recog 2.3.17 → 2.3.21

Sign up to get free protection for your applications and to get access to all the features.
Files changed (51) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ci.yml +26 -0
  3. data/bin/recog_standardize +6 -0
  4. data/cpe-remap.yaml +342 -200
  5. data/identifiers/README.md +24 -10
  6. data/identifiers/fields.txt +104 -0
  7. data/identifiers/hw_device.txt +2 -0
  8. data/identifiers/hw_family.txt +11 -0
  9. data/identifiers/hw_product.txt +71 -0
  10. data/identifiers/os_device.txt +2 -1
  11. data/identifiers/os_family.txt +2 -0
  12. data/identifiers/os_product.txt +36 -8
  13. data/identifiers/service_family.txt +10 -1
  14. data/identifiers/service_product.txt +78 -2
  15. data/identifiers/vendor.txt +55 -0
  16. data/lib/recog/nizer.rb +1 -82
  17. data/lib/recog/version.rb +1 -1
  18. data/requirements.txt +1 -1
  19. data/update_cpes.py +18 -5
  20. data/xml/apache_modules.xml +60 -0
  21. data/xml/apache_os.xml +1 -1
  22. data/xml/dns_versionbind.xml +11 -1
  23. data/xml/favicons.xml +122 -3
  24. data/xml/ftp_banners.xml +62 -51
  25. data/xml/html_title.xml +553 -41
  26. data/xml/http_cookies.xml +262 -61
  27. data/xml/http_servers.xml +478 -108
  28. data/xml/http_wwwauth.xml +36 -9
  29. data/xml/imap_banners.xml +5 -5
  30. data/xml/ldap_searchresult.xml +1 -0
  31. data/xml/mdns_device-info_txt.xml +340 -10
  32. data/xml/mysql_banners.xml +2 -1
  33. data/xml/nntp_banners.xml +1 -1
  34. data/xml/ntp_banners.xml +16 -2
  35. data/xml/operating_system.xml +4 -4
  36. data/xml/pop_banners.xml +4 -4
  37. data/xml/rtsp_servers.xml +7 -0
  38. data/xml/sip_banners.xml +347 -9
  39. data/xml/sip_user_agents.xml +323 -4
  40. data/xml/smb_native_lm.xml +32 -1
  41. data/xml/smb_native_os.xml +160 -33
  42. data/xml/smtp_banners.xml +167 -128
  43. data/xml/smtp_expn.xml +1 -0
  44. data/xml/smtp_vrfy.xml +1 -0
  45. data/xml/snmp_sysdescr.xml +205 -36
  46. data/xml/ssh_banners.xml +139 -25
  47. data/xml/telnet_banners.xml +92 -48
  48. data/xml/tls_jarm.xml +140 -0
  49. data/xml/x509_issuers.xml +201 -2
  50. data/xml/x509_subjects.xml +251 -32
  51. metadata +5 -2
data/xml/tls_jarm.xml ADDED
@@ -0,0 +1,140 @@
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
+ <fingerprints matches="tls.jarm" protocol="tls" database_type="service">
3
+ <!--
4
+ Fingerprint based on https://github.com/salesforce/jarm
5
+ -->
6
+
7
+ <fingerprint pattern="^2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa|2ad2ad16d2ad2ad22c2ad2ad2ad2adce2e4c8c53174ecbf5529ce7584d5518$|2ad2ad16d2ad2ad22c42d42d000000d342d5966a57139eeaff9f8bc4841b25$">
8
+ <description>Tor relay</description>
9
+ <example>2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa</example>
10
+ <example>2ad2ad16d2ad2ad22c2ad2ad2ad2adce2e4c8c53174ecbf5529ce7584d5518</example>
11
+ <example>2ad2ad16d2ad2ad22c42d42d000000d342d5966a57139eeaff9f8bc4841b25</example>
12
+ <param pos="0" name="service.product" value="Tor"/>
13
+ <param pos="0" name="service.vendor" value="Tor Project"/>
14
+ <param pos="0" name="service.cpe23" value="cpe:/a:torproject:tor:-"/>
15
+ </fingerprint>
16
+
17
+ <fingerprint pattern="^2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d$">
18
+ <description>Synology NAS</description>
19
+ <example>2ad2ad0002ad2ad0002ad2ad2ad2ada9e96d3ba9f7903758a731e0fa01453d</example>
20
+ <param pos="0" name="os.device" value="NAS"/>
21
+ <param pos="0" name="os.family" value="Linux"/>
22
+ <param pos="0" name="os.product" value="DSM"/>
23
+ <param pos="0" name="os.vendor" value="Synology"/>
24
+ <param pos="0" name="hw.vendor" value="Synology"/>
25
+ <param pos="0" name="hw.device" value="NAS"/>
26
+ </fingerprint>
27
+
28
+ <fingerprint pattern="^2ad2ad16d2ad2ad22c2ad2ad2ad2ad7e5e7dc6f569c9c16238278a408347ef$">
29
+ <description>Ubiquiti EdgeRouter</description>
30
+ <example>2ad2ad16d2ad2ad22c2ad2ad2ad2ad7e5e7dc6f569c9c16238278a408347ef</example>
31
+ <param pos="0" name="hw.vendor" value="Ubiquiti"/>
32
+ <param pos="0" name="hw.device" value="Router"/>
33
+ <param pos="0" name="hw.product" value="EdgeRouter X"/>
34
+ <param pos="0" name="os.vendor" value="Ubiquiti"/>
35
+ <param pos="0" name="os.family" value="Linux"/>
36
+ <param pos="0" name="os.device" value="Router"/>
37
+ </fingerprint>
38
+
39
+ <fingerprint pattern="^07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d$">
40
+ <description>Metasploit listener</description>
41
+ <example>07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d</example>
42
+ <param pos="0" name="service.vendor" value="Rapid7"/>
43
+ <param pos="0" name="service.product" value="Metasploit"/>
44
+ <param pos="0" name="service.cpe23" value="cpe:/a:rapid7:metasploit:-"/>
45
+ </fingerprint>
46
+
47
+ <!-- This fingerprint matches Java's TLS stack,
48
+ see https://blog.cobaltstrike.com/2020/12/08/a-red-teamer-plays-with-jarm/ for details -->
49
+
50
+ <fingerprint pattern="^07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1$">
51
+ <description>Cobalt Strike listener</description>
52
+ <example>07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1</example>
53
+ <param pos="0" name="service.vendor" value="Strategic Cyber LLC"/>
54
+ <param pos="0" name="service.product" value="Cobalt Strike Listener"/>
55
+ <param pos="0" name="service.certainty" value="0.3"/>
56
+ </fingerprint>
57
+
58
+ <fingerprint pattern="^04b02b00004b04b04b04b02b04b04b9674c6b4e623ae36cc2d998e99e2262e$">
59
+ <description>Ligowave WiFi access point</description>
60
+ <example>04b02b00004b04b04b04b02b04b04b9674c6b4e623ae36cc2d998e99e2262e</example>
61
+ <param pos="0" name="hw.vendor" value="Ligowave"/>
62
+ <param pos="0" name="hw.product" value="Infinity Controler"/>
63
+ </fingerprint>
64
+
65
+ <fingerprint pattern="^06d06d07d06d06d06c06d06d06d06d7991b0b1ad2cbf06082e3b1a9dcaaa8d$">
66
+ <description>D-Link DCS-825L WiFi baby camera</description>
67
+ <example>06d06d07d06d06d06c06d06d06d06d7991b0b1ad2cbf06082e3b1a9dcaaa8d</example>
68
+ <param pos="0" name="hw.vendor" value="D-Link"/>
69
+ <param pos="0" name="hw.product" value="DCS-825L"/>
70
+ <param pos="0" name="hw.cpe23" value="cpe:/h:d-link:dcs-825l:-"/>
71
+ </fingerprint>
72
+
73
+ <fingerprint pattern="^0ed3dd16d25d00000042d43d000000e9435856b7ee99e87c06831602602f2d$">
74
+ <description>LANCOM Systems - 883 VoIP</description>
75
+ <example>0ed3dd16d25d00000042d43d000000e9435856b7ee99e87c06831602602f2d</example>
76
+ <param pos="0" name="hw.vendor" value="LANCOM Systems"/>
77
+ <param pos="0" name="hw.product" value="883 VoIP"/>
78
+ </fingerprint>
79
+
80
+ <fingerprint pattern="^21d14d00021d21d21c42d43d00041d320c989d4ed06a7e9d3133ba36bb2752$">
81
+ <description>Apple CUPS - web interface</description>
82
+ <example>21d14d00021d21d21c42d43d00041d320c989d4ed06a7e9d3133ba36bb2752</example>
83
+ <param pos="0" name="service.vendor" value="Apple"/>
84
+ <param pos="0" name="service.product" value="CUPS"/>
85
+ <param pos="0" name="service.family" value="CUPS"/>
86
+ <param pos="0" name="service.cpe23" value="cpe:/a:apple:cups:-"/>
87
+ </fingerprint>
88
+
89
+ <fingerprint pattern="^0bd14d0000bd0bd0000bd14d0bd0bd6b64279c20472e17718ddea38ab610fa$">
90
+ <description>Netgear R Series</description>
91
+ <example>0bd14d0000bd0bd0000bd14d0bd0bd6b64279c20472e17718ddea38ab610fa</example>
92
+ <param pos="0" name="hw.vendor" value="Netgear"/>
93
+ <param pos="0" name="hw.product" value="R Series"/>
94
+ </fingerprint>
95
+
96
+ <fingerprint pattern="^2ad2ad16d2ad2ad07c2ad2ad2ad2ad4271ee10d978b0aecbc22f1de60ab611$">
97
+ <description>Netgear Orbi-micro</description>
98
+ <example>2ad2ad16d2ad2ad07c2ad2ad2ad2ad4271ee10d978b0aecbc22f1de60ab611</example>
99
+ <param pos="0" name="hw.vendor" value="Netgear"/>
100
+ <param pos="0" name="hw.product" value="Orbi micro"/>
101
+ <param pos="0" name="hw.device" value="WAP"/>
102
+ <param pos="0" name="hw.family" value="Orbi"/>
103
+ </fingerprint>
104
+
105
+ <fingerprint pattern="^04d02d00004d04d04c04d02d04d04d9674c6b4e623ae36cc2d998e99e2262e$">
106
+ <description>Netgear D Series</description>
107
+ <example>04d02d00004d04d04c04d02d04d04d9674c6b4e623ae36cc2d998e99e2262e</example>
108
+ <param pos="0" name="hw.vendor" value="Netgear"/>
109
+ <param pos="0" name="hw.product" value="D Series"/>
110
+ </fingerprint>
111
+
112
+ <fingerprint pattern="^21d3fd00021d21d21c21d3fd21d21d89188428dae58757cf803176e9701156$">
113
+ <description>Chromecast</description>
114
+ <example>21d3fd00021d21d21c21d3fd21d21d89188428dae58757cf803176e9701156</example>
115
+ <param pos="0" name="os.vendor" value="Google"/>
116
+ <param pos="0" name="os.product" value="Chrome OS"/>
117
+ <param pos="0" name="os.cpe23" value="cpe:/o:google:chrome_os:-"/>
118
+ <param pos="0" name="hw.device" value="Media Server"/>
119
+ <param pos="0" name="hw.vendor" value="Google"/>
120
+ <param pos="0" name="hw.product" value="Chromecast"/>
121
+ </fingerprint>
122
+
123
+ <fingerprint pattern="^21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601$">
124
+ <description>VMWare ESXi</description>
125
+ <example>21d14d00021d21d21c21d14d21d21d3e9a0dda94718e521eb7d1409c9e3601</example>
126
+ <param pos="0" name="os.vendor" value="VMware"/>
127
+ <param pos="0" name="os.family" value="VMware ESX/ESXi"/>
128
+ <param pos="0" name="os.product" value="VMware ESXi Server"/>
129
+ <param pos="0" name="os.device" value="Hypervisor"/>
130
+ <param pos="0" name="os.cpe23" value="cpe:/o:vmware:esxi:-"/>
131
+ <param pos="0" name="hw.device" value="Hypervisor"/>
132
+ </fingerprint>
133
+
134
+ <fingerprint pattern="^29d21b20d29d29d21c41d21b21b41d494e0df9532e75299f15ba73156cee38$">
135
+ <description>Merlin C2</description>
136
+ <example>29d21b20d29d29d21c41d21b21b41d494e0df9532e75299f15ba73156cee38</example>
137
+ <param pos="0" name="service.product" value="Merlin"/>
138
+ </fingerprint>
139
+
140
+ </fingerprints>
data/xml/x509_issuers.xml CHANGED
@@ -8,6 +8,91 @@
8
8
  a specific order. Please see the comments in x509_subjects.xml for details.
9
9
  -->
10
10
 
11
+ <!-- The following group has been included for performance reasons -->
12
+
13
+ <fingerprint pattern="^CN=R3,O=Let's Encrypt,C=US$">
14
+ <description>Lets Encrypt R3 - generic -- assert nothing.</description>
15
+ <example>CN=R3,O=Let's Encrypt,C=US</example>
16
+ <param pos="0" name="hw.certainty" value="0.0"/>
17
+ <param pos="0" name="os.certainty" value="0.0"/>
18
+ <param pos="0" name="service.certainty" value="0.0"/>
19
+ </fingerprint>
20
+
21
+ <fingerprint pattern="^CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US$">
22
+ <description>Lets Encrypt X3 - generic -- assert nothing.</description>
23
+ <example>CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US</example>
24
+ <param pos="0" name="hw.certainty" value="0.0"/>
25
+ <param pos="0" name="os.certainty" value="0.0"/>
26
+ <param pos="0" name="service.certainty" value="0.0"/>
27
+ </fingerprint>
28
+
29
+ <fingerprint pattern="^CN=Amazon,OU=Server CA 1B,O=Amazon,C=US$">
30
+ <description>Amazon AWS Server CA 1B - generic -- assert nothing.</description>
31
+ <example>CN=Amazon,OU=Server CA 1B,O=Amazon,C=US</example>
32
+ <param pos="0" name="hw.certainty" value="0.0"/>
33
+ <param pos="0" name="os.certainty" value="0.0"/>
34
+ <param pos="0" name="service.certainty" value="0.0"/>
35
+ </fingerprint>
36
+
37
+ <fingerprint pattern="^CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US$">
38
+ <description>DigiCert SHA2 - generic -- assert nothing.</description>
39
+ <example>CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US</example>
40
+ <param pos="0" name="hw.certainty" value="0.0"/>
41
+ <param pos="0" name="os.certainty" value="0.0"/>
42
+ <param pos="0" name="service.certainty" value="0.0"/>
43
+ </fingerprint>
44
+
45
+ <fingerprint pattern="^CN=DigiCert TLS (?:RSA SHA256|Hybrid ECC SHA384) 2020 CA1,O=DigiCert Inc,C=US$">
46
+ <description>DigiCert SHA256 2020 CA1 - generic -- assert nothing.</description>
47
+ <example>CN=DigiCert TLS RSA SHA256 2020 CA1,O=DigiCert Inc,C=US</example>
48
+ <example>CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1,O=DigiCert Inc,C=US</example>
49
+ <param pos="0" name="hw.certainty" value="0.0"/>
50
+ <param pos="0" name="os.certainty" value="0.0"/>
51
+ <param pos="0" name="service.certainty" value="0.0"/>
52
+ </fingerprint>
53
+
54
+ <fingerprint pattern="^CN=DigiCert Secure Site ECC CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US$">
55
+ <description>DigiCert ECC CA-1 - generic -- assert nothing.</description>
56
+ <example>CN=DigiCert Secure Site ECC CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
57
+ <param pos="0" name="hw.certainty" value="0.0"/>
58
+ <param pos="0" name="os.certainty" value="0.0"/>
59
+ <param pos="0" name="service.certainty" value="0.0"/>
60
+ </fingerprint>
61
+
62
+ <fingerprint pattern="^CN=DigiCert SHA2 (?:Extended Validation|High Assurance) Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US$">
63
+ <description>DigiCert SHA2 EV - generic -- assert nothing.</description>
64
+ <example>CN=DigiCert SHA2 Extended Validation Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
65
+ <example>CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
66
+ <param pos="0" name="hw.certainty" value="0.0"/>
67
+ <param pos="0" name="os.certainty" value="0.0"/>
68
+ <param pos="0" name="service.certainty" value="0.0"/>
69
+ </fingerprint>
70
+
71
+ <fingerprint pattern="^CN=Sectigo RSA (?:Domain|Organization) Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB$">
72
+ <description>Sectigo RSA - generic -- assert nothing.</description>
73
+ <example>CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB</example>
74
+ <example>CN=Sectigo RSA Organization Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB</example>
75
+ <param pos="0" name="hw.certainty" value="0.0"/>
76
+ <param pos="0" name="os.certainty" value="0.0"/>
77
+ <param pos="0" name="service.certainty" value="0.0"/>
78
+ </fingerprint>
79
+
80
+ <fingerprint pattern="^CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US$">
81
+ <description>GeoTrust RSA CA 2018 - generic -- assert nothing.</description>
82
+ <example>CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US</example>
83
+ <param pos="0" name="hw.certainty" value="0.0"/>
84
+ <param pos="0" name="os.certainty" value="0.0"/>
85
+ <param pos="0" name="service.certainty" value="0.0"/>
86
+ </fingerprint>
87
+
88
+ <fingerprint pattern="^CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs\.godaddy\.com/repository/,O=GoDaddy.com\\, Inc\.,L=Scottsdale,ST=Arizona,C=US$">
89
+ <description>Go Daddy G2 - generic -- assert nothing.</description>
90
+ <example>CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US</example>
91
+ <param pos="0" name="hw.certainty" value="0.0"/>
92
+ <param pos="0" name="os.certainty" value="0.0"/>
93
+ <param pos="0" name="service.certainty" value="0.0"/>
94
+ </fingerprint>
95
+
11
96
  <!-- Chromecast and various devices that support the Cast protocol -->
12
97
 
13
98
  <fingerprint pattern="^CN=Eureka Gen1 ICA,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US$">
@@ -15,10 +100,12 @@
15
100
  <example>CN=Eureka Gen1 ICA,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US</example>
16
101
  <param pos="0" name="os.vendor" value="Google"/>
17
102
  <param pos="0" name="os.product" value="Chrome OS"/>
103
+ <param pos="0" name="os.certainty" value="0.5"/>
18
104
  <param pos="0" name="os.cpe23" value="cpe:/o:google:chrome_os:-"/>
19
105
  <param pos="0" name="hw.device" value="Media Server"/>
20
106
  <param pos="0" name="hw.vendor" value="Google"/>
21
107
  <param pos="0" name="hw.product" value="Chromecast"/>
108
+ <param pos="0" name="hw.certainty" value="0.5"/>
22
109
  <param pos="0" name="chromecast.generation" value="1"/>
23
110
  </fingerprint>
24
111
 
@@ -34,10 +121,12 @@
34
121
  <example chromecast.generation="12">CN=Chromecast ICA 12,OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
35
122
  <param pos="0" name="os.vendor" value="Google"/>
36
123
  <param pos="0" name="os.product" value="Chrome OS"/>
124
+ <param pos="0" name="os.certainty" value="0.5"/>
37
125
  <param pos="0" name="os.cpe23" value="cpe:/o:google:chrome_os:-"/>
38
126
  <param pos="0" name="hw.device" value="Media Server"/>
39
127
  <param pos="0" name="hw.vendor" value="Google"/>
40
128
  <param pos="0" name="hw.product" value="Chromecast"/>
129
+ <param pos="0" name="hw.certainty" value="0.5"/>
41
130
  <param pos="1" name="chromecast.generation"/>
42
131
  <param pos="2" name="chromecast.capabilities"/>
43
132
  </fingerprint>
@@ -119,6 +208,20 @@
119
208
  <param pos="0" name="hw.vendor" value="APC"/>
120
209
  </fingerprint>
121
210
 
211
+ <fingerprint pattern="^CN=ASA Temporary Self Signed Certificate$">
212
+ <description>Cisco ASA Temp Cert</description>
213
+ <example>CN=ASA Temporary Self Signed Certificate</example>
214
+ <param pos="0" name="os.vendor" value="Cisco"/>
215
+ <param pos="0" name="os.family" value="Adaptive Security Appliance"/>
216
+ <param pos="0" name="os.product" value="Adaptive Security Appliance"/>
217
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance_software:-"/>
218
+ <param pos="0" name="hw.vendor" value="Cisco"/>
219
+ <param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
220
+ <param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
221
+ <param pos="0" name="hw.device" value="Firewall"/>
222
+ <param pos="0" name="hw.cpe23" value="cpe:/h:cisco:adaptive_security_appliance:-"/>
223
+ </fingerprint>
224
+
122
225
  <fingerprint pattern="^CN=Temporary CA [a-fA-F0-9]{8}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{12},OU=Temporary CA">
123
226
  <description>Cisco Video Communication Server</description>
124
227
  <example>CN=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74,OU=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74,O=Temporary CA 218131fe-8af4-11e7-aa6e-9950d6bbaf74</example>
@@ -131,9 +234,11 @@
131
234
  <description>VMware ESXi w/Installer</description>
132
235
  <example>O=VMware Installer</example>
133
236
  <param pos="0" name="os.vendor" value="VMware"/>
134
- <param pos="0" name="os.product" value="ESXi"/>
237
+ <param pos="0" name="os.family" value="VMware ESX/ESXi"/>
238
+ <param pos="0" name="os.product" value="VMware ESXi Server"/>
135
239
  <param pos="0" name="os.device" value="Hypervisor"/>
136
240
  <param pos="0" name="os.cpe23" value="cpe:/o:vmware:esxi:-"/>
241
+ <param pos="0" name="hw.device" value="Hypervisor"/>
137
242
  </fingerprint>
138
243
 
139
244
  <fingerprint pattern="^CN=CA,OU=VMware Engineering,O=vCenter,ST=California,C=US$">
@@ -151,11 +256,105 @@
151
256
  <param pos="0" name="hw.vendor" value="HP"/>
152
257
  <param pos="0" name="hw.family" value="iLO"/>
153
258
  <param pos="0" name="hw.product" value="iLO"/>
154
- <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
259
+ <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
155
260
  <param pos="0" name="os.device" value="Lights Out Management"/>
156
261
  <param pos="0" name="os.vendor" value="HP"/>
157
262
  <param pos="0" name="os.family" value="iLO"/>
158
263
  <param pos="0" name="os.product" value="iLO"/>
264
+ <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
265
+ </fingerprint>
266
+
267
+ <fingerprint pattern="^CN=synology.com,O=Synology Inc.,L=Taipei,C=TW$">
268
+ <description>Synology</description>
269
+ <example>CN=synology.com,O=Synology Inc.,L=Taipei,C=TW</example>
270
+ <param pos="0" name="os.device" value="NAS"/>
271
+ <param pos="0" name="os.family" value="Linux"/>
272
+ <param pos="0" name="os.product" value="DSM"/>
273
+ <param pos="0" name="os.vendor" value="Synology"/>
274
+ <param pos="0" name="hw.vendor" value="Synology"/>
275
+ <param pos="0" name="hw.device" value="NAS"/>
276
+ </fingerprint>
277
+
278
+ <fingerprint pattern="^CN=default(?: [A-Z]+)?,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US$">
279
+ <description>Citrix Netscaler (later renamed to Citrix ADC)</description>
280
+ <example>CN=default,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
281
+ <example>CN=default UYENMB,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
282
+ <param pos="0" name="service.vendor" value="Citrix"/>
283
+ <param pos="0" name="service.family" value="Netscaler"/>
284
+ <param pos="0" name="service.product" value="Netscaler"/>
285
+ <param pos="0" name="service.device" value="Network Management Device"/>
286
+ <param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler:-"/>
287
+ <param pos="0" name="os.vendor" value="Citrix"/>
288
+ <param pos="0" name="os.family" value="Netscaler"/>
289
+ <param pos="0" name="os.product" value="Netscaler Gateway Firmware"/>
290
+ <param pos="0" name="os.device" value="Network Management Device"/>
291
+ <param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_gateway_firmware:-"/>
292
+ <param pos="0" name="hw.vendor" value="Citrix"/>
293
+ <param pos="0" name="hw.family" value="Netscaler"/>
294
+ <param pos="0" name="hw.product" value="Netscaler Gateway"/>
295
+ <param pos="0" name="hw.device" value="Network Management Device"/>
296
+ <param pos="0" name="hw.cpe23" value="cpe:/h:citrix:netscaler_gateway:-"/>
297
+ </fingerprint>
298
+
299
+ <fingerprint pattern="^O=Technicolor,L=Edegem,ST=Antwerp,C=BE$">
300
+ <description>Technicolor Router - without model or version</description>
301
+ <example>O=Technicolor,L=Edegem,ST=Antwerp,C=BE</example>
302
+ <param pos="0" name="os.vendor" value="Technicolor"/>
303
+ <param pos="0" name="os.device" value="Router"/>
304
+ <param pos="0" name="os.certainty" value="0.5"/>
305
+ <param pos="0" name="hw.vendor" value="Technicolor"/>
306
+ <param pos="0" name="hw.device" value="Router"/>
307
+ <param pos="0" name="hw.certainty" value="0.5"/>
308
+ </fingerprint>
309
+
310
+ <fingerprint pattern="^CN=Vigor Router,OU=DrayTek Support,O=DrayTek Corp.,L=HuKou,ST=HsinChu,C=TW$">
311
+ <description>DrayTek Vigor Router - without model or version</description>
312
+ <example>CN=Vigor Router,OU=DrayTek Support,O=DrayTek Corp.,L=HuKou,ST=HsinChu,C=TW</example>
313
+ <param pos="0" name="os.vendor" value="DrayTek"/>
314
+ <param pos="0" name="os.device" value="Router"/>
315
+ <param pos="0" name="os.certainty" value="0.5"/>
316
+ <param pos="0" name="hw.vendor" value="DrayTek"/>
317
+ <param pos="0" name="hw.family" value="Vigor"/>
318
+ <param pos="0" name="hw.device" value="Router"/>
319
+ <param pos="0" name="hw.certainty" value="0.5"/>
320
+ </fingerprint>
321
+
322
+ <fingerprint pattern="^CN=Kubernetes Ingress Controller Fake Certificate,O=Acme Co$">
323
+ <description>Kubernetes NGINX Ingress Controller with default cert</description>
324
+ <example>CN=Kubernetes Ingress Controller Fake Certificate,O=Acme Co</example>
325
+ <param pos="0" name="service.vendor" value="Kubernetes"/>
326
+ <param pos="0" name="service.family" value="Kubernetes"/>
327
+ <param pos="0" name="service.product" value="NGINX Ingress Controller"/>
328
+ <param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:nginx_ingress_controller:-"/>
329
+ </fingerprint>
330
+
331
+ <fingerprint pattern="^CN=TRAEFIK DEFAULT CERT$">
332
+ <description>Traefik Proxy default certificate</description>
333
+ <example>CN=TRAEFIK DEFAULT CERT</example>
334
+ <param pos="0" name="service.vendor" value="Traefik Labs"/>
335
+ <param pos="0" name="service.family" value="Traefik"/>
336
+ <param pos="0" name="service.product" value="Traefik Proxy"/>
337
+ <param pos="0" name="service.cpe23" value="cpe:/a:traefik:traefik:-"/>
338
+ </fingerprint>
339
+
340
+ <fingerprint pattern="(?i)^CN=Fireware web CA,OU=Fireware,O=WatchGuard(?: CA)?$">
341
+ <description>WatchGuard Fireware</description>
342
+ <example>CN=Fireware web ca,OU=Fireware,O=WatchGuard</example>
343
+ <example>CN=Fireware web CA,OU=Fireware,O=Watchguard CA</example>
344
+ <param pos="0" name="service.vendor" value="WatchGuard"/>
345
+ <param pos="0" name="service.product" value="Fireware XTM"/>
346
+ <param pos="0" name="service.cpe23" value="cpe:/a:watchguard:fireware_xtm:-"/>
347
+ <param pos="0" name="os.vendor" value="WatchGuard"/>
348
+ <param pos="0" name="os.product" value="Fireware"/>
349
+ <param pos="0" name="os.cpe23" value="cpe:/o:watchguard:fireware:-"/>
350
+ </fingerprint>
351
+
352
+ <fingerprint pattern="^O=Caddy Self-Signed$">
353
+ <description>CaddyServer Caddy - golang based httpd</description>
354
+ <example>O=Caddy Self-Signed</example>
355
+ <param pos="0" name="service.vendor" value="CaddyServer"/>
356
+ <param pos="0" name="service.product" value="Caddy"/>
357
+ <param pos="0" name="service.cpe23" value="cpe:/a:caddyserver:caddy:-"/>
159
358
  </fingerprint>
160
359
 
161
360
  </fingerprints>
@@ -69,11 +69,12 @@
69
69
 
70
70
  <fingerprint pattern="^SERIALNUMBER=PID:([^ ]+) SN:([^,]+),CN=(?:[a-zA-Z0-9\-]+)-SEP([a-fA-F0-9]{12}),OU=[CV]TG,O=Cisco Systems Inc\.$">
71
71
  <description>Cisco IP phone with serial number</description>
72
- <example host.mac="B07D47D33A1C" hw.product="CP-8851" cisco.serial_number="FCH1924AHCA">SERIALNUMBER=PID:CP-8851 SN:FCH1924AHCA,CN=CP-8851-SEPB07D47D33A1C,OU=CTG,O=Cisco Systems Inc.</example>
73
- <example host.mac="64D989000000" hw.product="CP-9951" cisco.serial_number="FCH15200000">SERIALNUMBER=PID:CP-9951 SN:FCH15200000,CN=CP-9951-SEP64D989000000,OU=VTG,O=Cisco Systems Inc.</example>
72
+ <example host.mac="B07D47D33A1C" hw.product="CP-8851" cisco.serial_number="FCH1924AHCA" hw.serial_number="FCH1924AHCA">SERIALNUMBER=PID:CP-8851 SN:FCH1924AHCA,CN=CP-8851-SEPB07D47D33A1C,OU=CTG,O=Cisco Systems Inc.</example>
73
+ <example host.mac="64D989000000" hw.product="CP-9951" cisco.serial_number="FCH15200000" hw.serial_number="FCH15200000">SERIALNUMBER=PID:CP-9951 SN:FCH15200000,CN=CP-9951-SEP64D989000000,OU=VTG,O=Cisco Systems Inc.</example>
74
74
  <param pos="0" name="hw.device" value="VoIP"/>
75
75
  <param pos="0" name="hw.vendor" value="Cisco"/>
76
76
  <param pos="1" name="hw.product"/>
77
+ <param pos="2" name="hw.serial_number"/>
77
78
  <param pos="2" name="cisco.serial_number"/>
78
79
  <param pos="3" name="host.mac"/>
79
80
  </fingerprint>
@@ -103,6 +104,29 @@
103
104
  <param pos="1" name="hw.product"/>
104
105
  </fingerprint>
105
106
 
107
+ <fingerprint pattern="^O=Technicolor,L=Edegem,ST=Antwerp,C=BE$">
108
+ <description>Technicolor Router - without model or version</description>
109
+ <example>O=Technicolor,L=Edegem,ST=Antwerp,C=BE</example>
110
+ <param pos="0" name="os.vendor" value="Technicolor"/>
111
+ <param pos="0" name="os.device" value="Router"/>
112
+ <param pos="0" name="os.certainty" value="0.5"/>
113
+ <param pos="0" name="hw.vendor" value="Technicolor"/>
114
+ <param pos="0" name="hw.device" value="Router"/>
115
+ <param pos="0" name="hw.certainty" value="0.5"/>
116
+ </fingerprint>
117
+
118
+ <fingerprint pattern="^CN=Vigor Router,OU=DrayTek Support,O=DrayTek Corp.,L=HuKou,ST=HsinChu,C=TW$">
119
+ <description>DrayTek Vigor Router - without model or version</description>
120
+ <example>CN=Vigor Router,OU=DrayTek Support,O=DrayTek Corp.,L=HuKou,ST=HsinChu,C=TW</example>
121
+ <param pos="0" name="os.vendor" value="DrayTek"/>
122
+ <param pos="0" name="os.device" value="Router"/>
123
+ <param pos="0" name="os.certainty" value="0.5"/>
124
+ <param pos="0" name="hw.vendor" value="DrayTek"/>
125
+ <param pos="0" name="hw.family" value="Vigor"/>
126
+ <param pos="0" name="hw.device" value="Router"/>
127
+ <param pos="0" name="hw.certainty" value="0.5"/>
128
+ </fingerprint>
129
+
106
130
  <fingerprint pattern="^CN=Nepenthes Development Team,OU=anv,O=dionaea\.carnivore\.it,C=DE$">
107
131
  <description>Nepenthes honeypot</description>
108
132
  <example>CN=Nepenthes Development Team,OU=anv,O=dionaea.carnivore.it,C=DE</example>
@@ -198,11 +222,12 @@
198
222
  <param pos="0" name="hw.vendor" value="HP"/>
199
223
  <param pos="0" name="hw.family" value="iLO"/>
200
224
  <param pos="0" name="hw.product" value="iLO"/>
201
- <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
225
+ <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
202
226
  <param pos="0" name="os.device" value="Lights Out Management"/>
203
227
  <param pos="0" name="os.vendor" value="HP"/>
204
228
  <param pos="0" name="os.family" value="iLO"/>
205
229
  <param pos="0" name="os.product" value="iLO"/>
230
+ <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
206
231
  <param pos="1" name="host.name"/>
207
232
  </fingerprint>
208
233
 
@@ -213,11 +238,12 @@
213
238
  <param pos="0" name="hw.vendor" value="HP"/>
214
239
  <param pos="0" name="hw.family" value="iLO"/>
215
240
  <param pos="0" name="hw.product" value="iLO"/>
216
- <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
241
+ <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
217
242
  <param pos="0" name="os.device" value="Lights Out Management"/>
218
243
  <param pos="0" name="os.vendor" value="HP"/>
219
244
  <param pos="0" name="os.family" value="iLO"/>
220
245
  <param pos="0" name="os.product" value="iLO"/>
246
+ <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
221
247
  </fingerprint>
222
248
 
223
249
  <fingerprint pattern="^CN=OA\-([a-fA-F0-9]+),OU=Onboard Administrator,">
@@ -228,11 +254,12 @@
228
254
  <param pos="0" name="hw.vendor" value="HP"/>
229
255
  <param pos="0" name="hw.family" value="iLO"/>
230
256
  <param pos="0" name="hw.product" value="iLO"/>
231
- <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
257
+ <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
232
258
  <param pos="0" name="os.device" value="Lights Out Management"/>
233
259
  <param pos="0" name="os.vendor" value="HP"/>
234
260
  <param pos="0" name="os.family" value="iLO"/>
235
261
  <param pos="0" name="os.product" value="iLO"/>
262
+ <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
236
263
  <param pos="1" name="host.mac"/>
237
264
  </fingerprint>
238
265
 
@@ -243,11 +270,12 @@
243
270
  <param pos="0" name="hw.vendor" value="HP"/>
244
271
  <param pos="0" name="hw.family" value="iLO"/>
245
272
  <param pos="0" name="hw.product" value="iLO"/>
246
- <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights_out:-"/>
273
+ <param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
247
274
  <param pos="0" name="os.device" value="Lights Out Management"/>
248
275
  <param pos="0" name="os.vendor" value="HP"/>
249
276
  <param pos="0" name="os.family" value="iLO"/>
250
277
  <param pos="0" name="os.product" value="iLO"/>
278
+ <param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
251
279
  <param pos="1" name="host.name"/>
252
280
  </fingerprint>
253
281
 
@@ -262,6 +290,7 @@
262
290
  <param pos="0" name="os.vendor" value="Oracle"/>
263
291
  <param pos="0" name="os.family" value="ILOM"/>
264
292
  <param pos="0" name="os.product" value="ILOM"/>
293
+ <param pos="0" name="os.cpe23" value="cpe:/o:oracle:integrated_lights_out_manager_firmware:-"/>
265
294
  </fingerprint>
266
295
 
267
296
  <fingerprint pattern="^CN=AMI,OU=Service Processors,O=American Megatrends Inc">
@@ -280,10 +309,11 @@
280
309
 
281
310
  <fingerprint pattern="^CN=C-series CIMC,OU=PID:([^ ]+) SERIAL:([^,]+),O=Cisco">
282
311
  <description>Cisco Integrated Management Controller</description>
283
- <example cisco.serial_number="FCH18999AAA" cisco.imc_model="UCSC-C220-M3S">CN=C-series CIMC,OU=PID:UCSC-C220-M3S SERIAL:FCH18999AAA,O=Cisco Self Signed,L=San Jose,ST=California,C=US</example>
312
+ <example cisco.serial_number="FCH18999AAA" hw.serial_number="FCH18999AAA" cisco.imc_model="UCSC-C220-M3S">CN=C-series CIMC,OU=PID:UCSC-C220-M3S SERIAL:FCH18999AAA,O=Cisco Self Signed,L=San Jose,ST=California,C=US</example>
284
313
  <param pos="0" name="hw.device" value="Lights Out Management"/>
285
314
  <param pos="0" name="hw.vendor" value="Cisco"/>
286
315
  <param pos="0" name="hw.product" value="IMC"/>
316
+ <param pos="2" name="hw.serial_number"/>
287
317
  <param pos="0" name="os.vendor" value="Cisco"/>
288
318
  <param pos="0" name="os.family" value="Linux"/>
289
319
  <param pos="0" name="os.product" value="IMC"/>
@@ -293,10 +323,11 @@
293
323
 
294
324
  <fingerprint pattern="^CN=C220-(FCH[^,]+),OU=null,O=Cisco Systems Inc">
295
325
  <description>Cisco Integrated Management Controller C220</description>
296
- <example cisco.serial_number="FCH17999AAA">CN=C220-FCH17999AAA,OU=null,O=Cisco Systems Inc.,L=San Jose,ST=California,C=US</example>
326
+ <example cisco.serial_number="FCH17999AAA" hw.serial_number="FCH17999AAA">CN=C220-FCH17999AAA,OU=null,O=Cisco Systems Inc.,L=San Jose,ST=California,C=US</example>
297
327
  <param pos="0" name="hw.device" value="Lights Out Management"/>
298
328
  <param pos="0" name="hw.vendor" value="Cisco"/>
299
329
  <param pos="0" name="hw.product" value="IMC"/>
330
+ <param pos="1" name="hw.serial_number"/>
300
331
  <param pos="0" name="os.vendor" value="Cisco"/>
301
332
  <param pos="0" name="os.family" value="Linux"/>
302
333
  <param pos="0" name="os.product" value="IMC"/>
@@ -370,7 +401,7 @@
370
401
  <param pos="0" name="os.vendor" value="Cisco"/>
371
402
  <param pos="0" name="os.family" value="Adaptive Security Appliance"/>
372
403
  <param pos="0" name="os.product" value="Adaptive Security Appliance"/>
373
- <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance:-"/>
404
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance_software:-"/>
374
405
  <param pos="0" name="hw.vendor" value="Cisco"/>
375
406
  <param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
376
407
  <param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
@@ -380,12 +411,13 @@
380
411
 
381
412
  <fingerprint pattern="^SERIALNUMBER=([a-zA-Z0-9]+),CN=DEVICE-vWLC,O=Cisco Virtual WLC$">
382
413
  <description>Cisco vWLC</description>
383
- <example cisco.serial_number="9C89M2088D1">SERIALNUMBER=9C89M2088D1,CN=DEVICE-vWLC,O=Cisco Virtual WLC</example>
414
+ <example cisco.serial_number="9C89M2088D1" hw.serial_number="9C89M2088D1">SERIALNUMBER=9C89M2088D1,CN=DEVICE-vWLC,O=Cisco Virtual WLC</example>
384
415
  <param pos="0" name="os.vendor" value="Cisco"/>
385
416
  <param pos="0" name="os.device" value="Wireless Controller"/>
386
417
  <param pos="0" name="os.product" value="Wireless LAN Controller"/>
387
- <param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller:-"/>
418
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller_software:-"/>
388
419
  <param pos="1" name="cisco.serial_number"/>
420
+ <param pos="1" name="hw.serial_number"/>
389
421
  </fingerprint>
390
422
 
391
423
  <fingerprint pattern="^CN=[a-zA-Z0-9\.\-\_]+,OU=DeviceSSL \(WebAdmin\),O=Cisco Systems Inc\.,C=US$">
@@ -394,7 +426,7 @@
394
426
  <param pos="0" name="os.vendor" value="Cisco"/>
395
427
  <param pos="0" name="os.device" value="Wireless Controller"/>
396
428
  <param pos="0" name="os.product" value="Wireless LAN Controller"/>
397
- <param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller:-"/>
429
+ <param pos="0" name="os.cpe23" value="cpe:/o:cisco:wireless_lan_controller_software:-"/>
398
430
  <param pos="0" name="hw.vendor" value="Cisco"/>
399
431
  <param pos="0" name="hw.device" value="Wireless Controller"/>
400
432
  <param pos="0" name="hw.product" value="Wireless LAN Controller"/>
@@ -477,11 +509,14 @@
477
509
  <fingerprint pattern="^CN=([a-zA-Z0-9\.\-\_]+),OU=VMware ESX Server Default Certificate,O=VMware\\, Inc,L=Palo Alto,ST=California,C=US$">
478
510
  <description>VMware ESX</description>
479
511
  <example>CN=server99.,OU=VMware ESX Server Default Certificate,O=VMware\, Inc,L=Palo Alto,ST=California,C=US</example>
512
+ <param pos="0" name="service.vendor" value="VMware"/>
480
513
  <param pos="0" name="os.vendor" value="VMware"/>
481
- <param pos="0" name="os.product" value="ESX"/>
514
+ <param pos="0" name="os.family" value="VMware ESX/ESXi"/>
515
+ <param pos="0" name="os.product" value="VMware ESX Server"/>
482
516
  <param pos="0" name="os.device" value="Hypervisor"/>
483
517
  <param pos="0" name="os.cpe23" value="cpe:/o:vmware:esx:-"/>
484
518
  <param pos="1" name="host.name"/>
519
+ <param pos="0" name="hw.device" value="Hypervisor"/>
485
520
  </fingerprint>
486
521
 
487
522
  <fingerprint pattern="^CN.*,OU=SRM,O=VMware\\, Inc\.,L=Palo Alto,ST=California,C=US$">
@@ -496,6 +531,24 @@
496
531
  <param pos="0" name="service.product" value="Site Recovery Manager"/>
497
532
  </fingerprint>
498
533
 
534
+ <fingerprint pattern="^CN=([^,=]{1,256}),OU=VMware Horizon View default certificate,O=VMware\\, Inc.$">
535
+ <description>VMware Horizon (formerly View)</description>
536
+ <example host.name="horizon.foo.bar">CN=horizon.foo.bar,OU=VMware Horizon View default certificate,O=VMware\, Inc.</example>
537
+ <param pos="0" name="service.vendor" value="VMware"/>
538
+ <param pos="0" name="service.product" value="Horizon"/>
539
+ <param pos="0" name="service.cpe23" value="cpe:/a:vmware:horizon:-"/>
540
+ <param pos="1" name="host.name"/>
541
+ </fingerprint>
542
+
543
+ <fingerprint pattern="^CN=([^,=]{1,256}),OU=VMware View default certificate,O=VMware\\, Inc.$">
544
+ <description>VMware View</description>
545
+ <example host.name="horizon.foo.bar">CN=horizon.foo.bar,OU=VMware View default certificate,O=VMware\, Inc.</example>
546
+ <param pos="0" name="service.vendor" value="VMware"/>
547
+ <param pos="0" name="service.product" value="View"/>
548
+ <param pos="0" name="service.cpe23" value="cpe:/a:vmware:view:-"/>
549
+ <param pos="1" name="host.name"/>
550
+ </fingerprint>
551
+
499
552
  <fingerprint pattern="^CN=IOS-Self-Signed-Certificate-">
500
553
  <description>Cisco IOS Default Certificate</description>
501
554
  <example>CN=IOS-Self-Signed-Certificate-4163115936</example>
@@ -507,16 +560,76 @@
507
560
  <param pos="0" name="hw.device" value="Router"/>
508
561
  </fingerprint>
509
562
 
563
+ <fingerprint pattern="^CN=kube-apiserver$">
564
+ <description>Kubernetes api-server default certificate</description>
565
+ <example>CN=kube-apiserver</example>
566
+ <param pos="0" name="service.vendor" value="Kubernetes"/>
567
+ <param pos="0" name="service.family" value="Kubernetes"/>
568
+ <param pos="0" name="service.product" value="Kubernetes"/>
569
+ <param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:kubernetes:-"/>
570
+ </fingerprint>
571
+
572
+ <fingerprint pattern="^CN=kubernetes-master$">
573
+ <description>Kubernetes Control Plane (formerly master) default certificate</description>
574
+ <example>CN=kubernetes-master</example>
575
+ <param pos="0" name="service.vendor" value="Kubernetes"/>
576
+ <param pos="0" name="service.family" value="Kubernetes"/>
577
+ <param pos="0" name="service.product" value="Kubernetes"/>
578
+ <param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:kubernetes:-"/>
579
+ </fingerprint>
580
+
581
+ <fingerprint pattern="^CN=Kubernetes Ingress Controller Fake Certificate,O=Acme Co$">
582
+ <description>Kubernetes NGINX Ingress Controller with default cert</description>
583
+ <example>CN=Kubernetes Ingress Controller Fake Certificate,O=Acme Co</example>
584
+ <param pos="0" name="service.vendor" value="Kubernetes"/>
585
+ <param pos="0" name="service.family" value="Kubernetes"/>
586
+ <param pos="0" name="service.product" value="NGINX Ingress Controller"/>
587
+ <param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:nginx_ingress_controller:-"/>
588
+ </fingerprint>
589
+
590
+ <fingerprint pattern="^CN=TRAEFIK DEFAULT CERT$">
591
+ <description>Traefik Proxy default certificate</description>
592
+ <example>CN=TRAEFIK DEFAULT CERT</example>
593
+ <param pos="0" name="service.vendor" value="Traefik Labs"/>
594
+ <param pos="0" name="service.family" value="Traefik"/>
595
+ <param pos="0" name="service.product" value="Traefik Proxy"/>
596
+ <param pos="0" name="service.cpe23" value="cpe:/a:traefik:traefik:-"/>
597
+ </fingerprint>
598
+
599
+ <fingerprint pattern="^CN=default(?: [A-Z]+)?,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US$">
600
+ <description>Citrix Netscaler (later renamed to Citrix ADC)</description>
601
+ <example>CN=default,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
602
+ <example>CN=default UYENMB,OU=NS Internal,O=Citrix ANG,L=San Jose,ST=California,C=US</example>
603
+ <param pos="0" name="service.vendor" value="Citrix"/>
604
+ <param pos="0" name="service.family" value="Netscaler"/>
605
+ <param pos="0" name="service.product" value="Netscaler"/>
606
+ <param pos="0" name="service.device" value="Network Management Device"/>
607
+ <param pos="0" name="service.cpe23" value="cpe:/a:citrix:netscaler:-"/>
608
+ <param pos="0" name="os.vendor" value="Citrix"/>
609
+ <param pos="0" name="os.family" value="Netscaler"/>
610
+ <param pos="0" name="os.product" value="Netscaler Gateway Firmware"/>
611
+ <param pos="0" name="os.device" value="Network Management Device"/>
612
+ <param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_gateway_firmware:-"/>
613
+ <param pos="0" name="hw.vendor" value="Citrix"/>
614
+ <param pos="0" name="hw.family" value="Netscaler"/>
615
+ <param pos="0" name="hw.product" value="Netscaler Gateway"/>
616
+ <param pos="0" name="hw.device" value="Network Management Device"/>
617
+ <param pos="0" name="hw.cpe23" value="cpe:/h:citrix:netscaler_gateway:-"/>
618
+ </fingerprint>
619
+
510
620
  <fingerprint pattern="^CN=([a-zA-Z0-9]{5,12}) ([a-zA-Z0-9]{12}),OU=(?:Cast|Google TV),O=Google Inc,L=Mountain View,ST=California,C=US$">
511
621
  <description>Google Chromecast</description>
512
- <example chromecast.serial_number="LVDZG5" host.mac_local="FA8FCA67413D">CN=LVDZG5 FA8FCA67413D,OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
513
- <example chromecast.serial_number="YRBLE" host.mac_local="FA8FCA7DE87D">CN=YRBLE FA8FCA7DE87D,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US</example>
622
+ <example chromecast.serial_number="LVDZG5" host.mac_local="FA8FCA67413D" hw.serial_number="LVDZG5">CN=LVDZG5 FA8FCA67413D,OU=Cast,O=Google Inc,L=Mountain View,ST=California,C=US</example>
623
+ <example chromecast.serial_number="YRBLE" host.mac_local="FA8FCA7DE87D" hw.serial_number="YRBLE">CN=YRBLE FA8FCA7DE87D,OU=Google TV,O=Google Inc,L=Mountain View,ST=California,C=US</example>
514
624
  <param pos="0" name="os.vendor" value="Google"/>
515
625
  <param pos="0" name="os.product" value="Chrome OS"/>
626
+ <param pos="0" name="os.certainty" value="0.5"/>
516
627
  <param pos="0" name="os.cpe23" value="cpe:/o:google:chrome_os:-"/>
517
628
  <param pos="0" name="hw.device" value="Media Server"/>
518
629
  <param pos="0" name="hw.vendor" value="Google"/>
519
630
  <param pos="0" name="hw.product" value="Chromecast"/>
631
+ <param pos="1" name="hw.serial_number"/>
632
+ <param pos="0" name="hw.certainty" value="0.5"/>
520
633
  <param pos="1" name="chromecast.serial_number"/>
521
634
  <!-- This is the hotspot-mode MAC address (clear bit 2) -->
522
635
 
@@ -525,13 +638,14 @@
525
638
 
526
639
  <fingerprint pattern="^CN=([a-zA-Z0-9]{5,12}) ([a-zA-Z0-9]{12}),OU=Cast TV \(Vizio\),O=Google Inc,L=Mountain View,ST=California,C=US$">
527
640
  <description>Vizio SmartTV (Android) with Google Cast</description>
528
- <example chromecast.serial_number="9V039WC9" host.mac_local="FA8FCA697898">CN=9V039WC9 FA8FCA697898,OU=Cast TV (Vizio),O=Google Inc,L=Mountain View,ST=California,C=US</example>
641
+ <example chromecast.serial_number="9V039WC9" hw.serial_number="9V039WC9" host.mac_local="FA8FCA697898">CN=9V039WC9 FA8FCA697898,OU=Cast TV (Vizio),O=Google Inc,L=Mountain View,ST=California,C=US</example>
529
642
  <param pos="0" name="os.vendor" value="Google"/>
530
643
  <param pos="0" name="os.family" value="Linux"/>
531
644
  <param pos="0" name="os.product" value="Android"/>
532
645
  <param pos="0" name="os.cpe23" value="cpe:/o:google:android:-"/>
533
646
  <param pos="0" name="hw.device" value="Smart TV"/>
534
647
  <param pos="0" name="hw.vendor" value="Vizio"/>
648
+ <param pos="1" name="hw.serial_number"/>
535
649
  <param pos="1" name="chromecast.serial_number"/>
536
650
  <!-- This is the hotspot-mode MAC address (clear bit 2) -->
537
651
 
@@ -562,6 +676,30 @@
562
676
  <param pos="0" name="os.device" value="Video Conferencing"/>
563
677
  </fingerprint>
564
678
 
679
+ <fingerprint pattern="^CN=a_lifesize_system,OU=lifesize,O=lifesize,L=Austin,ST=Texas,C=US$">
680
+ <description>Lifesize TelePresence (a_lifesize variant 1)</description>
681
+ <example>CN=a_lifesize_system,OU=lifesize,O=lifesize,L=Austin,ST=Texas,C=US</example>
682
+ <param pos="0" name="hw.vendor" value="Lifesize"/>
683
+ <param pos="0" name="hw.device" value="Video Conferencing"/>
684
+ <param pos="0" name="hw.product" value="TelePresence"/>
685
+ <param pos="0" name="os.vendor" value="Lifesize"/>
686
+ <param pos="0" name="os.family" value="Linux"/>
687
+ <param pos="0" name="os.product" value="TelePresence"/>
688
+ <param pos="0" name="os.device" value="Video Conferencing"/>
689
+ </fingerprint>
690
+
691
+ <fingerprint pattern="^CN=A_LifeSize_System,OU=IT,O=LifeSize Communications\\, Inc\.,ST=Texas,C=US$">
692
+ <description>Lifesize TelePresence (a_lifesize variant 2)</description>
693
+ <example>CN=A_LifeSize_System,OU=IT,O=LifeSize Communications\, Inc.,ST=Texas,C=US</example>
694
+ <param pos="0" name="hw.vendor" value="Lifesize"/>
695
+ <param pos="0" name="hw.device" value="Video Conferencing"/>
696
+ <param pos="0" name="hw.product" value="TelePresence"/>
697
+ <param pos="0" name="os.vendor" value="Lifesize"/>
698
+ <param pos="0" name="os.family" value="Linux"/>
699
+ <param pos="0" name="os.product" value="TelePresence"/>
700
+ <param pos="0" name="os.device" value="Video Conferencing"/>
701
+ </fingerprint>
702
+
565
703
  <fingerprint pattern="^CN=MERCURY-([a-fA-F0-9]{12}),OU=Engineering,O=Crestron">
566
704
  <description>Crestron Mercury</description>
567
705
  <example host.mac="00107F1ABAA0">CN=MERCURY-00107F1ABAA0,OU=Engineering,O=Crestron Electronics\, Inc.,L=Rockleigh,ST=NJ,C=US</example>
@@ -747,10 +885,11 @@
747
885
 
748
886
  <fingerprint pattern="^CN=([A-Za-z0-9]+),OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US$">
749
887
  <description>Fortinet Gateway</description>
750
- <example fortinet.serial_number="FG100ETK1800118">CN=FG100ETK1800118,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
751
- <example fortinet.serial_number="FGT30D3X15038375">CN=FGT30D3X15038375,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
888
+ <example fortinet.serial_number="FG100ETK1800118" hw.serial_number="FG100ETK1800118">CN=FG100ETK1800118,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
889
+ <example fortinet.serial_number="FGT30D3X15038375" hw.serial_number="FGT30D3X15038375">CN=FGT30D3X15038375,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US</example>
752
890
  <param pos="0" name="hw.vendor" value="Fortinet"/>
753
891
  <param pos="0" name="hw.device" value="Firewall"/>
892
+ <param pos="1" name="hw.serial_number"/>
754
893
  <param pos="0" name="os.vendor" value="Fortinet"/>
755
894
  <param pos="0" name="os.family" value="Linux"/>
756
895
  <param pos="0" name="os.device" value="Firewall"/>
@@ -761,9 +900,10 @@
761
900
 
762
901
  <fingerprint pattern="^CN=([A-Za-z0-9]+),O=Fortinet Ltd\.$">
763
902
  <description>Fortinet Gateway (Older)</description>
764
- <example fortinet.serial_number="FG100D3G13803999">CN=FG100D3G13803999,O=Fortinet Ltd.</example>
903
+ <example fortinet.serial_number="FG100D3G13803999" hw.serial_number="FG100D3G13803999">CN=FG100D3G13803999,O=Fortinet Ltd.</example>
765
904
  <param pos="0" name="hw.vendor" value="Fortinet"/>
766
905
  <param pos="0" name="hw.device" value="Firewall"/>
906
+ <param pos="1" name="hw.serial_number"/>
767
907
  <param pos="0" name="os.vendor" value="Fortinet"/>
768
908
  <param pos="0" name="os.family" value="Linux"/>
769
909
  <param pos="0" name="os.device" value="Firewall"/>
@@ -893,6 +1033,16 @@
893
1033
  <param pos="0" name="os.device" value="Router"/>
894
1034
  </fingerprint>
895
1035
 
1036
+ <fingerprint pattern="^CN=UbiquitiRouterUI,O=Ubiquiti Inc.,L=New York,ST=New York,C=US">
1037
+ <description>Ubiquiti Router UI</description>
1038
+ <example>CN=UbiquitiRouterUI,O=Ubiquiti Inc.,L=New York,ST=New York,C=US</example>
1039
+ <param pos="0" name="hw.vendor" value="Ubiquiti"/>
1040
+ <param pos="0" name="hw.device" value="Router"/>
1041
+ <param pos="0" name="os.vendor" value="Ubiquiti"/>
1042
+ <param pos="0" name="os.family" value="Linux"/>
1043
+ <param pos="0" name="os.device" value="Router"/>
1044
+ </fingerprint>
1045
+
896
1046
  <fingerprint pattern="^CN=UniFi-Video Controller,OU=R&amp;D,O=Ubiquiti Networks,L=New York,ST=NY,C=US$">
897
1047
  <description>Ubiquiti Video Controller</description>
898
1048
  <example>CN=UniFi-Video Controller,OU=R&amp;D,O=Ubiquiti Networks,L=New York,ST=NY,C=US</example>
@@ -1027,13 +1177,30 @@
1027
1177
  </fingerprint>
1028
1178
 
1029
1179
  <fingerprint pattern="^CN=[0-9\.]+,OU=SSL-VPN,O=SonicWALL\\, Inc\.,L=Sunnyvale,ST=CA,C=US$">
1030
- <description>SonicWALL Firewall</description>
1180
+ <description>SonicWALL SSL-VPN</description>
1031
1181
  <example>CN=192.168.200.1,OU=SSL-VPN,O=SonicWALL\, Inc.,L=Sunnyvale,ST=CA,C=US</example>
1182
+ <param pos="0" name="service.vendor" value="SonicWall"/>
1183
+ <param pos="0" name="service.family" value="SSL-VPN"/>
1032
1184
  <param pos="0" name="hw.vendor" value="SonicWall"/>
1033
1185
  <param pos="0" name="hw.device" value="VPN"/>
1034
1186
  <param pos="0" name="os.vendor" value="SonicWall"/>
1035
- <param pos="0" name="os.product" value="VPN"/>
1036
- <param pos="0" name="os.family" value="VPN"/>
1187
+ <param pos="0" name="os.family" value="SonicOS"/>
1188
+ <param pos="0" name="os.product" value="SonicOS"/>
1189
+ <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
1190
+ </fingerprint>
1191
+
1192
+ <fingerprint pattern="^CN=[0-9\.]+,OU=HTTPS Management Certificate for SonicWALL \(self-signed\),O=HTTPS Management Certificate for SonicWALL \(self-signed\),L=Sunnyvale,ST=California,C=US$">
1193
+ <description>SonicWALL Network Security Appliance firewall</description>
1194
+ <example>CN=192.168.168.168,OU=HTTPS Management Certificate for SonicWALL (self-signed),O=HTTPS Management Certificate for SonicWALL (self-signed),L=Sunnyvale,ST=California,C=US</example>
1195
+ <param pos="0" name="hw.vendor" value="SonicWall"/>
1196
+ <param pos="0" name="hw.product" value="Network Security Appliance"/>
1197
+ <param pos="0" name="hw.family" value="Network Security Appliance"/>
1198
+ <param pos="0" name="hw.device" value="Firewall"/>
1199
+ <param pos="0" name="os.vendor" value="SonicWall"/>
1200
+ <param pos="0" name="os.family" value="SonicOS"/>
1201
+ <param pos="0" name="os.product" value="SonicOS"/>
1202
+ <param pos="0" name="os.device" value="Firewall"/>
1203
+ <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
1037
1204
  </fingerprint>
1038
1205
 
1039
1206
  <fingerprint pattern="^CN=.*\.akamai\.net,O=Akamai Technologies\\, Inc\.,L=Cambridge,ST=Massachusetts,C=US$">
@@ -1041,10 +1208,19 @@
1041
1208
  <example>CN=a248.e.akamai.net,O=Akamai Technologies\, Inc.,L=Cambridge,ST=Massachusetts,C=US</example>
1042
1209
  <param pos="0" name="service.vendor" value="Akamai"/>
1043
1210
  <param pos="0" name="service.product" value="GHost"/>
1211
+ <param pos="0" name="service.cpe23" value="cpe:/a:akamai:akamaighost:-"/>
1044
1212
  <param pos="0" name="os.vendor" value="Akamai"/>
1045
1213
  <param pos="0" name="os.device" value="Web Proxy"/>
1046
1214
  </fingerprint>
1047
1215
 
1216
+ <fingerprint pattern="^O=Caddy Self-Signed$">
1217
+ <description>CaddyServer Caddy - golang based httpd</description>
1218
+ <example>O=Caddy Self-Signed</example>
1219
+ <param pos="0" name="service.vendor" value="CaddyServer"/>
1220
+ <param pos="0" name="service.product" value="Caddy"/>
1221
+ <param pos="0" name="service.cpe23" value="cpe:/a:caddyserver:caddy:-"/>
1222
+ </fingerprint>
1223
+
1048
1224
  <fingerprint pattern="^CN=HP_3PAR_">
1049
1225
  <description>HP 3PAR</description>
1050
1226
  <example>CN=HP_3PAR_1626615</example>
@@ -1131,10 +1307,11 @@
1131
1307
 
1132
1308
  <fingerprint pattern="^CN=Ruckus Wireless ZoneDirector SN-(\d+),O=Ruckus Wireless\\, Inc\.,ST=CA,C=US$">
1133
1309
  <description>Ruckus Zone Director</description>
1134
- <example ruckus.serial_number="221301007591">CN=Ruckus Wireless ZoneDirector SN-221301007591,O=Ruckus Wireless\, Inc.,ST=CA,C=US</example>
1310
+ <example ruckus.serial_number="221301007591" hw.serial_number="221301007591">CN=Ruckus Wireless ZoneDirector SN-221301007591,O=Ruckus Wireless\, Inc.,ST=CA,C=US</example>
1135
1311
  <param pos="0" name="hw.device" value="Wireless Controller"/>
1136
1312
  <param pos="0" name="hw.vendor" value="Ruckus"/>
1137
1313
  <param pos="0" name="hw.product" value="Zone Director"/>
1314
+ <param pos="1" name="hw.serial_number"/>
1138
1315
  <param pos="0" name="os.device" value="Wireless Controller"/>
1139
1316
  <param pos="0" name="os.vendor" value="Ruckus"/>
1140
1317
  <param pos="0" name="os.product" value="Zone Director"/>
@@ -1197,16 +1374,12 @@
1197
1374
  <param pos="0" name="hw.vendor" value="Palo Alto Networks"/>
1198
1375
  <param pos="0" name="hw.device" value="Firewall"/>
1199
1376
  <param pos="0" name="os.vendor" value="Palo Alto Networks"/>
1200
- <param pos="0" name="os.product" value="PANOS"/>
1377
+ <param pos="0" name="os.product" value="PAN-OS"/>
1378
+ <param pos="0" name="os.family" value="PAN-OS"/>
1201
1379
  <param pos="0" name="os.device" value="Firewall"/>
1202
- </fingerprint>
1203
-
1204
- <fingerprint pattern="^CN=VMware default certificate,OU=vCenterServer.*,O=VMware\\, Inc\.$">
1205
- <description>VMware vCenter</description>
1206
- <example>CN=VMware default certificate,OU=vCenterServer_2013.09.26_220623,O=VMware\, Inc.</example>
1207
- <param pos="0" name="service.vendor" value="VMware"/>
1208
- <param pos="0" name="service.product" value="vCenter"/>
1209
- <param pos="0" name="service.cpe23" value="cpe:/a:vmware:vcenter_server:-"/>
1380
+ <param pos="0" name="os.cpe23" value="cpe:/o:paloaltonetworks:pan-os:-"/>
1381
+ <param pos="0" name="service.vendor" value="Palo Alto Networks"/>
1382
+ <param pos="0" name="service.device" value="Firewall"/>
1210
1383
  </fingerprint>
1211
1384
 
1212
1385
  <fingerprint pattern="^CN=selfappliance,OU=Engineering,O=Symplified,L=Boulder,ST=Colorado,C=US$">
@@ -1324,6 +1497,7 @@
1324
1497
  <param pos="0" name="hw.vendor" value="Philips"/>
1325
1498
  <param pos="0" name="hw.product" value="Hue"/>
1326
1499
  <param pos="0" name="hw.device" value="Light Bulb"/>
1500
+ <param pos="0" name="hw.cpe23" value="cpe:/h:philips:hue:-"/>
1327
1501
  <param pos="1" name="host.mac_eui64"/>
1328
1502
  </fingerprint>
1329
1503
 
@@ -1435,4 +1609,49 @@
1435
1609
  <param pos="0" name="os.product" value="Linux"/>
1436
1610
  </fingerprint>
1437
1611
 
1612
+ <fingerprint pattern="^CN=(RFS\d+)-([0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2})$">
1613
+ <description>Motorola RFS Wireless Controllers</description>
1614
+ <example host.mac="B1-C1-11-11-11-11" hw.product="RFS6000">CN=RFS6000-B1-C1-11-11-11-11</example>
1615
+ <param pos="0" name="hw.device" value="Wireless Controller"/>
1616
+ <param pos="0" name="hw.vendor" value="Motorola"/>
1617
+ <param pos="1" name="hw.product"/>
1618
+ <param pos="2" name="host.mac"/>
1619
+ </fingerprint>
1620
+
1621
+ <fingerprint pattern="^CN=(AP\d+)-([0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2}-[0-9a-fA-F]{2})$">
1622
+ <description>Motorola Wireless Access Points</description>
1623
+ <example host.mac="F1-11-11-11-11-11" hw.product="AP6532">CN=AP6532-F1-11-11-11-11-11</example>
1624
+ <param pos="0" name="hw.device" value="WAP"/>
1625
+ <param pos="0" name="hw.vendor" value="Motorola"/>
1626
+ <param pos="1" name="hw.product"/>
1627
+ <param pos="2" name="host.mac"/>
1628
+ </fingerprint>
1629
+
1630
+ <fingerprint pattern="^CN=attvpngateway\.att\.com,O=AT&amp;T,L=Tampa,ST=FL,C=US$">
1631
+ <description>ATT VPN Gateway</description>
1632
+ <example>CN=attvpngateway.att.com,O=AT&amp;T,L=Tampa,ST=FL,C=US</example>
1633
+ <param pos="0" name="hw.vendor" value="ATT"/>
1634
+ <param pos="0" name="hw.device" value="VPN"/>
1635
+ <param pos="0" name="hw.product" value="VPN Gateway"/>
1636
+ </fingerprint>
1637
+
1638
+ <fingerprint pattern="^CN=silver-peak,OU=Networking Appliance">
1639
+ <description>Silver Peak Appliance</description>
1640
+ <example>CN=silver-peak,OU=Networking Appliance,O=Silver Peak Systems Inc,L=Mountain View,ST=California,C=--</example>
1641
+ <param pos="0" name="hw.vendor" value="Silver Peak"/>
1642
+ <param pos="0" name="hw.device" value="Network Appliance"/>
1643
+ <param pos="0" name="hw.product" value="SD-WAN"/>
1644
+ </fingerprint>
1645
+
1646
+ <fingerprint pattern="^CN=Windows Media Player Network Sharing Service \(([A-Z-]{1,15})\)$">
1647
+ <description>Windows Media Player Network Sharing Service</description>
1648
+ <example host.name="LIVING-ROOM">CN=Windows Media Player Network Sharing Service (LIVING-ROOM)</example>
1649
+ <param pos="0" name="service.vendor" value="Microsoft"/>
1650
+ <param pos="0" name="service.product" value="Windows Media Player"/>
1651
+ <param pos="0" name="service.cpe23" value="cpe:/a:microsoft:windows_media_player:-"/>
1652
+ <param pos="0" name="os.vendor" value="Microsoft"/>
1653
+ <param pos="0" name="os.family" value="Windows"/>
1654
+ <param pos="1" name="host.name"/>
1655
+ </fingerprint>
1656
+
1438
1657
  </fingerprints>