recog 2.3.17 → 2.3.21

data/xml/sip_user_agents.xml

@@ -4,6 +4,95 @@
   SIP User Agent header values are matched against these patterns to fingerprint SIP devices.
   -->
 
+  <!-- Generic high volume matches -->
+
+  <fingerprint pattern="^SIP/2.0$">
+    <description>Generic SIP/2.0 response -- assert nothing.</description>
+    <example>SIP/2.0</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
+  </fingerprint>
+
+  <fingerprint pattern="^TP-Link SIP Stack V1.0.0$">
+    <description>TP-Link SIP enabled device</description>
+    <example>TP-Link SIP Stack V1.0.0</example>
+    <param pos="0" name="hw.vendor" value="TP-LINK"/>
+  </fingerprint>
+
+  <fingerprint pattern="^DLink VoIP Stack$">
+    <description>DLink SIP enabled device</description>
+    <example>DLink VoIP Stack</example>
+    <param pos="0" name="hw.vendor" value="D-Link"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Home&amp;Life HUB/([\d.]+)$">
+    <description>Zyxel home routers</description>
+    <example>Home&amp;Life HUB/1.1.26.00</example>
+    <param pos="0" name="os.vendor" value="Zyxel"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="Router"/>
+    <param pos="0" name="hw.vendor" value="Zyxel"/>
+    <param pos="0" name="hw.device" value="Router"/>
+  </fingerprint>
+
+  <!-- Technicolor devices -->
+
+  <fingerprint pattern="^Technicolor / VANT-6 / AGTOT_([\d.]+) / AGTOT_[\d.]+$">
+    <description>Technicolor TG789vac Router</description>
+    <example os.version="2.1.4">Technicolor / VANT-6 / AGTOT_2.1.4 / AGTOT_2.1.4</example>
+    <param pos="0" name="os.vendor" value="Technicolor"/>
+    <param pos="0" name="os.device" value="Router"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="Technicolor"/>
+    <param pos="0" name="hw.product" value="TG789vac"/>
+    <param pos="0" name="hw.device" value="Router"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:technicolor:tg789vac:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Technicolor / VANT-6$">
+    <description>Technicolor TG789vac Router w/o version string</description>
+    <example>Technicolor / VANT-6</example>
+    <param pos="0" name="os.vendor" value="Technicolor"/>
+    <param pos="0" name="os.device" value="Router"/>
+    <param pos="0" name="hw.vendor" value="Technicolor"/>
+    <param pos="0" name="hw.product" value="TG789vac"/>
+    <param pos="0" name="hw.device" value="Router"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:technicolor:tg789vac:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^(?:Technicolor|MediaAccess) (TG[\w]+) (?:v\d )?Build (\d+\.[\w.-]+)(?: CP\w+)?$">
+    <description>Technicolor TGxxx Router with build info</description>
+    <example hw.product="TG784n" os.version="10.2.1.O">Technicolor TG784n v3 Build 10.2.1.O</example>
+    <example hw.product="TG789vn" os.version="10.5.2.Z.EC">Technicolor TG789vn v3 Build 10.5.2.Z.EC</example>
+    <example>MediaAccess TG789vac v2 Build 10.5.8.Y.GX CP1916SAQHD</example>
+    <example hw.product="TG799vn" os.version="10.5.2.T.JF">Technicolor TG799vn v2 Build 10.5.2.T.JF</example>
+    <example hw.product="TG788vn" os.version="10.5.2.S.GD">MediaAccess TG788vn v2 Build 10.5.2.S.GD</example>
+    <example hw.product="TG799vac" os.version="17.2.0405-1021">MediaAccess TG799vac Build 17.2.0405-1021</example>
+    <example hw.product="TG389">MediaAccess TG389 Build 10.5.2.T.AQ</example>
+    <param pos="0" name="os.vendor" value="Technicolor"/>
+    <param pos="0" name="os.device" value="Router"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="Technicolor"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="Router"/>
+  </fingerprint>
+
+  <!-- Thomson was an older name for Technicolor-->
+
+  <fingerprint pattern="^Thomson (TG[\w]+) (?:v\d )?Build (\d+\.[\w.-]+)(?: CP\w+)?$">
+    <description>Thomson TGxxx Router with build info</description>
+    <example hw.product="TG784" os.version="8.4.2.Q">Thomson TG784 Build 8.4.2.Q</example>
+    <example hw.product="TG784n" os.version="8.4.H.F">Thomson TG784n Build 8.4.H.F</example>
+    <example hw.product="TG797n" os.version="8.C.D.9">Thomson TG797n v2 Build 8.C.D.9</example>
+    <param pos="0" name="os.vendor" value="Thomson"/>
+    <param pos="0" name="os.device" value="Router"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="Thomson"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="Router"/>
+  </fingerprint>
+
   <!-- Axis devices -->
 
   <fingerprint pattern="(?i)^AXIS (\S+) Network Video Door Station$">
@@ -43,10 +132,12 @@
   <!-- AVM.DE Devices -->
 
   <fingerprint pattern="^FRITZ!OS$">
-    <description>AVM FritzOS Device</description>
+    <description>AVM Fritz!OS Device</description>
     <example>FRITZ!OS</example>
     <param pos="0" name="os.vendor" value="AVM"/>
-    <param pos="0" name="os.product" value="FRITZ!BOX"/>
+    <param pos="0" name="os.product" value="FRITZ!OS"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:avm:fritz\!os:-"/>
+    <param pos="0" name="hw.vendor" value="AVM"/>
   </fingerprint>
 
   <fingerprint pattern="^(?:AVM )?(FRITZ!Box .*) +(\d+\.\d+\.\d+)">
@@ -67,6 +158,8 @@
     <param pos="0" name="os.family" value="FRITZ!Box"/>
     <param pos="1" name="os.product"/>
     <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="AVM"/>
+    <param pos="0" name="hw.family" value="FRITZ!Box"/>
   </fingerprint>
 
   <fingerprint pattern="^(?:AVM )?(FRITZ!Fon .*) +(\d+\.\d+\.\d+)">
@@ -77,15 +170,19 @@
     <param pos="0" name="os.family" value="FRITZ!Fon"/>
     <param pos="1" name="os.product"/>
     <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="AVM"/>
+    <param pos="0" name="hw.family" value="FRITZ!Fon"/>
   </fingerprint>
 
   <fingerprint pattern="^(?:AVM )?(Multibox .*) +(\d+\.\d+\.\d+)">
-    <description>AVM Multibox</description>
+    <description>AVM Multibox - Generic</description>
     <example>AVM Multibox 7390 NGN 84.05.09 (Jan 13 2012)</example>
     <param pos="0" name="os.vendor" value="AVM"/>
     <param pos="0" name="os.family" value="Multibox"/>
     <param pos="1" name="os.product"/>
     <param pos="2" name="os.version"/>
+    <param pos="0" name="hw.vendor" value="AVM"/>
+    <param pos="1" name="hw.product"/>
   </fingerprint>
 
   <!-- Huawei devices -->
@@ -196,7 +293,7 @@
     <param pos="2" name="hw.version"/>
   </fingerprint>
 
-  <fingerprint pattern="^Nero SIPPS IP Phone Version ([\d\.]+)+$">
+  <fingerprint pattern="^Nero SIPPS IP Phone Version ([\d\.]+)$">
     <description>Nero SIPPS IP Phone</description>
     <example service.version="2.0.51.16">Nero SIPPS IP Phone Version 2.0.51.16</example>
     <param pos="0" name="service.vendor" value="Nero"/>
@@ -245,4 +342,226 @@
     <param pos="1" name="hw.product"/>
   </fingerprint>
 
+  <!-- Grandstream -->
+
+  <!-- The next few fingerprints could be merged but are split to enable CPEs -->
+
+  <fingerprint pattern="^Grandstream HT818 ([\d.]+)$">
+    <description>Grandstream Handy Tone HT818</description>
+    <example os.version="1.0.8.7">Grandstream HT818 1.0.8.7</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="HT818 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht818_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="HT818"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht818:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Grandstream HT814 ([\d.]+)$">
+    <description>Grandstream Handy Tone HT814</description>
+    <example os.version="1.0.9.3">Grandstream HT814 1.0.9.3</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="HT814 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht814_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="HT814"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht814:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Grandstream HT813 ([\d.]+)$">
+    <description>Grandstream Handy Tone HT813</description>
+    <example os.version="1.0.1.2">Grandstream HT813 1.0.1.2</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="HT813 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht813_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="HT813"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht813:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Grandstream HT812 ([\d.]+)$">
+    <description>Grandstream Handy Tone HT812</description>
+    <example os.version="1.0.3.5">Grandstream HT812 1.0.3.5</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="HT812 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht812_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="HT812"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht812:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Grandstream HT802 ([\d.]+)$">
+    <description>Grandstream Handy Tone HT802</description>
+    <example os.version="1.0.3.2">Grandstream HT802 1.0.3.2</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="HT802 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht802_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="HT802"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht802:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Grandstream HT801 ([\d.]+)$">
+    <description>Grandstream Handy Tone HT801</description>
+    <example os.version="1.0.3.2">Grandstream HT801 1.0.3.2</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="HT801 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:ht801_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="HT801"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:ht801:-"/>
+  </fingerprint>
+
+  <!-- Grandstream Handy Tone catchall for when CPEs aren't required for vuln mapping-->
+
+  <fingerprint pattern="^Grandstream (HT7\d\d) ([\d.]+)$">
+    <description>Grandstream Handy Tone HT7xx</description>
+    <example hw.product="HT701" os.version="1.0.8.2">Grandstream HT701 1.0.8.2</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="{hw.product} Firmware"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Gateway"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+  </fingerprint>
+
+  <!-- The next few fingerprints could be merged but are split to enable CPEs -->
+
+  <fingerprint pattern="^Grandstream GXP2200 ([\d.]+)$">
+    <description>Grandstream GXP SIP Phone GXP2200</description>
+    <example os.version="1.0.3.27">Grandstream GXP2200 1.0.3.27</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="GXP2200 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Device"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:gxp2200_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="GXP2200"/>
+    <param pos="0" name="hw.device" value="SIP Device"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:gxp2200:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Grandstream GXP1628 ([\d.]+)$">
+    <description>Grandstream GXP SIP Phone GXP1628</description>
+    <example os.version="1.0.7.6">Grandstream GXP1628 1.0.7.6</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="GXP1628 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Device"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:gxp1628_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="GXP1628"/>
+    <param pos="0" name="hw.device" value="SIP Device"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:gxp1628:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Grandstream GXP1625 ([\d.]+)$">
+    <description>Grandstream GXP SIP Phone GXP1625</description>
+    <example os.version="1.0.4.128">Grandstream GXP1625 1.0.4.128</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="GXP1625 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Device"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:gxp1625_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="GXP1625"/>
+    <param pos="0" name="hw.device" value="SIP Device"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:gxp1625:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Grandstream GXP1615 ([\d.]+)$">
+    <description>Grandstream GXP SIP Phone GXP1615</description>
+    <example os.version="1.0.4.128">Grandstream GXP1615 1.0.4.128</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="GXP1615 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Device"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:gxp1615_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="GXP1615"/>
+    <param pos="0" name="hw.device" value="SIP Device"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:gxp1615:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Grandstream GXP1610 ([\d.]+)$">
+    <description>Grandstream GXP SIP Phone GXP1610</description>
+    <example os.version="1.0.4.138">Grandstream GXP1610 1.0.4.138</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="GXP1610 Firmware"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Device"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:grandstream:gxp1610_firmware:{os.version}"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="0" name="hw.product" value="GXP1610"/>
+    <param pos="0" name="hw.device" value="SIP Device"/>
+    <param pos="0" name="hw.cpe23" value="cpe:/h:grandstream:gxp1610:-"/>
+  </fingerprint>
+
+  <!-- Grandstream GXP catchall for when CPEs aren't required for vuln mapping-->
+
+  <fingerprint pattern="^Grandstream (GXP\d\d\d\d) ([\d.]+)$">
+    <description>Grandstream GXP SIP Phone</description>
+    <example hw.product="GXP2135" os.version="1.0.9.108">Grandstream GXP2135 1.0.9.108</example>
+    <param pos="0" name="os.vendor" value="Grandstream"/>
+    <param pos="0" name="os.product" value="{hw.product} Firmware"/>
+    <param pos="2" name="os.version"/>
+    <param pos="0" name="os.device" value="SIP Device"/>
+    <param pos="0" name="hw.vendor" value="Grandstream"/>
+    <param pos="1" name="hw.product"/>
+    <param pos="0" name="hw.device" value="SIP Device"/>
+  </fingerprint>
+
+  <fingerprint pattern="^FortiVoice/([\w.-]+)$">
+    <description>Fortinet FortiVoice</description>
+    <example service.version="7.31b00">FortiVoice/7.31b00</example>
+    <example service.version="5.2.95-5">FortiVoice/5.2.95-5</example>
+    <param pos="0" name="service.vendor" value="Fortinet"/>
+    <param pos="0" name="service.product" value="FortiVoice"/>
+    <param pos="0" name="service.device" value="SIP Gateway"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:fortinet:fortivoice:{service.version}"/>
+    <param pos="0" name="hw.vendor" value="Fortinet"/>
+    <param pos="0" name="hw.family" value="FortiVoice"/>
+    <param pos="0" name="hw.device" value="SIP Gateway"/>
+  </fingerprint>
+
+  <fingerprint pattern="^FreeSWITCH$">
+    <description>FreeSWITCH FreeSWITCH without version</description>
+    <example>FreeSWITCH</example>
+    <param pos="0" name="service.vendor" value="FreeSWITCH"/>
+    <param pos="0" name="service.product" value="FreeSWITCH"/>
+    <param pos="0" name="service.device" value="SIP Gateway"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:freeswitch:freeswitch:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^FreeSWITCH-mod_sofia/([\d.]+)">
+    <description>FreeSWITCH FreeSWITCH with version, mod_sofia</description>
+    <example service.version="1.10.4">FreeSWITCH-mod_sofia/1.10.4-release+git~20200805T110119Z~133fc2c870~64bit</example>
+    <example service.version="1.6.20">FreeSWITCH-mod_sofia/1.6.20~64bit</example>
+    <param pos="0" name="service.vendor" value="FreeSWITCH"/>
+    <param pos="0" name="service.product" value="FreeSWITCH"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.device" value="SIP Gateway"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:freeswitch:freeswitch:{service.version}"/>
+  </fingerprint>
+
 </fingerprints>

data/xml/smb_native_lm.xml

@@ -40,7 +40,7 @@
   <fingerprint pattern="^Samba (\d\.\d+.\d+\w*)">
     <description>Samba</description>
     <example>Samba 3.0.24</example>
-    <example>Samba 3.0.28a</example>
+    <example service.version="3.0.28a">Samba 3.0.28a</example>
     <example>Samba 3.0.32-0.2-2210-SUSE-SL10.3</example>
     <example>Samba 3.6.3</example>
     <example>Samba 3.6.6</example>
@@ -51,6 +51,20 @@
     <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:{service.version}"/>
   </fingerprint>
 
+  <fingerprint pattern="^Samba (?:Samba )?for GuardianOS v\.?(\d\.[\d.]+)$">
+    <description>Samba on a SnapServer appliance</description>
+    <example os.version="4.3.007.200609131215">Samba Samba for GuardianOS v4.3.007.200609131215</example>
+    <example os.version="5.0.133.200807301131">Samba Samba for GuardianOS v5.0.133.200807301131</example>
+    <example os.version="7.7.220">Samba for GuardianOS v.7.7.220</example>
+    <param pos="0" name="service.vendor" value="Samba"/>
+    <param pos="0" name="service.product" value="Samba"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:samba:samba:-"/>
+    <param pos="0" name="os.vendor" value="SnapServer"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="GuardianOS"/>
+    <param pos="1" name="os.version"/>
+  </fingerprint>
+
   <fingerprint pattern="^Netreon LANMAN 1.0$">
     <description>Netreon SAN software</description>
     <example>Netreon LANMAN 1.0</example>
@@ -67,4 +81,21 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:-"/>
   </fingerprint>
 
+  <fingerprint pattern="^NQ (\d\.\d+)$">
+    <description>Visuality Systems NQ Enterprise Storage SMB stack</description>
+    <example service.version="7.3">NQ 7.3</example>
+    <example service.version="4.32">NQ 4.32</example>
+    <param pos="0" name="service.vendor" value="Visuality Systems"/>
+    <param pos="0" name="service.product" value="NQ"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+
+  <fingerprint pattern="^YNQ (\d\.[\d.]+)$">
+    <description>Visuality Systems YNQ Storage SMB stack</description>
+    <example service.version="1.2.1">YNQ 1.2.1</example>
+    <param pos="0" name="service.vendor" value="Visuality Systems"/>
+    <param pos="0" name="service.product" value="YNQ"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+
 </fingerprints>

data/xml/smb_native_os.xml

@@ -2,6 +2,9 @@
 <fingerprints matches="smb.native_os" protocol="smb" database_type="util.os">
   <!--
     SMB fingerprints obtained from the Native OS field of SMB negotations
+    NOTE: os.version is used to capture Service Pack for Microsoft Windows.
+          This is inconsistent with other OSs and CPE generation and should
+          be reviewed for correction.
   -->
 
   <fingerprint pattern="^(Windows NT \d\.\d+)$">
@@ -39,6 +42,14 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_xp:-"/>
   </fingerprint>
 
+  <fingerprint pattern="^Windows 6.1$">
+    <description>Spoofed value often used by Samba -- assert nothing.</description>
+    <example>Windows 6.1</example>
+    <param pos="0" name="hw.certainty" value="0.0"/>
+    <param pos="0" name="os.certainty" value="0.0"/>
+    <param pos="0" name="service.certainty" value="0.0"/>
+  </fingerprint>
+
   <fingerprint pattern="^Windows XP (\d+) (Service Pack \d+)$">
     <description>Windows XP with Service Pack</description>
     <example os.build="2600" os.version="Service Pack 1">Windows XP 2600 Service Pack 1</example>
@@ -195,7 +206,7 @@
   <!-- TODO: Need an example string -->
 
   <fingerprint pattern="^Windows \(R\) Storage Server 2008 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
-    <description>Windows Web Server 2008 Storage</description>
+    <description>Windows Server 2008 Storage</description>
     <param pos="0" name="os.certainty" value="1.0"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.product" value="Windows Server 2008"/>
@@ -216,8 +227,6 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
   </fingerprint>
 
-  <!-- TODO: Need an example string -->
-
   <fingerprint pattern="^Windows Server 2008 HPC Edition (\d+)$">
     <description>Windows Web Server 2008 HPC</description>
     <example>Windows Server 2008 HPC Edition 7600</example>
@@ -257,30 +266,6 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^Windows Server 2016(?: Technical Preview \d+)? (\w+|\w+ \w+|\w+ \w+ \w+)(?: Evaluation)? (\d+)$">
-    <description>Windows Server 2016 with a build, without service pack</description>
-    <example os.edition="Datacenter" os.build="14393">Windows Server 2016 Datacenter 14393</example>
-    <example os.edition="Standard" os.build="14393">Windows Server 2016 Standard Evaluation 14393</example>
-    <example os.edition="Essentials" os.build="10586">Windows Server 2016 Technical Preview 4 Essentials 10586</example>
-    <param pos="0" name="os.certainty" value="1.0"/>
-    <param pos="0" name="os.vendor" value="Microsoft"/>
-    <param pos="0" name="os.product" value="Windows Server 2016"/>
-    <param pos="1" name="os.edition"/>
-    <param pos="2" name="os.build"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
-  </fingerprint>
-
-  <fingerprint pattern="^Windows Storage Server 2016 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
-    <description>Windows Server 2016 Storage</description>
-    <example os.build="14393">Windows Storage Server 2016 Standard 14393</example>
-    <param pos="0" name="os.certainty" value="1.0"/>
-    <param pos="0" name="os.vendor" value="Microsoft"/>
-    <param pos="0" name="os.product" value="Windows Server 2016"/>
-    <param pos="0" name="os.edition" value="Storage"/>
-    <param pos="1" name="os.build"/>
-    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
-  </fingerprint>
-
   <fingerprint pattern="^Windows Web Server 2008 R2 (\d+) (Service Pack \d+)$">
     <description>Windows Server 2008 R2 Web</description>
     <example os.version="Service Pack 1">Windows Web Server 2008 R2 7601 Service Pack 1</example>
@@ -316,6 +301,81 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:{os.version}"/>
   </fingerprint>
 
+  <fingerprint pattern="^Hyper-V Server 7601 Service Pack 1$">
+    <description>Windows Server 2008 R2 Hyper-V</description>
+    <example>Hyper-V Server 7601 Service Pack 1</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
+    <param pos="0" name="os.edition" value="Hyper-V"/>
+    <param pos="0" name="os.build" value="7601"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
+  </fingerprint>
+
+  <!-- Windows 2019 -->
+
+  <fingerprint pattern="^Windows Server 2019 (\w+|\w+ \w+|\w+ \w+ \w+)(?: Evaluation)? (\d+)$">
+    <description>Windows Server 2019 with a build, without service pack</description>
+    <example os.build="17763" os.edition="Standard">Windows Server 2019 Standard 17763</example>
+    <example os.build="17763" os.edition="Standard">Windows Server 2019 Standard Evaluation 17763</example>
+    <example os.build="17763" os.edition="Datacenter">Windows Server 2019 Datacenter 17763</example>
+    <example os.build="17763" os.edition="Essentials">Windows Server 2019 Essentials 17763</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2019"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2019:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Hyper-V Server 2019  (\d+)$">
+    <description>Windows Server 2019 Hyper-V</description>
+    <example os.build="17763">Hyper-V Server 2019  17763</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2019"/>
+    <param pos="0" name="os.edition" value="Hyper-V"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2019:-"/>
+  </fingerprint>
+
+  <!-- Windows 2016 -->
+
+  <fingerprint pattern="^Windows Server 2016(?: Technical Preview \d+)? (\w+|\w+ \w+|\w+ \w+ \w+)(?: Evaluation)? (\d+)$">
+    <description>Windows Server 2016 with a build, without service pack</description>
+    <example os.edition="Datacenter" os.build="14393">Windows Server 2016 Datacenter 14393</example>
+    <example os.edition="Standard" os.build="14393">Windows Server 2016 Standard Evaluation 14393</example>
+    <example os.edition="Essentials" os.build="10586">Windows Server 2016 Technical Preview 4 Essentials 10586</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2016"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Windows Storage Server 2016 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows Server 2016 Storage</description>
+    <example os.build="14393">Windows Storage Server 2016 Standard 14393</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2016"/>
+    <param pos="0" name="os.edition" value="Storage"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Hyper-V Server 2016 (\d+)$">
+    <description>Windows Server 2016 Hyper-V</description>
+    <example os.build="14393">Hyper-V Server 2016 14393</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2016"/>
+    <param pos="0" name="os.edition" value="Hyper-V"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
+  </fingerprint>
+
   <fingerprint pattern="^Windows Vista \(TM\) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
     <description>Windows Vista (SP)</description>
     <example os.edition="Home Premium" os.version="Service Pack 2">Windows Vista (TM) Home Premium 6002 Service Pack 2</example>
@@ -385,10 +445,9 @@
 
   <!-- Windows 2012 R2 matches go first to simplify the regular expressions -->
 
-  <!-- TODO: Need an example string -->
-
   <fingerprint pattern="^Windows Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
     <description>Windows Server 2012 R2 (SP)</description>
+    <example os.build="9600" os.edition="Standard" os.version="Service Pack 1">Windows Server 2012 R2 Standard 9600 Service Pack 1</example>
     <param pos="0" name="os.certainty" value="1.0"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
@@ -400,7 +459,7 @@
 
   <fingerprint pattern="^Windows Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
     <description>Windows Server 2012 R2</description>
-    <example os.edition="Standard">Windows Server 2012 R2 Standard 9600</example>
+    <example os.build="9600" os.edition="Standard">Windows Server 2012 R2 Standard 9600</example>
     <param pos="0" name="os.certainty" value="1.0"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
@@ -409,10 +468,35 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
   </fingerprint>
 
-  <!-- TODO: Need an example string -->
+  <fingerprint pattern="^Windows Storage Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows Server 2012 R2 Storage</description>
+    <example os.build="9600" os.edition="Standard">Windows Storage Server 2012 R2 Standard 9600</example>
+    <example os.build="9600" os.edition="Workgroup">Windows Storage Server 2012 R2 Workgroup 9600</example>
+    <example os.build="9600" os.edition="Essentials">Windows Storage Server 2012 R2 Essentials 9600</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Hyper-V Server 2012 R2 (\d+)$">
+    <description>Windows Server 2012 R2 Hyper-V</description>
+    <example os.build="9600">Hyper-V Server 2012 R2 9600</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
+    <param pos="0" name="os.edition" value="Hyper-V"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
+  </fingerprint>
+
+  <!-- Windows 2012 -->
 
   <fingerprint pattern="^Windows Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
     <description>Windows Server 2012 (SP)</description>
+    <example os.build="9200" os.edition="Standard" os.version="Service Pack 1">Windows Server 2012 Standard 9200 Service Pack 1</example>
     <param pos="0" name="os.certainty" value="1.0"/>
     <param pos="0" name="os.vendor" value="Microsoft"/>
     <param pos="0" name="os.product" value="Windows Server 2012"/>
@@ -433,6 +517,29 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
   </fingerprint>
 
+  <fingerprint pattern="^Windows Storage Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
+    <description>Windows Server 2012 Storage</description>
+    <example os.build="9200" os.edition="Standard">Windows Storage Server 2012 Standard 9200</example>
+    <example os.build="9200" os.edition="Workgroup">Windows Storage Server 2012 Workgroup 9200</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012"/>
+    <param pos="1" name="os.edition"/>
+    <param pos="2" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
+  </fingerprint>
+
+  <fingerprint pattern="^Hyper-V Server 2012 (\d+)$">
+    <description>Windows Server 2012 Hyper-V</description>
+    <example os.build="9200">Hyper-V Server 2012 9200</example>
+    <param pos="0" name="os.certainty" value="1.0"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.product" value="Windows Server 2012"/>
+    <param pos="0" name="os.edition" value="Hyper-V"/>
+    <param pos="1" name="os.build"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
+  </fingerprint>
+
   <fingerprint pattern="^Windows MultiPoint Server 2012 (?:\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
     <description>Windows MultiPoint Server 2012 (SP)</description>
     <example os.build="9201" os.version="Service Pack 1">Windows MultiPoint Server 2012 Premium 9201 Service Pack 1</example>
@@ -487,7 +594,7 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_10:-"/>
   </fingerprint>
 
-  <fingerprint pattern="^VxWorks">
+  <fingerprint pattern="^VxWorks$">
     <description>VxWorks</description>
     <example>VxWorks</example>
     <param pos="0" name="os.certainty" value="0.5"/>
@@ -498,9 +605,10 @@
     <param pos="0" name="service.product" value="VxWorks CIFS"/>
   </fingerprint>
 
-  <fingerprint pattern="^OS/400 \D(\d+)\D(\d+)\D(\d+)">
+  <fingerprint pattern="^OS/?400 \D(\d+)\D(\d+)\D(\d+)$">
     <description>OS/400</description>
     <example os.version="4" os.version.version="5" os.version.version.version="0">OS/400 V4R5M0</example>
+    <example os.version="5" os.version.version="4" os.version.version.version="5">OS400 V5R4M5</example>
     <param pos="0" name="os.vendor" value="IBM"/>
     <param pos="0" name="os.product" value="OS/400"/>
     <param pos="1" name="os.version"/>
@@ -509,6 +617,17 @@
     <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:{os.version}"/>
   </fingerprint>
 
+  <fingerprint pattern="^I5OS \D(\d+)\D(\d+)\D(\d+)$">
+    <description>IBM i5/OS</description>
+    <example os.version="6" os.version.version="1" os.version.version.version="1">I5OS V6R1M1</example>
+    <param pos="0" name="os.vendor" value="IBM"/>
+    <param pos="0" name="os.product" value="i5/OS"/>
+    <param pos="1" name="os.version"/>
+    <param pos="2" name="os.version.version"/>
+    <param pos="3" name="os.version.version.version"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:ibm:i5os:{os.version}"/>
+  </fingerprint>
+
   <fingerprint pattern="^Apple Base Station$">
     <description>SMB exposed via SMB shared USB disks on Apple devices</description>
     <example>Apple Base Station</example>
@@ -538,6 +657,14 @@
     <param pos="0" name="service.vendor" value="Netreon"/>
   </fingerprint>
 
+  <fingerprint pattern="^QTS$">
+    <description>QNAP QTS</description>
+    <example>QTS</example>
+    <param pos="0" name="os.vendor" value="QNAP"/>
+    <param pos="0" name="os.product" value="QTS"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:qnap:qts:-"/>
+  </fingerprint>
+
   <!-- VisionFS -->
 
   <fingerprint pattern="^(?:ax|i3|m8|mp|pa|pp|rs|sp)ai(\d{4})">