recog 2.3.17 → 2.3.21
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +26 -0
- data/bin/recog_standardize +6 -0
- data/cpe-remap.yaml +342 -200
- data/identifiers/README.md +24 -10
- data/identifiers/fields.txt +104 -0
- data/identifiers/hw_device.txt +2 -0
- data/identifiers/hw_family.txt +11 -0
- data/identifiers/hw_product.txt +71 -0
- data/identifiers/os_device.txt +2 -1
- data/identifiers/os_family.txt +2 -0
- data/identifiers/os_product.txt +36 -8
- data/identifiers/service_family.txt +10 -1
- data/identifiers/service_product.txt +78 -2
- data/identifiers/vendor.txt +55 -0
- data/lib/recog/nizer.rb +1 -82
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/update_cpes.py +18 -5
- data/xml/apache_modules.xml +60 -0
- data/xml/apache_os.xml +1 -1
- data/xml/dns_versionbind.xml +11 -1
- data/xml/favicons.xml +122 -3
- data/xml/ftp_banners.xml +62 -51
- data/xml/html_title.xml +553 -41
- data/xml/http_cookies.xml +262 -61
- data/xml/http_servers.xml +478 -108
- data/xml/http_wwwauth.xml +36 -9
- data/xml/imap_banners.xml +5 -5
- data/xml/ldap_searchresult.xml +1 -0
- data/xml/mdns_device-info_txt.xml +340 -10
- data/xml/mysql_banners.xml +2 -1
- data/xml/nntp_banners.xml +1 -1
- data/xml/ntp_banners.xml +16 -2
- data/xml/operating_system.xml +4 -4
- data/xml/pop_banners.xml +4 -4
- data/xml/rtsp_servers.xml +7 -0
- data/xml/sip_banners.xml +347 -9
- data/xml/sip_user_agents.xml +323 -4
- data/xml/smb_native_lm.xml +32 -1
- data/xml/smb_native_os.xml +160 -33
- data/xml/smtp_banners.xml +167 -128
- data/xml/smtp_expn.xml +1 -0
- data/xml/smtp_vrfy.xml +1 -0
- data/xml/snmp_sysdescr.xml +205 -36
- data/xml/ssh_banners.xml +139 -25
- data/xml/telnet_banners.xml +92 -48
- data/xml/tls_jarm.xml +140 -0
- data/xml/x509_issuers.xml +201 -2
- data/xml/x509_subjects.xml +251 -32
- metadata +5 -2
data/update_cpes.py
CHANGED
@@ -16,8 +16,17 @@ def parse_cpe_vp_map(file):
|
|
16
16
|
parser = etree.XMLParser(remove_comments=False)
|
17
17
|
doc = etree.parse(file, parser)
|
18
18
|
namespaces = {'ns': 'http://cpe.mitre.org/dictionary/2.0', 'meta': 'http://scap.nist.gov/schema/cpe-dictionary-metadata/0.2'}
|
19
|
-
for
|
19
|
+
for entry in doc.xpath("//ns:cpe-list/ns:cpe-item", namespaces=namespaces):
|
20
|
+
cpe_name = entry.get("name")
|
21
|
+
if not cpe_name:
|
22
|
+
continue
|
23
|
+
|
24
|
+
# If the entry is deprecated then don't add it to our list of valid CPEs.
|
25
|
+
if entry.get("deprecated"):
|
26
|
+
continue
|
27
|
+
|
20
28
|
cpe_match = re.match('^cpe:/([aho]):([^:]+):([^:]+)', cpe_name)
|
29
|
+
|
21
30
|
if cpe_match:
|
22
31
|
cpe_type, vendor, product = cpe_match.group(1, 2, 3)
|
23
32
|
if cpe_type not in vp_map:
|
@@ -86,7 +95,11 @@ def lookup_cpe(vendor, product, cpe_type, cpe_table, remap):
|
|
86
95
|
|
87
96
|
# Everything else depends on a remap of some sort.
|
88
97
|
# get the remappings for this one vendor string.
|
89
|
-
vendor_remap =
|
98
|
+
vendor_remap = None
|
99
|
+
|
100
|
+
remap_type = remap.get(cpe_type, None)
|
101
|
+
if remap_type:
|
102
|
+
vendor_remap = remap_type.get(vendor, None)
|
90
103
|
|
91
104
|
if vendor_remap:
|
92
105
|
# If we have product remappings, work that angle next
|
@@ -190,7 +203,7 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
|
|
190
203
|
continue
|
191
204
|
|
192
205
|
vendor = vendor.lower().replace(' ', '_').replace(',', '')
|
193
|
-
product = product.lower().replace(' ', '_').replace(',', '')
|
206
|
+
product = product.lower().replace(' ', '_').replace(',', '').replace('!', '%21')
|
194
207
|
if 'unknown' in [vendor, product]:
|
195
208
|
continue
|
196
209
|
|
@@ -209,8 +222,8 @@ def update_cpes(xml_file, cpe_vp_map, r7_vp_map):
|
|
209
222
|
continue
|
210
223
|
|
211
224
|
# building the CPE string
|
212
|
-
# Last minute escaping of '/'
|
213
|
-
product = product.replace('/', '\/')
|
225
|
+
# Last minute escaping of '/' and `!`
|
226
|
+
product = product.replace('/', '\/').replace('%21', '\!')
|
214
227
|
cpe_value = 'cpe:/{}:{}:{}'.format(cpe_type, vendor, product)
|
215
228
|
|
216
229
|
if version:
|
data/xml/apache_modules.xml
CHANGED
@@ -220,6 +220,36 @@
|
|
220
220
|
<param pos="0" name="service.component.product" value="mod_auth_ldap"/>
|
221
221
|
</fingerprint>
|
222
222
|
|
223
|
+
<fingerprint pattern="mod_auth_oracle/(\S+)$">
|
224
|
+
<description>mod_auth_oracle with version</description>
|
225
|
+
<example service.component.version="1.2.3">mod_auth_oracle/1.2.3</example>
|
226
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
227
|
+
<param pos="0" name="service.component.product" value="mod_auth_oracle"/>
|
228
|
+
<param pos="1" name="service.component.version"/>
|
229
|
+
</fingerprint>
|
230
|
+
|
231
|
+
<fingerprint pattern="mod_auth_oracle/?$">
|
232
|
+
<description>mod_auth_oracle without version</description>
|
233
|
+
<example>mod_auth_oracle/</example>
|
234
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
235
|
+
<param pos="0" name="service.component.product" value="mod_auth_oracle"/>
|
236
|
+
</fingerprint>
|
237
|
+
|
238
|
+
<fingerprint pattern="mod_auth_pgsql/(\S+)$">
|
239
|
+
<description>mod_auth_pgsql with version</description>
|
240
|
+
<example service.component.version="1.2.3">mod_auth_pgsql/1.2.3</example>
|
241
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
242
|
+
<param pos="0" name="service.component.product" value="mod_auth_pgsql"/>
|
243
|
+
<param pos="1" name="service.component.version"/>
|
244
|
+
</fingerprint>
|
245
|
+
|
246
|
+
<fingerprint pattern="mod_auth_pgsql/?$">
|
247
|
+
<description>mod_auth_pgsql without version</description>
|
248
|
+
<example>mod_auth_pgsql/</example>
|
249
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
250
|
+
<param pos="0" name="service.component.product" value="mod_auth_pgsql"/>
|
251
|
+
</fingerprint>
|
252
|
+
|
223
253
|
<fingerprint pattern="mod_auth_radius/(\S+)$">
|
224
254
|
<description>mod_auth_radius with version</description>
|
225
255
|
<example service.component.version="1.2.3">mod_auth_radius/1.2.3</example>
|
@@ -978,6 +1008,36 @@
|
|
978
1008
|
<param pos="0" name="service.component.product" value="mod_filter"/>
|
979
1009
|
</fingerprint>
|
980
1010
|
|
1011
|
+
<fingerprint pattern="mod_frontpage/(\S+)$">
|
1012
|
+
<description>mod_frontpage with version</description>
|
1013
|
+
<example service.component.version="1.2.3">mod_frontpage/1.2.3</example>
|
1014
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
1015
|
+
<param pos="0" name="service.component.product" value="mod_frontpage"/>
|
1016
|
+
<param pos="1" name="service.component.version"/>
|
1017
|
+
</fingerprint>
|
1018
|
+
|
1019
|
+
<fingerprint pattern="mod_frontpage/?$">
|
1020
|
+
<description>mod_frontpage without version</description>
|
1021
|
+
<example>mod_frontpage/</example>
|
1022
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
1023
|
+
<param pos="0" name="service.component.product" value="mod_frontpage"/>
|
1024
|
+
</fingerprint>
|
1025
|
+
|
1026
|
+
<fingerprint pattern="mod_gzip/(\S+)$">
|
1027
|
+
<description>mod_gzip with version</description>
|
1028
|
+
<example service.component.version="1.2.3">mod_gzip/1.2.3</example>
|
1029
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
1030
|
+
<param pos="0" name="service.component.product" value="mod_gzip"/>
|
1031
|
+
<param pos="1" name="service.component.version"/>
|
1032
|
+
</fingerprint>
|
1033
|
+
|
1034
|
+
<fingerprint pattern="mod_gzip/?$">
|
1035
|
+
<description>mod_gzip without version</description>
|
1036
|
+
<example>mod_gzip/</example>
|
1037
|
+
<param pos="0" name="service.component.vendor" value="Apache"/>
|
1038
|
+
<param pos="0" name="service.component.product" value="mod_gzip"/>
|
1039
|
+
</fingerprint>
|
1040
|
+
|
981
1041
|
<fingerprint pattern="mod_headers/(\S+)$">
|
982
1042
|
<description>mod_headers with version</description>
|
983
1043
|
<example service.component.version="1.2.3">mod_headers/1.2.3</example>
|
data/xml/apache_os.xml
CHANGED
@@ -82,7 +82,7 @@
|
|
82
82
|
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
|
83
83
|
</fingerprint>
|
84
84
|
|
85
|
-
<fingerprint pattern="
|
85
|
+
<fingerprint pattern=".{0,512}(?:Sun )?Cobalt \(Unix\)?.*">
|
86
86
|
<description>Sun Cobalt RaQ (Red Hat based Linux)</description>
|
87
87
|
<param pos="0" name="os.vendor" value="Sun"/>
|
88
88
|
<param pos="0" name="os.family" value="Linux"/>
|
data/xml/dns_versionbind.xml
CHANGED
@@ -17,30 +17,40 @@
|
|
17
17
|
<fingerprint pattern="^$">
|
18
18
|
<description>empty string -- assert nothing.</description>
|
19
19
|
<example/>
|
20
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
21
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
20
22
|
<param pos="0" name="service.certainty" value="0.0"/>
|
21
23
|
</fingerprint>
|
22
24
|
|
23
25
|
<fingerprint pattern="^none$">
|
24
26
|
<description>bare 'none' -- assert nothing.</description>
|
25
27
|
<example>none</example>
|
28
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
29
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
26
30
|
<param pos="0" name="service.certainty" value="0.0"/>
|
27
31
|
</fingerprint>
|
28
32
|
|
29
33
|
<fingerprint pattern="^null$">
|
30
34
|
<description>bare 'null' -- assert nothing.</description>
|
31
35
|
<example>null</example>
|
36
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
37
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
32
38
|
<param pos="0" name="service.certainty" value="0.0"/>
|
33
39
|
</fingerprint>
|
34
40
|
|
35
41
|
<fingerprint pattern="(?i)^unknown$">
|
36
42
|
<description>bare 'unknown' -- assert nothing.</description>
|
37
43
|
<example>unknown</example>
|
44
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
45
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
38
46
|
<param pos="0" name="service.certainty" value="0.0"/>
|
39
47
|
</fingerprint>
|
40
48
|
|
41
49
|
<fingerprint pattern="^no version$">
|
42
50
|
<description>bare 'no version' -- assert nothing.</description>
|
43
51
|
<example>no version</example>
|
52
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
53
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
44
54
|
<param pos="0" name="service.certainty" value="0.0"/>
|
45
55
|
</fingerprint>
|
46
56
|
|
@@ -427,7 +437,7 @@
|
|
427
437
|
<param pos="0" name="service.cpe23" value="cpe:/a:powerdns:authoritative_server:{service.version}"/>
|
428
438
|
</fingerprint>
|
429
439
|
|
430
|
-
<fingerprint pattern="^PowerDNS Authoritative Server (\d\.[\w.]+(?:-rc\d)?(?:-alpha\d)?(?:-beta\d)?[^ ]*) \(built [\w\s:]+ by [\w]+\@[\w
|
440
|
+
<fingerprint pattern="^PowerDNS Authoritative Server (\d\.[\w.]+(?:-rc\d)?(?:-alpha\d)?(?:-beta\d)?[^ ]*) \(built [\w\s:]+ by [\w]+\@[\w.:-]*\)$">
|
431
441
|
<description>PowerDNS Authoritative Server: format 2</description>
|
432
442
|
<example service.version="4.0.4">PowerDNS Authoritative Server 4.0.4 (built Jul 26 2017 15:04:27 by root@FreeBSD:11:amd64-default-job-03)</example>
|
433
443
|
<example service.version="4.0.0-rc2">PowerDNS Authoritative Server 4.0.0-rc2 (built Jul 4 2016 15:44:39 by root@foo-bar.baz)</example>
|
data/xml/favicons.xml
CHANGED
@@ -6,6 +6,30 @@
|
|
6
6
|
|
7
7
|
<!-- Services -->
|
8
8
|
|
9
|
+
<fingerprint pattern="^4297c114f263c206ed12aaff4b0c7a50|e5af3b68e837498a85b25ef2c36a0825$">
|
10
|
+
<description>Metabase</description>
|
11
|
+
<example>4297c114f263c206ed12aaff4b0c7a50</example>
|
12
|
+
<example>e5af3b68e837498a85b25ef2c36a0825</example>
|
13
|
+
<param pos="0" name="service.product" value="Metabase"/>
|
14
|
+
<param pos="0" name="service.vendor" value="Metabase"/>
|
15
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:metabase:metabase:-"/>
|
16
|
+
</fingerprint>
|
17
|
+
|
18
|
+
<fingerprint pattern="^14bd519881ea49a75353572cfb458dec$">
|
19
|
+
<description>Calibre-Web Project</description>
|
20
|
+
<example>14bd519881ea49a75353572cfb458dec</example>
|
21
|
+
<param pos="0" name="service.vendor" value="Calibre-Web Project"/>
|
22
|
+
<param pos="0" name="service.product" value="Calibre-Web"/>
|
23
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:calibre-web_project:calibre-web:-"/>
|
24
|
+
</fingerprint>
|
25
|
+
|
26
|
+
<fingerprint pattern="^d2cef6047a604012455f5c9a1cd4d960$">
|
27
|
+
<description>Jellyfin Media Server</description>
|
28
|
+
<example>d2cef6047a604012455f5c9a1cd4d960</example>
|
29
|
+
<param pos="0" name="service.vendor" value="Jellyfin"/>
|
30
|
+
<param pos="0" name="service.product" value="Media Server"/>
|
31
|
+
</fingerprint>
|
32
|
+
|
9
33
|
<fingerprint pattern="^0f584138aacfb79aaba7e2539fc4e642$">
|
10
34
|
<description>Plex Media Server</description>
|
11
35
|
<example>0f584138aacfb79aaba7e2539fc4e642</example>
|
@@ -125,6 +149,7 @@
|
|
125
149
|
<param pos="0" name="service.vendor" value="RStudio"/>
|
126
150
|
<param pos="0" name="service.product" value="Connect"/>
|
127
151
|
<param pos="0" name="service.certainty" value="0.5"/>
|
152
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:rstudio:connect:-"/>
|
128
153
|
</fingerprint>
|
129
154
|
|
130
155
|
<fingerprint pattern="^84b0fc44f58bfee1a303ee3398a86670$">
|
@@ -194,6 +219,16 @@
|
|
194
219
|
<param pos="0" name="service.vendor" value="SolarWinds"/>
|
195
220
|
<param pos="0" name="service.product" value="Virtualization Manager"/>
|
196
221
|
<param pos="0" name="service.certainty" value="0.5"/>
|
222
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:virtualization_manager:-"/>
|
223
|
+
</fingerprint>
|
224
|
+
|
225
|
+
<fingerprint pattern="^53317933c27890ae9218697ecc0e97d9$">
|
226
|
+
<description>SolarWinds Orion</description>
|
227
|
+
<example>53317933c27890ae9218697ecc0e97d9</example>
|
228
|
+
<param pos="0" name="service.vendor" value="SolarWinds"/>
|
229
|
+
<param pos="0" name="service.product" value="Orion Platform"/>
|
230
|
+
<param pos="0" name="service.certainty" value="0.5"/>
|
231
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:orion_platform:-"/>
|
197
232
|
</fingerprint>
|
198
233
|
|
199
234
|
<fingerprint pattern="^ee20526df4d69f7b02ee107458d8d679$">
|
@@ -202,6 +237,7 @@
|
|
202
237
|
<param pos="0" name="service.vendor" value="ManageEngine"/>
|
203
238
|
<param pos="0" name="service.product" value="ADAudit Plus"/>
|
204
239
|
<param pos="0" name="service.certainty" value="0.5"/>
|
240
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:zohocorp:manageengine_adaudit_plus:-"/>
|
205
241
|
</fingerprint>
|
206
242
|
|
207
243
|
<fingerprint pattern="^e9d6d23a961ea23a3e961266876e0ffd$">
|
@@ -813,6 +849,14 @@
|
|
813
849
|
<param pos="0" name="service.certainty" value="0.5"/>
|
814
850
|
</fingerprint>
|
815
851
|
|
852
|
+
<fingerprint pattern="^ad4de5c717c886a99c4cf0e066e9b461$">
|
853
|
+
<description>MicroStrategy Collaboration Server</description>
|
854
|
+
<example>ad4de5c717c886a99c4cf0e066e9b461</example>
|
855
|
+
<param pos="0" name="service.vendor" value="MicroStrategy"/>
|
856
|
+
<param pos="0" name="service.product" value="Collaboration Server"/>
|
857
|
+
<param pos="0" name="service.certainty" value="0.5"/>
|
858
|
+
</fingerprint>
|
859
|
+
|
816
860
|
<!-- Devices -->
|
817
861
|
|
818
862
|
<fingerprint pattern="^2fd26da3d6b790a86038f440d5b37eea$">
|
@@ -1022,7 +1066,9 @@
|
|
1022
1066
|
<param pos="0" name="os.vendor" value="SonicWall"/>
|
1023
1067
|
<param pos="0" name="os.device" value="Firewall"/>
|
1024
1068
|
<param pos="0" name="os.family" value="SonicOS"/>
|
1069
|
+
<param pos="0" name="os.product" value="SonicOS"/>
|
1025
1070
|
<param pos="0" name="os.certainty" value="0.5"/>
|
1071
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
|
1026
1072
|
</fingerprint>
|
1027
1073
|
|
1028
1074
|
<fingerprint pattern="^e4fd990b4b8a5d61bd5ddb98cdfc7190$">
|
@@ -1059,6 +1105,7 @@
|
|
1059
1105
|
<param pos="0" name="os.family" value="ILOM"/>
|
1060
1106
|
<param pos="0" name="os.product" value="ILOM"/>
|
1061
1107
|
<param pos="0" name="os.certainty" value="0.5"/>
|
1108
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:oracle:integrated_lights_out_manager_firmware:-"/>
|
1062
1109
|
</fingerprint>
|
1063
1110
|
|
1064
1111
|
<fingerprint pattern="^665f96fcdcc9da0ab89312acc02fa815$">
|
@@ -1144,7 +1191,7 @@
|
|
1144
1191
|
<param pos="0" name="os.family" value="Adaptive Security Appliance"/>
|
1145
1192
|
<param pos="0" name="os.product" value="Adaptive Security Appliance"/>
|
1146
1193
|
<param pos="0" name="os.certainty" value="0.5"/>
|
1147
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:
|
1194
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:adaptive_security_appliance_software:-"/>
|
1148
1195
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
1149
1196
|
<param pos="0" name="hw.family" value="Adaptive Security Appliance"/>
|
1150
1197
|
<param pos="0" name="hw.product" value="Adaptive Security Appliance"/>
|
@@ -1328,6 +1375,7 @@
|
|
1328
1375
|
<param pos="0" name="os.device" value="Network Management Device"/>
|
1329
1376
|
<param pos="0" name="os.product" value="NetScaler"/>
|
1330
1377
|
<param pos="0" name="os.certainty" value="0.5"/>
|
1378
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_firmware:-"/>
|
1331
1379
|
<param pos="0" name="service.vendor" value="Citrix"/>
|
1332
1380
|
<param pos="0" name="service.family" value="NetScaler"/>
|
1333
1381
|
<param pos="0" name="service.device" value="Network Management Device"/>
|
@@ -1344,6 +1392,7 @@
|
|
1344
1392
|
<param pos="0" name="os.device" value="Network Management Device"/>
|
1345
1393
|
<param pos="0" name="os.product" value="NetScaler Gateway"/>
|
1346
1394
|
<param pos="0" name="os.certainty" value="0.5"/>
|
1395
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:citrix:netscaler_gateway_firmware:-"/>
|
1347
1396
|
<param pos="0" name="service.vendor" value="Citrix"/>
|
1348
1397
|
<param pos="0" name="service.family" value="NetScaler"/>
|
1349
1398
|
<param pos="0" name="service.device" value="Network Management Device"/>
|
@@ -1430,9 +1479,11 @@
|
|
1430
1479
|
<param pos="0" name="hw.device" value="Firewall"/>
|
1431
1480
|
<param pos="0" name="hw.certainty" value="0.5"/>
|
1432
1481
|
<param pos="0" name="os.vendor" value="Palo Alto Networks"/>
|
1433
|
-
<param pos="0" name="os.product" value="
|
1482
|
+
<param pos="0" name="os.product" value="PAN-OS"/>
|
1483
|
+
<param pos="0" name="os.family" value="PAN-OS"/>
|
1434
1484
|
<param pos="0" name="os.device" value="Firewall"/>
|
1435
1485
|
<param pos="0" name="os.certainty" value="0.5"/>
|
1486
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:paloaltonetworks:pan-os:-"/>
|
1436
1487
|
</fingerprint>
|
1437
1488
|
|
1438
1489
|
<fingerprint pattern="^efe29d50711d9b093d8187e97cc0e593$">
|
@@ -1534,6 +1585,7 @@
|
|
1534
1585
|
<param pos="0" name="os.family" value="iLO"/>
|
1535
1586
|
<param pos="0" name="os.product" value="iLO 3"/>
|
1536
1587
|
<param pos="0" name="os.certainty" value="0.5"/>
|
1588
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_3_firmware:-"/>
|
1537
1589
|
</fingerprint>
|
1538
1590
|
|
1539
1591
|
<fingerprint pattern="^(?:ad93b3973782b03ea62a43bd6602ba8b|d521487f45fa7657450edfd6c16e4a63)$">
|
@@ -1544,12 +1596,13 @@
|
|
1544
1596
|
<param pos="0" name="hw.vendor" value="HP"/>
|
1545
1597
|
<param pos="0" name="hw.product" value="iLO"/>
|
1546
1598
|
<param pos="0" name="hw.certainty" value="0.5"/>
|
1547
|
-
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:
|
1599
|
+
<param pos="0" name="hw.cpe23" value="cpe:/h:hp:integrated_lights-out:-"/>
|
1548
1600
|
<param pos="0" name="os.vendor" value="HP"/>
|
1549
1601
|
<param pos="0" name="os.device" value="Lights Out Management"/>
|
1550
1602
|
<param pos="0" name="os.family" value="iLO"/>
|
1551
1603
|
<param pos="0" name="os.product" value="iLO"/>
|
1552
1604
|
<param pos="0" name="os.certainty" value="0.5"/>
|
1605
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:hp:integrated_lights-out_firmware:-"/>
|
1553
1606
|
</fingerprint>
|
1554
1607
|
|
1555
1608
|
<fingerprint pattern="^d11917dc7e651b21f0f75cd0dc309e8a$">
|
@@ -1714,6 +1767,64 @@
|
|
1714
1767
|
<param pos="0" name="os.certainty" value="0.5"/>
|
1715
1768
|
</fingerprint>
|
1716
1769
|
|
1770
|
+
<fingerprint pattern="^ed61e4c9e9a176e82734aa42c6a00ce4|0dc6bff9bdabf1184c157d75ac73c22a$">
|
1771
|
+
<description>Lifesize TelePresence</description>
|
1772
|
+
<example>ed61e4c9e9a176e82734aa42c6a00ce4</example>
|
1773
|
+
<example>0dc6bff9bdabf1184c157d75ac73c22a</example>
|
1774
|
+
<param pos="0" name="hw.vendor" value="Lifesize"/>
|
1775
|
+
<param pos="0" name="hw.device" value="Video Conferencing"/>
|
1776
|
+
<param pos="0" name="hw.product" value="TelePresence"/>
|
1777
|
+
<param pos="0" name="os.vendor" value="Lifesize"/>
|
1778
|
+
<param pos="0" name="os.family" value="Linux"/>
|
1779
|
+
<param pos="0" name="os.product" value="TelePresence"/>
|
1780
|
+
<param pos="0" name="os.device" value="Video Conferencing"/>
|
1781
|
+
</fingerprint>
|
1782
|
+
|
1783
|
+
<fingerprint pattern="^45e72b45613ba6ec2a1ded251a31f201$">
|
1784
|
+
<description>Symantec PGP Key Management Server</description>
|
1785
|
+
<example>45e72b45613ba6ec2a1ded251a31f201</example>
|
1786
|
+
<param pos="0" name="hw.vendor" value="Symantec"/>
|
1787
|
+
<param pos="0" name="hw.device" value="Security Appliance"/>
|
1788
|
+
<param pos="0" name="hw.product" value="Key Management Server"/>
|
1789
|
+
</fingerprint>
|
1790
|
+
|
1791
|
+
<fingerprint pattern="^302fe34dc0e9515e2d0509ff5f3217e5|8565497731f799fdd25ae59286807055$">
|
1792
|
+
<description>Riverbed Steelhead Appliance</description>
|
1793
|
+
<example>302fe34dc0e9515e2d0509ff5f3217e5</example>
|
1794
|
+
<example>8565497731f799fdd25ae59286807055</example>
|
1795
|
+
<param pos="0" name="hw.vendor" value="Riverbed"/>
|
1796
|
+
<param pos="0" name="hw.device" value="Security Appliance"/>
|
1797
|
+
<param pos="0" name="hw.product" value="Steelhead"/>
|
1798
|
+
<param pos="0" name="os.product" value="RiOS"/>
|
1799
|
+
<param pos="0" name="os.vendor" value="Riverbed"/>
|
1800
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:riverbed:rios:-"/>
|
1801
|
+
</fingerprint>
|
1802
|
+
|
1803
|
+
<fingerprint pattern="^d29a1ef8a3d0011504f5d076600ce16d$">
|
1804
|
+
<description>Silver Peak Appliance</description>
|
1805
|
+
<example>d29a1ef8a3d0011504f5d076600ce16d</example>
|
1806
|
+
<param pos="0" name="hw.vendor" value="Silver Peak"/>
|
1807
|
+
<param pos="0" name="hw.device" value="Network Appliance"/>
|
1808
|
+
<param pos="0" name="hw.product" value="SD-WAN"/>
|
1809
|
+
</fingerprint>
|
1810
|
+
|
1811
|
+
<fingerprint pattern="^425515e283192a3a686c04e1c50620aa$">
|
1812
|
+
<description>Cisco Meraki Appliance</description>
|
1813
|
+
<example>425515e283192a3a686c04e1c50620aa</example>
|
1814
|
+
<param pos="0" name="hw.vendor" value="Cisco"/>
|
1815
|
+
<param pos="0" name="hw.product" value="Meraki Device"/>
|
1816
|
+
<param pos="0" name="hw.device" value="Network Appliance"/>
|
1817
|
+
<param pos="0" name="hw.certainty" value="0.40"/>
|
1818
|
+
</fingerprint>
|
1819
|
+
|
1820
|
+
<fingerprint pattern="^f5c62ea4c4e9f9a8606400becc01375e$">
|
1821
|
+
<description>PBX in a Flash</description>
|
1822
|
+
<example>f5c62ea4c4e9f9a8606400becc01375e</example>
|
1823
|
+
<param pos="0" name="hw.vendor" value="PIAF"/>
|
1824
|
+
<param pos="0" name="hw.device" value="SIP Gateway"/>
|
1825
|
+
<param pos="0" name="hw.product" value="PIAF Virtual Appliance"/>
|
1826
|
+
</fingerprint>
|
1827
|
+
|
1717
1828
|
<fingerprint pattern="^7b73744799150c888a172daf3d7093bf$">
|
1718
1829
|
<description>Pure Storage Appliance</description>
|
1719
1830
|
<example>7b73744799150c888a172daf3d7093bf</example>
|
@@ -1723,4 +1834,12 @@
|
|
1723
1834
|
<param pos="0" name="hw.certainty" value="0.5"/>
|
1724
1835
|
</fingerprint>
|
1725
1836
|
|
1837
|
+
<fingerprint pattern="^1b786be7a46bd96a503a81b7faf86263$">
|
1838
|
+
<description>AdGuard Home</description>
|
1839
|
+
<example>1b786be7a46bd96a503a81b7faf86263</example>
|
1840
|
+
<param pos="0" name="service.vendor" value="AdGuard"/>
|
1841
|
+
<param pos="0" name="service.product" value="AdGuard Home"/>
|
1842
|
+
<param pos="0" name="service.certainty" value="0.5"/>
|
1843
|
+
</fingerprint>
|
1844
|
+
|
1726
1845
|
</fingerprints>
|
data/xml/ftp_banners.xml
CHANGED
@@ -5,9 +5,9 @@
|
|
5
5
|
against these patterns to fingerprint FTP servers.
|
6
6
|
-->
|
7
7
|
|
8
|
-
<fingerprint pattern="^([^ ]
|
8
|
+
<fingerprint pattern="^([^ ]{1,512}) Microsoft FTP Service \(Version ([1234]\.\d+)\)\.$">
|
9
9
|
<description>Microsoft FTP Server on Windows NT</description>
|
10
|
-
<example>
|
10
|
+
<example host.name="foo.bar" service.version="3.0">foo.bar Microsoft FTP Service (Version 3.0).</example>
|
11
11
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
12
12
|
<param pos="0" name="service.product" value="IIS"/>
|
13
13
|
<param pos="0" name="service.family" value="IIS"/>
|
@@ -20,9 +20,9 @@
|
|
20
20
|
<param pos="1" name="host.name"/>
|
21
21
|
</fingerprint>
|
22
22
|
|
23
|
-
<fingerprint pattern="^([^ ]
|
23
|
+
<fingerprint pattern="^([^ ]{1,512}) Microsoft FTP Service \(Version 5.0\)\.$">
|
24
24
|
<description>Microsoft FTP Server on Windows 2000</description>
|
25
|
-
<example>
|
25
|
+
<example host.name="foo.bar">foo.bar Microsoft FTP Service (Version 5.0).</example>
|
26
26
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
27
27
|
<param pos="0" name="service.product" value="IIS"/>
|
28
28
|
<param pos="0" name="service.family" value="IIS"/>
|
@@ -35,9 +35,9 @@
|
|
35
35
|
<param pos="1" name="host.name"/>
|
36
36
|
</fingerprint>
|
37
37
|
|
38
|
-
<fingerprint pattern="^([^ ]
|
38
|
+
<fingerprint pattern="^([^ ]{1,512}) Microsoft FTP Service \(Version 5.1\)\.$">
|
39
39
|
<description>Microsoft FTP Server on Windows XP, 2003 or later versions of 2000</description>
|
40
|
-
<example>
|
40
|
+
<example host.name="foo.bar">foo.bar Microsoft FTP Service (Version 5.1).</example>
|
41
41
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
42
42
|
<param pos="0" name="service.product" value="IIS"/>
|
43
43
|
<param pos="0" name="service.family" value="IIS"/>
|
@@ -49,9 +49,9 @@
|
|
49
49
|
<param pos="1" name="host.name"/>
|
50
50
|
</fingerprint>
|
51
51
|
|
52
|
-
<fingerprint pattern="^([^ ]
|
52
|
+
<fingerprint pattern="^([^ ]{1,512}) Microsoft FTP Service$">
|
53
53
|
<description>Microsoft FTP Server on Windows XP, 2003 or later without version</description>
|
54
|
-
<example>
|
54
|
+
<example host.name="foo.bar">foo.bar Microsoft FTP Service</example>
|
55
55
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
56
56
|
<param pos="0" name="service.product" value="IIS"/>
|
57
57
|
<param pos="0" name="service.family" value="IIS"/>
|
@@ -76,7 +76,7 @@
|
|
76
76
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
77
77
|
</fingerprint>
|
78
78
|
|
79
|
-
<fingerprint pattern="^([^ ]
|
79
|
+
<fingerprint pattern="^([^ ]{1,512}) +FTP +Server \(Version ([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
|
80
80
|
<description>FTP on HPUX with a PHNE (HP Networking patch) installed</description>
|
81
81
|
<example>example.com FTP server (Version 1.1.214.4(PHNE_38458) Mon Feb 15 06:03:12 GMT 2010) ready.</example>
|
82
82
|
<param pos="0" name="service.vendor" value="HP"/>
|
@@ -89,7 +89,7 @@
|
|
89
89
|
<param pos="2" name="service.version"/>
|
90
90
|
</fingerprint>
|
91
91
|
|
92
|
-
<fingerprint pattern="^([^ ]
|
92
|
+
<fingerprint pattern="^([^ ]{1,512}) +FTP +Server \(Revision \S+ Version wuftpd-([^\(]+)\(PHNE_\d+\) [^\)]+\) ready.?$" flags="REG_ICASE">
|
93
93
|
<description>WU-FTPD on HPUX with a PHNE (HP Networking patch) installed</description>
|
94
94
|
<example>example.com FTP server (Revision 1.1 Version wuftpd-2.6.1(PHNE_38578) Fri Sep 5 12:10:54 GMT 2008) ready.</example>
|
95
95
|
<param pos="0" name="service.vendor" value="Washington University"/>
|
@@ -102,7 +102,7 @@
|
|
102
102
|
<param pos="2" name="service.version"/>
|
103
103
|
</fingerprint>
|
104
104
|
|
105
|
-
<fingerprint pattern="^(\S
|
105
|
+
<fingerprint pattern="^(\S{1,512})(?: \S{1,512})? FTP Server \((?:Revision [\d\.]+ )?Version wu(?:ftpd)?-([\d\.]+).*\) ready.?$" flags="REG_ICASE">
|
106
106
|
<description>WU-FTPD on various OS</description>
|
107
107
|
<example host.name="example.com" service.version="2.6.2">example.com FTP server (Version wu-2.6.2(1) Sat Jul 19 16:21:30 UTC 2008) ready.</example>
|
108
108
|
<example host.name="example.com" service.version="2.6.2">example.com 192.168.0.1 FTP server (Version wu-2.6.2(1) Wed Sep 21 11:16:21 MEST 2005) ready.</example>
|
@@ -114,7 +114,7 @@
|
|
114
114
|
<param pos="2" name="service.version"/>
|
115
115
|
</fingerprint>
|
116
116
|
|
117
|
-
<fingerprint pattern="^(\S
|
117
|
+
<fingerprint pattern="^(\S{1,512})\s{1,8}FTP Server \(Version:\s+Mac OS X Server\s+([\d\.]+).*\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
|
118
118
|
<description>FTPD on Mac OS X Server with a version</description>
|
119
119
|
<example host.name="example.com" os.version="10.3">example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.</example>
|
120
120
|
<example host.name="example.com" os.version="10.3">this is a banner. change it.
|
@@ -129,7 +129,7 @@ example.com FTP server (Version: Mac OS X Server 10.3 - +GSSAPI) ready.</exampl
|
|
129
129
|
<param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x_server:{os.version}"/>
|
130
130
|
</fingerprint>
|
131
131
|
|
132
|
-
<fingerprint pattern="^(\S
|
132
|
+
<fingerprint pattern="^(\S{1,512})\s{1,8}FTP Server \(Version:\s+Mac OS X Server\) ready\.?" flags="REG_ICASE,REG_MULTILINE">
|
133
133
|
<description>FTPD on Mac OS X Server without a version</description>
|
134
134
|
<example host.name="example.com">example.com FTP server (Version: Mac OS X Server) ready.</example>
|
135
135
|
<example host.name="example.com">this is a banner. change it.
|
@@ -143,7 +143,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
143
143
|
<param pos="1" name="host.name"/>
|
144
144
|
</fingerprint>
|
145
145
|
|
146
|
-
<fingerprint pattern="^(\S
|
146
|
+
<fingerprint pattern="^(\S{1,512})\s{1,8}FTP Server \(tnftpd (.*)\) ready\.?$" flags="REG_ICASE">
|
147
147
|
<description>Simple tnftpd banner with a version</description>
|
148
148
|
<example host.name="example.com" service.version="20061217">example.com FTP server (tnftpd 20061217) ready.</example>
|
149
149
|
<param pos="0" name="service.product" value="tnftpd"/>
|
@@ -151,7 +151,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
151
151
|
<param pos="1" name="host.name"/>
|
152
152
|
</fingerprint>
|
153
153
|
|
154
|
-
<fingerprint pattern="^(\S
|
154
|
+
<fingerprint pattern="^(\S{1,512}) FTP Server \(SunOS 5.(1[1-9])\) ready\.?$" flags="REG_ICASE">
|
155
155
|
<description>SunOS/Solaris</description>
|
156
156
|
<example host.name="example.com" os.version="11">example.com FTP server (SunOS 5.11) ready.</example>
|
157
157
|
<param pos="0" name="os.vendor" value="Oracle"/>
|
@@ -162,7 +162,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
162
162
|
<param pos="0" name="os.cpe23" value="cpe:/o:oracle:solaris:{os.version}"/>
|
163
163
|
</fingerprint>
|
164
164
|
|
165
|
-
<fingerprint pattern="^(\S
|
165
|
+
<fingerprint pattern="^(\S{1,512}) FTP Server \(SunOS 5.([789]|10)\) ready\.?$" flags="REG_ICASE">
|
166
166
|
<description>SunOS/Solaris 5.7-5.10</description>
|
167
167
|
<example host.name="example.com" os.version="7">example.com FTP server (SunOS 5.7) ready.</example>
|
168
168
|
<example host.name="example.com" os.version="10">example.com FTP server (SunOS 5.10) ready.</example>
|
@@ -174,7 +174,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
174
174
|
<param pos="0" name="os.cpe23" value="cpe:/o:sun:solaris:{os.version}"/>
|
175
175
|
</fingerprint>
|
176
176
|
|
177
|
-
<fingerprint pattern="^(\S
|
177
|
+
<fingerprint pattern="^(\S{1,512}) FTP Server \(SunOS 5.6\) ready\." flags="REG_ICASE">
|
178
178
|
<description>SunOS 5.6 (Solaris 2.6)</description>
|
179
179
|
<example host.name="example.com">example.com FTP Server (SunOS 5.6) ready.</example>
|
180
180
|
<param pos="0" name="os.vendor" value="Sun"/>
|
@@ -320,7 +320,7 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
320
320
|
<param pos="0" name="service.cpe23" value="cpe:/a:proftpd:proftpd:-"/>
|
321
321
|
</fingerprint>
|
322
322
|
|
323
|
-
<fingerprint pattern="^(?:\d{4}\-\d\d\-\d\d \d\d:\d\d:\d\d,\d\d\d )?(\S
|
323
|
+
<fingerprint pattern="^(?:\d{4}\-\d\d\-\d\d \d\d:\d\d:\d\d,\d\d\d )?(\S{1,512}) proftpd\[\d+\]: error: no valid servers configured">
|
324
324
|
<description>ProFTPD no valid servers configured</description>
|
325
325
|
<example host.name="ftp.host.com">ftp.host.com proftpd[40312]: error: no valid servers configured\n</example>
|
326
326
|
<example host.name="hostname.com">2016-10-31 12:14:35,524 hostname.com proftpd[26992]: error: no valid servers configured\n</example>
|
@@ -360,10 +360,11 @@ example.com FTP server (Version: Mac OS X Server) ready.</example>
|
|
360
360
|
<example service.version="1.0.11">=(<*>)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(<*>)=-</example>
|
361
361
|
<example service.version="1.0.11">=(<*>)=-.:. (( Welcome to Pure-FTPd 1.0.11 )) .:.-=(<*>)=-
|
362
362
|
more stuff</example>
|
363
|
-
<param pos="0" name="service.
|
363
|
+
<param pos="0" name="service.vendor" value="PureFTPd"/>
|
364
364
|
<param pos="0" name="service.family" value="Pure-FTPd"/>
|
365
365
|
<param pos="0" name="service.product" value="Pure-FTPd"/>
|
366
366
|
<param pos="1" name="service.version"/>
|
367
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:{service.version}"/>
|
367
368
|
</fingerprint>
|
368
369
|
|
369
370
|
<fingerprint pattern="^-{9,10}(?:.*)\s+Pure-FTPd\s+(.*)-{9,10}">
|
@@ -403,8 +404,6 @@ more text</example>
|
|
403
404
|
<param pos="0" name="service.cpe23" value="cpe:/a:pureftpd:pure-ftpd:{service.version}"/>
|
404
405
|
</fingerprint>
|
405
406
|
|
406
|
-
<!-- CPEs for Serv-U 15.x and above changed to SolarWinds -->
|
407
|
-
|
408
407
|
<fingerprint pattern="^Serv-U FTP Server v(15\.\S+) ready\.\.\.$">
|
409
408
|
<description>SolarWinds Serv-U with version </description>
|
410
409
|
<example service.version="15.1.3.25">Serv-U FTP Server v15.1.3.25 ready...</example>
|
@@ -420,10 +419,10 @@ more text</example>
|
|
420
419
|
<example service.version="2.5n">Serv-U FTP-Server v2.5n for WinSock ready...</example>
|
421
420
|
<example service.version="6.0">Serv-U FTP Server v6.0 for WinSock ready</example>
|
422
421
|
<param pos="0" name="service.vendor" value="Serv-U"/>
|
423
|
-
<param pos="0" name="service.product" value="Serv-U"/>
|
422
|
+
<param pos="0" name="service.product" value="Serv-U FTP Server"/>
|
424
423
|
<param pos="0" name="service.family" value="Serv-U"/>
|
425
424
|
<param pos="1" name="service.version"/>
|
426
|
-
<param pos="0" name="service.cpe23" value="cpe:/a:
|
425
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
|
427
426
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
428
427
|
<param pos="0" name="os.family" value="Windows"/>
|
429
428
|
<param pos="0" name="os.product" value="Windows"/>
|
@@ -435,15 +434,18 @@ more text</example>
|
|
435
434
|
<example service.version="7.2">Serv-U FTP Server v7.2 ready...</example>
|
436
435
|
<example service.version="14.0">Serv-U FTP Server v14.0 ready...</example>
|
437
436
|
<param pos="0" name="service.vendor" value="Serv-U"/>
|
438
|
-
<param pos="0" name="service.product" value="Serv-U"/>
|
437
|
+
<param pos="0" name="service.product" value="Serv-U FTP Server"/>
|
439
438
|
<param pos="0" name="service.family" value="Serv-U"/>
|
440
439
|
<param pos="1" name="service.version"/>
|
441
|
-
<param pos="0" name="service.cpe23" value="cpe:/a:
|
440
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:solarwinds:serv-u_ftp_server:{service.version}"/>
|
442
441
|
</fingerprint>
|
443
442
|
|
444
443
|
<fingerprint pattern="^Welcom to Serv-U FTP Server$">
|
445
444
|
<description>Common FTP banner modification to look like Serv-U -- assert nothing.</description>
|
446
445
|
<example>Welcom to Serv-U FTP Server</example>
|
446
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
447
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
448
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
447
449
|
</fingerprint>
|
448
450
|
|
449
451
|
<fingerprint pattern="^zFTPServer v?(\S+), .*ready\.$" flags="REG_ICASE">
|
@@ -516,7 +518,7 @@ more text</example>
|
|
516
518
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
517
519
|
</fingerprint>
|
518
520
|
|
519
|
-
<fingerprint pattern="^\s
|
521
|
+
<fingerprint pattern="^\s{0,1024}APC FTP server ready\.$">
|
520
522
|
<description>APC device</description>
|
521
523
|
<example>APC FTP server ready.</example>
|
522
524
|
<param pos="0" name="service.vendor" value="APC"/>
|
@@ -527,7 +529,7 @@ more text</example>
|
|
527
529
|
<param pos="0" name="hw.device" value="Power Device"/>
|
528
530
|
</fingerprint>
|
529
531
|
|
530
|
-
<fingerprint pattern="^(\S
|
532
|
+
<fingerprint pattern="^(\S{1,64}) Network Management Card AOS v(\d+\..+) FTP server ready\.$">
|
531
533
|
<description>APC power/cooling device</description>
|
532
534
|
<example service.version="3.3.4">AP7932 Network Management Card AOS v3.3.4 FTP server ready.</example>
|
533
535
|
<example os.version="3.6.1">ACRC103 Network Management Card AOS v3.6.1 FTP server ready.</example>
|
@@ -544,7 +546,7 @@ more text</example>
|
|
544
546
|
<param pos="0" name="hw.device" value="Power Device"/>
|
545
547
|
</fingerprint>
|
546
548
|
|
547
|
-
<fingerprint pattern="^(\S
|
549
|
+
<fingerprint pattern="^(\S{1,512}) FTP server \(EMC-SNAS: ([^\)]+)\)(?: \S+)?$">
|
548
550
|
<description>EMC Celerra</description>
|
549
551
|
<example service.version="5.6.47.11">foo2 FTP server (EMC-SNAS: 5.6.47.11)</example>
|
550
552
|
<example service.version="5.6.50.203">foo2 FTP server (EMC-SNAS: 5.6.50.203) ready.</example>
|
@@ -613,7 +615,7 @@ more text</example>
|
|
613
615
|
<param pos="0" name="service.product" value="Nepenthes"/>
|
614
616
|
</fingerprint>
|
615
617
|
|
616
|
-
<fingerprint pattern="^[^ ]
|
618
|
+
<fingerprint pattern="^[^ ]{1,512} IBM FTP CS (V1R\d+) at ([^,]*),.*">
|
617
619
|
<description>IBM z/OS FTP Service</description>
|
618
620
|
<example>SFTPD1 IBM FTP CS V1R4 at x.y.z, 21:02:19 on 2007-12-15.</example>
|
619
621
|
<param pos="0" name="service.vendor" value="IBM"/>
|
@@ -638,7 +640,7 @@ more text</example>
|
|
638
640
|
<param pos="0" name="os.device" value="Point of Sale"/>
|
639
641
|
</fingerprint>
|
640
642
|
|
641
|
-
<fingerprint pattern="^([^ ]
|
643
|
+
<fingerprint pattern="^([^ ]{1,512}) NcFTPd Server \(licensed copy\) ready\.$">
|
642
644
|
<description>NcFTPd Server
|
643
645
|
http://www.ncftp.com/ncftpd/</description>
|
644
646
|
<example>ftp.example.com NcFTPd Server (licensed copy) ready.</example>
|
@@ -647,7 +649,7 @@ more text</example>
|
|
647
649
|
<param pos="1" name="host.name"/>
|
648
650
|
</fingerprint>
|
649
651
|
|
650
|
-
<fingerprint pattern="^(\S
|
652
|
+
<fingerprint pattern="^(\S{1,512}) DCS-2100 FTP server ready\.$">
|
651
653
|
<description>D-Link DCS-2100 wireless internet camera</description>
|
652
654
|
<example>hostname DCS-2100 FTP server ready.</example>
|
653
655
|
<param pos="0" name="os.vendor" value="D-Link"/>
|
@@ -889,7 +891,7 @@ more text</example>
|
|
889
891
|
<param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:-"/>
|
890
892
|
</fingerprint>
|
891
893
|
|
892
|
-
<fingerprint pattern="^[\w\-\.]
|
894
|
+
<fingerprint pattern="^[\w\-\.]{0,128} FTP server \((?:VxWorks\s?)+([\d\.]+)\) ready.$" flags="REG_ICASE">
|
893
895
|
<description>VxWorks 6 with version information</description>
|
894
896
|
<example os.version="6.6">NanoDAC FTP server (VxWorks VxWorks 6.6) ready.</example>
|
895
897
|
<example os.version="6.4">BVS-MR-BSC2 FTP server (VxWorks 6.4) ready.</example>
|
@@ -899,7 +901,7 @@ more text</example>
|
|
899
901
|
<param pos="0" name="os.cpe23" value="cpe:/o:windriver:vxworks:{os.version}"/>
|
900
902
|
</fingerprint>
|
901
903
|
|
902
|
-
<fingerprint pattern="^[\w<>]
|
904
|
+
<fingerprint pattern="^[\w<>]{1,32}\s{1,8}Tenor Multipath Switch FTP server \(Version VxWorks([\d\.]+)\) ready\.$" flags="REG_ICASE">
|
903
905
|
<description>VxWorks on Tenor MultiPath with version information</description>
|
904
906
|
<example os.version="5.4.2"><38785ca0> Tenor Multipath Switch FTP server (Version VxWorks5.4.2) ready.</example>
|
905
907
|
<param pos="0" name="os.vendor" value="Wind River"/>
|
@@ -1045,7 +1047,7 @@ more text</example>
|
|
1045
1047
|
<param pos="2" name="os.version"/>
|
1046
1048
|
</fingerprint>
|
1047
1049
|
|
1048
|
-
<fingerprint pattern="^ET(\S
|
1050
|
+
<fingerprint pattern="^ET(\S{1,12}) Source Technologies (ST-96\S+) FTP Server (\S+) ready\.?$">
|
1049
1051
|
<description>Source Technologies ST9600 Series Secure Printer</description>
|
1050
1052
|
<example>ET0021B730F70E Source Technologies ST-9620 FTP Server NJ.APS.N254e ready.</example>
|
1051
1053
|
<example>ET0021B7549AF2 Source Technologies ST-9620 FTP Server NR.APS.N447b2 ready.</example>
|
@@ -1058,7 +1060,7 @@ more text</example>
|
|
1058
1060
|
<param pos="3" name="os.version"/>
|
1059
1061
|
</fingerprint>
|
1060
1062
|
|
1061
|
-
<fingerprint pattern="^ET(\S
|
1063
|
+
<fingerprint pattern="^ET(\S{1,12}) (Pro\d+) Series FTP Server ready\.$" certainty="1.0">
|
1062
1064
|
<description>Lexmark ProXXX Series of Printers</description>
|
1063
1065
|
<example host.mac="0020007E4D2A" hw.product="Pro700">ET0020007E4D2A Pro700 Series FTP Server ready.</example>
|
1064
1066
|
<param pos="0" name="os.vendor" value="Lexmark"/>
|
@@ -1071,7 +1073,7 @@ more text</example>
|
|
1071
1073
|
<param pos="2" name="hw.product"/>
|
1072
1074
|
</fingerprint>
|
1073
1075
|
|
1074
|
-
<fingerprint pattern="^ET(\S
|
1076
|
+
<fingerprint pattern="^ET(\S{1,12}) Lexmark Forms Printer (\d+) Ethernet FTP Server (\S+) ready\.$" certainty="1.0">
|
1075
1077
|
<description>Lexmark Forms Printer</description>
|
1076
1078
|
<example os.product="2590">ET0020004F54EE Lexmark Forms Printer 2590 Ethernet FTP Server LCL.CU.P012c ready.</example>
|
1077
1079
|
<param pos="0" name="os.vendor" value="Lexmark"/>
|
@@ -1086,7 +1088,7 @@ more text</example>
|
|
1086
1088
|
<param pos="2" name="hw.product"/>
|
1087
1089
|
</fingerprint>
|
1088
1090
|
|
1089
|
-
<fingerprint pattern="^ET(\S
|
1091
|
+
<fingerprint pattern="^ET(\S{1,12}) TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
|
1090
1092
|
<description>Toshiba e-STUDIO Printer with MAC address</description>
|
1091
1093
|
<example os.version="NC2.NPS.N221">ET0004001E9C00 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N221 ready.</example>
|
1092
1094
|
<example host.mac="00040089BE42">ET00040089BE42 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
|
@@ -1100,7 +1102,7 @@ more text</example>
|
|
1100
1102
|
<param pos="0" name="hw.product" value="e-STUDIO"/>
|
1101
1103
|
</fingerprint>
|
1102
1104
|
|
1103
|
-
<fingerprint pattern="^\S
|
1105
|
+
<fingerprint pattern="^\S{1,16} TOSHIBA e-STUDIO500S FTP Server (\S+) ready\.$" certainty="1.0">
|
1104
1106
|
<description>Toshiba e-STUDIO Printer</description>
|
1105
1107
|
<example os.version="NC2.NPS.N211">JHBPRN13 TOSHIBA e-STUDIO500S FTP Server NC2.NPS.N211 ready.</example>
|
1106
1108
|
<param pos="0" name="os.vendor" value="Toshiba"/>
|
@@ -1298,7 +1300,7 @@ more text</example>
|
|
1298
1300
|
<param pos="1" name="hw.product"/>
|
1299
1301
|
</fingerprint>
|
1300
1302
|
|
1301
|
-
<fingerprint pattern="^(ET(\S
|
1303
|
+
<fingerprint pattern="^(ET(\S{1,32})) Dell (\S+ Laser Printer) FTP Server">
|
1302
1304
|
<description>Dell Laser Printer</description>
|
1303
1305
|
<example host.name="ET0021B71A1111" host.mac="0021B71A1111" hw.product="2350dn Laser Printer">ET0021B71A1111 Dell 2350dn Laser Printer FTP Server NR.APS.N449 ready.</example>
|
1304
1306
|
<param pos="0" name="os.vendor" value="Dell"/>
|
@@ -1310,11 +1312,14 @@ more text</example>
|
|
1310
1312
|
<param pos="3" name="hw.product"/>
|
1311
1313
|
</fingerprint>
|
1312
1314
|
|
1313
|
-
<fingerprint pattern="^(\S
|
1315
|
+
<fingerprint pattern="^(\S{1,512}) FTP server \(Version \S+ \w+ \w+ \d{1,2} \d{1,2}:\d{1,2}:\d{1,2} [A-Z]+ (?:1|2)\d{3}\) ready\.?$">
|
1314
1316
|
<description>Generic/unknown FTP Server found on HP-UX and AIX systems</description>
|
1315
1317
|
<example host.name="host.example.com">host.example.com FTP server (Version 4.1 Sat Sep 7 14:31:53 CDT 2002) ready.</example>
|
1316
1318
|
<example host.name="host.example.com">host.example.com FTP server (Version 5.3 Sat Jan 10 14:01:03 CDT 2012) ready</example>
|
1317
1319
|
<param pos="1" name="host.name"/>
|
1320
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
1321
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
1322
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
1318
1323
|
</fingerprint>
|
1319
1324
|
|
1320
1325
|
<fingerprint pattern="^Welcome to the (?:Cisco )?(?:TelePresence) ([a-zA-Z\s]*?) ((?:MSE )?\d+), version (\d+.\d+\(\d+.\d+\)).*?" flags="REG_ICASE">
|
@@ -1333,7 +1338,7 @@ more text</example>
|
|
1333
1338
|
<param pos="3" name="os.version"/>
|
1334
1339
|
</fingerprint>
|
1335
1340
|
|
1336
|
-
<fingerprint pattern="^(\S
|
1341
|
+
<fingerprint pattern="^(\S{1,512}) FTP server \((?:HP|Compaq) Tru64 UNIX Version (\S+)\) ready\.?$">
|
1337
1342
|
<description>Digital/Compaq/HP Tru64 Unix</description>
|
1338
1343
|
<example host.name="example.com" os.version="5.60">example.com FTP server (Compaq Tru64 UNIX Version 5.60) ready.</example>
|
1339
1344
|
<param pos="0" name="os.vendor" value="HP"/>
|
@@ -1344,7 +1349,7 @@ more text</example>
|
|
1344
1349
|
<param pos="0" name="os.cpe23" value="cpe:/o:hp:tru64_unix:{os.version}"/>
|
1345
1350
|
</fingerprint>
|
1346
1351
|
|
1347
|
-
<fingerprint pattern="^(\S
|
1352
|
+
<fingerprint pattern="^(\S{1,512}) FTP server \(Digital UNIX Version (\S+)\) ready\.?$">
|
1348
1353
|
<description>Digital/Compaq/HP Tru64 Unix w/o branding</description>
|
1349
1354
|
<example host.name="example.com" os.version="5.60">example.com FTP server (Digital UNIX Version 5.60) ready.</example>
|
1350
1355
|
<param pos="0" name="os.vendor" value="HP"/>
|
@@ -1354,7 +1359,7 @@ more text</example>
|
|
1354
1359
|
<param pos="2" name="os.version"/>
|
1355
1360
|
</fingerprint>
|
1356
1361
|
|
1357
|
-
<fingerprint pattern="^(\S
|
1362
|
+
<fingerprint pattern="^(\S{1,512}) FTP server \(MikroTik ([\d\.]+)\) ready\.?$">
|
1358
1363
|
<description>MikroTik</description>
|
1359
1364
|
<example host.name="example.com" os.version="6.18">example.com FTP server (MikroTik 6.18) ready</example>
|
1360
1365
|
<param pos="0" name="os.vendor" value="MikroTik"/>
|
@@ -1364,7 +1369,7 @@ more text</example>
|
|
1364
1369
|
<param pos="0" name="os.cpe23" value="cpe:/o:mikrotik:routeros:{os.version}"/>
|
1365
1370
|
</fingerprint>
|
1366
1371
|
|
1367
|
-
<fingerprint pattern="
|
1372
|
+
<fingerprint pattern="^.{0,1024} FTP server \(MikroTik (\d\.[\w\.]+)\) ready\.?$">
|
1368
1373
|
<description>MikroTik with description</description>
|
1369
1374
|
<example os.version="6.43.16">Super Thing_Place- FTP server (MikroTik 6.43.16) ready</example>
|
1370
1375
|
<example os.version="6.43.16beta2">Super Thing_Place- FTP server (MikroTik 6.43.16beta2) ready</example>
|
@@ -1542,7 +1547,7 @@ more text</example>
|
|
1542
1547
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
1543
1548
|
</fingerprint>
|
1544
1549
|
|
1545
|
-
<fingerprint pattern="^([\w.-]
|
1550
|
+
<fingerprint pattern="^([\w.-]{1,512}) X2 WS_FTP Server ([\d.]{3,6}\s?\(\d+\))$">
|
1546
1551
|
<description>WS_FTP FTP Server on Windows - X2 variant</description>
|
1547
1552
|
<example service.version="7.7(50012467)" host.name="a.host.name.tld">a.host.name.tld X2 WS_FTP Server 7.7(50012467)</example>
|
1548
1553
|
<example service.version="5.0.5 (1989540204)" host.name="a.host.name.tld">a.host.name.tld X2 WS_FTP Server 5.0.5 (1989540204)</example>
|
@@ -1625,11 +1630,11 @@ more text</example>
|
|
1625
1630
|
|
1626
1631
|
<fingerprint pattern="^Sofrel (S5[\w]+) SN ([\d-]+) ready. Time is (\d{2}:\d{2}:\d{2} \d{2}\/\d{2}\/\d{2})\.$">
|
1627
1632
|
<description>Sofrel Remote Terminal Unit</description>
|
1628
|
-
<example hw.product="S500"
|
1633
|
+
<example hw.product="S500" hw.serial_number="01-499-00427" system.time="00:11:39 01/11/16">Sofrel S500 SN 01-499-00427 ready. Time is 00:11:39 01/11/16.</example>
|
1629
1634
|
<param pos="0" name="hw.vendor" value="Sofrel"/>
|
1630
1635
|
<param pos="0" name="hw.family" value="S500 Range"/>
|
1631
1636
|
<param pos="1" name="hw.product"/>
|
1632
|
-
<param pos="2" name="
|
1637
|
+
<param pos="2" name="hw.serial_number"/>
|
1633
1638
|
<param pos="0" name="system.time.format" value="HH:mm:ss dd/MM/yy"/>
|
1634
1639
|
<param pos="3" name="system.time"/>
|
1635
1640
|
</fingerprint>
|
@@ -1645,13 +1650,16 @@ more text</example>
|
|
1645
1650
|
<param pos="2" name="hw.product"/>
|
1646
1651
|
</fingerprint>
|
1647
1652
|
|
1648
|
-
<fingerprint pattern="^(\S
|
1653
|
+
<fingerprint pattern="^(\S{1,512}) FTP server ready\.?$" flags="REG_ICASE">
|
1649
1654
|
<description>Generic FTP fingerprint with a hostname</description>
|
1650
1655
|
<example host.name="example.com">example.com FTP server ready.</example>
|
1651
1656
|
<param pos="1" name="host.name"/>
|
1657
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
1658
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
1659
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
1652
1660
|
</fingerprint>
|
1653
1661
|
|
1654
|
-
<fingerprint pattern="^(\S
|
1662
|
+
<fingerprint pattern="^(\S{1,512}) FTP server \(Version (\d.*)\) ready\.?$" flags="REG_ICASE">
|
1655
1663
|
<description>Generic FTP fingerprint with a hostname and a version for a generic FTP implementation</description>
|
1656
1664
|
<example host.name="example.com" service.version="6.00LS">example.com FTP server (Version 6.00LS) ready.</example>
|
1657
1665
|
<example host.name="example.com" service.version="1.2">example.com FTP server (Version 1.2) ready.</example>
|
@@ -1667,6 +1675,9 @@ more text</example>
|
|
1667
1675
|
<example>FTP-Server</example>
|
1668
1676
|
<example>FTP Server</example>
|
1669
1677
|
<example>FTP service ready.</example>
|
1678
|
+
<param pos="0" name="hw.certainty" value="0.0"/>
|
1679
|
+
<param pos="0" name="os.certainty" value="0.0"/>
|
1680
|
+
<param pos="0" name="service.certainty" value="0.0"/>
|
1670
1681
|
</fingerprint>
|
1671
1682
|
|
1672
1683
|
<fingerprint pattern="^Welcom to ProRat Ftp Server$">
|
@@ -1676,7 +1687,7 @@ more text</example>
|
|
1676
1687
|
<param pos="0" name="service.product" value="ProRat"/>
|
1677
1688
|
</fingerprint>
|
1678
1689
|
|
1679
|
-
<fingerprint pattern="^(?:(\S
|
1690
|
+
<fingerprint pattern="^(?:(\S{1,512}) )?FTP Server \(vftpd ([\d.]+)\) ready\.?$">
|
1680
1691
|
<description>Vermillion FTP Daemon</description>
|
1681
1692
|
<example host.name="srv.name" service.version="1.23">srv.name FTP Server (vftpd 1.23) ready.</example>
|
1682
1693
|
<example service.version="1.31">FTP Server (vftpd 1.31) ready.</example>
|
@@ -1690,7 +1701,7 @@ more text</example>
|
|
1690
1701
|
<param pos="1" name="host.name"/>
|
1691
1702
|
</fingerprint>
|
1692
1703
|
|
1693
|
-
<fingerprint pattern="^(?:(\S
|
1704
|
+
<fingerprint pattern="^(?:(\S{1,512}) )?FTP server \(QVT\/Net ([\d.]+)\) ready\.?$">
|
1694
1705
|
<description>QVT/Net FTP Server</description>
|
1695
1706
|
<example host.name="siren" service.version="5.1">siren FTP server (QVT/Net 5.1) ready.</example>
|
1696
1707
|
<example host.name="qpc-qvtnet" service.version="4.1">qpc-qvtnet FTP server (QVT/Net 4.1) ready.</example>
|