recog 2.3.17 → 2.3.21
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +26 -0
- data/bin/recog_standardize +6 -0
- data/cpe-remap.yaml +342 -200
- data/identifiers/README.md +24 -10
- data/identifiers/fields.txt +104 -0
- data/identifiers/hw_device.txt +2 -0
- data/identifiers/hw_family.txt +11 -0
- data/identifiers/hw_product.txt +71 -0
- data/identifiers/os_device.txt +2 -1
- data/identifiers/os_family.txt +2 -0
- data/identifiers/os_product.txt +36 -8
- data/identifiers/service_family.txt +10 -1
- data/identifiers/service_product.txt +78 -2
- data/identifiers/vendor.txt +55 -0
- data/lib/recog/nizer.rb +1 -82
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/update_cpes.py +18 -5
- data/xml/apache_modules.xml +60 -0
- data/xml/apache_os.xml +1 -1
- data/xml/dns_versionbind.xml +11 -1
- data/xml/favicons.xml +122 -3
- data/xml/ftp_banners.xml +62 -51
- data/xml/html_title.xml +553 -41
- data/xml/http_cookies.xml +262 -61
- data/xml/http_servers.xml +478 -108
- data/xml/http_wwwauth.xml +36 -9
- data/xml/imap_banners.xml +5 -5
- data/xml/ldap_searchresult.xml +1 -0
- data/xml/mdns_device-info_txt.xml +340 -10
- data/xml/mysql_banners.xml +2 -1
- data/xml/nntp_banners.xml +1 -1
- data/xml/ntp_banners.xml +16 -2
- data/xml/operating_system.xml +4 -4
- data/xml/pop_banners.xml +4 -4
- data/xml/rtsp_servers.xml +7 -0
- data/xml/sip_banners.xml +347 -9
- data/xml/sip_user_agents.xml +323 -4
- data/xml/smb_native_lm.xml +32 -1
- data/xml/smb_native_os.xml +160 -33
- data/xml/smtp_banners.xml +167 -128
- data/xml/smtp_expn.xml +1 -0
- data/xml/smtp_vrfy.xml +1 -0
- data/xml/snmp_sysdescr.xml +205 -36
- data/xml/ssh_banners.xml +139 -25
- data/xml/telnet_banners.xml +92 -48
- data/xml/tls_jarm.xml +140 -0
- data/xml/x509_issuers.xml +201 -2
- data/xml/x509_subjects.xml +251 -32
- metadata +5 -2
data/xml/mysql_banners.xml
CHANGED
@@ -1354,9 +1354,10 @@
|
|
1354
1354
|
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:10.04"/>
|
1355
1355
|
</fingerprint>
|
1356
1356
|
|
1357
|
-
<fingerprint pattern="^(?:\d{1,2}\.\d{1,3}\.[a-f\d]{1,3}-)?(\d{1,2}\.\d{1,3}\.[a-f\d]{1,4})-MariaDB-\d\:.*\+maria\~focal
|
1357
|
+
<fingerprint pattern="^(?:\d{1,2}\.\d{1,3}\.[a-f\d]{1,3}-)?(\d{1,2}\.\d{1,3}\.[a-f\d]{1,4})-MariaDB-\d\:.*\+maria\~focal(?:-log)?$" flags="REG_ICASE">
|
1358
1358
|
<description>MariaDB MariaDB on Ubuntu 20.04 (Focal Fossa)</description>
|
1359
1359
|
<example service.version="10.5.2">5.5.5-10.5.2-MariaDB-1:10.5.2+maria~focal</example>
|
1360
|
+
<example service.version="10.1.1">5.5.5-10.1.1-MariaDB-1:10.1.1+maria~focal-log</example>
|
1360
1361
|
<param pos="1" name="service.version"/>
|
1361
1362
|
<param pos="0" name="service.vendor" value="MariaDB"/>
|
1362
1363
|
<param pos="0" name="service.family" value="MySQL"/>
|
data/xml/nntp_banners.xml
CHANGED
@@ -13,7 +13,7 @@
|
|
13
13
|
<param pos="0" name="service.product" value="CCProxy"/>
|
14
14
|
</fingerprint>
|
15
15
|
|
16
|
-
<fingerprint pattern="^(\S
|
16
|
+
<fingerprint pattern="^(\S{1,512}) Lyris ListManager NNTP Service ready">
|
17
17
|
<description>Lyris Listmanager</description>
|
18
18
|
<example host.name="blah">blah Lyris ListManager NNTP Service ready (posting ok).</example>
|
19
19
|
<param pos="0" name="service.vendor" value="Lyris"/>
|
data/xml/ntp_banners.xml
CHANGED
@@ -133,7 +133,9 @@
|
|
133
133
|
<param pos="0" name="os.family" value="VMware ESX/ESXi"/>
|
134
134
|
<param pos="0" name="os.product" value="VMware ESX Server"/>
|
135
135
|
<param pos="2" name="os.arch"/>
|
136
|
+
<param pos="0" name="os.device" value="Hypervisor"/>
|
136
137
|
<param pos="0" name="os.cpe23" value="cpe:/o:vmware:esx:-"/>
|
138
|
+
<param pos="0" name="hw.device" value="Hypervisor"/>
|
137
139
|
</fingerprint>
|
138
140
|
|
139
141
|
<fingerprint pattern="^.*version="ntpd ([^ ]+)[^"]+",.*processor="([^ ]+)",.*system="Linux/?([^ ]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
@@ -339,7 +341,7 @@
|
|
339
341
|
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.10"/>
|
340
342
|
</fingerprint>
|
341
343
|
|
342
|
-
<fingerprint pattern="^.*version="ntpd ([^ p]+)(
|
344
|
+
<fingerprint pattern="^.*version="ntpd ([^ p]+)(p[^ "]+)?[^"]+",.*processor="([^ ]+)",.*system="FreeBSD/?(?:[^ ]+-NETSCALER-([^ ]+))"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
343
345
|
<description>ntpd running on Citrix Netscaler, which is based on FreeBSD</description>
|
344
346
|
<example service.version="4.2.6" service.version.version="p2@1.2194" os.arch="i386" os.version="9.3">
|
345
347
|
version="ntpd 4.2.6p2@1.2194 Wed Nov 24 15:54:11 UTC 2010 (1)",
|
@@ -360,6 +362,7 @@
|
|
360
362
|
<param pos="0" name="os.product" value="NetScaler"/>
|
361
363
|
<param pos="3" name="os.arch"/>
|
362
364
|
<param pos="4" name="os.version"/>
|
365
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_firmware:{os.version}"/>
|
363
366
|
</fingerprint>
|
364
367
|
|
365
368
|
<fingerprint pattern="^.*version="ntpd ([^ ]+)[^"]+",.*processor="([^ ]+)",.*system="FreeBSD/?([^ ]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
@@ -925,6 +928,11 @@
|
|
925
928
|
<param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:{os.version}"/>
|
926
929
|
</fingerprint>
|
927
930
|
|
931
|
+
<!--
|
932
|
+
This may need to be split into ESX and ESXi. ESXi started w/ version 4.1 and
|
933
|
+
all versions 5.x were ESXi only.
|
934
|
+
-->
|
935
|
+
|
928
936
|
<fingerprint pattern="^.*version="ntpd ([^ ]+)[^"]+",.*processor="([^ ]+)",.*system="VMkernel/?([^ ]+)?"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
929
937
|
<description>ntpd running on VMware ESXi</description>
|
930
938
|
<example>
|
@@ -939,7 +947,9 @@
|
|
939
947
|
<param pos="0" name="os.product" value="VMware ESXi Server"/>
|
940
948
|
<param pos="2" name="os.arch"/>
|
941
949
|
<param pos="3" name="os.version"/>
|
950
|
+
<param pos="0" name="os.device" value="Hypervisor"/>
|
942
951
|
<param pos="0" name="os.cpe23" value="cpe:/o:vmware:esxi:{os.version}"/>
|
952
|
+
<param pos="0" name="hw.device" value="Hypervisor"/>
|
943
953
|
</fingerprint>
|
944
954
|
|
945
955
|
<fingerprint pattern=".*processor="([^ ]+)",.*system="OSF1[/V]?([^ ]+)"" flags="REG_DOT_NEWLINE,REG_ICASE">
|
@@ -1027,9 +1037,13 @@
|
|
1027
1037
|
<param pos="0" name="os.vendor" value="NetApp"/>
|
1028
1038
|
<param pos="0" name="os.family" value="Data ONTAP"/>
|
1029
1039
|
<param pos="0" name="os.product" value="Data ONTAP"/>
|
1030
|
-
<param pos="0" name="os.device" value="File Server"/>
|
1031
1040
|
<param pos="1" name="os.version"/>
|
1041
|
+
<param pos="0" name="os.device" value="NAS"/>
|
1032
1042
|
<param pos="0" name="os.cpe23" value="cpe:/o:netapp:data_ontap:{os.version}"/>
|
1043
|
+
<param pos="0" name="hw.vendor" value="NetApp"/>
|
1044
|
+
<param pos="0" name="hw.device" value="NAS"/>
|
1045
|
+
<param pos="0" name="hw.family" value="Data ONTAP"/>
|
1046
|
+
<param pos="0" name="hw.product" value="Data ONTAP"/>
|
1033
1047
|
</fingerprint>
|
1034
1048
|
|
1035
1049
|
<fingerprint pattern="system="UNIX/HPUX"" flags="REG_ICASE">
|
data/xml/operating_system.xml
CHANGED
@@ -397,7 +397,7 @@
|
|
397
397
|
|
398
398
|
<!-- Vendor-based distribution catch-call -->
|
399
399
|
|
400
|
-
<fingerprint pattern="
|
400
|
+
<fingerprint pattern="(?i)^(\S{0,256})\s{1,8}Linux\s+([\w.-]*)$">
|
401
401
|
<description>Vendor-based Linux catch-all</description>
|
402
402
|
<example os.vendor="Aurox" os.version="10.2">Aurox Linux 10.2</example>
|
403
403
|
<param pos="0" name="os.family" value="Linux"/>
|
@@ -409,7 +409,7 @@
|
|
409
409
|
|
410
410
|
<!-- Linux catch-all goes at the bottom-->
|
411
411
|
|
412
|
-
<fingerprint pattern="
|
412
|
+
<fingerprint pattern="(?i)^.{0,1024}Linux?\s?(\d+?(?:\.\d+?)*?)?$">
|
413
413
|
<description>Linux catch-all</description>
|
414
414
|
<example os.version="2.42.6">Linux 2.42.6</example>
|
415
415
|
<param pos="0" name="os.vendor" value="Linux"/>
|
@@ -588,7 +588,7 @@
|
|
588
588
|
|
589
589
|
<!-- BSD begin -->
|
590
590
|
|
591
|
-
<fingerprint pattern="
|
591
|
+
<fingerprint pattern="(?i)^(.{0,256}?BSD)\s?(\d+?(?:\.\d+?)*?(?:[\-\/_ ]?\w+?)?(?:-[a-z]\d+?)?)?$">
|
592
592
|
<description>Many BSD family OSes</description>
|
593
593
|
<example os.version="10.3-RELEASE" os.product="FreeBSD">FreeBSD 10.3-RELEASE</example>
|
594
594
|
<example os.version="10.3-RELEASE-p4" os.product="FreeBSD">FreeBSD 10.3-RELEASE-p4</example>
|
@@ -605,7 +605,7 @@
|
|
605
605
|
|
606
606
|
<!-- Other Unix-likes begin -->
|
607
607
|
|
608
|
-
<fingerprint pattern="
|
608
|
+
<fingerprint pattern="(?i)^(?:Oracle|Sun)?\s?OpenSolaris\s?(\d+?(?:\.\d+?)*?)?$">
|
609
609
|
<description>OpenSolaris</description>
|
610
610
|
<example os.version="2009.06">OpenSolaris 2009.06</example>
|
611
611
|
<param pos="0" name="os.vendor" value="Sun"/>
|
data/xml/pop_banners.xml
CHANGED
@@ -5,7 +5,7 @@
|
|
5
5
|
matched against these patterns to fingerprint POP3 servers.
|
6
6
|
-->
|
7
7
|
|
8
|
-
<fingerprint pattern="^([^ ]
|
8
|
+
<fingerprint pattern="^([^ ]{1,512}) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
|
9
9
|
<description>OSX Cyrus POP</description>
|
10
10
|
<example host.domain="8.8.8.8" service.version="2.3.8" os.version="10.5">8.8.8.8 Cyrus POP3 v2.3.8-OS X Server 10.5: 9A562 server ready <1999107648.1324502155@8.8.8.8></example>
|
11
11
|
<param pos="0" name="service.vendor" value="Carnegie Mellon University"/>
|
@@ -20,7 +20,7 @@
|
|
20
20
|
<param pos="1" name="host.domain"/>
|
21
21
|
</fingerprint>
|
22
22
|
|
23
|
-
<fingerprint pattern="^([^ ]
|
23
|
+
<fingerprint pattern="^([^ ]{1,512}) +Cyrus POP3 v([\d\.]+)">
|
24
24
|
<description>CMU Cyrus POP</description>
|
25
25
|
<example host.domain="foo" service.version="2.3">foo Cyrus POP3 v2.3</example>
|
26
26
|
<example host.domain="foo" service.version="2.3.14">foo Cyrus POP3 v2.3.14 server ready <13087751828270990591.1301068892@foo></example>
|
@@ -229,7 +229,7 @@
|
|
229
229
|
<param pos="0" name="hw.product" value="Raspberry Pi"/>
|
230
230
|
</fingerprint>
|
231
231
|
|
232
|
-
<fingerprint pattern="^(\S
|
232
|
+
<fingerprint pattern="^(\S{1,512}) Zimbra POP3 server ready\.?$">
|
233
233
|
<description>VMware Zimbra POP</description>
|
234
234
|
<example host.name="foo.bar">foo.bar Zimbra POP3 server ready</example>
|
235
235
|
<param pos="0" name="service.vendor" value="VMware"/>
|
@@ -238,7 +238,7 @@
|
|
238
238
|
<param pos="1" name="host.name"/>
|
239
239
|
</fingerprint>
|
240
240
|
|
241
|
-
<fingerprint pattern="^(\S
|
241
|
+
<fingerprint pattern="^(\S{1,512}) Zimbra (\S+) POP3 server ready\.?$">
|
242
242
|
<description>VMware Zimbra POP with version</description>
|
243
243
|
<example host.name="foo.bar">foo.bar Zimbra 7.0.0_GA_3079 POP3 server ready</example>
|
244
244
|
<param pos="0" name="service.vendor" value="VMware"/>
|
data/xml/rtsp_servers.xml
CHANGED
@@ -93,4 +93,11 @@
|
|
93
93
|
<param pos="1" name="os.version"/>
|
94
94
|
</fingerprint>
|
95
95
|
|
96
|
+
<fingerprint pattern="^Linux/2\.6\.35\.14_nl-xarina\+ Ze-PRO$">
|
97
|
+
<description>Sony Network Camera</description>
|
98
|
+
<example>Linux/2.6.35.14_nl-xarina+ Ze-PRO</example>
|
99
|
+
<param pos="0" name="hw.vendor" value="Sony"/>
|
100
|
+
<param pos="0" name="hw.device" value="IP Camera"/>
|
101
|
+
</fingerprint>
|
102
|
+
|
96
103
|
</fingerprints>
|
data/xml/sip_banners.xml
CHANGED
@@ -60,10 +60,54 @@
|
|
60
60
|
<param pos="2" name="hw.version"/>
|
61
61
|
</fingerprint>
|
62
62
|
|
63
|
+
<!-- The next few Linksys fingerprints could be merged but are split to enable CPEs -->
|
64
|
+
|
65
|
+
<fingerprint pattern="^(?:[\dA-F]{1,64} )?Linksys/RT31P2-([\d.]+)\(\w+\)$">
|
66
|
+
<description>Linksys RT31P2</description>
|
67
|
+
<example os.version="3.1.9">Linksys/RT31P2-3.1.9(LId)</example>
|
68
|
+
<example os.version="3.1.6">Linksys/RT31P2-3.1.6(LI)</example>
|
69
|
+
<example os.version="3.1.6">001310E72B51 Linksys/RT31P2-3.1.6(LI)</example>
|
70
|
+
<param pos="0" name="os.vendor" value="Linksys"/>
|
71
|
+
<param pos="0" name="os.product" value="RT31P2 Firmware"/>
|
72
|
+
<param pos="1" name="os.version"/>
|
73
|
+
<param pos="0" name="os.device" value="VoIP"/>
|
74
|
+
<param pos="0" name="hw.vendor" value="Linksys"/>
|
75
|
+
<param pos="0" name="hw.product" value="RT31P2"/>
|
76
|
+
<param pos="0" name="hw.device" value="VoIP"/>
|
77
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:linksys:rt31p2:-"/>
|
78
|
+
</fingerprint>
|
79
|
+
|
80
|
+
<fingerprint pattern="^Cisco/SPA122-([\d.]+)\(\w+\)[\w-]*$">
|
81
|
+
<description>Cisco SPA122</description>
|
82
|
+
<example os.version="1.3.5">Cisco/SPA122-1.3.5(004p)</example>
|
83
|
+
<example os.version="1.3.5">Cisco/SPA122-1.3.5(004p)_BestGo</example>
|
84
|
+
<param pos="0" name="os.vendor" value="Cisco"/>
|
85
|
+
<param pos="0" name="os.product" value="SPA122 Firmware"/>
|
86
|
+
<param pos="1" name="os.version"/>
|
87
|
+
<param pos="0" name="os.device" value="VoIP"/>
|
88
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:spa122_firmware:{os.version}"/>
|
89
|
+
<param pos="0" name="hw.vendor" value="Cisco"/>
|
90
|
+
<param pos="0" name="hw.product" value="SPA122"/>
|
91
|
+
<param pos="0" name="hw.device" value="VoIP"/>
|
92
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:cisco:spa122:-"/>
|
93
|
+
</fingerprint>
|
94
|
+
|
95
|
+
<fingerprint pattern="^Cisco/SPA112-([\d.SR]+)\(\w+\)[\w-]*$">
|
96
|
+
<description>Cisco SPA112</description>
|
97
|
+
<example os.version="1.4.1SR1">Cisco/SPA112-1.4.1SR1(002)d-hisec</example>
|
98
|
+
<param pos="0" name="os.vendor" value="Cisco"/>
|
99
|
+
<param pos="0" name="os.product" value="SPA112 Firmware"/>
|
100
|
+
<param pos="1" name="os.version"/>
|
101
|
+
<param pos="0" name="os.device" value="VoIP"/>
|
102
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:spa112_firmware:{os.version}"/>
|
103
|
+
<param pos="0" name="hw.vendor" value="Cisco"/>
|
104
|
+
<param pos="0" name="hw.product" value="SPA112"/>
|
105
|
+
<param pos="0" name="hw.device" value="VoIP"/>
|
106
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:cisco:spa112:-"/>
|
107
|
+
</fingerprint>
|
108
|
+
|
63
109
|
<fingerprint pattern="(?:Cisco|Linksys)/(SPA\d+[DG]?\d?)-([\d\.a-zA-Z]+)">
|
64
110
|
<description>Cisco/Linksys SPA VoIP Phone</description>
|
65
|
-
<example hw.model="SPA112" hw.version="1.4.1SR1">Cisco/SPA112-1.4.1SR1(002)d-hisec</example>
|
66
|
-
<example hw.model="SPA122" hw.version="1.3.3">Cisco/SPA122-1.3.3(004)</example>
|
67
111
|
<example hw.model="SPA922" hw.version="6.1.5">PhoneSystems.net aabbccddeeff Linksys/SPA922-6.1.5(a)</example>
|
68
112
|
<example hw.model="SPA232D" hw.version="1.4.1">Cisco/SPA232D-1.4.1(002_282)</example>
|
69
113
|
<example hw.model="SPA504G" hw.version="7.5.2">Cisco/SPA504G-7.5.2</example>
|
@@ -155,6 +199,131 @@
|
|
155
199
|
<param pos="1" name="hw.product"/>
|
156
200
|
</fingerprint>
|
157
201
|
|
202
|
+
<!-- NEC -->
|
203
|
+
|
204
|
+
<fingerprint pattern="^NEC SL2100/([\d.]+)$">
|
205
|
+
<description>NEC SL2100 Communications Server</description>
|
206
|
+
<example os.version="2.1">NEC SL2100/2.1</example>
|
207
|
+
<param pos="0" name="os.vendor" value="NEC"/>
|
208
|
+
<param pos="0" name="os.product" value="SL2100 Firmware"/>
|
209
|
+
<param pos="1" name="os.version"/>
|
210
|
+
<param pos="0" name="os.device" value="SIP Gateway"/>
|
211
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:nec:sl2100_firmware:{os.version}"/>
|
212
|
+
<param pos="0" name="hw.vendor" value="NEC"/>
|
213
|
+
<param pos="0" name="hw.family" value="SL2100"/>
|
214
|
+
<param pos="0" name="hw.product" value="SL2100"/>
|
215
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
216
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:nec:sl2100:-"/>
|
217
|
+
</fingerprint>
|
218
|
+
|
219
|
+
<fingerprint pattern="^NEC (Aspire [WU]X) ([\d.]+)(?:/\d\.\d)?$">
|
220
|
+
<description>NEC UNIVERGE Aspire WX or UX SIP Gateway</description>
|
221
|
+
<example hw.product="Aspire WX" os.version="02.00.00">NEC Aspire WX 02.00.00</example>
|
222
|
+
<example hw.product="Aspire UX" os.version="08.00.00">NEC Aspire UX 08.00.00/2.1</example>
|
223
|
+
<param pos="0" name="os.vendor" value="NEC"/>
|
224
|
+
<param pos="2" name="os.version"/>
|
225
|
+
<param pos="0" name="hw.vendor" value="NEC"/>
|
226
|
+
<param pos="0" name="hw.family" value="UNIVERGE"/>
|
227
|
+
<param pos="1" name="hw.product"/>
|
228
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
229
|
+
</fingerprint>
|
230
|
+
|
231
|
+
<!-- The next few NEC fingerprints could be merged but are split to enable CPEs -->
|
232
|
+
|
233
|
+
<fingerprint pattern="^NEC(?:-i)? SV9100-(?:NA|GE) ([\d.]+)(?:/\d\.\d)?$">
|
234
|
+
<description>NEC UNIVERGE 9100 SIP Gateway</description>
|
235
|
+
<example os.version="08.00.65">NEC SV9100-NA 08.00.65/2.1</example>
|
236
|
+
<example os.version="09.00.60">NEC SV9100-GE 09.00.60/2.1</example>
|
237
|
+
<param pos="0" name="os.vendor" value="NEC"/>
|
238
|
+
<param pos="0" name="os.product" value="SV9100 Firmware"/>
|
239
|
+
<param pos="1" name="os.version"/>
|
240
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:nec:sv9100_firmware:{os.version}"/>
|
241
|
+
<param pos="0" name="hw.vendor" value="NEC"/>
|
242
|
+
<param pos="0" name="hw.family" value="UNIVERGE"/>
|
243
|
+
<param pos="0" name="hw.product" value="SV9100"/>
|
244
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
245
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:nec:sv9100:-"/>
|
246
|
+
</fingerprint>
|
247
|
+
|
248
|
+
<fingerprint pattern="^NEC(?:-i)? SV8100-(?:NA|GE) ([\d.]+)(?:/\d\.\d)?$">
|
249
|
+
<description>NEC UNIVERGE 8100 SIP Gateway</description>
|
250
|
+
<example os.version="08.00.65">NEC SV8100-GE 08.00.65/2.1</example>
|
251
|
+
<example os.version="09.50">NEC-i SV8100-NA 09.50/2.1</example>
|
252
|
+
<example os.version="10.12">NEC SV8100-NA 10.12/2.1</example>
|
253
|
+
<param pos="0" name="os.vendor" value="NEC"/>
|
254
|
+
<param pos="0" name="os.product" value="SV8100 Firmware"/>
|
255
|
+
<param pos="1" name="os.version"/>
|
256
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:nec:sv8100_firmware:{os.version}"/>
|
257
|
+
<param pos="0" name="hw.vendor" value="NEC"/>
|
258
|
+
<param pos="0" name="hw.family" value="UNIVERGE"/>
|
259
|
+
<param pos="0" name="hw.product" value="SV8100"/>
|
260
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
261
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:nec:sv8100:-"/>
|
262
|
+
</fingerprint>
|
263
|
+
|
264
|
+
<!-- Grandstream -->
|
265
|
+
|
266
|
+
<!-- The next few fingerprints could be merged but are split to enable CPEs -->
|
267
|
+
|
268
|
+
<fingerprint pattern="^Grandstream UCM6208V(\d\.\d\w) ([\d.]+)$">
|
269
|
+
<description>Grandstream UCM 6208</description>
|
270
|
+
<example hw.version="1.4A" os.version="1.0.16.20">Grandstream UCM6208V1.4A 1.0.16.20</example>
|
271
|
+
<param pos="0" name="os.vendor" value="Grandstream"/>
|
272
|
+
<param pos="0" name="os.product" value="UCM6208 Firmware"/>
|
273
|
+
<param pos="2" name="os.version"/>
|
274
|
+
<param pos="0" name="os.device" value="SIP Gateway"/>
|
275
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ucm6208_firmware:{os.version}"/>
|
276
|
+
<param pos="0" name="hw.vendor" value="Grandstream"/>
|
277
|
+
<param pos="0" name="hw.product" value="UCM6208"/>
|
278
|
+
<param pos="1" name="hw.version"/>
|
279
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
280
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ucm6208:{hw.version}"/>
|
281
|
+
</fingerprint>
|
282
|
+
|
283
|
+
<fingerprint pattern="^Grandstream UCM6204V(\d\.\d\w) ([\d.]+)$">
|
284
|
+
<description>Grandstream UCM 6204</description>
|
285
|
+
<example hw.version="1.4A" os.version="1.0.15.16">Grandstream UCM6204V1.4A 1.0.15.16</example>
|
286
|
+
<param pos="0" name="os.vendor" value="Grandstream"/>
|
287
|
+
<param pos="0" name="os.product" value="UCM6204 Firmware"/>
|
288
|
+
<param pos="2" name="os.version"/>
|
289
|
+
<param pos="0" name="os.device" value="SIP Gateway"/>
|
290
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ucm6204_firmware:{os.version}"/>
|
291
|
+
<param pos="0" name="hw.vendor" value="Grandstream"/>
|
292
|
+
<param pos="0" name="hw.product" value="UCM6204"/>
|
293
|
+
<param pos="1" name="hw.version"/>
|
294
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
295
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ucm6204:{hw.version}"/>
|
296
|
+
</fingerprint>
|
297
|
+
|
298
|
+
<fingerprint pattern="^Grandstream UCM6202V(\d\.\d\w) ([\d.]+)$">
|
299
|
+
<description>Grandstream UCM 6202</description>
|
300
|
+
<example hw.version="1.4A" os.version="1.0.15.16">Grandstream UCM6202V1.4A 1.0.15.16</example>
|
301
|
+
<param pos="0" name="os.vendor" value="Grandstream"/>
|
302
|
+
<param pos="0" name="os.product" value="UCM6202 Firmware"/>
|
303
|
+
<param pos="2" name="os.version"/>
|
304
|
+
<param pos="0" name="os.device" value="SIP Gateway"/>
|
305
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ucm6202_firmware:{os.version}"/>
|
306
|
+
<param pos="0" name="hw.vendor" value="Grandstream"/>
|
307
|
+
<param pos="0" name="hw.product" value="UCM6202"/>
|
308
|
+
<param pos="1" name="hw.version"/>
|
309
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
310
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ucm6202:{hw.version}"/>
|
311
|
+
</fingerprint>
|
312
|
+
|
313
|
+
<fingerprint pattern="^Grandstream (UCM6\d\d\d)V(\d\.\d\w) ([\d.]+)$">
|
314
|
+
<description>Grandstream UCM 6xxx series generic</description>
|
315
|
+
<example hw.product="UCM6102" os.version="1.0.6.10">Grandstream UCM6102V1.5A 1.0.6.10</example>
|
316
|
+
<example hw.product="UCM6302" hw.version="1.2B">Grandstream UCM6302V1.2B 1.0.3.10</example>
|
317
|
+
<example hw.product="UCM6510">Grandstream UCM6510V1.4B 1.0.14.23</example>
|
318
|
+
<param pos="0" name="os.vendor" value="Grandstream"/>
|
319
|
+
<param pos="3" name="os.version"/>
|
320
|
+
<param pos="0" name="os.device" value="SIP Gateway"/>
|
321
|
+
<param pos="0" name="hw.vendor" value="Grandstream"/>
|
322
|
+
<param pos="1" name="hw.product"/>
|
323
|
+
<param pos="2" name="hw.version"/>
|
324
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
325
|
+
</fingerprint>
|
326
|
+
|
158
327
|
<!-- Various -->
|
159
328
|
|
160
329
|
<fingerprint pattern="EnGenius_Router$">
|
@@ -249,7 +418,7 @@
|
|
249
418
|
<param pos="1" name="hw.product"/>
|
250
419
|
</fingerprint>
|
251
420
|
|
252
|
-
<fingerprint pattern="^(?:Audiocodes-Sip-Gateway-)?(\S
|
421
|
+
<fingerprint pattern="^(?:Audiocodes-Sip-Gateway-)?(\S{1,64}) FX[A-Z_]+/v.(\S+)$">
|
253
422
|
<description>Audiocodes-Sip-Gateway</description>
|
254
423
|
<example hw.product="MP-124" os.version="6.00A.034.003">Audiocodes-Sip-Gateway-MP-124 FXS/v.6.00A.034.003</example>
|
255
424
|
<example hw.product="MP-124" os.version="6.60A.342.003">MP-124 FXS/v.6.60A.342.003</example>
|
@@ -275,6 +444,18 @@
|
|
275
444
|
<param pos="0" name="hw.product" value="SIP Gateway"/>
|
276
445
|
</fingerprint>
|
277
446
|
|
447
|
+
<fingerprint pattern="^Wildix GW ([\d.~a-h]+)$">
|
448
|
+
<description>Wildix SIP Gateway - timestamp/build variant</description>
|
449
|
+
<example os.version="20201008.1~a2e84be1">Wildix GW 20201008.1~a2e84be1</example>
|
450
|
+
<param pos="0" name="os.vendor" value="Wildix"/>
|
451
|
+
<param pos="0" name="os.family" value="SIP Gateway"/>
|
452
|
+
<param pos="1" name="os.version"/>
|
453
|
+
<param pos="0" name="hw.vendor" value="Wildix"/>
|
454
|
+
<param pos="0" name="hw.family" value="SIP Gateway"/>
|
455
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
456
|
+
<param pos="0" name="hw.product" value="SIP Gateway"/>
|
457
|
+
</fingerprint>
|
458
|
+
|
278
459
|
<fingerprint pattern="^Wildix GW$">
|
279
460
|
<description>Wildix SIP Gateway w/o Version</description>
|
280
461
|
<example>Wildix GW</example>
|
@@ -286,6 +467,18 @@
|
|
286
467
|
<param pos="0" name="hw.product" value="SIP Gateway"/>
|
287
468
|
</fingerprint>
|
288
469
|
|
470
|
+
<fingerprint pattern="^PBX-IP Media Gateway/([\d.]+)$">
|
471
|
+
<description>Dialogic Media Gateway w Version</description>
|
472
|
+
<example os.version="2.1">PBX-IP Media Gateway/2.1</example>
|
473
|
+
<param pos="0" name="os.vendor" value="Dialogic"/>
|
474
|
+
<param pos="0" name="os.family" value="SIP Gateway"/>
|
475
|
+
<param pos="1" name="os.version"/>
|
476
|
+
<param pos="0" name="hw.vendor" value="Dialogic"/>
|
477
|
+
<param pos="0" name="hw.family" value="SIP Gateway"/>
|
478
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
479
|
+
<param pos="0" name="hw.product" value="Media Gateway"/>
|
480
|
+
</fingerprint>
|
481
|
+
|
289
482
|
<fingerprint pattern="^Asterisk PBX (\S+)$">
|
290
483
|
<description>Asterisk PBX w/ Version</description>
|
291
484
|
<example service.version="13.18.0-6.7.1.1.rl.1538157944.1c65507">Asterisk PBX 13.18.0-6.7.1.1.rl.1538157944.1c65507</example>
|
@@ -314,14 +507,115 @@
|
|
314
507
|
<param pos="1" name="service.version"/>
|
315
508
|
</fingerprint>
|
316
509
|
|
317
|
-
|
318
|
-
|
319
|
-
|
510
|
+
<!-- Kamailio seems to be a successor to OpenSER and perhaps OpenSIPS? -->
|
511
|
+
|
512
|
+
<fingerprint pattern="^[Kk]amailio \(([\d.]+)(?:-tls|-notls)? \(x86_64/linux\)\)$">
|
513
|
+
<description>Kamailio Kamailio - Linux on x86_64</description>
|
514
|
+
<example service.version="4.4.4">kamailio (4.4.4 (x86_64/linux))</example>
|
320
515
|
<param pos="0" name="service.vendor" value="Kamailio"/>
|
321
|
-
<param pos="0" name="service.
|
322
|
-
<param pos="
|
516
|
+
<param pos="0" name="service.product" value="Kamailio"/>
|
517
|
+
<param pos="1" name="service.version"/>
|
518
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:kamailio:kamailio:{service.version}"/>
|
519
|
+
<param pos="0" name="os.family" value="Linux"/>
|
520
|
+
<param pos="0" name="os.product" value="Linux"/>
|
521
|
+
<param pos="0" name="os.arch" value="x86_64"/>
|
522
|
+
</fingerprint>
|
523
|
+
|
524
|
+
<fingerprint pattern="^[Kk]amailio \(([\d.]+)(?:-tls|-notls)? \(i386/linux\)\)$">
|
525
|
+
<description>Kamailio Kamailio - Linux on x86</description>
|
526
|
+
<example service.version="1.5.2">Kamailio (1.5.2-notls (i386/linux))</example>
|
527
|
+
<param pos="0" name="service.vendor" value="Kamailio"/>
|
528
|
+
<param pos="0" name="service.product" value="Kamailio"/>
|
529
|
+
<param pos="1" name="service.version"/>
|
530
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:kamailio:kamailio:{service.version}"/>
|
531
|
+
<param pos="0" name="os.family" value="Linux"/>
|
532
|
+
<param pos="0" name="os.product" value="Linux"/>
|
533
|
+
<param pos="0" name="os.arch" value="x86"/>
|
534
|
+
</fingerprint>
|
535
|
+
|
536
|
+
<fingerprint pattern="^OpenSIPS \(([\d.]+)(?:-tls|-notls)? \(x86_64/linux\)\)$">
|
537
|
+
<description>OpenSIPS OpenSIPS - Linux on x86_64</description>
|
538
|
+
<example service.version="1.7.2">OpenSIPS (1.7.2-notls (x86_64/linux))</example>
|
539
|
+
<example service.version="1.11.11">OpenSIPS (1.11.11-tls (x86_64/linux))</example>
|
540
|
+
<example service.version="2.2.7">OpenSIPS (2.2.7 (x86_64/linux))</example>
|
541
|
+
<param pos="0" name="service.vendor" value="OpenSIPS"/>
|
542
|
+
<param pos="0" name="service.product" value="OpenSIPS"/>
|
543
|
+
<param pos="1" name="service.version"/>
|
544
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:opensips:opensips:{service.version}"/>
|
545
|
+
<param pos="0" name="os.family" value="Linux"/>
|
546
|
+
<param pos="0" name="os.product" value="Linux"/>
|
547
|
+
<param pos="0" name="os.arch" value="x86_64"/>
|
548
|
+
</fingerprint>
|
549
|
+
|
550
|
+
<fingerprint pattern="^OpenSIPS \(([\d.]+)(?:-tls|-notls)? \(i386/linux\)\)$">
|
551
|
+
<description>OpenSIPS OpenSIPS - Linux on x86</description>
|
552
|
+
<example service.version="1.8.2">OpenSIPS (1.8.2-notls (i386/linux))</example>
|
553
|
+
<example service.version="1.11.3">OpenSIPS (1.11.3-tls (i386/linux))</example>
|
554
|
+
<example service.version="2.3.3">OpenSIPS (2.3.3 (i386/linux))</example>
|
555
|
+
<param pos="0" name="service.vendor" value="OpenSIPS"/>
|
556
|
+
<param pos="0" name="service.product" value="OpenSIPS"/>
|
557
|
+
<param pos="1" name="service.version"/>
|
558
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:opensips:opensips:{service.version}"/>
|
559
|
+
<param pos="0" name="os.family" value="Linux"/>
|
560
|
+
<param pos="0" name="os.product" value="Linux"/>
|
561
|
+
<param pos="0" name="os.arch" value="x86"/>
|
562
|
+
</fingerprint>
|
563
|
+
|
564
|
+
<fingerprint pattern="^OpenSIPS \(([\d.]+)(?:-tls|-notls)? \(arm(?:v4tl|v7l)?/linux\)\)$">
|
565
|
+
<description>OpenSIPS OpenSIPS - Linux on ARM</description>
|
566
|
+
<example service.version="2.2.2">OpenSIPS (2.2.2 (arm/linux))</example>
|
567
|
+
<example service.version="1.6.0">OpenSIPS (1.6.0-notls (armv4tl/linux))</example>
|
568
|
+
<example service.version="1.11.5">OpenSIPS (1.11.5-tls (armv7l/linux))</example>
|
569
|
+
<param pos="0" name="service.vendor" value="OpenSIPS"/>
|
570
|
+
<param pos="0" name="service.product" value="OpenSIPS"/>
|
571
|
+
<param pos="1" name="service.version"/>
|
572
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:opensips:opensips:{service.version}"/>
|
573
|
+
<param pos="0" name="os.family" value="Linux"/>
|
574
|
+
<param pos="0" name="os.product" value="Linux"/>
|
575
|
+
<param pos="0" name="os.arch" value="ARM"/>
|
576
|
+
</fingerprint>
|
577
|
+
|
578
|
+
<fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(sh4/linux\)\)$">
|
579
|
+
<description>OpenSER OpenSER - Linux on Renesas SH4</description>
|
580
|
+
<example service.version="1.3.2">OpenSER (1.3.2-notls (sh4/linux))</example>
|
581
|
+
<param pos="0" name="service.vendor" value="OpenSER"/>
|
582
|
+
<param pos="0" name="service.product" value="OpenSER"/>
|
323
583
|
<param pos="1" name="service.version"/>
|
324
|
-
<param pos="
|
584
|
+
<param pos="0" name="os.family" value="Linux"/>
|
585
|
+
<param pos="0" name="os.product" value="Linux"/>
|
586
|
+
</fingerprint>
|
587
|
+
|
588
|
+
<fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(x86_64/linux\)\)$">
|
589
|
+
<description>OpenSER OpenSER - Linux on x86_64</description>
|
590
|
+
<example service.version="1.1.0">OpenSer (1.1.0-notls (x86_64/linux))</example>
|
591
|
+
<param pos="0" name="service.vendor" value="OpenSER"/>
|
592
|
+
<param pos="0" name="service.product" value="OpenSER"/>
|
593
|
+
<param pos="1" name="service.version"/>
|
594
|
+
<param pos="0" name="os.family" value="Linux"/>
|
595
|
+
<param pos="0" name="os.product" value="Linux"/>
|
596
|
+
<param pos="0" name="os.arch" value="x86_64"/>
|
597
|
+
</fingerprint>
|
598
|
+
|
599
|
+
<fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(i386/linux\)\)$">
|
600
|
+
<description>OpenSER OpenSER - Linux on x86</description>
|
601
|
+
<example service.version="1.3.0">OpenSER (1.3.0-notls (i386/linux))</example>
|
602
|
+
<param pos="0" name="service.vendor" value="OpenSER"/>
|
603
|
+
<param pos="0" name="service.product" value="OpenSER"/>
|
604
|
+
<param pos="1" name="service.version"/>
|
605
|
+
<param pos="0" name="os.family" value="Linux"/>
|
606
|
+
<param pos="0" name="os.product" value="Linux"/>
|
607
|
+
<param pos="0" name="os.arch" value="x86"/>
|
608
|
+
</fingerprint>
|
609
|
+
|
610
|
+
<fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(arm/linux\)\)$">
|
611
|
+
<description>OpenSER OpenSER - Linux on ARM</description>
|
612
|
+
<example service.version="1.3.2">OpenSER (1.3.2-tls (arm/linux))</example>
|
613
|
+
<param pos="0" name="service.vendor" value="OpenSER"/>
|
614
|
+
<param pos="0" name="service.product" value="OpenSER"/>
|
615
|
+
<param pos="1" name="service.version"/>
|
616
|
+
<param pos="0" name="os.family" value="Linux"/>
|
617
|
+
<param pos="0" name="os.product" value="Linux"/>
|
618
|
+
<param pos="0" name="os.arch" value="ARM"/>
|
325
619
|
</fingerprint>
|
326
620
|
|
327
621
|
<!-- This match covers multiple product families and should be split up further -->
|
@@ -351,4 +645,48 @@
|
|
351
645
|
<param pos="0" name="hw.product" value="SIParator Firewall"/>
|
352
646
|
</fingerprint>
|
353
647
|
|
648
|
+
<fingerprint pattern="^CommuniGatePro/(\d\.[\w.]+)$">
|
649
|
+
<description>Communigate Pro</description>
|
650
|
+
<example service.version="6.2.14">CommuniGatePro/6.2.14</example>
|
651
|
+
<example service.version="6.3c1m">CommuniGatePro/6.3c1m</example>
|
652
|
+
<param pos="0" name="service.vendor" value="Communigate"/>
|
653
|
+
<param pos="0" name="service.family" value="Pro"/>
|
654
|
+
<param pos="0" name="service.product" value="Communigate Pro"/>
|
655
|
+
<param pos="1" name="service.version"/>
|
656
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:communigate:communigate_pro:{service.version}"/>
|
657
|
+
</fingerprint>
|
658
|
+
|
659
|
+
<fingerprint pattern="^STARFACE PBX$">
|
660
|
+
<description>STARFACE GmhH STARFACE PBX</description>
|
661
|
+
<example>STARFACE PBX</example>
|
662
|
+
<param pos="0" name="service.vendor" value="STARFACE GmhH"/>
|
663
|
+
<param pos="0" name="service.family" value="SIP Server"/>
|
664
|
+
<param pos="0" name="service.product" value="STARFACE PBX"/>
|
665
|
+
</fingerprint>
|
666
|
+
|
667
|
+
<fingerprint pattern="^FortiVoice-([\w-]+)$">
|
668
|
+
<description>Fortinet FortiVoice</description>
|
669
|
+
<example hw.product="200D">FortiVoice-200D</example>
|
670
|
+
<example hw.product="VM-Azure">FortiVoice-VM-Azure</example>
|
671
|
+
<example>FortiVoice-1000E</example>
|
672
|
+
<param pos="0" name="service.vendor" value="Fortinet"/>
|
673
|
+
<param pos="0" name="service.product" value="FortiVoice"/>
|
674
|
+
<param pos="0" name="service.device" value="SIP Gateway"/>
|
675
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:fortinet:fortivoice:-"/>
|
676
|
+
<param pos="0" name="hw.vendor" value="Fortinet"/>
|
677
|
+
<param pos="0" name="hw.family" value="FortiVoice"/>
|
678
|
+
<param pos="1" name="hw.product"/>
|
679
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
680
|
+
</fingerprint>
|
681
|
+
|
682
|
+
<fingerprint pattern="^Freeswitch ([\d.]+)$">
|
683
|
+
<description>FreeSWITCH FreeSWITCH</description>
|
684
|
+
<example service.version="2.0.0">Freeswitch 2.0.0</example>
|
685
|
+
<param pos="0" name="service.vendor" value="FreeSWITCH"/>
|
686
|
+
<param pos="0" name="service.product" value="FreeSWITCH"/>
|
687
|
+
<param pos="1" name="service.version"/>
|
688
|
+
<param pos="0" name="service.device" value="SIP Gateway"/>
|
689
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:freeswitch:freeswitch:{service.version}"/>
|
690
|
+
</fingerprint>
|
691
|
+
|
354
692
|
</fingerprints>
|