recog 2.3.17 → 2.3.21

Sign up to get free protection for your applications and to get access to all the features.
Files changed (51) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ci.yml +26 -0
  3. data/bin/recog_standardize +6 -0
  4. data/cpe-remap.yaml +342 -200
  5. data/identifiers/README.md +24 -10
  6. data/identifiers/fields.txt +104 -0
  7. data/identifiers/hw_device.txt +2 -0
  8. data/identifiers/hw_family.txt +11 -0
  9. data/identifiers/hw_product.txt +71 -0
  10. data/identifiers/os_device.txt +2 -1
  11. data/identifiers/os_family.txt +2 -0
  12. data/identifiers/os_product.txt +36 -8
  13. data/identifiers/service_family.txt +10 -1
  14. data/identifiers/service_product.txt +78 -2
  15. data/identifiers/vendor.txt +55 -0
  16. data/lib/recog/nizer.rb +1 -82
  17. data/lib/recog/version.rb +1 -1
  18. data/requirements.txt +1 -1
  19. data/update_cpes.py +18 -5
  20. data/xml/apache_modules.xml +60 -0
  21. data/xml/apache_os.xml +1 -1
  22. data/xml/dns_versionbind.xml +11 -1
  23. data/xml/favicons.xml +122 -3
  24. data/xml/ftp_banners.xml +62 -51
  25. data/xml/html_title.xml +553 -41
  26. data/xml/http_cookies.xml +262 -61
  27. data/xml/http_servers.xml +478 -108
  28. data/xml/http_wwwauth.xml +36 -9
  29. data/xml/imap_banners.xml +5 -5
  30. data/xml/ldap_searchresult.xml +1 -0
  31. data/xml/mdns_device-info_txt.xml +340 -10
  32. data/xml/mysql_banners.xml +2 -1
  33. data/xml/nntp_banners.xml +1 -1
  34. data/xml/ntp_banners.xml +16 -2
  35. data/xml/operating_system.xml +4 -4
  36. data/xml/pop_banners.xml +4 -4
  37. data/xml/rtsp_servers.xml +7 -0
  38. data/xml/sip_banners.xml +347 -9
  39. data/xml/sip_user_agents.xml +323 -4
  40. data/xml/smb_native_lm.xml +32 -1
  41. data/xml/smb_native_os.xml +160 -33
  42. data/xml/smtp_banners.xml +167 -128
  43. data/xml/smtp_expn.xml +1 -0
  44. data/xml/smtp_vrfy.xml +1 -0
  45. data/xml/snmp_sysdescr.xml +205 -36
  46. data/xml/ssh_banners.xml +139 -25
  47. data/xml/telnet_banners.xml +92 -48
  48. data/xml/tls_jarm.xml +140 -0
  49. data/xml/x509_issuers.xml +201 -2
  50. data/xml/x509_subjects.xml +251 -32
  51. metadata +5 -2
data/xml/ssh_banners.xml CHANGED
@@ -33,12 +33,12 @@
33
33
  <param pos="0" name="service.product" value="iLO"/>
34
34
  <param pos="0" name="service.family" value="iLO"/>
35
35
  <param pos="1" name="service.version"/>
36
- <param pos="0" name="service.cpe23" value="cpe:/a:hp:integrated_lights_out:{service.version}"/>
37
36
  <param pos="0" name="hw.vendor" value="HP"/>
38
37
  <param pos="0" name="os.vendor" value="HP"/>
39
38
  <param pos="0" name="os.product" value="iLO"/>
40
39
  <param pos="0" name="os.family" value="iLO"/>
41
40
  <param pos="0" name="os.device" value="Lights Out Management"/>
41
+ <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
42
42
  </fingerprint>
43
43
 
44
44
  <fingerprint pattern="^Serv-U_([\d\.]+)$">
@@ -552,7 +552,7 @@
552
552
  </fingerprint>
553
553
 
554
554
  <fingerprint pattern="^OpenSSH_(7\.8) (FreeBSD-20180909)$">
555
- <description>OpenSSH running on FreeBSD 12.0</description>
555
+ <description>OpenSSH running on FreeBSD 12.0/12.1</description>
556
556
  <example service.version="7.8" openssh.comment="FreeBSD-20180909">OpenSSH_7.8 FreeBSD-20180909</example>
557
557
  <param pos="1" name="service.version"/>
558
558
  <param pos="2" name="openssh.comment"/>
@@ -888,9 +888,10 @@
888
888
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:13.04"/>
889
889
  </fingerprint>
890
890
 
891
- <fingerprint pattern="^OpenSSH_(6\.2p2) (Ubuntu-6unbuntu\d(?:\.\d)?)$">
891
+ <fingerprint pattern="^OpenSSH_(6\.2p2) (Ubuntu-6\S*)$">
892
892
  <description>OpenSSH running on Ubuntu 13.10</description>
893
893
  <example service.version="6.2p2" openssh.comment="Ubuntu-6unbuntu0.4">OpenSSH_6.2p2 Ubuntu-6unbuntu0.4</example>
894
+ <example service.version="6.2p2" openssh.comment="Ubuntu-6">OpenSSH_6.2p2 Ubuntu-6</example>
894
895
  <param pos="1" name="service.version"/>
895
896
  <param pos="2" name="openssh.comment"/>
896
897
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -917,10 +918,11 @@
917
918
  <param pos="0" name="service.cpe23" value="cpe:/a:openbsd:openssh:{service.version}"/>
918
919
  </fingerprint>
919
920
 
920
- <fingerprint pattern="^OpenSSH_(6\.6(?:\.\d)?p1) (Ubuntu-2ubuntu\d+(?:\.\d+)?)$">
921
+ <fingerprint pattern="^OpenSSH_(6\.6(?:\.1)?p1) (Ubuntu-2\S*)$">
921
922
  <description>OpenSSH running on Ubuntu 14.04</description>
922
923
  <example service.version="6.6p1" openssh.comment="Ubuntu-2ubuntu1">OpenSSH_6.6p1 Ubuntu-2ubuntu1</example>
923
924
  <example service.version="6.6.1p1" openssh.comment="Ubuntu-2ubuntu2">OpenSSH_6.6.1p1 Ubuntu-2ubuntu2</example>
925
+ <example service.version="6.6.1p1" openssh.comment="Ubuntu-2ubuntu2.13">OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13</example>
924
926
  <param pos="1" name="service.version"/>
925
927
  <param pos="2" name="openssh.comment"/>
926
928
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -950,9 +952,10 @@
950
952
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:14.10"/>
951
953
  </fingerprint>
952
954
 
953
- <fingerprint pattern="^OpenSSH_(6\.7p1) (Ubuntu-5ubuntu\d(?:\.\d)?)$">
955
+ <fingerprint pattern="^OpenSSH_(6\.7p1) (Ubuntu-5\S*)$">
954
956
  <description>OpenSSH running on Ubuntu 15.04 (vivid)</description>
955
957
  <example service.version="6.7p1" openssh.comment="Ubuntu-5ubuntu1">OpenSSH_6.7p1 Ubuntu-5ubuntu1</example>
958
+ <example service.version="6.7p1" openssh.comment="Ubuntu-5ubuntu1.4">OpenSSH_6.7p1 Ubuntu-5ubuntu1.4</example>
956
959
  <param pos="1" name="service.version"/>
957
960
  <param pos="2" name="openssh.comment"/>
958
961
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -966,9 +969,10 @@
966
969
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:15.04"/>
967
970
  </fingerprint>
968
971
 
969
- <fingerprint pattern="^OpenSSH_(6\.9p1) (Ubuntu-2)$">
972
+ <fingerprint pattern="^OpenSSH_(6\.9p1) (Ubuntu-2\S*)$">
970
973
  <description>OpenSSH running on Ubuntu 15.10</description>
971
974
  <example service.version="6.9p1" openssh.comment="Ubuntu-2">OpenSSH_6.9p1 Ubuntu-2</example>
975
+ <example service.version="6.9p1" openssh.comment="Ubuntu-2ubuntu0.2">OpenSSH_6.9p1 Ubuntu-2ubuntu0.2</example>
972
976
  <param pos="1" name="service.version"/>
973
977
  <param pos="2" name="openssh.comment"/>
974
978
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -982,9 +986,11 @@
982
986
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:15.10"/>
983
987
  </fingerprint>
984
988
 
985
- <fingerprint pattern="^OpenSSH_(7\.2p2) (Ubuntu-4ubuntu\d(?:\.\d)?)$">
989
+ <fingerprint pattern="^OpenSSH_(7\.2p2) (Ubuntu-4\S*)$">
986
990
  <description>OpenSSH running on Ubuntu 16.04 (vivid)</description>
987
991
  <example service.version="7.2p2" openssh.comment="Ubuntu-4ubuntu2.7">OpenSSH_7.2p2 Ubuntu-4ubuntu2.7</example>
992
+ <example service.version="7.2p2" openssh.comment="Ubuntu-4ubuntu1">OpenSSH_7.2p2 Ubuntu-4ubuntu1</example>
993
+ <example service.version="7.2p2" openssh.comment="Ubuntu-4">OpenSSH_7.2p2 Ubuntu-4</example>
988
994
  <param pos="1" name="service.version"/>
989
995
  <param pos="2" name="openssh.comment"/>
990
996
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -1030,9 +1036,10 @@
1030
1036
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:17.04"/>
1031
1037
  </fingerprint>
1032
1038
 
1033
- <fingerprint pattern="^OpenSSH_(7\.5p1) (Ubuntu-10ubuntu\d(?:\.\d)?)$">
1039
+ <fingerprint pattern="^OpenSSH_(7\.5p1) (Ubuntu-10\S*)$">
1034
1040
  <description>OpenSSH running on Ubuntu 17.10</description>
1035
1041
  <example service.version="7.5p1" openssh.comment="Ubuntu-10ubuntu0.1">OpenSSH_7.5p1 Ubuntu-10ubuntu0.1</example>
1042
+ <example service.version="7.5p1" openssh.comment="Ubuntu-10">OpenSSH_7.5p1 Ubuntu-10</example>
1036
1043
  <param pos="1" name="service.version"/>
1037
1044
  <param pos="2" name="openssh.comment"/>
1038
1045
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -1046,9 +1053,10 @@
1046
1053
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:17.10"/>
1047
1054
  </fingerprint>
1048
1055
 
1049
- <fingerprint pattern="^OpenSSH_(7\.6p1) (Ubuntu-4ubuntu\d(?:\.\d)?)$">
1056
+ <fingerprint pattern="^OpenSSH_(7\.6p1) (Ubuntu-4\S*)$">
1050
1057
  <description>OpenSSH running on Ubuntu 18.04</description>
1051
1058
  <example service.version="7.6p1" openssh.comment="Ubuntu-4ubuntu0.3">OpenSSH_7.6p1 Ubuntu-4ubuntu0.3</example>
1059
+ <example service.version="7.6p1" openssh.comment="Ubuntu-4">OpenSSH_7.6p1 Ubuntu-4</example>
1052
1060
  <param pos="1" name="service.version"/>
1053
1061
  <param pos="2" name="openssh.comment"/>
1054
1062
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -1062,9 +1070,10 @@
1062
1070
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:18.04"/>
1063
1071
  </fingerprint>
1064
1072
 
1065
- <fingerprint pattern="^OpenSSH_(7\.7p1) (Ubuntu-4)$">
1073
+ <fingerprint pattern="^OpenSSH_(7\.7p1) (Ubuntu-4\S*)$">
1066
1074
  <description>OpenSSH running on Ubuntu 18.10</description>
1067
1075
  <example service.version="7.7p1" openssh.comment="Ubuntu-4">OpenSSH_7.7p1 Ubuntu-4</example>
1076
+ <example service.version="7.7p1" openssh.comment="Ubuntu-4ubuntu0.3">OpenSSH_7.7p1 Ubuntu-4ubuntu0.3</example>
1068
1077
  <param pos="1" name="service.version"/>
1069
1078
  <param pos="2" name="openssh.comment"/>
1070
1079
  <param pos="0" name="service.vendor" value="OpenBSD"/>
@@ -1110,6 +1119,39 @@
1110
1119
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:19.10"/>
1111
1120
  </fingerprint>
1112
1121
 
1122
+ <fingerprint pattern="^OpenSSH_(8\.2p1) (Ubuntu-4\S*)$">
1123
+ <description>OpenSSH running on Ubuntu 20.04</description>
1124
+ <example service.version="8.2p1" openssh.comment="Ubuntu-4ubuntu0.1">OpenSSH_8.2p1 Ubuntu-4ubuntu0.1</example>
1125
+ <example service.version="8.2p1" openssh.comment="Ubuntu-4">OpenSSH_8.2p1 Ubuntu-4</example>
1126
+ <param pos="1" name="service.version"/>
1127
+ <param pos="2" name="openssh.comment"/>
1128
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
1129
+ <param pos="0" name="service.family" value="OpenSSH"/>
1130
+ <param pos="0" name="service.product" value="OpenSSH"/>
1131
+ <param pos="0" name="service.cpe23" value="cpe:/a:openbsd:openssh:{service.version}"/>
1132
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
1133
+ <param pos="0" name="os.family" value="Linux"/>
1134
+ <param pos="0" name="os.product" value="Linux"/>
1135
+ <param pos="0" name="os.version" value="20.04"/>
1136
+ <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:20.04"/>
1137
+ </fingerprint>
1138
+
1139
+ <fingerprint pattern="^OpenSSH_(8\.3p1) (Ubuntu-1\S*)$">
1140
+ <description>OpenSSH running on Ubuntu 20.10</description>
1141
+ <example service.version="8.3p1" openssh.comment="Ubuntu-1">OpenSSH_8.3p1 Ubuntu-1</example>
1142
+ <param pos="1" name="service.version"/>
1143
+ <param pos="2" name="openssh.comment"/>
1144
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
1145
+ <param pos="0" name="service.family" value="OpenSSH"/>
1146
+ <param pos="0" name="service.product" value="OpenSSH"/>
1147
+ <param pos="0" name="service.cpe23" value="cpe:/a:openbsd:openssh:{service.version}"/>
1148
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
1149
+ <param pos="0" name="os.family" value="Linux"/>
1150
+ <param pos="0" name="os.product" value="Linux"/>
1151
+ <param pos="0" name="os.version" value="20.10"/>
1152
+ <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:20.10"/>
1153
+ </fingerprint>
1154
+
1113
1155
  <fingerprint pattern="^OpenSSH_([^\s]+)\s+(Ubuntu-\d\d?)$">
1114
1156
  <description>OpenSSH running on Ubuntu (unknown release)</description>
1115
1157
  <example service.version="7.6p1" openssh.comment="Ubuntu-2">OpenSSH_7.6p1 Ubuntu-2</example>
@@ -1329,9 +1371,56 @@
1329
1371
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:9.0"/>
1330
1372
  </fingerprint>
1331
1373
 
1332
- <fingerprint pattern="^OpenSSH_(7\.9p1) (Debian-10|Debian-\d\d?\+deb10u\d+)$">
1333
- <description>OpenSSH running on Debian 10.x (buster)</description>
1374
+ <fingerprint pattern="^OpenSSH_(7\.9p1) (Debian-10)$">
1375
+ <description>OpenSSH running on Debian 10.0 (buster)</description>
1334
1376
  <example service.version="7.9p1" openssh.comment="Debian-10">OpenSSH_7.9p1 Debian-10</example>
1377
+ <param pos="1" name="service.version"/>
1378
+ <param pos="2" name="openssh.comment"/>
1379
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
1380
+ <param pos="0" name="service.family" value="OpenSSH"/>
1381
+ <param pos="0" name="service.product" value="OpenSSH"/>
1382
+ <param pos="0" name="service.cpe23" value="cpe:/a:openbsd:openssh:{service.version}"/>
1383
+ <param pos="0" name="os.vendor" value="Debian"/>
1384
+ <param pos="0" name="os.family" value="Linux"/>
1385
+ <param pos="0" name="os.product" value="Linux"/>
1386
+ <param pos="0" name="os.version" value="10.0"/>
1387
+ <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:10.0"/>
1388
+ </fingerprint>
1389
+
1390
+ <fingerprint pattern="^OpenSSH_(7\.9p1) (Debian-10\+deb10u1)$">
1391
+ <description>OpenSSH running on Debian 10.1 (buster)</description>
1392
+ <example service.version="7.9p1" openssh.comment="Debian-10+deb10u1">OpenSSH_7.9p1 Debian-10+deb10u1</example>
1393
+ <param pos="1" name="service.version"/>
1394
+ <param pos="2" name="openssh.comment"/>
1395
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
1396
+ <param pos="0" name="service.family" value="OpenSSH"/>
1397
+ <param pos="0" name="service.product" value="OpenSSH"/>
1398
+ <param pos="0" name="service.cpe23" value="cpe:/a:openbsd:openssh:{service.version}"/>
1399
+ <param pos="0" name="os.vendor" value="Debian"/>
1400
+ <param pos="0" name="os.family" value="Linux"/>
1401
+ <param pos="0" name="os.product" value="Linux"/>
1402
+ <param pos="0" name="os.version" value="10.1"/>
1403
+ <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:10.1"/>
1404
+ </fingerprint>
1405
+
1406
+ <fingerprint pattern="^OpenSSH_(7\.9p1) (Debian-10\+deb10u2)$">
1407
+ <description>OpenSSH running on Debian 10.2 (buster)</description>
1408
+ <example service.version="7.9p1" openssh.comment="Debian-10+deb10u2">OpenSSH_7.9p1 Debian-10+deb10u2</example>
1409
+ <param pos="1" name="service.version"/>
1410
+ <param pos="2" name="openssh.comment"/>
1411
+ <param pos="0" name="service.vendor" value="OpenBSD"/>
1412
+ <param pos="0" name="service.family" value="OpenSSH"/>
1413
+ <param pos="0" name="service.product" value="OpenSSH"/>
1414
+ <param pos="0" name="service.cpe23" value="cpe:/a:openbsd:openssh:{service.version}"/>
1415
+ <param pos="0" name="os.vendor" value="Debian"/>
1416
+ <param pos="0" name="os.family" value="Linux"/>
1417
+ <param pos="0" name="os.product" value="Linux"/>
1418
+ <param pos="0" name="os.version" value="10.2"/>
1419
+ <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:10.2"/>
1420
+ </fingerprint>
1421
+
1422
+ <fingerprint pattern="^OpenSSH_(7\.9p1) (Debian-10\S+)$">
1423
+ <description>OpenSSH running on Debian 10.x (buster catchall)</description>
1335
1424
  <example service.version="7.9p1" openssh.comment="Debian-10+deb10u6">OpenSSH_7.9p1 Debian-10+deb10u6</example>
1336
1425
  <param pos="1" name="service.version"/>
1337
1426
  <param pos="2" name="openssh.comment"/>
@@ -1615,7 +1704,7 @@
1615
1704
  <param pos="0" name="service.product" value="SSH"/>
1616
1705
  <param pos="0" name="os.vendor" value="Cisco"/>
1617
1706
  <param pos="0" name="os.product" value="Wireless LAN Controller"/>
1618
- <param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller:-"/>
1707
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller_software:-"/>
1619
1708
  </fingerprint>
1620
1709
 
1621
1710
  <fingerprint pattern="(?i)^Cleo (\S+)/(\S+) SSH FTP server$">
@@ -1695,7 +1784,7 @@
1695
1784
  <param pos="1" name="os.version"/>
1696
1785
  </fingerprint>
1697
1786
 
1698
- <fingerprint pattern="^([\d.]+)[ _]sshlib:? (?i:GlobalScape)$">
1787
+ <fingerprint pattern="^([\d.]{1,8})[ _]sshlib:? (?i:GlobalScape)$">
1699
1788
  <description>GlobalScape SSH (which uses Bitvise sshlib)</description>
1700
1789
  <example service.component.version="1.36">1.36_sshlib GlobalSCAPE</example>
1701
1790
  <example service.component.version="1.82">1.82_sshlib Globalscape</example>
@@ -1713,7 +1802,7 @@
1713
1802
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1714
1803
  </fingerprint>
1715
1804
 
1716
- <fingerprint pattern="^([^\s]+) sshlib: WinSSHD (.*)$">
1805
+ <fingerprint pattern="^([\d.]{1,8}) sshlib: WinSSHD ([\w.-]*)$">
1717
1806
  <description>Bitvise WinSSHD (which uses Bitvise sshlib)</description>
1718
1807
  <example service.component.version="1.78" service.version="4.15a">1.78 sshlib: WinSSHD 4.15a</example>
1719
1808
  <param pos="1" name="service.component.version"/>
@@ -1730,7 +1819,7 @@
1730
1819
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1731
1820
  </fingerprint>
1732
1821
 
1733
- <fingerprint pattern="^([^\s]+) FlowSsh: (?:Bitvise SSH Server \(WinSSHD\)|WinSSHD) ([\d\.]+):?.*$">
1822
+ <fingerprint pattern="^([\d.]{1,8}) FlowSsh: (?:Bitvise SSH Server \(WinSSHD\)|WinSSHD) ([\d\.]+):?.*$">
1734
1823
  <description>Bitvise WinSSHD (which uses Bitvise flowssh) with version</description>
1735
1824
  <example service.version="5.09" service.component.version="1.03">1.03 FlowSsh: WinSSHD 5.09</example>
1736
1825
  <example service.version="5.20" service.component.version="1.07">1.07 FlowSsh: WinSSHD 5.20: free only for personal non-commercial use</example>
@@ -1749,7 +1838,7 @@
1749
1838
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1750
1839
  </fingerprint>
1751
1840
 
1752
- <fingerprint pattern="^([^\s]+) FlowSsh: (?:Bitvise SSH Server \(WinSSHD\)|WinSSHD)(?: :.*)?$">
1841
+ <fingerprint pattern="^([\d.]{1,8}) FlowSsh: (?:Bitvise SSH Server \(WinSSHD\)|WinSSHD)(?: :.*)?$">
1753
1842
  <description>Bitvise WinSSHD (which uses Bitvise flowssh) without version</description>
1754
1843
  <example service.component.version="9.99">9.99 FlowSsh: Bitvise SSH Server (WinSSHD)</example>
1755
1844
  <example service.component.version="9.99">9.99 FlowSsh: Bitvise SSH Server (WinSSHD) : free only for personal non-commercial use</example>
@@ -1766,7 +1855,7 @@
1766
1855
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
1767
1856
  </fingerprint>
1768
1857
 
1769
- <fingerprint pattern="^([^\s]+) sshlib: MOVEit DMZ SSH (.*)$">
1858
+ <fingerprint pattern="^([\d.]{1,8}) sshlib: MOVEit DMZ SSH (.*)$">
1770
1859
  <description>MOVEit DMZ (which uses Bitvise sshlib)</description>
1771
1860
  <param pos="1" name="service.component.version"/>
1772
1861
  <param pos="2" name="service.version"/>
@@ -1776,6 +1865,7 @@
1776
1865
  <param pos="0" name="service.vendor" value="Standard Networks"/>
1777
1866
  <param pos="0" name="service.family" value="MOVEit DMZ"/>
1778
1867
  <param pos="0" name="service.product" value="MOVEit DMZ"/>
1868
+ <param pos="0" name="service.cpe23" value="cpe:/a:ipswitch:moveit_dmz:{service.version}"/>
1779
1869
  <param pos="0" name="os.vendor" value="Microsoft"/>
1780
1870
  <param pos="0" name="os.family" value="Windows"/>
1781
1871
  <param pos="0" name="os.product" value="Windows"/>
@@ -1848,8 +1938,9 @@
1848
1938
  <param pos="0" name="service.cpe23" value="cpe:/a:vandyke:vshell:{service.version}"/>
1849
1939
  </fingerprint>
1850
1940
 
1851
- <fingerprint pattern="^([\s]*)\s*VShell$">
1941
+ <fingerprint pattern="^([\d.]{0,8})\s{1,8}VShell$">
1852
1942
  <description>VanDyke VShell</description>
1943
+ <example service.version="1.0.2">1.0.2 VShell</example>
1853
1944
  <param pos="1" name="service.version"/>
1854
1945
  <param pos="0" name="service.vendor" value="VanDyke Software"/>
1855
1946
  <param pos="0" name="service.family" value="VShell"/>
@@ -1864,10 +1955,11 @@
1864
1955
  <param pos="1" name="service.version"/>
1865
1956
  <param pos="0" name="service.vendor" value="Attachmate"/>
1866
1957
  <param pos="0" name="service.family" value="Reflection"/>
1867
- <param pos="0" name="service.product" value="Reflection"/>
1958
+ <param pos="0" name="service.product" value="Reflection for Secure IT"/>
1959
+ <param pos="0" name="service.cpe23" value="cpe:/a:attachmate:reflection_for_secure_it:{service.version}"/>
1868
1960
  </fingerprint>
1869
1961
 
1870
- <fingerprint pattern="^([^\s]*)\s*F-Secure SSH\s*(?:.*)$">
1962
+ <fingerprint pattern="^(\S{0,256})\s{0,256}F-Secure SSH ">
1871
1963
  <description>Attachmate Reflection (formerly F-Secure SSH)</description>
1872
1964
  <example service.version="3.2.3">3.2.3 F-Secure SSH Windows NT Server</example>
1873
1965
  <param pos="1" name="service.version"/>
@@ -1876,16 +1968,17 @@
1876
1968
  <param pos="0" name="service.product" value="Reflection"/>
1877
1969
  </fingerprint>
1878
1970
 
1879
- <fingerprint pattern="^([^\s]*)\s*SSH Tectia Server$">
1971
+ <fingerprint pattern="^(\S{0,256})\s{0,256}SSH Tectia Server$">
1880
1972
  <description>SSH Communications Security Tectia Server - branded</description>
1881
1973
  <example service.version="6.4.12.353">6.4.12.353 SSH Tectia Server</example>
1882
1974
  <param pos="1" name="service.version"/>
1883
1975
  <param pos="0" name="service.vendor" value="SSH Communications Security"/>
1884
1976
  <param pos="0" name="service.family" value="SSH Tectia Server"/>
1885
1977
  <param pos="0" name="service.product" value="SSH Tectia Server"/>
1978
+ <param pos="0" name="service.cpe23" value="cpe:/a:ssh:tectia_server:{service.version}"/>
1886
1979
  </fingerprint>
1887
1980
 
1888
- <fingerprint pattern="^([0-9\.]+) SSH Secure Shell(?: \(non-commercial\))?$">
1981
+ <fingerprint pattern="^([0-9\.]{1,8}) SSH Secure Shell(?: \(non-commercial\))?$">
1889
1982
  <description>SSH Communications Security Tectia Server</description>
1890
1983
  <example service.version="3.2.9.1">3.2.9.1 SSH Secure Shell (non-commercial)</example>
1891
1984
  <example service.version="4.0.3">4.0.3 SSH Secure Shell</example>
@@ -1894,9 +1987,10 @@
1894
1987
  <param pos="0" name="service.vendor" value="SSH Communications Security"/>
1895
1988
  <param pos="0" name="service.family" value="SSH Tectia Server"/>
1896
1989
  <param pos="0" name="service.product" value="SSH Tectia Server"/>
1990
+ <param pos="0" name="service.cpe23" value="cpe:/a:ssh:tectia_server:{service.version}"/>
1897
1991
  </fingerprint>
1898
1992
 
1899
- <fingerprint pattern="^([0-9\.]+) SSH Secure Shell Windows NT Server$">
1993
+ <fingerprint pattern="^([0-9\.]{1,8}) SSH Secure Shell Windows NT Server$">
1900
1994
  <description>Unknown Windows SSH server</description>
1901
1995
  <example service.version="4.0.3">4.0.3 SSH Secure Shell Windows NT Server</example>
1902
1996
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -1907,6 +2001,7 @@
1907
2001
  <param pos="0" name="service.vendor" value="SSH Communications Security"/>
1908
2002
  <param pos="0" name="service.family" value="SSH Tectia Server"/>
1909
2003
  <param pos="0" name="service.product" value="SSH Tectia Server"/>
2004
+ <param pos="0" name="service.cpe23" value="cpe:/a:ssh:tectia_server:{service.version}"/>
1910
2005
  </fingerprint>
1911
2006
 
1912
2007
  <fingerprint pattern="^ARRIS_(.*)$">
@@ -1994,6 +2089,7 @@
1994
2089
  <param pos="0" name="service.vendor" value="Standard Networks"/>
1995
2090
  <param pos="0" name="service.family" value="MOVEit DMZ"/>
1996
2091
  <param pos="0" name="service.product" value="MOVEit DMZ"/>
2092
+ <param pos="0" name="service.cpe23" value="cpe:/a:ipswitch:moveit_dmz:-"/>
1997
2093
  <param pos="0" name="os.vendor" value="Microsoft"/>
1998
2094
  <param pos="0" name="os.family" value="Windows"/>
1999
2095
  <param pos="0" name="os.product" value="Windows"/>
@@ -2019,7 +2115,12 @@
2019
2115
  <param pos="0" name="os.vendor" value="NetApp"/>
2020
2116
  <param pos="0" name="os.family" value="Data ONTAP"/>
2021
2117
  <param pos="0" name="os.product" value="Data ONTAP"/>
2118
+ <param pos="0" name="os.device" value="NAS"/>
2022
2119
  <param pos="0" name="os.cpe23" value="cpe:/o:netapp:data_ontap:-"/>
2120
+ <param pos="0" name="hw.vendor" value="NetApp"/>
2121
+ <param pos="0" name="hw.family" value="Data ONTAP"/>
2122
+ <param pos="0" name="hw.product" value="Data ONTAP"/>
2123
+ <param pos="0" name="hw.device" value="NAS"/>
2023
2124
  </fingerprint>
2024
2125
 
2025
2126
  <fingerprint pattern="^(\d\.\d+\.\d+) SSH Secure Shell OpenVMS V\d+\.\d+$">
@@ -2057,7 +2158,7 @@
2057
2158
  <param pos="0" name="os.certainty" value="0.75"/>
2058
2159
  </fingerprint>
2059
2160
 
2060
- <fingerprint pattern="^\S+ SSH Secure Shell Tru64 UNIX$">
2161
+ <fingerprint pattern="^\S{1,16} SSH Secure Shell Tru64 UNIX$">
2061
2162
  <description>Digital/Compaq/HP Tru64 Unix</description>
2062
2163
  <example>3.2.0 SSH Secure Shell Tru64 UNIX</example>
2063
2164
  <param pos="0" name="os.vendor" value="HP"/>
@@ -2125,6 +2226,19 @@
2125
2226
  <param pos="0" name="service.product" value="WeOnlyDo SSH Server"/>
2126
2227
  </fingerprint>
2127
2228
 
2229
+ <fingerprint pattern="^Zyxel SSH server$">
2230
+ <description>Zyxel Firewall SSH service</description>
2231
+ <example>Zyxel SSH server</example>
2232
+ <param pos="0" name="service.vendor" value="Zyxel"/>
2233
+ <param pos="0" name="service.family" value="Zywall"/>
2234
+ <param pos="0" name="os.vendor" value="Zyxel"/>
2235
+ <param pos="0" name="os.product" value="ZyNOS firmware"/>
2236
+ <param pos="0" name="os.cpe23" value="cpe:/o:zyxel:zynos_firmware:-"/>
2237
+ <param pos="0" name="hw.vendor" value="Zyxel"/>
2238
+ <param pos="0" name="hw.device" value="Firewall"/>
2239
+ <param pos="0" name="hw.family" value="Unified Security Gateway"/>
2240
+ </fingerprint>
2241
+
2128
2242
  <!--
2129
2243
  1.2.22j4rad
2130
2244
  2.40
@@ -17,30 +17,45 @@
17
17
  Ruby, Python, Java, and Golang.
18
18
  -->
19
19
 
20
- <fingerprint pattern="\A(?i)(?:\r|\n)*login:\s*$">
20
+ <fingerprint pattern="(?i)\A(?:\r|\n)*login:\s*$">
21
21
  <description>bare 'login:' -- assert nothing.</description>
22
22
  <example>login:</example>
23
+ <param pos="0" name="hw.certainty" value="0.0"/>
24
+ <param pos="0" name="os.certainty" value="0.0"/>
25
+ <param pos="0" name="service.certainty" value="0.0"/>
23
26
  </fingerprint>
24
27
 
25
- <fingerprint pattern="\A(?i)(?:\r|\n)*User(?:name)?\s*:\s*$">
28
+ <fingerprint pattern="(?i)\A(?:\r|\n)*User(?:name)?\s*:\s*$">
26
29
  <description>bare 'Username:' -- assert nothing.</description>
27
30
  <example>Username:</example>
28
31
  <example>User:</example>
32
+ <param pos="0" name="hw.certainty" value="0.0"/>
33
+ <param pos="0" name="os.certainty" value="0.0"/>
34
+ <param pos="0" name="service.certainty" value="0.0"/>
29
35
  </fingerprint>
30
36
 
31
- <fingerprint pattern="\A(?i)(?:\r|\n)*Password:\s*$">
37
+ <fingerprint pattern="(?i)\A(?:\r|\n)*Password:\s*$">
32
38
  <description>bare 'Password:' -- assert nothing.</description>
33
39
  <example>Password:</example>
40
+ <param pos="0" name="hw.certainty" value="0.0"/>
41
+ <param pos="0" name="os.certainty" value="0.0"/>
42
+ <param pos="0" name="service.certainty" value="0.0"/>
34
43
  </fingerprint>
35
44
 
36
- <fingerprint pattern="\A(?i)(?:\r|\n)*Account:\s*$">
45
+ <fingerprint pattern="(?i)\A(?:\r|\n)*Account:\s*$">
37
46
  <description>bare 'Account:' -- assert nothing.</description>
38
47
  <example>Account:</example>
48
+ <param pos="0" name="hw.certainty" value="0.0"/>
49
+ <param pos="0" name="os.certainty" value="0.0"/>
50
+ <param pos="0" name="service.certainty" value="0.0"/>
39
51
  </fingerprint>
40
52
 
41
- <fingerprint pattern="\A(?i)Connection refused(?:\r|\n)*$">
53
+ <fingerprint pattern="(?i)\AConnection refused(?:\r|\n)*$">
42
54
  <description>bare 'Connection refused' -- assert nothing.</description>
43
55
  <example>Connection refused</example>
56
+ <param pos="0" name="hw.certainty" value="0.0"/>
57
+ <param pos="0" name="os.certainty" value="0.0"/>
58
+ <param pos="0" name="service.certainty" value="0.0"/>
44
59
  </fingerprint>
45
60
 
46
61
  <!-- end of assert nothing block -->
@@ -424,7 +439,7 @@
424
439
  <param pos="4" name="host.name"/>
425
440
  </fingerprint>
426
441
 
427
- <fingerprint pattern="^(?m)TiMOS-[CB]-([\S]+) (?:both|cpm)/([\w]+) ALCATEL (SR [\S]+) Copyright.*Login:\s*$" flags="REG_MULTILINE">
442
+ <fingerprint pattern="(?m)^TiMOS-[CB]-([\S]+) (?:both|cpm)/([\w]+) ALCATEL (SR [\S]+) Copyright.*Login:\s*$" flags="REG_MULTILINE">
428
443
  <description>ALCATEL Service Router running TiMOS</description>
429
444
  <!-- TiMOS-C-12.0.R12 cpm/hops64 ALCATEL SR 7750 Copyright (c) 2000-2015 Alcatel-Lucent.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
430
445
 
@@ -446,7 +461,7 @@
446
461
 
447
462
  <!-- Nokia purchased Alcatel Lucent, finalized in Nov 2016 -->
448
463
 
449
- <fingerprint pattern="^(?m)TiMOS-[CB]-([\S]+) (?:both|cpm)\/([\w]+) Nokia ([\S]+ [SRX]+) Copyright.*Login:\s*$" flags="REG_MULTILINE">
464
+ <fingerprint pattern="(?m)^TiMOS-[CB]-([\S]+) (?:both|cpm)\/([\w]+) Nokia ([\S]+ [SRX]+) Copyright.*Login:\s*$" flags="REG_MULTILINE">
450
465
  <description>Nokia Service Router running TiMOS</description>
451
466
  <!-- TiMOS-C-14.0.R5 cpm/hops64 Nokia 7750 SR Copyright (c) 2000-2016 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
452
467
 
@@ -473,7 +488,7 @@
473
488
  <param pos="3" name="hw.product"/>
474
489
  </fingerprint>
475
490
 
476
- <fingerprint pattern="^(?m)TiMOS-[CB]-([\S]+) (?:both|cpm)\/([\w]+) Nokia (SAS[+\w\s-]+) Copyright.*Login:\s*$" flags="REG_MULTILINE">
491
+ <fingerprint pattern="(?m)^TiMOS-[CB]-([\S]+) (?:both|cpm)\/([\w]+) Nokia (SAS[+\w\s-]+) Copyright.*Login:\s*$" flags="REG_MULTILINE">
477
492
  <description>Nokia Service Access Switch running TiMOS</description>
478
493
  <!-- TiMOS-B-8.0.R12 both/hops Nokia SAS-Mxp 22F2C 4SFP+ 7210 Copyright (c) 2000-2017 Nokia.\r\r\nBanner Shortened For \r\r\nBrevity\r\nLogin: -->
479
494
 
@@ -540,7 +555,7 @@
540
555
  <param pos="1" name="hw.product"/>
541
556
  </fingerprint>
542
557
 
543
- <fingerprint pattern="^(?:\r|\n|\s)*Grandstream (GXV[\w-]+)\s+(?:V\d\.\d\w?\s+)?Shell Command.Copyight \d\d\d\d-\d\d\d\d(?:\r|\n)+Username:\s*$">
558
+ <fingerprint pattern="^(?:\r|\n|\s){0,256}Grandstream (GXV[\w-]+)\s+(?:V\d\.\d\w?\s+)?Shell Command.Copyight \d\d\d\d-\d\d\d\d(?:\r|\n)+Username:\s*$">
544
559
  <description>Grandstream IP Cameras</description>
545
560
  <!-- Grandstream GXV3674_FHD_VF Shell Command.Copyight 2011-2014\r\nUsername: -->
546
561
 
@@ -578,7 +593,7 @@
578
593
  <description>Polycom Video Conferencing - VSX Family</description>
579
594
  <!-- Hi, my name is : Something Pity\r\nHere is what I know about myself:\r\nModel: VSX 6000A\r\nSerial Number: 00070906FC34F6\r\nSoftware Version: Release 9.0.6.2-103 - 04Sep2011 21:27\r\nBuild Information: ecomman -->
580
595
 
581
- <example _encoding="base64" hw.product="6000A" host.id="00070906FC34F6" os.version="9.0.6.2-103">
596
+ <example _encoding="base64" hw.product="6000A" hw.serial_number="00070906FC34F6" os.version="9.0.6.2-103">
582
597
  SGksIG15IG5hbWUgaXMgOiAgICAgU29tZXRoaW5nIFBpdHkNCkhlcmUgaXMgd2hhdCBJIGtub
583
598
  3cgYWJvdXQgbXlzZWxmOg0KTW9kZWw6ICAgICAgICAgICAgICAgVlNYIDYwMDBBDQpTZXJpYW
584
599
  wgTnVtYmVyOiAgICAgICAwMDA3MDkwNkZDMzRGNg0KU29mdHdhcmUgVmVyc2lvbjogICAgUmV
@@ -589,7 +604,7 @@
589
604
  <param pos="0" name="hw.family" value="VSX"/>
590
605
  <param pos="0" name="hw.device" value="Video Conferencing"/>
591
606
  <param pos="1" name="hw.product"/>
592
- <param pos="2" name="host.id"/>
607
+ <param pos="2" name="hw.serial_number"/>
593
608
  <param pos="3" name="os.version"/>
594
609
  </fingerprint>
595
610
 
@@ -721,13 +736,13 @@
721
736
  <param pos="0" name="hw.device" value="Router"/>
722
737
  </fingerprint>
723
738
 
724
- <fingerprint pattern="^(?m)(?:\r|\n)*Catalyst 1900 Management Console(?:\r|\n)+.*Ethernet Address:\s+([\w-]+)(?:\r|\n)+.*Model Number:\s+([\w-]+)(?:\r|\n)+System Serial Number:\s+(\w+)(?:\r|\n)+Power Supply" flags="REG_MULTILINE">
739
+ <fingerprint pattern="(?m)^(?:\r|\n)*Catalyst 1900 Management Console(?:\r|\n)+.*Ethernet Address:\s+([\w-]+)(?:\r|\n)+.*Model Number:\s+([\w-]+)(?:\r|\n)+System Serial Number:\s+(\w+)(?:\r|\n)+Power Supply" flags="REG_MULTILINE">
725
740
  <description>Cisco Catalyst 1900</description>
726
741
  <!-- Catalyst 1900, unlike other Catalyst models, didn't run CatOS or IOS -->
727
742
 
728
743
  <!-- Catalyst 1900 Management Console\r\nCopyright (c) Cisco Systems, Inc. 1993-1998\r\nAll rights reserved.\r\nEnterprise Edition Software\r\nEthernet Address: 00-AA-19-38-AA-00\r\n\r\nPCA Number: 73-31AA-AA\r\nPCA Serial Number: FAB033AAAAA\r\nModel Number: WS-C1924-EN\r\nSystem Serial Number: FAB0341AAAA\r\nPower Supply S/N: -->
729
744
 
730
- <example _encoding="base64" host.mac="00-AA-19-38-AA-00" hw.model="WS-C1924-EN" host.id="FAB0341AAAA">
745
+ <example _encoding="base64" host.mac="00-AA-19-38-AA-00" hw.model="WS-C1924-EN" hw.serial_number="FAB0341AAAA">
731
746
  Q2F0YWx5c3QgMTkwMCBNYW5hZ2VtZW50IENvbnNvbGUNCkNvcHlyaWdodCAoYykgQ2lzY28gU
732
747
  3lzdGVtcywgSW5jLiAgMTk5My0xOTk4DQpBbGwgcmlnaHRzIHJlc2VydmVkLg0KRW50ZXJwcm
733
748
  lzZSBFZGl0aW9uIFNvZnR3YXJlDQpFdGhlcm5ldCBBZGRyZXNzOiAgICAgIDAwLUFBLTE5LTM
@@ -744,7 +759,7 @@
744
759
  <param pos="0" name="hw.device" value="Switch"/>
745
760
  <param pos="1" name="host.mac"/>
746
761
  <param pos="2" name="hw.model"/>
747
- <param pos="3" name="host.id"/>
762
+ <param pos="3" name="hw.serial_number"/>
748
763
  </fingerprint>
749
764
 
750
765
  <fingerprint pattern="^192.0.0.64 login:\s*$">
@@ -855,7 +870,7 @@
855
870
  <param pos="1" name="hw.product"/>
856
871
  </fingerprint>
857
872
 
858
- <fingerprint pattern="^(?m)(BCM\d+) Broadband Router\r\n.*Please input the verification code:$" flags="REG_MULTILINE">
873
+ <fingerprint pattern="(?m)^(BCM\d+) Broadband Router\r\n.*Please input the verification code:$" flags="REG_MULTILINE">
859
874
  <description>OEM'd Broadcom Router - input validation code</description>
860
875
  <!-- BCM96318 Broadband Router\r\n====================================================\r\n * * * * * * * * * * * * * * \r\n * * * * * \r\n * * * * * * * * * * * * * \r\n * * * * * \r\n * * * * * \r\n * * * * * * * * * * * * * * * * \r\n====================================================\r\nPlease input the verification code: -->
861
876
 
@@ -919,7 +934,7 @@
919
934
  <description>Moxa NPort Device Server - IA Series</description>
920
935
  <!-- Model name : NPort IA-5250\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No. : 281\r\u0000\nFirmware version : 1.6 Build 17060616\r\u0000\nSystem uptime : 31 days, 06h:03m:45s\r\u0000\n\r\u0000\nPlease keyin your password: -->
921
936
 
922
- <example _encoding="base64" hw.product="IA-5250" host.mac="00:90:E8:AA:AA:AA" host.id="281" os.version="1.6" os.version.version="17060616">
937
+ <example _encoding="base64" hw.product="IA-5250" host.mac="00:90:E8:AA:AA:AA" hw.serial_number="281" os.version="1.6" os.version.version="17060616">
923
938
  TW9kZWwgbmFtZSAgICAgICA6IE5Qb3J0IElBLTUyNTANAApNQUMgYWRkcmVzcyAgICAgIDogM
924
939
  DA6OTA6RTg6QUE6QUE6QUENAApTZXJpYWwgTm8uICAgICAgIDogMjgxDQAKRmlybXdhcmUgdm
925
940
  Vyc2lvbiA6IDEuNiBCdWlsZCAxNzA2MDYxNg0AClN5c3RlbSB1cHRpbWUgICAgOiAzMSBkYXl
@@ -930,7 +945,7 @@
930
945
  <param pos="0" name="hw.device" value="Device Server"/>
931
946
  <param pos="1" name="hw.product"/>
932
947
  <param pos="2" name="host.mac"/>
933
- <param pos="3" name="host.id"/>
948
+ <param pos="3" name="hw.serial_number"/>
934
949
  <param pos="0" name="os.vendor" value="Moxa"/>
935
950
  <param pos="4" name="os.version"/>
936
951
  <param pos="5" name="os.version.version"/>
@@ -942,7 +957,7 @@
942
957
 
943
958
  <!-- Model name : NPort 5610-8-DT\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No. : 9522\r\u0000\nFirmware version : 2.2 Build 11090613\r\u0000\nSystem uptime : 8 days, 02h:11m:44s\r\u0000\n\r\u0000\nPlease keyin your password: -->
944
959
 
945
- <example _encoding="base64" hw.product="5610-8-DT" host.mac="00:90:E8:AA:AA:AA" host.id="9522" os.version="2.2" os.version.version="11090613">
960
+ <example _encoding="base64" hw.product="5610-8-DT" host.mac="00:90:E8:AA:AA:AA" hw.serial_number="9522" os.version="2.2" os.version.version="11090613">
946
961
  TW9kZWwgbmFtZSAgICAgICA6IE5Qb3J0IDU2MTAtOC1EVA0ACk1BQyBhZGRyZXNzICAgICAgO
947
962
  iAwMDo5MDpFODpBQTpBQTpBQQ0AClNlcmlhbCBOby4gICAgICAgOiA5NTIyDQAKRmlybXdhcm
948
963
  UgdmVyc2lvbiA6IDIuMiBCdWlsZCAxMTA5MDYxMw0AClN5c3RlbSB1cHRpbWUgICAgOiA4IGR
@@ -953,7 +968,7 @@
953
968
  <param pos="0" name="hw.device" value="Device Server"/>
954
969
  <param pos="1" name="hw.product"/>
955
970
  <param pos="2" name="host.mac"/>
956
- <param pos="3" name="host.id"/>
971
+ <param pos="3" name="hw.serial_number"/>
957
972
  <param pos="0" name="os.vendor" value="Moxa"/>
958
973
  <param pos="4" name="os.version"/>
959
974
  <param pos="5" name="os.version.version"/>
@@ -976,7 +991,7 @@
976
991
  <description>Moxa MGate Modbus Gateway</description>
977
992
  <!-- Model name : MGate MB3180\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No. : 9474\r\u0000\nFirmware version : 1.2 Build 09101913\r\u0000\nSystem uptime : 15 days, 16h:37m:48s\r\u0000\n\r\u0000\nPlease keyin your password: -->
978
993
 
979
- <example _encoding="base64" hw.product="MB3180" host.mac="00:90:E8:AA:AA:AA" host.id="9474" os.version="1.2" os.version.version="09101913">
994
+ <example _encoding="base64" hw.product="MB3180" host.mac="00:90:E8:AA:AA:AA" hw.serial_number="9474" os.version="1.2" os.version.version="09101913">
980
995
  TW9kZWwgbmFtZSAgICAgICA6IE1HYXRlIE1CMzE4MA0ACk1BQyBhZGRyZXNzICAgICAgOiAwM
981
996
  Do5MDpFODpBQTpBQTpBQQ0AClNlcmlhbCBOby4gICAgICAgOiA5NDc0DQAKRmlybXdhcmUgdm
982
997
  Vyc2lvbiA6IDEuMiBCdWlsZCAwOTEwMTkxMw0AClN5c3RlbSB1cHRpbWUgICAgOiAxNSBkYXl
@@ -987,7 +1002,7 @@
987
1002
  <param pos="0" name="hw.device" value="Industrial Control"/>
988
1003
  <param pos="1" name="hw.product"/>
989
1004
  <param pos="2" name="host.mac"/>
990
- <param pos="3" name="host.id"/>
1005
+ <param pos="3" name="hw.serial_number"/>
991
1006
  <param pos="0" name="os.vendor" value="Moxa"/>
992
1007
  <param pos="4" name="os.version"/>
993
1008
  <param pos="5" name="os.version.version"/>
@@ -997,14 +1012,14 @@
997
1012
  <description>Moxa NE Series Embedded device server</description>
998
1013
  <!-- Model name : NE-4110S\r\u0000\nMAC address : 00:90:E8:AA:AA:AA\r\u0000\nSerial No : 3616\r\u0000\nFirmware version : 4.1 Build 07061517\r\u0000\n\r\u0000\nPlease keyin your password: -->
999
1014
 
1000
- <example _encoding="base64" hw.product="NE-4110S" host.mac="00:90:E8:AA:AA:AA" host.id="3616" os.version="4.1" os.version.version="07061517">
1015
+ <example _encoding="base64" hw.product="NE-4110S" host.mac="00:90:E8:AA:AA:AA" hw.serial_number="3616" os.version="4.1" os.version.version="07061517">
1001
1016
  TW9kZWwgbmFtZSAgICAgICA6IE5FLTQxMTBTDQAKTUFDIGFkZHJlc3MgICAgICA6IDAwOjkwO
1002
1017
  kU4OkFBOkFBOkFBDQAKU2VyaWFsIE5vICAgICAgICA6IDM2MTYNAApGaXJtd2FyZSB2ZXJzaW
1003
1018
  9uIDogNC4xIEJ1aWxkIDA3MDYxNTE3DQAKDQAKUGxlYXNlIGtleWluIHlvdXIgcGFzc3dvcmQ6
1004
1019
  </example>
1005
1020
  <!-- Model name : NE-4110S\r\nMAC address : 00:90:E8:AA:AA:AA\r\nSerial No : 000\r\nFirmware version : 1.5.2\r\n\r\nPlease keyin your password: -->
1006
1021
 
1007
- <example _encoding="base64" hw.product="NE-4110S" host.mac="00:90:E8:AA:AA:AA" host.id="000" os.version="1.5.2">
1022
+ <example _encoding="base64" hw.product="NE-4110S" host.mac="00:90:E8:AA:AA:AA" hw.serial_number="000" os.version="1.5.2">
1008
1023
  TW9kZWwgbmFtZSAgICAgICA6IE5FLTQxMTBTDQpNQUMgYWRkcmVzcyAgICAgIDogMDA6OTA6RTg6QUE6QUE6QUENClNlcmlhbCBObyAgICAgICAgOiAwMDANCkZpcm13YXJlIHZlcnNpb24gOiAxLjUuMg0KDQpQbGVhc2Uga2V5aW4geW91ciBwYXNzd29yZDoK
1009
1024
  </example>
1010
1025
  <param pos="0" name="hw.vendor" value="Moxa"/>
@@ -1012,17 +1027,17 @@
1012
1027
  <param pos="0" name="hw.device" value="Device Server"/>
1013
1028
  <param pos="1" name="hw.product"/>
1014
1029
  <param pos="2" name="host.mac"/>
1015
- <param pos="3" name="host.id"/>
1030
+ <param pos="3" name="hw.serial_number"/>
1016
1031
  <param pos="0" name="os.vendor" value="Moxa"/>
1017
1032
  <param pos="4" name="os.version"/>
1018
1033
  <param pos="5" name="os.version.version"/>
1019
1034
  </fingerprint>
1020
1035
 
1021
- <fingerprint pattern="^Model name\s+: (MiiNePort [\w-]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Device name\s+: [\w:-_\&amp;]+(?:\r|\n|\x00)+Firmware version\s+: ([\d.]+) Build (\d+)(?:\r|\n|\x00)+Ethernet MAC address: ([\w:]+)(?:\r|\n|\x00)+">
1036
+ <fingerprint pattern="^Model name\s+: (MiiNePort [\w-]+)(?:\r|\n|\x00)+Serial No.\s+: (\d+)(?:\r|\n|\x00)+Device name\s+: [\w:\&amp;-]+(?:\r|\n|\x00)+Firmware version\s+: ([\d.]+) Build (\d+)(?:\r|\n|\x00)+Ethernet MAC address: ([\w:]+)(?:\r|\n|\x00)+">
1022
1037
  <description>Moxa MiiNePort Series Embedded device server</description>
1023
1038
  <!-- Model name : MiiNePort E2\r\nSerial No. : 9999\r\nDevice name : MiiNePort_E2_4064\r\nFirmware version : 1.3.36 Build 15031615\r\nEthernet MAC address: 00:90:E8:5A:92:FF\r\n\r\nPlease keyin your password: -->
1024
1039
 
1025
- <example _encoding="base64" hw.product="MiiNePort E2" host.mac="00:90:E8:5A:92:FF" host.id="9999" os.version="1.3.36" os.version.version="15031615">
1040
+ <example _encoding="base64" hw.product="MiiNePort E2" host.mac="00:90:E8:5A:92:FF" hw.serial_number="9999" os.version="1.3.36" os.version.version="15031615">
1026
1041
  TW9kZWwgbmFtZSAgICAgICAgICA6IE1paU5lUG9ydCBFMg0KU2VyaWFsIE5vLiAgICAgICAgI
1027
1042
  CA6IDk5OTkNCkRldmljZSBuYW1lICAgICAgICAgOiBNaWlOZVBvcnRfRTJfNDA2NA0KRmlybX
1028
1043
  dhcmUgdmVyc2lvbiAgICA6IDEuMy4zNiBCdWlsZCAxNTAzMTYxNQ0KRXRoZXJuZXQgTUFDIGF
@@ -1033,7 +1048,7 @@
1033
1048
  <param pos="0" name="hw.family" value="MiiNePort"/>
1034
1049
  <param pos="0" name="hw.device" value="Device Server"/>
1035
1050
  <param pos="1" name="hw.product"/>
1036
- <param pos="2" name="host.id"/>
1051
+ <param pos="2" name="hw.serial_number"/>
1037
1052
  <param pos="0" name="os.vendor" value="Moxa"/>
1038
1053
  <param pos="3" name="os.version"/>
1039
1054
  <param pos="4" name="os.version.version"/>
@@ -1084,7 +1099,7 @@
1084
1099
  <param pos="1" name="os.version"/>
1085
1100
  </fingerprint>
1086
1101
 
1087
- <fingerprint pattern="^(?m)Red Hat Enterprise Linux ES release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d)" flags="REG_MULTILINE">
1102
+ <fingerprint pattern="(?m)^Red Hat Enterprise Linux ES release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d)" flags="REG_MULTILINE">
1088
1103
  <description>RedHat Enterprise Linux ES</description>
1089
1104
  <!-- Red Hat Enterprise Linux ES release 3 (Taroon Update 9\nKernel 2.4.21-47.EL on an x86_64\nlogin: -->
1090
1105
 
@@ -1101,7 +1116,7 @@
1101
1116
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:linux:{os.version}"/>
1102
1117
  </fingerprint>
1103
1118
 
1104
- <fingerprint pattern="^(?m)Red Hat Enterprise Linux AS release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d)" flags="REG_MULTILINE">
1119
+ <fingerprint pattern="(?m)^Red Hat Enterprise Linux AS release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d)" flags="REG_MULTILINE">
1105
1120
  <description>RedHat Enterprise Linux AS</description>
1106
1121
  <!-- Red Hat Enterprise Linux AS release 5.8 (Tikanga)\nKernel 2.6.18-308.11.1.el5 on an x86_64\nlogin: -->
1107
1122
 
@@ -1117,7 +1132,7 @@
1117
1132
  <param pos="3" name="os.arch"/>
1118
1133
  </fingerprint>
1119
1134
 
1120
- <fingerprint pattern="^(?m)Red Hat Enterprise Linux WS release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*)" flags="REG_MULTILINE">
1135
+ <fingerprint pattern="(?m)^Red Hat Enterprise Linux WS release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*)" flags="REG_MULTILINE">
1121
1136
  <description>RedHat Enterprise Linux WS</description>
1122
1137
  <!--Red Hat Enterprise Linux WS release 2.1 (Tampa) \nKernel 2.4.9-e.40smp on an i686 \nlogin: -->
1123
1138
 
@@ -1133,7 +1148,7 @@
1133
1148
  <param pos="3" name="os.arch"/>
1134
1149
  </fingerprint>
1135
1150
 
1136
- <fingerprint pattern="^(?m)Fedora Core.release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d).*$" flags="REG_MULTILINE">
1151
+ <fingerprint pattern="(?m)^Fedora Core.release (.*) \(.*\).*Kernel (.*) on a[^ ]* ([^ ]*\d).*$" flags="REG_MULTILINE">
1137
1152
  <description>Fedora Core Release</description>
1138
1153
  <!-- Fedora Core release 1 (Yarrow)\nKernel 2.4.20-13.9ensim-3.5.0-13 on an i686\nlogin:-->
1139
1154
 
@@ -1149,7 +1164,7 @@
1149
1164
  <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora:{os.version}"/>
1150
1165
  </fingerprint>
1151
1166
 
1152
- <fingerprint pattern="^(?m)Welcome to SuSE Linux (.*) \(([^\)]+)\) - Kernel (.*) .*">
1167
+ <fingerprint pattern="(?m)^Welcome to SuSE Linux (.*) \(([^\)]+)\) - Kernel (.*) .*">
1153
1168
  <description>SuSE Linux</description>
1154
1169
  <!-- Welcome to SuSE Linux 7.0 (i386) - Kernel 2.2.16-RAID (0). 2VG029037\n\nlogin: -->
1155
1170
 
@@ -1222,7 +1237,7 @@
1222
1237
  <param pos="0" name="os.product" value="Brother Printer"/>
1223
1238
  </fingerprint>
1224
1239
 
1225
- <fingerprint pattern="^(.*) Copyright by ARESCOM">
1240
+ <fingerprint pattern="^\s{0,256}(\S{1,64}) Copyright by ARESCOM">
1226
1241
  <description>Arescom System</description>
1227
1242
  <!--NDS1260HE-TLI Copyright by ARESCOM 2002\n\n\nPassword: -->
1228
1243
 
@@ -1232,10 +1247,13 @@
1232
1247
  <param pos="0" name="os.vendor" value="Arescom"/>
1233
1248
  <param pos="0" name="os.device" value="WAP"/>
1234
1249
  <param pos="1" name="os.model"/>
1250
+ <param pos="0" name="hw.vendor" value="Arescom"/>
1251
+ <param pos="0" name="hw.device" value="WAP"/>
1252
+ <param pos="1" name="hw.model"/>
1235
1253
  </fingerprint>
1236
1254
 
1237
1255
  <fingerprint pattern="^Welcome to ViewStation">
1238
- <description>Polycom ViewStation Video Vonference System</description>
1256
+ <description>Polycom ViewStation Video Conference System</description>
1239
1257
  <!-- Welcome to ViewStation\nPassword: -->
1240
1258
 
1241
1259
  <example _encoding="base64">
@@ -1451,7 +1469,7 @@
1451
1469
  <param pos="1" name="host.name"/>
1452
1470
  </fingerprint>
1453
1471
 
1454
- <fingerprint pattern="^(?m)Compaq Tru64 UNIX V(.*) \(Rev. (.*\d)\) .*">
1472
+ <fingerprint pattern="(?m)^Compaq Tru64 UNIX V(.*) \(Rev. (.*\d)\) .*">
1455
1473
  <description>Compaq Tru64 UNIX V</description>
1456
1474
  <!-- Compaq Tru64 UNIX V5.1B (Rev. 2650) (docalpha) (pts/11)\n\n\n\n\nlogin: -->
1457
1475
 
@@ -1492,7 +1510,12 @@
1492
1510
  <param pos="0" name="os.vendor" value="NetApp"/>
1493
1511
  <param pos="0" name="os.family" value="Data ONTAP"/>
1494
1512
  <param pos="0" name="os.product" value="Data ONTAP"/>
1513
+ <param pos="0" name="os.device" value="NAS"/>
1495
1514
  <param pos="0" name="os.cpe23" value="cpe:/o:netapp:data_ontap:-"/>
1515
+ <param pos="0" name="hw.vendor" value="NetApp"/>
1516
+ <param pos="0" name="hw.family" value="Data ONTAP"/>
1517
+ <param pos="0" name="hw.product" value="Data ONTAP"/>
1518
+ <param pos="0" name="hw.device" value="NAS"/>
1496
1519
  </fingerprint>
1497
1520
 
1498
1521
  <fingerprint pattern="OpenVMS.*Version\sV([^\s]+).*">
@@ -1509,7 +1532,7 @@
1509
1532
  <param pos="1" name="os.version"/>
1510
1533
  </fingerprint>
1511
1534
 
1512
- <fingerprint pattern="^(?m)SCO OpenServer\(TM\) Release ([^ ]+).*$">
1535
+ <fingerprint pattern="(?m)^SCO OpenServer\(TM\) Release ([^ ]+).*$">
1513
1536
  <description>SCO OpenServer</description>
1514
1537
  <!-- SCO OpenServer(TM) Release 5 (bomdia.co.za) (ttyp6)\nlogin: -->
1515
1538
 
@@ -1715,7 +1738,7 @@
1715
1738
  <param pos="1" name="os.product"/>
1716
1739
  </fingerprint>
1717
1740
 
1718
- <fingerprint pattern="^(?m).*ConnectUPS">
1741
+ <fingerprint pattern="(?m)^.*ConnectUPS">
1719
1742
  <description>PowerWare ConnectUPS</description>
1720
1743
  <!-- +============================================================================+\n| [ ConnectUPS Web/SNMP
1721
1744
  Card Configuration Utility ] |\n+============================================================================+\n
@@ -1792,13 +1815,13 @@
1792
1815
  <param pos="2" name="os.version"/>
1793
1816
  </fingerprint>
1794
1817
 
1795
- <fingerprint pattern="^(?m).*Welcome to MELCO Print Server.*Server Name *: *([^ ]*)\W.*Server Model *: *([^ ]*).*F \/ W Version *: *([^ ]*).*MAC Address *: *(.. .. .. .. .. ..).*$">
1818
+ <fingerprint pattern="(?m)^.*Welcome to MELCO Print Server.*Server Name *: *([^ ]*)\W.*Server Model *: *([^ ]*).*F \/ W Version *: *([^ ]*).*MAC Address *: *(.. .. .. .. .. ..).*$">
1796
1819
  <description>System is a Buffalo/MELCO Embedded Print Server</description>
1797
1820
  <!-- ***********************************\n* Welcome to MELCO Print Server *\n* Telnet Console *\n***********************************
1798
1821
  \n \nServer Name: PS-B04E8E\nServer Model: LPV 2 - TX 1\nF / W Version: 2.00 J \nMAC Address: AE 32 EA 21 BB E3\n
1799
1822
  Uptime: 0 days, 00: 00: 12\n \nPlease Enter Password:"-->
1800
1823
 
1801
- <example _encoding="base64" os.version="2.00" host.id="PS-B04E8E" os.model="LPV" os.address="AE 32 EA 21 BB E3">
1824
+ <example _encoding="base64" os.version="2.00" host.name="PS-B04E8E" hw.model="LPV" host.mac="AE 32 EA 21 BB E3">
1802
1825
  KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKipcbiogV2VsY29tZSB0byBNRUxDTyBQc
1803
1826
  mludCBTZXJ2ZXIgKlxuKiBUZWxuZXQgQ29uc29sZSAqXG4qKioqKioqKioqKioqKioqKioqKioqKi
1804
1827
  oqKioqKioqKioqKlxuIFxuU2VydmVyIE5hbWU6IFBTLUIwNEU4RVxuU2VydmVyIE1vZGVsOiBMUFY
@@ -1808,14 +1831,16 @@
1808
1831
  </example>
1809
1832
  <param pos="0" name="os.vendor" value="Buffalo"/>
1810
1833
  <param pos="0" name="os.family" value="PrintServer"/>
1811
- <param pos="0" name="os.device" value="Printer"/>
1812
- <param pos="1" name="host.id"/>
1813
- <param pos="2" name="os.model"/>
1834
+ <param pos="0" name="os.device" value="Print Server"/>
1835
+ <param pos="1" name="host.name"/>
1836
+ <param pos="0" name="hw.vendor" value="Buffalo"/>
1837
+ <param pos="0" name="hw.device" value="Print Server"/>
1838
+ <param pos="2" name="hw.model"/>
1814
1839
  <param pos="3" name="os.version"/>
1815
- <param pos="4" name="os.address"/>
1840
+ <param pos="4" name="host.mac"/>
1816
1841
  </fingerprint>
1817
1842
 
1818
- <fingerprint pattern="^(?m)AIX Version\W(\d).*">
1843
+ <fingerprint pattern="(?m)^AIX Version\W(\d).*">
1819
1844
  <description>System is IBM AIX v</description>
1820
1845
  <!-- AIX Version 6\nCopyright IBM Corporation, 1982, 2007.\nlogin: -->
1821
1846
 
@@ -1829,7 +1854,7 @@
1829
1854
  <param pos="0" name="os.cpe23" value="cpe:/o:ibm:aix:{os.version}"/>
1830
1855
  </fingerprint>
1831
1856
 
1832
- <fingerprint pattern="^(?m)CIMC Debug Firmware Utility Shell\W([^\s]+).*">
1857
+ <fingerprint pattern="(?m)^CIMC Debug Firmware Utility Shell\W([^\s]+).*">
1833
1858
  <description>System is Cisco UCS Device</description>
1834
1859
  <!-- CIMC Debug Firmware Utility Shell\nfake-ucs-device-3-1-p login: -->
1835
1860
 
@@ -1843,7 +1868,7 @@
1843
1868
  <param pos="1" name="host.name"/>
1844
1869
  </fingerprint>
1845
1870
 
1846
- <fingerprint pattern="^(?m)HP ProLiant.*v(\d+.\d+)">
1871
+ <fingerprint pattern="(?m)^HP ProLiant.*v(\d+.\d+)">
1847
1872
  <description>Sytem is HP ProLiant server</description>
1848
1873
  <!-- HP ProLiant BL e-Class Integrated Administrator v2.00
1849
1874
  Copyright 2005 Hewlett-Packard Development Group, L.P.
@@ -1870,7 +1895,7 @@
1870
1895
  <param pos="1" name="os.version"/>
1871
1896
  </fingerprint>
1872
1897
 
1873
- <fingerprint pattern="^Power Measurement Ltd. Meter ION ([[:alnum:]]+)">
1898
+ <fingerprint pattern="^Power Measurement Ltd. Meter ION ([a-zA-Z0-9]+)">
1874
1899
  <!-- Power Measurement Ltd. Meter ION 7330V271 ETH ETH7330V272
1875
1900
  Serial#: PB-0204A058-11
1876
1901
  login: -->
@@ -1885,7 +1910,7 @@
1885
1910
  <param pos="1" name="hw.version"/>
1886
1911
  </fingerprint>
1887
1912
 
1888
- <fingerprint pattern="^GW25 v([[:digit:]\.]+) - Intelligent Power Meters GPRS Gateway[[:space:]]+Developed by Satelitech">
1913
+ <fingerprint pattern="^GW25 v([\d.]+) - Intelligent Power Meters GPRS Gateway\s+Developed by Satelitech">
1889
1914
  <!-- GW25 v1.2.1 - Intelligent Power Meters GPRS Gateway
1890
1915
  Developed by Satelitech S.A for ESG Dilec
1891
1916
  Enter password: -->
@@ -2066,4 +2091,23 @@
2066
2091
  <param pos="0" name="service.component.cpe23" value="cpe:/a:sap:netweaver_application_server:-"/>
2067
2092
  </fingerprint>
2068
2093
 
2094
+ <fingerprint pattern="^(?:\r|\n|\s){0,256}UDP/TCP/IP Stack: ACT Video security">
2095
+ <description>ACT Security IP Cameras</description>
2096
+ <!--
2097
+ UDP/TCP/IP Stack: ACT Video security\r\n
2098
+ V5.8\r\n
2099
+ Welcome connection : 192.168.0.1:61300\r\n
2100
+ \r\n
2101
+ Password:
2102
+ -->
2103
+
2104
+ <example _encoding="base64">
2105
+ VURQL1RDUC9JUCBTdGFjazogQUNUIFZpZGVvIHNlY3VyaXR5DQpWNS44DQpX
2106
+ ZWxjb21lIGNvbm5lY3Rpb24gOiAxOTIuMTY4LjAuMTo2MTMwMA0KDQpQYXNz
2107
+ d29yZDog
2108
+ </example>
2109
+ <param pos="0" name="hw.vendor" value="ACT Security"/>
2110
+ <param pos="0" name="hw.device" value="IP Camera"/>
2111
+ </fingerprint>
2112
+
2069
2113
  </fingerprints>