.xml +1 -0
  44. data/xml/smtp_vrfy.xml +1 -0
  45. data/xml/snmp_sysdescr.xml +205 -36
  46. data/xml/ssh_banners.xml +139 -25
  47. data/xml/telnet_banners.xml +92 -48
  48. data/xml/tls_jarm.xml +140 -0
  49. data/xml/x509_issuers.xml +201 -2
  50. data/xml/x509_subjects.xml +251 -32
  51. metadata +5 -2
@@ -1354,9 +1354,10 @@
1354
1354
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:10.04"/>
1355
1355
  </fingerprint>
1356
1356
 
1357
- <fingerprint pattern="^(?:\d{1,2}\.\d{1,3}\.[a-f\d]{1,3}-)?(\d{1,2}\.\d{1,3}\.[a-f\d]{1,4})-MariaDB-\d\:.*\+maria\~focal$" flags="REG_ICASE">
1357
+ <fingerprint pattern="^(?:\d{1,2}\.\d{1,3}\.[a-f\d]{1,3}-)?(\d{1,2}\.\d{1,3}\.[a-f\d]{1,4})-MariaDB-\d\:.*\+maria\~focal(?:-log)?$" flags="REG_ICASE">
1358
1358
  <description>MariaDB MariaDB on Ubuntu 20.04 (Focal Fossa)</description>
1359
1359
  <example service.version="10.5.2">5.5.5-10.5.2-MariaDB-1:10.5.2+maria~focal</example>
1360
+ <example service.version="10.1.1">5.5.5-10.1.1-MariaDB-1:10.1.1+maria~focal-log</example>
1360
1361
  <param pos="1" name="service.version"/>
1361
1362
  <param pos="0" name="service.vendor" value="MariaDB"/>
1362
1363
  <param pos="0" name="service.family" value="MySQL"/>
data/xml/nntp_banners.xml CHANGED
@@ -13,7 +13,7 @@
13
13
  <param pos="0" name="service.product" value="CCProxy"/>
14
14
  </fingerprint>
15
15
 
16
- <fingerprint pattern="^(\S+) Lyris ListManager NNTP Service ready">
16
+ <fingerprint pattern="^(\S{1,512}) Lyris ListManager NNTP Service ready">
17
17
  <description>Lyris Listmanager</description>
18
18
  <example host.name="blah">blah Lyris ListManager NNTP Service ready (posting ok).</example>
19
19
  <param pos="0" name="service.vendor" value="Lyris"/>
data/xml/ntp_banners.xml CHANGED
@@ -133,7 +133,9 @@
133
133
  <param pos="0" name="os.family" value="VMware ESX/ESXi"/>
134
134
  <param pos="0" name="os.product" value="VMware ESX Server"/>
135
135
  <param pos="2" name="os.arch"/>
136
+ <param pos="0" name="os.device" value="Hypervisor"/>
136
137
  <param pos="0" name="os.cpe23" value="cpe:/o:vmware:esx:-"/>
138
+ <param pos="0" name="hw.device" value="Hypervisor"/>
137
139
  </fingerprint>
138
140
 
139
141
  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;Linux/?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
@@ -339,7 +341,7 @@
339
341
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.10"/>
340
342
  </fingerprint>
341
343
 
342
- <fingerprint pattern="^.*version=&quot;ntpd ([^ p]+)(:?p[^ &quot;]+)?[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;FreeBSD/?(?:[^ ]+-NETSCALER-([^ ]+))&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
344
+ <fingerprint pattern="^.*version=&quot;ntpd ([^ p]+)(p[^ &quot;]+)?[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;FreeBSD/?(?:[^ ]+-NETSCALER-([^ ]+))&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
343
345
  <description>ntpd running on Citrix Netscaler, which is based on FreeBSD</description>
344
346
  <example service.version="4.2.6" service.version.version="p2@1.2194" os.arch="i386" os.version="9.3">
345
347
  version="ntpd 4.2.6p2@1.2194 Wed Nov 24 15:54:11 UTC 2010 (1)",
@@ -360,6 +362,7 @@
360
362
  <param pos="0" name="os.product" value="NetScaler"/>
361
363
  <param pos="3" name="os.arch"/>
362
364
  <param pos="4" name="os.version"/>
365
+ <param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_firmware:{os.version}"/>
363
366
  </fingerprint>
364
367
 
365
368
  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;FreeBSD/?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
@@ -925,6 +928,11 @@
925
928
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:{os.version}"/>
926
929
  </fingerprint>
927
930
 
931
+ <!--
932
+ This may need to be split into ESX and ESXi. ESXi started w/ version 4.1 and
933
+ all versions 5.x were ESXi only.
934
+ -->
935
+
928
936
  <fingerprint pattern="^.*version=&quot;ntpd ([^ ]+)[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;VMkernel/?([^ ]+)?&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
929
937
  <description>ntpd running on VMware ESXi</description>
930
938
  <example>
@@ -939,7 +947,9 @@
939
947
  <param pos="0" name="os.product" value="VMware ESXi Server"/>
940
948
  <param pos="2" name="os.arch"/>
941
949
  <param pos="3" name="os.version"/>
950
+ <param pos="0" name="os.device" value="Hypervisor"/>
942
951
  <param pos="0" name="os.cpe23" value="cpe:/o:vmware:esxi:{os.version}"/>
952
+ <param pos="0" name="hw.device" value="Hypervisor"/>
943
953
  </fingerprint>
944
954
 
945
955
  <fingerprint pattern=".*processor=&quot;([^ ]+)&quot;,.*system=&quot;OSF1[/V]?([^ ]+)&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
@@ -1027,9 +1037,13 @@
1027
1037
  <param pos="0" name="os.vendor" value="NetApp"/>
1028
1038
  <param pos="0" name="os.family" value="Data ONTAP"/>
1029
1039
  <param pos="0" name="os.product" value="Data ONTAP"/>
1030
- <param pos="0" name="os.device" value="File Server"/>
1031
1040
  <param pos="1" name="os.version"/>
1041
+ <param pos="0" name="os.device" value="NAS"/>
1032
1042
  <param pos="0" name="os.cpe23" value="cpe:/o:netapp:data_ontap:{os.version}"/>
1043
+ <param pos="0" name="hw.vendor" value="NetApp"/>
1044
+ <param pos="0" name="hw.device" value="NAS"/>
1045
+ <param pos="0" name="hw.family" value="Data ONTAP"/>
1046
+ <param pos="0" name="hw.product" value="Data ONTAP"/>
1033
1047
  </fingerprint>
1034
1048
 
1035
1049
  <fingerprint pattern="system=&quot;UNIX/HPUX&quot;" flags="REG_ICASE">
@@ -397,7 +397,7 @@
397
397
 
398
398
  <!-- Vendor-based distribution catch-call -->
399
399
 
400
- <fingerprint pattern="^(?i:(.*)\sLinux?\s(.*))$">
400
+ <fingerprint pattern="(?i)^(\S{0,256})\s{1,8}Linux\s+([\w.-]*)$">
401
401
  <description>Vendor-based Linux catch-all</description>
402
402
  <example os.vendor="Aurox" os.version="10.2">Aurox Linux 10.2</example>
403
403
  <param pos="0" name="os.family" value="Linux"/>
@@ -409,7 +409,7 @@
409
409
 
410
410
  <!-- Linux catch-all goes at the bottom-->
411
411
 
412
- <fingerprint pattern="^(?i:.*Linux?\s?(\d+?(?:\.\d+?)*?)?)$">
412
+ <fingerprint pattern="(?i)^.{0,1024}Linux?\s?(\d+?(?:\.\d+?)*?)?$">
413
413
  <description>Linux catch-all</description>
414
414
  <example os.version="2.42.6">Linux 2.42.6</example>
415
415
  <param pos="0" name="os.vendor" value="Linux"/>
@@ -588,7 +588,7 @@
588
588
 
589
589
  <!-- BSD begin -->
590
590
 
591
- <fingerprint pattern="^(?i:(.*?BSD)\s?(\d+?(?:\.\d+?)*?(?:[\-\/_ ]?\w+?)?(?:-[a-z]\d+?)?)?)$">
591
+ <fingerprint pattern="(?i)^(.{0,256}?BSD)\s?(\d+?(?:\.\d+?)*?(?:[\-\/_ ]?\w+?)?(?:-[a-z]\d+?)?)?$">
592
592
  <description>Many BSD family OSes</description>
593
593
  <example os.version="10.3-RELEASE" os.product="FreeBSD">FreeBSD 10.3-RELEASE</example>
594
594
  <example os.version="10.3-RELEASE-p4" os.product="FreeBSD">FreeBSD 10.3-RELEASE-p4</example>
@@ -605,7 +605,7 @@
605
605
 
606
606
  <!-- Other Unix-likes begin -->
607
607
 
608
- <fingerprint pattern="^(?i:(?:Oracle|Sun)?\s?OpenSolaris\s?(\d+?(?:\.\d+?)*?)?)$">
608
+ <fingerprint pattern="(?i)^(?:Oracle|Sun)?\s?OpenSolaris\s?(\d+?(?:\.\d+?)*?)?$">
609
609
  <description>OpenSolaris</description>
610
610
  <example os.version="2009.06">OpenSolaris 2009.06</example>
611
611
  <param pos="0" name="os.vendor" value="Sun"/>
data/xml/pop_banners.xml CHANGED
@@ -5,7 +5,7 @@
5
5
  matched against these patterns to fingerprint POP3 servers.
6
6
  -->
7
7
 
8
- <fingerprint pattern="^([^ ]+) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
8
+ <fingerprint pattern="^([^ ]{1,512}) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
9
9
  <description>OSX Cyrus POP</description>
10
10
  <example host.domain="8.8.8.8" service.version="2.3.8" os.version="10.5">8.8.8.8 Cyrus POP3 v2.3.8-OS X Server 10.5: 9A562 server ready &lt;1999107648.1324502155@8.8.8.8&gt;</example>
11
11
  <param pos="0" name="service.vendor" value="Carnegie Mellon University"/>
@@ -20,7 +20,7 @@
20
20
  <param pos="1" name="host.domain"/>
21
21
  </fingerprint>
22
22
 
23
- <fingerprint pattern="^([^ ]+) +Cyrus POP3 v([\d\.]+)">
23
+ <fingerprint pattern="^([^ ]{1,512}) +Cyrus POP3 v([\d\.]+)">
24
24
  <description>CMU Cyrus POP</description>
25
25
  <example host.domain="foo" service.version="2.3">foo Cyrus POP3 v2.3</example>
26
26
  <example host.domain="foo" service.version="2.3.14">foo Cyrus POP3 v2.3.14 server ready &lt;13087751828270990591.1301068892@foo&gt;</example>
@@ -229,7 +229,7 @@
229
229
  <param pos="0" name="hw.product" value="Raspberry Pi"/>
230
230
  </fingerprint>
231
231
 
232
- <fingerprint pattern="^(\S+) Zimbra POP3 server ready\.?$">
232
+ <fingerprint pattern="^(\S{1,512}) Zimbra POP3 server ready\.?$">
233
233
  <description>VMware Zimbra POP</description>
234
234
  <example host.name="foo.bar">foo.bar Zimbra POP3 server ready</example>
235
235
  <param pos="0" name="service.vendor" value="VMware"/>
@@ -238,7 +238,7 @@
238
238
  <param pos="1" name="host.name"/>
239
239
  </fingerprint>
240
240
 
241
- <fingerprint pattern="^(\S+) Zimbra (\S+) POP3 server ready\.?$">
241
+ <fingerprint pattern="^(\S{1,512}) Zimbra (\S+) POP3 server ready\.?$">
242
242
  <description>VMware Zimbra POP with version</description>
243
243
  <example host.name="foo.bar">foo.bar Zimbra 7.0.0_GA_3079 POP3 server ready</example>
244
244
  <param pos="0" name="service.vendor" value="VMware"/>
data/xml/rtsp_servers.xml CHANGED
@@ -93,4 +93,11 @@
93
93
  <param pos="1" name="os.version"/>
94
94
  </fingerprint>
95
95
 
96
+ <fingerprint pattern="^Linux/2\.6\.35\.14_nl-xarina\+ Ze-PRO$">
97
+ <description>Sony Network Camera</description>
98
+ <example>Linux/2.6.35.14_nl-xarina+ Ze-PRO</example>
99
+ <param pos="0" name="hw.vendor" value="Sony"/>
100
+ <param pos="0" name="hw.device" value="IP Camera"/>
101
+ </fingerprint>
102
+
96
103
  </fingerprints>
data/xml/sip_banners.xml CHANGED
@@ -60,10 +60,54 @@
60
60
  <param pos="2" name="hw.version"/>
61
61
  </fingerprint>
62
62
 
63
+ <!-- The next few Linksys fingerprints could be merged but are split to enable CPEs -->
64
+
65
+ <fingerprint pattern="^(?:[\dA-F]{1,64} )?Linksys/RT31P2-([\d.]+)\(\w+\)$">
66
+ <description>Linksys RT31P2</description>
67
+ <example os.version="3.1.9">Linksys/RT31P2-3.1.9(LId)</example>
68
+ <example os.version="3.1.6">Linksys/RT31P2-3.1.6(LI)</example>
69
+ <example os.version="3.1.6">001310E72B51 Linksys/RT31P2-3.1.6(LI)</example>
70
+ <param pos="0" name="os.vendor" value="Linksys"/>
71
+ <param pos="0" name="os.product" value="RT31P2 Firmware"/>
72
+ <param pos="1" name="os.version"/>
73
+ <param pos="0" name="os.device" value="VoIP"/>
74
+ <param pos="0" name="hw.vendor" value="Linksys"/>
75
+ <param pos="0" name="hw.product" value="RT31P2"/>
76
+ <param pos="0" name="hw.device" value="VoIP"/>
77
+ <param pos="0" name="hw.cpe23" value="cpe:/h:linksys:rt31p2:-"/>
78
+ </fingerprint>
79
+
80
+ <fingerprint pattern="^Cisco/SPA122-([\d.]+)\(\w+\)[\w-]*$">
81
+ <description>Cisco SPA122</description>
82
+ <example os.version="1.3.5">Cisco/SPA122-1.3.5(004p)</example>
83
+ <example os.version="1.3.5">Cisco/SPA122-1.3.5(004p)_BestGo</example>
84
+ <param pos="0" name="os.vendor" value="Cisco"/>
85
+ <param pos="0" name="os.product" value="SPA122 Firmware"/>
86
+ <param pos="1" name="os.version"/>
87
+ <param pos="0" name="os.device" value="VoIP"/>
88
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:spa122_firmware:{os.version}"/>
89
+ <param pos="0" name="hw.vendor" value="Cisco"/>
90
+ <param pos="0" name="hw.product" value="SPA122"/>
91
+ <param pos="0" name="hw.device" value="VoIP"/>
92
+ <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:spa122:-"/>
93
+ </fingerprint>
94
+
95
+ <fingerprint pattern="^Cisco/SPA112-([\d.SR]+)\(\w+\)[\w-]*$">
96
+ <description>Cisco SPA112</description>
97
+ <example os.version="1.4.1SR1">Cisco/SPA112-1.4.1SR1(002)d-hisec</example>
98
+ <param pos="0" name="os.vendor" value="Cisco"/>
99
+ <param pos="0" name="os.product" value="SPA112 Firmware"/>
100
+ <param pos="1" name="os.version"/>
101
+ <param pos="0" name="os.device" value="VoIP"/>
102
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:spa112_firmware:{os.version}"/>
103
+ <param pos="0" name="hw.vendor" value="Cisco"/>
104
+ <param pos="0" name="hw.product" value="SPA112"/>
105
+ <param pos="0" name="hw.device" value="VoIP"/>
106
+ <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:spa112:-"/>
107
+ </fingerprint>
108
+
63
109
  <fingerprint pattern="(?:Cisco|Linksys)/(SPA\d+[DG]?\d?)-([\d\.a-zA-Z]+)">
64
110
  <description>Cisco/Linksys SPA VoIP Phone</description>
65
- <example hw.model="SPA112" hw.version="1.4.1SR1">Cisco/SPA112-1.4.1SR1(002)d-hisec</example>
66
- <example hw.model="SPA122" hw.version="1.3.3">Cisco/SPA122-1.3.3(004)</example>
67
111
  <example hw.model="SPA922" hw.version="6.1.5">PhoneSystems.net aabbccddeeff Linksys/SPA922-6.1.5(a)</example>
68
112
  <example hw.model="SPA232D" hw.version="1.4.1">Cisco/SPA232D-1.4.1(002_282)</example>
69
113
  <example hw.model="SPA504G" hw.version="7.5.2">Cisco/SPA504G-7.5.2</example>
@@ -155,6 +199,131 @@
155
199
  <param pos="1" name="hw.product"/>
156
200
  </fingerprint>
157
201
 
202
+ <!-- NEC -->
203
+
204
+ <fingerprint pattern="^NEC SL2100/([\d.]+)$">
205
+ <description>NEC SL2100 Communications Server</description>
206
+ <example os.version="2.1">NEC SL2100/2.1</example>
207
+ <param pos="0" name="os.vendor" value="NEC"/>
208
+ <param pos="0" name="os.product" value="SL2100 Firmware"/>
209
+ <param pos="1" name="os.version"/>
210
+ <param pos="0" name="os.device" value="SIP Gateway"/>
211
+ <param pos="0" name="os.cpe23" value="cpe:/o:nec:sl2100_firmware:{os.version}"/>
212
+ <param pos="0" name="hw.vendor" value="NEC"/>
213
+ <param pos="0" name="hw.family" value="SL2100"/>
214
+ <param pos="0" name="hw.product" value="SL2100"/>
215
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
216
+ <param pos="0" name="hw.cpe23" value="cpe:/h:nec:sl2100:-"/>
217
+ </fingerprint>
218
+
219
+ <fingerprint pattern="^NEC (Aspire [WU]X) ([\d.]+)(?:/\d\.\d)?$">
220
+ <description>NEC UNIVERGE Aspire WX or UX SIP Gateway</description>
221
+ <example hw.product="Aspire WX" os.version="02.00.00">NEC Aspire WX 02.00.00</example>
222
+ <example hw.product="Aspire UX" os.version="08.00.00">NEC Aspire UX 08.00.00/2.1</example>
223
+ <param pos="0" name="os.vendor" value="NEC"/>
224
+ <param pos="2" name="os.version"/>
225
+ <param pos="0" name="hw.vendor" value="NEC"/>
226
+ <param pos="0" name="hw.family" value="UNIVERGE"/>
227
+ <param pos="1" name="hw.product"/>
228
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
229
+ </fingerprint>
230
+
231
+ <!-- The next few NEC fingerprints could be merged but are split to enable CPEs -->
232
+
233
+ <fingerprint pattern="^NEC(?:-i)? SV9100-(?:NA|GE) ([\d.]+)(?:/\d\.\d)?$">
234
+ <description>NEC UNIVERGE 9100 SIP Gateway</description>
235
+ <example os.version="08.00.65">NEC SV9100-NA 08.00.65/2.1</example>
236
+ <example os.version="09.00.60">NEC SV9100-GE 09.00.60/2.1</example>
237
+ <param pos="0" name="os.vendor" value="NEC"/>
238
+ <param pos="0" name="os.product" value="SV9100 Firmware"/>
239
+ <param pos="1" name="os.version"/>
240
+ <param pos="0" name="os.cpe23" value="cpe:/o:nec:sv9100_firmware:{os.version}"/>
241
+ <param pos="0" name="hw.vendor" value="NEC"/>
242
+ <param pos="0" name="hw.family" value="UNIVERGE"/>
243
+ <param pos="0" name="hw.product" value="SV9100"/>
244
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
245
+ <param pos="0" name="hw.cpe23" value="cpe:/h:nec:sv9100:-"/>
246
+ </fingerprint>
247
+
248
+ <fingerprint pattern="^NEC(?:-i)? SV8100-(?:NA|GE) ([\d.]+)(?:/\d\.\d)?$">
249
+ <description>NEC UNIVERGE 8100 SIP Gateway</description>
250
+ <example os.version="08.00.65">NEC SV8100-GE 08.00.65/2.1</example>
251
+ <example os.version="09.50">NEC-i SV8100-NA 09.50/2.1</example>
252
+ <example os.version="10.12">NEC SV8100-NA 10.12/2.1</example>
253
+ <param pos="0" name="os.vendor" value="NEC"/>
254
+ <param pos="0" name="os.product" value="SV8100 Firmware"/>
255
+ <param pos="1" name="os.version"/>
256
+ <param pos="0" name="os.cpe23" value="cpe:/o:nec:sv8100_firmware:{os.version}"/>
257
+ <param pos="0" name="hw.vendor" value="NEC"/>
258
+ <param pos="0" name="hw.family" value="UNIVERGE"/>
259
+ <param pos="0" name="hw.product" value="SV8100"/>
260
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
261
+ <param pos="0" name="hw.cpe23" value="cpe:/h:nec:sv8100:-"/>
262
+ </fingerprint>
263
+
264
+ <!-- Grandstream -->
265
+
266
+ <!-- The next few fingerprints could be merged but are split to enable CPEs -->
267
+
268
+ <fingerprint pattern="^Grandstream UCM6208V(\d\.\d\w) ([\d.]+)$">
269
+ <description>Grandstream UCM 6208</description>
270
+ <example hw.version="1.4A" os.version="1.0.16.20">Grandstream UCM6208V1.4A 1.0.16.20</example>
271
+ <param pos="0" name="os.vendor" value="Grandstream"/>
272
+ <param pos="0" name="os.product" value="UCM6208 Firmware"/>
273
+ <param pos="2" name="os.version"/>
274
+ <param pos="0" name="os.device" value="SIP Gateway"/>
275
+ <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ucm6208_firmware:{os.version}"/>
276
+ <param pos="0" name="hw.vendor" value="Grandstream"/>
277
+ <param pos="0" name="hw.product" value="UCM6208"/>
278
+ <param pos="1" name="hw.version"/>
279
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
280
+ <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ucm6208:{hw.version}"/>
281
+ </fingerprint>
282
+
283
+ <fingerprint pattern="^Grandstream UCM6204V(\d\.\d\w) ([\d.]+)$">
284
+ <description>Grandstream UCM 6204</description>
285
+ <example hw.version="1.4A" os.version="1.0.15.16">Grandstream UCM6204V1.4A 1.0.15.16</example>
286
+ <param pos="0" name="os.vendor" value="Grandstream"/>
287
+ <param pos="0" name="os.product" value="UCM6204 Firmware"/>
288
+ <param pos="2" name="os.version"/>
289
+ <param pos="0" name="os.device" value="SIP Gateway"/>
290
+ <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ucm6204_firmware:{os.version}"/>
291
+ <param pos="0" name="hw.vendor" value="Grandstream"/>
292
+ <param pos="0" name="hw.product" value="UCM6204"/>
293
+ <param pos="1" name="hw.version"/>
294
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
295
+ <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ucm6204:{hw.version}"/>
296
+ </fingerprint>
297
+
298
+ <fingerprint pattern="^Grandstream UCM6202V(\d\.\d\w) ([\d.]+)$">
299
+ <description>Grandstream UCM 6202</description>
300
+ <example hw.version="1.4A" os.version="1.0.15.16">Grandstream UCM6202V1.4A 1.0.15.16</example>
301
+ <param pos="0" name="os.vendor" value="Grandstream"/>
302
+ <param pos="0" name="os.product" value="UCM6202 Firmware"/>
303
+ <param pos="2" name="os.version"/>
304
+ <param pos="0" name="os.device" value="SIP Gateway"/>
305
+ <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ucm6202_firmware:{os.version}"/>
306
+ <param pos="0" name="hw.vendor" value="Grandstream"/>
307
+ <param pos="0" name="hw.product" value="UCM6202"/>
308
+ <param pos="1" name="hw.version"/>
309
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
310
+ <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ucm6202:{hw.version}"/>
311
+ </fingerprint>
312
+
313
+ <fingerprint pattern="^Grandstream (UCM6\d\d\d)V(\d\.\d\w) ([\d.]+)$">
314
+ <description>Grandstream UCM 6xxx series generic</description>
315
+ <example hw.product="UCM6102" os.version="1.0.6.10">Grandstream UCM6102V1.5A 1.0.6.10</example>
316
+ <example hw.product="UCM6302" hw.version="1.2B">Grandstream UCM6302V1.2B 1.0.3.10</example>
317
+ <example hw.product="UCM6510">Grandstream UCM6510V1.4B 1.0.14.23</example>
318
+ <param pos="0" name="os.vendor" value="Grandstream"/>
319
+ <param pos="3" name="os.version"/>
320
+ <param pos="0" name="os.device" value="SIP Gateway"/>
321
+ <param pos="0" name="hw.vendor" value="Grandstream"/>
322
+ <param pos="1" name="hw.product"/>
323
+ <param pos="2" name="hw.version"/>
324
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
325
+ </fingerprint>
326
+
158
327
  <!-- Various -->
159
328
 
160
329
  <fingerprint pattern="EnGenius_Router$">
@@ -249,7 +418,7 @@
249
418
  <param pos="1" name="hw.product"/>
250
419
  </fingerprint>
251
420
 
252
- <fingerprint pattern="^(?:Audiocodes-Sip-Gateway-)?(\S+) FX[A-Z_]+/v.(\S+)$">
421
+ <fingerprint pattern="^(?:Audiocodes-Sip-Gateway-)?(\S{1,64}) FX[A-Z_]+/v.(\S+)$">
253
422
  <description>Audiocodes-Sip-Gateway</description>
254
423
  <example hw.product="MP-124" os.version="6.00A.034.003">Audiocodes-Sip-Gateway-MP-124 FXS/v.6.00A.034.003</example>
255
424
  <example hw.product="MP-124" os.version="6.60A.342.003">MP-124 FXS/v.6.60A.342.003</example>
@@ -275,6 +444,18 @@
275
444
  <param pos="0" name="hw.product" value="SIP Gateway"/>
276
445
  </fingerprint>
277
446
 
447
+ <fingerprint pattern="^Wildix GW ([\d.~a-h]+)$">
448
+ <description>Wildix SIP Gateway - timestamp/build variant</description>
449
+ <example os.version="20201008.1~a2e84be1">Wildix GW 20201008.1~a2e84be1</example>
450
+ <param pos="0" name="os.vendor" value="Wildix"/>
451
+ <param pos="0" name="os.family" value="SIP Gateway"/>
452
+ <param pos="1" name="os.version"/>
453
+ <param pos="0" name="hw.vendor" value="Wildix"/>
454
+ <param pos="0" name="hw.family" value="SIP Gateway"/>
455
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
456
+ <param pos="0" name="hw.product" value="SIP Gateway"/>
457
+ </fingerprint>
458
+
278
459
  <fingerprint pattern="^Wildix GW$">
279
460
  <description>Wildix SIP Gateway w/o Version</description>
280
461
  <example>Wildix GW</example>
@@ -286,6 +467,18 @@
286
467
  <param pos="0" name="hw.product" value="SIP Gateway"/>
287
468
  </fingerprint>
288
469
 
470
+ <fingerprint pattern="^PBX-IP Media Gateway/([\d.]+)$">
471
+ <description>Dialogic Media Gateway w Version</description>
472
+ <example os.version="2.1">PBX-IP Media Gateway/2.1</example>
473
+ <param pos="0" name="os.vendor" value="Dialogic"/>
474
+ <param pos="0" name="os.family" value="SIP Gateway"/>
475
+ <param pos="1" name="os.version"/>
476
+ <param pos="0" name="hw.vendor" value="Dialogic"/>
477
+ <param pos="0" name="hw.family" value="SIP Gateway"/>
478
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
479
+ <param pos="0" name="hw.product" value="Media Gateway"/>
480
+ </fingerprint>
481
+
289
482
  <fingerprint pattern="^Asterisk PBX (\S+)$">
290
483
  <description>Asterisk PBX w/ Version</description>
291
484
  <example service.version="13.18.0-6.7.1.1.rl.1538157944.1c65507">Asterisk PBX 13.18.0-6.7.1.1.rl.1538157944.1c65507</example>
@@ -314,14 +507,115 @@
314
507
  <param pos="1" name="service.version"/>
315
508
  </fingerprint>
316
509
 
317
- <fingerprint pattern="^kamailio \((\S+) \((.*)\)\)$">
318
- <description>Kamailio SIP Server</description>
319
- <example service.version="4.4.4" kamailio.platform="x86_64/linux">kamailio (4.4.4 (x86_64/linux))</example>
510
+ <!-- Kamailio seems to be a successor to OpenSER and perhaps OpenSIPS? -->
511
+
512
+ <fingerprint pattern="^[Kk]amailio \(([\d.]+)(?:-tls|-notls)? \(x86_64/linux\)\)$">
513
+ <description>Kamailio Kamailio - Linux on x86_64</description>
514
+ <example service.version="4.4.4">kamailio (4.4.4 (x86_64/linux))</example>
320
515
  <param pos="0" name="service.vendor" value="Kamailio"/>
321
- <param pos="0" name="service.family" value="SIP Server"/>
322
- <param pos="0" name="service.product" value="SIP Server"/>
516
+ <param pos="0" name="service.product" value="Kamailio"/>
517
+ <param pos="1" name="service.version"/>
518
+ <param pos="0" name="service.cpe23" value="cpe:/a:kamailio:kamailio:{service.version}"/>
519
+ <param pos="0" name="os.family" value="Linux"/>
520
+ <param pos="0" name="os.product" value="Linux"/>
521
+ <param pos="0" name="os.arch" value="x86_64"/>
522
+ </fingerprint>
523
+
524
+ <fingerprint pattern="^[Kk]amailio \(([\d.]+)(?:-tls|-notls)? \(i386/linux\)\)$">
525
+ <description>Kamailio Kamailio - Linux on x86</description>
526
+ <example service.version="1.5.2">Kamailio (1.5.2-notls (i386/linux))</example>
527
+ <param pos="0" name="service.vendor" value="Kamailio"/>
528
+ <param pos="0" name="service.product" value="Kamailio"/>
529
+ <param pos="1" name="service.version"/>
530
+ <param pos="0" name="service.cpe23" value="cpe:/a:kamailio:kamailio:{service.version}"/>
531
+ <param pos="0" name="os.family" value="Linux"/>
532
+ <param pos="0" name="os.product" value="Linux"/>
533
+ <param pos="0" name="os.arch" value="x86"/>
534
+ </fingerprint>
535
+
536
+ <fingerprint pattern="^OpenSIPS \(([\d.]+)(?:-tls|-notls)? \(x86_64/linux\)\)$">
537
+ <description>OpenSIPS OpenSIPS - Linux on x86_64</description>
538
+ <example service.version="1.7.2">OpenSIPS (1.7.2-notls (x86_64/linux))</example>
539
+ <example service.version="1.11.11">OpenSIPS (1.11.11-tls (x86_64/linux))</example>
540
+ <example service.version="2.2.7">OpenSIPS (2.2.7 (x86_64/linux))</example>
541
+ <param pos="0" name="service.vendor" value="OpenSIPS"/>
542
+ <param pos="0" name="service.product" value="OpenSIPS"/>
543
+ <param pos="1" name="service.version"/>
544
+ <param pos="0" name="service.cpe23" value="cpe:/a:opensips:opensips:{service.version}"/>
545
+ <param pos="0" name="os.family" value="Linux"/>
546
+ <param pos="0" name="os.product" value="Linux"/>
547
+ <param pos="0" name="os.arch" value="x86_64"/>
548
+ </fingerprint>
549
+
550
+ <fingerprint pattern="^OpenSIPS \(([\d.]+)(?:-tls|-notls)? \(i386/linux\)\)$">
551
+ <description>OpenSIPS OpenSIPS - Linux on x86</description>
552
+ <example service.version="1.8.2">OpenSIPS (1.8.2-notls (i386/linux))</example>
553
+ <example service.version="1.11.3">OpenSIPS (1.11.3-tls (i386/linux))</example>
554
+ <example service.version="2.3.3">OpenSIPS (2.3.3 (i386/linux))</example>
555
+ <param pos="0" name="service.vendor" value="OpenSIPS"/>
556
+ <param pos="0" name="service.product" value="OpenSIPS"/>
557
+ <param pos="1" name="service.version"/>
558
+ <param pos="0" name="service.cpe23" value="cpe:/a:opensips:opensips:{service.version}"/>
559
+ <param pos="0" name="os.family" value="Linux"/>
560
+ <param pos="0" name="os.product" value="Linux"/>
561
+ <param pos="0" name="os.arch" value="x86"/>
562
+ </fingerprint>
563
+
564
+ <fingerprint pattern="^OpenSIPS \(([\d.]+)(?:-tls|-notls)? \(arm(?:v4tl|v7l)?/linux\)\)$">
565
+ <description>OpenSIPS OpenSIPS - Linux on ARM</description>
566
+ <example service.version="2.2.2">OpenSIPS (2.2.2 (arm/linux))</example>
567
+ <example service.version="1.6.0">OpenSIPS (1.6.0-notls (armv4tl/linux))</example>
568
+ <example service.version="1.11.5">OpenSIPS (1.11.5-tls (armv7l/linux))</example>
569
+ <param pos="0" name="service.vendor" value="OpenSIPS"/>
570
+ <param pos="0" name="service.product" value="OpenSIPS"/>
571
+ <param pos="1" name="service.version"/>
572
+ <param pos="0" name="service.cpe23" value="cpe:/a:opensips:opensips:{service.version}"/>
573
+ <param pos="0" name="os.family" value="Linux"/>
574
+ <param pos="0" name="os.product" value="Linux"/>
575
+ <param pos="0" name="os.arch" value="ARM"/>
576
+ </fingerprint>
577
+
578
+ <fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(sh4/linux\)\)$">
579
+ <description>OpenSER OpenSER - Linux on Renesas SH4</description>
580
+ <example service.version="1.3.2">OpenSER (1.3.2-notls (sh4/linux))</example>
581
+ <param pos="0" name="service.vendor" value="OpenSER"/>
582
+ <param pos="0" name="service.product" value="OpenSER"/>
323
583
  <param pos="1" name="service.version"/>
324
- <param pos="2" name="kamailio.platform"/>
584
+ <param pos="0" name="os.family" value="Linux"/>
585
+ <param pos="0" name="os.product" value="Linux"/>
586
+ </fingerprint>
587
+
588
+ <fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(x86_64/linux\)\)$">
589
+ <description>OpenSER OpenSER - Linux on x86_64</description>
590
+ <example service.version="1.1.0">OpenSer (1.1.0-notls (x86_64/linux))</example>
591
+ <param pos="0" name="service.vendor" value="OpenSER"/>
592
+ <param pos="0" name="service.product" value="OpenSER"/>
593
+ <param pos="1" name="service.version"/>
594
+ <param pos="0" name="os.family" value="Linux"/>
595
+ <param pos="0" name="os.product" value="Linux"/>
596
+ <param pos="0" name="os.arch" value="x86_64"/>
597
+ </fingerprint>
598
+
599
+ <fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(i386/linux\)\)$">
600
+ <description>OpenSER OpenSER - Linux on x86</description>
601
+ <example service.version="1.3.0">OpenSER (1.3.0-notls (i386/linux))</example>
602
+ <param pos="0" name="service.vendor" value="OpenSER"/>
603
+ <param pos="0" name="service.product" value="OpenSER"/>
604
+ <param pos="1" name="service.version"/>
605
+ <param pos="0" name="os.family" value="Linux"/>
606
+ <param pos="0" name="os.product" value="Linux"/>
607
+ <param pos="0" name="os.arch" value="x86"/>
608
+ </fingerprint>
609
+
610
+ <fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(arm/linux\)\)$">
611
+ <description>OpenSER OpenSER - Linux on ARM</description>
612
+ <example service.version="1.3.2">OpenSER (1.3.2-tls (arm/linux))</example>
613
+ <param pos="0" name="service.vendor" value="OpenSER"/>
614
+ <param pos="0" name="service.product" value="OpenSER"/>
615
+ <param pos="1" name="service.version"/>
616
+ <param pos="0" name="os.family" value="Linux"/>
617
+ <param pos="0" name="os.product" value="Linux"/>
618
+ <param pos="0" name="os.arch" value="ARM"/>
325
619
  </fingerprint>
326
620
 
327
621
  <!-- This match covers multiple product families and should be split up further -->
@@ -351,4 +645,48 @@
351
645
  <param pos="0" name="hw.product" value="SIParator Firewall"/>
352
646
  </fingerprint>
353
647
 
648
+ <fingerprint pattern="^CommuniGatePro/(\d\.[\w.]+)$">
649
+ <description>Communigate Pro</description>
650
+ <example service.version="6.2.14">CommuniGatePro/6.2.14</example>
651
+ <example service.version="6.3c1m">CommuniGatePro/6.3c1m</example>
652
+ <param pos="0" name="service.vendor" value="Communigate"/>
653
+ <param pos="0" name="service.family" value="Pro"/>
654
+ <param pos="0" name="service.product" value="Communigate Pro"/>
655
+ <param pos="1" name="service.version"/>
656
+ <param pos="0" name="service.cpe23" value="cpe:/a:communigate:communigate_pro:{service.version}"/>
657
+ </fingerprint>
658
+
659
+ <fingerprint pattern="^STARFACE PBX$">
660
+ <description>STARFACE GmhH STARFACE PBX</description>
661
+ <example>STARFACE PBX</example>
662
+ <param pos="0" name="service.vendor" value="STARFACE GmhH"/>
663
+ <param pos="0" name="service.family" value="SIP Server"/>
664
+ <param pos="0" name="service.product" value="STARFACE PBX"/>
665
+ </fingerprint>
666
+
667
+ <fingerprint pattern="^FortiVoice-([\w-]+)$">
668
+ <description>Fortinet FortiVoice</description>
669
+ <example hw.product="200D">FortiVoice-200D</example>
670
+ <example hw.product="VM-Azure">FortiVoice-VM-Azure</example>
671
+ <example>FortiVoice-1000E</example>
672
+ <param pos="0" name="service.vendor" value="Fortinet"/>
673
+ <param pos="0" name="service.product" value="FortiVoice"/>
674
+ <param pos="0" name="service.device" value="SIP Gateway"/>
675
+ <param pos="0" name="service.cpe23" value="cpe:/a:fortinet:fortivoice:-"/>
676
+ <param pos="0" name="hw.vendor" value="Fortinet"/>
677
+ <param pos="0" name="hw.family" value="FortiVoice"/>
678
+ <param pos="1" name="hw.product"/>
679
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
680
+ </fingerprint>
681
+
682
+ <fingerprint pattern="^Freeswitch ([\d.]+)$">
683
+ <description>FreeSWITCH FreeSWITCH</description>
684
+ <example service.version="2.0.0">Freeswitch 2.0.0</example>
685
+ <param pos="0" name="service.vendor" value="FreeSWITCH"/>
686
+ <param pos="0" name="service.product" value="FreeSWITCH"/>
687
+ <param pos="1" name="service.version"/>
688
+ <param pos="0" name="service.device" value="SIP Gateway"/>
689
+ <param pos="0" name="service.cpe23" value="cpe:/a:freeswitch:freeswitch:{service.version}"/>
690
+ </fingerprint>
691
+
354
692
  </fingerprints>