recog 2.3.17 → 2.3.21
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +26 -0
- data/bin/recog_standardize +6 -0
- data/cpe-remap.yaml +342 -200
- data/identifiers/README.md +24 -10
- data/identifiers/fields.txt +104 -0
- data/identifiers/hw_device.txt +2 -0
- data/identifiers/hw_family.txt +11 -0
- data/identifiers/hw_product.txt +71 -0
- data/identifiers/os_device.txt +2 -1
- data/identifiers/os_family.txt +2 -0
- data/identifiers/os_product.txt +36 -8
- data/identifiers/service_family.txt +10 -1
- data/identifiers/service_product.txt +78 -2
- data/identifiers/vendor.txt +55 -0
- data/lib/recog/nizer.rb +1 -82
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/update_cpes.py +18 -5
- data/xml/apache_modules.xml +60 -0
- data/xml/apache_os.xml +1 -1
- data/xml/dns_versionbind.xml +11 -1
- data/xml/favicons.xml +122 -3
- data/xml/ftp_banners.xml +62 -51
- data/xml/html_title.xml +553 -41
- data/xml/http_cookies.xml +262 -61
- data/xml/http_servers.xml +478 -108
- data/xml/http_wwwauth.xml +36 -9
- data/xml/imap_banners.xml +5 -5
- data/xml/ldap_searchresult.xml +1 -0
- data/xml/mdns_device-info_txt.xml +340 -10
- data/xml/mysql_banners.xml +2 -1
- data/xml/nntp_banners.xml +1 -1
- data/xml/ntp_banners.xml +16 -2
- data/xml/operating_system.xml +4 -4
- data/xml/pop_banners.xml +4 -4
- data/xml/rtsp_servers.xml +7 -0
- data/xml/sip_banners.xml +347 -9
- data/xml/sip_user_agents.xml +323 -4
- data/xml/smb_native_lm.xml +32 -1
- data/xml/smb_native_os.xml +160 -33
- data/xml/smtp_banners.xml +167 -128
- data/xml/smtp_expn.xml +1 -0
- data/xml/smtp_vrfy.xml +1 -0
- data/xml/snmp_sysdescr.xml +205 -36
- data/xml/ssh_banners.xml +139 -25
- data/xml/telnet_banners.xml +92 -48
- data/xml/tls_jarm.xml +140 -0
- data/xml/x509_issuers.xml +201 -2
- data/xml/x509_subjects.xml +251 -32
- metadata +5 -2
data/xml/tls_jarm.xml
ADDED
@@ -0,0 +1,140 @@
|
|
1
|
+
<?xml version='1.0' encoding='UTF-8'?>
|
2
|
+
<fingerprints matches="tls.jarm" protocol="tls" database_type="service">
|
3
|
+
<!--
|
4
|
+
Fingerprint based on https://github.com/salesforce/jarm
|
5
|
+
-->
|
6
|
+
|
7
|
+
<fingerprint pattern="^2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa|2ad2ad16d2ad2ad22c2ad2ad2ad2adce2e4c8c53174ecbf5529ce7584d5518$|2ad2ad16d2ad2ad22c42d42d000000d342d5966a57139eeaff9f8bc4841b25$">
|
8
|
+
<description>Tor relay</description>
|
9
|
+
<example>2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa</example>
|
10
|
+
<example>2ad2ad16d2ad2ad22c2ad2ad2ad2adce2e4c8c53174ecbf5529ce7584d5518</example>
|
11
|
+
<example>2ad2ad16d2ad2ad22c42d42d000000d342d5966a57139eeaff9f8bc4841b25</example>
|
12
|
+
<param pos="0" name="service.product" value="Tor"/>
|
13
|
+
<param pos="0" name="service.vendor" value="Tor Project"/>
|
14
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:torproject:tor:-"/>
|
15
|
+
</fingerprint>
|
16
|
+
|
17
|
+
<fingerprint pattern="^2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d$">
|
18
|
+
<description>Synology NAS</description>
|
19
|
+
<example>2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d</example>
|
20
|
+
<param pos="0" name="os.device" value="NAS"/>
|
21
|
+
<param pos="0" name="os.family" value="Linux"/>
|
22
|
+
<param pos="0" name="os.product" value="DSM"/>
|
23
|
+
<param pos="0" name="os.vendor" value="Synology"/>
|
24
|
+
<param pos="0" name="hw.vendor" value="Synology"/>
|
25
|
+
<param pos="0" name="hw.device" value="NAS"/>
|
26
|
+
</fingerprint>
|
27
|
+
|
28
|
+
<fingerprint pattern="^2ad2ad16d2ad2ad22c2ad2ad2ad2ad7e5e7dc6f569c9c16238278a408347ef$">
|
29
|
+
<description>Ubiquiti EdgeRouter</description>
|
30
|
+
<example>2ad2ad16d2ad2ad22c2ad2ad2ad2ad7e5e7dc6f569c9c16238278a408347ef</example>
|
31
|
+
<param pos="0" name="hw.vendor" value="Ubiquiti"/>
|
32
|
+
<param pos="0" name="hw.device" value="Router"/>
|
33
|
+
<param pos="0" name="hw.product" value="EdgeRouter X"/>
|
34
|
+
<param pos="0" name="os.vendor" value="Ubiquiti"/>
|
35
|
+
<param pos="0" name="os.family" value="Linux"/>
|
36
|
+
<param pos="0" name="os.device" value="Router"/>
|
37
|
+
</fingerprint>
|
38
|
+
|
39
|
+
<fingerprint pattern="^07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d$">
|
40
|
+
<description>Metasploit listener</description>
|
41
|
+
<example>07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d</example>
|
42
|
+
<param pos="0" name="service.vendor" value="Rapid7"/>
|
43
|
+
<param pos="0" name="service.product" value="Metasploit"/>
|
44
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:rapid7:metasploit:-"/>
|
45
|
+
</fingerprint>
|
46
|
+
|
47
|
+
<!-- This fingerprint matches Java's TLS stack,
|
48
|
+
see https://blog.cobaltstrike.com/2020/12/08/a-red-teamer-plays-with-jarm/ for details -->
|
49
|
+
|
50
|
+
<fingerprint pattern="^07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1$">
|
51
|
+
<description>Cobalt Strike listener</description>
|
52
|
+
<example>07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1</example>
|
53
|
+
<param pos="0" name="service.vendor" value="Strategic Cyber LLC"/>
|
54
|
+
<param pos="0" name="service.product" value="Cobalt Strike Listener"/>
|
55
|
+
<param pos="0" name="service.certainty" value="0.3"/>
|
56
|
+
</fingerprint>
|
57
|
+
|
58
|
+
<fingerprint pattern="^04b02b00004b04b04b04b02b04b04b9674c6b4e623ae36cc2d998e99e2262e$">
|
59
|
+
<description>Ligowave WiFi access point</description>
|
60
|
+
<example>04b02b00004b04b04b04b02b04b04b9674c6b4e623ae36cc2d998e99e2262e</example>
|
61
|
+
<param pos="0" name="hw.vendor" value="Ligowave"/>
|
62
|
+
<param pos="0" name="hw.product" value="Infinity Controler"/>
|
63
|
+
</fingerprint>
|
64
|
+
|
65
|
+
<fingerprint pattern="^06d06d07d06d06d06c06d06d06d06d7991b0b1ad2cbf06082e3b1a9dcaaa8d$">
|
66
|
+
<description>D-Link DCS-825L WiFi baby camera</description>
|
67
|
+
<example>06d06d07d06d06d06c06d06d06d06d7991b0b1ad2cbf06082e3b1a9dcaaa8d</example>
|
68
|
+
<param pos="0" name="hw.vendor" value="D-Link"/>
|
69
|
+
<param pos="0" name="hw.product" value="DCS-825L"/>
|
70
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:d-link:dcs-825l:-"/>
|
71
|
+
</fingerprint>
|
72
|
+
|
73
|
+
<fingerprint pattern="^0ed3dd16d25d00000042d43d000000e9435856b7ee99e87c06831602602f2d$">
|
74
|
+
<description>LANCOM Systems - 883 VoIP</description>
|
75
|
+
<example>0ed3dd16d25d00000042d43d000000e9435856b7ee99e87c06831602602f2d</example>
|
76
|
+
<param pos="0" name="hw.vendor" value="LANCOM Systems"/>
|
77
|
+
<param pos="0" name="hw.product" value="883 VoIP"/>
|
78
|
+
</fingerprint>
|
79
|
+
|
80
|
+
<fingerprint pattern="^21d14d00021d21d21c42d43d00041d320c989d4ed06a7e9d3133ba36bb2752$">
|
81
|
+
<description>Apple CUPS - web interface</description>
|
82
|
+
<example>21d14d00021d21d21c42d43d00041d320c989d4ed06a7e9d3133ba36bb2752</example>
|
83
|
+
<param pos="0" name="service.vendor" value="Apple"/>
|
84
|
+
<param pos="0" name="service.product" value="CUPS"/>
|
85
|
+
<param pos="0" name="service.family" value="CUPS"/>
|
86
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:apple:cups:-"/>
|
87
|
+
</fingerprint>
|
88
|
+
|
89
|
+
<fingerprint pattern="^0bd14d0000bd0bd0000bd14d0bd0bd6b64279c20472e17718ddea38ab610fa$">
|
90
|
+
<description>Netgear R Series</description>
|
91
|
+
<example>0bd14d0000bd0bd0000bd14d0bd0bd6b64279c20472e17718ddea38ab610fa</example>
|
92
|
+
<param pos="0" name="hw.vendor" value="Netgear"/>
|
93
|
+
<param pos="0" name="hw.product" value="R Series"/>
|
94
|
+
</fingerprint>
|
95
|
+
|
96
|
+
<fingerprint pattern="^2ad2ad16d2ad2ad07c2ad2ad2ad2ad4271ee10d978b0aecbc22f1de60ab611$">
|
97
|
+
<description>Netgear Orbi-micro</description>
|
98
|
+
<example>2ad2ad16d2ad2ad07c2ad2ad2ad2ad4271ee10d978b0aecbc22f1de60ab611</example>
|
99
|
+
<param pos="0" name="hw.vendor" value="Netgear"/>
|
100
|
+
<param pos="0" name="hw.product" value="Orbi micro"/>
|
101
|
+
<param pos="0" name="hw.device" value="WAP"/>
|
102
|
+
<param pos="0" name="hw.family" value="Orbi"/>
|
103
|
+
</fingerprint>
|
104
|
+
|
105
|
+
<fingerprint pattern="^04d02d00004d04d04c04d02d04d04d9674c6b4e623ae36cc2d998e99e2262e$">
|
106
|
+
<description>Netgear D Series</description>
|
107
|
+
<example>04d02d00004d04d04c04d02d04d04d9674c6b4e623ae36cc2d998e99e2262e</example>
|
108
|
+
<param pos="0" name="hw.vendor" value="Netgear"/>
|
109
|
+
<param pos="0" name="hw.product" value="D Series"/>
|
110
|
+
</fingerprint>
|
111
|
+
|
112
|
+
<fingerprint pattern="^21d3fd00021d21d21c21d3fd21d21d89188428dae58757cf803176e9701156$">
|
113
|
+
<description>Chromecast</description>
|
114
|
+
<example>21d3fd00021d21d21c21d3fd21d21d89188428dae58757cf803176e9701156</example>
|
115
|
+
<param pos="0" name="os.vendor" value="Google"/>
|
116
|
+
<param pos="0" name="os.product" value="Chrome OS"/>
|
117
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:google:chrome_os:-"/>
|
118
|
+
<param pos="0" name="hw.device" value="Media Server"/>
|
119
|
+
<param pos="0" name="hw.vendor" value="Google"/>
|
120
|
+
<param pos="0" name="hw.product" value="Chromecast"/>
|
121
|
+
</fingerprint>
|
122
|
+
|
123
|
+
<fingerprint pattern="^21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601$">
|
124
|
+
<description>VMWare ESXi</description>
|
125
|
+
<example>21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601</example>
|
126
|
+
<param pos="0" name="os.vendor" value="VMware"/>
|
127
|
+
<param pos="0" name="os.family" value="VMware ESX/ESXi"/>
|
128
|
+
<param pos="0" name="os.product" value="VMware ESXi Server"/>
|
129
|
+
<param pos="0" name="os.device" value="Hypervisor"/>
|
130
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:vmware:esxi:-"/>
|
131
|
+
<param pos="0" name="hw.device" value="Hypervisor"/>
|
132
|
+
</fingerprint>
|
133
|
+
|
134
|
+
<fingerprint pattern="^29d21b20d29d29d21c41d21b21b41d494e0df9532e75299f15ba73156cee38$">
|
135
|
+
<description>Merlin C2</description>
|
136
|
+
<example>29d21b20d29d29d21c41d21b21b41d494e0df9532e75299f15ba73156cee38</example>
|
137
|
+
<param pos="0" name="service.product" value="Merlin"/>
|
138
|
+
</fingerprint>
|
139
|
+
|
140
|
+
</fingerprints>
|
data/xml/x509_issuers.xml
CHANGED
@@ -8,6 +8,91 @@
|
|
8
8
|
a specific order. Please see the comments in x509_subjects.xml for details.
|
9
9
|
-->
|
10
10
|
|
11
|
+
<!-- The following group has been included for performance reasons -->
|
12
|
+
|
13
|
+
<fingerprint pattern="^CN=R3,O=Let's Encrypt,C=US$">
|
14
|
+
<description>Lets Encrypt R3 - generic -- assert nothing.</description>
|
15
|
+
<example>CN=R3,O=Let's Encrypt,C=US</example>
|
16
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
17
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
18
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
19
|
+
</fingerprint>
|
20
|
+
|
21
|
+
<fingerprint pattern="^CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US$">
|
22
|
+
<description>Lets Encrypt X3 - generic -- assert nothing.</description>
|
23
|
+
<example>CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US</example>
|
24
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
25
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
26
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
27
|
+
</fingerprint>
|
28
|
+
|
29
|
+
<fingerprint pattern="^CN=Amazon,OU=Server CA 1B,O=Amazon,C=US$">
|
30
|
+
<description>Amazon AWS Server CA 1B - generic -- assert nothing.</description>
|
31
|
+
<example>CN=Amazon,OU=Server CA 1B,O=Amazon,C=US</example>
|
32
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
33
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
34
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
35
|
+
</fingerprint>
|
36
|
+
|
37
|
+
<fingerprint pattern="^CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US$">
|
38
|
+
<description>DigiCert SHA2 - generic -- assert nothing.</description>
|
39
|
+
<example>CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US</example>
|
40
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
41
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
42
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
43
|
+
</fingerprint>
|
44
|
+
|
45
|
+
<fingerprint pattern="^CN=DigiCert TLS (?:RSA SHA256|Hybrid ECC SHA384) 2020 CA1,O=DigiCert Inc,C=US$">
|
46
|
+
<description>DigiCert SHA256 2020 CA1 - generic -- assert nothing.</description>
|
47
|
+
<example>CN=DigiCert TLS RSA SHA256 2020 CA1,O=DigiCert Inc,C=US</example>
|
48
|
+
<example>CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1,O=DigiCert Inc,C=US</example>
|
49
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
50
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
51
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
52
|
+
</fingerprint>
|
53
|
+
|
54
|
+
<fingerprint pattern="^CN=DigiCert Secure Site ECC CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US$">
|
55
|
+
<description>DigiCert ECC CA-1 - generic -- assert nothing.</description>
|
56
|
+
<example>CN=DigiCert Secure Site ECC CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
|
57
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
58
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
59
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
60
|
+
</fingerprint>
|
61
|
+
|
62
|
+
<fingerprint pattern="^CN=DigiCert SHA2 (?:Extended Validation|High Assurance) Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US$">
|
63
|
+
<description>DigiCert SHA2 EV - generic -- assert nothing.</description>
|
64
|
+
<example>CN=DigiCert SHA2 Extended Validation Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
|
65
|
+
<example>CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
|
66
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
67
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
68
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
69
|
+
</fingerprint>
|
70
|
+
|
71
|
+
<fingerprint pattern="^CN=Sectigo RSA (?:Domain|Organization) Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB$">
|
72
|
+
<description>Sectigo RSA - generic -- assert nothing.</description>
|
73
|
+
<example>CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB</example>
|
74
|
+
<example>CN=Sectigo RSA Organization Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB</example>
|
75
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
76
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
77
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
78
|
+
</fingerprint>
|
79
|
+
|
80
|
+
<fingerprint pattern="^CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US$">
|
81
|
+
<description>GeoTrust RSA CA 2018 - generic -- assert nothing.</description>
|
82
|
+
<example>CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
|
83
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
84
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
85
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
86
|
+
</fingerprint>
|
87
|
+
|
88
|
+
<fingerprint pattern="^CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs\.godaddy\.com/repository/,O=GoDaddy.com\\, Inc\.,L=Scottsdale,ST=Arizona,C=US$">
|
89
|
+
<description>Go Daddy G2 - generic -- assert nothing.</description>
|
90
|
+
<example>CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US</example>
|
91
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
92
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
93
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
94
|
+
</fingerprint>
|
95
|
+
|
11
96
|
<!-- Chromecast and various devices that support the Cast protocol -->
|
12
97
|
|
13
98
|
<fingerprint pattern="^CN=Eureka Gen1 ICA,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US$">
|
@@ -15,10 +100,12 @@
|
|
15
100
|
<example>CN=Eureka Gen1 ICA,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US</example>
|
16
101
|
<param pos="0" name="os.vendor" value="Google"/>
|
17
102
|
<param pos="0" name="os.product" value="Chrome OS"/>
|
103
|
+
<param pos="0" name="os.certainty" value="0.5"/>
|
18
104
|
<param pos="0" name="os.cpe23" value="cpe:/o:google:chrome_os:-"/>
|
19
105
|
<param pos="0" name="hw.device" value="Media Server"/>
|
20
106
|
<param pos="0" name="hw.vendor" value="Google"/>
|
21
107
|
<param pos="0" name="hw.product" value="Chromecast"/>
|
108
|
+
<param pos="0" name="hw.certainty" value="0.5"/>
|
22
109
|
<param pos="0" name="chromecast.generation" value="1"/>
|
23
110
|
</fingerprint>
|
24
111
|
|
@@ -34,10 +121,12 @@
|
|
34
121
|
<example chromecast.generation="12">CN=Chromecast ICA 12,OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
|
35
122
|
<param pos="0" name="os.vendor" value="Google"/>
|
36
123
|
<param pos="0" name="os.product" value="Chrome OS"/>
|
124
|
+
<param pos="0" name="os.certainty" value="0.5"/>
|
37
125
|
<param pos="0" name="os.cpe23" value="cpe:/o:google:chrome_os:-"/>
|
38
126
|
<param pos="0" name="hw.device" value="Media Server"/>
|
39
127
|
<param pos="0" name="hw.vendor" value="Google"/>
|
40
128
|
<param pos="0" name="hw.product" value="Chromecast"/>
|
129
|
+
<param pos="0" name="hw.certainty" value="0.5"/>
|
41
130
|
<param pos="1" name="chromecast.generation"/>
|
42
131
|
<param pos="2" name="chromecast.capabilities"/>
|
43
132
|
</fingerprint>
|
@@ -119,6 +208,20 @@
|
|
119
208
|
<param pos="0" name="hw.vendor" value="APC"/>
|
120
209
|
</fingerprint>
|
121
210
|
|
211
|
+
<fingerprint pattern="^CN=ASA Temporary Self Signed Certificate$">
|
212
|
+
<description>Cisco ASA Temp Cert</description>
|
213
|
+
<example>CN=ASA Temporary Self Signed Certificate</example>
|
214
|
+
<param pos="0" name="os.vendor" value="Cisco"/>
|
215
|
+
<param pos="0" name="os.family" value="Adaptive Security Appliance"/>
|
216
|
+
<param pos="0" name="os.product" value="Adaptive Security Appliance"/>
|
217
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance_software:-"/>
|
218
|
+
<param pos="0" name="hw.vendor" value="Cisco"/>
|
219
|
+
<param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
|
220
|
+
<param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
|
221
|
+
<param pos="0" name="hw.device" value="Firewall"/>
|
222
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
|
223
|
+
</fingerprint>
|
224
|
+
|
122
225
|
<fingerprint pattern="^CN=Temporary CA [a-fA-F0-9]{8}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{12},OU=Temporary CA">
|
123
226
|
<description>Cisco Video Communication Server</description>
|
124
227
|
<example>CN=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74,OU=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74,O=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74</example>
|
@@ -131,9 +234,11 @@
|
|
131
234
|
<description>VMware ESXi w/Installer</description>
|
132
235
|
<example>O=VMware Installer</example>
|
133
236
|
<param pos="0" name="os.vendor" value="VMware"/>
|
134
|
-
<param pos="0" name="os.
|
237
|
+
<param pos="0" name="os.family" value="VMware ESX/ESXi"/>
|
238
|
+
<param pos="0" name="os.product" value="VMware ESXi Server"/>
|
135
239
|
<param pos="0" name="os.device" value="Hypervisor"/>
|
136
240
|
<param pos="0" name="os.cpe23" value="cpe:/o:vmware:esxi:-"/>
|
241
|
+
<param pos="0" name="hw.device" value="Hypervisor"/>
|
137
242
|
</fingerprint>
|
138
243
|
|
139
244
|
<fingerprint pattern="^CN=CA,OU=VMware Engineering,O=vCenter,ST=California,C=US$">
|
@@ -151,11 +256,105 @@
|
|
151
256
|
<param pos="0" name="hw.vendor" value="HP"/>
|
152
257
|
<param pos="0" name="hw.family" value="iLO"/>
|
153
258
|
<param pos="0" name="hw.product" value="iLO"/>
|
154
|
-
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:
|
259
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
|
155
260
|
<param pos="0" name="os.device" value="Lights Out Management"/>
|
156
261
|
<param pos="0" name="os.vendor" value="HP"/>
|
157
262
|
<param pos="0" name="os.family" value="iLO"/>
|
158
263
|
<param pos="0" name="os.product" value="iLO"/>
|
264
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
|
265
|
+
</fingerprint>
|
266
|
+
|
267
|
+
<fingerprint pattern="^CN=synology.com,O=Synology Inc.,L=Taipei,C=TW$">
|
268
|
+
<description>Synology</description>
|
269
|
+
<example>CN=synology.com,O=Synology Inc.,L=Taipei,C=TW</example>
|
270
|
+
<param pos="0" name="os.device" value="NAS"/>
|
271
|
+
<param pos="0" name="os.family" value="Linux"/>
|
272
|
+
<param pos="0" name="os.product" value="DSM"/>
|
273
|
+
<param pos="0" name="os.vendor" value="Synology"/>
|
274
|
+
<param pos="0" name="hw.vendor" value="Synology"/>
|
275
|
+
<param pos="0" name="hw.device" value="NAS"/>
|
276
|
+
</fingerprint>
|
277
|
+
|
278
|
+
<fingerprint pattern="^CN=default(?: [A-Z]+)?,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US$">
|
279
|
+
<description>Citrix Netscaler (later renamed to Citrix ADC)</description>
|
280
|
+
<example>CN=default,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
|
281
|
+
<example>CN=default UYENMB,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
|
282
|
+
<param pos="0" name="service.vendor" value="Citrix"/>
|
283
|
+
<param pos="0" name="service.family" value="Netscaler"/>
|
284
|
+
<param pos="0" name="service.product" value="Netscaler"/>
|
285
|
+
<param pos="0" name="service.device" value="Network Management Device"/>
|
286
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler:-"/>
|
287
|
+
<param pos="0" name="os.vendor" value="Citrix"/>
|
288
|
+
<param pos="0" name="os.family" value="Netscaler"/>
|
289
|
+
<param pos="0" name="os.product" value="Netscaler Gateway Firmware"/>
|
290
|
+
<param pos="0" name="os.device" value="Network Management Device"/>
|
291
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_gateway_firmware:-"/>
|
292
|
+
<param pos="0" name="hw.vendor" value="Citrix"/>
|
293
|
+
<param pos="0" name="hw.family" value="Netscaler"/>
|
294
|
+
<param pos="0" name="hw.product" value="Netscaler Gateway"/>
|
295
|
+
<param pos="0" name="hw.device" value="Network Management Device"/>
|
296
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:citrix:netscaler_gateway:-"/>
|
297
|
+
</fingerprint>
|
298
|
+
|
299
|
+
<fingerprint pattern="^O=Technicolor,L=Edegem,ST=Antwerp,C=BE$">
|
300
|
+
<description>Technicolor Router - without model or version</description>
|
301
|
+
<example>O=Technicolor,L=Edegem,ST=Antwerp,C=BE</example>
|
302
|
+
<param pos="0" name="os.vendor" value="Technicolor"/>
|
303
|
+
<param pos="0" name="os.device" value="Router"/>
|
304
|
+
<param pos="0" name="os.certainty" value="0.5"/>
|
305
|
+
<param pos="0" name="hw.vendor" value="Technicolor"/>
|
306
|
+
<param pos="0" name="hw.device" value="Router"/>
|
307
|
+
<param pos="0" name="hw.certainty" value="0.5"/>
|
308
|
+
</fingerprint>
|
309
|
+
|
310
|
+
<fingerprint pattern="^CN=Vigor Router,OU=DrayTek Support,O=DrayTek Corp.,L=HuKou,ST=HsinChu,C=TW$">
|
311
|
+
<description>DrayTek Vigor Router - without model or version</description>
|
312
|
+
<example>CN=Vigor Router,OU=DrayTek Support,O=DrayTek Corp.,L=HuKou,ST=HsinChu,C=TW</example>
|
313
|
+
<param pos="0" name="os.vendor" value="DrayTek"/>
|
314
|
+
<param pos="0" name="os.device" value="Router"/>
|
315
|
+
<param pos="0" name="os.certainty" value="0.5"/>
|
316
|
+
<param pos="0" name="hw.vendor" value="DrayTek"/>
|
317
|
+
<param pos="0" name="hw.family" value="Vigor"/>
|
318
|
+
<param pos="0" name="hw.device" value="Router"/>
|
319
|
+
<param pos="0" name="hw.certainty" value="0.5"/>
|
320
|
+
</fingerprint>
|
321
|
+
|
322
|
+
<fingerprint pattern="^CN=Kubernetes Ingress Controller Fake Certificate,O=Acme Co$">
|
323
|
+
<description>Kubernetes NGINX Ingress Controller with default cert</description>
|
324
|
+
<example>CN=Kubernetes Ingress Controller Fake Certificate,O=Acme Co</example>
|
325
|
+
<param pos="0" name="service.vendor" value="Kubernetes"/>
|
326
|
+
<param pos="0" name="service.family" value="Kubernetes"/>
|
327
|
+
<param pos="0" name="service.product" value="NGINX Ingress Controller"/>
|
328
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:nginx_ingress_controller:-"/>
|
329
|
+
</fingerprint>
|
330
|
+
|
331
|
+
<fingerprint pattern="^CN=TRAEFIK DEFAULT CERT$">
|
332
|
+
<description>Traefik Proxy default certificate</description>
|
333
|
+
<example>CN=TRAEFIK DEFAULT CERT</example>
|
334
|
+
<param pos="0" name="service.vendor" value="Traefik Labs"/>
|
335
|
+
<param pos="0" name="service.family" value="Traefik"/>
|
336
|
+
<param pos="0" name="service.product" value="Traefik Proxy"/>
|
337
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:traefik:traefik:-"/>
|
338
|
+
</fingerprint>
|
339
|
+
|
340
|
+
<fingerprint pattern="(?i)^CN=Fireware web CA,OU=Fireware,O=WatchGuard(?: CA)?$">
|
341
|
+
<description>WatchGuard Fireware</description>
|
342
|
+
<example>CN=Fireware web ca,OU=Fireware,O=WatchGuard</example>
|
343
|
+
<example>CN=Fireware web CA,OU=Fireware,O=Watchguard CA</example>
|
344
|
+
<param pos="0" name="service.vendor" value="WatchGuard"/>
|
345
|
+
<param pos="0" name="service.product" value="Fireware XTM"/>
|
346
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:watchguard:fireware_xtm:-"/>
|
347
|
+
<param pos="0" name="os.vendor" value="WatchGuard"/>
|
348
|
+
<param pos="0" name="os.product" value="Fireware"/>
|
349
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:watchguard:fireware:-"/>
|
350
|
+
</fingerprint>
|
351
|
+
|
352
|
+
<fingerprint pattern="^O=Caddy Self-Signed$">
|
353
|
+
<description>CaddyServer Caddy - golang based httpd</description>
|
354
|
+
<example>O=Caddy Self-Signed</example>
|
355
|
+
<param pos="0" name="service.vendor" value="CaddyServer"/>
|
356
|
+
<param pos="0" name="service.product" value="Caddy"/>
|
357
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:caddyserver:caddy:-"/>
|
159
358
|
</fingerprint>
|
160
359
|
|
161
360
|
</fingerprints>
|
data/xml/x509_subjects.xml
CHANGED
@@ -69,11 +69,12 @@
|
|
69
69
|
|
70
70
|
<fingerprint pattern="^SERIALNUMBER=PID:([^ ]+) SN:([^,]+),CN=(?:[a-zA-Z0-9\-]+)-SEP([a-fA-F0-9]{12}),OU=[CV]TG,O=Cisco Systems Inc\.$">
|
71
71
|
<description>Cisco IP phone with serial number</description>
|
72
|
-
<example host.mac="B07D47D33A1C" hw.product="CP-8851" cisco.serial_number="FCH1924AHCA">SERIALNUMBER=PID:CP-8851 SN:FCH1924AHCA,CN=CP-8851-SEPB07D47D33A1C,OU=CTG,O=Cisco Systems Inc.</example>
|
73
|
-
<example host.mac="64D989000000" hw.product="CP-9951" cisco.serial_number="FCH15200000">SERIALNUMBER=PID:CP-9951 SN:FCH15200000,CN=CP-9951-SEP64D989000000,OU=VTG,O=Cisco Systems Inc.</example>
|
72
|
+
<example host.mac="B07D47D33A1C" hw.product="CP-8851" cisco.serial_number="FCH1924AHCA" hw.serial_number="FCH1924AHCA">SERIALNUMBER=PID:CP-8851 SN:FCH1924AHCA,CN=CP-8851-SEPB07D47D33A1C,OU=CTG,O=Cisco Systems Inc.</example>
|
73
|
+
<example host.mac="64D989000000" hw.product="CP-9951" cisco.serial_number="FCH15200000" hw.serial_number="FCH15200000">SERIALNUMBER=PID:CP-9951 SN:FCH15200000,CN=CP-9951-SEP64D989000000,OU=VTG,O=Cisco Systems Inc.</example>
|
74
74
|
<param pos="0" name="hw.device" value="VoIP"/>
|
75
75
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
76
76
|
<param pos="1" name="hw.product"/>
|
77
|
+
<param pos="2" name="hw.serial_number"/>
|
77
78
|
<param pos="2" name="cisco.serial_number"/>
|
78
79
|
<param pos="3" name="host.mac"/>
|
79
80
|
</fingerprint>
|
@@ -103,6 +104,29 @@
|
|
103
104
|
<param pos="1" name="hw.product"/>
|
104
105
|
</fingerprint>
|
105
106
|
|
107
|
+
<fingerprint pattern="^O=Technicolor,L=Edegem,ST=Antwerp,C=BE$">
|
108
|
+
<description>Technicolor Router - without model or version</description>
|
109
|
+
<example>O=Technicolor,L=Edegem,ST=Antwerp,C=BE</example>
|
110
|
+
<param pos="0" name="os.vendor" value="Technicolor"/>
|
111
|
+
<param pos="0" name="os.device" value="Router"/>
|
112
|
+
<param pos="0" name="os.certainty" value="0.5"/>
|
113
|
+
<param pos="0" name="hw.vendor" value="Technicolor"/>
|
114
|
+
<param pos="0" name="hw.device" value="Router"/>
|
115
|
+
<param pos="0" name="hw.certainty" value="0.5"/>
|
116
|
+
</fingerprint>
|
117
|
+
|
118
|
+
<fingerprint pattern="^CN=Vigor Router,OU=DrayTek Support,O=DrayTek Corp.,L=HuKou,ST=HsinChu,C=TW$">
|
119
|
+
<description>DrayTek Vigor Router - without model or version</description>
|
120
|
+
<example>CN=Vigor Router,OU=DrayTek Support,O=DrayTek Corp.,L=HuKou,ST=HsinChu,C=TW</example>
|
121
|
+
<param pos="0" name="os.vendor" value="DrayTek"/>
|
122
|
+
<param pos="0" name="os.device" value="Router"/>
|
123
|
+
<param pos="0" name="os.certainty" value="0.5"/>
|
124
|
+
<param pos="0" name="hw.vendor" value="DrayTek"/>
|
125
|
+
<param pos="0" name="hw.family" value="Vigor"/>
|
126
|
+
<param pos="0" name="hw.device" value="Router"/>
|
127
|
+
<param pos="0" name="hw.certainty" value="0.5"/>
|
128
|
+
</fingerprint>
|
129
|
+
|
106
130
|
<fingerprint pattern="^CN=Nepenthes Development Team,OU=anv,O=dionaea\.carnivore\.it,C=DE$">
|
107
131
|
<description>Nepenthes honeypot</description>
|
108
132
|
<example>CN=Nepenthes Development Team,OU=anv,O=dionaea.carnivore.it,C=DE</example>
|
@@ -198,11 +222,12 @@
|
|
198
222
|
<param pos="0" name="hw.vendor" value="HP"/>
|
199
223
|
<param pos="0" name="hw.family" value="iLO"/>
|
200
224
|
<param pos="0" name="hw.product" value="iLO"/>
|
201
|
-
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:
|
225
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
|
202
226
|
<param pos="0" name="os.device" value="Lights Out Management"/>
|
203
227
|
<param pos="0" name="os.vendor" value="HP"/>
|
204
228
|
<param pos="0" name="os.family" value="iLO"/>
|
205
229
|
<param pos="0" name="os.product" value="iLO"/>
|
230
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
|
206
231
|
<param pos="1" name="host.name"/>
|
207
232
|
</fingerprint>
|
208
233
|
|
@@ -213,11 +238,12 @@
|
|
213
238
|
<param pos="0" name="hw.vendor" value="HP"/>
|
214
239
|
<param pos="0" name="hw.family" value="iLO"/>
|
215
240
|
<param pos="0" name="hw.product" value="iLO"/>
|
216
|
-
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:
|
241
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
|
217
242
|
<param pos="0" name="os.device" value="Lights Out Management"/>
|
218
243
|
<param pos="0" name="os.vendor" value="HP"/>
|
219
244
|
<param pos="0" name="os.family" value="iLO"/>
|
220
245
|
<param pos="0" name="os.product" value="iLO"/>
|
246
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
|
221
247
|
</fingerprint>
|
222
248
|
|
223
249
|
<fingerprint pattern="^CN=OA\-([a-fA-F0-9]+),OU=Onboard Administrator,">
|
@@ -228,11 +254,12 @@
|
|
228
254
|
<param pos="0" name="hw.vendor" value="HP"/>
|
229
255
|
<param pos="0" name="hw.family" value="iLO"/>
|
230
256
|
<param pos="0" name="hw.product" value="iLO"/>
|
231
|
-
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:
|
257
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
|
232
258
|
<param pos="0" name="os.device" value="Lights Out Management"/>
|
233
259
|
<param pos="0" name="os.vendor" value="HP"/>
|
234
260
|
<param pos="0" name="os.family" value="iLO"/>
|
235
261
|
<param pos="0" name="os.product" value="iLO"/>
|
262
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
|
236
263
|
<param pos="1" name="host.mac"/>
|
237
264
|
</fingerprint>
|
238
265
|
|
@@ -243,11 +270,12 @@
|
|
243
270
|
<param pos="0" name="hw.vendor" value="HP"/>
|
244
271
|
<param pos="0" name="hw.family" value="iLO"/>
|
245
272
|
<param pos="0" name="hw.product" value="iLO"/>
|
246
|
-
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:
|
273
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
|
247
274
|
<param pos="0" name="os.device" value="Lights Out Management"/>
|
248
275
|
<param pos="0" name="os.vendor" value="HP"/>
|
249
276
|
<param pos="0" name="os.family" value="iLO"/>
|
250
277
|
<param pos="0" name="os.product" value="iLO"/>
|
278
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
|
251
279
|
<param pos="1" name="host.name"/>
|
252
280
|
</fingerprint>
|
253
281
|
|
@@ -262,6 +290,7 @@
|
|
262
290
|
<param pos="0" name="os.vendor" value="Oracle"/>
|
263
291
|
<param pos="0" name="os.family" value="ILOM"/>
|
264
292
|
<param pos="0" name="os.product" value="ILOM"/>
|
293
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:oracle:integrated_lights_out_manager_firmware:-"/>
|
265
294
|
</fingerprint>
|
266
295
|
|
267
296
|
<fingerprint pattern="^CN=AMI,OU=Service Processors,O=American Megatrends Inc">
|
@@ -280,10 +309,11 @@
|
|
280
309
|
|
281
310
|
<fingerprint pattern="^CN=C-series CIMC,OU=PID:([^ ]+) SERIAL:([^,]+),O=Cisco">
|
282
311
|
<description>Cisco Integrated Management Controller</description>
|
283
|
-
<example cisco.serial_number="FCH18999AAA" cisco.imc_model="UCSC-C220-M3S">CN=C-series CIMC,OU=PID:UCSC-C220-M3S SERIAL:FCH18999AAA,O=Cisco Self Signed,L=San Jose,ST=California,C=US</example>
|
312
|
+
<example cisco.serial_number="FCH18999AAA" hw.serial_number="FCH18999AAA" cisco.imc_model="UCSC-C220-M3S">CN=C-series CIMC,OU=PID:UCSC-C220-M3S SERIAL:FCH18999AAA,O=Cisco Self Signed,L=San Jose,ST=California,C=US</example>
|
284
313
|
<param pos="0" name="hw.device" value="Lights Out Management"/>
|
285
314
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
286
315
|
<param pos="0" name="hw.product" value="IMC"/>
|
316
|
+
<param pos="2" name="hw.serial_number"/>
|
287
317
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
288
318
|
<param pos="0" name="os.family" value="Linux"/>
|
289
319
|
<param pos="0" name="os.product" value="IMC"/>
|
@@ -293,10 +323,11 @@
|
|
293
323
|
|
294
324
|
<fingerprint pattern="^CN=C220-(FCH[^,]+),OU=null,O=Cisco Systems Inc">
|
295
325
|
<description>Cisco Integrated Management Controller C220</description>
|
296
|
-
<example cisco.serial_number="FCH17999AAA">CN=C220-FCH17999AAA,OU=null,O=Cisco Systems Inc.,L=San Jose,ST=California,C=US</example>
|
326
|
+
<example cisco.serial_number="FCH17999AAA" hw.serial_number="FCH17999AAA">CN=C220-FCH17999AAA,OU=null,O=Cisco Systems Inc.,L=San Jose,ST=California,C=US</example>
|
297
327
|
<param pos="0" name="hw.device" value="Lights Out Management"/>
|
298
328
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
299
329
|
<param pos="0" name="hw.product" value="IMC"/>
|
330
|
+
<param pos="1" name="hw.serial_number"/>
|
300
331
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
301
332
|
<param pos="0" name="os.family" value="Linux"/>
|
302
333
|
<param pos="0" name="os.product" value="IMC"/>
|
@@ -370,7 +401,7 @@
|
|
370
401
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
371
402
|
<param pos="0" name="os.family" value="Adaptive Security Appliance"/>
|
372
403
|
<param pos="0" name="os.product" value="Adaptive Security Appliance"/>
|
373
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:
|
404
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance_software:-"/>
|
374
405
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
375
406
|
<param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
|
376
407
|
<param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
|
@@ -380,12 +411,13 @@
|
|
380
411
|
|
381
412
|
<fingerprint pattern="^SERIALNUMBER=([a-zA-Z0-9]+),CN=DEVICE-vWLC,O=Cisco Virtual WLC$">
|
382
413
|
<description>Cisco vWLC</description>
|
383
|
-
<example cisco.serial_number="9C89M2088D1">SERIALNUMBER=9C89M2088D1,CN=DEVICE-vWLC,O=Cisco Virtual WLC</example>
|
414
|
+
<example cisco.serial_number="9C89M2088D1" hw.serial_number="9C89M2088D1">SERIALNUMBER=9C89M2088D1,CN=DEVICE-vWLC,O=Cisco Virtual WLC</example>
|
384
415
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
385
416
|
<param pos="0" name="os.device" value="Wireless Controller"/>
|
386
417
|
<param pos="0" name="os.product" value="Wireless LAN Controller"/>
|
387
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:
|
418
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller_software:-"/>
|
388
419
|
<param pos="1" name="cisco.serial_number"/>
|
420
|
+
<param pos="1" name="hw.serial_number"/>
|
389
421
|
</fingerprint>
|
390
422
|
|
391
423
|
<fingerprint pattern="^CN=[a-zA-Z0-9\.\-\_]+,OU=DeviceSSL \(WebAdmin\),O=Cisco Systems Inc\.,C=US$">
|
@@ -394,7 +426,7 @@
|
|
394
426
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
395
427
|
<param pos="0" name="os.device" value="Wireless Controller"/>
|
396
428
|
<param pos="0" name="os.product" value="Wireless LAN Controller"/>
|
397
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:
|
429
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller_software:-"/>
|
398
430
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
399
431
|
<param pos="0" name="hw.device" value="Wireless Controller"/>
|
400
432
|
<param pos="0" name="hw.product" value="Wireless LAN Controller"/>
|
@@ -477,11 +509,14 @@
|
|
477
509
|
<fingerprint pattern="^CN=([a-zA-Z0-9\.\-\_]+),OU=VMware ESX Server Default Certificate,O=VMware\\, Inc,L=Palo Alto,ST=California,C=US$">
|
478
510
|
<description>VMware ESX</description>
|
479
511
|
<example>CN=server99.,OU=VMware ESX Server Default Certificate,O=VMware\, Inc,L=Palo Alto,ST=California,C=US</example>
|
512
|
+
<param pos="0" name="service.vendor" value="VMware"/>
|
480
513
|
<param pos="0" name="os.vendor" value="VMware"/>
|
481
|
-
<param pos="0" name="os.
|
514
|
+
<param pos="0" name="os.family" value="VMware ESX/ESXi"/>
|
515
|
+
<param pos="0" name="os.product" value="VMware ESX Server"/>
|
482
516
|
<param pos="0" name="os.device" value="Hypervisor"/>
|
483
517
|
<param pos="0" name="os.cpe23" value="cpe:/o:vmware:esx:-"/>
|
484
518
|
<param pos="1" name="host.name"/>
|
519
|
+
<param pos="0" name="hw.device" value="Hypervisor"/>
|
485
520
|
</fingerprint>
|
486
521
|
|
487
522
|
<fingerprint pattern="^CN.*,OU=SRM,O=VMware\\, Inc\.,L=Palo Alto,ST=California,C=US$">
|
@@ -496,6 +531,24 @@
|
|
496
531
|
<param pos="0" name="service.product" value="Site Recovery Manager"/>
|
497
532
|
</fingerprint>
|
498
533
|
|
534
|
+
<fingerprint pattern="^CN=([^,=]{1,256}),OU=VMware Horizon View default certificate,O=VMware\\, Inc.$">
|
535
|
+
<description>VMware Horizon (formerly View)</description>
|
536
|
+
<example host.name="horizon.foo.bar">CN=horizon.foo.bar,OU=VMware Horizon View default certificate,O=VMware\, Inc.</example>
|
537
|
+
<param pos="0" name="service.vendor" value="VMware"/>
|
538
|
+
<param pos="0" name="service.product" value="Horizon"/>
|
539
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:vmware:horizon:-"/>
|
540
|
+
<param pos="1" name="host.name"/>
|
541
|
+
</fingerprint>
|
542
|
+
|
543
|
+
<fingerprint pattern="^CN=([^,=]{1,256}),OU=VMware View default certificate,O=VMware\\, Inc.$">
|
544
|
+
<description>VMware View</description>
|
545
|
+
<example host.name="horizon.foo.bar">CN=horizon.foo.bar,OU=VMware View default certificate,O=VMware\, Inc.</example>
|
546
|
+
<param pos="0" name="service.vendor" value="VMware"/>
|
547
|
+
<param pos="0" name="service.product" value="View"/>
|
548
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:vmware:view:-"/>
|
549
|
+
<param pos="1" name="host.name"/>
|
550
|
+
</fingerprint>
|
551
|
+
|
499
552
|
<fingerprint pattern="^CN=IOS-Self-Signed-Certificate-">
|
500
553
|
<description>Cisco IOS Default Certificate</description>
|
501
554
|
<example>CN=IOS-Self-Signed-Certificate-4163115936</example>
|
@@ -507,16 +560,76 @@
|
|
507
560
|
<param pos="0" name="hw.device" value="Router"/>
|
508
561
|
</fingerprint>
|
509
562
|
|
563
|
+
<fingerprint pattern="^CN=kube-apiserver$">
|
564
|
+
<description>Kubernetes api-server default certificate</description>
|
565
|
+
<example>CN=kube-apiserver</example>
|
566
|
+
<param pos="0" name="service.vendor" value="Kubernetes"/>
|
567
|
+
<param pos="0" name="service.family" value="Kubernetes"/>
|
568
|
+
<param pos="0" name="service.product" value="Kubernetes"/>
|
569
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:kubernetes:-"/>
|
570
|
+
</fingerprint>
|
571
|
+
|
572
|
+
<fingerprint pattern="^CN=kubernetes-master$">
|
573
|
+
<description>Kubernetes Control Plane (formerly master) default certificate</description>
|
574
|
+
<example>CN=kubernetes-master</example>
|
575
|
+
<param pos="0" name="service.vendor" value="Kubernetes"/>
|
576
|
+
<param pos="0" name="service.family" value="Kubernetes"/>
|
577
|
+
<param pos="0" name="service.product" value="Kubernetes"/>
|
578
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:kubernetes:-"/>
|
579
|
+
</fingerprint>
|
580
|
+
|
581
|
+
<fingerprint pattern="^CN=Kubernetes Ingress Controller Fake Certificate,O=Acme Co$">
|
582
|
+
<description>Kubernetes NGINX Ingress Controller with default cert</description>
|
583
|
+
<example>CN=Kubernetes Ingress Controller Fake Certificate,O=Acme Co</example>
|
584
|
+
<param pos="0" name="service.vendor" value="Kubernetes"/>
|
585
|
+
<param pos="0" name="service.family" value="Kubernetes"/>
|
586
|
+
<param pos="0" name="service.product" value="NGINX Ingress Controller"/>
|
587
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:nginx_ingress_controller:-"/>
|
588
|
+
</fingerprint>
|
589
|
+
|
590
|
+
<fingerprint pattern="^CN=TRAEFIK DEFAULT CERT$">
|
591
|
+
<description>Traefik Proxy default certificate</description>
|
592
|
+
<example>CN=TRAEFIK DEFAULT CERT</example>
|
593
|
+
<param pos="0" name="service.vendor" value="Traefik Labs"/>
|
594
|
+
<param pos="0" name="service.family" value="Traefik"/>
|
595
|
+
<param pos="0" name="service.product" value="Traefik Proxy"/>
|
596
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:traefik:traefik:-"/>
|
597
|
+
</fingerprint>
|
598
|
+
|
599
|
+
<fingerprint pattern="^CN=default(?: [A-Z]+)?,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US$">
|
600
|
+
<description>Citrix Netscaler (later renamed to Citrix ADC)</description>
|
601
|
+
<example>CN=default,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
|
602
|
+
<example>CN=default UYENMB,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
|
603
|
+
<param pos="0" name="service.vendor" value="Citrix"/>
|
604
|
+
<param pos="0" name="service.family" value="Netscaler"/>
|
605
|
+
<param pos="0" name="service.product" value="Netscaler"/>
|
606
|
+
<param pos="0" name="service.device" value="Network Management Device"/>
|
607
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler:-"/>
|
608
|
+
<param pos="0" name="os.vendor" value="Citrix"/>
|
609
|
+
<param pos="0" name="os.family" value="Netscaler"/>
|
610
|
+
<param pos="0" name="os.product" value="Netscaler Gateway Firmware"/>
|
611
|
+
<param pos="0" name="os.device" value="Network Management Device"/>
|
612
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_gateway_firmware:-"/>
|
613
|
+
<param pos="0" name="hw.vendor" value="Citrix"/>
|
614
|
+
<param pos="0" name="hw.family" value="Netscaler"/>
|
615
|
+
<param pos="0" name="hw.product" value="Netscaler Gateway"/>
|
616
|
+
<param pos="0" name="hw.device" value="Network Management Device"/>
|
617
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:citrix:netscaler_gateway:-"/>
|
618
|
+
</fingerprint>
|
619
|
+
|
510
620
|
<fingerprint pattern="^CN=([a-zA-Z0-9]{5,12}) ([a-zA-Z0-9]{12}),OU=(?:Cast|Google TV),O=Google Inc,L=Mountain View,ST=California,C=US$">
|
511
621
|
<description>Google Chromecast</description>
|
512
|
-
<example chromecast.serial_number="LVDZG5" host.mac_local="FA8FCA67413D">CN=LVDZG5 FA8FCA67413D,OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
|
513
|
-
<example chromecast.serial_number="YRBLE" host.mac_local="FA8FCA7DE87D">CN=YRBLE FA8FCA7DE87D,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US</example>
|
622
|
+
<example chromecast.serial_number="LVDZG5" host.mac_local="FA8FCA67413D" hw.serial_number="LVDZG5">CN=LVDZG5 FA8FCA67413D,OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
|
623
|
+
<example chromecast.serial_number="YRBLE" host.mac_local="FA8FCA7DE87D" hw.serial_number="YRBLE">CN=YRBLE FA8FCA7DE87D,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US</example>
|
514
624
|
<param pos="0" name="os.vendor" value="Google"/>
|
515
625
|
<param pos="0" name="os.product" value="Chrome OS"/>
|
626
|
+
<param pos="0" name="os.certainty" value="0.5"/>
|
516
627
|
<param pos="0" name="os.cpe23" value="cpe:/o:google:chrome_os:-"/>
|
517
628
|
<param pos="0" name="hw.device" value="Media Server"/>
|
518
629
|
<param pos="0" name="hw.vendor" value="Google"/>
|
519
630
|
<param pos="0" name="hw.product" value="Chromecast"/>
|
631
|
+
<param pos="1" name="hw.serial_number"/>
|
632
|
+
<param pos="0" name="hw.certainty" value="0.5"/>
|
520
633
|
<param pos="1" name="chromecast.serial_number"/>
|
521
634
|
<!-- This is the hotspot-mode MAC address (clear bit 2) -->
|
522
635
|
|
@@ -525,13 +638,14 @@
|
|
525
638
|
|
526
639
|
<fingerprint pattern="^CN=([a-zA-Z0-9]{5,12}) ([a-zA-Z0-9]{12}),OU=Cast TV \(Vizio\),O=Google Inc,L=Mountain View,ST=California,C=US$">
|
527
640
|
<description>Vizio SmartTV (Android) with Google Cast</description>
|
528
|
-
<example chromecast.serial_number="9V039WC9" host.mac_local="FA8FCA697898">CN=9V039WC9 FA8FCA697898,OU=Cast TV (Vizio),O=Google Inc,L=Mountain View,ST=California,C=US</example>
|
641
|
+
<example chromecast.serial_number="9V039WC9" hw.serial_number="9V039WC9" host.mac_local="FA8FCA697898">CN=9V039WC9 FA8FCA697898,OU=Cast TV (Vizio),O=Google Inc,L=Mountain View,ST=California,C=US</example>
|
529
642
|
<param pos="0" name="os.vendor" value="Google"/>
|
530
643
|
<param pos="0" name="os.family" value="Linux"/>
|
531
644
|
<param pos="0" name="os.product" value="Android"/>
|
532
645
|
<param pos="0" name="os.cpe23" value="cpe:/o:google:android:-"/>
|
533
646
|
<param pos="0" name="hw.device" value="Smart TV"/>
|
534
647
|
<param pos="0" name="hw.vendor" value="Vizio"/>
|
648
|
+
<param pos="1" name="hw.serial_number"/>
|
535
649
|
<param pos="1" name="chromecast.serial_number"/>
|
536
650
|
<!-- This is the hotspot-mode MAC address (clear bit 2) -->
|
537
651
|
|
@@ -562,6 +676,30 @@
|
|
562
676
|
<param pos="0" name="os.device" value="Video Conferencing"/>
|
563
677
|
</fingerprint>
|
564
678
|
|
679
|
+
<fingerprint pattern="^CN=a_lifesize_system,OU=lifesize,O=lifesize,L=Austin,ST=Texas,C=US$">
|
680
|
+
<description>Lifesize TelePresence (a_lifesize variant 1)</description>
|
681
|
+
<example>CN=a_lifesize_system,OU=lifesize,O=lifesize,L=Austin,ST=Texas,C=US</example>
|
682
|
+
<param pos="0" name="hw.vendor" value="Lifesize"/>
|
683
|
+
<param pos="0" name="hw.device" value="Video Conferencing"/>
|
684
|
+
<param pos="0" name="hw.product" value="TelePresence"/>
|
685
|
+
<param pos="0" name="os.vendor" value="Lifesize"/>
|
686
|
+
<param pos="0" name="os.family" value="Linux"/>
|
687
|
+
<param pos="0" name="os.product" value="TelePresence"/>
|
688
|
+
<param pos="0" name="os.device" value="Video Conferencing"/>
|
689
|
+
</fingerprint>
|
690
|
+
|
691
|
+
<fingerprint pattern="^CN=A_LifeSize_System,OU=IT,O=LifeSize Communications\\, Inc\.,ST=Texas,C=US$">
|
692
|
+
<description>Lifesize TelePresence (a_lifesize variant 2)</description>
|
693
|
+
<example>CN=A_LifeSize_System,OU=IT,O=LifeSize Communications\, Inc.,ST=Texas,C=US</example>
|
694
|
+
<param pos="0" name="hw.vendor" value="Lifesize"/>
|
695
|
+
<param pos="0" name="hw.device" value="Video Conferencing"/>
|
696
|
+
<param pos="0" name="hw.product" value="TelePresence"/>
|
697
|
+
<param pos="0" name="os.vendor" value="Lifesize"/>
|
698
|
+
<param pos="0" name="os.family" value="Linux"/>
|
699
|
+
<param pos="0" name="os.product" value="TelePresence"/>
|
700
|
+
<param pos="0" name="os.device" value="Video Conferencing"/>
|
701
|
+
</fingerprint>
|
702
|
+
|
565
703
|
<fingerprint pattern="^CN=MERCURY-([a-fA-F0-9]{12}),OU=Engineering,O=Crestron">
|
566
704
|
<description>Crestron Mercury</description>
|
567
705
|
<example host.mac="00107F1ABAA0">CN=MERCURY-00107F1ABAA0,OU=Engineering,O=Crestron Electronics\, Inc.,L=Rockleigh,ST=NJ,C=US</example>
|
@@ -747,10 +885,11 @@
|
|
747
885
|
|
748
886
|
<fingerprint pattern="^CN=([A-Za-z0-9]+),OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US$">
|
749
887
|
<description>Fortinet Gateway</description>
|
750
|
-
<example fortinet.serial_number="FG100ETK1800118">CN=FG100ETK1800118,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
|
751
|
-
<example fortinet.serial_number="FGT30D3X15038375">CN=FGT30D3X15038375,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
|
888
|
+
<example fortinet.serial_number="FG100ETK1800118" hw.serial_number="FG100ETK1800118">CN=FG100ETK1800118,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
|
889
|
+
<example fortinet.serial_number="FGT30D3X15038375" hw.serial_number="FGT30D3X15038375">CN=FGT30D3X15038375,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
|
752
890
|
<param pos="0" name="hw.vendor" value="Fortinet"/>
|
753
891
|
<param pos="0" name="hw.device" value="Firewall"/>
|
892
|
+
<param pos="1" name="hw.serial_number"/>
|
754
893
|
<param pos="0" name="os.vendor" value="Fortinet"/>
|
755
894
|
<param pos="0" name="os.family" value="Linux"/>
|
756
895
|
<param pos="0" name="os.device" value="Firewall"/>
|
@@ -761,9 +900,10 @@
|
|
761
900
|
|
762
901
|
<fingerprint pattern="^CN=([A-Za-z0-9]+),O=Fortinet Ltd\.$">
|
763
902
|
<description>Fortinet Gateway (Older)</description>
|
764
|
-
<example fortinet.serial_number="FG100D3G13803999">CN=FG100D3G13803999,O=Fortinet Ltd.</example>
|
903
|
+
<example fortinet.serial_number="FG100D3G13803999" hw.serial_number="FG100D3G13803999">CN=FG100D3G13803999,O=Fortinet Ltd.</example>
|
765
904
|
<param pos="0" name="hw.vendor" value="Fortinet"/>
|
766
905
|
<param pos="0" name="hw.device" value="Firewall"/>
|
906
|
+
<param pos="1" name="hw.serial_number"/>
|
767
907
|
<param pos="0" name="os.vendor" value="Fortinet"/>
|
768
908
|
<param pos="0" name="os.family" value="Linux"/>
|
769
909
|
<param pos="0" name="os.device" value="Firewall"/>
|
@@ -893,6 +1033,16 @@
|
|
893
1033
|
<param pos="0" name="os.device" value="Router"/>
|
894
1034
|
</fingerprint>
|
895
1035
|
|
1036
|
+
<fingerprint pattern="^CN=UbiquitiRouterUI,O=Ubiquiti Inc.,L=New York,ST=New York,C=US">
|
1037
|
+
<description>Ubiquiti Router UI</description>
|
1038
|
+
<example>CN=UbiquitiRouterUI,O=Ubiquiti Inc.,L=New York,ST=New York,C=US</example>
|
1039
|
+
<param pos="0" name="hw.vendor" value="Ubiquiti"/>
|
1040
|
+
<param pos="0" name="hw.device" value="Router"/>
|
1041
|
+
<param pos="0" name="os.vendor" value="Ubiquiti"/>
|
1042
|
+
<param pos="0" name="os.family" value="Linux"/>
|
1043
|
+
<param pos="0" name="os.device" value="Router"/>
|
1044
|
+
</fingerprint>
|
1045
|
+
|
896
1046
|
<fingerprint pattern="^CN=UniFi-Video Controller,OU=R&D,O=Ubiquiti Networks,L=New York,ST=NY,C=US$">
|
897
1047
|
<description>Ubiquiti Video Controller</description>
|
898
1048
|
<example>CN=UniFi-Video Controller,OU=R&D,O=Ubiquiti Networks,L=New York,ST=NY,C=US</example>
|
@@ -1027,13 +1177,30 @@
|
|
1027
1177
|
</fingerprint>
|
1028
1178
|
|
1029
1179
|
<fingerprint pattern="^CN=[0-9\.]+,OU=SSL-VPN,O=SonicWALL\\, Inc\.,L=Sunnyvale,ST=CA,C=US$">
|
1030
|
-
<description>SonicWALL
|
1180
|
+
<description>SonicWALL SSL-VPN</description>
|
1031
1181
|
<example>CN=192.168.200.1,OU=SSL-VPN,O=SonicWALL\, Inc.,L=Sunnyvale,ST=CA,C=US</example>
|
1182
|
+
<param pos="0" name="service.vendor" value="SonicWall"/>
|
1183
|
+
<param pos="0" name="service.family" value="SSL-VPN"/>
|
1032
1184
|
<param pos="0" name="hw.vendor" value="SonicWall"/>
|
1033
1185
|
<param pos="0" name="hw.device" value="VPN"/>
|
1034
1186
|
<param pos="0" name="os.vendor" value="SonicWall"/>
|
1035
|
-
<param pos="0" name="os.
|
1036
|
-
<param pos="0" name="os.
|
1187
|
+
<param pos="0" name="os.family" value="SonicOS"/>
|
1188
|
+
<param pos="0" name="os.product" value="SonicOS"/>
|
1189
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
|
1190
|
+
</fingerprint>
|
1191
|
+
|
1192
|
+
<fingerprint pattern="^CN=[0-9\.]+,OU=HTTPS Management Certificate for SonicWALL \(self-signed\),O=HTTPS Management Certificate for SonicWALL \(self-signed\),L=Sunnyvale,ST=California,C=US$">
|
1193
|
+
<description>SonicWALL Network Security Appliance firewall</description>
|
1194
|
+
<example>CN=192.168.168.168,OU=HTTPS Management Certificate for SonicWALL (self-signed),O=HTTPS Management Certificate for SonicWALL (self-signed),L=Sunnyvale,ST=California,C=US</example>
|
1195
|
+
<param pos="0" name="hw.vendor" value="SonicWall"/>
|
1196
|
+
<param pos="0" name="hw.product" value="Network Security Appliance"/>
|
1197
|
+
<param pos="0" name="hw.family" value="Network Security Appliance"/>
|
1198
|
+
<param pos="0" name="hw.device" value="Firewall"/>
|
1199
|
+
<param pos="0" name="os.vendor" value="SonicWall"/>
|
1200
|
+
<param pos="0" name="os.family" value="SonicOS"/>
|
1201
|
+
<param pos="0" name="os.product" value="SonicOS"/>
|
1202
|
+
<param pos="0" name="os.device" value="Firewall"/>
|
1203
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
|
1037
1204
|
</fingerprint>
|
1038
1205
|
|
1039
1206
|
<fingerprint pattern="^CN=.*\.akamai\.net,O=Akamai Technologies\\, Inc\.,L=Cambridge,ST=Massachusetts,C=US$">
|
@@ -1041,10 +1208,19 @@
|
|
1041
1208
|
<example>CN=a248.e.akamai.net,O=Akamai Technologies\, Inc.,L=Cambridge,ST=Massachusetts,C=US</example>
|
1042
1209
|
<param pos="0" name="service.vendor" value="Akamai"/>
|
1043
1210
|
<param pos="0" name="service.product" value="GHost"/>
|
1211
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:akamai:akamaighost:-"/>
|
1044
1212
|
<param pos="0" name="os.vendor" value="Akamai"/>
|
1045
1213
|
<param pos="0" name="os.device" value="Web Proxy"/>
|
1046
1214
|
</fingerprint>
|
1047
1215
|
|
1216
|
+
<fingerprint pattern="^O=Caddy Self-Signed$">
|
1217
|
+
<description>CaddyServer Caddy - golang based httpd</description>
|
1218
|
+
<example>O=Caddy Self-Signed</example>
|
1219
|
+
<param pos="0" name="service.vendor" value="CaddyServer"/>
|
1220
|
+
<param pos="0" name="service.product" value="Caddy"/>
|
1221
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:caddyserver:caddy:-"/>
|
1222
|
+
</fingerprint>
|
1223
|
+
|
1048
1224
|
<fingerprint pattern="^CN=HP_3PAR_">
|
1049
1225
|
<description>HP 3PAR</description>
|
1050
1226
|
<example>CN=HP_3PAR_1626615</example>
|
@@ -1131,10 +1307,11 @@
|
|
1131
1307
|
|
1132
1308
|
<fingerprint pattern="^CN=Ruckus Wireless ZoneDirector SN-(\d+),O=Ruckus Wireless\\, Inc\.,ST=CA,C=US$">
|
1133
1309
|
<description>Ruckus Zone Director</description>
|
1134
|
-
<example ruckus.serial_number="221301007591">CN=Ruckus Wireless ZoneDirector SN-221301007591,O=Ruckus Wireless\, Inc.,ST=CA,C=US</example>
|
1310
|
+
<example ruckus.serial_number="221301007591" hw.serial_number="221301007591">CN=Ruckus Wireless ZoneDirector SN-221301007591,O=Ruckus Wireless\, Inc.,ST=CA,C=US</example>
|
1135
1311
|
<param pos="0" name="hw.device" value="Wireless Controller"/>
|
1136
1312
|
<param pos="0" name="hw.vendor" value="Ruckus"/>
|
1137
1313
|
<param pos="0" name="hw.product" value="Zone Director"/>
|
1314
|
+
<param pos="1" name="hw.serial_number"/>
|
1138
1315
|
<param pos="0" name="os.device" value="Wireless Controller"/>
|
1139
1316
|
<param pos="0" name="os.vendor" value="Ruckus"/>
|
1140
1317
|
<param pos="0" name="os.product" value="Zone Director"/>
|
@@ -1197,16 +1374,12 @@
|
|
1197
1374
|
<param pos="0" name="hw.vendor" value="Palo Alto Networks"/>
|
1198
1375
|
<param pos="0" name="hw.device" value="Firewall"/>
|
1199
1376
|
<param pos="0" name="os.vendor" value="Palo Alto Networks"/>
|
1200
|
-
<param pos="0" name="os.product" value="
|
1377
|
+
<param pos="0" name="os.product" value="PAN-OS"/>
|
1378
|
+
<param pos="0" name="os.family" value="PAN-OS"/>
|
1201
1379
|
<param pos="0" name="os.device" value="Firewall"/>
|
1202
|
-
|
1203
|
-
|
1204
|
-
|
1205
|
-
<description>VMware vCenter</description>
|
1206
|
-
<example>CN=VMware default certificate,OU=vCenterServer_2013.09.26_220623,O=VMware\, Inc.</example>
|
1207
|
-
<param pos="0" name="service.vendor" value="VMware"/>
|
1208
|
-
<param pos="0" name="service.product" value="vCenter"/>
|
1209
|
-
<param pos="0" name="service.cpe23" value="cpe:/a:vmware:vcenter_server:-"/>
|
1380
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:paloaltonetworks:pan-os:-"/>
|
1381
|
+
<param pos="0" name="service.vendor" value="Palo Alto Networks"/>
|
1382
|
+
<param pos="0" name="service.device" value="Firewall"/>
|
1210
1383
|
</fingerprint>
|
1211
1384
|
|
1212
1385
|
<fingerprint pattern="^CN=selfappliance,OU=Engineering,O=Symplified,L=Boulder,ST=Colorado,C=US$">
|
@@ -1324,6 +1497,7 @@
|
|
1324
1497
|
<param pos="0" name="hw.vendor" value="Philips"/>
|
1325
1498
|
<param pos="0" name="hw.product" value="Hue"/>
|
1326
1499
|
<param pos="0" name="hw.device" value="Light Bulb"/>
|
1500
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:philips:hue:-"/>
|
1327
1501
|
<param pos="1" name="host.mac_eui64"/>
|
1328
1502
|
</fingerprint>
|
1329
1503
|
|
@@ -1435,4 +1609,49 @@
|
|
1435
1609
|
<param pos="0" name="os.product" value="Linux"/>
|
1436
1610
|
</fingerprint>
|
1437
1611
|
|
1612
|
+
<fingerprint pattern="^CN=(RFS\d+)-([0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2})$">
|
1613
|
+
<description>Motorola RFS Wireless Controllers</description>
|
1614
|
+
<example host.mac="B1-C1-11-11-11-11" hw.product="RFS6000">CN=RFS6000-B1-C1-11-11-11-11</example>
|
1615
|
+
<param pos="0" name="hw.device" value="Wireless Controller"/>
|
1616
|
+
<param pos="0" name="hw.vendor" value="Motorola"/>
|
1617
|
+
<param pos="1" name="hw.product"/>
|
1618
|
+
<param pos="2" name="host.mac"/>
|
1619
|
+
</fingerprint>
|
1620
|
+
|
1621
|
+
<fingerprint pattern="^CN=(AP\d+)-([0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2})$">
|
1622
|
+
<description>Motorola Wireless Access Points</description>
|
1623
|
+
<example host.mac="F1-11-11-11-11-11" hw.product="AP6532">CN=AP6532-F1-11-11-11-11-11</example>
|
1624
|
+
<param pos="0" name="hw.device" value="WAP"/>
|
1625
|
+
<param pos="0" name="hw.vendor" value="Motorola"/>
|
1626
|
+
<param pos="1" name="hw.product"/>
|
1627
|
+
<param pos="2" name="host.mac"/>
|
1628
|
+
</fingerprint>
|
1629
|
+
|
1630
|
+
<fingerprint pattern="^CN=attvpngateway\.att\.com,O=AT&T,L=Tampa,ST=FL,C=US$">
|
1631
|
+
<description>ATT VPN Gateway</description>
|
1632
|
+
<example>CN=attvpngateway.att.com,O=AT&T,L=Tampa,ST=FL,C=US</example>
|
1633
|
+
<param pos="0" name="hw.vendor" value="ATT"/>
|
1634
|
+
<param pos="0" name="hw.device" value="VPN"/>
|
1635
|
+
<param pos="0" name="hw.product" value="VPN Gateway"/>
|
1636
|
+
</fingerprint>
|
1637
|
+
|
1638
|
+
<fingerprint pattern="^CN=silver-peak,OU=Networking Appliance">
|
1639
|
+
<description>Silver Peak Appliance</description>
|
1640
|
+
<example>CN=silver-peak,OU=Networking Appliance,O=Silver Peak Systems Inc,L=Mountain View,ST=California,C=--</example>
|
1641
|
+
<param pos="0" name="hw.vendor" value="Silver Peak"/>
|
1642
|
+
<param pos="0" name="hw.device" value="Network Appliance"/>
|
1643
|
+
<param pos="0" name="hw.product" value="SD-WAN"/>
|
1644
|
+
</fingerprint>
|
1645
|
+
|
1646
|
+
<fingerprint pattern="^CN=Windows Media Player Network Sharing Service \(([A-Z-]{1,15})\)$">
|
1647
|
+
<description>Windows Media Player Network Sharing Service</description>
|
1648
|
+
<example host.name="LIVING-ROOM">CN=Windows Media Player Network Sharing Service (LIVING-ROOM)</example>
|
1649
|
+
<param pos="0" name="service.vendor" value="Microsoft"/>
|
1650
|
+
<param pos="0" name="service.product" value="Windows Media Player"/>
|
1651
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:microsoft:windows_media_player:-"/>
|
1652
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
1653
|
+
<param pos="0" name="os.family" value="Windows"/>
|
1654
|
+
<param pos="1" name="host.name"/>
|
1655
|
+
</fingerprint>
|
1656
|
+
|
1438
1657
|
</fingerprints>
|