recog 2.3.17 → 2.3.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ci.yml +26 -0
  3. data/bin/recog_standardize +6 -0
  4. data/cpe-remap.yaml +342 -200
  5. data/identifiers/README.md +24 -10
  6. data/identifiers/fields.txt +104 -0
  7. data/identifiers/hw_device.txt +2 -0
  8. data/identifiers/hw_family.txt +11 -0
  9. data/identifiers/hw_product.txt +71 -0
  10. data/identifiers/os_device.txt +2 -1
  11. data/identifiers/os_family.txt +2 -0
  12. data/identifiers/os_product.txt +36 -8
  13. data/identifiers/service_family.txt +10 -1
  14. data/identifiers/service_product.txt +78 -2
  15. data/identifiers/vendor.txt +55 -0
  16. data/lib/recog/nizer.rb +1 -82
  17. data/lib/recog/version.rb +1 -1
  18. data/requirements.txt +1 -1
  19. data/update_cpes.py +18 -5
  20. data/xml/apache_modules.xml +60 -0
  21. data/xml/apache_os.xml +1 -1
  22. data/xml/dns_versionbind.xml +11 -1
  23. data/xml/favicons.xml +122 -3
  24. data/xml/ftp_banners.xml +62 -51
  25. data/xml/html_title.xml +553 -41
  26. data/xml/http_cookies.xml +262 -61
  27. data/xml/http_servers.xml +478 -108
  28. data/xml/http_wwwauth.xml +36 -9
  29. data/xml/imap_banners.xml +5 -5
  30. data/xml/ldap_searchresult.xml +1 -0
  31. data/xml/mdns_device-info_txt.xml +340 -10
  32. data/xml/mysql_banners.xml +2 -1
  33. data/xml/nntp_banners.xml +1 -1
  34. data/xml/ntp_banners.xml +16 -2
  35. data/xml/operating_system.xml +4 -4
  36. data/xml/pop_banners.xml +4 -4
  37. data/xml/rtsp_servers.xml +7 -0
  38. data/xml/sip_banners.xml +347 -9
  39. data/xml/sip_user_agents.xml +323 -4
  40. data/xml/smb_native_lm.xml +32 -1
  41. data/xml/smb_native_os.xml +160 -33
  42. data/xml/smtp_banners.xml +167 -128
  43. data/xml/smtp_expn.xml +1 -0
  44. data/xml/smtp_vrfy.xml +1 -0
  45. data/xml/snmp_sysdescr.xml +205 -36
  46. data/xml/ssh_banners.xml +139 -25
  47. data/xml/telnet_banners.xml +92 -48
  48. data/xml/tls_jarm.xml +140 -0
  49. data/xml/x509_issuers.xml +201 -2
  50. data/xml/x509_subjects.xml +251 -32
  51. metadata +5 -2
@@ -4,6 +4,95 @@
4
4
  SIP User Agent header values are matched against these patterns to fingerprint SIP devices.
5
5
  -->
6
6
 
7
+ <!-- Generic high volume matches -->
8
+
9
+ <fingerprint pattern="^SIP/2.0$">
10
+ <description>Generic SIP/2.0 response -- assert nothing.</description>
11
+ <example>SIP/2.0</example>
12
+ <param pos="0" name="hw.certainty" value="0.0"/>
13
+ <param pos="0" name="os.certainty" value="0.0"/>
14
+ <param pos="0" name="service.certainty" value="0.0"/>
15
+ </fingerprint>
16
+
17
+ <fingerprint pattern="^TP-Link SIP Stack V1.0.0$">
18
+ <description>TP-Link SIP enabled device</description>
19
+ <example>TP-Link SIP Stack V1.0.0</example>
20
+ <param pos="0" name="hw.vendor" value="TP-LINK"/>
21
+ </fingerprint>
22
+
23
+ <fingerprint pattern="^DLink VoIP Stack$">
24
+ <description>DLink SIP enabled device</description>
25
+ <example>DLink VoIP Stack</example>
26
+ <param pos="0" name="hw.vendor" value="D-Link"/>
27
+ </fingerprint>
28
+
29
+ <fingerprint pattern="^Home&amp;Life HUB/([\d.]+)$">
30
+ <description>Zyxel home routers</description>
31
+ <example>Home&amp;Life HUB/1.1.26.00</example>
32
+ <param pos="0" name="os.vendor" value="Zyxel"/>
33
+ <param pos="1" name="os.version"/>
34
+ <param pos="0" name="os.device" value="Router"/>
35
+ <param pos="0" name="hw.vendor" value="Zyxel"/>
36
+ <param pos="0" name="hw.device" value="Router"/>
37
+ </fingerprint>
38
+
39
+ <!-- Technicolor devices -->
40
+
41
+ <fingerprint pattern="^Technicolor / VANT-6 / AGTOT_([\d.]+) / AGTOT_[\d.]+$">
42
+ <description>Technicolor TG789vac Router</description>
43
+ <example os.version="2.1.4">Technicolor / VANT-6 / AGTOT_2.1.4 / AGTOT_2.1.4</example>
44
+ <param pos="0" name="os.vendor" value="Technicolor"/>
45
+ <param pos="0" name="os.device" value="Router"/>
46
+ <param pos="1" name="os.version"/>
47
+ <param pos="0" name="hw.vendor" value="Technicolor"/>
48
+ <param pos="0" name="hw.product" value="TG789vac"/>
49
+ <param pos="0" name="hw.device" value="Router"/>
50
+ <param pos="0" name="hw.cpe23" value="cpe:/h:technicolor:tg789vac:-"/>
51
+ </fingerprint>
52
+
53
+ <fingerprint pattern="^Technicolor / VANT-6$">
54
+ <description>Technicolor TG789vac Router w/o version string</description>
55
+ <example>Technicolor / VANT-6</example>
56
+ <param pos="0" name="os.vendor" value="Technicolor"/>
57
+ <param pos="0" name="os.device" value="Router"/>
58
+ <param pos="0" name="hw.vendor" value="Technicolor"/>
59
+ <param pos="0" name="hw.product" value="TG789vac"/>
60
+ <param pos="0" name="hw.device" value="Router"/>
61
+ <param pos="0" name="hw.cpe23" value="cpe:/h:technicolor:tg789vac:-"/>
62
+ </fingerprint>
63
+
64
+ <fingerprint pattern="^(?:Technicolor|MediaAccess) (TG[\w]+) (?:v\d )?Build (\d+\.[\w.-]+)(?: CP\w+)?$">
65
+ <description>Technicolor TGxxx Router with build info</description>
66
+ <example hw.product="TG784n" os.version="10.2.1.O">Technicolor TG784n v3 Build 10.2.1.O</example>
67
+ <example hw.product="TG789vn" os.version="10.5.2.Z.EC">Technicolor TG789vn v3 Build 10.5.2.Z.EC</example>
68
+ <example>MediaAccess TG789vac v2 Build 10.5.8.Y.GX CP1916SAQHD</example>
69
+ <example hw.product="TG799vn" os.version="10.5.2.T.JF">Technicolor TG799vn v2 Build 10.5.2.T.JF</example>
70
+ <example hw.product="TG788vn" os.version="10.5.2.S.GD">MediaAccess TG788vn v2 Build 10.5.2.S.GD</example>
71
+ <example hw.product="TG799vac" os.version="17.2.0405-1021">MediaAccess TG799vac Build 17.2.0405-1021</example>
72
+ <example hw.product="TG389">MediaAccess TG389 Build 10.5.2.T.AQ</example>
73
+ <param pos="0" name="os.vendor" value="Technicolor"/>
74
+ <param pos="0" name="os.device" value="Router"/>
75
+ <param pos="2" name="os.version"/>
76
+ <param pos="0" name="hw.vendor" value="Technicolor"/>
77
+ <param pos="1" name="hw.product"/>
78
+ <param pos="0" name="hw.device" value="Router"/>
79
+ </fingerprint>
80
+
81
+ <!-- Thomson was an older name for Technicolor-->
82
+
83
+ <fingerprint pattern="^Thomson (TG[\w]+) (?:v\d )?Build (\d+\.[\w.-]+)(?: CP\w+)?$">
84
+ <description>Thomson TGxxx Router with build info</description>
85
+ <example hw.product="TG784" os.version="8.4.2.Q">Thomson TG784 Build 8.4.2.Q</example>
86
+ <example hw.product="TG784n" os.version="8.4.H.F">Thomson TG784n Build 8.4.H.F</example>
87
+ <example hw.product="TG797n" os.version="8.C.D.9">Thomson TG797n v2 Build 8.C.D.9</example>
88
+ <param pos="0" name="os.vendor" value="Thomson"/>
89
+ <param pos="0" name="os.device" value="Router"/>
90
+ <param pos="2" name="os.version"/>
91
+ <param pos="0" name="hw.vendor" value="Thomson"/>
92
+ <param pos="1" name="hw.product"/>
93
+ <param pos="0" name="hw.device" value="Router"/>
94
+ </fingerprint>
95
+
7
96
  <!-- Axis devices -->
8
97
 
9
98
  <fingerprint pattern="(?i)^AXIS (\S+) Network Video Door Station$">
@@ -43,10 +132,12 @@
43
132
  <!-- AVM.DE Devices -->
44
133
 
45
134
  <fingerprint pattern="^FRITZ!OS$">
46
- <description>AVM FritzOS Device</description>
135
+ <description>AVM Fritz!OS Device</description>
47
136
  <example>FRITZ!OS</example>
48
137
  <param pos="0" name="os.vendor" value="AVM"/>
49
- <param pos="0" name="os.product" value="FRITZ!BOX"/>
138
+ <param pos="0" name="os.product" value="FRITZ!OS"/>
139
+ <param pos="0" name="os.cpe23" value="cpe:/o:avm:fritz\!os:-"/>
140
+ <param pos="0" name="hw.vendor" value="AVM"/>
50
141
  </fingerprint>
51
142
 
52
143
  <fingerprint pattern="^(?:AVM )?(FRITZ!Box .*) +(\d+\.\d+\.\d+)">
@@ -67,6 +158,8 @@
67
158
  <param pos="0" name="os.family" value="FRITZ!Box"/>
68
159
  <param pos="1" name="os.product"/>
69
160
  <param pos="2" name="os.version"/>
161
+ <param pos="0" name="hw.vendor" value="AVM"/>
162
+ <param pos="0" name="hw.family" value="FRITZ!Box"/>
70
163
  </fingerprint>
71
164
 
72
165
  <fingerprint pattern="^(?:AVM )?(FRITZ!Fon .*) +(\d+\.\d+\.\d+)">
@@ -77,15 +170,19 @@
77
170
  <param pos="0" name="os.family" value="FRITZ!Fon"/>
78
171
  <param pos="1" name="os.product"/>
79
172
  <param pos="2" name="os.version"/>
173
+ <param pos="0" name="hw.vendor" value="AVM"/>
174
+ <param pos="0" name="hw.family" value="FRITZ!Fon"/>
80
175
  </fingerprint>
81
176
 
82
177
  <fingerprint pattern="^(?:AVM )?(Multibox .*) +(\d+\.\d+\.\d+)">
83
- <description>AVM Multibox</description>
178
+ <description>AVM Multibox - Generic</description>
84
179
  <example>AVM Multibox 7390 NGN 84.05.09 (Jan 13 2012)</example>
85
180
  <param pos="0" name="os.vendor" value="AVM"/>
86
181
  <param pos="0" name="os.family" value="Multibox"/>
87
182
  <param pos="1" name="os.product"/>
88
183
  <param pos="2" name="os.version"/>
184
+ <param pos="0" name="hw.vendor" value="AVM"/>
185
+ <param pos="1" name="hw.product"/>
89
186
  </fingerprint>
90
187
 
91
188
  <!-- Huawei devices -->
@@ -196,7 +293,7 @@
196
293
  <param pos="2" name="hw.version"/>
197
294
  </fingerprint>
198
295
 
199
- <fingerprint pattern="^Nero SIPPS IP Phone Version ([\d\.]+)+$">
296
+ <fingerprint pattern="^Nero SIPPS IP Phone Version ([\d\.]+)$">
200
297
  <description>Nero SIPPS IP Phone</description>
201
298
  <example service.version="2.0.51.16">Nero SIPPS IP Phone Version 2.0.51.16</example>
202
299
  <param pos="0" name="service.vendor" value="Nero"/>
@@ -245,4 +342,226 @@
245
342
  <param pos="1" name="hw.product"/>
246
343
  </fingerprint>
247
344
 
345
+ <!-- Grandstream -->
346
+
347
+ <!-- The next few fingerprints could be merged but are split to enable CPEs -->
348
+
349
+ <fingerprint pattern="^Grandstream HT818 ([\d.]+)$">
350
+ <description>Grandstream Handy Tone HT818</description>
351
+ <example os.version="1.0.8.7">Grandstream HT818 1.0.8.7</example>
352
+ <param pos="0" name="os.vendor" value="Grandstream"/>
353
+ <param pos="0" name="os.product" value="HT818 Firmware"/>
354
+ <param pos="1" name="os.version"/>
355
+ <param pos="0" name="os.device" value="SIP Gateway"/>
356
+ <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht818_firmware:{os.version}"/>
357
+ <param pos="0" name="hw.vendor" value="Grandstream"/>
358
+ <param pos="0" name="hw.product" value="HT818"/>
359
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
360
+ <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht818:-"/>
361
+ </fingerprint>
362
+
363
+ <fingerprint pattern="^Grandstream HT814 ([\d.]+)$">
364
+ <description>Grandstream Handy Tone HT814</description>
365
+ <example os.version="1.0.9.3">Grandstream HT814 1.0.9.3</example>
366
+ <param pos="0" name="os.vendor" value="Grandstream"/>
367
+ <param pos="0" name="os.product" value="HT814 Firmware"/>
368
+ <param pos="1" name="os.version"/>
369
+ <param pos="0" name="os.device" value="SIP Gateway"/>
370
+ <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht814_firmware:{os.version}"/>
371
+ <param pos="0" name="hw.vendor" value="Grandstream"/>
372
+ <param pos="0" name="hw.product" value="HT814"/>
373
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
374
+ <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht814:-"/>
375
+ </fingerprint>
376
+
377
+ <fingerprint pattern="^Grandstream HT813 ([\d.]+)$">
378
+ <description>Grandstream Handy Tone HT813</description>
379
+ <example os.version="1.0.1.2">Grandstream HT813 1.0.1.2</example>
380
+ <param pos="0" name="os.vendor" value="Grandstream"/>
381
+ <param pos="0" name="os.product" value="HT813 Firmware"/>
382
+ <param pos="1" name="os.version"/>
383
+ <param pos="0" name="os.device" value="SIP Gateway"/>
384
+ <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht813_firmware:{os.version}"/>
385
+ <param pos="0" name="hw.vendor" value="Grandstream"/>
386
+ <param pos="0" name="hw.product" value="HT813"/>
387
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
388
+ <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht813:-"/>
389
+ </fingerprint>
390
+
391
+ <fingerprint pattern="^Grandstream HT812 ([\d.]+)$">
392
+ <description>Grandstream Handy Tone HT812</description>
393
+ <example os.version="1.0.3.5">Grandstream HT812 1.0.3.5</example>
394
+ <param pos="0" name="os.vendor" value="Grandstream"/>
395
+ <param pos="0" name="os.product" value="HT812 Firmware"/>
396
+ <param pos="1" name="os.version"/>
397
+ <param pos="0" name="os.device" value="SIP Gateway"/>
398
+ <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht812_firmware:{os.version}"/>
399
+ <param pos="0" name="hw.vendor" value="Grandstream"/>
400
+ <param pos="0" name="hw.product" value="HT812"/>
401
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
402
+ <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht812:-"/>
403
+ </fingerprint>
404
+
405
+ <fingerprint pattern="^Grandstream HT802 ([\d.]+)$">
406
+ <description>Grandstream Handy Tone HT802</description>
407
+ <example os.version="1.0.3.2">Grandstream HT802 1.0.3.2</example>
408
+ <param pos="0" name="os.vendor" value="Grandstream"/>
409
+ <param pos="0" name="os.product" value="HT802 Firmware"/>
410
+ <param pos="1" name="os.version"/>
411
+ <param pos="0" name="os.device" value="SIP Gateway"/>
412
+ <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht802_firmware:{os.version}"/>
413
+ <param pos="0" name="hw.vendor" value="Grandstream"/>
414
+ <param pos="0" name="hw.product" value="HT802"/>
415
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
416
+ <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht802:-"/>
417
+ </fingerprint>
418
+
419
+ <fingerprint pattern="^Grandstream HT801 ([\d.]+)$">
420
+ <description>Grandstream Handy Tone HT801</description>
421
+ <example os.version="1.0.3.2">Grandstream HT801 1.0.3.2</example>
422
+ <param pos="0" name="os.vendor" value="Grandstream"/>
423
+ <param pos="0" name="os.product" value="HT801 Firmware"/>
424
+ <param pos="1" name="os.version"/>
425
+ <param pos="0" name="os.device" value="SIP Gateway"/>
426
+ <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht801_firmware:{os.version}"/>
427
+ <param pos="0" name="hw.vendor" value="Grandstream"/>
428
+ <param pos="0" name="hw.product" value="HT801"/>
429
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
430
+ <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht801:-"/>
431
+ </fingerprint>
432
+
433
+ <!-- Grandstream Handy Tone catchall for when CPEs aren't required for vuln mapping-->
434
+
435
+ <fingerprint pattern="^Grandstream (HT7\d\d) ([\d.]+)$">
436
+ <description>Grandstream Handy Tone HT7xx</description>
437
+ <example hw.product="HT701" os.version="1.0.8.2">Grandstream HT701 1.0.8.2</example>
438
+ <param pos="0" name="os.vendor" value="Grandstream"/>
439
+ <param pos="0" name="os.product" value="{hw.product} Firmware"/>
440
+ <param pos="2" name="os.version"/>
441
+ <param pos="0" name="os.device" value="SIP Gateway"/>
442
+ <param pos="0" name="hw.vendor" value="Grandstream"/>
443
+ <param pos="1" name="hw.product"/>
444
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
445
+ </fingerprint>
446
+
447
+ <!-- The next few fingerprints could be merged but are split to enable CPEs -->
448
+
449
+ <fingerprint pattern="^Grandstream GXP2200 ([\d.]+)$">
450
+ <description>Grandstream GXP SIP Phone GXP2200</description>
451
+ <example os.version="1.0.3.27">Grandstream GXP2200 1.0.3.27</example>
452
+ <param pos="0" name="os.vendor" value="Grandstream"/>
453
+ <param pos="0" name="os.product" value="GXP2200 Firmware"/>
454
+ <param pos="1" name="os.version"/>
455
+ <param pos="0" name="os.device" value="SIP Device"/>
456
+ <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:gxp2200_firmware:{os.version}"/>
457
+ <param pos="0" name="hw.vendor" value="Grandstream"/>
458
+ <param pos="0" name="hw.product" value="GXP2200"/>
459
+ <param pos="0" name="hw.device" value="SIP Device"/>
460
+ <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:gxp2200:-"/>
461
+ </fingerprint>
462
+
463
+ <fingerprint pattern="^Grandstream GXP1628 ([\d.]+)$">
464
+ <description>Grandstream GXP SIP Phone GXP1628</description>
465
+ <example os.version="1.0.7.6">Grandstream GXP1628 1.0.7.6</example>
466
+ <param pos="0" name="os.vendor" value="Grandstream"/>
467
+ <param pos="0" name="os.product" value="GXP1628 Firmware"/>
468
+ <param pos="1" name="os.version"/>
469
+ <param pos="0" name="os.device" value="SIP Device"/>
470
+ <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:gxp1628_firmware:{os.version}"/>
471
+ <param pos="0" name="hw.vendor" value="Grandstream"/>
472
+ <param pos="0" name="hw.product" value="GXP1628"/>
473
+ <param pos="0" name="hw.device" value="SIP Device"/>
474
+ <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:gxp1628:-"/>
475
+ </fingerprint>
476
+
477
+ <fingerprint pattern="^Grandstream GXP1625 ([\d.]+)$">
478
+ <description>Grandstream GXP SIP Phone GXP1625</description>
479
+ <example os.version="1.0.4.128">Grandstream GXP1625 1.0.4.128</example>
480
+ <param pos="0" name="os.vendor" value="Grandstream"/>
481
+ <param pos="0" name="os.product" value="GXP1625 Firmware"/>
482
+ <param pos="1" name="os.version"/>
483
+ <param pos="0" name="os.device" value="SIP Device"/>
484
+ <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:gxp1625_firmware:{os.version}"/>
485
+ <param pos="0" name="hw.vendor" value="Grandstream"/>
486
+ <param pos="0" name="hw.product" value="GXP1625"/>
487
+ <param pos="0" name="hw.device" value="SIP Device"/>
488
+ <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:gxp1625:-"/>
489
+ </fingerprint>
490
+
491
+ <fingerprint pattern="^Grandstream GXP1615 ([\d.]+)$">
492
+ <description>Grandstream GXP SIP Phone GXP1615</description>
493
+ <example os.version="1.0.4.128">Grandstream GXP1615 1.0.4.128</example>
494
+ <param pos="0" name="os.vendor" value="Grandstream"/>
495
+ <param pos="0" name="os.product" value="GXP1615 Firmware"/>
496
+ <param pos="1" name="os.version"/>
497
+ <param pos="0" name="os.device" value="SIP Device"/>
498
+ <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:gxp1615_firmware:{os.version}"/>
499
+ <param pos="0" name="hw.vendor" value="Grandstream"/>
500
+ <param pos="0" name="hw.product" value="GXP1615"/>
501
+ <param pos="0" name="hw.device" value="SIP Device"/>
502
+ <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:gxp1615:-"/>
503
+ </fingerprint>
504
+
505
+ <fingerprint pattern="^Grandstream GXP1610 ([\d.]+)$">
506
+ <description>Grandstream GXP SIP Phone GXP1610</description>
507
+ <example os.version="1.0.4.138">Grandstream GXP1610 1.0.4.138</example>
508
+ <param pos="0" name="os.vendor" value="Grandstream"/>
509
+ <param pos="0" name="os.product" value="GXP1610 Firmware"/>
510
+ <param pos="1" name="os.version"/>
511
+ <param pos="0" name="os.device" value="SIP Device"/>
512
+ <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:gxp1610_firmware:{os.version}"/>
513
+ <param pos="0" name="hw.vendor" value="Grandstream"/>
514
+ <param pos="0" name="hw.product" value="GXP1610"/>
515
+ <param pos="0" name="hw.device" value="SIP Device"/>
516
+ <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:gxp1610:-"/>
517
+ </fingerprint>
518
+
519
+ <!-- Grandstream GXP catchall for when CPEs aren't required for vuln mapping-->
520
+
521
+ <fingerprint pattern="^Grandstream (GXP\d\d\d\d) ([\d.]+)$">
522
+ <description>Grandstream GXP SIP Phone</description>
523
+ <example hw.product="GXP2135" os.version="1.0.9.108">Grandstream GXP2135 1.0.9.108</example>
524
+ <param pos="0" name="os.vendor" value="Grandstream"/>
525
+ <param pos="0" name="os.product" value="{hw.product} Firmware"/>
526
+ <param pos="2" name="os.version"/>
527
+ <param pos="0" name="os.device" value="SIP Device"/>
528
+ <param pos="0" name="hw.vendor" value="Grandstream"/>
529
+ <param pos="1" name="hw.product"/>
530
+ <param pos="0" name="hw.device" value="SIP Device"/>
531
+ </fingerprint>
532
+
533
+ <fingerprint pattern="^FortiVoice/([\w.-]+)$">
534
+ <description>Fortinet FortiVoice</description>
535
+ <example service.version="7.31b00">FortiVoice/7.31b00</example>
536
+ <example service.version="5.2.95-5">FortiVoice/5.2.95-5</example>
537
+ <param pos="0" name="service.vendor" value="Fortinet"/>
538
+ <param pos="0" name="service.product" value="FortiVoice"/>
539
+ <param pos="0" name="service.device" value="SIP Gateway"/>
540
+ <param pos="1" name="service.version"/>
541
+ <param pos="0" name="service.cpe23" value="cpe:/a:fortinet:fortivoice:{service.version}"/>
542
+ <param pos="0" name="hw.vendor" value="Fortinet"/>
543
+ <param pos="0" name="hw.family" value="FortiVoice"/>
544
+ <param pos="0" name="hw.device" value="SIP Gateway"/>
545
+ </fingerprint>
546
+
547
+ <fingerprint pattern="^FreeSWITCH$">
548
+ <description>FreeSWITCH FreeSWITCH without version</description>
549
+ <example>FreeSWITCH</example>
550
+ <param pos="0" name="service.vendor" value="FreeSWITCH"/>
551
+ <param pos="0" name="service.product" value="FreeSWITCH"/>
552
+ <param pos="0" name="service.device" value="SIP Gateway"/>
553
+ <param pos="0" name="service.cpe23" value="cpe:/a:freeswitch:freeswitch:-"/>
554
+ </fingerprint>
555
+
556
+ <fingerprint pattern="^FreeSWITCH-mod_sofia/([\d.]+)">
557
+ <description>FreeSWITCH FreeSWITCH with version, mod_sofia</description>
558
+ <example service.version="1.10.4">FreeSWITCH-mod_sofia/1.10.4-release+git~20200805T110119Z~133fc2c870~64bit</example>
559
+ <example service.version="1.6.20">FreeSWITCH-mod_sofia/1.6.20~64bit</example>
560
+ <param pos="0" name="service.vendor" value="FreeSWITCH"/>
561
+ <param pos="0" name="service.product" value="FreeSWITCH"/>
562
+ <param pos="1" name="service.version"/>
563
+ <param pos="0" name="service.device" value="SIP Gateway"/>
564
+ <param pos="0" name="service.cpe23" value="cpe:/a:freeswitch:freeswitch:{service.version}"/>
565
+ </fingerprint>
566
+
248
567
  </fingerprints>
@@ -40,7 +40,7 @@
40
40
  <fingerprint pattern="^Samba (\d\.\d+.\d+\w*)">
41
41
  <description>Samba</description>
42
42
  <example>Samba 3.0.24</example>
43
- <example>Samba 3.0.28a</example>
43
+ <example service.version="3.0.28a">Samba 3.0.28a</example>
44
44
  <example>Samba 3.0.32-0.2-2210-SUSE-SL10.3</example>
45
45
  <example>Samba 3.6.3</example>
46
46
  <example>Samba 3.6.6</example>
@@ -51,6 +51,20 @@
51
51
  <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
52
52
  </fingerprint>
53
53
 
54
+ <fingerprint pattern="^Samba (?:Samba )?for GuardianOS v\.?(\d\.[\d.]+)$">
55
+ <description>Samba on a SnapServer appliance</description>
56
+ <example os.version="4.3.007.200609131215">Samba Samba for GuardianOS v4.3.007.200609131215</example>
57
+ <example os.version="5.0.133.200807301131">Samba Samba for GuardianOS v5.0.133.200807301131</example>
58
+ <example os.version="7.7.220">Samba for GuardianOS v.7.7.220</example>
59
+ <param pos="0" name="service.vendor" value="Samba"/>
60
+ <param pos="0" name="service.product" value="Samba"/>
61
+ <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:-"/>
62
+ <param pos="0" name="os.vendor" value="SnapServer"/>
63
+ <param pos="0" name="os.family" value="Linux"/>
64
+ <param pos="0" name="os.product" value="GuardianOS"/>
65
+ <param pos="1" name="os.version"/>
66
+ </fingerprint>
67
+
54
68
  <fingerprint pattern="^Netreon LANMAN 1.0$">
55
69
  <description>Netreon SAN software</description>
56
70
  <example>Netreon LANMAN 1.0</example>
@@ -67,4 +81,21 @@
67
81
  <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:-"/>
68
82
  </fingerprint>
69
83
 
84
+ <fingerprint pattern="^NQ (\d\.\d+)$">
85
+ <description>Visuality Systems NQ Enterprise Storage SMB stack</description>
86
+ <example service.version="7.3">NQ 7.3</example>
87
+ <example service.version="4.32">NQ 4.32</example>
88
+ <param pos="0" name="service.vendor" value="Visuality Systems"/>
89
+ <param pos="0" name="service.product" value="NQ"/>
90
+ <param pos="1" name="service.version"/>
91
+ </fingerprint>
92
+
93
+ <fingerprint pattern="^YNQ (\d\.[\d.]+)$">
94
+ <description>Visuality Systems YNQ Storage SMB stack</description>
95
+ <example service.version="1.2.1">YNQ 1.2.1</example>
96
+ <param pos="0" name="service.vendor" value="Visuality Systems"/>
97
+ <param pos="0" name="service.product" value="YNQ"/>
98
+ <param pos="1" name="service.version"/>
99
+ </fingerprint>
100
+
70
101
  </fingerprints>
@@ -2,6 +2,9 @@
2
2
  <fingerprints matches="smb.native_os" protocol="smb" database_type="util.os">
3
3
  <!--
4
4
  SMB fingerprints obtained from the Native OS field of SMB negotations
5
+ NOTE: os.version is used to capture Service Pack for Microsoft Windows.
6
+ This is inconsistent with other OSs and CPE generation and should
7
+ be reviewed for correction.
5
8
  -->
6
9
 
7
10
  <fingerprint pattern="^(Windows NT \d\.\d+)$">
@@ -39,6 +42,14 @@
39
42
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:-"/>
40
43
  </fingerprint>
41
44
 
45
+ <fingerprint pattern="^Windows 6.1$">
46
+ <description>Spoofed value often used by Samba -- assert nothing.</description>
47
+ <example>Windows 6.1</example>
48
+ <param pos="0" name="hw.certainty" value="0.0"/>
49
+ <param pos="0" name="os.certainty" value="0.0"/>
50
+ <param pos="0" name="service.certainty" value="0.0"/>
51
+ </fingerprint>
52
+
42
53
  <fingerprint pattern="^Windows XP (\d+) (Service Pack \d+)$">
43
54
  <description>Windows XP with Service Pack</description>
44
55
  <example os.build="2600" os.version="Service Pack 1">Windows XP 2600 Service Pack 1</example>
@@ -195,7 +206,7 @@
195
206
  <!-- TODO: Need an example string -->
196
207
 
197
208
  <fingerprint pattern="^Windows \(R\) Storage Server 2008 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
198
- <description>Windows Web Server 2008 Storage</description>
209
+ <description>Windows Server 2008 Storage</description>
199
210
  <param pos="0" name="os.certainty" value="1.0"/>
200
211
  <param pos="0" name="os.vendor" value="Microsoft"/>
201
212
  <param pos="0" name="os.product" value="Windows Server 2008"/>
@@ -216,8 +227,6 @@
216
227
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
217
228
  </fingerprint>
218
229
 
219
- <!-- TODO: Need an example string -->
220
-
221
230
  <fingerprint pattern="^Windows Server 2008 HPC Edition (\d+)$">
222
231
  <description>Windows Web Server 2008 HPC</description>
223
232
  <example>Windows Server 2008 HPC Edition 7600</example>
@@ -257,30 +266,6 @@
257
266
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
258
267
  </fingerprint>
259
268
 
260
- <fingerprint pattern="^Windows Server 2016(?: Technical Preview \d+)? (\w+|\w+ \w+|\w+ \w+ \w+)(?: Evaluation)? (\d+)$">
261
- <description>Windows Server 2016 with a build, without service pack</description>
262
- <example os.edition="Datacenter" os.build="14393">Windows Server 2016 Datacenter 14393</example>
263
- <example os.edition="Standard" os.build="14393">Windows Server 2016 Standard Evaluation 14393</example>
264
- <example os.edition="Essentials" os.build="10586">Windows Server 2016 Technical Preview 4 Essentials 10586</example>
265
- <param pos="0" name="os.certainty" value="1.0"/>
266
- <param pos="0" name="os.vendor" value="Microsoft"/>
267
- <param pos="0" name="os.product" value="Windows Server 2016"/>
268
- <param pos="1" name="os.edition"/>
269
- <param pos="2" name="os.build"/>
270
- <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
271
- </fingerprint>
272
-
273
- <fingerprint pattern="^Windows Storage Server 2016 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
274
- <description>Windows Server 2016 Storage</description>
275
- <example os.build="14393">Windows Storage Server 2016 Standard 14393</example>
276
- <param pos="0" name="os.certainty" value="1.0"/>
277
- <param pos="0" name="os.vendor" value="Microsoft"/>
278
- <param pos="0" name="os.product" value="Windows Server 2016"/>
279
- <param pos="0" name="os.edition" value="Storage"/>
280
- <param pos="1" name="os.build"/>
281
- <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
282
- </fingerprint>
283
-
284
269
  <fingerprint pattern="^Windows Web Server 2008 R2 (\d+) (Service Pack \d+)$">
285
270
  <description>Windows Server 2008 R2 Web</description>
286
271
  <example os.version="Service Pack 1">Windows Web Server 2008 R2 7601 Service Pack 1</example>
@@ -316,6 +301,81 @@
316
301
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
317
302
  </fingerprint>
318
303
 
304
+ <fingerprint pattern="^Hyper-V Server 7601 Service Pack 1$">
305
+ <description>Windows Server 2008 R2 Hyper-V</description>
306
+ <example>Hyper-V Server 7601 Service Pack 1</example>
307
+ <param pos="0" name="os.certainty" value="1.0"/>
308
+ <param pos="0" name="os.vendor" value="Microsoft"/>
309
+ <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
310
+ <param pos="0" name="os.edition" value="Hyper-V"/>
311
+ <param pos="0" name="os.build" value="7601"/>
312
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
313
+ </fingerprint>
314
+
315
+ <!-- Windows 2019 -->
316
+
317
+ <fingerprint pattern="^Windows Server 2019 (\w+|\w+ \w+|\w+ \w+ \w+)(?: Evaluation)? (\d+)$">
318
+ <description>Windows Server 2019 with a build, without service pack</description>
319
+ <example os.build="17763" os.edition="Standard">Windows Server 2019 Standard 17763</example>
320
+ <example os.build="17763" os.edition="Standard">Windows Server 2019 Standard Evaluation 17763</example>
321
+ <example os.build="17763" os.edition="Datacenter">Windows Server 2019 Datacenter 17763</example>
322
+ <example os.build="17763" os.edition="Essentials">Windows Server 2019 Essentials 17763</example>
323
+ <param pos="0" name="os.certainty" value="1.0"/>
324
+ <param pos="0" name="os.vendor" value="Microsoft"/>
325
+ <param pos="0" name="os.product" value="Windows Server 2019"/>
326
+ <param pos="1" name="os.edition"/>
327
+ <param pos="2" name="os.build"/>
328
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2019:-"/>
329
+ </fingerprint>
330
+
331
+ <fingerprint pattern="^Hyper-V Server 2019 (\d+)$">
332
+ <description>Windows Server 2019 Hyper-V</description>
333
+ <example os.build="17763">Hyper-V Server 2019 17763</example>
334
+ <param pos="0" name="os.certainty" value="1.0"/>
335
+ <param pos="0" name="os.vendor" value="Microsoft"/>
336
+ <param pos="0" name="os.product" value="Windows Server 2019"/>
337
+ <param pos="0" name="os.edition" value="Hyper-V"/>
338
+ <param pos="1" name="os.build"/>
339
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2019:-"/>
340
+ </fingerprint>
341
+
342
+ <!-- Windows 2016 -->
343
+
344
+ <fingerprint pattern="^Windows Server 2016(?: Technical Preview \d+)? (\w+|\w+ \w+|\w+ \w+ \w+)(?: Evaluation)? (\d+)$">
345
+ <description>Windows Server 2016 with a build, without service pack</description>
346
+ <example os.edition="Datacenter" os.build="14393">Windows Server 2016 Datacenter 14393</example>
347
+ <example os.edition="Standard" os.build="14393">Windows Server 2016 Standard Evaluation 14393</example>
348
+ <example os.edition="Essentials" os.build="10586">Windows Server 2016 Technical Preview 4 Essentials 10586</example>
349
+ <param pos="0" name="os.certainty" value="1.0"/>
350
+ <param pos="0" name="os.vendor" value="Microsoft"/>
351
+ <param pos="0" name="os.product" value="Windows Server 2016"/>
352
+ <param pos="1" name="os.edition"/>
353
+ <param pos="2" name="os.build"/>
354
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
355
+ </fingerprint>
356
+
357
+ <fingerprint pattern="^Windows Storage Server 2016 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
358
+ <description>Windows Server 2016 Storage</description>
359
+ <example os.build="14393">Windows Storage Server 2016 Standard 14393</example>
360
+ <param pos="0" name="os.certainty" value="1.0"/>
361
+ <param pos="0" name="os.vendor" value="Microsoft"/>
362
+ <param pos="0" name="os.product" value="Windows Server 2016"/>
363
+ <param pos="0" name="os.edition" value="Storage"/>
364
+ <param pos="1" name="os.build"/>
365
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
366
+ </fingerprint>
367
+
368
+ <fingerprint pattern="^Hyper-V Server 2016 (\d+)$">
369
+ <description>Windows Server 2016 Hyper-V</description>
370
+ <example os.build="14393">Hyper-V Server 2016 14393</example>
371
+ <param pos="0" name="os.certainty" value="1.0"/>
372
+ <param pos="0" name="os.vendor" value="Microsoft"/>
373
+ <param pos="0" name="os.product" value="Windows Server 2016"/>
374
+ <param pos="0" name="os.edition" value="Hyper-V"/>
375
+ <param pos="1" name="os.build"/>
376
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
377
+ </fingerprint>
378
+
319
379
  <fingerprint pattern="^Windows Vista \(TM\) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
320
380
  <description>Windows Vista (SP)</description>
321
381
  <example os.edition="Home Premium" os.version="Service Pack 2">Windows Vista (TM) Home Premium 6002 Service Pack 2</example>
@@ -385,10 +445,9 @@
385
445
 
386
446
  <!-- Windows 2012 R2 matches go first to simplify the regular expressions -->
387
447
 
388
- <!-- TODO: Need an example string -->
389
-
390
448
  <fingerprint pattern="^Windows Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
391
449
  <description>Windows Server 2012 R2 (SP)</description>
450
+ <example os.build="9600" os.edition="Standard" os.version="Service Pack 1">Windows Server 2012 R2 Standard 9600 Service Pack 1</example>
392
451
  <param pos="0" name="os.certainty" value="1.0"/>
393
452
  <param pos="0" name="os.vendor" value="Microsoft"/>
394
453
  <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
@@ -400,7 +459,7 @@
400
459
 
401
460
  <fingerprint pattern="^Windows Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
402
461
  <description>Windows Server 2012 R2</description>
403
- <example os.edition="Standard">Windows Server 2012 R2 Standard 9600</example>
462
+ <example os.build="9600" os.edition="Standard">Windows Server 2012 R2 Standard 9600</example>
404
463
  <param pos="0" name="os.certainty" value="1.0"/>
405
464
  <param pos="0" name="os.vendor" value="Microsoft"/>
406
465
  <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
@@ -409,10 +468,35 @@
409
468
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
410
469
  </fingerprint>
411
470
 
412
- <!-- TODO: Need an example string -->
471
+ <fingerprint pattern="^Windows Storage Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
472
+ <description>Windows Server 2012 R2 Storage</description>
473
+ <example os.build="9600" os.edition="Standard">Windows Storage Server 2012 R2 Standard 9600</example>
474
+ <example os.build="9600" os.edition="Workgroup">Windows Storage Server 2012 R2 Workgroup 9600</example>
475
+ <example os.build="9600" os.edition="Essentials">Windows Storage Server 2012 R2 Essentials 9600</example>
476
+ <param pos="0" name="os.certainty" value="1.0"/>
477
+ <param pos="0" name="os.vendor" value="Microsoft"/>
478
+ <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
479
+ <param pos="1" name="os.edition"/>
480
+ <param pos="2" name="os.build"/>
481
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
482
+ </fingerprint>
483
+
484
+ <fingerprint pattern="^Hyper-V Server 2012 R2 (\d+)$">
485
+ <description>Windows Server 2012 R2 Hyper-V</description>
486
+ <example os.build="9600">Hyper-V Server 2012 R2 9600</example>
487
+ <param pos="0" name="os.certainty" value="1.0"/>
488
+ <param pos="0" name="os.vendor" value="Microsoft"/>
489
+ <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
490
+ <param pos="0" name="os.edition" value="Hyper-V"/>
491
+ <param pos="1" name="os.build"/>
492
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
493
+ </fingerprint>
494
+
495
+ <!-- Windows 2012 -->
413
496
 
414
497
  <fingerprint pattern="^Windows Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
415
498
  <description>Windows Server 2012 (SP)</description>
499
+ <example os.build="9200" os.edition="Standard" os.version="Service Pack 1">Windows Server 2012 Standard 9200 Service Pack 1</example>
416
500
  <param pos="0" name="os.certainty" value="1.0"/>
417
501
  <param pos="0" name="os.vendor" value="Microsoft"/>
418
502
  <param pos="0" name="os.product" value="Windows Server 2012"/>
@@ -433,6 +517,29 @@
433
517
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
434
518
  </fingerprint>
435
519
 
520
+ <fingerprint pattern="^Windows Storage Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
521
+ <description>Windows Server 2012 Storage</description>
522
+ <example os.build="9200" os.edition="Standard">Windows Storage Server 2012 Standard 9200</example>
523
+ <example os.build="9200" os.edition="Workgroup">Windows Storage Server 2012 Workgroup 9200</example>
524
+ <param pos="0" name="os.certainty" value="1.0"/>
525
+ <param pos="0" name="os.vendor" value="Microsoft"/>
526
+ <param pos="0" name="os.product" value="Windows Server 2012"/>
527
+ <param pos="1" name="os.edition"/>
528
+ <param pos="2" name="os.build"/>
529
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
530
+ </fingerprint>
531
+
532
+ <fingerprint pattern="^Hyper-V Server 2012 (\d+)$">
533
+ <description>Windows Server 2012 Hyper-V</description>
534
+ <example os.build="9200">Hyper-V Server 2012 9200</example>
535
+ <param pos="0" name="os.certainty" value="1.0"/>
536
+ <param pos="0" name="os.vendor" value="Microsoft"/>
537
+ <param pos="0" name="os.product" value="Windows Server 2012"/>
538
+ <param pos="0" name="os.edition" value="Hyper-V"/>
539
+ <param pos="1" name="os.build"/>
540
+ <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
541
+ </fingerprint>
542
+
436
543
  <fingerprint pattern="^Windows MultiPoint Server 2012 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
437
544
  <description>Windows MultiPoint Server 2012 (SP)</description>
438
545
  <example os.build="9201" os.version="Service Pack 1">Windows MultiPoint Server 2012 Premium 9201 Service Pack 1</example>
@@ -487,7 +594,7 @@
487
594
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_10:-"/>
488
595
  </fingerprint>
489
596
 
490
- <fingerprint pattern="^VxWorks">
597
+ <fingerprint pattern="^VxWorks$">
491
598
  <description>VxWorks</description>
492
599
  <example>VxWorks</example>
493
600
  <param pos="0" name="os.certainty" value="0.5"/>
@@ -498,9 +605,10 @@
498
605
  <param pos="0" name="service.product" value="VxWorks CIFS"/>
499
606
  </fingerprint>
500
607
 
501
- <fingerprint pattern="^OS/400 \D(\d+)\D(\d+)\D(\d+)">
608
+ <fingerprint pattern="^OS/?400 \D(\d+)\D(\d+)\D(\d+)$">
502
609
  <description>OS/400</description>
503
610
  <example os.version="4" os.version.version="5" os.version.version.version="0">OS/400 V4R5M0</example>
611
+ <example os.version="5" os.version.version="4" os.version.version.version="5">OS400 V5R4M5</example>
504
612
  <param pos="0" name="os.vendor" value="IBM"/>
505
613
  <param pos="0" name="os.product" value="OS/400"/>
506
614
  <param pos="1" name="os.version"/>
@@ -509,6 +617,17 @@
509
617
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:{os.version}"/>
510
618
  </fingerprint>
511
619
 
620
+ <fingerprint pattern="^I5OS \D(\d+)\D(\d+)\D(\d+)$">
621
+ <description>IBM i5/OS</description>
622
+ <example os.version="6" os.version.version="1" os.version.version.version="1">I5OS V6R1M1</example>
623
+ <param pos="0" name="os.vendor" value="IBM"/>
624
+ <param pos="0" name="os.product" value="i5/OS"/>
625
+ <param pos="1" name="os.version"/>
626
+ <param pos="2" name="os.version.version"/>
627
+ <param pos="3" name="os.version.version.version"/>
628
+ <param pos="0" name="os.cpe23" value="cpe:/o:ibm:i5os:{os.version}"/>
629
+ </fingerprint>
630
+
512
631
  <fingerprint pattern="^Apple Base Station$">
513
632
  <description>SMB exposed via SMB shared USB disks on Apple devices</description>
514
633
  <example>Apple Base Station</example>
@@ -538,6 +657,14 @@
538
657
  <param pos="0" name="service.vendor" value="Netreon"/>
539
658
  </fingerprint>
540
659
 
660
+ <fingerprint pattern="^QTS$">
661
+ <description>QNAP QTS</description>
662
+ <example>QTS</example>
663
+ <param pos="0" name="os.vendor" value="QNAP"/>
664
+ <param pos="0" name="os.product" value="QTS"/>
665
+ <param pos="0" name="os.cpe23" value="cpe:/o:qnap:qts:-"/>
666
+ </fingerprint>
667
+
541
668
  <!-- VisionFS -->
542
669
 
543
670
  <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)ai(\d{4})">